@omnizap-system/omnizap 2.5.12

package/server/routes/sticker/catalogHandlers/catalogPublicHttp.js

@@ -0,0 +1,120 @@
+const METHOD_NOT_ALLOWED_BODY = { error: 'Metodo nao permitido.' };
+
+const isReadMethod = (method) => method === 'GET' || method === 'HEAD';
+const RESERVED_NON_STICKER_SEGMENTS = new Set(['home-bootstrap', 'system-summary', 'project-summary', 'global-ranking-summary', 'readme-markdown', 'support', 'bot-contact']);
+
+export const handleCatalogPublicRoutes = async ({ req, res, pathname, url, segments, apiBasePath, orphanApiPath, handlers, sendJson }) => {
+  if (pathname === apiBasePath) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleListRequest(req, res, url);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/intents`) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleIntentCollectionsRequest(req, res, url);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/creators`) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleCreatorRankingRequest(req, res, url);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/recommendations`) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleRecommendationsRequest(req, res, url);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/stats`) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleMarketplaceStatsRequest(req, res, url);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/create-config`) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleCreatePackConfigRequest(req, res);
+    return true;
+  }
+
+  if (pathname === orphanApiPath) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleOrphanStickerListRequest(req, res, url);
+    return true;
+  }
+
+  if (segments.length === 1 && segments[0] === 'data-files') {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleDataFileListRequest(req, res, url);
+    return true;
+  }
+
+  if (segments.length === 1 && segments[0] === 'readme-summary') {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleReadmeSummaryRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 1 && RESERVED_NON_STICKER_SEGMENTS.has(segments[0])) {
+    return false;
+  }
+
+  if (segments.length === 1) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleDetailsRequest(req, res, segments[0], url);
+    return true;
+  }
+
+  if (segments.length === 2 && ['open', 'like', 'dislike'].includes(segments[1])) {
+    if (req.method !== 'POST') {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handlePackInteractionRequest(req, res, segments[0], segments[1], url);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'stickers') {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleAssetRequest(req, res, segments[0], segments[2], url);
+    return true;
+  }
+
+  return false;
+};

package/server/routes/sticker/catalogHandlers/catalogUploadHttp.js

@@ -0,0 +1,83 @@
+const METHOD_NOT_ALLOWED_BODY = { error: 'Metodo nao permitido.' };
+
+const isPublishStateMethod = (method) => method === 'GET' || method === 'HEAD' || method === 'POST';
+
+export const handleCatalogUploadRoutes = async ({ req, res, pathname, url, segments, apiBasePath, handlers, sendJson }) => {
+  if (pathname === `${apiBasePath}/create`) {
+    if (req.method !== 'POST') {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleCreatePackRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'manage') {
+    await handlers.handleManagedPackRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'clone') {
+    await handlers.handleManagedPackCloneRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'cover') {
+    await handlers.handleManagedPackCoverRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'reorder') {
+    await handlers.handleManagedPackReorderRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'analytics') {
+    await handlers.handleManagedPackAnalyticsRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'stickers') {
+    await handlers.handleManagedPackStickerCreateRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 4 && segments[1] === 'manage' && segments[2] === 'stickers') {
+    await handlers.handleManagedPackStickerDeleteRequest(req, res, segments[0], segments[3]);
+    return true;
+  }
+
+  if (segments.length === 5 && segments[1] === 'manage' && segments[2] === 'stickers' && segments[4] === 'replace') {
+    await handlers.handleManagedPackStickerReplaceRequest(req, res, segments[0], segments[3]);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'publish-state') {
+    if (!isPublishStateMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handlePackPublishStateRequest(req, res, segments[0], url);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'finalize') {
+    if (req.method !== 'POST') {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleFinalizePackRequest(req, res, segments[0]);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'stickers-upload') {
+    if (req.method !== 'POST') {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleUploadStickerToPackRequest(req, res, segments[0]);
+    return true;
+  }
+
+  return false;
+};

