rhythia-api 217.0.0 → 225.0.0

package/.env

@@ -0,0 +1,12 @@
+REDIS_PORT=18304
+REDIS_USERNAME=default
+REDIS_PASSWORD=yg7hYF9LPhGJRmORVIjMB8FWP2axPGto
+REDIS_HOST=redis-18304.c55.eu-central-1-1.ec2.cloud.redislabs.com
+CF_NAMESPACE_ID=571cf88650514eeba649517a75ede74a
+CF_API_TOKEN=Ldsh-UKJZw0feHmZOvhSCxaurwJBVW12LgnV_v38
+CF_ACCOUNT_ID=571cf88650514eeba649517a75ede74a
+TOKEN_SECRET=fa686bfdffd3758f6377abbc23bf3d9bdc1a0dda4a6e7f8dbdd579fa1ff6d7e2
+ACCESS_BUCKET=003c245e893e8060000000003
+SECRET_BUCKET=K003LpAu8X+2lJ09EB8NtPL/OZXV8ts
+ADMIN_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InBma2FqbmdibGxjYmR6b3lscnZwIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTcyOTAxNTMwNSwiZXhwIjoyMDQ0NTkxMzA1fQ.dKg8Wq3zZEBAH63V7q1D8a8N-d6qkB5Inm524Vmso3k
+PROD_DO_NOT_WRITE_PG=postgresql://postgres:huaUpTz3d3p7w6VU@db.pfkajngbllcbdzoylrvp.supabase.co:5432/postgres

package/.yarnrc

@@ -0,0 +1 @@
+registry: https://registry.npmjs.org/

package/README.md

@@ -7,3 +7,5 @@ Install dependencies with Bun, then reach for the scripts in `package.json`; `bu
 Runtime secrets live in environment variables. Upload endpoints expect `ACCESS_BUCKET` and `SECRET_BUCKET` for S3, the purchase flow checks `BUY_SECRET`, auth helpers derive tokens from `TOKEN_SECRET`, and the Supabase admin calls need `ADMIN_KEY`. The deploy script also looks for `GIT_USER`, `GIT_KEY`, `SOURCE_BRANCH`, and `TARGET_BRANCH` when the CI job mirrors changes upstream.
 
 If you need to point at a different stack, call `setEnvironment` with `development`, `testing`, or `production` before making requests so the helper talks to the right Rhythia host.
+
+//

package/api/createBeatmap.ts

@@ -102,7 +102,7 @@ export async function handler({
     .single();
 
   if (!userData) {
-    return NextResponse.json({ error: "Bad user" });
+    return NextResponse.json({ error: "Bad user!" });
   }
 
   if (

package/api/deleteBeatmapPage.ts

@@ -1,10 +1,10 @@
 import { NextResponse } from "next/server";
 import z from "zod";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
 
 export const Schema = {
   input: z.strictObject({
@@ -67,18 +67,18 @@ export async function handler({
   if (pageData.status !== "UNRANKED")
     return NextResponse.json({ error: "Only unranked maps can be updated" });
 
-  await supabase.from("beatmapPageComments").delete().eq("beatmapPage", id);
-  await supabase.from("collectionRelations").delete().eq("beatmapPage", id);
-  await supabase.from("beatmapPages").delete().eq("id", id);
-  await supabase
-    .from("beatmaps")
-    .delete()
-    .eq("beatmapHash", beatmapData.beatmapHash);
-
-  await invalidateCache(`beatmap-comments:${id}`);
-  if (pageData.latestBeatmapHash) {
-    await invalidateCachePrefix(`beatmap-scores:${pageData.latestBeatmapHash}`);
-  }
-
-  return NextResponse.json({});
-}
+  await supabase.from("beatmapPageComments").delete().eq("beatmapPage", id);
+  await supabase.from("collectionRelations").delete().eq("beatmapPage", id);
+  await supabase.from("beatmapPages").delete().eq("id", id);
+  await supabase
+    .from("beatmaps")
+    .delete()
+    .eq("beatmapHash", beatmapData.beatmapHash);
+
+  await invalidateCache(`beatmap-comments:${id}`);
+  if (pageData.latestBeatmapHash) {
+    await invalidateCachePrefix(`beatmap-scores:${pageData.latestBeatmapHash}`);
+  }
+
+  return NextResponse.json({});
+}

package/api/executeAdminOperation.ts

@@ -1,11 +1,11 @@
 import { NextResponse } from "next/server";
-import z from "zod";
-import { Database } from "../types/database";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
+import z from "zod";
+import { Database } from "../types/database";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
 
