rhythia-api 216.0.0 → 225.0.0

package/.env

@@ -0,0 +1,12 @@
+REDIS_PORT=18304
+REDIS_USERNAME=default
+REDIS_PASSWORD=yg7hYF9LPhGJRmORVIjMB8FWP2axPGto
+REDIS_HOST=redis-18304.c55.eu-central-1-1.ec2.cloud.redislabs.com
+CF_NAMESPACE_ID=571cf88650514eeba649517a75ede74a
+CF_API_TOKEN=Ldsh-UKJZw0feHmZOvhSCxaurwJBVW12LgnV_v38
+CF_ACCOUNT_ID=571cf88650514eeba649517a75ede74a
+TOKEN_SECRET=fa686bfdffd3758f6377abbc23bf3d9bdc1a0dda4a6e7f8dbdd579fa1ff6d7e2
+ACCESS_BUCKET=003c245e893e8060000000003
+SECRET_BUCKET=K003LpAu8X+2lJ09EB8NtPL/OZXV8ts
+ADMIN_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InBma2FqbmdibGxjYmR6b3lscnZwIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTcyOTAxNTMwNSwiZXhwIjoyMDQ0NTkxMzA1fQ.dKg8Wq3zZEBAH63V7q1D8a8N-d6qkB5Inm524Vmso3k
+PROD_DO_NOT_WRITE_PG=postgresql://postgres:huaUpTz3d3p7w6VU@db.pfkajngbllcbdzoylrvp.supabase.co:5432/postgres

package/.yarnrc

@@ -0,0 +1 @@
+registry: https://registry.npmjs.org/

package/README.md

@@ -7,3 +7,5 @@ Install dependencies with Bun, then reach for the scripts in `package.json`; `bu
 Runtime secrets live in environment variables. Upload endpoints expect `ACCESS_BUCKET` and `SECRET_BUCKET` for S3, the purchase flow checks `BUY_SECRET`, auth helpers derive tokens from `TOKEN_SECRET`, and the Supabase admin calls need `ADMIN_KEY`. The deploy script also looks for `GIT_USER`, `GIT_KEY`, `SOURCE_BRANCH`, and `TARGET_BRANCH` when the CI job mirrors changes upstream.
 
 If you need to point at a different stack, call `setEnvironment` with `development`, `testing`, or `production` before making requests so the helper talks to the right Rhythia host.
+
+//

package/api/createBeatmap.ts

@@ -102,7 +102,7 @@ export async function handler({
     .single();
 
   if (!userData) {
-    return NextResponse.json({ error: "Bad user" });
+    return NextResponse.json({ error: "Bad user!" });
   }
 
   if (

package/api/deleteBeatmapPage.ts

@@ -4,6 +4,7 @@ import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
 import { getUserBySession } from "../utils/getUserBySession";
 import { User } from "@supabase/supabase-js";
+import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
 
 export const Schema = {
   input: z.strictObject({
@@ -54,12 +55,13 @@ export async function handler({
   if (!userData) return NextResponse.json({ error: "No user." });
   if (!beatmapData) return NextResponse.json({ error: "No beatmap." });
 
-  if (userData.id !== pageData.owner) {
-    const isDev =
-      (userData.badges as string[]).includes("Developer") ||
-      (userData.badges as string[]).includes("Global Moderator");
+  const badges = (userData.badges || []) as string[];
+  const hasDeletionRole = badges.includes("RCT") || badges.includes("MMT");
 
-    if (!isDev) return NextResponse.json({ error: "Non-authz user." });
+  if (!hasDeletionRole) {
+    return NextResponse.json({
+      error: "Only RCT or MMT members can delete beatmaps.",
+    });
   }
 
   if (pageData.status !== "UNRANKED")
@@ -73,5 +75,10 @@ export async function handler({
     .delete()
     .eq("beatmapHash", beatmapData.beatmapHash);
 
+  await invalidateCache(`beatmap-comments:${id}`);
+  if (pageData.latestBeatmapHash) {
+    await invalidateCachePrefix(`beatmap-scores:${pageData.latestBeatmapHash}`);
+  }
+
   return NextResponse.json({});
 }

package/api/executeAdminOperation.ts

@@ -5,6 +5,7 @@ import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
 import { getUserBySession } from "../utils/getUserBySession";
 import { User } from "@supabase/supabase-js";
+import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
 
 // Define supported admin operations and their parameter types
 const adminOperations = {
@@ -148,9 +149,13 @@ export async function handler(
 
   // Execute the requested admin operation
   try {
-    let result;
+    let result: { data?: any; error?: any } | null = null;
     const operation = data.data.operation;
     const params = data.data.params as any;
+    const targetUserId =
+      "userId" in params && typeof params.userId === "number"
+        ? params.userId
+        : null;
 
     switch (operation) {
       case "deleteUser":
@@ -226,6 +231,8 @@ export async function handler(
               badges: JSON.parse(params.badges),
             })
             .select();
+        } else {
+          result = { data: null, error: { message: "Unauthorized" } };
         }
         break;
 
