codey/codey.lol
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: codey:ee33b86fe7777d80a6721ce1b4a0fe9cbf8ef569
Branches Tags
codey:master
...
compare: codey:master
Branches Tags
codey:master

4 Commits
ee33b86fe7 ... master

Author SHA1 Message Date
codey
e18aa3f42c feat(api): implement rate limiting and SSRF protection across endpoints 
- Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse.
- Introduced SSRF protection in `image-proxy` to block requests to private IP ranges.
- Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction.
- Refactored authentication checks in various pages to utilize middleware for cleaner code.
- Improved JWT key loading with error handling and security warnings for production.
- Updated `authFetch` utility to handle token refresh more efficiently with deduplication.
- Enhanced rate limiting utility to trust proxy headers from known sources.
- Numerous layout / design changes
 2025-12-05 14:21:52 -05:00
codey
55e4c5ff0c feat(api): add endpoints for fetching reaction users and searching messages 
- Implemented GET endpoint to fetch users who reacted with a specific emoji on a message.
- Added validation for messageId and emoji parameters.
- Enhanced user data retrieval with display names and avatar URLs.
- Created a search endpoint for Discord messages with support for content and embed searches.
- Included pagination and rate limiting for search results.

feat(api): introduce image proxy and link preview endpoints

- Developed an image proxy API to securely fetch images from untrusted domains.
- Implemented HMAC signing for image URLs to prevent abuse.
- Created a link preview API to fetch Open Graph metadata from URLs.
- Added support for trusted domains and safe image URL generation.

style(pages): create Discord logs page with authentication

- Added a new page for displaying archived Discord channel logs.
- Integrated authentication check to ensure user access.

refactor(utils): enhance API authentication and database connection

- Improved API authentication helper to manage user sessions and token refresh.
- Established a PostgreSQL database connection utility for Discord logs.
 2025-12-03 13:27:37 -05:00
codey
c3f0197115 misc 2025-12-02 10:05:43 -05:00
codey
6660b9ffd0 . 2025-11-28 09:44:46 -05:00
51 changed files with 10798 additions and 580 deletions
Expand all files Collapse all files

BIN
public/images/req.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 859 B

2557
src/assets/styles/DiscordLogs.css Normal file
View File

File diff suppressed because it is too large Load Diff

48
src/assets/styles/MemeGrid.css
View File

@@ -101,3 +101,51 @@
.meme-dialog-nav-next {
right: 0.5rem;
}
/* Skeleton loader for images */
.meme-skeleton {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
background: linear-gradient(
90deg,
rgba(128, 128, 128, 0.1) 0%,
rgba(128, 128, 128, 0.2) 50%,
rgba(128, 128, 128, 0.1) 100%
);
background-size: 200% 100%;
animation: skeleton-shimmer 1.5s ease-in-out infinite;
border-radius: 6px;
}
@keyframes skeleton-shimmer {
0% {
background-position: 200% 0;
}
100% {
background-position: -200% 0;
}
}
.meme-img-loading {
opacity: 0;
}
.meme-img {
transition: opacity 0.3s ease;
}
/* Mobile swipe hint */
@media (max-width: 768px) {
.meme-dialog-nav {
opacity: 0.5;
width: 2rem;
height: 2rem;
}
.meme-dialog-body {
touch-action: pan-y pinch-zoom;
}
}

