rhythia-api 229.0.0 → 231.0.0

package/api/{approveMap.ts → vetoMap.ts}

@@ -1,78 +1,94 @@
-import { NextResponse } from "next/server";
-import z from "zod";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    mapId: z.number(),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-  }),
-};
-
-export async function POST(request: Request) {
-  return protectedApi({
-    request,
-    schema: Schema,
-    authorization: validUser,
-    activity: handler,
-  });
-}
-
-export async function handler(data: (typeof Schema)["input"]["_type"]) {
-  const user = (await getUserBySession(data.session)) as User;
-  let { data: queryUserData, error: userError } = await supabase
-    .from("profiles")
-    .select("*")
-    .eq("uid", user.id)
-    .single();
-
-  if (!queryUserData) {
-    return NextResponse.json({ error: "Can't find user" });
-  }
-
-  const tags = (queryUserData?.badges || []) as string[];
-
-  if (!tags.includes("MMT")) {
-    return NextResponse.json({ error: "Only MMTs can approve maps!" });
-  }
-
-  const { data: mapData, error } = await supabase
-    .from("beatmapPages")
-    .select("id,nominations,owner")
-    .eq("id", data.mapId)
-    .single();
-
-  if (!mapData) {
-    return NextResponse.json({ error: "Bad map" });
-  }
-
-  if (mapData.owner == queryUserData.id) {
-    return NextResponse.json({ error: "Can't approve own map" });
-  }
-
-  if ((mapData.nominations as number[])!.length < 2) {
-    return NextResponse.json({
-      error: "Maps can get approved only if they have 2 nominations",
-    });
-  }
-
-  if ((mapData.nominations as number[]).includes(queryUserData.id)) {
-    return NextResponse.json({
-      error: "Can't nominate and approve",
-    });
-  }
-
-  await supabase.from("beatmapPages").upsert({
-    id: data.mapId,
-    status: "RANKED",
-    ranked_at: Date.now(),
-  });
-
-  return NextResponse.json({});
-}
+import { NextResponse } from "next/server";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+const VETO_BADGES = ["Team Ranked"];
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    mapId: z.number(),
+    reason: z.string().min(1).max(1000),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request) {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler(data: (typeof Schema)["input"]["_type"]) {
+  const user = (await getUserBySession(data.session)) as User;
+  const { data: queryUserData } = await supabase
+    .from("profiles")
+    .select("*")
+    .eq("uid", user.id)
+    .single();
+
+  if (!queryUserData) {
+    return NextResponse.json({ error: "Can't find user" });
+  }
+
+  const tags = (queryUserData?.badges || []) as string[];
+  const hasVetoAccess = VETO_BADGES.some((badge) => tags.includes(badge));
+
+  if (!hasVetoAccess) {
+    return NextResponse.json({ error: "Only management can veto maps!" });
+  }
+
+  const { data: mapData } = await supabase
+    .from("beatmapPages")
+    .select("id,qualified")
+    .eq("id", data.mapId)
+    .single();
+
+  if (!mapData) {
+    return NextResponse.json({ error: "Bad map" });
+  }
+
+  if (!mapData.qualified) {
+    return NextResponse.json({
+      error: "Only qualified maps can be vetoed",
+    });
+  }
+
+  const { data: vetoData, error: vetoError } = await supabase
+    .from("vetos")
+    .insert({
+      beatmapPage: data.mapId,
+      user: queryUserData.id,
+      veto_reason: data.reason,
+    })
+    .select("id")
+    .single();
+
+  if (vetoError) {
+    return NextResponse.json({ error: vetoError.message });
+  }
+
+  const { error: updateError } = await supabase.from("beatmapPages").upsert({
+    id: data.mapId,
+    qualified: false,
+    qualifiedAt: null,
+  });
+
+  if (updateError) {
+    if (vetoData?.id) {
+      await supabase.from("vetos").delete().eq("id", vetoData.id);
+    }
+
+    return NextResponse.json({ error: updateError.message });
+  }
+
+  return NextResponse.json({});
+}

