npm - @playcademy/sandbox - Versions diffs - 0.3.17-beta.13 → 0.3.17-beta.14 - Mend

@playcademy/sandbox 0.3.17-beta.13 → 0.3.17-beta.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.js CHANGED Viewed

@@ -300,7 +300,7 @@ var init_achievements = __esm(() => {
 });
 // ../constants/src/auth.ts
-var AUTH_PROVIDER_IDS;
+var AUTH_PROVIDER_IDS, DEMO_DISPLAY_NAME_PLACEHOLDER = "Demo Player";
 var init_auth = __esm(() => {
   AUTH_PROVIDER_IDS = {
     TIMEBACK: "timeback",
@@ -387,7 +387,8 @@ var init_overworld = __esm(() => {
     ERROR: 4000
   };
   CORE_GAME_UUIDS = {
-    PLAYGROUND: "00000000-0000-0000-0000-000000000001"
+    PLAYGROUND: "00000000-0000-0000-0000-000000000001",
+    DEMO: "00000000-0000-0000-0000-000000000002"
   };
 });
@@ -465,13 +466,15 @@ var init_src = __esm(() => {
 // src/constants/demo-users.ts
 var now, DEMO_USER_IDS, DEMO_USERS, DEMO_USER;
 var init_demo_users = __esm(() => {
+  init_src();
   now = new Date;
   DEMO_USER_IDS = {
     player: "00000000-0000-0000-0000-000000000001",
     developer: "00000000-0000-0000-0000-000000000002",
     admin: "00000000-0000-0000-0000-000000000003",
     pendingDeveloper: "00000000-0000-0000-0000-000000000004",
-    unverifiedPlayer: "00000000-0000-0000-0000-000000000005"
+    unverifiedPlayer: "00000000-0000-0000-0000-000000000005",
+    anonymousPlayer: "00000000-0000-0000-0000-000000000006"
   };
   DEMO_USERS = {
     admin: {
@@ -533,6 +536,19 @@ var init_demo_users = __esm(() => {
       developerStatus: "none",
       createdAt: now,
       updatedAt: now
+    },
+    anonymousPlayer: {
+      id: DEMO_USER_IDS.anonymousPlayer,
+      name: DEMO_DISPLAY_NAME_PLACEHOLDER,
+      username: "anonymous_demo_player",
+      email: "player@anon.demo.playcademy.gg",
+      emailVerified: false,
+      image: null,
+      isAnonymous: true,
+      role: "player",
+      developerStatus: "none",
+      createdAt: now,
+      updatedAt: now
     }
   };
   DEMO_USER = DEMO_USERS.player;
@@ -546,6 +562,7 @@ var init_demo_tokens = __esm(() => {
     "sandbox-demo-token": DEMO_USERS.player,
     "sandbox-admin-token": DEMO_USERS.admin,
     "sandbox-player-token": DEMO_USERS.player,
+    "sandbox-anonymous-token": DEMO_USERS.anonymousPlayer,
     "sandbox-developer-token": DEMO_USERS.developer,
     "sandbox-pending-dev-token": DEMO_USERS.pendingDeveloper,
     "sandbox-unverified-token": DEMO_USERS.unverifiedPlayer,
@@ -554,6 +571,7 @@ var init_demo_tokens = __esm(() => {
   };
   SANDBOX_TOKENS = {
     player: "sandbox-player-token",
+    anonymous: "sandbox-anonymous-token",
     developer: "sandbox-developer-token",
     admin: "sandbox-admin-token",
     pendingDeveloper: "sandbox-pending-dev-token",
@@ -1311,7 +1329,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@playcademy/sandbox",
-    version: "0.3.17-beta.13",
+    version: "0.3.17-beta.14",
     description: "Local development server for Playcademy game development",
     type: "module",
     exports: {
@@ -11560,6 +11578,7 @@ var init_table6 = __esm(() => {
     name: text("name").notNull(),
     username: text("username").unique(),
     email: text("email").notNull().unique(),
+    isAnonymous: boolean("is_anonymous").notNull().default(false),
     timebackId: text("timeback_id").unique(),
     emailVerified: boolean("email_verified").notNull().default(false),
     image: text("image"),
@@ -32597,7 +32616,7 @@ class LeaderboardService {
   constructor(deps) {
     this.deps = deps;
   }
-  async submitScore(gameId, userId, input, sessionId) {
+  async submitScore(gameId, userId, input, isAnonymousUser, sessionId) {
     const db2 = this.deps.db;
     const game = await db2.select({ displayName: games.displayName }).from(games).where(eq(games.id, gameId)).limit(1).then((rows) => rows[0]);
     if (!game) {
@@ -32608,7 +32627,7 @@ class LeaderboardService {
     const prevBestScore = prevBestScoreRows[0]?.score ?? null;
     let prevRank = null;
     if (prevBestScore !== null && prevBestScore !== undefined) {
-      const higherCountRows = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).where(and(eq(gameScores.gameId, gameId), sql`${gameScores.userId} != ${userId}`, sql`${gameScores.score} > ${prevBestScore}`));
+      const higherCountRows = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), eq(users.isAnonymous, isAnonymousUser), sql`${gameScores.userId} != ${userId}`, sql`${gameScores.score} > ${prevBestScore}`));
       const higherCount = higherCountRows[0]?.count ?? 0;
       prevRank = Number(higherCount) + 1;
     }
@@ -32625,13 +32644,13 @@ class LeaderboardService {
     }
     const bestScoreRows = await db2.select({ score: sql`MAX(${gameScores.score})` }).from(gameScores).where(and(eq(gameScores.gameId, gameId), eq(gameScores.userId, userId)));
     const bestScore = bestScoreRows[0]?.score ?? input.score;
