@yrpri/api 9.0.230 → 9.0.232

package/utils/ai_image_generation_guard.cjs

@@ -0,0 +1,268 @@
+"use strict";
+const { v4: uuidv4 } = require("uuid");
+const models = require("../models/index.cjs");
+const log = require("./logger.cjs");
+const WINDOW_MS = 24 * 60 * 60 * 1000;
+const WINDOW_TTL_SECONDS = 25 * 60 * 60;
+const GENERATION_CONTEXTS = {
+    AOI_ICON_PUBLIC: "aoiIconPublic",
+    AOI_ICON_ADMIN: "aoiIconAdmin",
+    REGULAR_AI_IMAGE: "regularAiImage",
+};
+const parseLimit = (name, defaultValue) => {
+    const parsed = parseInt(process.env[name] || "", 10);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : defaultValue;
+};
+const getLimitForContext = (generationContext) => {
+    switch (generationContext) {
+        case GENERATION_CONTEXTS.AOI_ICON_PUBLIC:
+            return parseLimit("AI_IMAGE_PUBLIC_AOI_ICON_LIMIT_PER_24H", 10);
+        case GENERATION_CONTEXTS.AOI_ICON_ADMIN:
+            return parseLimit("AI_IMAGE_ADMIN_AOI_ICON_LIMIT_PER_24H", 150);
+        case GENERATION_CONTEXTS.REGULAR_AI_IMAGE:
+            return parseLimit("AI_IMAGE_REGULAR_LIMIT_PER_24H", 25);
+        default:
+            return undefined;
+    }
+};
+const deny = (status, body) => ({
+    allowed: false,
+    status,
+    body,
+});
+const isSameId = (a, b) => a !== undefined && a !== null && b !== undefined && b !== null && Number(a) === Number(b);
+const hasGroupAdmin = async (group, user) => {
+    if (!group || !user)
+        return false;
+    if (isSameId(group.user_id, user.id))
+        return true;
+    return group.hasGroupAdmins ? await group.hasGroupAdmins(user) : false;
+};
+const hasCommunityAdmin = async (community, user) => {
+    if (!community || !user)
+        return false;
+    if (isSameId(community.user_id, user.id))
+        return true;
+    return community.hasCommunityAdmins
+        ? await community.hasCommunityAdmins(user)
+        : false;
+};
+const hasDomainAdmin = async (domain, user) => {
+    if (!domain || !user)
+        return false;
+    if (isSameId(domain.user_id, user.id))
+        return true;
+    return domain.hasDomainAdmins ? await domain.hasDomainAdmins(user) : false;
+};
+const loadCollection = async (collectionType, collectionId) => {
+    switch (collectionType) {
+        case "group":
+            return await models.Group.findOne({
+                where: { id: collectionId },
+                attributes: ["id", "user_id", "access", "configuration", "community_id"],
+                include: [
+                    {
+                        model: models.Community,
+                        required: true,
+                        attributes: ["id", "user_id", "access", "configuration", "domain_id"],
+                    },
+                ],
+            });
+        case "community":
+            return await models.Community.findOne({
+                where: { id: collectionId },
+                attributes: [
+                    "id",
+                    "user_id",
+                    "access",
+                    "configuration",
+                    "domain_id",
+                    "only_admins_can_create_groups",
+                ],
+            });
+        case "domain":
+            return await models.Domain.findOne({
+                where: { id: collectionId },
+                attributes: [
+                    "id",
+                    "user_id",
+                    "access",
+                    "configuration",
+                    "only_admins_can_create_communities",
+                ],
+            });
+        default:
+            return null;
+    }
+};
+const canGenerateForContext = async ({ collection, collectionType, generationContext, imageType, user, }) => {
+    if (!collection)
+        return false;
+    if (generationContext === GENERATION_CONTEXTS.AOI_ICON_PUBLIC ||
+        generationContext === GENERATION_CONTEXTS.AOI_ICON_ADMIN) {
+        if (imageType !== "icon")
+            return false;
+    }
+    else if (imageType === "icon") {
+        return false;
+    }
+    switch (generationContext) {
+        case GENERATION_CONTEXTS.AOI_ICON_PUBLIC:
+            return (collectionType === "group" &&
+                Boolean(collection.configuration?.allOurIdeas?.earl));
+        case GENERATION_CONTEXTS.AOI_ICON_ADMIN:
+            if (collectionType === "group")
+                return await hasGroupAdmin(collection, user);
+            if (collectionType === "community") {
+                return await hasCommunityAdmin(collection, user);
+            }
+            if (collectionType === "domain")
+                return await hasDomainAdmin(collection, user);
+            return false;
+        case GENERATION_CONTEXTS.REGULAR_AI_IMAGE:
+            if (collectionType === "group") {
+                return ((await hasGroupAdmin(collection, user)) ||
+                    Boolean(collection.configuration?.allowGenerativeImages));
+            }