package/handleApi.ts

@@ -2,20 +2,16 @@ import { z } from "zod";
 let env = "development";
 import { profanity, CensorType } from "@2toad/profanity";
 export function setEnvironment(
-  stage: "development" | "testing" | "production" | "local"
+  stage: "development" | "testing" | "production"
 ) {
   env = stage;
 }
 export function handleApi<
-  T extends { url: string; input: z.ZodObject<any>; output: z.ZodObject<any> },
+  T extends { url: string; input: z.ZodObject<any>; output: z.ZodObject<any> }
 >(apiSchema: T) {
   profanity.whitelist.addWords(["willy"]);
   return async (input: T["input"]["_type"]): Promise<T["output"]["_type"]> => {
-    let url = `https://${env}.rhythia.com${apiSchema.url}`;
-    if (env == "local") {
-      url = `http://localhost:3000${apiSchema.url}`;
-    }
-    const response = await fetch(url, {
+    const response = await fetch(`https://${env}.rhythia.com${apiSchema.url}`, {
       method: "POST",
       body: JSON.stringify(input),
     });

package/index.ts

@@ -33,22 +33,6 @@ import { Schema as AddCollectionMap } from "./api/addCollectionMap"
 export { Schema as SchemaAddCollectionMap } from "./api/addCollectionMap"
 export const addCollectionMap = handleApi({url:"/api/addCollectionMap",...AddCollectionMap})
 
-// ./api/approveMap.ts API
-
-/*
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    mapId: z.number(),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-  }),
-};*/
-import { Schema as ApproveMap } from "./api/approveMap"
-export { Schema as SchemaApproveMap } from "./api/approveMap"
-export const approveMap = handleApi({url:"/api/approveMap",...ApproveMap})
-
 // ./api/chartPublicStats.ts API
 
 /*
@@ -60,6 +44,22 @@ import { Schema as ChartPublicStats } from "./api/chartPublicStats"
 export { Schema as SchemaChartPublicStats } from "./api/chartPublicStats"
 export const chartPublicStats = handleApi({url:"/api/chartPublicStats",...ChartPublicStats})
 
+// ./api/checkQualified.ts API
+
+/*
+export const Schema = {
+  input: z.strictObject({
+    secret: z.string(),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+    updated: z.number(),
+  }),
+};*/
+import { Schema as CheckQualified } from "./api/checkQualified"
+export { Schema as SchemaCheckQualified } from "./api/checkQualified"
+export const checkQualified = handleApi({url:"/api/checkQualified",...CheckQualified})
+
 // ./api/createBeatmap.ts API
 