345
src/assets/styles/global.css
View File

@@ -4,22 +4,23 @@
@theme {
/* Font families */
--font-sans: "Geist Sans", system-ui, sans-serif;
--font-sans: "IBM Plex Sans", "Geist Sans", system-ui, sans-serif;
--font-mono: "Geist Mono", ui-monospace, monospace;
}
::selection {
background-color: #47a3f3;
color: #fefefe;
background-color: #3b82f6;
color: #ffffff;
}
/* Dark theme colors */
[data-theme="dark"] {
background-color: #121212;
background-color: #0a0a0a;
}
html {
min-width: 360px;
scroll-behavior: smooth;
}
.prose {
@@ -200,9 +201,24 @@ Custom
width: 64px;
}
/* Page section - consistent spacing for all page content */
.page-section {
width: 100%;
}
.footer {
display: grid;
align-items: end;
padding: 2.5rem 0 2rem 0;
margin-top: auto;
padding-top: 3rem;
text-align: center;
font-size: 0.95rem;
border-top: 1px solid rgba(0, 0, 0, 0.06);
}
[data-theme="dark"] .footer {
border-top-color: rgba(255, 255, 255, 0.06);
}
.header-text, .footer-text {
@@ -235,8 +251,103 @@ Custom
margin-left: 50%;
}
#exclude-checkboxes {
margin-left: 5.5%;
/* Search button */
.search-btn {
padding: 0.625rem 1.5rem;
background: linear-gradient(135deg, #171717 0%, #262626 100%);
color: white;
border: none;
border-radius: 10px;
font-weight: 600;
font-size: 0.9rem;
cursor: pointer;
transition: all 0.2s ease;
box-shadow: 0 2px 8px rgba(0, 0, 0, 0.15);
}
.search-btn:hover {
transform: translateY(-1px);
box-shadow: 0 4px 12px rgba(0, 0, 0, 0.2);
}
.search-btn:active {
transform: translateY(0);
}
[data-theme="dark"] .search-btn {
background: linear-gradient(135deg, #fafafa 0%, #e5e5e5 100%);
color: #171717;
box-shadow: 0 2px 8px rgba(0, 0, 0, 0.3);
}
[data-theme="dark"] .search-btn:hover {
box-shadow: 0 4px 16px rgba(255, 255, 255, 0.15);
}
/* Exclude sources - toggle chips */
.exclude-sources {
display: flex;
align-items: center;
gap: 0.5rem;
}
.exclude-label {
font-size: 0.75rem;
font-weight: 500;
color: #737373;
margin-right: 0.125rem;
}
[data-theme="dark"] .exclude-label {
color: #525252;
}
.exclude-chip {
display: inline-flex;
align-items: center;
font-size: 0.75rem;
font-weight: 500;
padding: 0.375rem 0.75rem;
border-radius: 9999px;
border: 1px solid rgba(0, 0, 0, 0.2);
background: rgba(0, 0, 0, 0.03);
color: #525252;
cursor: pointer;
transition: all 0.15s ease;
user-select: none;
}
[data-theme="dark"] .exclude-chip {
border-color: rgba(255, 255, 255, 0.25);
background: rgba(255, 255, 255, 0.06);
color: #d4d4d4;
}
.exclude-chip:hover {
border-color: rgba(239, 68, 68, 0.4);
color: #dc2626;
background: rgba(239, 68, 68, 0.05);
}
[data-theme="dark"] .exclude-chip:hover {
border-color: rgba(248, 113, 113, 0.4);
color: #f87171;
background: rgba(248, 113, 113, 0.08);
}
/* Active/excluded state */
.exclude-chip--active {
border-color: rgba(239, 68, 68, 0.5);
background: rgba(239, 68, 68, 0.1);
color: #dc2626;
text-decoration: line-through;
text-decoration-thickness: 1.5px;
}
[data-theme="dark"] .exclude-chip--active {
border-color: rgba(248, 113, 113, 0.5);
background: rgba(248, 113, 113, 0.12);
color: #f87171;
}
#lyric-search-input {
@@ -247,7 +358,7 @@ Custom
.lyric-search-input-wrapper {
position: relative;
width: 100%;
max-width: 900px;
max-width: 640px;
}
.lyric-search-input-wrapper .p-autocomplete {
@@ -255,19 +366,46 @@ Custom
}
.lyric-search-input-wrapper .p-autocomplete-input {
padding-right: 2.5rem;
width: 100%;
padding: 0.875rem 2.75rem 0.875rem 1.125rem;
border-radius: 12px;
border: 1px solid rgba(0, 0, 0, 0.1);
font-size: 1rem;
background: white;