-    const higherCountNowRows = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).where(and(eq(gameScores.gameId, gameId), sql`${gameScores.userId} != ${userId}`, sql`${gameScores.score} > ${bestScore}`));
+    const higherCountNowRows = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), eq(users.isAnonymous, isAnonymousUser), sql`${gameScores.userId} != ${userId}`, sql`${gameScores.score} > ${bestScore}`));
     const higherCountNow = higherCountNowRows[0]?.count ?? 0;
     const newRank = Number(higherCountNow) + 1;
-    const totalPlayersRows = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).where(eq(gameScores.gameId, gameId));
+    const totalPlayersRows = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), eq(users.isAnonymous, isAnonymousUser)));
     const totalPlayers = Number(totalPlayersRows[0]?.count ?? 1);
     const { shouldNotify, crossedIntoTop3, movedUpWithinTop3, isFirstScore, isPersonalBest } = shouldNotifyRankChange(prevRank, newRank, prevBestScore, input.score);
-    if (shouldNotify) {
+    if (shouldNotify && !isAnonymousUser) {
       await this.publishScoreNotifications({
         userId,
         gameId,
@@ -32651,6 +32670,7 @@ class LeaderboardService {
     logger21.info("Score submitted", {
       gameId,
       userId,
+      isAnonymousUser,
       score: input.score,
       newRank,
       isFirstScore,
@@ -32727,7 +32747,7 @@ class LeaderboardService {
       logger21.warn("Failed to publish notification", { error });
     }
   }
-  async getLeaderboard(gameId, query) {
+  async getLeaderboard(gameId, query, isAnonymousUser) {
     const { timeframe, limit, offset } = query;
     const db2 = this.deps.db;
     const dateFilter = getTimeframeFilter(timeframe);
@@ -32739,31 +32759,35 @@ class LeaderboardService {
       score: gameScores.score,
       achievedAt: gameScores.achievedAt,
       metadata: gameScores.metadata
-    }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), dateFilter)).orderBy(desc(gameScores.score)).limit(limit).offset(offset);
+    }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), dateFilter, eq(users.isAnonymous, isAnonymousUser))).orderBy(desc(gameScores.score)).limit(limit).offset(offset);
     return scores.map((score, index2) => ({
       rank: offset + index2 + 1,
       userId: score.userId,
-      username: score.username || score.name?.split(" ")[0] || "Unknown User",
+      username: score.name || score.username || "Unknown User",
       userImage: score.userImage,
       score: score.score,
       achievedAt: score.achievedAt,
       metadata: score.metadata
     }));
   }
-  async getGlobalLeaderboard(gameId, query) {
+  async getGlobalLeaderboard(gameId, query, isAnonymousUser) {
     if (!gameId) {
       return [];
     }
     const { timeframe, limit, offset } = query;
     const db2 = this.deps.db;
     const dateFilter = getTimeframeFilter(timeframe);
-    const conditions2 = [dateFilter, eq(gameScores.gameId, gameId)];
+    const conditions2 = [
+      dateFilter,
+      eq(gameScores.gameId, gameId),
+      eq(users.isAnonymous, isAnonymousUser)
+    ];
     const bestScoresSubquery = db2.select({
       userId: gameScores.userId,
       gameId: gameScores.gameId,
       score: sql`MAX(${gameScores.score})`.as("max_score"),
       achievedAt: sql`MAX(${gameScores.achievedAt})`.as("max_achieved_at")
-    }).from(gameScores).where(and(...conditions2)).groupBy(gameScores.userId, gameScores.gameId).as("best_scores");
+    }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(...conditions2)).groupBy(gameScores.userId, gameScores.gameId).as("best_scores");
     const scores = await db2.select({
       userId: users.id,
       username: users.username,
@@ -32779,7 +32803,7 @@ class LeaderboardService {
     return scores.map((score, index2) => ({
       rank: offset + index2 + 1,
       userId: score.userId,
-      username: score.username || score.name?.split(" ")[0] || "Unknown User",
+      username: score.name || score.username || "Unknown User",
       userImage: score.userImage,
       score: score.score,
       achievedAt: score.achievedAt,
@@ -32789,15 +32813,15 @@ class LeaderboardService {
       gameSlug: score.gameSlug || ""
     }));
   }
-  async getUserRank(gameId, userId) {
+  async getUserRank(gameId, userId, isAnonymousUser) {
     const db2 = this.deps.db;
-    const userScoreResult = await db2.select({ score: gameScores.score }).from(gameScores).where(and(eq(gameScores.gameId, gameId), eq(gameScores.userId, userId))).orderBy(desc(gameScores.score)).limit(1);
+    const userScoreResult = await db2.select({ score: gameScores.score }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), eq(gameScores.userId, userId), eq(users.isAnonymous, isAnonymousUser))).orderBy(desc(gameScores.score)).limit(1);
