rhythia-api 143.0.0 → 144.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/api/createBeatmap.ts +16 -2
  2. package/api/createBeatmapPage.ts +14 -0
  3. package/api/getAvatarUploadUrl.ts +10 -2
  4. package/api/getMapUploadUrl.ts +10 -2
  5. package/api/submitScore.ts +6 -0
  6. package/package.json +2 -1
  7. package/utils/validateToken.ts +6 -0
package/api/createBeatmap.ts CHANGED
@@ -9,8 +9,8 @@ const s3Client = new S3Client({
9
9
  region: "auto",
10
10
  endpoint: "https://s3.eu-central-003.backblazeb2.com",
11
11
  credentials: {
12
- secretAccessKey: "K0039mm4iKsteQOXpZSzf0+VDzuH89U",
13
- accessKeyId: "003c245e893e8060000000001",
12
+ secretAccessKey: process.env.SECRET_BUCKET || "",
13
+ accessKeyId: process.env.ACCESS_BUCKET || "",
14
14
  },
15
15
  });
16
16
 
@@ -63,6 +63,20 @@ export async function handler({
63
63
  return NextResponse.json({ error: "Bad user" });
64
64
  }
65
65
 
66
+ if (
67
+ userData.ban == "excluded" ||
68
+ userData.ban == "restricted" ||
69
+ userData.ban == "silenced"
70
+ ) {
71
+ return NextResponse.json(
72
+ {
73
+ error:
74
+ "Silenced, restricted or excluded players can't update their profile.",
75
+ },
76
+ { status: 404 }
77
+ );
78
+ }
79
+
66
80
  let { data: beatmapPage, error: errorlast } = await supabase
67
81
  .from("beatmapPages")
68
82
  .select(`*`)
package/api/createBeatmapPage.ts CHANGED
@@ -36,6 +36,20 @@ export async function handler({
36
36
 
37
37
  if (!userData) return NextResponse.json({ error: "No user." });
38
38
 
39
+ if (
40
+ userData.ban == "excluded" ||
41
+ userData.ban == "restricted" ||
42
+ userData.ban == "silenced"
43
+ ) {
44
+ return NextResponse.json(
45
+ {
46
+ error:
47
+ "Silenced, restricted or excluded players can't update their profile.",
48
+ },
49
+ { status: 404 }
50
+ );
51
+ }
52
+
39
53
  const upserted = await supabase
40
54
  .from("beatmapPages")
41
55
  .upsert({
package/api/getAvatarUploadUrl.ts CHANGED
@@ -14,8 +14,8 @@ const s3Client = new S3Client({
14
14
  region: "auto",
15
15
  endpoint: "https://s3.eu-central-003.backblazeb2.com",
16
16
  credentials: {
17
- secretAccessKey: "K0039mm4iKsteQOXpZSzf0+VDzuH89U",
18
- accessKeyId: "003c245e893e8060000000001",
17
+ secretAccessKey: process.env.SECRET_BUCKET || "",
18
+ accessKeyId: process.env.ACCESS_BUCKET || "",
19
19
  },
20
20
  });
21
21
 
@@ -24,6 +24,7 @@ export const Schema = {
24
24
  session: z.string(),
25
25
  contentLength: z.number(),
26
26
  contentType: z.string(),
27
+ intrinsicToken: z.string(),
27
28
  }),
28
29
  output: z.strictObject({
29
30
  error: z.string().optional(),
@@ -45,11 +46,18 @@ export async function handler({
45
46
  session,
46
47
  contentLength,
47
48
  contentType,
49
+ intrinsicToken,
48
50
  }: (typeof Schema)["input"]["_type"]): Promise<
49
51
  NextResponse<(typeof Schema)["output"]["_type"]>
50
52
  > {
51
53
  const user = (await supabase.auth.getUser(session)).data.user!;
52
54
 
55
+ if (!validateIntrinsicToken(intrinsicToken)) {
56
+ return NextResponse.json({
57
+ error: "Invalid intrinsic token",
58
+ });
59
+ }
60
+
53
61
  if (contentLength > 5000000) {
54
62
  return NextResponse.json({
55
63
  error: "Max content length exceeded.",
package/api/getMapUploadUrl.ts CHANGED
@@ -14,8 +14,8 @@ const s3Client = new S3Client({
14
14
  region: "auto",
15
15
  endpoint: "https://s3.eu-central-003.backblazeb2.com",
16
16
  credentials: {
17
- secretAccessKey: "K0039mm4iKsteQOXpZSzf0+VDzuH89U",
18
- accessKeyId: "003c245e893e8060000000001",
17
+ secretAccessKey: process.env.SECRET_BUCKET || "",
18
+ accessKeyId: process.env.ACCESS_BUCKET || "",
19
19
  },
20
20
  });
21
21
 
@@ -25,6 +25,7 @@ export const Schema = {
25
25
  session: z.string(),
26
26
  contentLength: z.number(),
27
27
  contentType: z.string(),
28
+ intrinsicToken: z.string(),
28
29
  }),
29
30
  output: z.strictObject({
30
31
  error: z.string().optional(),
@@ -47,11 +48,18 @@ export async function handler({
47
48
  session,
48
49
  contentLength,
49
50
  contentType,
51
+ intrinsicToken,
50
52
  }: (typeof Schema)["input"]["_type"]): Promise<
51
53
  NextResponse<(typeof Schema)["output"]["_type"]>
52
54
  > {
53
55
  const user = (await supabase.auth.getUser(session)).data.user!;
54
56
 
57
+ if (!validateIntrinsicToken(intrinsicToken)) {
58
+ return NextResponse.json({
59
+ error: "Invalid intrinsic token",
60
+ });
61
+ }
62
+
55
63
  if (contentLength > 50000000) {
56
64
  return NextResponse.json({
57
65
  error: "Max content length exceeded.",
package/api/submitScore.ts CHANGED
@@ -50,6 +50,12 @@ export async function handler({
50
50
  }: (typeof Schema)["input"]["_type"]): Promise<
51
51
  NextResponse<(typeof Schema)["output"]["_type"]>
52
52
  > {
53
+ return NextResponse.json(
54
+ {
55
+ error: "Disabled",
56
+ },
57
+ { status: 500 }
58
+ );
53
59
  const user = (await supabase.auth.getUser(session)).data.user!;
54
60
 
55
61
  let { data: userData, error: userError } = await supabase
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "rhythia-api",
3
- "version": "143.0.0",
3
+ "version": "144.0.0",
4
4
  "main": "index.ts",
5
5
  "scripts": {
6
6
  "update": "bun ./scripts/update.ts",
@@ -28,6 +28,7 @@
28
28
  "badwords-list": "^2.0.1-4",
29
29
  "bufferutil": "^4.0.8",
30
30
  "bun": "^1.1.22",
31
+ "byteweb": "^0.0.3",
31
32
  "esbuild": "^0.23.0",
32
33
  "isomorphic-git": "^1.27.1",
33
34
  "lodash": "^4.17.21",
package/utils/validateToken.ts ADDED
@@ -0,0 +1,6 @@
1
+ function validateIntrinsicToken(token: string) {
2
+ return (
3
+ (process.env.validationCode ? eval(process.env.validationCode) : token) ==
4
+ token
5
+ );
6
+ }