transition: border-color 0.2s ease, box-shadow 0.2s ease;
}
.lyric-search-input-wrapper .p-autocomplete-input:focus {
outline: none;
border-color: #3b82f6;
box-shadow: 0 0 0 4px rgba(59, 130, 246, 0.1);
}
[data-theme="dark"] .lyric-search-input-wrapper .p-autocomplete-input {
background: rgba(255, 255, 255, 0.08);
border-color: rgba(255, 255, 255, 0.15);
color: #f5f5f5;
}
[data-theme="dark"] .lyric-search-input-wrapper .p-autocomplete-input:focus {
border-color: #60a5fa;
box-shadow: 0 0 0 4px rgba(96, 165, 250, 0.15);
}
[data-theme="dark"] .lyric-search-input-wrapper .p-autocomplete-input::placeholder {
color: #a3a3a3;
}
.input-status-icon {
position: absolute;
right: 0.85rem;
top: 0;
bottom: 0;
transform: none;
right: 1rem;
top: 50%;
transform: translateY(-50%);
display: flex;
align-items: center;
justify-content: center;
pointer-events: none;
z-index: 10;
transition: opacity 0.2s ease, color 0.2s ease;
}
@@ -282,10 +420,29 @@ Custom
}
.lyrics-card {
border-radius: 12px;
box-shadow: 0 4px 12px rgba(0,0,0,0.05);
border-radius: 16px;
box-shadow: 0 1px 3px rgba(0,0,0,0.08), 0 8px 24px rgba(0,0,0,0.04);
padding: 1.5rem;
transition: background 0.3s;
transition: background 0.3s, box-shadow 0.3s;
background: white;
border: 1px solid rgba(0, 0, 0, 0.06);
}
[data-theme="dark"] .lyrics-card {
background: rgba(255, 255, 255, 0.04);
border-color: rgba(255, 255, 255, 0.08);
box-shadow: 0 1px 3px rgba(0,0,0,0.2), 0 8px 24px rgba(0,0,0,0.15);
}
.lyrics-card-animate {
opacity: 0;
transform: translateY(12px);
transition: opacity 0.4s ease-out, transform 0.4s ease-out;
}
.lyrics-card-visible {
opacity: 1;
transform: translateY(0);
}
.lyrics-toolbar {
@@ -294,11 +451,18 @@ Custom
justify-content: space-between;
flex-wrap: wrap;
gap: 0.75rem;
margin-bottom: 1rem;
margin-bottom: 1.25rem;
padding-bottom: 1rem;
border-bottom: 1px solid rgba(0, 0, 0, 0.06);
}
[data-theme="dark"] .lyrics-toolbar {
border-bottom-color: rgba(255, 255, 255, 0.08);
}
.lyrics-title {
font-weight: 600;
font-size: 1.1rem;
flex: 1;
text-align: left;
}
@@ -306,22 +470,27 @@ Custom
.lyrics-actions {
display: flex;
align-items: center;
gap: 0.35rem;
gap: 0.5rem;
}
.text-size-buttons {
display: flex;
border: 1px solid rgba(79, 70, 229, 0.25);
border-radius: 999px;
border: 1px solid rgba(0, 0, 0, 0.1);
border-radius: 8px;
overflow: hidden;
background: rgba(79, 70, 229, 0.06);
background: rgba(0, 0, 0, 0.03);
}
[data-theme="dark"] .text-size-buttons {
border-color: rgba(255, 255, 255, 0.1);
background: rgba(255, 255, 255, 0.05);
}
.text-size-btn {
background: transparent;
border: none;
color: inherit;
padding: 0.15rem 0.5rem;
padding: 0.25rem 0.6rem;
font-size: 0.85rem;
cursor: pointer;
transition: background 0.2s, color 0.2s;
@@ -332,13 +501,17 @@ Custom
}
.text-size-btn.active {
background: rgba(79, 70, 229, 0.15);
background: rgba(0, 0, 0, 0.08);
font-weight: 600;
}
[data-theme="dark"] .text-size-btn.active {
background: rgba(255, 255, 255, 0.12);
}
.lyrics-content {
line-height: 2.0;
font-family: 'Inter', sans-serif;
font-family: 'IBM Plex Sans', 'Inter', sans-serif;
font-size: 1rem;
white-space: pre-wrap;
}
@@ -348,6 +521,32 @@ Custom
line-height: 1.85;
}
.lyrics-verse {
padding: 0.5rem 0.75rem;
margin: 0.25rem -0.75rem;
border-radius: 8px;
cursor: pointer;
transition: background-color 0.2s ease, box-shadow 0.2s ease;
}
.lyrics-verse:hover {
background-color: rgba(79, 70, 229, 0.06);
}
.lyrics-verse-highlighted {
background-color: rgba(79, 70, 229, 0.15);
box-shadow: inset 3px 0 0 rgba(79, 70, 229, 0.6);
}