 /*
@@ -469,16 +469,30 @@ export const Schema = {
         image: z.string().nullable().optional(),
         imageLarge: z.string().nullable().optional(),
         starRating: z.number().nullable().optional(),
-        owner: z.number().nullable().optional(),
-        ownerUsername: z.string().nullable().optional(),
-        ownerAvatar: z.string().nullable().optional(),
-        status: z.string().nullable().optional(),
-        description: z.string().nullable().optional(),
-        tags: z.string().nullable().optional(),
-        videoUrl: z.string().nullable().optional(),
-      })
-      .optional(),
-  }),
+        owner: z.number().nullable().optional(),
+        ownerUsername: z.string().nullable().optional(),
+        ownerAvatar: z.string().nullable().optional(),
+        status: z.string().nullable().optional(),
+        qualified: z.boolean().nullable().optional(),
+        qualifiedAt: z.string().nullable().optional(),
+        description: z.string().nullable().optional(),
+        tags: z.string().nullable().optional(),
+        videoUrl: z.string().nullable().optional(),
+        vetos: z
+          .array(
+            z.object({
+              id: z.number(),
+              userId: z.number().nullable().optional(),
+              username: z.string().nullable().optional(),
+              avatar_url: z.string().nullable().optional(),
+              veto_reason: z.string().nullable().optional(),
+              created_at: z.string().nullable().optional(),
+            })
+          )
+          .optional(),
+      })
+      .optional(),
+  }),
 };*/
 import { Schema as GetBeatmapPage } from "./api/getBeatmapPage"
 export { Schema as SchemaGetBeatmapPage } from "./api/getBeatmapPage"
@@ -528,14 +542,28 @@ export const Schema = {
         beatmapFile: z.string().nullable().optional(),
         image: z.string().nullable().optional(),
         starRating: z.number().nullable().optional(),
-        owner: z.number().nullable().optional(),
-        ownerUsername: z.string().nullable().optional(),
-        ownerAvatar: z.string().nullable().optional(),
-        status: z.string().nullable().optional(),
-        videoUrl: z.string().nullable(),
-      })
-      .optional(),
-  }),
+        owner: z.number().nullable().optional(),
+        ownerUsername: z.string().nullable().optional(),
+        ownerAvatar: z.string().nullable().optional(),
+        status: z.string().nullable().optional(),
+        qualified: z.boolean().nullable().optional(),
+        qualifiedAt: z.string().nullable().optional(),
+        videoUrl: z.string().nullable(),
+        vetos: z
+          .array(
+            z.object({
+              id: z.number(),
+              userId: z.number().nullable().optional(),
+              username: z.string().nullable().optional(),
+              avatar_url: z.string().nullable().optional(),
+              veto_reason: z.string().nullable().optional(),
+              created_at: z.string().nullable().optional(),
+            })
+          )
+          .optional(),
+      })
+      .optional(),
+  }),
 };*/
 import { Schema as GetBeatmapPageById } from "./api/getBeatmapPageById"
 export { Schema as SchemaGetBeatmapPageById } from "./api/getBeatmapPageById"
@@ -1116,11 +1144,12 @@ export const Schema = {
           awarded_sp: z.number().nullable(),
           beatmapHash: z.string().nullable(),
           created_at: z.string(),
-          id: z.number(),
-          misses: z.number().nullable(),
-          passed: z.boolean().nullable(),
-          songId: z.string().nullable(),
-          userId: z.number().nullable(),
+          id: z.number(),
+          misses: z.number().nullable(),
+          passed: z.boolean().nullable(),
+          replay_url: z.string().nullable().optional(),
+          songId: z.string().nullable(),
+          userId: z.number().nullable(),
           beatmapDifficulty: z.number().optional().nullable(),
           beatmapNotes: z.number().optional().nullable(),
           beatmapTitle: z.string().optional().nullable(),
@@ -1135,11 +1164,12 @@ export const Schema = {
           id: z.number(),
           awarded_sp: z.number().nullable(),
           created_at: z.string(),
-          misses: z.number().nullable(),
-          mods: z.record(z.unknown()),
-          passed: z.boolean().nullable(),
-          songId: z.string().nullable(),
-          speed: z.number().nullable(),
+          misses: z.number().nullable(),
+          mods: z.record(z.unknown()),
+          passed: z.boolean().nullable(),
+          replay_url: z.string().nullable().optional(),
+          songId: z.string().nullable(),
+          speed: z.number().nullable(),
           spin: z.boolean(),
           beatmapHash: z.string().nullable(),
           beatmapTitle: z.string().nullable(),
@@ -1154,11 +1184,12 @@ export const Schema = {
           awarded_sp: z.number().nullable(),
           beatmapHash: z.string().nullable(),
           created_at: z.string(),
-          id: z.number(),
-          misses: z.number().nullable(),
-          passed: z.boolean().nullable(),
-          rank: z.string().nullable(),
-          songId: z.string().nullable(),
+          id: z.number(),
+          misses: z.number().nullable(),
+          passed: z.boolean().nullable(),
+          replay_url: z.string().nullable().optional(),
+          rank: z.string().nullable(),
+          songId: z.string().nullable(),
           userId: z.number().nullable(),
           beatmapDifficulty: z.number().optional().nullable(),
           beatmapNotes: z.number().optional().nullable(),
@@ -1213,22 +1244,6 @@ import { Schema as GetVideoUploadUrl } from "./api/getVideoUploadUrl"
 export { Schema as SchemaGetVideoUploadUrl } from "./api/getVideoUploadUrl"
 export const getVideoUploadUrl = handleApi({url:"/api/getVideoUploadUrl",...GetVideoUploadUrl})
 
-// ./api/nominateMap.ts API
-
-/*
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    mapId: z.number(),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-  }),
-};*/
-import { Schema as NominateMap } from "./api/nominateMap"
-export { Schema as SchemaNominateMap } from "./api/nominateMap"
-export const nominateMap = handleApi({url:"/api/nominateMap",...NominateMap})
-
 // ./api/postBeatmapComment.ts API
 
 /*
@@ -1246,6 +1261,23 @@ import { Schema as PostBeatmapComment } from "./api/postBeatmapComment"
 export { Schema as SchemaPostBeatmapComment } from "./api/postBeatmapComment"
 export const postBeatmapComment = handleApi({url:"/api/postBeatmapComment",...PostBeatmapComment})
 
