rhythia-api 231.0.0 → 234.0.0

package/utils/beatmapTopScores.ts

@@ -0,0 +1,84 @@
+import { Database } from "../types/database";
+import { getActiveProfileIdSet } from "./activityStatus";
+import { supabase } from "./supabase";
+
+type BeatmapTopScoreRow =
+  Database["public"]["Functions"]["get_top_scores_for_beatmap3"]["Returns"][number];
+
+export type BeatmapTopScore = {
+  id: number;
+  awarded_sp: number | null;
+  created_at: string;
+  misses: number | null;
+  mods: Record<string, unknown>;
+  passed: boolean | null;
+  songId: string | null;
+  speed: number | null;
+  spin: boolean;
+  userId: number | null;
+  username: string | null;
+  avatar_url: string | null;
+  accuracy: number | null;
+};
+
+type GetBeatmapTopScoresResult = {
+  error?: string;
+  scores: BeatmapTopScore[];
+};
+
+function mapBeatmapTopScore(score: BeatmapTopScoreRow): BeatmapTopScore {
+  return {
+    id: score.id,
+    awarded_sp: score.awarded_sp,
+    created_at: score.created_at,
+    misses: score.misses,
+    mods: (score.mods || {}) as Record<string, unknown>,
+    passed: score.passed,
+    songId: score.songId,
+    speed: score.speed,
+    spin: score.spin,
+    userId: score.userId,
+    username: score.username,
+    avatar_url: score.avatar_url,
+    accuracy: score.accuracy,
+  };
+}
+
+export async function getVisibleTopScoresForBeatmap(
+  beatmapHash: string,
+  limit: number
+): Promise<GetBeatmapTopScoresResult> {
+  if (!beatmapHash) {
+    return { scores: [] };
+  }
+
+  const { data: rpcScores, error } = await supabase.rpc(
+    "get_top_scores_for_beatmap3",
+    { beatmap_hash: beatmapHash }
+  );
+
+  if (error) {
+    return { error: JSON.stringify(error), scores: [] };
+  }
+
+  const scoreData = rpcScores || [];
+
+  const userIds = Array.from(
+    new Set(
+      scoreData
+        .map((score) => score.userId)
+        .filter((userId): userId is number => typeof userId === "number")
+    )
+  );
+  const activeUserIds = await getActiveProfileIdSet(userIds);
+
+  return {
+    scores: scoreData
+      .filter(
+        (score) =>
+          typeof score.userId === "number" && activeUserIds.has(score.userId)
+      )
+      .slice(0, limit)
+      .map(mapBeatmapTopScore),
+  };
+}