     if (!userScoreResult.length || !userScoreResult[0]) {
       return null;
     }
     const score = userScoreResult[0].score;
-    const countResult = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).where(and(eq(gameScores.gameId, gameId), sql`${gameScores.score} > ${score}`));
-    const totalResult = await db2.select({ total: sql`count(distinct ${gameScores.userId})` }).from(gameScores).where(eq(gameScores.gameId, gameId));
+    const countResult = await db2.select({ count: sql`count(distinct ${gameScores.userId})` }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), eq(users.isAnonymous, isAnonymousUser), sql`${gameScores.score} > ${score}`));
+    const totalResult = await db2.select({ total: sql`count(distinct ${gameScores.userId})` }).from(gameScores).innerJoin(users, eq(gameScores.userId, users.id)).where(and(eq(gameScores.gameId, gameId), eq(users.isAnonymous, isAnonymousUser)));
     const count = Number(countResult[0]?.count ?? 0);
     const total = Number(totalResult[0]?.total ?? 0);
     const rank = count + 1;
@@ -34250,6 +34274,35 @@ class UserService {
       timeback: timeback2
     };
   }
+  async getDemoProfile(userId) {
+    const userData = await this.deps.db.query.users.findFirst({
+      where: eq(users.id, userId),
+      columns: { name: true }
+    });
+    if (!userData) {
+      logger32.error("Demo user not found", { userId });
+      throw new NotFoundError("User", userId);
+    }
+    return {
+      displayName: userData.name,
+      isDefault: userData.name === DEMO_DISPLAY_NAME_PLACEHOLDER
+    };
+  }
+  async updateDemoProfile(userId, displayName) {
+    const [updatedUser] = await this.deps.db.update(users).set({
+      name: displayName,
+      updatedAt: new Date
+    }).where(eq(users.id, userId)).returning({ name: users.name });
+    if (!updatedUser) {
+      logger32.error("Demo user not found for profile update", { userId });
+      throw new NotFoundError("User", userId);
+    }
+    logger32.debug("Updated demo profile", { userId, displayName });
+    return {
+      displayName: updatedUser.name,
+      isDefault: updatedUser.name === DEMO_DISPLAY_NAME_PLACEHOLDER
+    };
+  }
   async fetchTimebackData(timebackId, gameId) {
     const [{ role, organizations: allOrganizations }, allEnrollments] = await Promise.all([
       this.fetchStudentProfile(timebackId),
@@ -34342,6 +34395,7 @@ class UserService {
 var logger32;
 var init_user_service = __esm(() => {
   init_drizzle_orm();
+  init_src();
   init_tables_index();
   init_src2();
   init_errors();
@@ -93410,7 +93464,10 @@ var init_drizzle_zod = __esm(() => {
 });
 // ../data/src/domains/user/schemas.ts
-var InsertUserSchema;
+function normalizeDisplayName(value) {
+  return value.trim().replace(/\s+/g, " ");
+}
+var InsertUserSchema, DemoProfileSchema;
 var init_schemas = __esm(() => {
   init_drizzle_zod();
   init_esm();
@@ -93419,6 +93476,9 @@ var init_schemas = __esm(() => {
     email: exports_external.string().email(),
     name: exports_external.string().optional()
   });
+  DemoProfileSchema = exports_external.object({
+    displayName: exports_external.string().transform(normalizeDisplayName).refine((value) => value.length >= 2, "Display name must be at least 2 characters").refine((value) => value.length <= 12, "Display name must be 12 characters or fewer")
+  });
 });
 // ../data/src/domains/game/schemas.ts
@@ -94036,6 +94096,28 @@ function requireAuth(handler) {
     return handler(ctx);
   };
 }
+function requireNonAnonymous(handler) {
+  return async (ctx) => {
+    if (!isAuthenticated(ctx)) {
+      throw ApiError.unauthorized("Valid session or bearer token required");
+    }
+    if (ctx.user.isAnonymous) {
+      throw ApiError.forbidden("This operation is not available for demo/anonymous users");
+    }
+    return handler(ctx);
+  };
+}
+function requireAnonymous(handler) {
+  return async (ctx) => {
+    if (!isAuthenticated(ctx)) {
+      throw ApiError.unauthorized("Valid session or bearer token required");
+    }
+    if (!ctx.user.isAnonymous) {
+      throw ApiError.forbidden("This operation is only available for demo/anonymous users");
+    }
+    return handler(ctx);
+  };
+}
 function requireRole(roles2, handler) {
   return async (ctx) => {
     if (!isAuthenticated(ctx)) {
@@ -94276,16 +94358,16 @@ var init_achievement_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger37 = log.scope("AchievementController");
-  listCurrent = requireAuth(async (ctx) => {
+  listCurrent = requireNonAnonymous(async (ctx) => {
     logger37.debug("Listing current achievements", { userId: ctx.user.id, gameId: ctx.gameId });
     return ctx.services.achievement.listCurrent(ctx.user, ctx.gameId);
   });
-  listHistory = requireAuth(async (ctx) => {
+  listHistory = requireNonAnonymous(async (ctx) => {
