rhythia-api 197.0.0 → 198.0.0

package/api/executeAdminOperation.ts

@@ -0,0 +1,205 @@
+import { NextResponse } from "next/server";
+import z from "zod";
+import { Database } from "../types/database";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+// Define supported admin operations and their parameter types
+const adminOperations = {
+  deleteUser: z.object({ userId: z.number() }),
+  excludeUser: z.object({ userId: z.number() }),
+  restrictUser: z.object({ userId: z.number() }),
+  silenceUser: z.object({ userId: z.number() }),
+  searchUsers: z.object({ searchText: z.string() }),
+  removeAllScores: z.object({ userId: z.number() }),
+  invalidateRankedScores: z.object({ userId: z.number() }),
+  unbanUser: z.object({ userId: z.number() }),
+} as const;
+
+// Create a discriminated union type for operation parameters
+const OperationParam = z.discriminatedUnion("operation", [
+  z.object({
+    operation: z.literal("deleteUser"),
+    params: adminOperations.deleteUser,
+  }),
+  z.object({
+    operation: z.literal("excludeUser"),
+    params: adminOperations.excludeUser,
+  }),
+  z.object({
+    operation: z.literal("restrictUser"),
+    params: adminOperations.restrictUser,
+  }),
+  z.object({
+    operation: z.literal("silenceUser"),
+    params: adminOperations.silenceUser,
+  }),
+  z.object({
+    operation: z.literal("searchUsers"),
+    params: adminOperations.searchUsers,
+  }),
+  z.object({
+    operation: z.literal("removeAllScores"),
+    params: adminOperations.removeAllScores,
+  }),
+  z.object({
+    operation: z.literal("invalidateRankedScores"),
+    params: adminOperations.invalidateRankedScores,
+  }),
+  z.object({
+    operation: z.literal("unbanUser"),
+    params: adminOperations.unbanUser,
+  }),
+]);
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    data: OperationParam,
+  }),
+  output: z.object({
+    success: z.boolean(),
+    result: z.any().optional(),
+    error: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: () => {},
+    activity: handler,
+  });
+}
+
+export async function handler(
+  data: (typeof Schema)["input"]["_type"]
+): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  // Get user from session
+  const user = (await getUserBySession(data.session)) as User;
+
+  // Get user's profile data
+  const { data: queryUserData, error: userError } = await supabase
+    .from("profiles")
+    .select("*")
+    .eq("uid", user.id)
+    .single();
+
+  if (userError || !queryUserData) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: "User cannot be retrieved from session",
+      },
+      { status: 404 }
+    );
+  }
+
+  // Check if user has "Global Moderator" badge
+  const badges = queryUserData.badges as Record<string, any> | null;
+  const isGlobalModerator =
+    badges &&
+    Array.isArray(badges.badges) &&
+    badges.badges.some((badge: any) => badge === "Global Moderator");
+
+  if (!isGlobalModerator) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: "Unauthorized. Only Global Moderators can perform this action.",
+      },
+      { status: 403 }
+    );
+  }
+
+  // Execute the requested admin operation
+  try {
+    let result;
+    const operation = data.data.operation;
+    const params = data.data.params as any;
+
+    switch (operation) {
+      case "deleteUser":
+        result = await supabase.rpc("admin_delete_user", {
+          user_id: params.userId,
+        });
+        break;
+
+      case "excludeUser":
+        result = await supabase.rpc("admin_exclude_user", {
+          user_id: params.userId,
+        });
+        break;
+
+      case "restrictUser":
+        result = await supabase.rpc("admin_restrict_user", {
+          user_id: params.userId,
+        });
+        break;
+
+      case "silenceUser":
+        result = await supabase.rpc("admin_silence_user", {
+          user_id: params.userId,
+        });
+        break;
+
+      case "searchUsers":
+        result = await supabase.rpc("admin_search_users", {
+          search_text: params.searchText,
+        });
+        break;
+
+      case "removeAllScores":
+        result = await supabase.rpc("admin_remove_all_scores", {
+          user_id: params.userId,
+        });
+        break;
+
+      case "invalidateRankedScores":
+        result = await supabase.rpc("admin_invalidate_ranked_scores", {
+          user_id: params.userId,
+        });
+        break;
+
+      case "unbanUser":
+        result = await supabase.rpc("admin_unban_user", {
+          user_id: params.userId,
+        });
+        break;
+    }
+
+    // Log the admin action
+    await supabase.rpc("admin_log_action", {
+      admin_id: queryUserData.id,
+      action_type: operation,
+      target_id: "userId" in params ? params.userId : null,
+      details: { params },
+    });
+
+    if (result.error) {
+      return NextResponse.json(
+        {
+          success: false,
+          error: result.error.message,
+        },
+        { status: 500 }
+      );
+    }
+
+    return NextResponse.json({
+      success: true,
+      result: result.data,
+    });
+  } catch (err: any) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: err.message || "An error occurred during the operation",
+      },
+      { status: 500 }
+    );
+  }
+}

package/api/getVerified.ts

@@ -35,7 +35,7 @@ export async function handler(
     NextResponse.json({});
   }
 