+            if (collectionType === "community") {
+                return await hasCommunityAdmin(collection, user);
+            }
+            if (collectionType === "domain")
+                return await hasDomainAdmin(collection, user);
+            return false;
+        default:
+            return false;
+    }
+};
+const rollingLimitScript = `
+redis.call("ZREMRANGEBYSCORE", KEYS[1], "-inf", ARGV[1])
+local count = redis.call("ZCARD", KEYS[1])
+local limit = tonumber(ARGV[3])
+if count >= limit then
+  local oldest = redis.call("ZRANGE", KEYS[1], 0, 0, "WITHSCORES")
+  local nextAllowedAt = 0
+  if oldest[2] then
+    nextAllowedAt = tonumber(oldest[2]) + tonumber(ARGV[5])
+  end
+  redis.call("EXPIRE", KEYS[1], tonumber(ARGV[6]))
+  return {0, count, nextAllowedAt}
+end
+redis.call("ZADD", KEYS[1], ARGV[2], ARGV[4])
+redis.call("EXPIRE", KEYS[1], tonumber(ARGV[6]))
+return {1, count + 1, 0}
+`;
+const checkAndConsumeRateLimit = async (redisClient, generationContext, userId) => {
+    const limit = getLimitForContext(generationContext);
+    if (!limit) {
+        return {
+            allowed: false,
+            status: 400,
+            body: { error: "invalid_generation_context" },
+        };
+    }
+    if (!redisClient || typeof redisClient.eval !== "function") {
+        log.error("Missing Redis client for AI image rate limit");
+        return {
+            allowed: false,
+            status: 503,
+            body: { error: "rate_limit_unavailable" },
+        };
+    }
+    const now = Date.now();
+    const oldestAllowed = now - WINDOW_MS;
+    const key = `rate:aiImage:${generationContext}:user:${userId}`;
+    const member = `${now}:${uuidv4()}`;
+    const result = await redisClient.eval(rollingLimitScript, {
+        keys: [key],
+        arguments: [
+            oldestAllowed.toString(),
+            now.toString(),
+            limit.toString(),
+            member,
+            WINDOW_MS.toString(),
+            WINDOW_TTL_SECONDS.toString(),
+        ],
+    });
+    const allowed = Number(result[0]) === 1;
+    const usedImagesInLast24Hours = Number(result[1]);
+    const nextAllowedAtMs = Number(result[2] || 0);
+    if (allowed) {
+        return {
+            allowed: true,
+            limit,
+            usedImagesInLast24Hours,
+        };
+    }
+    const retryAfterSeconds = Math.max(1, Math.ceil((nextAllowedAtMs - now) / 1000));
+    return {
+        allowed: false,
+        status: 429,
+        body: {
+            error: "rate_limited",
+            generationContext,
+            maxImagesPer24Hours: limit,
+            usedImagesInLast24Hours,
+            nextImageAllowedAt: new Date(nextAllowedAtMs).toISOString(),
+            retryAfterSeconds,
+        },
+    };
+};
+const validateImageGenerationStartRequest = async (req, { collectionType, collectionId }) => {
+    const numericCollectionId = Number(collectionId);
+    if (!Number.isInteger(numericCollectionId) || numericCollectionId <= 0) {
+        return deny(400, { error: "invalid_collection_id" });
+    }
+    if (!req.user) {
+        return deny(401, { error: "login_required" });
+    }
+    const generationContext = req.body?.generationContext;
+    if (!Object.values(GENERATION_CONTEXTS).includes(generationContext)) {
+        return deny(400, { error: "invalid_generation_context" });
+    }
+    const collection = await loadCollection(collectionType, numericCollectionId);
+    if (!collection) {
+        return deny(404, { error: "collection_not_found" });
+    }
+    const canGenerate = await canGenerateForContext({
+        collection,
+        collectionType,
+        generationContext,
+        imageType: req.body?.imageType,
+        user: req.user,
+    });
+    if (!canGenerate) {
+        return deny(403, { error: "image_generation_not_allowed" });
+    }
+    const rateLimit = await checkAndConsumeRateLimit(req.redisClient, generationContext, req.user.id);
+    if (!rateLimit.allowed) {
+        return deny(rateLimit.status, rateLimit.body);
+    }
+    return {
+        allowed: true,
+        userId: req.user.id,
+        generationContext,
+        internalData: {
+            userId: req.user.id,
+            generationContext,
+            imageType: req.body?.imageType,
+            collectionType,
+            collectionId: numericCollectionId,
+            createdAt: new Date().toISOString(),
+            maxImagesPer24Hours: rateLimit.limit,
+            usedImagesInLast24Hours: rateLimit.usedImagesInLast24Hours,
+        },
+    };
+};
+const canPollImageGenerationJob = (req, job) => Boolean(req.user && job?.internal_data?.userId === req.user.id);
+const publicJobFields = (job) => ({
+    id: job.id,
+    progress: job.progress,
+    error: job.error,
+    data: job.data,
+});
+module.exports = {
+    GENERATION_CONTEXTS,
+    validateImageGenerationStartRequest,
+    canPollImageGenerationJob,
+    publicJobFields,
+};