.lyrics-card-dark .lyrics-verse:hover {
background-color: rgba(139, 92, 246, 0.1);
}
.lyrics-card-dark .lyrics-verse-highlighted {
background-color: rgba(139, 92, 246, 0.2);
box-shadow: inset 3px 0 0 rgba(139, 92, 246, 0.7);
}
.lyrics-action-button {
color: inherit;
border: 1px solid transparent;
@@ -367,6 +566,10 @@ Custom
background-color: oklch(from rgba(255, 255, 255, 2.0) calc(l - 0.02) c h);
}
.discord-logs-container {
padding-bottom: 25px;
}
.random-msg {
padding-top: 10px;
max-width: 100%;
@@ -380,10 +583,52 @@ Custom
padding-bottom: 3%;
}
/* PrimeReact AutoComplete Panel - Global Styling */
.p-autocomplete-panel {
background: white;
border: 1px solid rgba(0, 0, 0, 0.1);
border-radius: 12px;
box-shadow: 0 4px 24px rgba(0, 0, 0, 0.12);
overflow: hidden;
z-index: 9999;
}
[data-theme="dark"] .p-autocomplete-panel {
background: #1a1a1a;
border-color: rgba(255, 255, 255, 0.1);
box-shadow: 0 4px 24px rgba(0, 0, 0, 0.4);
}
.p-autocomplete-items {
max-height: 200px !important;
overflow-y: auto !important;
overscroll-behavior: contain;
padding: 0.25rem;
}
.p-autocomplete-item {
padding: 0.625rem 0.875rem;
border-radius: 8px;
margin: 0.125rem 0;
cursor: pointer;
transition: background-color 0.15s ease;
color: #262626;
}
.p-autocomplete-item:hover,
.p-autocomplete-item.p-highlight {
background: rgba(59, 130, 246, 0.1);
color: #1d4ed8;
}
[data-theme="dark"] .p-autocomplete-item {
color: #e5e5e5;
}
[data-theme="dark"] .p-autocomplete-item:hover,
[data-theme="dark"] .p-autocomplete-item.p-highlight {
background: rgba(96, 165, 250, 0.15);
color: #60a5fa;
}
.p-autocomplete-input {
@@ -392,6 +637,7 @@ Custom
border: 1px solid #ccc;
transition: border 0.2s;
}
.p-autocomplete-input:focus {
border-color: #4f46e5;
outline: none;
@@ -506,18 +752,52 @@ Custom
/*
Toastify customizations
*/
.Toastify__toast--error {
background-color: rgba(255, 0, 0, 0.5) !important;
color: inherit !important;
.Toastify__toast {
border-radius: 12px !important;
backdrop-filter: blur(12px) !important;
box-shadow: 0 4px 24px rgba(0, 0, 0, 0.3) !important;
font-family: 'IBM Plex Sans', sans-serif !important;
font-size: 0.9rem !important;
background: rgba(30, 30, 30, 0.95) !important;
color: #e5e5e5 !important;
}
.Toastify__toast--error {
background: rgba(30, 30, 30, 0.95) !important;
border-left: 4px solid #ef4444 !important;
color: #fca5a5 !important;
}
.Toastify__toast--info {
background-color: rgba(217, 242, 255, 0.8) !important;
color: #000 !important;
background: rgba(30, 30, 30, 0.95) !important;
border-left: 4px solid #3b82f6 !important;
color: #93c5fd !important;
}
.Toastify__toast--success {
background-color: rgba(46, 186, 106, 0.8) !important;
color: inherit !important;
background: rgba(30, 30, 30, 0.95) !important;
border-left: 4px solid #22c55e !important;
color: #86efac !important;
}
.Toastify__toast--warning {
background: rgba(30, 30, 30, 0.95) !important;
border-left: 4px solid #f59e0b !important;
color: #fcd34d !important;
}
.Toastify__close-button {
color: #a3a3a3 !important;
opacity: 0.7 !important;
}
.Toastify__close-button:hover {
opacity: 1 !important;
color: #e5e5e5 !important;
}
.Toastify__progress-bar {
background: rgba(255, 255, 255, 0.2) !important;
}
.Toastify__toast--success > .Toastify__toast-icon svg {
@@ -527,3 +807,8 @@ Toastify customizations
.Toastify__toast--success > .Toastify__toast-icon::after {
content: "🦄" !important;
}
/* Light mode - keep dark toasts */
[data-theme="light"] .Toastify__toast {
box-shadow: 0 4px 24px rgba(0, 0, 0, 0.2) !important;
}

