rhythia-api 240.0.0 → 242.0.0

package/api/editProfile.ts

@@ -1,6 +1,6 @@
-import { NextResponse } from "../utils/response";
-import z from "zod";
-import { Database } from "../types/database";
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { Database } from "../types/database";
 import { protectedApi, validUser } from "../utils/requestUtils";
 import { supabase } from "../utils/supabase";
 import { getUserBySession } from "../utils/getUserBySession";
@@ -58,58 +58,69 @@ export const Schema = {
     next_username_change_at: z.string().nullable().optional(),
   }),
 };
-
-export async function POST(request: Request): Promise<NextResponse> {
-  return protectedApi({
-    request,
-    schema: Schema,
-    authorization: validUser,
-    activity: handler,
-  });
-}
-
-export async function handler(
-  data: (typeof Schema)["input"]["_type"]
-): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
-  if (data.data.username !== undefined) {
-    if (data.data.username.length < 3) {
-      return NextResponse.json(
-        {
-          error: "Username must be at least 3 characters long",
-        },
-        { status: 404 }
-      );
-    }
-
-    if (data.data.username.length > 20) {
-      return NextResponse.json(
-        {
-          error: "Username too long.",
-        },
-        { status: 404 }
-      );
-    }
-
-    if (!/^[a-z0-9]+$/i.test(data.data.username)) {
-      return NextResponse.json(
-        {
-          error: "Username can only contain letters (a-z) and numbers (0-9)",
-        },
-        { status: 404 }
-      );
-    }
-  }
-
-  if (validator.trim(data.data.username || "") !== (data.data.username || "")) {
-    return NextResponse.json(
-      {
-        error: "Username can't start or end with spaces.",
-      },
-      { status: 404 }
-    );
-  }
 
-  data.data.username = removeZeroWidth(data.data.username || "");
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler(
+  data: (typeof Schema)["input"]["_type"]
+): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  if (data.data.username !== undefined) {
+    data.data.username = removeZeroWidth(data.data.username);
+
+    if (validator.trim(data.data.username) !== data.data.username) {
+      return NextResponse.json(
+        {
+          error: "Username can't start or end with spaces.",
+        },
+        { status: 404 }
+      );
+    }
+
+    if (data.data.username.length < 2) {
+      return NextResponse.json(
+        {
+          error: "Username must be at least 2 characters long",
+        },
+        { status: 404 }
+      );
+    }
+
+    if (data.data.username.length > 16) {
+      return NextResponse.json(
+        {
+          error: "Username must be 16 characters or fewer.",
+        },
+        { status: 404 }
+      );
+    }
+
+    if (!/^[A-Za-z0-9._]+$/.test(data.data.username)) {
+      return NextResponse.json(
+        {
+          error:
+            "Username can only contain English letters (a-z), numbers (0-9), and up to one '_' or '.'",
+        },
+        { status: 404 }
+      );
+    }
+
+    const specialCharacters = data.data.username.match(/[._]/g) ?? [];
+    if (specialCharacters.length > 1) {
+      return NextResponse.json(
+        {
+          error: "Username can contain at most one '_' or one '.'",
+        },
+        { status: 404 }
+      );
+    }
+  }
 
   if (data.data.flag !== undefined) {
     const normalizedFlag = validator.trim(data.data.flag).toUpperCase();
@@ -127,38 +138,38 @@ export async function handler(
   }
 
   const user = (await getUserBySession(data.session)) as User;
-
-  let userData: Database["public"]["Tables"]["profiles"]["Update"];
-
-  // Find user's entry
-  {
-    let { data: queryUserData, error } = await supabase
-      .from("profiles")
-      .select("*")
-      .eq("uid", user.id);
-
-    if (!queryUserData?.length) {
-      return NextResponse.json(
-        {
-          error: "User cannot be retrieved from session",
-        },
-        { status: 404 }
-      );
-    }
-    userData = queryUserData[0];
-  }
-
+
+  let userData: Database["public"]["Tables"]["profiles"]["Update"];
+
+  // Find user's entry
+  {
+    let { data: queryUserData, error } = await supabase
+      .from("profiles")
+      .select("*")
+      .eq("uid", user.id);
+
+    if (!queryUserData?.length) {
+      return NextResponse.json(
+        {
+          error: "User cannot be retrieved from session",
+        },
+        { status: 404 }
+      );
+    }
+    userData = queryUserData[0];
+  }
+
   if (
     userData.ban == "excluded" ||
     userData.ban == "restricted" ||
     userData.ban == "silenced"
   ) {
-    return NextResponse.json(
-      {
-        error:
-          "Silenced, restricted or excluded players can't update their profile.",
-      },
-      { status: 404 }
+    return NextResponse.json(
+      {
+        error:
+          "Silenced, restricted or excluded players can't update their profile.",
+      },
+      { status: 404 }
     );
   }
 
