rhythia-api 151.0.0 → 153.0.0

package/api/approveMap.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -23,7 +25,7 @@ export async function POST(request: Request) {
 }
 
 export async function handler(data: (typeof Schema)["input"]["_type"]) {
-  const user = (await supabase.auth.getUser(data.session)).data.user!;
+  const user = (await getUserBySession(data.session)) as User;
   let { data: queryUserData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/api/createBeatmap.ts

@@ -5,6 +5,8 @@ import { SSPMParser } from "../utils/star-calc/sspmParser";
 import { supabase } from "../utils/supabase";
 import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
 import { rateMap } from "../utils/star-calc";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 const s3Client = new S3Client({
   region: "auto",
   endpoint: "https://s3.eu-central-003.backblazeb2.com",
@@ -52,7 +54,7 @@ export async function handler({
   const parsedData = parser.parse();
   const digested = parsedData.strings.mapID;
 
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
   let { data: userData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/api/createBeatmapPage.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -27,7 +29,7 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
   let { data: userData, error: userError } = await supabase
     .from("profiles")
     .select("*")
@@ -49,7 +51,7 @@ export async function handler({
       { status: 404 }
     );
   }
-  
+
   const upserted = await supabase
     .from("beatmapPages")
     .upsert({

package/api/deleteBeatmapPage.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -28,7 +30,7 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
   let { data: userData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/api/editAboutMe.ts

@@ -3,6 +3,8 @@ import z from "zod";
 import { Database } from "../types/database";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 export const Schema = {
   input: z.strictObject({
     session: z.string(),
@@ -45,7 +47,7 @@ export async function handler(
     );
   }
 
-  const user = (await supabase.auth.getUser(data.session)).data.user!;
+  const user = (await getUserBySession(data.session)) as User;
   let userData: Database["public"]["Tables"]["profiles"]["Update"];
 
   // Find user's entry

package/api/editProfile.ts

@@ -3,6 +3,8 @@ import z from "zod";
 import { Database } from "../types/database";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 export const Schema = {
   input: z.strictObject({
     session: z.string(),
@@ -46,7 +48,7 @@ export async function handler(
     );
   }
 
-  const user = (await supabase.auth.getUser(data.session)).data.user!;
+  const user = (await getUserBySession(data.session)) as User;
 
   let userData: Database["public"]["Tables"]["profiles"]["Update"];
 

package/api/getAvatarUploadUrl.ts

@@ -10,6 +10,8 @@ import {
 } from "@aws-sdk/client-s3";
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
 import { validateIntrinsicToken } from "../utils/validateToken";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 const s3Client = new S3Client({
   region: "auto",
@@ -51,7 +53,7 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
 
   if (!validateIntrinsicToken(intrinsicToken)) {
     return NextResponse.json({

package/api/getBadgedUsers.ts

@@ -1,6 +1,6 @@
 import { NextResponse } from "next/server";
 import z from "zod";
-import { getUser, protectedApi } from "../utils/requestUtils";
+import { protectedApi } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
 
 export const Schema = {

package/api/getLeaderboard.ts

@@ -1,7 +1,9 @@
 import { NextResponse } from "next/server";
 import z from "zod";
-import { getUser, protectedApi } from "../utils/requestUtils";
+import { protectedApi } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -48,7 +50,7 @@ export async function handler(
 const VIEW_PER_PAGE = 50;
 
 export async function getLeaderboard(page = 1, session: string) {
-  const getUserData = await getUser({ session });
+  const getUserData = (await getUserBySession(session)) as User;
 
   let leaderPosition = 0;
 
@@ -56,7 +58,7 @@ export async function getLeaderboard(page = 1, session: string) {
     let { data: queryData, error } = await supabase
       .from("profiles")
       .select("*")
-      .eq("uid", getUserData.data.user.id)
+      .eq("uid", getUserData.id)
       .single();
 
     if (queryData) {

package/api/getMapUploadUrl.ts

@@ -10,6 +10,8 @@ import {
 } from "@aws-sdk/client-s3";
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
 import { validateIntrinsicToken } from "../utils/validateToken";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 const s3Client = new S3Client({
   region: "auto",
@@ -53,7 +55,7 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
 