34
src/assets/styles/nav.css
View File

@@ -79,22 +79,34 @@ nav {
.nav-user-inline {
display: inline-flex;
align-items: center;
gap: 0.35rem;
padding: 0.3rem 0.85rem;
gap: 0.4rem;
padding: 0.35rem 0.9rem;
border-radius: 999px;
border: 1px solid rgba(148, 163, 184, 0.4);
font-size: 0.82rem;
border: 1px solid rgba(148, 163, 184, 0.3);
font-size: 0.8rem;
font-weight: 500;
color: #1e293b;
background: linear-gradient(120deg, rgba(255, 255, 255, 0.9), rgba(226, 232, 240, 0.85));
box-shadow: 0 12px 30px rgba(15, 23, 42, 0.18), inset 0 1px 0 rgba(255, 255, 255, 0.6);
font-family: 'IBM Plex Sans', sans-serif;
color: #374151;
background: linear-gradient(135deg, rgba(255, 255, 255, 0.95), rgba(241, 245, 249, 0.9));
box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08), inset 0 1px 0 rgba(255, 255, 255, 0.6);
transition: all 0.2s ease;
}
.nav-user-inline:hover {
border-color: rgba(148, 163, 184, 0.5);
box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1), inset 0 1px 0 rgba(255, 255, 255, 0.6);
}
[data-theme="dark"] .nav-user-inline {
color: #f1f5f9;
border-color: rgba(59, 130, 246, 0.25);
background: linear-gradient(120deg, rgba(15, 23, 42, 0.85), rgba(30, 41, 59, 0.7));
box-shadow: 0 14px 35px rgba(0, 0, 0, 0.55), inset 0 1px 0 rgba(255, 255, 255, 0.05);
color: #e2e8f0;
border-color: rgba(71, 85, 105, 0.4);
background: linear-gradient(135deg, rgba(30, 41, 59, 0.9), rgba(15, 23, 42, 0.85));
box-shadow: 0 1px 3px rgba(0, 0, 0, 0.3), inset 0 1px 0 rgba(255, 255, 255, 0.05);
}
[data-theme="dark"] .nav-user-inline:hover {
border-color: rgba(100, 116, 139, 0.5);
box-shadow: 0 2px 8px rgba(0, 0, 0, 0.4), inset 0 1px 0 rgba(255, 255, 255, 0.05);
}
.nav-user-inline__icon {

6
src/components/AppLayout.jsx
View File

@@ -14,6 +14,7 @@ const LoginPage = lazy(() => import('./Login.jsx'));
const LyricSearch = lazy(() => import('./LyricSearch'));
const MediaRequestForm = lazy(() => import('./TRip/MediaRequestForm.jsx'));
const RequestManagement = lazy(() => import('./TRip/RequestManagement.jsx'));
const DiscordLogs = lazy(() => import('./DiscordLogs.jsx'));
// NOTE: Player is intentionally NOT imported at module initialization.
// We create the lazy import inside the component at render-time only when
// we are on the main site and the Player island should be rendered. This
@@ -98,6 +99,11 @@ export default function Root({ child, user = undefined, ...props }) {
</Suspense>
)}
{child == "Memes" && <Memes client:only="react" />}
{child == "DiscordLogs" && (
<Suspense fallback={<div style={{ padding: '2rem', textAlign: 'center' }}>Loading...</div>}>
<DiscordLogs client:only="react" />
</Suspense>
)}
{child == "qs2.MediaRequestForm" && <MediaRequestForm client:only="react" />}
{child == "qs2.RequestManagement" && <RequestManagement client:only="react" />}
{child == "ReqForm" && <ReqForm client:only="react" />}

2
src/components/AudioPlayer.jsx
View File

@@ -749,7 +749,7 @@ export default function Player({ user }) {
<div className="music-time flex justify-between items-center mt-4">
<p className="music-time__current text-sm">{formatTime(elapsedTime)}</p>
<p className="music-time__last text-sm">{formatTime(trackDuration - elapsedTime)}</p>
<p className="music-time__last text-sm">-{formatTime(trackDuration - elapsedTime)}</p>
</div>
<div className="progress-bar-container w-full h-2 rounded bg-neutral-300 dark:bg-neutral-700 overflow-hidden">