 // Define supported admin operations and their parameter types
 const adminOperations = {
@@ -146,21 +146,21 @@ export async function handler(
       { status: 403 }
     );
   }
-
-  // Execute the requested admin operation
-  try {
-    let result: { data?: any; error?: any } | null = null;
-    const operation = data.data.operation;
-    const params = data.data.params as any;
-    const targetUserId =
-      "userId" in params && typeof params.userId === "number"
-        ? params.userId
-        : null;
-
-    switch (operation) {
-      case "deleteUser":
-        result = await supabase.rpc("admin_delete_user", {
-          user_id: params.userId,
+
+  // Execute the requested admin operation
+  try {
+    let result: { data?: any; error?: any } | null = null;
+    const operation = data.data.operation;
+    const params = data.data.params as any;
+    const targetUserId =
+      "userId" in params && typeof params.userId === "number"
+        ? params.userId
+        : null;
+
+    switch (operation) {
+      case "deleteUser":
+        result = await supabase.rpc("admin_delete_user", {
+          user_id: params.userId,
         });
         break;
 
@@ -221,23 +221,23 @@ export async function handler(
           })
           .select();
         break;
-      case "changeBadges":
-        // Allow only developers to modify badges.
-        if ((queryUserData.badges as string[]).includes("Developer")) {
-          result = await supabase
-            .from("profiles")
-            .upsert({
-              id: params.userId,
-              badges: JSON.parse(params.badges),
-            })
-            .select();
-        } else {
-          result = { data: null, error: { message: "Unauthorized" } };
-        }
-        break;
-
-      case "addBadge":
-        // Allow only developers to modify badges.
+      case "changeBadges":
+        // Allow only developers to modify badges.
+        if ((queryUserData.badges as string[]).includes("Developer")) {
+          result = await supabase
+            .from("profiles")
+            .upsert({
+              id: params.userId,
+              badges: JSON.parse(params.badges),
+            })
+            .select();
+        } else {
+          result = { data: null, error: { message: "Unauthorized" } };
+        }
+        break;
+
+      case "addBadge":
+        // Allow only developers to modify badges.
         if ((queryUserData.badges as string[]).includes("Developer")) {
           // Get current badges
           const { data: targetUser } = await supabase
@@ -249,23 +249,23 @@ export async function handler(
           const currentBadges = (targetUser?.badges || []) as string[];
           if (!currentBadges.includes(params.badge)) {
             currentBadges.push(params.badge);
-            result = await supabase
-              .from("profiles")
-              .upsert({
-                id: params.userId,
-                badges: currentBadges,
-              })
-              .select();
-          } else {
-            result = { data: targetUser, error: null };
-          }
-        } else {
-          result = { data: null, error: { message: "Unauthorized" } };
-        }
-        break;
-
-      case "removeBadge":
-        // Allow only developers to modify badges.
+            result = await supabase
+              .from("profiles")
+              .upsert({
+                id: params.userId,
+                badges: currentBadges,
+              })
+              .select();
+          } else {
+            result = { data: targetUser, error: null };
+          }
+        } else {
+          result = { data: null, error: { message: "Unauthorized" } };
+        }
+        break;
+
+      case "removeBadge":
+        // Allow only developers to modify badges.
         if ((queryUserData.badges as string[]).includes("Developer")) {
           // Get current badges
           const { data: targetUser } = await supabase
@@ -277,17 +277,17 @@ export async function handler(
           const currentBadges = (targetUser?.badges || []) as string[];
           const updatedBadges = currentBadges.filter(b => b !== params.badge);
           