package/utils/mapLifecycleWebhook.ts

@@ -0,0 +1,287 @@
+import { supabase } from "./supabase";
+
+type MapLifecycleEvent = "qualified" | "ranked" | "vetoed";
+
+const WEBHOOK_COLORS: Record<MapLifecycleEvent, number> = {
+  qualified: 0x3498db,
+  ranked: 0x2ecc71,
+  vetoed: 0xe74c3c,
+};
+
+const WEBHOOK_TITLES: Record<MapLifecycleEvent, string> = {
+  qualified: "Map Qualified",
+  ranked: "Map Ranked",
+  vetoed: "Map Vetoed",
+};
+
+const WEBHOOK_MESSAGES: Record<MapLifecycleEvent, string> = {
+  qualified: "A fresh map just reached qualification.",
+  ranked: "This map cleared qualification and is now ranked.",
+  vetoed: "This map was vetoed and sent back for improvements.",
+};
+
+function clampText(value: string, maxLength: number) {
+  const sanitized = value.replace(/[\u0000-\u0008\u000B\u000C\u000E-\u001F\u007F]/g, "");
+
+  if (sanitized.length <= maxLength) {
+    return sanitized;
+  }
+
+  if (maxLength <= 3) {
+    return sanitized.slice(0, maxLength);
+  }
+
+  return `${sanitized.slice(0, maxLength - 3)}...`;
+}
+
+function getSafeHttpUrl(value: string | null | undefined) {
+  if (!value) {
+    return null;
+  }
+
+  try {
+    const parsed = new URL(value.trim());
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      return null;
+    }
+    const serialized = parsed.toString();
+    if (serialized.length > 2048) {
+      return null;
+    }
+    return serialized;
+  } catch {
+    return null;
+  }
+}
+
+function formatLength(milliseconds: number | null | undefined) {
+  if (!milliseconds || milliseconds < 0) {
+    return "-";
+  }
+
+  const totalSeconds = Math.floor(milliseconds / 1000);
+  const minutes = Math.floor(totalSeconds / 60);
+  const seconds = totalSeconds % 60;
+  return `${minutes.toString().padStart(2, "0")}:${seconds
+    .toString()
+    .padStart(2, "0")}`;
+}
+
+export async function postMapLifecycleWebhook({
+  mapId,
+  event,
+  vetoReason,
+  candidateQualifierUsername,
+}: {
+  mapId: number;
+  event: MapLifecycleEvent;
+  vetoReason?: string;
+  candidateQualifierUsername?: string;
+}) {
+  const webhookUrl = process.env.WEBHOOK_MSG_DISCORD;
+  if (!webhookUrl) {
+    return;
+  }
+
+  try {
+    const { data: beatmapPage } = await supabase
+      .from("beatmapPages")
+      .select(
+        `
+        id,
+        owner,
+        title,
+        tags,
+        status,
+        qualified,
+        qualifiedAt,
+        beatmaps (
+          title,
+          starRating,
+          length,
+          difficulty,
+          noteCount,
+          image,
+          imageLarge
+        ),
+        profiles (
+          id,
+          username,
+          avatar_url
+        )
+      `
+      )
+      .eq("id", mapId)
+      .single();
+
+    if (!beatmapPage) {
+      return;
+    }
+
+    const beatmapData = (beatmapPage as any).beatmaps;
+    const profileData = (beatmapPage as any).profiles;
+    const mapTitle =
+      beatmapData?.title || beatmapPage.title || `Beatmap Page #${mapId}`;
+    const creatorName = profileData?.username || "Unknown";
+    const creatorId = beatmapPage.owner || profileData?.id || 0;
+    const rawImage =
+      beatmapData?.imageLarge || beatmapData?.image || "https://www.rhythia.com/unkimg.png";
+    const mapImage = rawImage.includes("backfill")
+      ? "https://www.rhythia.com/unkimg.png"
+      : rawImage;
+    const safeMapImageUrl = getSafeHttpUrl(mapImage);
+    const safeAvatarUrl = getSafeHttpUrl(profileData?.avatar_url);
+
+    const fields: Array<{ name: string; value: string; inline?: boolean }> = [
+      {
+        name: "Map ID",
+        value: clampText(`${beatmapPage.id}`, 1024),
+        inline: true,
+      },
+      {
+        name: "Creator",
+        value: clampText(creatorName, 1024),
+        inline: true,
+      },
+      {
+        name: "Stars",
+        value: clampText(
+          beatmapData?.starRating !== null && beatmapData?.starRating !== undefined