package/utils/ai_image_generation_guard.d.cts

@@ -0,0 +1,34 @@
+export namespace GENERATION_CONTEXTS {
+    let AOI_ICON_PUBLIC: string;
+    let AOI_ICON_ADMIN: string;
+    let REGULAR_AI_IMAGE: string;
+}
+export function validateImageGenerationStartRequest(req: any, { collectionType, collectionId }: {
+    collectionType: any;
+    collectionId: any;
+}): Promise<{
+    allowed: boolean;
+    status: any;
+    body: any;
+} | {
+    allowed: boolean;
+    userId: any;
+    generationContext: any;
+    internalData: {
+        userId: any;
+        generationContext: any;
+        imageType: any;
+        collectionType: any;
+        collectionId: number;
+        createdAt: string;
+        maxImagesPer24Hours: any;
+        usedImagesInLast24Hours: number | undefined;
+    };
+}>;
+export function canPollImageGenerationJob(req: any, job: any): boolean;
+export function publicJobFields(job: any): {
+    id: any;
+    progress: any;
+    error: any;
+    data: any;
+};

package/utils/fingerprint_data.cjs

@@ -0,0 +1,32 @@
+"use strict";
+const INVALID_FINGERPRINT_VALUES = new Set(["", "undefined", "null"]);
+const normalizeFingerprintValue = (value) => {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    const normalizedValue = String(value).trim();
+    if (INVALID_FINGERPRINT_VALUES.has(normalizedValue.toLowerCase())) {
+        return undefined;
+    }
+    return normalizedValue;
+};
+const normalizeFingerprintConfidence = (value) => {
+    const normalizedValue = normalizeFingerprintValue(value);
+    const parsedValue = Number(normalizedValue);
+    return Number.isFinite(parsedValue) ? parsedValue : 0;
+};
+const getFingerprintDataFromBody = (body, prefix) => {
+    const requestBody = body || {};
+    const baseId = normalizeFingerprintValue(requestBody[`${prefix}BaseId`]);
+    const valCode = normalizeFingerprintValue(requestBody[`${prefix}ValCode`]);
+    const confidence = normalizeFingerprintConfidence(requestBody[`${prefix}Conf`]);
+    return {
+        browserId: baseId || valCode,
+        browserFingerprint: valCode,
+        browserFingerprintConfidence: confidence,
+    };
+};
+module.exports = {
+    getFingerprintDataFromBody,
+    normalizeFingerprintValue,
+};

