rhythia-api 242.0.0 → 243.0.0

package/api/getMapUploadUrl.ts

@@ -1,93 +1,90 @@
-import { NextResponse } from "../utils/response";
-import z from "zod";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-
-import {
-  PutBucketCorsCommand,
-  PutObjectCommand,
-  S3Client,
-} from "@aws-sdk/client-s3";
-import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
-import { validateIntrinsicToken } from "../utils/validateToken";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-
-const s3Client = new S3Client({
-  region: "auto",
-  endpoint: "https://s3.eu-central-003.backblazeb2.com",
-  credentials: {
-    secretAccessKey: process.env.SECRET_BUCKET || "",
-    accessKeyId: process.env.ACCESS_BUCKET || "",
-  },
-});
-
-export const Schema = {
-  input: z.strictObject({
-    mapName: z.string().optional(),
-    session: z.string(),
-    contentLength: z.number(),
-    contentType: z.string(),
-    intrinsicToken: z.string(),
-  }),
-  output: z.strictObject({
-    error: z.string().optional(),
-    url: z.string().optional(),
-    objectKey: z.string().optional(),
-  }),
-};
-
-export async function POST(request: Request): Promise<NextResponse> {
-  return protectedApi({
-    request,
-    schema: Schema,
-    authorization: validUser,
-    activity: handler,
-  });
-}
-
-export async function handler({
-  mapName,
-  session,
-  contentLength,
-  contentType,
-  intrinsicToken,
-}: (typeof Schema)["input"]["_type"]): Promise<
-  NextResponse<(typeof Schema)["output"]["_type"]>
-> {
-  const user = (await getUserBySession(session)) as User;
-
-  if (!validateIntrinsicToken(intrinsicToken)) {
-    return NextResponse.json({
-      error: "Invalid intrinsic token",
-    });
-  }
-
-  if (contentLength > 100000000) {
-    return NextResponse.json({
-      error: "Max content length exceeded.",
-    });
-  }
-
-  if (contentType !== "application/octet-stream") {
-    return NextResponse.json({
-      error: "Unnacceptable format",
-    });
-  }
-
-  const key = `rhythia-${mapName ? mapName : user.id}-${Date.now()}.sspm`;
-  const command = new PutObjectCommand({
-    Bucket: "rhthia-avatars",
-    Key: key,
-    ContentLength: contentLength,
-    ContentType: contentType,
-  });
-
-  const presigned = await getSignedUrl(s3Client, command, {
-    expiresIn: 3600,
-  });
-  return NextResponse.json({
-    url: presigned,
-    objectKey: key,
-  });
-}
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+
+import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import { validateIntrinsicToken } from "../utils/validateToken";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+const s3Client = new S3Client({
+  region: "auto",
+  endpoint: "https://s3.eu-central-003.backblazeb2.com",
+  credentials: {
+    secretAccessKey: process.env.SECRET_BUCKET || "",
+    accessKeyId: process.env.ACCESS_BUCKET || "",
+  },
+});
+
+export const Schema = {
+  input: z.strictObject({
+    mapName: z.string().optional(),
+    session: z.string(),
+    contentLength: z.number(),
+    contentType: z.string(),
+    intrinsicToken: z.string(),
+  }),
+  output: z.strictObject({
+    error: z.string().optional(),
+    url: z.string().optional(),
+    objectKey: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler({
+  mapName,
+  session,
+  contentLength,
+  contentType,
+  intrinsicToken,
+}: (typeof Schema)["input"]["_type"]): Promise<
+  NextResponse<(typeof Schema)["output"]["_type"]>
+> {
+  const user = (await getUserBySession(session)) as User;
+
+  if (!validateIntrinsicToken(intrinsicToken)) {
+    return NextResponse.json({
+      error: "Invalid intrinsic token",
+    });
+  }
+
+  if (contentLength > 100000000) {
+    return NextResponse.json({
+      error: "Max content length exceeded.",
+    });
+  }
+
+  if (contentType !== "application/octet-stream") {
+    return NextResponse.json({
+      error: "Unnacceptable format",
+    });
+  }
+
+  const key = `rhythia-${mapName ? mapName : user.id}-${Date.now()}.sspm`;
+  const command = new PutObjectCommand({
+    Bucket: "rhthia-avatars",
+    Key: key,
+    ContentLength: contentLength,
+    ContentType: contentType,
+    ContentDisposition: "attachment",
+  });
+
+  const presigned = await getSignedUrl(s3Client, command, {
+    expiresIn: 3600,
+    signableHeaders: new Set(["content-type"]),
+  });
+  return NextResponse.json({
+    url: presigned,
+    objectKey: key,
+  });
+}

package/api/getScore.ts

@@ -26,6 +26,7 @@ export const Schema = {
         username: z.string().optional().nullable(),
         speed: z.number().optional().nullable(),
         spin: z.boolean().optional().nullable(),
+        replay_url: z.string().optional().nullable(),
       })
       .optional(),
   }),
@@ -80,6 +81,7 @@ export async function handler(
       username: score.profiles?.username,
       speed: score.speed,
       spin: score.spin,
+      replay_url: score.replay_url,
     },
   });
 }