+// ./api/qualifyMap.ts API
+
+/*
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    mapId: z.number(),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+    qualifiedAt: z.string().optional(),
+  }),
+};*/
+import { Schema as QualifyMap } from "./api/qualifyMap"
+export { Schema as SchemaQualifyMap } from "./api/qualifyMap"
+export const qualifyMap = handleApi({url:"/api/qualifyMap",...QualifyMap})
+
 // ./api/rankMapsArchive.ts API
 
 /*
@@ -1335,26 +1367,26 @@ export const submitScore = handleApi({url:"/api/submitScore",...SubmitScore})
 // ./api/submitScoreInternal.ts API
 
 /*
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    secret: z.string(),
-    token: z.string(),
-    data: z.strictObject({
-      onlineMapId: z.number(),
-      misses: z.number(),
-      hits: z.number(),
-      speed: z.number(),
-      mods: z.array(z.string()),
-      spin: z.boolean(),
-      replayBytes: z.string().nullable().optional(),
-      pauses: z.number().nullable().optional(),
-      failTime: z.number().nullable().optional(),
-    }),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-  }),
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    secret: z.string(),
+    token: z.string(),
+    data: z.strictObject({
+      onlineMapId: z.number(),
+      misses: z.number(),
+      hits: z.number(),
+      speed: z.number(),
+      mods: z.array(z.string()),
+      spin: z.boolean(),
+      replayBytes: z.string().nullable().optional(),
+      pauses: z.number().nullable().optional(),
+      failTime: z.number().nullable().optional(),
+    }),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+  }),
 };*/
 import { Schema as SubmitScoreInternal } from "./api/submitScoreInternal"
 export { Schema as SchemaSubmitScoreInternal } from "./api/submitScoreInternal"
@@ -1379,4 +1411,21 @@ export const Schema = {
 import { Schema as UpdateBeatmapPage } from "./api/updateBeatmapPage"
 export { Schema as SchemaUpdateBeatmapPage } from "./api/updateBeatmapPage"
 export const updateBeatmapPage = handleApi({url:"/api/updateBeatmapPage",...UpdateBeatmapPage})
+
+// ./api/vetoMap.ts API
+
+/*
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    mapId: z.number(),
+    reason: z.string().min(1).max(1000),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+  }),
+};*/
+import { Schema as VetoMap } from "./api/vetoMap"
+export { Schema as SchemaVetoMap } from "./api/vetoMap"
+export const vetoMap = handleApi({url:"/api/vetoMap",...VetoMap})
 export { handleApi } from "./handleApi"

package/package.json

@@ -1,12 +1,18 @@
 {
   "name": "rhythia-api",
-  "version": "229.0.0",
+  "version": "231.0.0",
   "main": "index.ts",
   "author": "online-contributors-cunev",
   "scripts": {
     "update": "bun ./scripts/update.ts",
     "ci-deploy": "tsx ./scripts/ci-deploy.ts",
     "test": "tsx ./scripts/test.ts",
+    "cache:clear-user-scores": "bun run scripts/clear-user-score-cache.ts",
+    "db:optimize-user-scores": "bun run scripts/optimize-user-scores-indexes.ts",
+    "query-pull": "bun run scripts/pull-queries.ts",
+    "query-push": "bun run scripts/deploy-queries.ts",
+    "queries:pull": "bun run scripts/pull-queries.ts",
+    "queries:deploy": "bun run scripts/deploy-queries.ts",
     "sync": "npx supabase gen types typescript --project-id \"pfkajngbllcbdzoylrvp\" --schema public > types/database.ts",
     "pipeline:build-api": "tsx ./scripts/build.ts",
     "pipeline:deploy-testing": "tsx ./scripts/build.ts"
@@ -24,6 +30,7 @@
     "@types/bun": "^1.1.6",
     "@types/lodash": "^4.17.7",
     "@types/node": "^22.2.0",
+    "@types/pg": "^8.15.5",
     "@types/validator": "^13.12.2",
     "@vercel/edge": "^1.1.2",
     "@vercel/node": "^3.2.8",
@@ -40,12 +47,13 @@
     "osu-classes": "^3.1.0",
     "osu-parsers": "^4.1.7",
     "osu-standard-stable": "^5.0.0",
+    "pg": "^8.18.0",
     "redis": "^5.10.0",
     "remote-cloudflare-kv": "^1.0.1",
     "sharp": "^0.33.5",
     "short-uuid": "^5.2.0",
     "simple-git": "^3.25.0",
-    "supabase": "^2.76.15",
+    "supabase": "^2.76.16",
     "tsx": "^4.17.0",
     "utf-8-validate": "^6.0.4",
     "uuid": "^11.1.0",

