rhythia-api 237.0.0 → 239.0.0

package/api/editProfile.ts

@@ -2,25 +2,57 @@ import { NextResponse } from "../utils/response";
 import z from "zod";
 import { Database } from "../types/database";
 import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-import validator from "validator";
-import removeZeroWidth from "zero-width";
-
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+import validator from "validator";
+import removeZeroWidth from "zero-width";
+
+const USERNAME_CHANGE_COOLDOWN_ERROR =
+  "Username can only be changed once every 6 months";
+
+function getNextUsernameChangeAt(
+  lastChangedAt: string | null | undefined
+): string | null {
+  if (!lastChangedAt) {
+    return null;
+  }
+
+  const nextAllowedAt = new Date(lastChangedAt);
+  nextAllowedAt.setUTCMonth(nextAllowedAt.getUTCMonth() + 6);
+  return nextAllowedAt.toISOString();
+}
+
+function formatUsernameChangeDate(date: string): string {
+  return new Intl.DateTimeFormat("en-US", {
+    year: "numeric",
+    month: "short",
+    day: "numeric",
+  }).format(new Date(date));
+}
+
+function isUsernameChangeLocked(
+  lastChangedAt: string | null | undefined,
+  now = Date.now()
+): boolean {
+  const nextAllowedAt = getNextUsernameChangeAt(lastChangedAt);
+  return nextAllowedAt !== null && new Date(nextAllowedAt).getTime() > now;
+}
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
     data: z.object({
       avatar_url: z.string().optional(),
       profile_image: z.string().optional(),
       username: z.string().optional(),
     }),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-  }),
-};
+  }),
+  output: z.object({
+    error: z.string().optional(),
+    next_username_change_at: z.string().nullable().optional(),
+  }),
+};
 
 export async function POST(request: Request): Promise<NextResponse> {
   return protectedApi({
@@ -70,9 +102,9 @@ export async function handler(
       },
       { status: 404 }
     );
-  }
-
-  data.data.username = removeZeroWidth(data.data.username || "");
+  }
+
+  data.data.username = removeZeroWidth(data.data.username || "");
 
   const user = (await getUserBySession(data.session)) as User;
 
@@ -96,24 +128,62 @@ export async function handler(
     userData = queryUserData[0];
   }
 
-  if (
-    userData.ban == "excluded" ||
-    userData.ban == "restricted" ||
-    userData.ban == "silenced"
-  ) {
+  if (
+    userData.ban == "excluded" ||
+    userData.ban == "restricted" ||
+    userData.ban == "silenced"
+  ) {
     return NextResponse.json(
       {
         error:
           "Silenced, restricted or excluded players can't update their profile.",
       },
       { status: 404 }
-    );
-  }
-
-  const upsertPayload: Database["public"]["Tables"]["profiles"]["Update"] = {
-    id: userData.id,
-    computedUsername: data.data.username?.toLowerCase(),
-    ...data.data,
+    );
+  }
+
+  const usernameHasChanged =
+    data.data.username !== undefined && data.data.username !== userData.username;
+
+  let nextUsernameChangeAt: string | null = null;
+
+  if (usernameHasChanged) {
+    const { data: usernameHistory, error: usernameHistoryError } = await supabase
+      .from("profileUsernames")
+      .select("changed_at")
+      .eq("profile_id", userData.id!)
+      .order("changed_at", { ascending: false })
+      .limit(1);
+
+    if (usernameHistoryError) {
+      return NextResponse.json(
+        {
+          error: "Could not verify username change availability.",
+        },
+        { status: 500 }
+      );
+    }
+
+    const lastChangedAt = usernameHistory?.[0]?.changed_at ?? null;
+    nextUsernameChangeAt = getNextUsernameChangeAt(lastChangedAt);
+
+    if (isUsernameChangeLocked(lastChangedAt)) {
+      return NextResponse.json(
+        {
+          error: `${USERNAME_CHANGE_COOLDOWN_ERROR}. Next change available ${formatUsernameChangeDate(
+            nextUsernameChangeAt!
+          )}.`,
+          next_username_change_at: nextUsernameChangeAt,
+        },
+        { status: 404 }
+      );
+    }
+  }
+
+  const upsertPayload: Database["public"]["Tables"]["profiles"]["Update"] = {
+    id: userData.id,
+    computedUsername: data.data.username?.toLowerCase(),
+    ...data.data,
   };
 
   const upsertResult = await supabase
@@ -121,14 +191,44 @@ export async function handler(
     .upsert(upsertPayload)
     .select();
 