package/server/routes/sticker/catalogRouter.js

@@ -0,0 +1,77 @@
+import { handleCatalogAuthRoutes } from './catalogHandlers/catalogAuthHttp.js';
+import { handleCatalogAdminRoutes } from './catalogHandlers/catalogAdminHttp.js';
+import { handleCatalogUploadRoutes } from './catalogHandlers/catalogUploadHttp.js';
+import { handleCatalogPublicRoutes } from './catalogHandlers/catalogPublicHttp.js';
+
+const decodePathSegments = (suffix) =>
+  suffix
+    .split('/')
+    .filter(Boolean)
+    .map((segment) => {
+      try {
+        return decodeURIComponent(segment);
+      } catch {
+        return segment;
+      }
+    });
+
+export const createCatalogApiRouter = ({ apiBasePath, orphanApiPath, handlers, sendJson }) => {
+  if (!apiBasePath || typeof handlers !== 'object' || typeof sendJson !== 'function') {
+    throw new Error('catalog_api_router_config_invalid');
+  }
+
+  return async ({ req, res, pathname, url }) => {
+    const handledAuth = await handleCatalogAuthRoutes({
+      req,
+      res,
+      pathname,
+      url,
+      apiBasePath,
+      handlers,
+      sendJson,
+    });
+    if (handledAuth) return true;
+    if (!pathname.startsWith(apiBasePath)) return false;
+
+    const suffix = pathname.slice(apiBasePath.length).replace(/^\/+/, '');
+    const segments = decodePathSegments(suffix);
+
+    const handledAdmin = await handleCatalogAdminRoutes({
+      req,
+      res,
+      url,
+      segments,
+      handlers,
+      sendJson,
+    });
+    if (handledAdmin) return true;
+
+    const handledUpload = await handleCatalogUploadRoutes({
+      req,
+      res,
+      pathname,
+      url,
+      segments,
+      apiBasePath,
+      handlers,
+      sendJson,
+    });
+    if (handledUpload) return true;
+
+    const handledPublic = await handleCatalogPublicRoutes({
+      req,
+      res,
+      pathname,
+      url,
+      segments,
+      apiBasePath,
+      orphanApiPath,
+      handlers,
+      sendJson,
+    });
+    if (handledPublic) return true;
+
+    sendJson(req, res, 404, { error: 'Rota de sticker pack nao encontrada.' });
+    return true;
+  };
+};

package/server/routes/sticker/stickerApiRouter.js

@@ -0,0 +1,84 @@
+import { requireAdminAuth } from '../../middleware/requireAdminAuth.js';
+import { createAdminApiRateLimit } from '../../middleware/rateLimit.js';
+
+let stickerCatalogControllerPromise = null;
+
+const loadStickerCatalogController = async () => {
+  if (!stickerCatalogControllerPromise) {
+    stickerCatalogControllerPromise = import('../../controllers/sticker/stickerCatalogController.js');
+  }
+  return stickerCatalogControllerPromise;
+};
+
+const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+
+const startsWithPath = (pathname, prefix) => {
+  if (!pathname || !prefix) return false;
+  if (pathname === prefix) return true;
+  return pathname.startsWith(`${prefix}/`);
+};
+
+const DEFAULT_STICKER_API_BASE_PATH = '/api/sticker-packs';
+const DEFAULT_MARKETPLACE_STATS_PATH = '/api/marketplace/stats';
+const ALLOWED_METHODS = new Set(['GET', 'HEAD', 'POST', 'PATCH', 'DELETE']);
+const adminApiRateLimit = createAdminApiRateLimit();
+
+const sendMethodNotAllowed = (req, res) => {
+  if (res.writableEnded) return;
+  res.statusCode = 405;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(JSON.stringify({ error: 'Method Not Allowed' }));
+};
+
+export const getStickerApiRouterConfig = async () => {
+  const controller = await loadStickerCatalogController();
+  const legacyConfig = (typeof controller?.getStickerCatalogConfig === 'function' ? controller.getStickerCatalogConfig() : null) || {};
+  return {
+    apiBasePath: normalizeBasePath(legacyConfig.apiBasePath, DEFAULT_STICKER_API_BASE_PATH),
+    marketplaceStatsPath: DEFAULT_MARKETPLACE_STATS_PATH,
+  };
+};
+
+export const shouldHandleStickerApiPath = (pathname, stickerConfig = null) => {
+  const apiBasePath = normalizeBasePath(stickerConfig?.apiBasePath, DEFAULT_STICKER_API_BASE_PATH);
+  const marketplaceStatsPath = normalizeBasePath(stickerConfig?.marketplaceStatsPath, DEFAULT_MARKETPLACE_STATS_PATH);
+  return startsWithPath(pathname, apiBasePath) || startsWithPath(pathname, marketplaceStatsPath);
+};
+
+export const maybeHandleStickerApiRequest = async (req, res, { pathname, url, config = null }) => {
+  const resolvedConfig = config || (await getStickerApiRouterConfig());
+  if (!shouldHandleStickerApiPath(pathname, resolvedConfig)) return false;
+
+  const method = String(req.method || '').toUpperCase();
+  if (!ALLOWED_METHODS.has(method)) {
+    sendMethodNotAllowed(req, res);
+    return true;
+  }
+
+  const apiBasePath = normalizeBasePath(resolvedConfig.apiBasePath, DEFAULT_STICKER_API_BASE_PATH);
+  const adminBasePath = `${apiBasePath}/admin`;
+  const adminSessionPath = `${adminBasePath}/session`;
+
+  if (startsWithPath(pathname, adminBasePath)) {
+    const allowedByRateLimit = adminApiRateLimit(req, res);
+    if (!allowedByRateLimit) return true;
+  }
+
+  if (startsWithPath(pathname, adminBasePath) && pathname !== adminSessionPath) {
+    const allowed = requireAdminAuth(req, res);
+    if (!allowed) return true;
+  }
+
+  const controller = await loadStickerCatalogController();
+  if (typeof controller?.maybeHandleStickerCatalogRequest !== 'function') return false;
+  return controller.maybeHandleStickerCatalogRequest(req, res, { pathname, url });
+};

