rhythia-api 241.0.0 → 243.0.0

package/api/getProfile.ts

@@ -1,16 +1,18 @@
-import { geolocation } from "../utils/requestGeo";
-import { NextResponse } from "../utils/response";
-import z from "zod";
-import { Database } from "../types/database";
-import { protectedApi } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-import { getUserBySession } from "../utils/getUserBySession";
+import { geolocation } from "../utils/requestGeo";
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { Database } from "../types/database";
+import { protectedApi } from "../utils/requestUtils";
+import { supabase } from "../utils/supabase";
+import { getUserBySession } from "../utils/getUserBySession";
 import { User } from "@supabase/supabase-js";
 import {
   getActivityStatusForUserId,
   getScoreActivityCutoffIso,
 } from "../utils/activityStatus";
 
+const friendStateSchema = z.enum(["none", "added", "mutual"]);
+
 function getNextUsernameChangeAt(
   lastChangedAt: string | null | undefined
 ): string | null {
@@ -23,28 +25,73 @@ function getNextUsernameChangeAt(
   return nextAllowedAt.toISOString();
 }
 
+async function getViewerProfileId(session: string) {
+  if (!session) {
+    return null;
+  }
+
+  const viewer = await getUserBySession(session);
+
+  if (!viewer) {
+    return null;
+  }
+
+  const { data: viewerProfile } = await supabase
+    .from("profiles")
+    .select("id")
+    .eq("uid", viewer.id)
+    .single();
+
+  return viewerProfile?.id ?? null;
+}
+
+async function getFriendState(viewerProfileId: number | null, profileId: number) {
+  if (viewerProfileId === null || viewerProfileId === profileId) {
+    return "none" as const;
+  }
+
+  const [{ count: addedCount }, { count: mutualCount }] = await Promise.all([
+    supabase
+      .from("profileFriends")
+      .select("*", { count: "exact", head: true })
+      .eq("profile_id", viewerProfileId)
+      .eq("friend_id", profileId),
+    supabase
+      .from("profileFriends")
+      .select("*", { count: "exact", head: true })
+      .eq("profile_id", profileId)
+      .eq("friend_id", viewerProfileId),
+  ]);
+
+  if (!addedCount) {
+    return "none" as const;
+  }
+
+  return mutualCount ? ("mutual" as const) : ("added" as const);
+}
+
 export const Schema = {
   input: z.strictObject({
-    session: z.string(),
-    id: z.number().nullable().optional(),
-  }),
-  output: z.object({
-    error: z.string().optional(),
-    user: z
-      .object({
-        about_me: z.string().nullable(),
-        avatar_url: z.string().nullable(),
-        profile_image: z.string().nullable(),
-        badges: z.any().nullable(),
-        created_at: z.number().nullable(),
-        flag: z.string().nullable(),
-        id: z.number(),
-        uid: z.string().nullable(),
-        ban: z.string().nullable(),
-        username: z.string().nullable(),
-        verified: z.boolean().nullable(),
-        verificationDeadline: z.number().nullable(),
-        play_count: z.number().nullable(),
+    session: z.string(),
+    id: z.number().nullable().optional(),
+  }),
+  output: z.object({
+    error: z.string().optional(),
+    user: z
+      .object({
+        about_me: z.string().nullable(),
+        avatar_url: z.string().nullable(),
+        profile_image: z.string().nullable(),
+        badges: z.any().nullable(),
+        created_at: z.number().nullable(),
