rhythia-api 143.0.0 → 145.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/api/createBeatmap.ts +16 -2
- package/api/createBeatmapPage.ts +14 -0
- package/api/getAvatarUploadUrl.ts +11 -2
- package/api/getMapUploadUrl.ts +17 -2
- package/api/getProfile.ts +2 -2
- package/api/submitScore.ts +6 -0
- package/index.ts +2069 -0
- package/package.json +2 -1
- package/utils/test +5 -0
- package/utils/validateToken.ts +6 -0
package/api/createBeatmap.ts
CHANGED
|
@@ -9,8 +9,8 @@ const s3Client = new S3Client({
|
|
|
9
9
|
region: "auto",
|
|
10
10
|
endpoint: "https://s3.eu-central-003.backblazeb2.com",
|
|
11
11
|
credentials: {
|
|
12
|
-
secretAccessKey: "
|
|
13
|
-
accessKeyId: "
|
|
12
|
+
secretAccessKey: process.env.SECRET_BUCKET || "",
|
|
13
|
+
accessKeyId: process.env.ACCESS_BUCKET || "",
|
|
14
14
|
},
|
|
15
15
|
});
|
|
16
16
|
|
|
@@ -63,6 +63,20 @@ export async function handler({
|
|
|
63
63
|
return NextResponse.json({ error: "Bad user" });
|
|
64
64
|
}
|
|
65
65
|
|
|
66
|
+
if (
|
|
67
|
+
userData.ban == "excluded" ||
|
|
68
|
+
userData.ban == "restricted" ||
|
|
69
|
+
userData.ban == "silenced"
|
|
70
|
+
) {
|
|
71
|
+
return NextResponse.json(
|
|
72
|
+
{
|
|
73
|
+
error:
|
|
74
|
+
"Silenced, restricted or excluded players can't update their profile.",
|
|
75
|
+
},
|
|
76
|
+
{ status: 404 }
|
|
77
|
+
);
|
|
78
|
+
}
|
|
79
|
+
|
|
66
80
|
let { data: beatmapPage, error: errorlast } = await supabase
|
|
67
81
|
.from("beatmapPages")
|
|
68
82
|
.select(`*`)
|
package/api/createBeatmapPage.ts
CHANGED
|
@@ -36,6 +36,20 @@ export async function handler({
|
|
|
36
36
|
|
|
37
37
|
if (!userData) return NextResponse.json({ error: "No user." });
|
|
38
38
|
|
|
39
|
+
if (
|
|
40
|
+
userData.ban == "excluded" ||
|
|
41
|
+
userData.ban == "restricted" ||
|
|
42
|
+
userData.ban == "silenced"
|
|
43
|
+
) {
|
|
44
|
+
return NextResponse.json(
|
|
45
|
+
{
|
|
46
|
+
error:
|
|
47
|
+
"Silenced, restricted or excluded players can't update their profile.",
|
|
48
|
+
},
|
|
49
|
+
{ status: 404 }
|
|
50
|
+
);
|
|
51
|
+
}
|
|
52
|
+
|
|
39
53
|
const upserted = await supabase
|
|
40
54
|
.from("beatmapPages")
|
|
41
55
|
.upsert({
|
|
@@ -9,13 +9,14 @@ import {
|
|
|
9
9
|
S3Client,
|
|
10
10
|
} from "@aws-sdk/client-s3";
|
|
11
11
|
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
|
|
12
|
+
import { validateIntrinsicToken } from "../utils/validateToken";
|
|
12
13
|
|
|
13
14
|
const s3Client = new S3Client({
|
|
14
15
|
region: "auto",
|
|
15
16
|
endpoint: "https://s3.eu-central-003.backblazeb2.com",
|
|
16
17
|
credentials: {
|
|
17
|
-
secretAccessKey: "
|
|
18
|
-
accessKeyId: "
|
|
18
|
+
secretAccessKey: process.env.SECRET_BUCKET || "",
|
|
19
|
+
accessKeyId: process.env.ACCESS_BUCKET || "",
|
|
19
20
|
},
|
|
20
21
|
});
|
|
21
22
|
|
|
@@ -24,6 +25,7 @@ export const Schema = {
|
|
|
24
25
|
session: z.string(),
|
|
25
26
|
contentLength: z.number(),
|
|
26
27
|
contentType: z.string(),
|
|
28
|
+
intrinsicToken: z.string(),
|
|
27
29
|
}),
|
|
28
30
|
output: z.strictObject({
|
|
29
31
|
error: z.string().optional(),
|
|
@@ -45,11 +47,18 @@ export async function handler({
|
|
|
45
47
|
session,
|
|
46
48
|
contentLength,
|
|
47
49
|
contentType,
|
|
50
|
+
intrinsicToken,
|
|
48
51
|
}: (typeof Schema)["input"]["_type"]): Promise<
|
|
49
52
|
NextResponse<(typeof Schema)["output"]["_type"]>
|
|
50
53
|
> {
|
|
51
54
|
const user = (await supabase.auth.getUser(session)).data.user!;
|
|
52
55
|
|
|
56
|
+
if (!validateIntrinsicToken(intrinsicToken)) {
|
|
57
|
+
return NextResponse.json({
|
|
58
|
+