87
src/components/BaseHead.astro
View File

@@ -4,6 +4,8 @@ interface Props {
description?: string;
image?: string;
isWhitelabel?: boolean;
whitelabel?: any;
subsite?: any;
}
import { metaData } from "../config";
@@ -12,24 +14,87 @@ import { JoyUIRootIsland } from "./Components"
import { useHtmlThemeAttr } from "../hooks/useHtmlThemeAttr";
import { usePrimeReactThemeSwitcher } from "../hooks/usePrimeReactThemeSwitcher";
const { title, description, image, isWhitelabel } = Astro.props;
const { title, description, image, isWhitelabel, whitelabel, subsite } = Astro.props;
const { url } = Astro;
const trimmedTitle = title?.trim();
const seoTitle = trimmedTitle || metaData.title;
const shareTitle = isWhitelabel ? (trimmedTitle || (metaData.shareTitle ?? metaData.title)) : (trimmedTitle ? `${trimmedTitle} | ${metaData.title}` : (metaData.shareTitle ?? metaData.title));
// If a whitelabel/subsite override exists, prefer its shareTitle/shareDescription/ogImage/favicon
const subsiteMeta = whitelabel ?? {};
const shareTitle = isWhitelabel
? (trimmedTitle || (subsiteMeta.shareTitle ?? metaData.shareTitle ?? metaData.title))
: (trimmedTitle ? `${trimmedTitle} | ${metaData.title}` : (metaData.shareTitle ?? metaData.title));
const seoTitleTemplate = isWhitelabel ? "%s" : (trimmedTitle ? `%s | ${metaData.title}` : "%s");
const shareDescription = isWhitelabel ? "%s" : (description ?? metaData.shareDescription ?? metaData.description);
const canonicalUrl = url?.href ?? metaData.baseUrl;
const shareImage = new URL(image ?? metaData.ogImage, metaData.baseUrl).toString();
const shareImageAlt = metaData.shareImageAlt ?? metaData.shareTitle ?? metaData.title;
const shareDescription = isWhitelabel
? (trimmedTitle || (subsiteMeta.shareDescription ?? metaData.shareDescription ?? metaData.description))
: (description ?? metaData.shareDescription ?? metaData.description);
// Compute canonical URL with these priorities:
// 1. If the whitelabel/subsite provides a baseUrl, use that as the host for the canonical URL
// 2. If a subsite was detected and the request host matches the subsite host, canonical uses that host
// 3. If the request is for a path-based subsite (host is main site), prefer metaData.baseUrl so canonical remains on main site
// 4. Fallback to the request URL or metaData.baseUrl
const currentHost = (Astro.request?.headers?.get('host') || '').split(':')[0];
let canonicalBase: string | null = null;
if (subsiteMeta?.baseUrl) {
canonicalBase = subsiteMeta.baseUrl;
} else if (subsite?.host) {
// normalize hosts for comparison
const requestedHost = (currentHost || '').toLowerCase();
const subsiteHost = String(subsite.host || '').toLowerCase();
if (requestedHost && requestedHost === subsiteHost) {
canonicalBase = `https://${subsite.host}`;
} else {
// keep canonical on the main configured base (path-based subsites should remain under metaData.baseUrl)
canonicalBase = metaData.baseUrl;
}
}
// Decide whether canonical should be the site-root (e.g. https://req.boatson.boats/)