+        flag: z.string().nullable(),
+        id: z.number(),
+        uid: z.string().nullable(),
+        ban: z.string().nullable(),
+        username: z.string().nullable(),
+        verified: z.boolean().nullable(),
+        verificationDeadline: z.number().nullable(),
+        play_count: z.number().nullable(),
         skill_points: z.number().nullable(),
         squares_hit: z.number().nullable(),
         total_score: z.number().nullable(),
@@ -53,6 +100,8 @@ export const Schema = {
         activity_status: z.enum(["active", "inactive"]),
         is_online: z.boolean(),
         last_active_timestamp: z.number().nullable(),
+        friend_count: z.number(),
+        friend_state: friendStateSchema,
         can_change_flag: z.boolean(),
         next_username_change_at: z.string().nullable(),
         previous_usernames: z.array(
@@ -66,105 +115,122 @@ export const Schema = {
             id: z.number(),
             acronym: z.string(),
           })
-          .optional()
-          .nullable(),
-      })
-      .optional(),
-  }),
-};
-
-export async function POST(request: Request): Promise<NextResponse> {
-  return protectedApi({
-    request,
-    schema: Schema,
-    authorization: () => {},
-    activity: handler,
-  });
-}
-
-export async function handler(
-  data: (typeof Schema)["input"]["_type"],
-  req: Request
-): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
-  let profiles: Database["public"]["Tables"]["profiles"]["Row"][] = [];
-  let isOnline = false;
-  // Fetch by id
-  if (data.id !== undefined && data.id !== null) {
-    let { data: queryData, error } = await supabase
-      .from("profiles")
-      .select(`*,clans:clan(id,acronym)`)
-      .eq("id", data.id);
-
-    console.log(profiles, error);
-
-    if (!queryData?.length) {
-      return NextResponse.json(
-        {
-          error: "User not found",
-        },
-        { status: 404 }
-      );
-    }
-
-    profiles = queryData;
-  } else {
-    // Fetch by session id
-    const user = (await getUserBySession(data.session)) as User;
-
-    if (user) {
-      let { data: queryData, error } = await supabase
-        .from("profiles")
-        .select("*")
-        .eq("uid", user.id);
-
-      if (!queryData?.length) {
-        const geo = geolocation(req);
-        const data = await supabase.from("profiles").upsert({
-          uid: user.id,
-          about_me: "",
-          avatar_url:
-            "https://rhthia-avatars.s3.eu-central-003.backblazeb2.com/user-avatar-1725309193296-72002e6b-321c-4f60-a692-568e0e75147d",
-          badges: [],
-          username: `user${Math.round(Math.random() * 900000 + 100000)}`,
-          computedUsername: `user${Math.round(Math.random() * 900000 + 100000)}`.toLowerCase(),
-          flag: (geo.country || "US").toUpperCase(),
-          created_at: Date.now(),
-        }).select(`
-          *,clans:clan(id,acronym)`);
-
-        profiles = data.data!;
-      } else {
-        profiles = queryData;
-      }
-    }
-  }
-
-  const user = profiles[0];
-
-  const activityStatus = await getActivityStatusForUserId(user.id);
-
-  const { data: activityData } = await supabase
-    .from("profileActivities")
-    .select("last_activity")
-    .eq("uid", user.uid || "")
-    .single();
+          .optional()
+          .nullable(),
+      })
+      .optional(),
+  }),
+};
 