-          result = await supabase
-            .from("profiles")
-            .upsert({
-              id: params.userId,
-              badges: updatedBadges,
-            })
-            .select();
-        } else {
-          result = { data: null, error: { message: "Unauthorized" } };
-        }
-        break;
+          result = await supabase
+            .from("profiles")
+            .upsert({
+              id: params.userId,
+              badges: updatedBadges,
+            })
+            .select();
+        } else {
+          result = { data: null, error: { message: "Unauthorized" } };
+        }
+        break;
 
       case "getScoresPaginated":
         const offset = (params.page - 1) * params.limit;
@@ -349,52 +349,52 @@ export async function handler(
     }
 
     // Log the admin action
-    await supabase.rpc("admin_log_action", {
-      admin_id: queryUserData.id,
-      action_type: operation,
-      target_id: "userId" in params ? params.userId : null,
-      details: { params },
-    });
-
-    if (result?.error) {
-      return NextResponse.json(
-        {
-          success: false,
-          error: result.error.message,
-        },
-        { status: 500 }
-      );
-    }
-
-    if (targetUserId !== null && !result?.error) {
-      await invalidateCachePrefix(`userscore:${targetUserId}`);
-
-      if (
-        operation === "removeAllScores" ||
-        operation === "invalidateRankedScores" ||
-        operation === "deleteUser"
-      ) {
-        const { data: beatmapHashes } = await supabase
-          .from("scores")
-          .select("beatmapHash")
-          .eq("userId", targetUserId);
-
-        const uniqueHashes = new Set(
-          (beatmapHashes || [])
-            .map((row) => row.beatmapHash)
-            .filter((hash): hash is string => Boolean(hash))
-        );
-
-        for (const hash of uniqueHashes) {
-          await invalidateCachePrefix(`beatmap-scores:${hash}`);
-        }
-      }
-    }
-
-    return NextResponse.json({
-      success: true,
-      result: result?.data,
-    });
+    await supabase.rpc("admin_log_action", {
+      admin_id: queryUserData.id,
+      action_type: operation,
+      target_id: "userId" in params ? params.userId : null,
+      details: { params },
+    });
+
+    if (result?.error) {
+      return NextResponse.json(
+        {
+          success: false,
+          error: result.error.message,
+        },
+        { status: 500 }
+      );
+    }
+
+    if (targetUserId !== null && !result?.error) {
+      await invalidateCachePrefix(`userscore:${targetUserId}`);
+
+      if (
+        operation === "removeAllScores" ||
+        operation === "invalidateRankedScores" ||
+        operation === "deleteUser"
+      ) {
+        const { data: beatmapHashes } = await supabase
+          .from("scores")
+          .select("beatmapHash")
+          .eq("userId", targetUserId);
+
+        const uniqueHashes = new Set(
+          (beatmapHashes || [])
+            .map((row) => row.beatmapHash)
+            .filter((hash): hash is string => Boolean(hash))
+        );
+
+        for (const hash of uniqueHashes) {
+          await invalidateCachePrefix(`beatmap-scores:${hash}`);
+        }
+      }
+    }
+
+    return NextResponse.json({
+      success: true,
+      result: result?.data,
+    });
   } catch (err: any) {
     return NextResponse.json(
       {

package/api/getBadgeLeaders.ts

@@ -1,10 +1,12 @@
 import { NextResponse } from "next/server";
 import z from "zod";
 import { supabase } from "../utils/supabase";
+import { getActiveProfileIdSet } from "../utils/activityStatus";
 
 export const Schema = {
   input: z.strictObject({
     limit: z.number().min(1).max(100).optional().default(100),
+    include_inactive: z.boolean().optional().default(false),
   }),
   output: z.object({
     leaderboard: z.array(
@@ -21,13 +23,20 @@ export const Schema = {
 };
 
 export async function POST(request: Request): Promise<NextResponse> {
-  return handler({ limit: 100 });
+  let body: unknown = {};
+  try {
+    body = await request.json();
+  } catch {}
+
+  return handler(Schema.input.parse(body));
 }
 
 export async function handler({
   limit = 100,
+  include_inactive = false,
 }: {
   limit?: number;
+  include_inactive?: boolean;
 }): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
   try {
     const { data: leaderboard, error } = await supabase.rpc(
@@ -49,9 +58,22 @@ export async function handler({
       );
     }
 