@@ -236,13 +247,13 @@ export async function handler(
     id: userData.id,
     computedUsername: data.data.username?.toLowerCase(),
     ...data.data,
-  };
-
-  const upsertResult = await supabase
-    .from("profiles")
-    .upsert(upsertPayload)
-    .select();
-
+  };
+
+  const upsertResult = await supabase
+    .from("profiles")
+    .upsert(upsertPayload)
+    .select();
+
   if (upsertResult.error) {
     if (
       usernameHasChanged &&
@@ -287,10 +298,10 @@ export async function handler(
     return NextResponse.json(
       {
         error: "Can't update, username might be used by someone else!",
-      },
-      { status: 404 }
-    );
-  }
+      },
+      { status: 404 }
+    );
+  }
 
   return NextResponse.json({});
 }

package/api/editProfileFriend.ts

@@ -0,0 +1,122 @@
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+const friendStateSchema = z.enum(["none", "added", "mutual"]);
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    profileId: z.number(),
+    action: z.enum(["add", "remove"]),
+  }),
+  output: z.strictObject({
+    error: z.string().optional(),
+    friend_count: z.number().optional(),
+    friend_state: friendStateSchema.optional(),
+  }),
+};
+
+async function getFriendState(viewerProfileId: number, profileId: number) {
+  const [{ count: addedCount }, { count: mutualCount }] = await Promise.all([
+    supabase
+      .from("profileFriends")
+      .select("*", { count: "exact", head: true })
+      .eq("profile_id", viewerProfileId)
+      .eq("friend_id", profileId),
+    supabase
+      .from("profileFriends")
+      .select("*", { count: "exact", head: true })
+      .eq("profile_id", profileId)
+      .eq("friend_id", viewerProfileId),
+  ]);
+
+  if (!addedCount) {
+    return "none";
+  }
+
+  return mutualCount ? "mutual" : "added";
+}
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler({
+  session,
+  profileId,
+  action,
+}: (typeof Schema)["input"]["_type"]): Promise<
+  NextResponse<(typeof Schema)["output"]["_type"]>
+> {
+  const user = (await getUserBySession(session)) as User;
+
+  const { data: viewerProfile } = await supabase
+    .from("profiles")
+    .select("id")
+    .eq("uid", user.id)
+    .single();
+
+  if (!viewerProfile) {
+    return NextResponse.json({ error: "Can't find user" });
+  }
+
+  if (viewerProfile.id === profileId) {
+    return NextResponse.json({ error: "You can't friend yourself." });
+  }
+
+  const { data: targetProfile } = await supabase
+    .from("profiles")
+    .select("id")
+    .eq("id", profileId)
+    .single();
+
+  if (!targetProfile) {
+    return NextResponse.json({ error: "Player not found." });
+  }
+
+  const relation = {
+    profile_id: viewerProfile.id,
+    friend_id: targetProfile.id,
+  };
+
+  const mutation =
+    action === "add"
+      ? await supabase
+          .from("profileFriends")
+          .upsert(relation, {
+            onConflict: "profile_id,friend_id",
+            ignoreDuplicates: true,
+          })
+      : await supabase
+          .from("profileFriends")
+          .delete()
+          .eq("profile_id", relation.profile_id)
+          .eq("friend_id", relation.friend_id);
+
+  if (mutation.error) {
+    return NextResponse.json({ error: mutation.error.message });
+  }
+
+  const [friendCount, friendState] = await Promise.all([
+    supabase
+      .from("profileFriends")
+      .select("*", { count: "exact", head: true })
+      .eq("friend_id", targetProfile.id)
+      .then((result) => result.count || 0),
+    getFriendState(viewerProfile.id, targetProfile.id),
+  ]);
+
+  return NextResponse.json({
+    friend_count: friendCount,
+    friend_state: friendState,
+  });
+}