     const limit = Math.max(1, Math.min(100, Number(ctx.url.searchParams.get("limit")) || 20));
     logger37.debug("Listing achievement history", { userId: ctx.user.id, limit });
     return ctx.services.achievement.listHistory(ctx.user, limit);
   });
-  postProgress = requireAuth(async (ctx) => {
+  postProgress = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -94439,11 +94521,11 @@ var init_character_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger40 = log.scope("CharacterController");
-  get = requireAuth(async (ctx) => {
+  get = requireNonAnonymous(async (ctx) => {
     logger40.debug("Getting character", { userId: ctx.user.id });
     return ctx.services.character.getByUser(ctx.user);
   });
-  getByUserId = requireAuth(async (ctx) => {
+  getByUserId = requireNonAnonymous(async (ctx) => {
     const userId = ctx.params.userId;
     if (!userId) {
       throw ApiError.badRequest("User ID is required in the URL path");
@@ -94451,7 +94533,7 @@ var init_character_controller = __esm(() => {
     logger40.debug("Getting character by user ID", { requestedUserId: userId });
     return ctx.services.character.getByUserId(userId);
   });
-  create = requireAuth(async (ctx) => {
+  create = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -94471,7 +94553,7 @@ var init_character_controller = __esm(() => {
     });
     return ctx.services.character.create(body2, ctx.user);
   });
-  update2 = requireAuth(async (ctx) => {
+  update2 = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -94492,7 +94574,7 @@ var init_character_controller = __esm(() => {
     });
     return ctx.services.character.update(body2, ctx.user);
   });
-  equipAccessory = requireAuth(async (ctx) => {
+  equipAccessory = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -94512,7 +94594,7 @@ var init_character_controller = __esm(() => {
     });
     return ctx.services.character.equipAccessory(body2.slot, body2.accessoryComponentId, ctx.user);
   });
-  removeAccessory = requireAuth(async (ctx) => {
+  removeAccessory = requireNonAnonymous(async (ctx) => {
     const slot = ctx.params.slot;
     if (!slot) {
       throw ApiError.badRequest("Slot is required in the URL path");
@@ -94542,11 +94624,11 @@ var init_currency_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger41 = log.scope("CurrencyController");
-  list = requireAuth(async (ctx) => {
+  list = requireNonAnonymous(async (ctx) => {
     logger41.debug("Listing currencies", { userId: ctx.user.id });
     return ctx.services.currency.list();
   });
-  getById = requireAuth(async (ctx) => {
+  getById = requireNonAnonymous(async (ctx) => {
     const currencyId = ctx.params.currencyId;
     if (!currencyId) {
       throw ApiError.badRequest("Missing currency ID");
@@ -94721,11 +94803,11 @@ var init_developer_controller = __esm(() => {
   init_src2();
   init_utils11();
   logger44 = log.scope("DeveloperController");
-  apply = requireAuth(async (ctx) => {
+  apply = requireNonAnonymous(async (ctx) => {
     logger44.debug("Applying for developer status", { userId: ctx.user.id });
     await ctx.services.developer.apply(ctx.user);
   });
-  getStatus = requireAuth(async (ctx) => {
+  getStatus = requireNonAnonymous(async (ctx) => {
     logger44.debug("Getting developer status", { userId: ctx.user.id });
     const status = await ctx.services.developer.getStatus(ctx.user.id);
     return { status };
@@ -94827,19 +94909,19 @@ var init_game_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger46 = log.scope("GameController");
-  list3 = requireAuth(async (ctx) => {
+  list3 = requireNonAnonymous(async (ctx) => {
     logger46.debug("Listing games", { userId: ctx.user.id });
     return ctx.services.game.list(ctx.user);
   });
-  listManageable = requireAuth(async (ctx) => {
+  listManageable = requireNonAnonymous(async (ctx) => {
     logger46.debug("Listing manageable games", { userId: ctx.user.id });
     return ctx.services.game.listManageable(ctx.user);
   });
-  getSubjects = requireAuth(async (ctx) => {
+  getSubjects = requireNonAnonymous(async (ctx) => {
     logger46.debug("Getting game subjects", { userId: ctx.user.id });
     return ctx.services.game.getSubjects();
   });
-  getById2 = requireAuth(async (ctx) => {
+  getById2 = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     if (!gameId) {
       throw ApiError.badRequest("Missing game ID");
@@ -94850,7 +94932,7 @@ var init_game_controller = __esm(() => {
     logger46.debug("Getting game by ID", { userId: ctx.user.id, gameId, launchId: ctx.launchId });
     return ctx.services.game.getById(gameId, ctx.user);
   });
-  getBySlug = requireAuth(async (ctx) => {
+  getBySlug = requireNonAnonymous(async (ctx) => {
     const slug2 = ctx.params.slug;
     if (!slug2) {
       throw ApiError.badRequest("Missing game slug");