-  if (upsertResult.error) {
-    return NextResponse.json(
-      {
-        error: "Can't update, username might be used by someone else!",
+  if (upsertResult.error) {
+    if (
+      usernameHasChanged &&
+      upsertResult.error.message.includes(USERNAME_CHANGE_COOLDOWN_ERROR)
+    ) {
+      if (!nextUsernameChangeAt) {
+        const { data: usernameHistory } = await supabase
+          .from("profileUsernames")
+          .select("changed_at")
+          .eq("profile_id", userData.id!)
+          .order("changed_at", { ascending: false })
+          .limit(1);
+
+        nextUsernameChangeAt = getNextUsernameChangeAt(
+          usernameHistory?.[0]?.changed_at ?? null
+        );
+      }
+
+      return NextResponse.json(
+        {
+          error: `${USERNAME_CHANGE_COOLDOWN_ERROR}. Next change available ${
+            nextUsernameChangeAt
+              ? formatUsernameChangeDate(nextUsernameChangeAt)
+              : "later"
+          }.`,
+          next_username_change_at: nextUsernameChangeAt,
+        },
+        { status: 404 }
+      );
+    }
+
+    return NextResponse.json(
+      {
+        error: "Can't update, username might be used by someone else!",
       },
       { status: 404 }
     );
   }
-
-  return NextResponse.json({});
-}
+
+  return NextResponse.json({});
+}

package/api/executeAdminOperation.ts

@@ -7,6 +7,56 @@ import { getUserBySession } from "../utils/getUserBySession";
 import { User } from "@supabase/supabase-js";
 import { invalidateCache, invalidateCachePrefix } from "../utils/cache";
 
+type AdminProfileSummary = Pick<
+  Database["public"]["Tables"]["profiles"]["Row"],
+  "id" | "username" | "avatar_url" | "flag" | "badges" | "ban"
+>;
+
+type InvestigationDateRange = {
+  firstSeenAt: string | null;
+  lastSeenAt: string | null;
+};
+
+type LinkedAccountAggregate = AdminProfileSummary &
+  InvestigationDateRange & {
+    occurrences: number;
+    sharedHwids: Set<string>;
+  };
+
+type LinkedProfileAggregate = AdminProfileSummary &
+  InvestigationDateRange & {
+    occurrences: number;
+  };
+
+const MULTIACCOUNT_PROFILE_SELECT =
+  "id, username, avatar_url, flag, badges, ban";
+
+const SCORE_CACHE_READ_OPERATIONS = new Set([
+  "getScoresPaginated",
+  "getMultiaccountInvestigation",
+]);
+
+function timestampOrZero(value: string | null) {
+  return value ? new Date(value).getTime() : 0;
+}
+
+function updateDateRange(
+  range: InvestigationDateRange,
+  createdAt: string | null
+) {
+  if (!createdAt) {
+    return;
+  }
+
+  if (!range.firstSeenAt || createdAt < range.firstSeenAt) {
+    range.firstSeenAt = createdAt;
+  }
+
+  if (!range.lastSeenAt || createdAt > range.lastSeenAt) {
+    range.lastSeenAt = createdAt;
+  }
+}
+
 // Define supported admin operations and their parameter types
 const adminOperations = {
   deleteUser: z.object({ userId: z.number() }),
@@ -28,6 +78,7 @@ const adminOperations = {
     userId: z.number().optional(),
     includeAdditionalData: z.boolean().default(true),
   }),
+  getMultiaccountInvestigation: z.object({ userId: z.number() }),
 } as const;
 