package/server/routes/sticker/stickerDataRouter.js

@@ -0,0 +1,145 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import { safeJoin } from '../../utils/safePath.js';
+
+let stickerCatalogControllerPromise = null;
+
+const loadStickerCatalogController = async () => {
+  if (!stickerCatalogControllerPromise) {
+    stickerCatalogControllerPromise = import('../../controllers/sticker/stickerCatalogController.js');
+  }
+  return stickerCatalogControllerPromise;
+};
+
+const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+
+const startsWithPath = (pathname, prefix) => {
+  if (!pathname || !prefix) return false;
+  if (pathname === prefix) return true;
+  return pathname.startsWith(`${prefix}/`);
+};
+
+const DEFAULT_DATA_PUBLIC_PATH = '/data';
+const DEFAULT_DATA_PUBLIC_DIR = path.resolve(process.cwd(), 'data');
+const ALLOWED_EXTENSIONS = new Set(['.webp', '.png', '.jpg', '.jpeg', '.gif', '.avif', '.bmp']);
+
+const sendJson = (req, res, statusCode, payload) => {
+  if (res.writableEnded) return;
+  res.statusCode = statusCode;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(JSON.stringify(payload));
+};
+
+const resolveContentType = (extension) => {
+  if (extension === '.png') return 'image/png';
+  if (extension === '.jpg' || extension === '.jpeg') return 'image/jpeg';
+  if (extension === '.gif') return 'image/gif';
+  if (extension === '.avif') return 'image/avif';
+  if (extension === '.bmp') return 'image/bmp';
+  return 'image/webp';
+};
+
+const decodeRelativePath = (pathname, dataPublicPath) => {
+  const rawSuffix = pathname.slice(dataPublicPath.length).replace(/^\/+/, '');
+  if (!rawSuffix) return '';
+
+  const decodedSegments = rawSuffix
+    .split('/')
+    .filter(Boolean)
+    .map((segment) => decodeURIComponent(segment));
+
+  return decodedSegments.join('/');
+};
+
+export const getStickerDataRouterConfig = async () => {
+  const controller = await loadStickerCatalogController();
+  const legacyConfig = (typeof controller?.getStickerCatalogConfig === 'function' ? controller.getStickerCatalogConfig() : null) || {};
+  return {
+    dataPublicPath: normalizeBasePath(legacyConfig.dataPublicPath, DEFAULT_DATA_PUBLIC_PATH),
+    dataPublicDir: path.resolve(legacyConfig.dataPublicDir || DEFAULT_DATA_PUBLIC_DIR),
+  };
+};
+
+export const shouldHandleStickerDataPath = (pathname, stickerConfig = null) => {
+  const dataPublicPath = normalizeBasePath(stickerConfig?.dataPublicPath, DEFAULT_DATA_PUBLIC_PATH);
+  return startsWithPath(pathname, dataPublicPath);
+};
+
+export const maybeHandleStickerDataRequest = async (req, res, { pathname, config = null }) => {
+  const resolvedConfig = config || (await getStickerDataRouterConfig());
+  const dataPublicPath = normalizeBasePath(resolvedConfig.dataPublicPath, DEFAULT_DATA_PUBLIC_PATH);
+
+  if (!shouldHandleStickerDataPath(pathname, resolvedConfig)) return false;
+
+  if (!['GET', 'HEAD'].includes(req.method || '')) {
+    sendJson(req, res, 405, { error: 'Method Not Allowed' });
+    return true;
+  }
+
+  let relativePath = '';
+  try {
+    relativePath = decodeRelativePath(pathname, dataPublicPath);
+  } catch {
+    sendJson(req, res, 400, { error: 'Invalid path encoding' });
+    return true;
+  }
+
+  if (!relativePath) {
+    sendJson(req, res, 400, { error: 'Invalid path' });
+    return true;
+  }
+
+  const absolutePath = safeJoin(resolvedConfig.dataPublicDir, relativePath);
+  if (!absolutePath) {
+    sendJson(req, res, 400, { error: 'Invalid path' });
+    return true;
+  }
+
+  const extension = path.extname(absolutePath).toLowerCase();
+  if (!ALLOWED_EXTENSIONS.has(extension)) {
+    sendJson(req, res, 403, { error: 'Forbidden file type' });
+    return true;
+  }
+
+  try {
+    const fileHandle = await fs.open(absolutePath, 'r');
+    try {
+      const fileStat = await fileHandle.stat();
+      if (!fileStat.isFile()) {
+        sendJson(req, res, 404, { error: 'Not Found' });
+        return true;
+      }
+
+      const fileBuffer = req.method === 'HEAD' ? null : await fileHandle.readFile();
+      res.statusCode = 200;
+      res.setHeader('Content-Type', resolveContentType(extension));
+      res.setHeader('Cache-Control', 'public, max-age=300');
+      if (req.method === 'HEAD') {
+        res.end();
+        return true;
+      }
+      res.end(fileBuffer);
+      return true;
+    } finally {
+      await fileHandle.close();
+    }
+  } catch (error) {
+    if (error?.code === 'ENOENT') {
+      sendJson(req, res, 404, { error: 'Not Found' });
+      return true;
+    }
+
+    sendJson(req, res, 500, { error: 'Read error' });
+    return true;
+  }
+};