error: "Invalid intrinsic token",
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
|
|
53
62
|
if (contentLength > 5000000) {
|
|
54
63
|
return NextResponse.json({
|
|
55
64
|
error: "Max content length exceeded.",
|
package/api/getMapUploadUrl.ts
CHANGED
|
@@ -9,13 +9,14 @@ import {
|
|
|
9
9
|
S3Client,
|
|
10
10
|
} from "@aws-sdk/client-s3";
|
|
11
11
|
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
|
|
12
|
+
import { validateIntrinsicToken } from "../utils/validateToken";
|
|
12
13
|
|
|
13
14
|
const s3Client = new S3Client({
|
|
14
15
|
region: "auto",
|
|
15
16
|
endpoint: "https://s3.eu-central-003.backblazeb2.com",
|
|
16
17
|
credentials: {
|
|
17
|
-
secretAccessKey: "
|
|
18
|
-
accessKeyId: "
|
|
18
|
+
secretAccessKey: process.env.SECRET_BUCKET || "",
|
|
19
|
+
accessKeyId: process.env.ACCESS_BUCKET || "",
|
|
19
20
|
},
|
|
20
21
|
});
|
|
21
22
|
|
|
@@ -25,6 +26,7 @@ export const Schema = {
|
|
|
25
26
|
session: z.string(),
|
|
26
27
|
contentLength: z.number(),
|
|
27
28
|
contentType: z.string(),
|
|
29
|
+
intrinsicToken: z.string(),
|
|
28
30
|
}),
|
|
29
31
|
output: z.strictObject({
|
|
30
32
|
error: z.string().optional(),
|
|
@@ -47,17 +49,30 @@ export async function handler({
|
|
|
47
49
|
session,
|
|
48
50
|
contentLength,
|
|
49
51
|
contentType,
|
|
52
|
+
intrinsicToken,
|
|
50
53
|
}: (typeof Schema)["input"]["_type"]): Promise<
|
|
51
54
|
NextResponse<(typeof Schema)["output"]["_type"]>
|
|
52
55
|
> {
|
|
53
56
|
const user = (await supabase.auth.getUser(session)).data.user!;
|
|
54
57
|
|
|
58
|
+
if (!validateIntrinsicToken(intrinsicToken)) {
|
|
59
|
+
return NextResponse.json({
|
|
60
|
+
error: "Invalid intrinsic token",
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
|
|
55
64
|
if (contentLength > 50000000) {
|
|
56
65
|
return NextResponse.json({
|
|
57
66
|
error: "Max content length exceeded.",
|
|
58
67
|
});
|
|
59
68
|
}
|
|
60
69
|
|
|
70
|
+
if (contentType !== "application/octet-stream") {
|
|
71
|
+
return NextResponse.json({
|
|
72
|
+
error: "Unnacceptable format",
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
|
+
|
|
61
76
|
const key = `rhythia-${mapName ? mapName : user.id}-${Date.now()}.sspm`;
|
|
62
77
|
const command = new PutObjectCommand({
|
|
63
78
|
Bucket: "rhthia-avatars",
|
package/api/getProfile.ts
CHANGED
|
@@ -8,7 +8,7 @@ import { supabase } from "../utils/supabase";
|
|
|
8
8
|
export const Schema = {
|
|
9
9
|
input: z.strictObject({
|
|
10
10
|
session: z.string(),
|
|
11
|
-
id: z.number().optional(),
|
|
11
|
+
id: z.number().nullable().optional(),
|
|
12
12
|
}),
|
|
13
13
|
output: z.object({
|
|
14
14
|
error: z.string().optional(),
|
|
@@ -51,7 +51,7 @@ export async function handler(
|
|
|
51
51
|
let profiles: Database["public"]["Tables"]["profiles"]["Row"][] = [];
|
|
52
52
|
|
|
53
53
|
// Fetch by id
|
|
54
|
-
if (data.id !== undefined) {
|
|
54
|
+
if (data.id !== undefined && data.id !== null) {
|
|
55
55
|
let { data: queryData, error } = await supabase
|
|
56
56
|
.from("profiles")
|
|
57
57
|
.select("*")
|
package/api/submitScore.ts
CHANGED
|
@@ -50,6 +50,12 @@ export async function handler({
|
|
|
50
50
|
}: (typeof Schema)["input"]["_type"]): Promise<
|
|
51
51
|
NextResponse<(typeof Schema)["output"]["_type"]>
|
|
52
52
|
> {
|
|
53
|
+
return NextResponse.json(
|
|
54
|
+
{
|
|
55
|
+
error: "Disabled",
|
|
56
|
+
},
|
|
57
|
+
{ status: 500 }
|
|
58
|
+
);
|
|
53
59
|
const user = (await supabase.auth.getUser(session)).data.user!;
|
|
54
60
|
|
|
55
61
|
let { data: userData, error: userError } = await supabase
|