package/queries/admin_delete_user.sql

@@ -0,0 +1,39 @@
+CREATE OR REPLACE FUNCTION public.admin_delete_user(user_id integer)
+ RETURNS boolean
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+AS $function$
+DECLARE
+  success BOOLEAN;
+BEGIN
+  -- Delete scores first due to foreign key constraints
+  DELETE FROM public.scores WHERE "userId" = user_id;
+  
+  -- Delete beatmapPageComments
+  DELETE FROM public."beatmapPageComments" WHERE owner = user_id;
+  
+  -- Delete beatmapPages owned by user
+  DELETE FROM public."beatmapPages" WHERE owner = user_id;
+  
+  -- Delete collections owned by user
+  DELETE FROM public."beatmapCollections" WHERE owner = user_id;
+  
+  -- Delete collection relations related to user's collections
+  -- (this is handled by cascade if you have it set up)
+  
+  -- Delete passkeys
+  DELETE FROM public.passkeys WHERE id = user_id;
+  
+  -- Delete profile activity
+  DELETE FROM public."profileActivities" 
+  WHERE uid = (SELECT uid FROM public.profiles WHERE id = user_id);
+  
+  -- Finally, delete the profile
+  DELETE FROM public.profiles WHERE id = user_id;
+  
+  -- Check if deletion was successful
+  success := NOT EXISTS (SELECT 1 FROM public.profiles WHERE id = user_id);
+  
+  RETURN success;
+END;
+$function$

package/queries/admin_exclude_user.sql

@@ -0,0 +1,21 @@
+CREATE OR REPLACE FUNCTION public.admin_exclude_user(user_id integer)
+ RETURNS boolean
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+AS $function$
+DECLARE
+  success BOOLEAN;
+BEGIN
+  UPDATE public.profiles
+  SET ban = 'excluded'::"banTypes",
+      "bannedAt" = EXTRACT(EPOCH FROM NOW())::bigint
+  WHERE id = user_id;
+  
+  success := EXISTS (
+    SELECT 1 FROM public.profiles 
+    WHERE id = user_id AND ban = 'excluded'::"banTypes"
+  );
+  
+  RETURN success;
+END;
+$function$

package/queries/admin_invalidate_ranked_scores.sql

@@ -0,0 +1,18 @@
+CREATE OR REPLACE FUNCTION public.admin_invalidate_ranked_scores(user_id integer)
+ RETURNS integer
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+AS $function$
+DECLARE
+  updated_count INTEGER;
+BEGIN
+  -- Update user stats to reflect score invalidation
+  UPDATE public.profiles
+  SET 
+    skill_points = 0,
+    spin_skill_points = 0
+  WHERE id = user_id;
+  
+  RETURN updated_count;
+END;
+$function$

package/queries/admin_log_action.sql

@@ -0,0 +1,10 @@
+CREATE OR REPLACE FUNCTION public.admin_log_action(admin_id integer, action_type text, target_id integer, details jsonb DEFAULT NULL::jsonb)
+ RETURNS void
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+AS $function$
+BEGIN
+  INSERT INTO public.admin_actions (admin_id, action_type, target_id, details)
+  VALUES (admin_id, action_type, target_id, details);
+END;
+$function$

package/queries/admin_profanity_clear.sql

@@ -0,0 +1,29 @@
+CREATE OR REPLACE FUNCTION public.admin_profanity_clear(user_id integer)
+ RETURNS boolean
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+AS $function$
+DECLARE
+  success BOOLEAN;
+  random_username TEXT;
+BEGIN
+  -- Generate a random username (Player + random number between 10000-99999)
+  random_username := 'Player' || (10000 + floor(random() * 90000)::int)::text;
+  
+  -- Update the profile
+  UPDATE public.profiles
+  SET 
+    username = random_username,
+    "computedUsername" = LOWER(random_username),
+    about_me = NULL
+  WHERE id = user_id;
+  
+  -- Check if update was successful
+  success := EXISTS (
+    SELECT 1 FROM public.profiles 
+    WHERE id = user_id AND username = random_username AND about_me IS NULL
+  );
+    
+  RETURN success;
+END;
+$function$