package/server/routes/sticker/stickerSiteRouter.js

@@ -0,0 +1,43 @@
+let stickerCatalogControllerPromise = null;
+
+const loadStickerCatalogController = async () => {
+  if (!stickerCatalogControllerPromise) {
+    stickerCatalogControllerPromise = import('../../controllers/sticker/stickerCatalogController.js');
+  }
+  return stickerCatalogControllerPromise;
+};
+
+const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+
+const startsWithPath = (pathname, prefix) => {
+  if (!pathname || !prefix) return false;
+  if (pathname === prefix) return true;
+  return pathname.startsWith(`${prefix}/`);
+};
+
+const DEFAULT_STICKER_WEB_PATH = '/stickers';
+
+export const getStickerSiteRouterConfig = async () => {
+  const controller = await loadStickerCatalogController();
+  const legacyConfig = (typeof controller?.getStickerCatalogConfig === 'function' ? controller.getStickerCatalogConfig() : null) || {};
+  return {
+    ...legacyConfig,
+    webPath: normalizeBasePath(legacyConfig.webPath, DEFAULT_STICKER_WEB_PATH),
+  };
+};
+
+export const shouldHandleStickerSitePath = (pathname, stickerConfig = null) => {
+  const resolvedWebPath = normalizeBasePath(stickerConfig?.webPath, DEFAULT_STICKER_WEB_PATH);
+  return pathname === '/sitemap.xml' || startsWithPath(pathname, resolvedWebPath);
+};
+
+export const maybeHandleStickerSiteRequest = async (req, res, { pathname, url }) => {
+  const controller = await loadStickerCatalogController();
+  if (typeof controller?.maybeHandleStickerCatalogRequest !== 'function') return false;
+  return controller.maybeHandleStickerCatalogRequest(req, res, { pathname, url });
+};