 // Create a discriminated union type for operation parameters
@@ -88,6 +139,10 @@ const OperationParam = z.discriminatedUnion("operation", [
     operation: z.literal("getScoresPaginated"),
     params: adminOperations.getScoresPaginated,
   }),
+  z.object({
+    operation: z.literal("getMultiaccountInvestigation"),
+    params: adminOperations.getMultiaccountInvestigation,
+  }),
 ]);
 
 export const Schema = {
@@ -346,6 +401,242 @@ export async function handler(
           };
         }
         break;
+
+      case "getMultiaccountInvestigation":
+        const { data: investigatedUser, error: investigatedUserError } =
+          await supabase
+            .from("profiles")
+            .select(MULTIACCOUNT_PROFILE_SELECT)
+            .eq("id", params.userId)
+            .maybeSingle();
+
+        if (investigatedUserError) {
+          result = { error: investigatedUserError, data: null };
+          break;
+        }
+
+        if (!investigatedUser) {
+          result = {
+            error: { message: "User not found" },
+            data: null,
+          };
+          break;
+        }
+
+        const { data: investigatedUserHwids, error: investigatedUserHwidsError } =
+          await supabase
+            .from("user_hwids")
+            .select("id, hwid, created_at")
+            .eq("id", params.userId)
+            .order("created_at", { ascending: false });
+
+        if (investigatedUserHwidsError) {
+          result = { error: investigatedUserHwidsError, data: null };
+          break;
+        }
+
+        const targetRows = investigatedUserHwids || [];
+        const uniqueHwids = Array.from(
+          new Set(targetRows.map((row) => row.hwid).filter(Boolean))
+        );
+
+        const dateRange: InvestigationDateRange = {
+          firstSeenAt: null,
+          lastSeenAt: null,
+        };
+
+        const hwidAggregates = new Map<
+          string,
+          InvestigationDateRange & {
+            hwid: string;
+            occurrences: number;
+            linkedProfiles: Map<number, LinkedProfileAggregate>;
+          }
+        >();
+
+        for (const row of targetRows) {
+          updateDateRange(dateRange, row.created_at);
+
+          const existing = hwidAggregates.get(row.hwid) || {
+            hwid: row.hwid,
+            occurrences: 0,
+            firstSeenAt: null,
+            lastSeenAt: null,
+            linkedProfiles: new Map<number, LinkedProfileAggregate>(),
+          };
+
+          existing.occurrences += 1;
+          updateDateRange(existing, row.created_at);
+          hwidAggregates.set(row.hwid, existing);
+        }
+
+        if (uniqueHwids.length === 0) {
+          result = {
+            data: {
+              user: investigatedUser,
+              summary: {
+                totalRows: 0,
+                uniqueHwids: 0,
+                sharedHwids: 0,
+                linkedAccounts: 0,
+                firstSeenAt: null,
+                lastSeenAt: null,
+              },
+              accounts: [],
+              hwids: [],
+            },
+            error: null,
+          };
+          break;
+        }
+
+        const { data: relatedRows, error: relatedRowsError } = await supabase
+          .from("user_hwids")
+          .select("id, hwid, created_at")
+          .in("hwid", uniqueHwids)
+          .order("created_at", { ascending: false });
+
+        if (relatedRowsError) {
+          result = { error: relatedRowsError, data: null };
+          break;
+        }
+
+        const relatedProfileIds = Array.from(
+          new Set(
+            (relatedRows || [])
+              .map((row) => row.id)
+              .filter((id) => id !== params.userId)
+          )
+        );
+
+        const { data: relatedProfiles, error: relatedProfilesError } =
+          relatedProfileIds.length > 0
+            ? await supabase
+                .from("profiles")
+                .select(MULTIACCOUNT_PROFILE_SELECT)
+                .in("id", relatedProfileIds)
+            : { data: [], error: null };
+
+        if (relatedProfilesError) {