+            ? `${Math.round(beatmapData.starRating * 100) / 100}*`
+            : "-",
+          1024
+        ),
+        inline: true,
+      },
+      {
+        name: "Length",
+        value: clampText(formatLength(beatmapData?.length), 1024),
+        inline: true,
+      },
+      {
+        name: "Notes",
+        value: clampText(
+          beatmapData?.noteCount !== null && beatmapData?.noteCount !== undefined
+            ? `${beatmapData.noteCount}`
+            : "-",
+          1024
+        ),
+        inline: true,
+      },
+      {
+        name: "Tags",
+        value: clampText(beatmapPage.tags || "-", 1024),
+        inline: false,
+      },
+    ];
+
+    if (event === "qualified" && candidateQualifierUsername) {
+      fields.splice(2, 0, {
+        name: "Qualified By",
+        value: clampText(`${candidateQualifierUsername} (Candidate)`, 1024),
+        inline: true,
+      });
+    }
+
+    if (event === "vetoed") {
+      fields.push({
+        name: "Veto Reason",
+        value: clampText(vetoReason || "No reason provided", 1024),
+        inline: false,
+      });
+    }
+
+    const embed: Record<string, any> = {
+      title: clampText(`${WEBHOOK_TITLES[event]}: ${mapTitle}`, 256),
+      url: `https://www.rhythia.com/maps/${beatmapPage.id}`,
+      description: clampText(WEBHOOK_MESSAGES[event], 4096),
+      color: WEBHOOK_COLORS[event],
+      fields: fields.map((field) => ({
+        ...field,
+        name: clampText(field.name || "-", 256),
+        value: clampText(field.value || "-", 1024),
+      })),
+      author: {
+        name: clampText(creatorName, 256),
+        url: `https://www.rhythia.com/player/${creatorId}`,
+        icon_url: safeAvatarUrl || "https://www.rhythia.com/unkimg.png",
+      },
+      footer: {
+        text: clampText(
+          `Status: ${beatmapPage.status || "-"} | ${new Date().toUTCString()}`,
+          2048
+        ),
+      },
+    };
+
+    if (safeMapImageUrl) {
+      embed.thumbnail = {
+        url: safeMapImageUrl,
+      };
+    }
+
+    const payload = {
+      content: clampText(WEBHOOK_MESSAGES[event], 2000),
+      embeds: [embed],
+    };
+
+    let response = await fetch(webhookUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify(payload),
+    });
+
+    if (
+      !response.ok &&
+      response.status === 400 &&
+      (payload.embeds?.[0]?.image?.url || payload.embeds?.[0]?.thumbnail?.url)
+    ) {
+      // Most common Discord embed 400 here is a bad media URL. Retry without media.
+      const retryPayload = {
+        ...payload,
+        embeds: payload.embeds.map((embed: any) => {
+          const clone = { ...embed };
+          delete clone.image;
+          delete clone.thumbnail;
+          return clone;
+        }),
+      };
+
+      response = await fetch(webhookUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify(retryPayload),
+      });
+    }
+
+    if (!response.ok) {
+      const responseBody = await response.text();
+      console.log("Discord webhook failed", {
+        event,
+        mapId,
+        status: response.status,
+        statusText: response.statusText,
+        responseBody: clampText(responseBody || "-", 4000),
+        payloadPreview: {
+          content: payload.content,
+          title: payload.embeds?.[0]?.title,
+          fields: payload.embeds?.[0]?.fields?.map((field: any) => ({
+            name: field.name,
+            value: clampText(field.value || "-", 120),
+          })),
+          imageUrl: payload.embeds?.[0]?.image?.url || null,
+          thumbnailUrl: payload.embeds?.[0]?.thumbnail?.url || null,
+          authorIconUrl: payload.embeds?.[0]?.author?.icon_url || null,
+          hasImage: Boolean(payload.embeds?.[0]?.image?.url),
+          hasThumbnail: Boolean(payload.embeds?.[0]?.thumbnail?.url),
+        },
+      });
+    }
+  } catch (error) {
+    console.log("Failed to post map lifecycle webhook", error);
+  }
+}