package/server/routes/user/userApiPaths.js

@@ -0,0 +1,66 @@
+export const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+
+const normalizePathname = (value) => {
+  const raw = String(value || '').trim();
+  if (!raw) return '/';
+  if (raw.length > 1 && raw.endsWith('/')) return raw.slice(0, -1);
+  return raw;
+};
+
+const hasPathPrefix = (pathname, prefix) => {
+  if (pathname === prefix) return true;
+  const normalizedPrefix = String(prefix || '').endsWith('/') ? String(prefix || '') : `${prefix}/`;
+  return pathname.startsWith(normalizedPrefix);
+};
+
+export const DEFAULT_USER_API_BASE_PATH = '/api';
+export const DEFAULT_LEGACY_STICKER_API_BASE_PATH = '/api/sticker-packs';
+
+const USER_API_EXACT_ROUTE_SUFFIXES = Object.freeze(['', '/auth/google/session', '/auth/login', '/auth/terms/acceptance', '/auth/password', '/auth/password/recovery/request', '/auth/password/recovery/verify', '/auth/password/recovery/session', '/auth/password/recovery/session/request', '/auth/password/recovery/session/verify', '/me', '/bot-contact', '/support', '/create-config', '/system-summary', '/project-summary', '/global-ranking-summary', '/readme-summary', '/readme-markdown', '/intents', '/creators', '/recommendations', '/stats', '/home-bootstrap']);
+
+const USER_API_PRIMARY_ONLY_ROUTE_SUFFIXES = Object.freeze(['/home-bootstrap', '/system-summary', '/project-summary', '/global-ranking-summary', '/readme-markdown', '/support', '/bot-contact']);
+const USER_API_PRIMARY_ONLY_ROUTE_SUFFIX_SET = new Set(USER_API_PRIMARY_ONLY_ROUTE_SUFFIXES);
+
+const USER_API_LEGACY_EXACT_ROUTE_SUFFIXES = Object.freeze(USER_API_EXACT_ROUTE_SUFFIXES.filter((suffix) => !USER_API_PRIMARY_ONLY_ROUTE_SUFFIX_SET.has(suffix)));
+
+const USER_API_PREFIX_ROUTE_SUFFIXES = Object.freeze([]);
+
+const buildUserApiMatcher = (apiBasePath, { legacyCompatible = false } = {}) => {
+  const exactRouteSuffixes = legacyCompatible ? USER_API_LEGACY_EXACT_ROUTE_SUFFIXES : USER_API_EXACT_ROUTE_SUFFIXES;
+  const basePath = normalizeBasePath(apiBasePath, DEFAULT_USER_API_BASE_PATH);
+  const exactPaths = new Set(exactRouteSuffixes.map((suffix) => `${basePath}${suffix}`));
+  const prefixPaths = USER_API_PREFIX_ROUTE_SUFFIXES.map((suffix) => `${basePath}${suffix}`);
+  return {
+    basePath,
+    exactPaths,
+    prefixPaths,
+  };
+};
+
+export const buildUserApiPaths = (apiBasePath, options = {}) => buildUserApiMatcher(apiBasePath, options).exactPaths;
+
+export const isUserApiPath = (pathname, apiBasePath, options = {}) => {
+  const normalizedPathname = normalizePathname(pathname);
+  const matcher = buildUserApiMatcher(apiBasePath, options);
+  if (matcher.exactPaths.has(normalizedPathname)) return true;
+  return matcher.prefixPaths.some((prefixPath) => hasPathPrefix(normalizedPathname, prefixPath));
+};
+
+export const resolveLegacyUserApiPath = (pathname, { apiBasePath = DEFAULT_USER_API_BASE_PATH, legacyApiBasePath = DEFAULT_LEGACY_STICKER_API_BASE_PATH, legacyCompatible = false } = {}) => {
+  const normalizedPathname = normalizePathname(pathname);
+  const resolvedApiBasePath = normalizeBasePath(apiBasePath, DEFAULT_USER_API_BASE_PATH);
+  const resolvedLegacyBasePath = normalizeBasePath(legacyApiBasePath, DEFAULT_LEGACY_STICKER_API_BASE_PATH);
+
+  if (!isUserApiPath(normalizedPathname, resolvedApiBasePath, { legacyCompatible })) return null;
+  if (resolvedApiBasePath === resolvedLegacyBasePath) return normalizedPathname;
+  if (normalizedPathname === resolvedApiBasePath) return resolvedLegacyBasePath;
+
+  const suffix = normalizedPathname.slice(resolvedApiBasePath.length);
+  if (!suffix) return resolvedLegacyBasePath;
+  return `${resolvedLegacyBasePath}${suffix.startsWith('/') ? suffix : `/${suffix}`}`;
+};