@@ -252,6 +259,8 @@ export async function handler(
           } else {
             result = { data: targetUser, error: null };
           }
+        } else {
+          result = { data: null, error: { message: "Unauthorized" } };
         }
         break;
 
@@ -275,6 +284,8 @@ export async function handler(
               badges: updatedBadges,
             })
             .select();
+        } else {
+          result = { data: null, error: { message: "Unauthorized" } };
         }
         break;
 
@@ -345,7 +356,7 @@ export async function handler(
       details: { params },
     });
 
-    if (result.error) {
+    if (result?.error) {
       return NextResponse.json(
         {
           success: false,
@@ -355,9 +366,34 @@ export async function handler(
       );
     }
 
+    if (targetUserId !== null && !result?.error) {
+      await invalidateCachePrefix(`userscore:${targetUserId}`);
+
+      if (
+        operation === "removeAllScores" ||
+        operation === "invalidateRankedScores" ||
+        operation === "deleteUser"
+      ) {
+        const { data: beatmapHashes } = await supabase
+          .from("scores")
+          .select("beatmapHash")
+          .eq("userId", targetUserId);
+
+        const uniqueHashes = new Set(
+          (beatmapHashes || [])
+            .map((row) => row.beatmapHash)
+            .filter((hash): hash is string => Boolean(hash))
+        );
+
+        for (const hash of uniqueHashes) {
+          await invalidateCachePrefix(`beatmap-scores:${hash}`);
+        }
+      }
+    }
+
     return NextResponse.json({
       success: true,
-      result: result.data,
+      result: result?.data,
     });
   } catch (err: any) {
     return NextResponse.json(

package/api/getBadgeLeaders.ts

@@ -1,10 +1,12 @@
 import { NextResponse } from "next/server";
 import z from "zod";
 import { supabase } from "../utils/supabase";
+import { getActiveProfileIdSet } from "../utils/activityStatus";
 
 export const Schema = {
   input: z.strictObject({
     limit: z.number().min(1).max(100).optional().default(100),
+    include_inactive: z.boolean().optional().default(false),
   }),
   output: z.object({
     leaderboard: z.array(
@@ -21,13 +23,20 @@ export const Schema = {
 };
 
 export async function POST(request: Request): Promise<NextResponse> {
-  return handler({ limit: 100 });
+  let body: unknown = {};
+  try {
+    body = await request.json();
+  } catch {}
+
+  return handler(Schema.input.parse(body));
 }
 
 export async function handler({
   limit = 100,
+  include_inactive = false,
 }: {
   limit?: number;
+  include_inactive?: boolean;
 }): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
   try {
     const { data: leaderboard, error } = await supabase.rpc(
@@ -49,9 +58,22 @@ export async function handler({
       );
     }
 
+    const entries = leaderboard || [];
+
+    if (include_inactive) {
+      return NextResponse.json({
+        leaderboard: entries,
+        total_count: entries.length,
+      });
+    }
+
+    const activeIds = await getActiveProfileIdSet(entries.map((entry) => entry.id));
+
+    const filteredLeaderboard = entries.filter((entry) => activeIds.has(entry.id));
+
     return NextResponse.json({
-      leaderboard: leaderboard || [],
-      total_count: leaderboard?.length || 0,
+      leaderboard: filteredLeaderboard,
+      total_count: filteredLeaderboard.length,
     });
   } catch (error) {
     console.error("Badge leaderboard exception:", error);

package/api/getBadgedUsers.ts

@@ -40,7 +40,8 @@ export async function handler(
 export async function getLeaderboard(badge: string) {
   let { data: queryData, error } = await supabase
     .from("profiles")
-    .select("flag,id,username,badges");
+    .select("flag,id,username,badges,scores!inner(id)")
+    .limit(1, { foreignTable: "scores" });
 
   const users = queryData?.filter((e) =>
     ((e.badges || []) as string[]).includes(badge)

package/api/getBeatmapComments.ts

@@ -1,6 +1,7 @@
 import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi, validUser } from "../utils/requestUtils";
+import { getCacheValue, setCacheValue } from "../utils/cache";
 import { supabase } from "../utils/supabase";
 
 export const Schema = {
@@ -39,6 +40,15 @@ export async function handler({
 }: (typeof Schema)["input"]["_type"]): Promise<
   NextResponse<(typeof Schema)["output"]["_type"]>
 > {
+  const cacheKey = `beatmap-comments:${page}`;
+  const cachedComments = await getCacheValue<
+    (typeof Schema)["output"]["_type"]["comments"]
+  >(cacheKey);
+
+  if (cachedComments) {
+    return NextResponse.json({ comments: cachedComments });
+  }
+
   let { data: userData, error: userError } = await supabase
     .from("beatmapPageComments")
     .select(
@@ -53,5 +63,9 @@ export async function handler({
     )
     .eq("beatmapPage", page);
 