package/utils/requestGeo.ts

@@ -0,0 +1,13 @@
+type RequestWithCf = Request & {
+  cf?: {
+    country?: string | null;
+  };
+};
+
+export function geolocation(request: Request) {
+  const { cf } = request as RequestWithCf;
+
+  return {
+    country: cf?.country || request.headers.get("cf-ipcountry") || undefined,
+  };
+}

package/utils/requestUtils.ts

@@ -1,127 +1,127 @@
-import { NextResponse } from "next/server";
-import { ZodObject } from "zod";
-import { getUserBySession } from "./getUserBySession";
-import { supabase } from "./supabase";
-
-const SENSITIVE_LOG_KEYS = new Set([
-  "session",
-  "replayBytes",
-  "token",
-  "secret",
-  "passkey",
-  "passKey",
-]);
-const LONG_LOG_STRING_THRESHOLD = 256;
-
-function sanitizeForLog(
-  value: unknown,
-  key?: string
-):
-  | string
-  | number
-  | boolean
-  | null
-  | undefined
-  | Record<string, unknown>
-  | unknown[] {
-  const normalizedKey = (key || "").toLowerCase();
-  if (
-    SENSITIVE_LOG_KEYS.has(key || "") ||
-    SENSITIVE_LOG_KEYS.has(normalizedKey)
-  ) {
-    if (value === null || value === undefined) {
-      return value as null | undefined;
-    }
-    return "<Long>";
-  }
-
-  if (typeof value === "string") {
-    return value.length > LONG_LOG_STRING_THRESHOLD ? "<Long>" : value;
-  }
-
-  if (Array.isArray(value)) {
-    return value.map((item) => sanitizeForLog(item));
-  }
-
-  if (value && typeof value === "object") {
-    const sanitizedObject: Record<string, unknown> = {};
-    Object.entries(value as Record<string, unknown>).forEach(
-      ([entryKey, entryValue]) => {
-        sanitizedObject[entryKey] = sanitizeForLog(entryValue, entryKey);
-      }
-    );
-    return sanitizedObject;
-  }
-
-  return value as string | number | boolean | null | undefined;
-}
-
-interface Props<
-  K = (...args: any[]) => Promise<NextResponse<any>>,
-  T = ZodObject<any>,
-> {
-  request: Request;
-  schema: { input: T; output: T };
-  authorization?: Function;
-  activity: K;
-}
-
-export async function protectedApi({
-  request,
-  schema,
-  authorization,
-  activity,
-}: Props) {
-  try {
-    const toParse = await request.json();
-    const data = schema.input.parse(toParse);
-
-    console.log("Request payload:", sanitizeForLog(data));
-
-    setActivity(data);
-    if (authorization) {
-      const authorizationResponse = await authorization(data);
-      if (authorizationResponse) {
-        return authorizationResponse;
-      }
-    }
-    return await activity(data, request);
-  } catch (error) {
-    console.log(`Couldn't parse`, error.toString());
-    return NextResponse.json({ error: error.toString() }, { status: 400 });
-  }
-}
-
-export async function setActivity(data: Record<string, any>) {
-  if (data.session) {
-    const user = (await supabase.auth.getUser(data.session)).data.user;
-    if (user) {
-      await supabase.from("profileActivities").upsert({
-        uid: user.id,
-        last_activity: Date.now(),
-      });
-    }
-  }
-}
-
-export async function validUser(data) {
-  if (!data.session) {
-    return NextResponse.json(
-      {
-        error: "Session is missing",
-      },
-      { status: 501 }
-    );
-  }
-
-  const user = await getUserBySession(data.session);
-  if (!user) {
-    console.log("Invalid user session");
-    return NextResponse.json(
-      {
-        error: "Invalid user session",
-      },
-      { status: 401 }
-    );
-  }
-}
+import { NextResponse } from "./response";
+import { ZodObject } from "zod";
+import { getUserBySession } from "./getUserBySession";
+import { supabase } from "./supabase";
+
+const SENSITIVE_LOG_KEYS = new Set([
+  "session",
+  "replayBytes",
+  "token",
+  "secret",
+  "passkey",
+  "passKey",
+]);
+const LONG_LOG_STRING_THRESHOLD = 256;
+
+function sanitizeForLog(
+  value: unknown,
+  key?: string
+):
+  | string
+  | number
+  | boolean
+  | null
+  | undefined
+  | Record<string, unknown>
+  | unknown[] {
+  const normalizedKey = (key || "").toLowerCase();
+  if (
+    SENSITIVE_LOG_KEYS.has(key || "") ||
+    SENSITIVE_LOG_KEYS.has(normalizedKey)
+  ) {
+    if (value === null || value === undefined) {
+      return value as null | undefined;
+    }
+    return "<Long>";
+  }
+
+  if (typeof value === "string") {
+    return value.length > LONG_LOG_STRING_THRESHOLD ? "<Long>" : value;
+  }
+
+  if (Array.isArray(value)) {
+    return value.map((item) => sanitizeForLog(item));
+  }
+
+  if (value && typeof value === "object") {
+    const sanitizedObject: Record<string, unknown> = {};
+    Object.entries(value as Record<string, unknown>).forEach(
+      ([entryKey, entryValue]) => {
+        sanitizedObject[entryKey] = sanitizeForLog(entryValue, entryKey);
+      }
+    );
+    return sanitizedObject;
+  }
+
+  return value as string | number | boolean | null | undefined;
+}
+
+interface Props<
+  K = (...args: any[]) => Promise<NextResponse<any>>,
+  T = ZodObject<any>,
+> {
+  request: Request;
+  schema: { input: T; output: T };
+  authorization?: Function;
+  activity: K;
+}
+
+export async function protectedApi({
+  request,
+  schema,
+  authorization,
+  activity,
+}: Props) {
+  try {
+    const toParse = await request.json();
+    const data = schema.input.parse(toParse);
+
+    console.log("Request payload:", sanitizeForLog(data));
+
+    setActivity(data);
+    if (authorization) {
+      const authorizationResponse = await authorization(data);
+      if (authorizationResponse) {
+        return authorizationResponse;
+      }
+    }
+    return await activity(data, request);
+  } catch (error) {
+    console.log(`Couldn't parse`, error.toString());
+    return NextResponse.json({ error: error.toString() }, { status: 400 });
+  }
+}
+
+export async function setActivity(data: Record<string, any>) {
+  if (data.session) {
+    const user = (await supabase.auth.getUser(data.session)).data.user;
+    if (user) {
+      await supabase.from("profileActivities").upsert({
+        uid: user.id,
+        last_activity: Date.now(),
+      });
+    }
+  }
+}
+
+export async function validUser(data) {
+  if (!data.session) {
+    return NextResponse.json(
+      {
+        error: "Session is missing",
+      },
+      { status: 501 }
+    );
+  }
+
+  const user = await getUserBySession(data.session);
+  if (!user) {
+    console.log("Invalid user session");
+    return NextResponse.json(
+      {
+        error: "Invalid user session",
+      },
+      { status: 401 }
+    );
+  }
+}

package/utils/response.ts

@@ -0,0 +1,11 @@
+export class NextResponse<Body = unknown> extends Response {
+  static json<Body>(body: Body, init: ResponseInit = {}) {
+    const headers = new Headers(init.headers);
+    headers.set("content-type", "application/json; charset=utf-8");
+
+    return new NextResponse<Body>(JSON.stringify(body), {
+      ...init,
+      headers,
+    });
+  }
+}