package/api/getFriends.ts

@@ -0,0 +1,154 @@
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+const friendUserSchema = z.object({
+  id: z.number(),
+  username: z.string().nullable(),
+  avatar_url: z.string().nullable(),
+  flag: z.string().nullable(),
+  profile_image: z.string().nullable(),
+  is_online: z.boolean(),
+  last_active_timestamp: z.number().nullable(),
+  is_mutual: z.boolean(),
+});
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+  }),
+  output: z.strictObject({
+    error: z.string().optional(),
+    friends: z.array(friendUserSchema),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler({
+  session,
+}: (typeof Schema)["input"]["_type"]): Promise<
+  NextResponse<(typeof Schema)["output"]["_type"]>
+> {
+  const user = (await getUserBySession(session)) as User;
+
+  const { data: viewerProfile } = await supabase
+    .from("profiles")
+    .select("id")
+    .eq("uid", user.id)
+    .single();
+
+  if (!viewerProfile) {
+    return NextResponse.json({ error: "Can't find user", friends: [] });
+  }
+
+  const { data: outgoingRows, error: outgoingError } = await supabase
+    .from("profileFriends")
+    .select("friend_id,created_at")
+    .eq("profile_id", viewerProfile.id)
+    .order("created_at", { ascending: false });
+
+  if (outgoingError) {
+    return NextResponse.json({
+      error: outgoingError.message,
+      friends: [],
+    });
+  }
+
+  const outgoingIds = (outgoingRows || []).map((row) => row.friend_id);
+
+  if (!outgoingIds.length) {
+    return NextResponse.json({ friends: [] });
+  }
+
+  const [{ data: reverseRows, error: reverseError }, { data: profiles, error: profilesError }] =
+    await Promise.all([
+      supabase
+        .from("profileFriends")
+        .select("profile_id")
+        .in("profile_id", outgoingIds)
+        .eq("friend_id", viewerProfile.id),
+      supabase
+        .from("profiles")
+        .select("id,uid,username,avatar_url,flag,profile_image")
+        .in("id", outgoingIds)
+        .neq("ban", "excluded"),
+    ]);
+
+  if (reverseError) {
+    return NextResponse.json({
+      error: reverseError.message,
+      friends: [],
+    });
+  }
+
+  if (profilesError) {
+    return NextResponse.json({
+      error: profilesError.message,
+      friends: [],
+    });
+  }
+
+  const activityUids = (profiles || [])
+    .map((profile) => profile.uid)
+    .filter((uid): uid is string => !!uid);
+
+  const { data: activities, error: activitiesError } = activityUids.length
+    ? await supabase
+        .from("profileActivities")
+        .select("uid,last_activity")
+        .in("uid", activityUids)
+    : { data: [], error: null };
+
+  if (activitiesError) {
+    return NextResponse.json({
+      error: activitiesError.message,
+      friends: [],
+    });
+  }
+
+  const profileMap = new Map((profiles || []).map((profile) => [profile.id, profile]));
+  const mutualIds = new Set((reverseRows || []).map((row) => row.profile_id));
+  const activityMap = new Map(
+    (activities || []).map((activity) => [activity.uid, activity.last_activity])
+  );
+  const addedUsers = outgoingIds
+    .map((friendId) => profileMap.get(friendId))
+    .filter(
+      (
+        profile
+      ): profile is {
+        id: number;
+        uid: string | null;
+        username: string | null;
+        avatar_url: string | null;
+        flag: string | null;
+        profile_image: string | null;
+      } => !!profile
+    );
+
+  return NextResponse.json({
+    friends: addedUsers.map((profile) => ({
+      id: profile.id,
+      username: profile.username,
+      avatar_url: profile.avatar_url,
+      flag: profile.flag,
+      profile_image: profile.profile_image,
+      is_online:
+        typeof activityMap.get(profile.uid || "") === "number" &&
+        Date.now() - (activityMap.get(profile.uid || "") || 0) < 1800000,
+      last_active_timestamp: activityMap.get(profile.uid || "") ?? null,
+      is_mutual: mutualIds.has(profile.id),
+    })),
+  });
+}