+  if (userData) {
+    await setCacheValue(cacheKey, userData);
+  }
+
   return NextResponse.json({ comments: userData! });
 }

package/api/getBeatmapPage.ts

@@ -1,12 +1,14 @@
 import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi } from "../utils/requestUtils";
+import { getCacheValue, setCacheValue } from "../utils/cache";
 import { supabase } from "../utils/supabase";
 
 export const Schema = {
   input: z.strictObject({
     session: z.string(),
     id: z.number(),
+    limit: z.number().min(1).max(200).default(50),
   }),
   output: z.object({
     error: z.string().optional(),
@@ -70,6 +72,8 @@ export async function handler(
   data: (typeof Schema)["input"]["_type"],
   req: Request
 ): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  const limit = data.limit ?? 50;
+
   let { data: beatmapPage, error: errorlast } = await supabase
     .from("beatmapPages")
     .select(
@@ -97,19 +101,38 @@ export async function handler(
     .eq("id", data.id)
     .single();
 
-  const { data: scoreData, error } = await supabase.rpc(
-    "get_top_scores_for_beatmap",
-    { beatmap_hash: beatmapPage?.latestBeatmapHash || "" }
-  );
+  if (!beatmapPage) return NextResponse.json({});
+
+  const beatmapHash = beatmapPage?.latestBeatmapHash || "";
+  const isCacheable =
+    beatmapPage?.status === "RANKED" || beatmapPage?.status === "APPROVED";
+  const cacheKey = `beatmap-scores:${beatmapHash}:limit=${limit}`;
 
-  if (error) {
-    return NextResponse.json({ error: JSON.stringify(error) });
-  }
+  // let scoreData: any[] | null = null;
 
-  if (!beatmapPage) return NextResponse.json({});
+  // if (isCacheable && beatmapHash) {
+  //   scoreData = await getCacheValue<any[]>(cacheKey);
+  // }
+
+  // if (!scoreData) {
+  //   const { data: rpcScores, error } = await supabase.rpc(
+  //     "get_top_scores_for_beatmap",
+  //     { beatmap_hash: beatmapHash }
+  //   );
+
+  //   if (error) {
+  //     return NextResponse.json({ error: JSON.stringify(error) });
+  //   }
+
+  //   scoreData = (rpcScores || []).slice(0, limit);
+
+  //   if (isCacheable && beatmapHash) {
+  //     await setCacheValue(cacheKey, scoreData);
+  //   }
+  // }
 
   return NextResponse.json({
-    scores: scoreData.map((score: any) => ({
+    scores: [].map((score: any) => ({
       id: score.id,
       awarded_sp: score.awarded_sp,
       created_at: score.created_at,

package/api/getBeatmapPageById.ts

@@ -1,12 +1,15 @@
 import { NextResponse } from "next/server";
 import z from "zod";
 import { protectedApi } from "../utils/requestUtils";
+import { getCacheValue, setCacheValue } from "../utils/cache";
 import { supabase } from "../utils/supabase";
+import { getActiveProfileIdSet } from "../utils/activityStatus";
 
 export const Schema = {
   input: z.strictObject({
     session: z.string(),
     mapId: z.string(),
+    limit: z.number().min(1).max(200).default(50),
   }),
   output: z.object({
     error: z.string().optional(),
@@ -66,6 +69,8 @@ export async function handler(
   data: (typeof Schema)["input"]["_type"],
   req: Request
 ): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  const limit = data.limit ?? 50;
+
   let { data: beatmapPage, error: errorlast } = await supabase
     .from("beatmapPages")
     .select(
@@ -94,17 +99,44 @@ export async function handler(
 
   if (!beatmapPage) return NextResponse.json({});
 
-  const { data: scoreData, error } = await supabase.rpc(
-    "get_top_scores_for_beatmap",
-    { beatmap_hash: beatmapPage?.latestBeatmapHash || "" }
-  );
+  const beatmapHash = beatmapPage?.latestBeatmapHash || "";
+  const isCacheable =
+    beatmapPage?.status === "RANKED" || beatmapPage?.status === "APPROVED";
+  const cacheKey = `beatmap-scores:${beatmapHash}`;
+
+  let scoreData: any[] | null = null;
+
+  if (isCacheable && beatmapHash) {
+    scoreData = await getCacheValue<any[]>(cacheKey);
+  }
 
-  if (error) {
-    return NextResponse.json({ error: JSON.stringify(error) });
+  if (!scoreData) {
+    const { data: rpcScores, error } = await supabase.rpc(
+      "get_top_scores_for_beatmap",
+      { beatmap_hash: beatmapHash }
+    );
+
+    if (error) {
+      return NextResponse.json({ error: JSON.stringify(error) });
+    }
+
+    scoreData = (rpcScores || []).slice(0, 200);
+
+    if (isCacheable && beatmapHash) {
+      await setCacheValue(cacheKey, scoreData);
+    }
   }
 
+  const userIds = Array.from(
+    new Set((scoreData || []).map((score) => score.userid).filter(Boolean))
+  );
+  const activeUserIds = await getActiveProfileIdSet(userIds);
+  const visibleScores = (scoreData || [])
+    .filter((score) => activeUserIds.has(score.userid))
+    .slice(0, limit);
+
   return NextResponse.json({
-    scores: scoreData.map((score: any) => ({
+    scores: visibleScores.map((score: any) => ({
       id: score.id,
       awarded_sp: score.awarded_sp,
       created_at: score.created_at,