dubs-server 1.0.0

package/routes/avatarRoutes.js

@@ -0,0 +1,85 @@
+/**
+ * Avatar Proxy Routes
+ * Caches external avatar images in Redis to avoid rate limiting
+ */
+
+const express = require('express');
+const router = express.Router();
+const axios = require('axios');
+const redisService = require('../services/redisService');
+
+// Cache TTL: 24 hours
+const AVATAR_CACHE_TTL = 60 * 60 * 24;
+
+/**
+ * GET /api/avatar/proxy?url=<encoded_url>
+ * Proxies and caches external avatar images
+ */
+router.get('/proxy', async (req, res) => {
+  try {
+    const { url } = req.query;
+
+    if (!url) {
+      return res.status(400).json({ error: 'URL parameter required' });
+    }
+
+    const decodedUrl = decodeURIComponent(url);
+
+    // Validate URL is from allowed domains
+    const allowedDomains = ['api.dicebear.com', 'avatars.dicebear.com'];
+    const urlObj = new URL(decodedUrl);
+    if (!allowedDomains.some(domain => urlObj.hostname.includes(domain))) {
+      return res.status(403).json({ error: 'Domain not allowed' });
+    }
+
+    // Create cache key from URL
+    const cacheKey = `avatar:${Buffer.from(decodedUrl).toString('base64').slice(0, 100)}`;
+
+    // Try to get from Redis cache
+    if (redisService.isAvailable()) {
+      const cached = await redisService.get(cacheKey);
+      if (cached) {
+        const data = JSON.parse(cached);
+        res.set('Content-Type', data.contentType);
+        res.set('Cache-Control', 'public, max-age=86400'); // Browser cache 24h
+        res.set('X-Cache', 'HIT');
+        return res.send(Buffer.from(data.image, 'base64'));
+      }
+    }
+
+    // Fetch from external service
+    const response = await axios.get(decodedUrl, {
+      responseType: 'arraybuffer',
+      timeout: 5000,
+      headers: {
+        'User-Agent': 'Dubs-Avatar-Proxy/1.0',
+      },
+    });
+
+    const contentType = response.headers['content-type'] || 'image/svg+xml';
+    const imageBuffer = Buffer.from(response.data);
+
+    // Cache in Redis
+    if (redisService.isAvailable()) {
+      const cacheData = {
+        contentType,
+        image: imageBuffer.toString('base64'),
+      };
+      await redisService.set(cacheKey, JSON.stringify(cacheData), AVATAR_CACHE_TTL);
+    }
+
+    // Return image
+    res.set('Content-Type', contentType);
+    res.set('Cache-Control', 'public, max-age=86400');
+    res.set('X-Cache', 'MISS');
+    res.send(imageBuffer);
+
+  } catch (error) {
+    console.error('[Avatar Proxy] Error:', error.message);
+
+    // Return default avatar on error
+    res.redirect('/default_avatar.png');
+  }
+});
+
+module.exports = router;

package/routes/botRoutes.js

@@ -0,0 +1,211 @@
+/**
+ * Bot Routes - Server-to-server endpoints for bot integration
+ * These endpoints are called BY the Telegram bot, not by users
+ */
+
+const express = require('express');
+const router = express.Router();
+const { pool } = require('../services/db'); // Shared database pool
+
+// Bot secret for authentication
+const BOT_SECRET = process.env.BOT_SECRET || 'dev-secret-change-in-prod';
+
+/**
+ * Middleware: Verify request comes from bot
+ */
+function verifyBot(req, res, next) {
+  const botSecret = req.headers['x-bot-secret'];
+  
+  if (!botSecret || botSecret !== BOT_SECRET) {
+    console.error('[BotRoutes] Unauthorized bot request');
+    return res.status(401).json({
+      success: false,
+      error: 'Unauthorized'
+    });
+  }
+  
+  next();
+}
+
+/**
+ * POST /api/bot/telegram-connection
+ * Called by bot when user completes /connect CODE
+ * Links Telegram account to wallet address
+ */
+router.post('/telegram-connection', verifyBot, async (req, res) => {
+  try {
+    const {
+      walletAddress,
+      telegramUserId,
+      telegramUsername,
+      telegramFirstName,
+      telegramLastName,
+      telegramPhotoUrl,
+    } = req.body;
+
+    console.log('[BotRoutes] Telegram connection request:', {
+      walletAddress: walletAddress?.slice(0, 8) + '...',
+      telegramUserId,
+      telegramUsername,
+    });
+
+    // Validate required fields
+    if (!walletAddress || !telegramUserId) {
+      return res.status(400).json({
+        success: false,
+        error: 'Missing walletAddress or telegramUserId'
+      });
+    }
+
+    // Check if this Telegram account is already linked to another wallet
+    const existingLink = await pool.query(
+      'SELECT wallet_address FROM users WHERE telegram_user_id = $1 AND wallet_address != $2',
+      [telegramUserId, walletAddress]
+    );
+
+    if (existingLink.rows.length > 0) {
+      console.error('[BotRoutes] Telegram already linked to another wallet');