@@ -94858,7 +94940,7 @@ var init_game_controller = __esm(() => {
     logger46.debug("Getting game by slug", { userId: ctx.user.id, slug: slug2, launchId: ctx.launchId });
     return ctx.services.game.getBySlug(slug2, ctx.user);
   });
-  getManifest = requireAuth(async (ctx) => {
+  getManifest = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     if (!gameId) {
       throw ApiError.badRequest("Missing game ID");
@@ -94873,7 +94955,7 @@ var init_game_controller = __esm(() => {
     });
     return ctx.services.game.getManifest(gameId, ctx.user);
   });
-  upsertBySlug = requireAuth(async (ctx) => {
+  upsertBySlug = requireNonAnonymous(async (ctx) => {
     const slug2 = ctx.params.slug;
     if (!slug2) {
       throw ApiError.badRequest("Missing game slug");
@@ -94893,7 +94975,7 @@ var init_game_controller = __esm(() => {
     logger46.debug("Upserting game", { userId: ctx.user.id, slug: slug2, displayName: body2.displayName });
     return ctx.services.game.upsertBySlug(slug2, body2, ctx.user);
   });
-  remove3 = requireAuth(async (ctx) => {
+  remove3 = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     if (!gameId) {
       throw ApiError.badRequest("Missing game ID");
@@ -94925,11 +95007,11 @@ var init_inventory_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger47 = log.scope("InventoryController");
-  list4 = requireAuth(async (ctx) => {
+  list4 = requireNonAnonymous(async (ctx) => {
     logger47.debug("Listing inventory", { userId: ctx.user.id });
     return ctx.services.inventory.list(ctx.user);
   });
-  addItem = requireAuth(async (ctx) => {
+  addItem = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -94949,7 +95031,7 @@ var init_inventory_controller = __esm(() => {
     });
     return ctx.services.inventory.addItem(body2.itemId, body2.qty, ctx.user);
   });
-  removeItem = requireAuth(async (ctx) => {
+  removeItem = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -94986,12 +95068,12 @@ var init_item_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger48 = log.scope("ItemController");
-  list5 = requireAuth(async (ctx) => {
+  list5 = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.url.searchParams.get("gameId") || undefined;
     logger48.debug("Listing items", { userId: ctx.user.id, gameId });
     return ctx.services.item.list(gameId);
   });
-  getById3 = requireAuth(async (ctx) => {
+  getById3 = requireNonAnonymous(async (ctx) => {
     const itemId = ctx.params.itemId;
     if (!itemId) {
       throw ApiError.badRequest("Missing item ID");
@@ -95002,7 +95084,7 @@ var init_item_controller = __esm(() => {
     logger48.debug("Getting item", { userId: ctx.user.id, itemId });
     return ctx.services.item.getById(itemId);
   });
-  resolve2 = requireAuth(async (ctx) => {
+  resolve2 = requireNonAnonymous(async (ctx) => {
     const slug2 = ctx.url.searchParams.get("slug");
     const gameId = ctx.url.searchParams.get("gameId") || undefined;
     if (!slug2) {
@@ -95077,7 +95159,7 @@ var init_item_controller = __esm(() => {
     logger48.debug("Deleting item", { userId: ctx.user.id, itemId });
     await ctx.services.item.delete(itemId);
   });
-  listByGame = requireAuth(async (ctx) => {
+  listByGame = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     if (!gameId) {
       throw ApiError.badRequest("Missing game ID");
@@ -95088,7 +95170,7 @@ var init_item_controller = __esm(() => {
     logger48.debug("Listing game items", { userId: ctx.user.id, gameId });
     return ctx.services.item.listByGame(gameId);
   });
-  createForGame = requireAuth(async (ctx) => {
+  createForGame = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     if (!gameId) {
       throw ApiError.badRequest("Missing game ID");
@@ -95116,7 +95198,7 @@ var init_item_controller = __esm(() => {
     });
     return ctx.services.item.createForGame(gameId, body2, ctx.user);
   });
-  updateForGame = requireAuth(async (ctx) => {
+  updateForGame = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     const itemId = ctx.params.itemId;
     if (!gameId || !itemId) {
@@ -95153,7 +95235,7 @@ var init_item_controller = __esm(() => {
     });
     return ctx.services.item.updateForGame(gameId, itemId, body2, ctx.user);
   });
-  deleteForGame = requireAuth(async (ctx) => {
+  deleteForGame = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     const itemId = ctx.params.itemId;
     if (!gameId || !itemId) {
@@ -95317,7 +95399,7 @@ var init_leaderboard_controller = __esm(() => {
       gameId,
       score: body2.score
     });
-    return ctx.services.leaderboard.submitScore(gameId, ctx.user.id, { score: body2.score, metadata: body2.metadata }, ctx.params.sessionId);
+    return ctx.services.leaderboard.submitScore(gameId, ctx.user.id, { score: body2.score, metadata: body2.metadata }, ctx.user.isAnonymous, ctx.params.sessionId);
   });