+          result = { error: relatedProfilesError, data: null };
+          break;
+        }
+
+        const profileMap = new Map<number, AdminProfileSummary>([
+          [investigatedUser.id, investigatedUser],
+          ...((relatedProfiles || []) as AdminProfileSummary[]).map((profile) => [
+            profile.id,
+            profile,
+          ]),
+        ]);
+
+        const linkedAccountAggregates = new Map<number, LinkedAccountAggregate>();
+
+        for (const row of relatedRows || []) {
+          if (row.id === params.userId) {
+            continue;
+          }
+
+          const hwidAggregate = hwidAggregates.get(row.hwid);
+          const relatedProfile = profileMap.get(row.id);
+
+          if (!hwidAggregate || !relatedProfile) {
+            continue;
+          }
+
+          const linkedProfile =
+            hwidAggregate.linkedProfiles.get(row.id) || {
+              ...relatedProfile,
+              occurrences: 0,
+              firstSeenAt: null,
+              lastSeenAt: null,
+            };
+
+          linkedProfile.occurrences += 1;
+          updateDateRange(linkedProfile, row.created_at);
+          hwidAggregate.linkedProfiles.set(row.id, linkedProfile);
+
+          const linkedAccount = linkedAccountAggregates.get(row.id) || {
+            ...relatedProfile,
+            occurrences: 0,
+            sharedHwids: new Set<string>(),
+            firstSeenAt: null,
+            lastSeenAt: null,
+          };
+
+          linkedAccount.occurrences += 1;
+          linkedAccount.sharedHwids.add(row.hwid);
+          updateDateRange(linkedAccount, row.created_at);
+          linkedAccountAggregates.set(row.id, linkedAccount);
+        }
+
+        const accounts = Array.from(linkedAccountAggregates.values())
+          .map((account) => ({
+            ...account,
+            sharedHwids: Array.from(account.sharedHwids).sort(),
+            sharedHwidCount: account.sharedHwids.size,
+          }))
+          .sort((a, b) => {
+            if (b.sharedHwidCount !== a.sharedHwidCount) {
+              return b.sharedHwidCount - a.sharedHwidCount;
+            }
+
+            if (b.occurrences !== a.occurrences) {
+              return b.occurrences - a.occurrences;
+            }
+
+            return timestampOrZero(b.lastSeenAt) - timestampOrZero(a.lastSeenAt);
+          });
+
+        const hwids = Array.from(hwidAggregates.values())
+          .map((aggregate) => ({
+            hwid: aggregate.hwid,
+            occurrences: aggregate.occurrences,
+            firstSeenAt: aggregate.firstSeenAt,
+            lastSeenAt: aggregate.lastSeenAt,
+            linkedAccountCount: aggregate.linkedProfiles.size,
+            linkedProfiles: Array.from(aggregate.linkedProfiles.values()).sort(
+              (a, b) => {
+                if (b.occurrences !== a.occurrences) {
+                  return b.occurrences - a.occurrences;
+                }
+
+                return (
+                  timestampOrZero(b.lastSeenAt) - timestampOrZero(a.lastSeenAt)
+                );
+              }
+            ),
+          }))
+          .sort((a, b) => {
+            if (b.linkedAccountCount !== a.linkedAccountCount) {
+              return b.linkedAccountCount - a.linkedAccountCount;
+            }
+
+            if (b.occurrences !== a.occurrences) {
+              return b.occurrences - a.occurrences;
+            }
+
+            return timestampOrZero(b.lastSeenAt) - timestampOrZero(a.lastSeenAt);
+          });
+
+        result = {
+          data: {
+            user: investigatedUser,
+            summary: {
+              totalRows: targetRows.length,
+              uniqueHwids: uniqueHwids.length,
+              sharedHwids: hwids.filter((hwid) => hwid.linkedAccountCount > 0)
+                .length,
+              linkedAccounts: accounts.length,
+              firstSeenAt: dateRange.firstSeenAt,
+              lastSeenAt: dateRange.lastSeenAt,
+            },
+            accounts,
+            hwids,
+          },
+          error: null,
+        };
+        break;
     }
 