   if (!validateIntrinsicToken(intrinsicToken)) {
     return NextResponse.json({

package/api/getPassToken.ts

@@ -0,0 +1,55 @@
+import { NextResponse } from "next/server";
+import z from "zod";
+import { Database } from "../types/database";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { encryptString } from "../utils/security";
+export const Schema = {
+  input: z.strictObject({
+    data: z.object({
+      email: z.string(),
+      passkey: z.string(),
+      computerName: z.string(),
+    }),
+  }),
+  output: z.object({
+    token: z.string().optional(),
+    error: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: () => {},
+    activity: handler,
+  });
+}
+
+export async function handler(
+  data: (typeof Schema)["input"]["_type"]
+): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  let { data: queryPasskey, error } = await supabase
+    .from("passkeys")
+    .select("*")
+    .eq("email", data.data.email)
+    .eq("passkey", data.data.passkey)
+    .single();
+
+  if (!queryPasskey) {
+    return NextResponse.json({
+      error: "Wrong combination",
+    });
+  }
+  return NextResponse.json({
+    token: encryptString(
+      JSON.stringify({
+        userId: queryPasskey.id,
+        email: queryPasskey.email,
+        passKey: queryPasskey.passkey,
+        computerName: data.data.computerName,
+      })
+    ),
+  });
+}

package/api/getProfile.ts

@@ -4,6 +4,8 @@ import z from "zod";
 import { Database } from "../types/database";
 import { protectedApi } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -71,7 +73,7 @@ export async function handler(
     profiles = queryData;
   } else {
     // Fetch by session id
-    const user = (await supabase.auth.getUser(data.session)).data.user;
+    const user = (await getUserBySession(data.session)) as User;
 
     if (user) {
       let { data: queryData, error } = await supabase

package/api/nominateMap.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -23,7 +25,7 @@ export async function POST(request: Request) {
 }
 
 export async function handler(data: (typeof Schema)["input"]["_type"]) {
-  const user = (await supabase.auth.getUser(data.session)).data.user!;
+  const user = (await getUserBySession(data.session)) as User;
   let { data: queryUserData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/api/postBeatmapComment.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { User } from "@supabase/supabase-js";
+import { getUserBySession } from "../utils/getUserBySession";
 
 export const Schema = {
   input: z.strictObject({
@@ -30,7 +32,7 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
   let { data: userData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/api/rankMapsArchive.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -23,7 +25,7 @@ export async function POST(request: Request) {
 }
 
 export async function handler(data: (typeof Schema)["input"]["_type"]) {
-  const user = (await supabase.auth.getUser(data.session)).data.user!;
+  const user = (await getUserBySession(data.session)) as User;
   let { data: queryUserData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/api/setPasskey.ts

@@ -0,0 +1,59 @@
+import { NextResponse } from "next/server";
+import z from "zod";
+import { Database } from "../types/database";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    data: z.object({
+      passkey: z.string(),
+    }),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: () => {},
+    activity: handler,
+  });
+}
+
+export async function handler(
+  data: (typeof Schema)["input"]["_type"]
+): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  const user = (await getUserBySession(data.session)) as User;
+  let userData: Database["public"]["Tables"]["profiles"]["Update"];
+  // Find user's entry
+  {
+    let { data: queryUserData, error } = await supabase
+      .from("profiles")
+      .select("*")
+      .eq("uid", user.id);
+
+    if (!queryUserData?.length) {
+      return NextResponse.json(
+        {
+          error: "User cannot be retrieved from session",
+        },
+        { status: 404 }
+      );
+    }
+    userData = queryUserData[0];
+  }
+
+  await supabase.from("passkeys").upsert({
+    id: userData.id!,
+    email: user.email!,
+    passkey: data.data.passkey,
+  });
+
+  return NextResponse.json({});
+}

package/api/submitScore.ts

@@ -2,6 +2,10 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { decryptString } from "../utils/security";
+import { isEqual } from "lodash";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -13,7 +17,6 @@ export const Schema = {
       misses: z.number(),
       hits: z.number(),
       mapHash: z.string(),
-      mapNoteCount: z.number(),
       speed: z.number(),
     }),
   }),
@@ -50,13 +53,26 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  return NextResponse.json(
-    {
-      error: "Disabled",
-    },
-    { status: 500 }
-  );
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const tokenContents = JSON.parse(decryptString(data.token));
+  if (
+    !isEqual(tokenContents, {
+      relayHwid: data.relayHwid,
+      songId: data.songId,
+      misses: data.misses,
+      hits: data.hits,
+      mapHash: data.mapHash,
+      speed: data.speed,
+    })
+  ) {
+    return NextResponse.json(
+      {
+        error: "Token miscalculation",
+      },
+      { status: 500 }
+    );
+  }
+
+  const user = (await getUserBySession(session)) as User;
 
   let { data: userData, error: userError } = await supabase
     .from("profiles")
@@ -103,7 +119,8 @@ export async function handler({
     );
   }
 