   getGlobalLeaderboard = requireAuth(async (ctx) => {
     const url = ctx.url;
@@ -95345,7 +95427,7 @@ var init_leaderboard_controller = __esm(() => {
       gameId,
       ...query
     });
-    return ctx.services.leaderboard.getGlobalLeaderboard(gameId, query);
+    return ctx.services.leaderboard.getGlobalLeaderboard(gameId, query, ctx.user.isAnonymous);
   });
   getLeaderboard = requireAuth(async (ctx) => {
     const gameId = ctx.params.gameId;
@@ -95373,9 +95455,9 @@ var init_leaderboard_controller = __esm(() => {
       gameId,
       ...query
     });
-    return ctx.services.leaderboard.getLeaderboard(gameId, query);
+    return ctx.services.leaderboard.getLeaderboard(gameId, query, ctx.user.isAnonymous);
   });
-  getUserRank = requireAuth(async (ctx) => {
+  getUserRank = requireNonAnonymous(async (ctx) => {
     const { gameId, userId } = ctx.params;
     if (!gameId || !userId) {
       throw ApiError.badRequest("Game ID and User ID are required");
@@ -95385,9 +95467,9 @@ var init_leaderboard_controller = __esm(() => {
       gameId,
       targetUserId: userId
     });
-    return ctx.services.leaderboard.getUserRank(gameId, userId);
+    return ctx.services.leaderboard.getUserRank(gameId, userId, ctx.user.isAnonymous);
   });
-  getUserAllScores = requireAuth(async (ctx) => {
+  getUserAllScores = requireNonAnonymous(async (ctx) => {
     const userId = ctx.params.userId;
     if (!userId) {
       throw ApiError.badRequest("User ID is required");
@@ -95403,7 +95485,7 @@ var init_leaderboard_controller = __esm(() => {
     });
     return ctx.services.leaderboard.getUserAllScores(userId, { limit, gameId });
   });
-  getUserScores = requireAuth(async (ctx) => {
+  getUserScores = requireNonAnonymous(async (ctx) => {
     const { gameId, userId } = ctx.params;
     if (!gameId || !userId) {
       throw ApiError.badRequest("Game ID and User ID are required");
@@ -95451,11 +95533,11 @@ var init_level_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger51 = log.scope("LevelController");
-  getByUser = requireAuth(async (ctx) => {
+  getByUser = requireNonAnonymous(async (ctx) => {
     logger51.debug("Getting user level", { userId: ctx.user.id });
     return ctx.services.level.getByUser(ctx.user);
   });
-  getProgress = requireAuth(async (ctx) => {
+  getProgress = requireNonAnonymous(async (ctx) => {
     logger51.debug("Getting level progress", { userId: ctx.user.id });
     return ctx.services.level.getProgress(ctx.user);
   });
@@ -95510,7 +95592,7 @@ var init_lti_controller = __esm(() => {
   init_src2();
   init_utils11();
   logger53 = log.scope("LtiController");
-  getStatus3 = requireAuth(async (ctx) => {
+  getStatus3 = requireNonAnonymous(async (ctx) => {
     logger53.debug("Getting status", { userId: ctx.user.id });
     return ctx.services.lti.getStatus(ctx.user);
   });
@@ -95529,7 +95611,7 @@ var init_map_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger54 = log.scope("MapController");
-  getByIdentifier = requireAuth(async (ctx) => {
+  getByIdentifier = requireNonAnonymous(async (ctx) => {
     const identifier = ctx.params.identifier;
     if (!identifier) {
       throw ApiError.badRequest("Missing map identifier");
@@ -95537,7 +95619,7 @@ var init_map_controller = __esm(() => {
     logger54.debug("Getting map", { userId: ctx.user.id, identifier });
     return ctx.services.map.getByIdentifier(identifier);
   });
-  getElements = requireAuth(async (ctx) => {
+  getElements = requireNonAnonymous(async (ctx) => {
     const mapId = ctx.url.searchParams.get("mapId");
     if (!mapId) {
       throw ApiError.badRequest("Missing required query parameter: mapId");
@@ -95548,7 +95630,7 @@ var init_map_controller = __esm(() => {
     logger54.debug("Getting map elements", { userId: ctx.user.id, mapId });
     return ctx.services.map.getElements(mapId);
   });
-  getObjects = requireAuth(async (ctx) => {
+  getObjects = requireNonAnonymous(async (ctx) => {
     const mapId = ctx.params.mapId;
     if (!mapId) {
       throw ApiError.badRequest("Missing mapId");
@@ -95559,7 +95641,7 @@ var init_map_controller = __esm(() => {
     logger54.debug("Getting map objects", { userId: ctx.user.id, mapId });
     return ctx.services.map.getObjects(mapId, ctx.user.id);
   });
-  createObject = requireAuth(async (ctx) => {
+  createObject = requireNonAnonymous(async (ctx) => {
     const mapId = ctx.params.mapId;
     if (!mapId) {
       throw ApiError.badRequest("Missing mapId");
@@ -95593,7 +95675,7 @@ var init_map_controller = __esm(() => {
     const { mapId: _mapId, ...data } = body2;
     return ctx.services.map.createObject(mapId, data, ctx.user);
   });
-  deleteObject = requireAuth(async (ctx) => {
+  deleteObject = requireNonAnonymous(async (ctx) => {
     const { mapId, objectId } = ctx.params;
     if (!mapId) {