// or include a path. Rules:
// - If canonicalBase comes from a whitelabel/baseUrl or request host matches subsite host -> prefer site-root.
// - Otherwise (path-based subsites), include the pathname/search so canonical remains under the main site path.
const isHostMatchedSubsite = Boolean(subsite?.host && currentHost && currentHost.toLowerCase() === String(subsite.host).toLowerCase());
const isSubsiteRootCanonical = Boolean(subsiteMeta?.baseUrl || isHostMatchedSubsite);
let canonicalUrl: string;
if (canonicalBase) {
if (isSubsiteRootCanonical) {
// ensure canonicalBase ends with a single '/'
canonicalUrl = canonicalBase.endsWith('/') ? canonicalBase : `${canonicalBase}/`;
} else {
canonicalUrl = new URL((url?.pathname ?? '') + (url?.search ?? ''), canonicalBase).toString();
}
} else {
canonicalUrl = url?.href ?? metaData.baseUrl;
}
// Prefer the whitelabel/subsite ogImage when this page is for a whitelabel site.
// Otherwise fall back to an explicit image prop or the global ogImage.
const resolvedOgImage = (isWhitelabel && subsiteMeta.ogImage) ? subsiteMeta.ogImage : (image ?? metaData.ogImage);
// Keep relative/site-root paths as-is (e.g. '/images/req.png') and don't force
// an absolute URL using metaData.baseUrl. Only keep absolute (http/https)
// URLs if the value is already absolute.
function keepRelativeOrAbsolute(val) {
if (!val) return val;
if (/^https?:\/\//i.test(val)) return val; // already absolute
// Normalize to site-root-relative so local testing always resolves under '/'
return val.startsWith('/') ? val : `/${val}`;
}
const shareImage = keepRelativeOrAbsolute(resolvedOgImage);
const shareImageAlt = subsiteMeta.shareImageAlt ?? metaData.shareImageAlt ?? metaData.shareTitle ?? metaData.title;
// Build icon links: prefer subsite icons when present. If a subsite provides a single
// `favicon` but no `icons` array, do NOT append the global icons to avoid duplicates.
const primaryIconHref = keepRelativeOrAbsolute(subsiteMeta.favicon ?? metaData.favicon);
// Ensure extraIcons are used only when subsite doesn't provide a single favicon (prevents duplicates)
const extraIcons = subsiteMeta.icons ? subsiteMeta.icons : (subsiteMeta.favicon ? [] : (metaData.icons ?? []));
---
<SEO
title={seoTitle}
titleTemplate={seoTitleTemplate}
titleDefault={metaData.title}
canonical={canonicalUrl}
description={shareDescription}
charset="UTF-8"
openGraph={{
@@ -41,14 +106,16 @@ const shareImageAlt = metaData.shareImageAlt ?? metaData.shareTitle ?? metaData.
},
optional: {
description: shareDescription,
siteName: metaData.name,
siteName: subsiteMeta.siteName ?? metaData.name,
locale: "en_US",
},
}}
extend={{
extend={{
link: [
{ rel: "icon", href: "https://codey.lol/images/favicon.png" },
{ rel: "canonical", href: canonicalUrl },
// choose subsite favicon if provided, else global config. Allow absolute or relative paths
{ rel: 'icon', href: primaryIconHref },
// additional icon links from config if present
...extraIcons,
],
meta: [
{ property: "og:image:alt", content: shareImageAlt },