package/utils/fingerprint_data.d.cts

@@ -0,0 +1,6 @@
+export function getFingerprintDataFromBody(body: any, prefix: any): {
+    browserId: string | undefined;
+    browserFingerprint: string | undefined;
+    browserFingerprintConfidence: number;
+};
+export function normalizeFingerprintValue(value: any): string | undefined;

package/utils/recount_utils.cjs

@@ -5,21 +5,21 @@ const _ = require('lodash');
 const fs = require('fs');
 const request = require("./requestCompat.cjs");
 const log = require('./logger.cjs');
-const recountPosts = (postIds, done) => {
+const recountPosts = (postIds, done, transaction) => {
     async.forEachSeries(postIds, (postId, forEachPostCallback) => {
-        recountPost(postId, forEachPostCallback);
+        recountPost(postId, forEachPostCallback, transaction);
     }, error => {
         done(error);
     });
 };
-const recountPoints = (pointIds, done) => {
+const recountPoints = (pointIds, done, transaction) => {
     async.forEachSeries(pointIds, (pointId, forEachPostCallback) => {
-        recountPoint(pointId, forEachPostCallback);
+        recountPoint(pointId, forEachPostCallback, transaction);
     }, error => {
         done(error);
     });
 };
-const recountPost = (postId, done) => {
+const recountPost = (postId, done, transaction) => {
     var endorsementsCount;
     var oppositionCount;
     var pointCount;
@@ -29,7 +29,8 @@ const recountPost = (postId, done) => {
                 where: {
                     value: 1,
                     post_id: postId
-                }
+                },
+                transaction
             }).then((count) => {
                 endorsementsCount = count;
                 parallelCallback();
@@ -42,7 +43,8 @@ const recountPost = (postId, done) => {
                 where: {
                     value: -1,
                     post_id: postId
-                }
+                },
+                transaction
             }).then((count) => {
                 oppositionCount = count;
                 parallelCallback();
@@ -58,7 +60,8 @@ const recountPost = (postId, done) => {
                         { value: 1 }
                     ],
                     post_id: postId
-                }
+                },
+                transaction
             }).then((count) => {
                 pointCount = count;
                 parallelCallback();
@@ -75,12 +78,13 @@ const recountPost = (postId, done) => {
                 where: {
                     id: postId
                 },
-                attributes: ['id', 'counter_endorsements_up', 'counter_endorsements_down', 'counter_points']
+                attributes: ['id', 'counter_endorsements_up', 'counter_endorsements_down', 'counter_points'],
+                transaction
             }).then((post) => {
                 post.counter_points = pointCount;
                 post.counter_endorsements_up = endorsementsCount;
                 post.counter_endorsements_down = oppositionCount;
-                post.save().then((results) => {
+                post.save({ transaction }).then((results) => {
                     log.info(`Recount for post ${post.id} done`);
                     done();
                 });
@@ -90,7 +94,7 @@ const recountPost = (postId, done) => {
         }
     });
 };
-const recountPoint = (pointId, done) => {
+const recountPoint = (pointId, done, transaction) => {
     var counter_quality_up;
     var counter_quality_down;
     var pointCount;
@@ -100,7 +104,8 @@ const recountPoint = (pointId, done) => {
                 where: {
                     value: 1,
                     point_id: pointId
-                }
+                },
+                transaction
             }).then((count) => {
                 counter_quality_up = count;
                 parallelCallback();
@@ -113,7 +118,8 @@ const recountPoint = (pointId, done) => {
                 where: {
                     value: -1,
                     point_id: pointId
-                }
+                },
+                transaction
             }).then((count) => {
                 counter_quality_down = count;
                 parallelCallback();
@@ -130,11 +136,12 @@ const recountPoint = (pointId, done) => {
                 where: {
                     id: pointId
                 },