       throw ApiError.badRequest("Missing mapId");
@@ -95628,7 +95710,7 @@ var init_notification_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger55 = log.scope("NotificationController");
-  list6 = requireAuth(async (ctx) => {
+  list6 = requireNonAnonymous(async (ctx) => {
     const query = {
       status: ctx.url.searchParams.get("status") || undefined,
       type: ctx.url.searchParams.get("type") || undefined,
@@ -95644,7 +95726,7 @@ var init_notification_controller = __esm(() => {
     logger55.debug("Listing notifications", { userId: ctx.user.id, ...result.data });
     return ctx.services.notification.list(ctx.user, result.data);
   });
-  updateStatus = requireAuth(async (ctx) => {
+  updateStatus = requireNonAnonymous(async (ctx) => {
     const notificationId = ctx.params.notificationId;
     if (!notificationId) {
       throw ApiError.badRequest("Notification ID required");
@@ -95668,7 +95750,7 @@ var init_notification_controller = __esm(() => {
     });
     return ctx.services.notification.updateStatus(notificationId, body2.status, body2.method);
   });
-  getStats2 = requireAuth(async (ctx) => {
+  getStats2 = requireNonAnonymous(async (ctx) => {
     const startDate = ctx.url.searchParams.get("startDate");
     const endDate = ctx.url.searchParams.get("endDate");
     logger55.debug("Getting stats", { userId: ctx.user.id, startDate, endDate });
@@ -95677,7 +95759,7 @@ var init_notification_controller = __esm(() => {
       endDate: endDate ? new Date(endDate) : undefined
     });
   });
-  create4 = requireAuth(async (ctx) => {
+  create4 = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -95707,7 +95789,7 @@ var init_notification_controller = __esm(() => {
       metadata: body2.metadata
     });
   });
-  deliver = requireAuth(async (ctx) => {
+  deliver = requireNonAnonymous(async (ctx) => {
     logger55.debug("Delivering notifications", { userId: ctx.user.id });
     try {
       await ctx.services.notification.deliverPending(ctx.user.id);
@@ -95732,7 +95814,7 @@ var init_realtime_controller = __esm(() => {
   init_src2();
   init_utils11();
   logger56 = log.scope("RealtimeController");
-  generateToken2 = requireAuth(async (ctx) => {
+  generateToken2 = requireNonAnonymous(async (ctx) => {
     const gameIdOrSlug = ctx.params.gameId;
     logger56.debug("Generating token", {
       userId: ctx.user.id,
@@ -95898,7 +95980,7 @@ var init_shop_controller = __esm(() => {
   init_src2();
   init_utils11();
   logger60 = log.scope("ShopController");
-  getShopView = requireAuth(async (ctx) => {
+  getShopView = requireNonAnonymous(async (ctx) => {
     logger60.debug("Getting shop view", { userId: ctx.user.id });
     return ctx.services.shop.getShopView(ctx.user);
   });
@@ -95993,7 +96075,7 @@ var init_shop_listing_controller = __esm(() => {
     logger61.debug("Deleting listing", { userId: ctx.user.id, listingId });
     await ctx.services.shopListing.delete(listingId);
   });
-  listByGame2 = requireAuth(async (ctx) => {
+  listByGame2 = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     if (!gameId) {
       throw ApiError.badRequest("Missing game ID");
@@ -96004,7 +96086,7 @@ var init_shop_listing_controller = __esm(() => {
     logger61.debug("Listing game listings", { userId: ctx.user.id, gameId });
     return ctx.services.shopListing.listByGame(gameId, ctx.user);
   });
-  getByGameItem = requireAuth(async (ctx) => {
+  getByGameItem = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     const itemId = ctx.params.itemId;
     if (!gameId || !itemId) {
@@ -96019,7 +96101,7 @@ var init_shop_listing_controller = __esm(() => {
     logger61.debug("Getting game item listing", { userId: ctx.user.id, gameId, itemId });
     return ctx.services.shopListing.getByGameItem(gameId, itemId, ctx.user);
   });
-  createForGameItem = requireAuth(async (ctx) => {
+  createForGameItem = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     const itemId = ctx.params.itemId;
     if (!gameId || !itemId) {
@@ -96052,7 +96134,7 @@ var init_shop_listing_controller = __esm(() => {
     });
     return ctx.services.shopListing.createForGameItem(gameId, itemId, body2, ctx.user);
   });
-  updateForGameItem = requireAuth(async (ctx) => {
+  updateForGameItem = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     const itemId = ctx.params.itemId;
     if (!gameId || !itemId) {
@@ -96086,7 +96168,7 @@ var init_shop_listing_controller = __esm(() => {
     });
     return ctx.services.shopListing.updateForGameItem(gameId, itemId, body2, ctx.user);
   });
-  deleteForGameItem = requireAuth(async (ctx) => {
+  deleteForGameItem = requireNonAnonymous(async (ctx) => {
     const gameId = ctx.params.gameId;
     const itemId = ctx.params.itemId;
     if (!gameId || !itemId) {
@@ -96148,17 +96230,17 @@ var init_timeback_controller = __esm(() => {
