dubs-server 1.0.0

package/routes/uploadRoutes.js

@@ -0,0 +1,256 @@
+/**
+ * 📸 Upload API Routes
+ *
+ * Endpoints for file uploads (avatars, OG images, etc.)
+ */
+
+const express = require('express');
+const router = express.Router();
+const multer = require('multer');
+const { authenticate } = require('../middleware/authenticate');
+const { pool } = require('../services/db'); // Shared database pool
+const nacl = require('tweetnacl');
+const bs58 = require('bs58').default;
+
+// Configure multer for memory storage (we'll upload to S3)
+const upload = multer({
+  storage: multer.memoryStorage(),
+  limits: {
+    fileSize: 5 * 1024 * 1024, // 5MB max for OG images
+  },
+  fileFilter: (req, file, cb) => {
+    const allowedTypes = ['image/png', 'image/jpeg', 'image/webp'];
+    if (allowedTypes.includes(file.mimetype)) {
+      cb(null, true);
+    } else {
+      cb(new Error('Invalid file type. Only PNG, JPEG, and WebP are allowed.'));
+    }
+  },
+});
+
+module.exports = (s3Service) => {
+  
+  /**
+   * POST /upload/avatar/presigned-url
+   * Get a presigned URL for avatar upload (requires authentication)
+   */
+  router.post('/avatar/presigned-url', authenticate, async (req, res) => {
+    try {
+      const { walletAddress, fileExtension } = req.body;
+
+      if (!walletAddress) {
+        return res.status(400).json({
+          success: false,
+          error: 'Wallet address is required'
+        });
+      }
+
+      // Security: Verify user can only upload their own avatar
+      if (req.user.walletAddress !== walletAddress) {
+        return res.status(403).json({
+          success: false,
+          error: 'Unauthorized: Cannot upload avatar for another user'
+        });
+      }
+
+      if (!fileExtension) {
+        return res.status(400).json({
+          success: false,
+          error: 'File extension is required'
+        });
+      }
+
+      // Validate file type
+      if (!s3Service.isValidFileType(fileExtension)) {
+        return res.status(400).json({
+          success: false,
+          error: 'Invalid file type. Allowed: jpg, jpeg, png, gif, webp'
+        });
+      }
+
+      console.log('[Upload] Generating presigned URL for:', walletAddress, fileExtension);
+
+      const { uploadUrl, publicUrl, key } = await s3Service.getUploadUrl(walletAddress, fileExtension);
+
+      console.log('[Upload] Presigned URL generated successfully');
+
+      res.json({
+        success: true,
+        uploadUrl,
+        publicUrl,
+        key
+      });
+    } catch (error) {
+      console.error('[Upload] Error generating presigned URL:', error.message);
+      console.error('[Upload] Full error:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * POST /upload/avatar/presigned-url-registration
+   * Get a presigned URL for avatar upload during registration (signature-based auth)
+   * This allows users to upload avatars before they have a JWT session
+   */
+  router.post('/avatar/presigned-url-registration', async (req, res) => {
+    try {
+      const { walletAddress, fileExtension, signature, nonce } = req.body;
+
+      if (!walletAddress || !fileExtension || !signature || !nonce) {
+        return res.status(400).json({
+          success: false,
+          error: 'Missing required fields: walletAddress, fileExtension, signature, nonce'
+        });
+      }
+
+      // Verify the nonce exists and hasn't expired
+      // Note: Allow used nonces since verify-signature marks it as used before avatar upload
+      const nonceCheck = await pool.query(
+        'SELECT * FROM auth_nonces WHERE nonce = $1 AND wallet_address = $2 AND expires_at > NOW()',
+        [nonce, walletAddress]
+      );
+
+      if (nonceCheck.rows.length === 0) {
+        return res.status(401).json({
+          success: false,
+          error: 'Invalid or expired nonce'
+        });
+      }
+
+      // Verify signature using the correct message format
+      const message = `Sign this message to verify wallet ownership for Dubs Jackpot.\n\nNonce: ${nonce}`;
+      const messageBytes = new TextEncoder().encode(message);
+      const signatureBytes = bs58.decode(signature);
+      const publicKeyBytes = bs58.decode(walletAddress);
+
+      const isValid = nacl.sign.detached.verify(messageBytes, signatureBytes, publicKeyBytes);
+
+      if (!isValid) {
+        return res.status(401).json({
+          success: false,
+          error: 'Invalid signature'
+        });
+      }
+
+      console.log('[Upload] Signature verified for registration avatar upload')
+
+      // Validate file type
+      if (!s3Service.isValidFileType(fileExtension)) {
+        return res.status(400).json({
+          success: false,
+          error: 'Invalid file type. Allowed: jpg, jpeg, png, gif, webp'
+        });
+      }
+
+      console.log('[Upload] Generating presigned URL for registration:', walletAddress, fileExtension);
+
+      const { uploadUrl, publicUrl, key } = await s3Service.getUploadUrl(walletAddress, fileExtension);
+
+      console.log('[Upload] Presigned URL generated successfully for registration');
+
+      res.json({
+        success: true,