+    const entries = leaderboard || [];
+
+    if (include_inactive) {
+      return NextResponse.json({
+        leaderboard: entries,
+        total_count: entries.length,
+      });
+    }
+
+    const activeIds = await getActiveProfileIdSet(entries.map((entry) => entry.id));
+
+    const filteredLeaderboard = entries.filter((entry) => activeIds.has(entry.id));
+
     return NextResponse.json({
-      leaderboard: leaderboard || [],
-      total_count: leaderboard?.length || 0,
+      leaderboard: filteredLeaderboard,
+      total_count: filteredLeaderboard.length,
     });
   } catch (error) {
     console.error("Badge leaderboard exception:", error);

package/api/getBadgedUsers.ts

@@ -40,7 +40,8 @@ export async function handler(
 export async function getLeaderboard(badge: string) {
   let { data: queryData, error } = await supabase
     .from("profiles")
-    .select("flag,id,username,badges");
+    .select("flag,id,username,badges,scores!inner(id)")
+    .limit(1, { foreignTable: "scores" });
 
   const users = queryData?.filter((e) =>
     ((e.badges || []) as string[]).includes(badge)

package/api/getBeatmapComments.ts

@@ -1,8 +1,8 @@
-import { NextResponse } from "next/server";
-import z from "zod";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { getCacheValue, setCacheValue } from "../utils/cache";
-import { supabase } from "../utils/supabase";
+import { NextResponse } from "next/server";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { getCacheValue, setCacheValue } from "../utils/cache";
+import { supabase } from "../utils/supabase";
 
 export const Schema = {
   input: z.strictObject({
@@ -35,25 +35,25 @@ export async function POST(request: Request): Promise<NextResponse> {
   });
 }
 
-export async function handler({
-  page,
-}: (typeof Schema)["input"]["_type"]): Promise<
-  NextResponse<(typeof Schema)["output"]["_type"]>
-> {
-  const cacheKey = `beatmap-comments:${page}`;
-  const cachedComments = await getCacheValue<
-    (typeof Schema)["output"]["_type"]["comments"]
-  >(cacheKey);
-
-  if (cachedComments) {
-    return NextResponse.json({ comments: cachedComments });
-  }
-
-  let { data: userData, error: userError } = await supabase
-    .from("beatmapPageComments")
-    .select(
-      `
-      *,
+export async function handler({
+  page,
+}: (typeof Schema)["input"]["_type"]): Promise<
+  NextResponse<(typeof Schema)["output"]["_type"]>
+> {
+  const cacheKey = `beatmap-comments:${page}`;
+  const cachedComments = await getCacheValue<
+    (typeof Schema)["output"]["_type"]["comments"]
+  >(cacheKey);
+
+  if (cachedComments) {
+    return NextResponse.json({ comments: cachedComments });
+  }
+
+  let { data: userData, error: userError } = await supabase
+    .from("beatmapPageComments")
+    .select(
+      `
+      *,
       profiles!inner(
           username,
           avatar_url,
@@ -61,11 +61,11 @@ export async function handler({
         )
       `
     )
-    .eq("beatmapPage", page);
-
-  if (userData) {
-    await setCacheValue(cacheKey, userData);
-  }
-
-  return NextResponse.json({ comments: userData! });
-}
+    .eq("beatmapPage", page);
+
+  if (userData) {
+    await setCacheValue(cacheKey, userData);
+  }
+
+  return NextResponse.json({ comments: userData! });
+}

package/api/getBeatmapPage.ts

@@ -1,19 +1,19 @@
-import { NextResponse } from "next/server";
-import z from "zod";
-import { protectedApi } from "../utils/requestUtils";
-import { getCacheValue, setCacheValue } from "../utils/cache";
-import { supabase } from "../utils/supabase";
+import { NextResponse } from "next/server";
+import z from "zod";
+import { protectedApi } from "../utils/requestUtils";
+import { getCacheValue, setCacheValue } from "../utils/cache";
+import { supabase } from "../utils/supabase";
 