-  const { data: usernameHistoryData } = await supabase
-    .from("profileUsernames")
-    .select("username,changed_at")
-    .eq("profile_id", user.id)
-    .order("changed_at", { ascending: false });
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: () => {},
+    activity: handler,
+  });
+}
 
-  const { data: flagHistoryData } = await supabase
-    .from("profileFlags")
-    .select("id")
-    .eq("profile_id", user.id)
-    .limit(1);
-
-  //last 30 minutes
-  if (activityData && activityData.last_activity) {
-    isOnline = Date.now() - activityData.last_activity < 1800000;
-  }
+export async function handler(
+  data: (typeof Schema)["input"]["_type"],
+  req: Request
+): Promise<NextResponse<(typeof Schema)["output"]["_type"]>> {
+  let profiles: Database["public"]["Tables"]["profiles"]["Row"][] = [];
+  let isOnline = false;
+  let viewerProfileId =
+    data.id !== undefined && data.id !== null
+      ? await getViewerProfileId(data.session)
+      : null;
+  // Fetch by id
+  if (data.id !== undefined && data.id !== null) {
+    let { data: queryData, error } = await supabase
+      .from("profiles")
+      .select(`*,clans:clan(id,acronym)`)
+      .eq("id", data.id);
+
+    console.log(profiles, error);
+
+    if (!queryData?.length) {
+      return NextResponse.json(
+        {
+          error: "User not found",
+        },
+        { status: 404 }
+      );
+    }
+
+    profiles = queryData;
+  } else {
+    // Fetch by session id
+    const user = (await getUserBySession(data.session)) as User;
+
+    if (user) {
+      let { data: queryData, error } = await supabase
+        .from("profiles")
+        .select("*")
+        .eq("uid", user.id);
+
+      if (!queryData?.length) {
+        const geo = geolocation(req);
+        const data = await supabase.from("profiles").upsert({
+          uid: user.id,
+          about_me: "",
+          avatar_url:
+            "https://rhthia-avatars.s3.eu-central-003.backblazeb2.com/user-avatar-1725309193296-72002e6b-321c-4f60-a692-568e0e75147d",
+          badges: [],
+          username: `user${Math.round(Math.random() * 900000 + 100000)}`,
+          computedUsername: `user${Math.round(Math.random() * 900000 + 100000)}`.toLowerCase(),
+          flag: (geo.country || "US").toUpperCase(),
+          created_at: Date.now(),
+        }).select(`
+          *,clans:clan(id,acronym)`);
+
+        profiles = data.data!;
+      } else {
+        profiles = queryData;
+      }
+
+      viewerProfileId = profiles[0]?.id ?? null;
+    }
+  }
+
+  const user = profiles[0];
+
+  const activityStatus = await getActivityStatusForUserId(user.id);
+
+  const [
+    { data: activityData },
+    { data: usernameHistoryData },
+    { data: flagHistoryData },
+    { count: friendCount },
+    friendState,
+  ] = await Promise.all([
+    supabase
+      .from("profileActivities")
+      .select("last_activity")
+      .eq("uid", user.uid || "")
+      .single(),
+    supabase
+      .from("profileUsernames")
+      .select("username,changed_at")
+      .eq("profile_id", user.id)
+      .order("changed_at", { ascending: false }),
+    supabase
+      .from("profileFlags")
+      .select("id")
+      .eq("profile_id", user.id)
+      .limit(1),
+    supabase
+      .from("profileFriends")
+      .select("*", { count: "exact", head: true })
+      .eq("friend_id", user.id),
+    getFriendState(viewerProfileId, user.id),
+  ]);
+
+  //last 30 minutes
+  if (activityData && activityData.last_activity) {
+    isOnline = Date.now() - activityData.last_activity < 1800000;
+  }
 
   let position: number | null = null;
   let countryPosition: number | null = null;
@@ -196,13 +262,13 @@ export async function handler(
         ? (countryPlayersWithMorePoints || 0) + 1
         : null;
   }
-
+
   if (user.verificationDeadline < Date.now()) {
     await supabase
       .from("profiles")
       .upsert({
-        id: user.id,
-        verified: false,
+        id: user.id,
+        verified: false,
       })
       .select();
   }
@@ -221,6 +287,8 @@ export async function handler(
       activity_status: activityStatus,
       is_online: isOnline,
       last_active_timestamp: activityData?.last_activity ?? null,
+      friend_count: friendCount || 0,
+      friend_state: friendState,
       can_change_flag: !flagHistoryData?.length,
       next_username_change_at: getNextUsernameChangeAt(latestUsernameChangeAt),
       previous_usernames: previousUsernames,

package/api/getScore.ts

@@ -26,6 +26,7 @@ export const Schema = {
         username: z.string().optional().nullable(),
         speed: z.number().optional().nullable(),
         spin: z.boolean().optional().nullable(),
+        replay_url: z.string().optional().nullable(),
       })
       .optional(),
   }),
@@ -80,6 +81,7 @@ export async function handler(
       username: score.profiles?.username,
       speed: score.speed,
       spin: score.spin,
+      replay_url: score.replay_url,
     },
   });
 }