-  if (beatmaps.noteCount !== data.mapNoteCount) {
+  const noteCount = data.misses + data.hits;
+  if (noteCount !== beatmaps.noteCount) {
     return NextResponse.json(
       {
         error: "Wrong map",
@@ -124,7 +141,7 @@ export async function handler({
     passed = false;
   }
 
-  const accurracy = data.hits / beatmaps.noteCount;
+  const accurracy = data.hits / noteCount;
   let awarded_sp = 0;
 
   console.log(

package/api/updateBeatmapPage.ts

@@ -2,6 +2,8 @@ import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
 
 export const Schema = {
   input: z.strictObject({
@@ -34,7 +36,7 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
-  const user = (await supabase.auth.getUser(session)).data.user!;
+  const user = (await getUserBySession(session)) as User;
   let { data: userData, error: userError } = await supabase
     .from("profiles")
     .select("*")

package/index.ts

@@ -353,6 +353,26 @@ import { Schema as GetMapUploadUrl } from "./api/getMapUploadUrl"
 export { Schema as SchemaGetMapUploadUrl } from "./api/getMapUploadUrl"
 export const getMapUploadUrl = handleApi({url:"/api/getMapUploadUrl",...GetMapUploadUrl})
 
+// ./api/getPassToken.ts API
+
+/*
+export const Schema = {
+  input: z.strictObject({
+    data: z.object({
+      email: z.string(),
+      passkey: z.string(),
+      computerName: z.string(),
+    }),
+  }),
+  output: z.object({
+    token: z.string().optional(),
+    error: z.string().optional(),
+  }),
+};*/
+import { Schema as GetPassToken } from "./api/getPassToken"
+export { Schema as SchemaGetPassToken } from "./api/getPassToken"
+export const getPassToken = handleApi({url:"/api/getPassToken",...GetPassToken})
+
 // ./api/getProfile.ts API
 
 /*
@@ -562,6 +582,24 @@ import { Schema as SearchUsers } from "./api/searchUsers"
 export { Schema as SchemaSearchUsers } from "./api/searchUsers"
 export const searchUsers = handleApi({url:"/api/searchUsers",...SearchUsers})
 
+// ./api/setPasskey.ts API
+
+/*
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    data: z.object({
+      passkey: z.string(),
+    }),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+  }),
+};*/
+import { Schema as SetPasskey } from "./api/setPasskey"
+export { Schema as SchemaSetPasskey } from "./api/setPasskey"
+export const setPasskey = handleApi({url:"/api/setPasskey",...SetPasskey})
+
 // ./api/submitScore.ts API
 
 /*
@@ -575,7 +613,6 @@ export const Schema = {
       misses: z.number(),
       hits: z.number(),
       mapHash: z.string(),
-      mapNoteCount: z.number(),
       speed: z.number(),
     }),
   }),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rhythia-api",
-  "version": "151.0.0",
+  "version": "153.0.0",
   "main": "index.ts",
   "scripts": {
     "update": "bun ./scripts/update.ts",
@@ -16,6 +16,7 @@
     "@aws-sdk/client-s3": "^3.637.0",
     "@aws-sdk/s3-request-presigner": "^3.637.0",
     "@netlify/zip-it-and-ship-it": "^9.37.9",
+    "@noble/ciphers": "^1.0.0",
     "@supabase/supabase-js": "^2.45.1",
     "@types/aws-lambda": "^8.10.143",
     "@types/bun": "^1.1.6",