-                attributes: ['id', 'counter_quality_up', 'counter_quality_down']
+                attributes: ['id', 'counter_quality_up', 'counter_quality_down'],
+                transaction
             }).then((point) => {
                 point.counter_quality_up = counter_quality_up;
                 point.counter_quality_down = counter_quality_down;
-                point.save().then((results) => {
+                point.save({ transaction }).then((results) => {
                     log.info(`Recount for point ${point.id} done`);
                     done();
                 });
@@ -144,29 +151,31 @@ const recountPoint = (pointId, done) => {
         }
     });
 };
-const countPostInGroup = (groupId, done) => {
+const countPostInGroup = (groupId, done, transaction) => {
     models.Post.count({
         where: {
             group_id: groupId
-        }
+        },
+        transaction
     }).then(count => {
         done(null, count);
     }).catch(error => {
         done(error);
     });
 };
-const countPointsInGroup = (groupId, done) => {
+const countPointsInGroup = (groupId, done, transaction) => {
     models.Point.count({
         where: {
             group_id: groupId
-        }
+        },
+        transaction
     }).then(count => {
         done(null, count);
     }).catch(error => {
         done(error);
     });
 };
-const countUsersInGroup = (groupId, done) => {
+const countUsersInGroup = (groupId, done, transaction) => {
     const userIds = [];
     async.series([
         (seriesCallback) => {
@@ -180,7 +189,8 @@ const countUsersInGroup = (groupId, done) => {
                             group_id: groupId
                         }
                     }
-                ]
+                ],
+                transaction
             }).then(endorsements => {
                 for (let i = 0; i < endorsements.length; i++) {
                     userIds.push(endorsements[i].user_id);
@@ -199,7 +209,8 @@ const countUsersInGroup = (groupId, done) => {
                             group_id: groupId
                         }
                     }
-                ]
+                ],
+                transaction
             }).then(ratings => {
                 for (let i = 0; i < ratings.length; i++) {
                     userIds.push(ratings[i].user_id);
@@ -224,7 +235,8 @@ const countUsersInGroup = (groupId, done) => {
                             }
                         ]
                     }
-                ]
+                ],
+                transaction
             }).then(qualities => {
                 for (let i = 0; i < qualities.length; i++) {
                     userIds.push(qualities[i].user_id);
@@ -243,7 +255,8 @@ const countUsersInGroup = (groupId, done) => {
                             group_id: groupId
                         }
                     }
-                ]
+                ],
+                transaction
             }).then(points => {
                 for (let i = 0; i < points.length; i++) {
                     userIds.push(points[i].user_id);
@@ -256,7 +269,8 @@ const countUsersInGroup = (groupId, done) => {
                 attributes: ['id'],
                 where: {
                     group_id: groupId
-                }
+                },
+                transaction
             }).then(posts => {
                 for (let i = 0; i < posts.length; i++) {
                     userIds.push(posts[i].user_id);
@@ -268,7 +282,7 @@ const countUsersInGroup = (groupId, done) => {
         done(error, _.uniq(userIds).length, userIds);
     });
 };
-const countAllInGroup = (groupId, done) => {
+const countAllInGroup = (groupId, done, transaction) => {
     let postCount = 0;
     let pointCount = 0;
     let userCount = 0;
@@ -283,7 +297,7 @@ const countAllInGroup = (groupId, done) => {
                     postCount = count;
                     seriesCallback();
                 }
-            });
+            }, transaction);
         },
         (seriesCallback) => {
             countPointsInGroup(groupId, (error, count) => {
@@ -294,7 +308,7 @@ const countAllInGroup = (groupId, done) => {
                     pointCount = count;
                     seriesCallback();
                 }
-            });
+            }, transaction);
         },
         (seriesCallback) => {