   init_errors();
   init_utils11();
   logger63 = log.scope("TimebackController");
-  getTodayXp = requireAuth(async (ctx) => {
+  getTodayXp = requireNonAnonymous(async (ctx) => {
     const date4 = ctx.url.searchParams.get("date") || undefined;
     const tz = ctx.url.searchParams.get("tz") || undefined;
     logger63.debug("Getting today XP", { userId: ctx.user.id, date: date4, tz });
     return ctx.services.timeback.getTodayXp(ctx.user.id, date4, tz);
   });
-  getTotalXp = requireAuth(async (ctx) => {
+  getTotalXp = requireNonAnonymous(async (ctx) => {
     logger63.debug("Getting total XP", { userId: ctx.user.id });
     return ctx.services.timeback.getTotalXp(ctx.user.id);
   });
-  updateTodayXp = requireAuth(async (ctx) => {
+  updateTodayXp = requireNonAnonymous(async (ctx) => {
     let body2;
     try {
       const json4 = await ctx.request.json();
@@ -96174,13 +96256,13 @@ var init_timeback_controller = __esm(() => {
     logger63.debug("Updating today XP", { userId: ctx.user.id, xp: body2.xp });
     return ctx.services.timeback.updateTodayXp(ctx.user.id, body2);
   });
-  getXpHistory = requireAuth(async (ctx) => {
+  getXpHistory = requireNonAnonymous(async (ctx) => {
     const startDate = ctx.url.searchParams.get("startDate") || undefined;
     const endDate = ctx.url.searchParams.get("endDate") || undefined;
     logger63.debug("Getting XP history", { userId: ctx.user.id, startDate, endDate });
     return ctx.services.timeback.getXpHistory(ctx.user.id, startDate, endDate);
   });
-  populateStudent = requireAuth(async (ctx) => {
+  populateStudent = requireNonAnonymous(async (ctx) => {
     let providedNames;
     try {
       const json4 = await ctx.request.json();
@@ -96198,11 +96280,11 @@ var init_timeback_controller = __esm(() => {
     });
     return ctx.services.timeback.populateStudent(ctx.user, providedNames);
   });
-  getUser = requireAuth(async (ctx) => {
+  getUser = requireNonAnonymous(async (ctx) => {
     logger63.debug("Getting user", { userId: ctx.user.id, gameId: ctx.gameId });
     return ctx.services.timeback.getUserData(ctx.user.id, ctx.gameId);
   });
-  getUserById = requireAuth(async (ctx) => {
+  getUserById = requireNonAnonymous(async (ctx) => {
     const timebackId = ctx.params.timebackId;
     if (!timebackId) {
       throw ApiError.badRequest("Missing timebackId parameter");
@@ -96601,17 +96683,32 @@ var init_upload_controller = __esm(() => {
 });
 // ../api-core/src/controllers/user.controller.ts
-var logger65, getMe, users2;
+var logger65, getMe, getDemoProfile, updateDemoProfile, users2;
 var init_user_controller = __esm(() => {
+  init_schemas_index();
   init_src2();
   init_utils11();
   logger65 = log.scope("UserController");
-  getMe = requireAuth(async (ctx) => {
+  getMe = requireNonAnonymous(async (ctx) => {
     logger65.debug("Getting current user", { userId: ctx.user.id, gameId: ctx.gameId });
     return ctx.services.user.getMe(ctx.user, ctx.gameId);
   });
+  getDemoProfile = requireAnonymous(async (ctx) => {
+    logger65.debug("Getting demo profile", { userId: ctx.user.id });
+    return ctx.services.user.getDemoProfile(ctx.user.id);
+  });
+  updateDemoProfile = requireAnonymous(async (ctx) => {
+    const body2 = await parseRequestBody(ctx.request, DemoProfileSchema);
+    logger65.debug("Updating demo profile", {
+      userId: ctx.user.id,
+      displayName: body2.displayName
+    });
+    return ctx.services.user.updateDemoProfile(ctx.user.id, body2.displayName);
+  });
   users2 = {
-    getMe
+    getMe,
+    getDemoProfile,
+    updateDemoProfile
   };
 });
@@ -96819,6 +96916,8 @@ var init_users = __esm(() => {
     }
     return handle2(users2.getMe)(c2);
   });
+  usersRouter.get("/demo-profile", handle2(users2.getDemoProfile));
+  usersRouter.patch("/demo-profile", handle2(users2.updateDemoProfile));
   usersRouter.get("/level", handle2(levels.getByUser));
   usersRouter.get("/level/progress", handle2(levels.getProgress));
   usersRouter.get("/:userId/scores", handle2(leaderboard.getUserAllScores));
@@ -97163,6 +97262,8 @@ var init_scores = __esm(() => {
   init_api();
   gameScoresRouter = new Hono2;
   gameScoresRouter.post("/:gameId/scores", handle2(leaderboard.submitScore, { status: 201 }));
+  gameScoresRouter.get("/:gameId/leaderboard", handle2(leaderboard.getLeaderboard));
+  gameScoresRouter.get("/:gameId/users/:userId/rank", handle2(leaderboard.getUserRank));
   gameScoresRouter.get("/:gameId/users/:userId/scores", handle2(leaderboard.getUserScores));
 });
@@ -97906,6 +98007,7 @@ async function startServer(port, project, options = {}) {
   const mainServer = serve({ fetch: app.fetch, port });
   return {
     main: mainServer,
+    db: db2,
     gameId,
     timebackMode: getTimebackDisplayMode(),
     setRole: (role) => {