+      return res.status(400).json({
+        success: false,
+        error: 'This Telegram account is already linked to another wallet'
+      });
+    }
+
+    // Update user with Telegram info
+    const result = await pool.query(
+      `UPDATE users 
+       SET telegram_user_id = $1,
+           telegram_username = $2,
+           telegram_first_name = $3,
+           telegram_last_name = $4,
+           telegram_photo_url = $5,
+           telegram_connected_at = NOW(),
+           updated_at = NOW()
+       WHERE wallet_address = $6
+       RETURNING id, wallet_address, telegram_user_id, telegram_username, 
+                 telegram_first_name, telegram_last_name, telegram_photo_url, 
+                 telegram_connected_at`,
+      [
+        telegramUserId,
+        telegramUsername || null,
+        telegramFirstName || null,
+        telegramLastName || null,
+        telegramPhotoUrl || null,
+        walletAddress
+      ]
+    );
+
+    if (result.rows.length === 0) {
+      console.error('[BotRoutes] User not found:', walletAddress);
+      return res.status(404).json({
+        success: false,
+        error: 'User not found'
+      });
+    }
+
+    const user = result.rows[0];
+
+    // Create default notification preferences if not exist
+    await pool.query(
+      `INSERT INTO telegram_notification_preferences (user_id)
+       VALUES ($1)
+       ON CONFLICT (user_id) DO NOTHING`,
+      [user.id]
+    );
+
+    console.log('[BotRoutes] ✅ Telegram linked successfully:', {
+      userId: user.id,
+      wallet: walletAddress.slice(0, 8) + '...',
+      telegramId: telegramUserId,
+    });
+
+    res.json({
+      success: true,
+      message: 'Telegram account linked successfully',
+      user: {
+        id: user.id,
+        walletAddress: user.wallet_address,
+        telegram: {
+          userId: user.telegram_user_id,
+          username: user.telegram_username,
+          firstName: user.telegram_first_name,
+          lastName: user.telegram_last_name,
+          photoUrl: user.telegram_photo_url,
+          connectedAt: user.telegram_connected_at
+        }
+      }
+    });
+  } catch (error) {
+    console.error('[BotRoutes] Error linking Telegram:', error);
+    res.status(500).json({
+      success: false,
+      error: error.message
+    });
+  }
+});
+
+/**
+ * POST /api/bot/telegram-disconnection
+ * Called by bot when user wants to disconnect
+ */
+router.post('/telegram-disconnection', verifyBot, async (req, res) => {
+  try {
+    const { telegramUserId } = req.body;
+
+    if (!telegramUserId) {
+      return res.status(400).json({
+        success: false,
+        error: 'Missing telegramUserId'
+      });
+    }
+
+    const result = await pool.query(
+      `UPDATE users 
+       SET telegram_user_id = NULL,
+           telegram_username = NULL,
+           telegram_first_name = NULL,
+           telegram_last_name = NULL,
+           telegram_photo_url = NULL,
+           telegram_connected_at = NULL,
+           updated_at = NOW()
+       WHERE telegram_user_id = $1
+       RETURNING wallet_address`,
+      [telegramUserId]
+    );
+
+    if (result.rows.length === 0) {
+      return res.status(404).json({
+        success: false,
+        error: 'User not found'
+      });
+    }
+
+    console.log('[BotRoutes] ✅ Telegram disconnected for user:', result.rows[0].wallet_address);
+
+    res.json({
+      success: true,
+      message: 'Telegram account disconnected successfully'
+    });
+  } catch (error) {
+    console.error('[BotRoutes] Error disconnecting Telegram:', error);
+    res.status(500).json({
+      success: false,
+      error: error.message
+    });
+  }
+});
+
+/**
+ * GET /api/bot/health
+ * Health check for bot integration
+ */
+router.get('/health', (req, res) => {
+  res.json({
+    success: true,
+    status: 'ok',
+    service: 'bot-routes'
+  });
+});
+
+module.exports = router;
+

package/routes/chatRoutes.js

@@ -0,0 +1,377 @@
+/**
+ * 💬 Chat API Routes (v2 - Production Ready)
+ * 
+ * JWT-authenticated chat with replies, notifications, and relationships
+ */
+
+const express = require('express');
+const router = express.Router();
+const { authenticate, optionalAuth } = require('../middleware/authenticate');
+const { pool } = require('../services/db'); // Shared database pool
+
+module.exports = (chatService, io) => {
+  
+  /**
+   * GET /chat/messages
+   * Get recent chat messages (optionally authenticated to filter blocked users)
+   */
+  router.get('/messages', optionalAuth, async (req, res) => {
+    try {
+      const limit = parseInt(req.query.limit) || 50;