-  console.log("CHEATER: " + queryData);
+  console.log("CHEATER: " + JSON.stringify(queryData));
 
   return NextResponse.json({});
 }

package/index.ts

@@ -308,6 +308,24 @@ import { Schema as EditProfile } from "./api/editProfile"
 export { Schema as SchemaEditProfile } from "./api/editProfile"
 export const editProfile = handleApi({url:"/api/editProfile",...EditProfile})
 
+// ./api/executeAdminOperation.ts API
+
+/*
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    data: OperationParam,
+  }),
+  output: z.object({
+    success: z.boolean(),
+    result: z.any().optional(),
+    error: z.string().optional(),
+  }),
+};*/
+import { Schema as ExecuteAdminOperation } from "./api/executeAdminOperation"
+export { Schema as SchemaExecuteAdminOperation } from "./api/executeAdminOperation"
+export const executeAdminOperation = handleApi({url:"/api/executeAdminOperation",...ExecuteAdminOperation})
+
 // ./api/getAvatarUploadUrl.ts API
 
 /*

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rhythia-api",
-  "version": "197.0.0",
+  "version": "198.0.0",
   "main": "index.ts",
   "author": "online-contributors-cunev",
   "scripts": {

package/types/database.ts

@@ -9,6 +9,62 @@ export type Json =
 export type Database = {
   public: {
     Tables: {
+      admin_actions: {
+        Row: {
+          action_type: string
+          admin_id: number
+          created_at: string | null
+          details: Json | null
+          id: number
+          target_id: number | null
+        }
+        Insert: {
+          action_type: string
+          admin_id: number
+          created_at?: string | null
+          details?: Json | null
+          id?: number
+          target_id?: number | null
+        }
+        Update: {
+          action_type?: string
+          admin_id?: number
+          created_at?: string | null
+          details?: Json | null
+          id?: number
+          target_id?: number | null
+        }
+        Relationships: []
+      }
+      admin_operations: {
+        Row: {
+          action_type: string | null
+          details: Json
+          id: number
+          target_id: string | null
+        }
+        Insert: {
+          action_type?: string | null
+          details: Json
+          id?: number
+          target_id?: string | null
+        }
+        Update: {
+          action_type?: string | null
+          details?: Json
+          id?: number
+          target_id?: string | null
+        }
+        Relationships: [
+          {
+            foreignKeyName: "admin_operations_id_fkey"
+            columns: ["id"]
+            isOneToOne: true
+            referencedRelation: "profiles"
+            referencedColumns: ["id"]
+          },
+        ]
+      }
       beatmapCollections: {
         Row: {
           created_at: string
@@ -541,6 +597,86 @@ export type Database = {
       [_ in never]: never
     }
     Functions: {
+      admin_delete_user: {
+        Args: {
+          user_id: number
+        }
+        Returns: boolean
+      }
+      admin_exclude_user: {
+        Args: {
+          user_id: number
+        }
+        Returns: boolean
+      }
+      admin_invalidate_ranked_scores: {
+        Args: {
+          user_id: number
+        }
+        Returns: number
+      }
+      admin_log_action: {
+        Args: {
+          admin_id: number
+          action_type: string
+          target_id: string
+          details?: Json
+        }
+        Returns: undefined
+      }
+      admin_remove_all_scores: {
+        Args: {
+          user_id: number
+        }
+        Returns: number
+      }
+      admin_restrict_user: {
+        Args: {
+          user_id: number
+        }
+        Returns: boolean
+      }
+      admin_search_users: {
+        Args: {
+          search_text: string
+        }
+        Returns: {
+          about_me: string | null
+          avatar_url: string | null
+          badges: Json | null
+          ban: Database["public"]["Enums"]["banTypes"] | null
+          bannedAt: number | null
+          clan: number | null
+          computedUsername: string | null
+          created_at: number | null
+          flag: string | null
+          id: number
+          mu_rank: number
+          play_count: number | null
+          profile_image: string | null
+          sigma_rank: number | null
+          skill_points: number | null
+          spin_skill_points: number
+          squares_hit: number | null
+          total_score: number | null
+          uid: string | null
+          username: string | null
+          verificationDeadline: number
+          verified: boolean | null
+        }[]
+      }
+      admin_silence_user: {
+        Args: {
+          user_id: number
+        }
+        Returns: boolean
+      }
+      admin_unban_user: {
+        Args: {
+          user_id: number
+        }
+        Returns: boolean
+      }
       get_clan_leaderboard: {
         Args: {
           page_number?: number
@@ -755,6 +891,7 @@ export type Database = {
           userid: number
           username: string
           avatar_url: string
+          accuracy: number
         }[]
       }
       get_top_scores_for_beatmap2: {