     // Log the admin action
@@ -366,7 +657,11 @@ export async function handler(
       );
     }
 
-    if (targetUserId !== null && !result?.error) {
+    if (
+      targetUserId !== null &&
+      !result?.error &&
+      !SCORE_CACHE_READ_OPERATIONS.has(operation)
+    ) {
       await invalidateCachePrefix(`userscore:${targetUserId}`);
     }
 

package/api/getProfile.ts

@@ -5,14 +5,26 @@ import { Database } from "../types/database";
 import { protectedApi } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
 import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-import {
-  getActivityStatusForUserId,
-  getScoreActivityCutoffIso,
-} from "../utils/activityStatus";
-
-export const Schema = {
-  input: z.strictObject({
+import { User } from "@supabase/supabase-js";
+import {
+  getActivityStatusForUserId,
+  getScoreActivityCutoffIso,
+} from "../utils/activityStatus";
+
+function getNextUsernameChangeAt(
+  lastChangedAt: string | null | undefined
+): string | null {
+  if (!lastChangedAt) {
+    return null;
+  }
+
+  const nextAllowedAt = new Date(lastChangedAt);
+  nextAllowedAt.setUTCMonth(nextAllowedAt.getUTCMonth() + 6);
+  return nextAllowedAt.toISOString();
+}
+
+export const Schema = {
+  input: z.strictObject({
     session: z.string(),
     id: z.number().nullable().optional(),
   }),
@@ -40,11 +52,19 @@ export const Schema = {
         country_position: z.number().nullable(),
         activity_status: z.enum(["active", "inactive"]),
         is_online: z.boolean(),
+        last_active_timestamp: z.number().nullable(),
+        next_username_change_at: z.string().nullable(),
+        previous_usernames: z.array(
+          z.object({
+            username: z.string(),
+            changed_at: z.string(),
+          })
+        ),
         clans: z
           .object({
             id: z.number(),
-            acronym: z.string(),
-          })
+            acronym: z.string(),
+          })
           .optional()
           .nullable(),
       })
@@ -122,11 +142,17 @@ export async function handler(
 
   const activityStatus = await getActivityStatusForUserId(user.id);
 
-  const { data: activityData } = await supabase
-    .from("profileActivities")
-    .select("*")
-    .eq("uid", user.uid || "")
-    .single();
+  const { data: activityData } = await supabase
+    .from("profileActivities")
+    .select("last_activity")
+    .eq("uid", user.uid || "")
+    .single();
+
+  const { data: usernameHistoryData } = await supabase
+    .from("profileUsernames")
+    .select("username,changed_at")
+    .eq("profile_id", user.id)
+    .order("changed_at", { ascending: false });
 
   //last 30 minutes
   if (activityData && activityData.last_activity) {
@@ -164,23 +190,32 @@ export async function handler(
         : null;
   }
 
-  if (user.verificationDeadline < Date.now()) {
-    await supabase
-      .from("profiles")
-      .upsert({
+  if (user.verificationDeadline < Date.now()) {
+    await supabase
+      .from("profiles")
+      .upsert({
         id: user.id,
         verified: false,
-      })
-      .select();
-  }
-
-  return NextResponse.json({
-    user: {
+      })
+      .select();
+  }
+
+  const previousUsernames = (usernameHistoryData || []).filter((entry) => {
+    return entry.username.toLowerCase() !== (user.username || "").toLowerCase();
+  });
+
+  const latestUsernameChangeAt = usernameHistoryData?.[0]?.changed_at ?? null;
+
+  return NextResponse.json({
+    user: {
       ...user,
       position,
       country_position: countryPosition,
       activity_status: activityStatus,
       is_online: isOnline,
+      last_active_timestamp: activityData?.last_activity ?? null,
+      next_username_change_at: getNextUsernameChangeAt(latestUsernameChangeAt),
+      previous_usernames: previousUsernames,
     },
   });
 }