package/api/getVideoUploadUrl.ts

@@ -1,85 +1,90 @@
-import { NextResponse } from "../utils/response";
-import z from "zod";
-import { protectedApi, validUser } from "../utils/requestUtils";
-import { supabase } from "../utils/supabase";
-
-import {
-  PutBucketCorsCommand,
-  PutObjectCommand,
-  S3Client,
-} from "@aws-sdk/client-s3";
-import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
-import { validateIntrinsicToken } from "../utils/validateToken";
-import { getUserBySession } from "../utils/getUserBySession";
-import { User } from "@supabase/supabase-js";
-
-const s3Client = new S3Client({
-  region: "auto",
-  endpoint: "https://s3.eu-central-003.backblazeb2.com",
-  credentials: {
-    secretAccessKey: process.env.SECRET_BUCKET || "",
-    accessKeyId: process.env.ACCESS_BUCKET || "",
-  },
-});
-
-export const Schema = {
-  input: z.strictObject({
-    session: z.string(),
-    contentLength: z.number(),
-    contentType: z.string(),
-    intrinsicToken: z.string(),
-  }),
-  output: z.strictObject({
-    error: z.string().optional(),
-    url: z.string().optional(),
-    objectKey: z.string().optional(),
-  }),
-};
-
-export async function POST(request: Request): Promise<NextResponse> {
-  return protectedApi({
-    request,
-    schema: Schema,
-    authorization: validUser,
-    activity: handler,
-  });
-}
-
-export async function handler({
-  session,
-  contentLength,
-  contentType,
-  intrinsicToken,
-}: (typeof Schema)["input"]["_type"]): Promise<
-  NextResponse<(typeof Schema)["output"]["_type"]>
-> {
-  const user = (await getUserBySession(session)) as User;
-
-  if (!validateIntrinsicToken(intrinsicToken)) {
-    return NextResponse.json({
-      error: "Invalid intrinsic token",
-    });
-  }
-
-  if (contentLength > 25000000) {
-    return NextResponse.json({
-      error: "Max content length exceeded.",
-    });
-  }
-
-  const key = `beatmap-video-${Date.now()}-${user.id}`;
-  const command = new PutObjectCommand({
-    Bucket: "rhthia-avatars",
-    Key: key,
-    ContentLength: contentLength,
-    ContentType: contentType,
-  });
-
-  const presigned = await getSignedUrl(s3Client, command, {
-    expiresIn: 3600,
-  });
-  return NextResponse.json({
-    url: presigned,
-    objectKey: key,
-  });
-}
+import { NextResponse } from "../utils/response";
+import z from "zod";
+import { protectedApi, validUser } from "../utils/requestUtils";
+
+import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import { validateIntrinsicToken } from "../utils/validateToken";
+import { getUserBySession } from "../utils/getUserBySession";
+import { User } from "@supabase/supabase-js";
+
+const allowedContentTypes = new Set(["video/mp4", "video/webm", "video/ogg"]);
+
+const s3Client = new S3Client({
+  region: "auto",
+  endpoint: "https://s3.eu-central-003.backblazeb2.com",
+  credentials: {
+    secretAccessKey: process.env.SECRET_BUCKET || "",
+    accessKeyId: process.env.ACCESS_BUCKET || "",
+  },
+});
+
+export const Schema = {
+  input: z.strictObject({
+    session: z.string(),
+    contentLength: z.number(),
+    contentType: z.string(),
+    intrinsicToken: z.string(),
+  }),
+  output: z.strictObject({
+    error: z.string().optional(),
+    url: z.string().optional(),
+    objectKey: z.string().optional(),
+  }),
+};
+
+export async function POST(request: Request): Promise<NextResponse> {
+  return protectedApi({
+    request,
+    schema: Schema,
+    authorization: validUser,
+    activity: handler,
+  });
+}
+
+export async function handler({
+  session,
+  contentLength,
+  contentType,
+  intrinsicToken,
+}: (typeof Schema)["input"]["_type"]): Promise<
+  NextResponse<(typeof Schema)["output"]["_type"]>
+> {
+  const user = (await getUserBySession(session)) as User;
+
+  if (!validateIntrinsicToken(intrinsicToken)) {
+    return NextResponse.json({
+      error: "Invalid intrinsic token",
+    });
+  }
+
+  if (contentLength > 25000000) {
+    return NextResponse.json({
+      error: "Max content length exceeded.",
+    });
+  }
+
+  if (!allowedContentTypes.has(contentType)) {
+    return NextResponse.json({
+      error: "Unacceptable format",
+    });
+  }
+
+  const key = `beatmap-video-${Date.now()}-${user.id}`;
+  const command = new PutObjectCommand({
+    Bucket: "rhthia-avatars",
+    Key: key,
+    ContentLength: contentLength,
+    ContentType: contentType,
+    ContentDisposition: "attachment",
+  });
+
+  const presigned = await getSignedUrl(s3Client, command, {
+    expiresIn: 3600,
+    signableHeaders: new Set(["content-type"]),
+  });
+  return NextResponse.json({
+    url: presigned,
+    objectKey: key,
+  });
+}