+      const before = req.query.before ? parseInt(req.query.before) : null;
+      const userId = req.user?.userId || null;
+
+      const result = await chatService.getRecentMessages(limit, userId, before);
+
+      // Backwards compatible: if result is array (old behavior), wrap it
+      const messages = Array.isArray(result) ? result : result.messages;
+      const hasMore = Array.isArray(result) ? messages.length === limit : result.hasMore;
+      const oldestId = messages.length > 0 ? messages[0].id : null;
+
+      res.json({
+        success: true,
+        messages,
+        count: messages.length,
+        hasMore,
+        oldestId
+      });
+    } catch (error) {
+      console.error('Error fetching messages:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * POST /chat/message
+   * Post a new message (requires authentication)
+   */
+  router.post('/message', authenticate, async (req, res) => {
+    try {
+      const { message, replyToId } = req.body;
+      const { userId, walletAddress } = req.user;
+
+      if (!message) {
+        return res.status(400).json({
+          success: false,
+          error: 'Message is required'
+        });
+      }
+
+      // Rate limiting: Max 5 messages per minute
+      const recentCount = await chatService.getRecentMessageCount(userId, 1);
+      if (recentCount >= 5) {
+        return res.status(429).json({
+          success: false,
+          error: 'Woah, slow down there 🤣'
+        });
+      }
+
+      // Get user info from database (using shared pool)
+      const userResult = await pool.query(
+        'SELECT username, avatar FROM users WHERE id = $1',
+        [userId]
+      );
+      
+      if (userResult.rows.length === 0) {
+        return res.status(404).json({
+          success: false,
+          error: 'User not found'
+        });
+      }
+
+      const { username, avatar } = userResult.rows[0];
+
+      // Add message to database
+      const savedMessage = await chatService.addMessage(
+        userId,
+        walletAddress,
+        username,
+        avatar,
+        message,
+        { replyToId }
+      );
+
+      // Broadcast to chat namespace (WebSocket handled separately)
+      // The WebSocket handler will emit this event
+      
+      res.json({
+        success: true,
+        message: savedMessage
+      });
+    } catch (error) {
+      console.error('Error posting message:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * DELETE /chat/message/:id
+   * Delete your own message
+   */
+  router.delete('/message/:id', authenticate, async (req, res) => {
+    try {
+      const messageId = parseInt(req.params.id);
+      const { userId } = req.user;
+
+      const deleted = await chatService.deleteMessage(messageId, userId);
+      
+      if (!deleted) {
+        return res.status(404).json({
+          success: false,
+          error: 'Message not found or unauthorized'
+        });
+      }
+
+      res.json({
+        success: true,
+        messageId
+      });
+    } catch (error) {
+      console.error('Error deleting message:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * PUT /chat/message/:id
+   * Edit your own message
+   */
+  router.put('/message/:id', authenticate, async (req, res) => {
+    try {
+      const messageId = parseInt(req.params.id);
+      const { userId } = req.user;
+      const { message } = req.body;
+
+      if (!message) {
+        return res.status(400).json({
+          success: false,
+          error: 'Message is required'
+        });
+      }
+
+      const edited = await chatService.editMessage(messageId, userId, message);
+      
+      if (!edited) {
+        return res.status(404).json({
+          success: false,
+          error: 'Message not found or unauthorized'
+        });
+      }
+
+      res.json({
+        success: true,
+        message: edited
+      });
+    } catch (error) {
+      console.error('Error editing message:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * GET /chat/notifications
+   * Get your notifications with cursor-based pagination
+   * 
+   * Query params:
+   * - limit: Number of notifications per page (default: 10, max: 50)
+   * - cursor: Timestamp cursor for pagination (optional, for "load more")
+   * 
+   * Response:
+   * - notifications: Array of notification objects
+   * - unreadCount: Total unread count
+   * - nextCursor: Cursor for next page (null if no more)
+   * - hasMore: Boolean indicating if more notifications exist
+   */
+  router.get('/notifications', authenticate, async (req, res) => {
+    try {