package/api/getVideoUploadUrl.ts

@@ -1,85 +1,90 @@
-import { NextResponse } from "../utils/response";
-import z from "zod";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-
-import {
-  PutBucketCorsCommand,
-  PutObjectCommand,
-  S3Client,
-} from "@aws-sdk/client-s3";
-import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
-import { validateIntrinsicToken } from "../utils/validateToken";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-
-const s3Client = new S3Client({
-  region: "auto",
-  endpoint: "https://s3.eu-central-003.backblazeb2.com",
-  credentials: {
-    secretAccessKey: process.env.SECRET_BUCKET || "",
-    accessKeyId: process.env.ACCESS_BUCKET || "",
-  },
-});
-
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    contentLength: z.number(),
-    contentType: z.string(),
-    intrinsicToken: z.string(),
-  }),
-  output: z.strictObject({
-    error: z.string().optional(),
-    url: z.string().optional(),
-    objectKey: z.string().optional(),
-  }),
-};
-
-export async function POST(request: Request): Promise<NextResponse> {
-  return protectedApi({
-    request,
-    schema: Schema,
-    authorization: validUser,
-    activity: handler,
-  });
-}
-
-export async function handler({
-  session,
-  contentLength,
-  contentType,
-  intrinsicToken,
-}: (typeof Schema)["input"]["_type"]): Promise<
-  NextResponse<(typeof Schema)["output"]["_type"]>
-> {
-  const user = (await getUserBySession(session)) as User;
-
-  if (!validateIntrinsicToken(intrinsicToken)) {
-    return NextResponse.json({
-      error: "Invalid intrinsic token",
-    });
-  }
-
-  if (contentLength > 25000000) {
-    return NextResponse.json({
-      error: "Max content length exceeded.",
-    });
-  }
-
-  const key = `beatmap-video-${Date.now()}-${user.id}`;
-  const command = new PutObjectCommand({
-    Bucket: "rhthia-avatars",
-    Key: key,
-    ContentLength: contentLength,
-    ContentType: contentType,
-  });
-
-  const presigned = await getSignedUrl(s3Client, command, {
-    expiresIn: 3600,
-  });
-  return NextResponse.json({
-    url: presigned,
-    objectKey: key,
-  });
-}
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+
+import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import { validateIntrinsicToken } from "../utils/validateToken";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+const allowedContentTypes = new Set(["video/mp4", "video/webm", "video/ogg"]);
+
+const s3Client = new S3Client({
+  region: "auto",
+  endpoint: "https://s3.eu-central-003.backblazeb2.com",
+  credentials: {
+    secretAccessKey: process.env.SECRET_BUCKET || "",
+    accessKeyId: process.env.ACCESS_BUCKET || "",
+  },
+});
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    contentLength: z.number(),
+    contentType: z.string(),
+    intrinsicToken: z.string(),
+  }),
+  output: z.strictObject({
+    error: z.string().optional(),
+    url: z.string().optional(),
+    objectKey: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler({
+  session,
+  contentLength,
+  contentType,
+  intrinsicToken,
+}: (typeof Schema)["input"]["_type"]): Promise<
+  NextResponse<(typeof Schema)["output"]["_type"]>
+> {
+  const user = (await getUserBySession(session)) as User;
+
+  if (!validateIntrinsicToken(intrinsicToken)) {
+    return NextResponse.json({
+      error: "Invalid intrinsic token",
+    });
+  }
+
+  if (contentLength > 25000000) {
+    return NextResponse.json({
+      error: "Max content length exceeded.",
+    });
+  }
+
+  if (!allowedContentTypes.has(contentType)) {
+    return NextResponse.json({
+      error: "Unacceptable format",
+    });
+  }
+
+  const key = `beatmap-video-${Date.now()}-${user.id}`;
+  const command = new PutObjectCommand({
+    Bucket: "rhthia-avatars",
+    Key: key,
+    ContentLength: contentLength,
+    ContentType: contentType,
+    ContentDisposition: "attachment",
+  });
+
+  const presigned = await getSignedUrl(s3Client, command, {
+    expiresIn: 3600,
+    signableHeaders: new Set(["content-type"]),
+  });
+  return NextResponse.json({
+    url: presigned,
+    objectKey: key,
+  });
+}