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    id: z.number(),
-    limit: z.number().min(1).max(200).default(50),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-    scores: z
-      .array(
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    id: z.number(),
+    limit: z.number().min(1).max(200).default(50),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+    scores: z
+      .array(
         z.object({
           id: z.number(),
           awarded_sp: z.number().nullable(),
@@ -68,17 +68,17 @@ export async function POST(request: Request): Promise<NextResponse> {
   });
 }
 
-export async function handler(
-  data: (typeof Schema)["input"]["_type"],
-  req: Request
-): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
-  const limit = data.limit ?? 50;
-
-  let { data: beatmapPage, error: errorlast } = await supabase
-    .from("beatmapPages")
-    .select(
-      `
-      *,
+export async function handler(
+  data: (typeof Schema)["input"]["_type"],
+  req: Request
+): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  const limit = data.limit ?? 50;
+
+  let { data: beatmapPage, error: errorlast } = await supabase
+    .from("beatmapPages")
+    .select(
+      `
+      *,
       beatmaps (
         created_at,
         playcount,
@@ -97,47 +97,47 @@ export async function handler(
         avatar_url
       )
     `
-    )
-    .eq("id", data.id)
-    .single();
-
-  if (!beatmapPage) return NextResponse.json({});
-
-  const beatmapHash = beatmapPage?.latestBeatmapHash || "";
-  const isCacheable =
-    beatmapPage?.status === "RANKED" || beatmapPage?.status === "APPROVED";
-  const cacheKey = `beatmap-scores:${beatmapHash}:limit=${limit}`;
-
-  let scoreData: any[] | null = null;
-
-  if (isCacheable && beatmapHash) {
-    scoreData = await getCacheValue<any[]>(cacheKey);
-  }
-
-  if (!scoreData) {
-    const { data: rpcScores, error } = await supabase.rpc(
-      "get_top_scores_for_beatmap",
-      { beatmap_hash: beatmapHash }
-    );
-
-    if (error) {
-      return NextResponse.json({ error: JSON.stringify(error) });
-    }
-
-    scoreData = (rpcScores || []).slice(0, limit);
-
-    if (isCacheable && beatmapHash) {
-      await setCacheValue(cacheKey, scoreData);
-    }
-  }
-
-  return NextResponse.json({
-    scores: (scoreData || []).map((score: any) => ({
-      id: score.id,
-      awarded_sp: score.awarded_sp,
-      created_at: score.created_at,
-      misses: score.misses,
-      mods: score.mods,
+    )
+    .eq("id", data.id)
+    .single();
+
+  if (!beatmapPage) return NextResponse.json({});
+
+  const beatmapHash = beatmapPage?.latestBeatmapHash || "";
+  const isCacheable =
+    beatmapPage?.status === "RANKED" || beatmapPage?.status === "APPROVED";
+  const cacheKey = `beatmap-scores:${beatmapHash}:limit=${limit}`;
+
+  // let scoreData: any[] | null = null;
+
+  // if (isCacheable && beatmapHash) {
+  //   scoreData = await getCacheValue<any[]>(cacheKey);
+  // }
+
+  // if (!scoreData) {
+  //   const { data: rpcScores, error } = await supabase.rpc(
+  //     "get_top_scores_for_beatmap",
+  //     { beatmap_hash: beatmapHash }
+  //   );
+
+  //   if (error) {
+  //     return NextResponse.json({ error: JSON.stringify(error) });
+  //   }
+
+  //   scoreData = (rpcScores || []).slice(0, limit);
+
+  //   if (isCacheable && beatmapHash) {
+  //     await setCacheValue(cacheKey, scoreData);
+  //   }
+  // }
+
+  return NextResponse.json({
+    scores: [].map((score: any) => ({
+      id: score.id,
+      awarded_sp: score.awarded_sp,
+      created_at: score.created_at,
+      misses: score.misses,
+      mods: score.mods,
       passed: score.passed,
       songId: score.songid,
       speed: score.speed,