+      const { userId } = req.user;
+      const limit = Math.min(parseInt(req.query.limit) || 10, 50); // Max 50 per request
+      const cursor = req.query.cursor ? parseInt(req.query.cursor) : null;
+
+      // Fetch paginated notifications
+      const result = await chatService.getNotifications(userId, { limit, cursor });
+      
+      // Fetch unread count (uses Redis cache when available)
+      const unreadCount = await chatService.getUnreadCount(userId);
+
+      res.json({
+        success: true,
+        notifications: result.notifications,
+        unreadCount,
+        nextCursor: result.nextCursor,
+        hasMore: result.hasMore,
+      });
+    } catch (error) {
+      console.error('Error fetching notifications:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * POST /chat/notifications/read
+   * Mark notifications as read
+   */
+  router.post('/notifications/read', authenticate, async (req, res) => {
+    try {
+      const { userId } = req.user;
+      const { notificationIds } = req.body;
+
+      if (!Array.isArray(notificationIds)) {
+        return res.status(400).json({
+          success: false,
+          error: 'notificationIds must be an array'
+        });
+      }
+
+      await chatService.markNotificationsRead(userId, notificationIds);
+
+      res.json({
+        success: true
+      });
+    } catch (error) {
+      console.error('Error marking notifications read:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * POST /chat/block/:targetUserId
+   * Block a user
+   */
+  router.post('/block/:targetUserId', authenticate, async (req, res) => {
+    try {
+      const { userId } = req.user;
+      const targetUserId = parseInt(req.params.targetUserId);
+
+      if (userId === targetUserId) {
+        return res.status(400).json({
+          success: false,
+          error: 'Cannot block yourself'
+        });
+      }
+
+      await chatService.blockUser(userId, targetUserId);
+
+      res.json({
+        success: true
+      });
+    } catch (error) {
+      console.error('Error blocking user:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * DELETE /chat/block/:targetUserId
+   * Unblock a user
+   */
+  router.delete('/block/:targetUserId', authenticate, async (req, res) => {
+    try {
+      const { userId } = req.user;
+      const targetUserId = parseInt(req.params.targetUserId);
+
+      await chatService.unblockUser(userId, targetUserId);
+
+      res.json({
+        success: true
+      });
+    } catch (error) {
+      console.error('Error unblocking user:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * DELETE /chat/cleanup
+   * Cleanup old messages (protected - requires authentication)
+   * Note: Better to run as cron job instead of exposing as endpoint
+   */
+  router.delete('/cleanup', authenticate, async (req, res) => {
+    try {
+      // Optional: Add admin check here if you want only admins to cleanup
+      // if (!req.user.isAdmin) {
+      //   return res.status(403).json({ error: 'Admin only' });
+      // }
+      
+      await chatService.cleanup();
+      res.json({
+        success: true,
+        message: 'Old messages cleaned up'
+      });
+    } catch (error) {
+      console.error('Error cleaning up:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * GET /chat/payments/user/:walletAddress
+   * Get all payment transactions for a user (sent and received)
+   * Used by transaction history to show chat payment context
+   */
+  router.get('/payments/user/:walletAddress', async (req, res) => {
+    try {
+      const { walletAddress } = req.params;
+
+      // Fetch payments where user is sender OR recipient (using shared pool)
+      const result = await pool.query(`
+        SELECT 
+          cp.*,
+          sender.username as sender_username,
+          sender.avatar as sender_avatar,
+          recipient.username as recipient_username,
+          recipient.avatar as recipient_avatar
+        FROM chat_payments cp
+        LEFT JOIN users sender ON cp.sender_user_id = sender.id
+        LEFT JOIN users recipient ON cp.recipient_user_id = recipient.id
+        WHERE cp.sender_wallet = $1 OR cp.recipient_wallet = $1
+        ORDER BY cp.created_at DESC
+        LIMIT 100
+      `, [walletAddress]);
+
+      console.log(`[chat/payments/user] Found ${result.rows.length} payments for ${walletAddress.slice(0, 8)}...`);
+
+      res.status(200).json({
+        success: true,
+        payments: result.rows
+      });
+
+    } catch (error) {
+      console.error('[chat/payments/user] Error:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  return router;
+};
+