             countUsersInGroup(groupId, (error, count, allUsersIn) => {
@@ -306,7 +320,7 @@ const countAllInGroup = (groupId, done) => {
                     allUsers = allUsersIn;
                     seriesCallback();
                 }
-            });
+            }, transaction);
         }
     ], error => {
         if (error) {
@@ -317,11 +331,12 @@ const countAllInGroup = (groupId, done) => {
         }
     });
 };
-const recountGroup = (groupId, callback) => {
+const recountGroup = (groupId, callback, transaction) => {
     models.Group.findOne({
         where: {
             id: groupId
-        }
+        },
+        transaction
     }).then(group => {
         if (group) {
             countAllInGroup(group.id, (error, postCount, pointCount, userCount, allUsers) => {
@@ -332,14 +347,14 @@ const recountGroup = (groupId, callback) => {
                     group.set('counter_points', pointCount);
                     group.set('counter_users', Math.max(userCount, 1));
                     group.set('counter_posts', postCount);
-                    group.save().then(() => {
+                    group.save({ transaction }).then(() => {
                         log.info(`Recount Group ${group.id} users: ${Math.max(userCount, 1)} posts: ${postCount} points: ${pointCount}`);
                         callback(null, { postCount, pointCount, userCount, allUsers });
                     }).catch(error => {
                         callback(error);
                     });
                 }
-            });
+            }, transaction);
         }
         else {
             callback("Group not found");
@@ -348,7 +363,7 @@ const recountGroup = (groupId, callback) => {
         callback(error);
     });
 };
-const recountCommunity = (communityId, callback) => {
+const recountCommunity = (communityId, callback, transaction) => {
     models.Community.findOne({
         where: {
             id: communityId
@@ -362,7 +377,8 @@ const recountCommunity = (communityId, callback) => {
                     is_group_folder: false
                 }
             }
-        ]
+        ],
+        transaction
     }).then(community => {
         if (community) {
             let postCount = 0;
@@ -379,7 +395,7 @@ const recountCommunity = (communityId, callback) => {
                         allUsers = allUsers.concat(counts.allUsers);
                         forEachCallback();
                     }
-                });
+                }, transaction);
             }, error => {
                 if (error) {
                     callback(error);
@@ -388,7 +404,7 @@ const recountCommunity = (communityId, callback) => {
                     community.set('counter_points', pointCount);
                     community.set('counter_users', Math.max(_.uniq(allUsers).length, 1));
                     community.set('counter_posts', postCount);
-                    community.save().then(() => {
+                    community.save({ transaction }).then(() => {
                         log.info(`Recount Community ${community.id} users: ${Math.max(_.uniq(allUsers).length, 1)} posts: ${postCount} points: ${pointCount}`);
                         callback();
                     }).catch(error => {

package/utils/recount_utils.d.cts

@@ -1,7 +1,7 @@
-export function recountCommunity(communityId: any, callback: any): void;
-export function recountGroup(groupId: any, callback: any): void;
-export function recountPost(postId: any, done: any): void;
-export function recountPosts(postIds: any, done: any): void;
-export function recountPoint(pointId: any, done: any): void;
-export function recountPoints(pointIds: any, done: any): void;
-export function countUsersInGroup(groupId: any, done: any): void;
+export function recountCommunity(communityId: any, callback: any, transaction: any): void;
+export function recountGroup(groupId: any, callback: any, transaction: any): void;
+export function recountPost(postId: any, done: any, transaction: any): void;
+export function recountPosts(postIds: any, done: any, transaction: any): void;
+export function recountPoint(pointId: any, done: any, transaction: any): void;
+export function recountPoints(pointIds: any, done: any, transaction: any): void;
+export function countUsersInGroup(groupId: any, done: any, transaction: any): void;