package/types/database.ts

@@ -147,6 +147,32 @@ export type Database = {
         }
         Relationships: []
       }
+      passkeys: {
+        Row: {
+          email: string
+          id: number
+          passkey: string
+        }
+        Insert: {
+          email: string
+          id: number
+          passkey: string
+        }
+        Update: {
+          email?: string
+          id?: number
+          passkey?: string
+        }
+        Relationships: [
+          {
+            foreignKeyName: "passkeys_id_fkey"
+            columns: ["id"]
+            isOneToOne: true
+            referencedRelation: "profiles"
+            referencedColumns: ["id"]
+          },
+        ]
+      }
       profiles: {
         Row: {
           about_me: string | null

package/utils/getUserBySession.ts

@@ -0,0 +1,48 @@
+import { User } from "@supabase/supabase-js";
+import { decryptString } from "./security";
+import { supabase } from "./supabase";
+
+export async function getUserBySession(session: string): Promise<User | null> {
+  const user = (await supabase.auth.getUser(session)).data.user;
+
+  if (user) {
+    return user;
+  }
+
+  try {
+    console.log("trying legacy token");
+    const decryptedToken = JSON.parse(decryptString(session)) as {
+      userId: number;
+      email: string;
+      passKey: string;
+      computerName: string;
+    };
+
+    for (const key of Object.keys(decryptedToken)) {
+      if (decryptedToken[key] === undefined || decryptedToken[key] === null) {
+        return null;
+      }
+    }
+
+    console.log(decryptedToken);
+
+    let { data: queryPasskey, error } = await supabase
+      .from("passkeys")
+      .select("*,profiles(uid)")
+      .eq("id", decryptedToken.userId)
+      .eq("email", decryptedToken.email)
+      .eq("passkey", decryptedToken.passKey)
+      .single();
+
+    console.log(queryPasskey);
+
+    if (!queryPasskey) {
+      return null;
+    }
+
+    return (await supabase.auth.admin.getUserById(queryPasskey.profiles?.uid!))
+      .data.user;
+  } catch (error) {}
+
+  return null;
+}

package/utils/requestUtils.ts

@@ -1,6 +1,6 @@
 import { NextResponse } from "next/server";
-import { supabase } from "./supabase";
 import { ZodObject } from "zod";
+import { getUserBySession } from "./getUserBySession";
 
 interface Props<
   K = (...args: any[]) => Promise<NextResponse<any>>,
@@ -43,8 +43,8 @@ export async function validUser(data) {
     );
   }
 
-  const user = await supabase.auth.getUser(data.session);
-  if (user.error || !user.data.user) {
+  const user = await getUserBySession(data.session);
+  if (!user) {
     return NextResponse.json(
       {
         error: "Invalid user session",
@@ -53,15 +53,3 @@ export async function validUser(data) {
     );
   }
 }
-
-export async function getUser(data) {
-  if (!data.session) {
-    return;
-  }
-
-  const user = await supabase.auth.getUser(data.session);
-  if (user.error || !user.data.user) {
-    return;
-  }
-  return user;
-}

package/utils/security.ts

@@ -0,0 +1,20 @@
+import { xchacha20poly1305 } from "@noble/ciphers/chacha";
+import { managedNonce } from "@noble/ciphers/webcrypto";
+import {
+  bytesToHex,
+  bytesToUtf8,
+  hexToBytes,
+  utf8ToBytes,
+} from "@noble/ciphers/utils";
+const key = hexToBytes(process.env.TOKEN_SECRET || "");
+const chacha = managedNonce(xchacha20poly1305)(key); // manages nonces for you
+
+export function encryptString(str: string) {
+  const data = utf8ToBytes(str);
+  return bytesToHex(chacha.encrypt(data));
+}
+
+export function decryptString(str: string) {
+  const data = hexToBytes(str);
+  return bytesToUtf8(chacha.decrypt(data));
+}

package/utils/star-calc/index.ts

@@ -48,7 +48,6 @@ export function rate(
 ) {
   notes = notes.sort((a, b) => a.time - b.time);
   const decoder = new BeatmapDecoder();
-  const encoder = new BeatmapEncoder();
   const beatmap1 = decoder.decodeFromString(sampleMap);
   let i = 0;
   while (i < notes.length - 1) {
@@ -70,7 +69,6 @@ export function rate(
   const mods = ruleset.createModCombination("RX");
   const difficultyCalculator = ruleset.createDifficultyCalculator(beatmap1);
   const difficultyAttributes = difficultyCalculator.calculateWithMods(mods);
-  encoder.encodeToPath("./map.osu", beatmap1);
   return difficultyAttributes.starRating;
 }