+        uploadUrl,
+        publicUrl,
+        key
+      });
+    } catch (error) {
+      console.error('[Upload] Error generating presigned URL for registration:', error.message);
+      console.error('[Upload] Full error:', error);
+      res.status(500).json({
+        success: false,
+        error: error.message
+      });
+    }
+  });
+
+  /**
+   * POST /upload/profile-og-image
+   * Upload a profile OG image (the beautiful ShareablePNLCard)
+   * No auth required - anyone viewing a profile triggers this upload
+   * Query param ?variant=twitter for Twitter-optimized 1200x628 version
+   */
+  router.post('/profile-og-image', upload.single('image'), async (req, res) => {
+    try {
+      const { username, variant } = req.body;
+      const imageVariant = variant === 'twitter' ? 'twitter' : 'default';
+
+      if (!username) {
+        return res.status(400).json({
+          success: false,
+          error: 'Username is required',
+        });
+      }
+
+      if (!req.file) {
+        return res.status(400).json({
+          success: false,
+          error: 'Image file is required',
+        });
+      }
+
+      console.log(`[Upload] Uploading profile OG image (${imageVariant}) for: ${username} (${req.file.size} bytes)`);
+
+      const { publicUrl, key } = await s3Service.uploadProfileOGImage(username, req.file.buffer, imageVariant);
+
+      console.log(`[Upload] Profile OG image (${imageVariant}) uploaded successfully: ${publicUrl}`);
+
+      res.json({
+        success: true,
+        imageUrl: publicUrl,
+        key,
+        variant: imageVariant,
+      });
+    } catch (error) {
+      console.error('[Upload] Error uploading profile OG image:', error.message);
+      res.status(500).json({
+        success: false,
+        error: error.message,
+      });
+    }
+  });
+
+  /**
+   * GET /upload/profile-og-image/:username
+   * Check if a profile OG image exists and get its URL
+   * Query param ?variant=twitter for Twitter-optimized version
+   */
+  router.get('/profile-og-image/:username', async (req, res) => {
+    try {
+      const { username } = req.params;
+      const { variant } = req.query;
+      const imageVariant = variant === 'twitter' ? 'twitter' : 'default';
+
+      const exists = await s3Service.profileOGImageExists(username, imageVariant);
+
+      if (!exists) {
+        return res.status(404).json({
+          success: false,
+          error: 'Profile OG image not found',
+          variant: imageVariant,
+        });
+      }
+
+      const imageUrl = s3Service.getProfileOGImageUrl(username, imageVariant);
+
+      res.json({
+        success: true,
+        imageUrl,
+        exists: true,
+        variant: imageVariant,
+      });
+    } catch (error) {
+      console.error('[Upload] Error checking profile OG image:', error.message);
+      res.status(500).json({
+        success: false,
+        error: error.message,
+      });
+    }
+  });
+
+  return router;
+};
+

package/routes/userProfileRoutes.js

@@ -0,0 +1,244 @@
+/**
+ * 📊 User Profile Stats API Routes
+ * 
+ * High-performance endpoints for user profile stats, leaderboards,
+ * and PNL tracking across all game types.
+ * 
+ * Most endpoints are public for viewing profiles, but some sensitive
+ * endpoints (games history, batch) require authentication.
+ */
+
+const express = require('express');
+const router = express.Router();
+const { authenticate } = require('../middleware/authenticate');
+
+module.exports = (userProfileStatsService) => {
+  
+  /**
+   * GET /api/profile/:walletAddress
+   * Get comprehensive user profile stats
+   * 
+   * Response includes:
+   * - User info (username, avatar, member since)
+   * - Combined summary (total PNL, win rate, games played)
+   * - Jackpot stats (solpot-style games)
+   * - Sports betting stats
+   * - Recent games history
+   */
+  router.get('/:walletAddress', async (req, res) => {
+    try {
+      const { walletAddress } = req.params;
+
+      // Validate wallet address format
+      if (!walletAddress || walletAddress.length < 32) {
+        return res.status(400).json({
+          success: false,
+          error: 'Invalid wallet address'
+        });
+      }
+
+      const stats = await userProfileStatsService.getUserProfileStats(walletAddress);
+
+      // Check if user has any activity
+      const hasActivity = stats.jackpot || stats.sports || 
+        (stats.summary.totalGamesPlayed > 0);
+
+      res.json({
+        success: true,
+        found: hasActivity,
+        profile: stats
+      });
+    } catch (error) {
+      console.error('[Profile] Error fetching stats:', error);
+      res.status(500).json({
+        success: false,
+        error: 'Failed to fetch profile stats'
+      });
+    }
+  });
+
+  /**
+   * GET /api/profile/:walletAddress/games
+   * Get user's recent games history with pagination (SECURED - game history is sensitive)
+   */
+  router.get('/:walletAddress/games', authenticate, async (req, res) => {
+    try {
+      const { walletAddress } = req.params;
+      const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+      const offset = parseInt(req.query.offset) || 0;