package/server/routes/user/userRouter.js

@@ -0,0 +1,65 @@
+import { DEFAULT_LEGACY_STICKER_API_BASE_PATH, DEFAULT_USER_API_BASE_PATH, buildUserApiPaths, isUserApiPath, normalizeBasePath } from './userApiPaths.js';
+export { buildUserApiPaths };
+
+let userControllerPromise = null;
+
+const loadUserController = async () => {
+  if (!userControllerPromise) {
+    userControllerPromise = import('../../controllers/userController.js');
+  }
+  return userControllerPromise;
+};
+
+const startsWithPath = (pathname, prefix) => {
+  if (!pathname || !prefix) return false;
+  if (pathname === prefix) return true;
+  return pathname.startsWith(`${prefix}/`);
+};
+
+const DEFAULT_USER_WEB_PATH = '/user';
+const DEFAULT_USER_LEGACY_API_BASE_PATH = DEFAULT_LEGACY_STICKER_API_BASE_PATH;
+const DEFAULT_USER_PASSWORD_RESET_WEB_PATH = `${DEFAULT_USER_WEB_PATH}/password-reset`;
+const resolveDefaultPasswordResetWebPath = (webPath) => {
+  const normalizedWebPath = normalizeBasePath(webPath, DEFAULT_USER_WEB_PATH);
+  if (normalizedWebPath === '/') return DEFAULT_USER_PASSWORD_RESET_WEB_PATH;
+  return normalizeBasePath(`${normalizedWebPath}/password-reset`, DEFAULT_USER_PASSWORD_RESET_WEB_PATH);
+};
+
+export const getUserRouterConfig = async () => {
+  const controller = await loadUserController();
+  const legacyConfig = (typeof controller?.getUserRouteConfig === 'function' ? controller.getUserRouteConfig() : null) || {};
+  const webPath = normalizeBasePath(legacyConfig.webPath, DEFAULT_USER_WEB_PATH);
+  const fallbackPasswordResetWebPath = resolveDefaultPasswordResetWebPath(webPath);
+  return {
+    webPath,
+    passwordResetWebPath: normalizeBasePath(legacyConfig.passwordResetWebPath, fallbackPasswordResetWebPath),
+    apiBasePath: normalizeBasePath(legacyConfig.apiBasePath, DEFAULT_USER_API_BASE_PATH),
+    legacyApiBasePath: normalizeBasePath(legacyConfig.legacyApiBasePath, DEFAULT_USER_LEGACY_API_BASE_PATH),
+  };
+};
+
+export const shouldHandleUserPath = (pathname, userConfig = null) => {
+  const resolvedConfig = userConfig || {
+    webPath: DEFAULT_USER_WEB_PATH,
+    passwordResetWebPath: DEFAULT_USER_PASSWORD_RESET_WEB_PATH,
+    apiBasePath: DEFAULT_USER_API_BASE_PATH,
+    legacyApiBasePath: DEFAULT_USER_LEGACY_API_BASE_PATH,
+  };
+  const webPath = normalizeBasePath(resolvedConfig.webPath, DEFAULT_USER_WEB_PATH);
+  const fallbackPasswordResetWebPath = resolveDefaultPasswordResetWebPath(webPath);
+  const passwordResetWebPath = normalizeBasePath(resolvedConfig.passwordResetWebPath, fallbackPasswordResetWebPath);
+
+  if (startsWithPath(pathname, webPath) || startsWithPath(pathname, passwordResetWebPath)) return true;
+
+  const apiBasePath = normalizeBasePath(resolvedConfig.apiBasePath, DEFAULT_USER_API_BASE_PATH);
+  if (isUserApiPath(pathname, apiBasePath)) return true;
+
+  const legacyApiBasePath = normalizeBasePath(resolvedConfig.legacyApiBasePath, DEFAULT_USER_LEGACY_API_BASE_PATH);
+  return isUserApiPath(pathname, legacyApiBasePath, { legacyCompatible: true });
+};
+
+export const maybeHandleUserRequest = async (req, res, { pathname, url }) => {
+  const controller = await loadUserController();
+  if (typeof controller?.maybeHandleUserRequest !== 'function') return false;
+  return controller.maybeHandleUserRequest(req, res, { pathname, url });
+};