feat(api): add endpoints for fetching reaction users and searching messages

- Implemented GET endpoint to fetch users who reacted with a specific emoji on a message.
- Added validation for messageId and emoji parameters.
- Enhanced user data retrieval with display names and avatar URLs.
- Created a search endpoint for Discord messages with support for content and embed searches.
- Included pagination and rate limiting for search results.

feat(api): introduce image proxy and link preview endpoints

- Developed an image proxy API to securely fetch images from untrusted domains.
- Implemented HMAC signing for image URLs to prevent abuse.
- Created a link preview API to fetch Open Graph metadata from URLs.
- Added support for trusted domains and safe image URL generation.

style(pages): create Discord logs page with authentication

- Added a new page for displaying archived Discord channel logs.
- Integrated authentication check to ensure user access.

refactor(utils): enhance API authentication and database connection

- Improved API authentication helper to manage user sessions and token refresh.
- Established a PostgreSQL database connection utility for Discord logs.

src/pages/api/image-proxy.js

@@ -0,0 +1,229 @@
+/**
+ * Server-side image proxy API endpoint
+ * Proxies images from untrusted domains to prevent user IP exposure
+ * Uses HMAC signatures to prevent abuse
+ */
+
+import {
+  checkRateLimit,
+  recordRequest,
+  getCookieId,
+  generateNonce,
+  createNonceCookie,
+} from '../../utils/rateLimit.js';
+
+// Secret key for signing URLs - in production, use an environment variable
+const SIGNING_SECRET = process.env.IMAGE_PROXY_SECRET || 'dev-secret-change-me';
+
+// Max image size to proxy (25MB - needed for animated GIFs)
+const MAX_IMAGE_SIZE = 25 * 1024 * 1024;
+
+// Allowed content types
+const ALLOWED_CONTENT_TYPES = [
+  'image/jpeg',
+  'image/png',
+  'image/gif',
+  'image/webp',
+  'image/svg+xml',
+  'image/bmp',
+  'image/x-icon',
+  'image/vnd.microsoft.icon',
+  'image/avif',
+  'image/apng',
+];
+
+// Image extensions for fallback content-type detection
+const IMAGE_EXTENSIONS = {
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.png': 'image/png',
+  '.gif': 'image/gif',
+  '.webp': 'image/webp',
+  '.svg': 'image/svg+xml',
+  '.bmp': 'image/bmp',
+  '.ico': 'image/x-icon',
+  '.avif': 'image/avif',
+  '.apng': 'image/apng',
+};
+
+/**
+ * Get content type from URL extension
+ */
+function getContentTypeFromUrl(url) {
+  try {
+    const pathname = new URL(url).pathname.toLowerCase();
+    for (const [ext, type] of Object.entries(IMAGE_EXTENSIONS)) {
+      if (pathname.endsWith(ext)) {
+        return type;
+      }
+    }
+  } catch {}
+  return null;
+}
+
+/**
+ * Generate HMAC signature for a URL
+ */
+export async function signImageUrl(imageUrl) {
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    'raw',
+    encoder.encode(SIGNING_SECRET),
+    { name: 'HMAC', hash: 'SHA-256' },
+    false,
+    ['sign']
+  );
+  const signature = await crypto.subtle.sign('HMAC', key, encoder.encode(imageUrl));
+  const signatureHex = Array.from(new Uint8Array(signature))
+    .map(b => b.toString(16).padStart(2, '0'))
+    .join('');
+  return signatureHex;
+}
+
+/**
+ * Verify HMAC signature for a URL
+ */
+async function verifySignature(imageUrl, signature) {
+  const expectedSignature = await signImageUrl(imageUrl);
+  return signature === expectedSignature;
+}
+
+/**
+ * Create a signed proxy URL for an image
+ */
+export async function createSignedProxyUrl(imageUrl) {
+  const signature = await signImageUrl(imageUrl);
+  return `/api/image-proxy?url=${encodeURIComponent(imageUrl)}&sig=${signature}`;
+}
+
+export async function GET({ request }) {