+
+      const stats = await userProfileStatsService.getUserProfileStats(walletAddress);
+      const games = stats.recentGames || [];
+
+      res.json({
+        success: true,
+        games: games.slice(offset, offset + limit),
+        total: games.length,
+        limit,
+        offset
+      });
+    } catch (error) {
+      console.error('[Profile] Error fetching games:', error);
+      res.status(500).json({
+        success: false,
+        error: 'Failed to fetch games history'
+      });
+    }
+  });
+
+  /**
+   * GET /api/profile/leaderboard/:type
+   * Get leaderboard by different criteria
+   * 
+   * Types:
+   * - pnl: Sort by net profit/loss (default)
+   * - wagered: Sort by total amount wagered
+   * - wins: Sort by total wins
+   * - winrate: Sort by win percentage
+   */
+  router.get('/leaderboard/:type?', async (req, res) => {
+    try {
+      const sortBy = req.params.type || 'pnl';
+      const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+
+      const validSortTypes = ['pnl', 'wagered', 'wins', 'winrate'];
+      if (!validSortTypes.includes(sortBy)) {
+        return res.status(400).json({
+          success: false,
+          error: `Invalid sort type. Must be one of: ${validSortTypes.join(', ')}`
+        });
+      }
+
+      const leaderboard = await userProfileStatsService.getLeaderboard(limit, sortBy);
+
+      res.json({
+        success: true,
+        sortBy,
+        leaderboard,
+        count: leaderboard.length
+      });
+    } catch (error) {
+      console.error('[Profile] Error fetching leaderboard:', error);
+      res.status(500).json({
+        success: false,
+        error: 'Failed to fetch leaderboard'
+      });
+    }
+  });
+
+  /**
+   * GET /api/profile/:walletAddress/summary
+   * Get lightweight summary stats (for avatar hover tooltips)
+   */
+  router.get('/:walletAddress/summary', async (req, res) => {
+    try {
+      const { walletAddress } = req.params;
+
+      const stats = await userProfileStatsService.getUserProfileStats(walletAddress);
+
+      res.json({
+        success: true,
+        summary: {
+          walletAddress: stats.walletAddress,
+          username: stats.username,
+          avatar: stats.avatar,
+          netPNL: stats.summary.netPNL,
+          winRate: stats.summary.winRate,
+          totalGamesPlayed: stats.summary.totalGamesPlayed,
+          isProfitable: stats.summary.isProfitable,
+        }
+      });
+    } catch (error) {
+      console.error('[Profile] Error fetching summary:', error);
+      res.status(500).json({
+        success: false,
+        error: 'Failed to fetch profile summary'
+      });
+    }
+  });
+
+  /**
+   * GET /api/profile/:walletAddress/friends
+   * Get user's friends list (public)
+   */
+  router.get('/:walletAddress/friends', async (req, res) => {
+    try {
+      const { walletAddress } = req.params;
+      const limit = Math.min(parseInt(req.query.limit) || 20, 50);
+
+      const friends = await userProfileStatsService.getUserFriends(walletAddress, limit);
+
+      res.json({
+        success: true,
+        friends,
+        count: friends.length
+      });
+    } catch (error) {
+      console.error('[Profile] Error fetching friends:', error);
+      res.status(500).json({
+        success: false,
+        error: 'Failed to fetch friends'
+      });
+    }
+  });
+
+  /**
+   * POST /api/profile/batch
+   * Get stats for multiple users at once (SECURED - prevents bulk scraping)
+   */
+  router.post('/batch', authenticate, async (req, res) => {
+    try {
+      const { walletAddresses } = req.body;
+
+      if (!walletAddresses || !Array.isArray(walletAddresses)) {
+        return res.status(400).json({
+          success: false,
+          error: 'walletAddresses array is required'
+        });
+      }
+
+      // Limit batch size
+      const limitedAddresses = walletAddresses.slice(0, 50);
+
+      // Fetch stats in parallel
+      const statsPromises = limitedAddresses.map(wallet => 
+        userProfileStatsService.getUserProfileStats(wallet)
+          .then(stats => ({
+            walletAddress: wallet,
+            username: stats.username,
+            avatar: stats.avatar,
+            netPNL: stats.summary.netPNL,
+            winRate: stats.summary.winRate,
+            totalGamesPlayed: stats.summary.totalGamesPlayed,
+            isProfitable: stats.summary.isProfitable,
+          }))
+          .catch(() => ({
+            walletAddress: wallet,
+            username: null,
+            avatar: null,
+            netPNL: 0,
+            winRate: 0,
+            totalGamesPlayed: 0,
+            isProfitable: false,
+          }))
+      );
+
+      const profiles = await Promise.all(statsPromises);
+
+      res.json({
+        success: true,
+        profiles,
+        count: profiles.length
+      });
+    } catch (error) {
+      console.error('[Profile] Error fetching batch:', error);
+      res.status(500).json({
+        success: false,
+        error: 'Failed to fetch batch profiles'
+      });
+    }
+  });
+
+  return router;
+};
+