+  // Rate limit check
+  const rateCheck = checkRateLimit(request, {
+    limit: 20,
+    windowMs: 1000,
+    burstLimit: 100,
+    burstWindowMs: 10_000,
+  });
+
+  let cookieId = getCookieId(request);
+  const hadCookie = !!cookieId;
+  if (!cookieId) {
+    cookieId = generateNonce();
+  }
+
+  if (!rateCheck.allowed) {
+    const response = new Response('Rate limit exceeded', {
+      status: 429,
+      headers: { 'Retry-After': '1' },
+    });
+    if (!hadCookie) {
+      response.headers.set('Set-Cookie', createNonceCookie(cookieId));
+    }
+    return response;
+  }
+
+  recordRequest(request, 1000);
+
+  const url = new URL(request.url);
+  const imageUrl = url.searchParams.get('url');
+  const signature = url.searchParams.get('sig');
+
+  if (!imageUrl) {
+    return new Response('Missing url parameter', { status: 400 });
+  }
+
+  if (!signature) {
+    return new Response('Missing signature', { status: 403 });
+  }
+
+  // Verify the signature
+  const isValid = await verifySignature(imageUrl, signature);
+  if (!isValid) {
+    return new Response('Invalid signature', { status: 403 });
+  }
+
+  // Validate URL format
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(imageUrl);
+    if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
+      throw new Error('Invalid protocol');
+    }
+  } catch {
+    return new Response('Invalid URL', { status: 400 });
+  }
+
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 10000);
+
+    const response = await fetch(imageUrl, {
+      method: 'GET',
+      headers: {
+        'User-Agent': 'Mozilla/5.0 (compatible; ImageProxy/1.0)',
+        'Accept': 'image/*',
+      },
+      signal: controller.signal,
+      redirect: 'follow',
+    });
+
+    clearTimeout(timeout);
+
+    if (!response.ok) {
+      return new Response('Failed to fetch image', { status: 502 });
+    }
+
+    let contentType = response.headers.get('content-type') || '';
+    const contentLength = parseInt(response.headers.get('content-length') || '0', 10);
+
+    // Validate content type - must be an image
+    let isAllowedType = ALLOWED_CONTENT_TYPES.some(type => contentType.startsWith(type));
+    
+    // If server returned generic binary type, try to infer from URL extension
+    if (!isAllowedType && (contentType.includes('octet-stream') || contentType === '')) {
+      const inferredType = getContentTypeFromUrl(imageUrl);
+      if (inferredType) {
+        contentType = inferredType;
+        isAllowedType = true;
+      }
+    }
+    
+    if (!isAllowedType) {
+      console.error(`[image-proxy] Invalid content type: ${contentType} for URL: ${imageUrl}`);
+      return new Response(`Invalid content type: ${contentType}`, { status: 400 });
+    }
+
+    // Check size limit
+    if (contentLength > MAX_IMAGE_SIZE) {
+      return new Response('Image too large', { status: 413 });
+    }
+
+    // Stream the image through
+    const imageData = await response.arrayBuffer();
+    
+    // Double-check size after download
+    if (imageData.byteLength > MAX_IMAGE_SIZE) {
+      return new Response('Image too large', { status: 413 });
+    }
+
+    const proxyResponse = new Response(imageData, {
+      status: 200,
+      headers: {
+        'Content-Type': contentType,
+        'Content-Length': imageData.byteLength.toString(),
+        'Cache-Control': 'public, max-age=86400', // Cache for 1 day
+        'X-Content-Type-Options': 'nosniff',
+      },
+    });
+
+    if (!hadCookie) {
+      proxyResponse.headers.set('Set-Cookie', createNonceCookie(cookieId));
+    }
+
+    return proxyResponse;
+
+  } catch (err) {
+    console.error('[image-proxy] Error fetching image:', err.message);
+    return new Response('Failed to fetch image', { status: 500 });
+  }
+}