3153
src/components/DiscordLogs.jsx Normal file
View File

File diff suppressed because it is too large Load Diff

77
src/components/Lighting.jsx
View File

@@ -1,4 +1,4 @@
import React, { useEffect, useState, useRef, Suspense, lazy } from 'react';
import React, { useEffect, useState, useRef, useCallback } from 'react';
import { API_URL } from '../config.js';
import { authFetch } from '../utils/authFetch.js';
import Wheel from '@uiw/react-color-wheel';
@@ -8,6 +8,8 @@ export default function Lighting() {
const [loading, setLoading] = useState(true);
const [error, setError] = useState('');
const [success, setSuccess] = useState(false);
const [pending, setPending] = useState(false);
const debounceRef = useRef(null);
useEffect(() => {
authFetch(`${API_URL}/lighting/state`)
@@ -26,38 +28,44 @@ export default function Lighting() {
setState({ power: '', red: 0, blue: 0, green: 0, brightness: 100 });
}, []);
const handleColorChange = (color) => {
if (import.meta.env.DEV) console.debug('Handle color change:', color);
const { r, g, b } = color.rgb;
updateLighting({
...state,
red: r,
green: g,
blue: b,
});
};
// Cleanup debounce on unmount
useEffect(() => {
return () => {
if (debounceRef.current) {
clearTimeout(debounceRef.current);
}
};
}, []);
const debounceRef = useRef();
const updateLighting = (newState) => {
// Consolidated debounced update function
const updateLighting = useCallback((newState) => {
setState(newState);
setPending(true);
setError('');
setSuccess(false);
// Clear any pending timeout
if (debounceRef.current) {
clearTimeout(debounceRef.current);
}
// Set new timeout for API call
// Set new timeout for API call (250ms for smoother drag experience)
debounceRef.current = setTimeout(() => {
authFetch(`${API_URL}/lighting/state`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(newState),
})
.then(() => setSuccess(true))
.catch(() => setError('Failed to update lighting state'));
}, 100); // 100ms debounce for 25 req/2s rate limit
};
.then(() => {
setSuccess(true);
setPending(false);
})
.catch(() => {
setError('Failed to update lighting state');
setPending(false);
});
}, 250);
}, []);
const handleSubmit = (e) => {
e.preventDefault();
@@ -82,7 +90,7 @@ export default function Lighting() {
return (
<div className="w-full min-h-[60vh] flex justify-center items-center mt-12">
<div className="w-full min-h-[60vh] flex justify-center items-center mt-12 mb-12">
<form
onSubmit={handleSubmit}
className="max-w-md w-full p-8 rounded-xl shadow bg-white dark:bg-neutral-900 border border-neutral-200 dark:border-neutral-800 flex flex-col items-center justify-center"
@@ -129,11 +137,13 @@ export default function Lighting() {
(v ?? 100) / 100 // value: 0-100 -> 0-1, default to 1 if undefined
);
if (import.meta.env.DEV) console.debug('Converting color:', color.hsva, 'to RGB:', rgb);
// Auto power on when changing color
updateLighting({
...state,
red: rgb.red,
green: rgb.green,
blue: rgb.blue
blue: rgb.blue,
power: state.power === 'off' ? 'on' : state.power
});
}}
width={180}
@@ -151,20 +161,18 @@ export default function Lighting() {
value={state.brightness}
onChange={e => {
const newValue = Number(e.target.value);
const newState = {
// Auto power off at 0, auto power on when > 0
let newPower = state.power;
if (newValue === 0) {
newPower = 'off';
} else if (state.power === 'off' && newValue > 0) {
newPower = 'on';
}
updateLighting({
...state,
brightness: newValue,
power: newValue === 0 ? 'off' : state.power
};
setState(newState);
if (debounceRef.current) {
clearTimeout(debounceRef.current);
}
debounceRef.current = setTimeout(() => {
updateLighting(newState);
}, 100); // 100ms debounce for 25 req/2s rate limit
power: newPower
});
}}
className="w-full max-w-xs accent-yellow-500"
/>
@@ -186,7 +194,8 @@ export default function Lighting() {
</div>
{error && <div className="mb-4 text-red-500 text-center font-bold animate-pulse">{error}</div>}
{success && <div className="mb-4 text-green-600 text-center font-bold animate-bounce">Updated!</div>}
{success && !pending && <div className="mb-4 text-green-600 text-center font-bold">Updated!</div>}
{pending && <div className="mb-4 text-indigo-400 text-center text-sm">Syncing...</div>}
{loading && <div className="mb-4 text-indigo-500 text-center font-bold animate-pulse">Loading...</div>}
</form>
</div>

2
src/components/Login.jsx
View File

@@ -103,7 +103,7 @@ export default function LoginPage({ loggedIn = false }) {
<div className="max-w-md w-full bg-white dark:bg-[#1E1E1E] rounded-2xl shadow-xl px-10 py-8 text-center">
<img className="logo-auth mx-auto mb-4" src="/images/zim.png" alt="Logo" />
<h2 className="text-2xl font-semibold text-gray-900 dark:text-white mb-4">You're already logged in</h2>
<p className="text-sm text-gray-800 dark:text-gray-300 mb-4">You do not have permission to access this resource.
<p className="text-sm text-gray-800 dark:text-gray-300 mb-4">But you do not have permission to access this resource.
</p>
<p className="text-xs italic text-gray-800 dark:text-gray-300 mb-4">
If you feel you have received this message in error, scream at codey.

208
src/components/LyricSearch.jsx
View File

@@ -8,37 +8,41 @@ import React, {
useCallback,
} from "react";
import { toast } from 'react-toastify';
import DOMPurify from 'isomorphic-dompurify';
import Box from '@mui/joy/Box';
import Button from "@mui/joy/Button";
import IconButton from "@mui/joy/IconButton";
import Checkbox from "@mui/joy/Checkbox";
import ContentCopyIcon from '@mui/icons-material/ContentCopy';
import LinkIcon from '@mui/icons-material/Link';
import PlayCircleOutlineIcon from '@mui/icons-material/PlayCircleOutline';
import CheckCircleRoundedIcon from '@mui/icons-material/CheckCircleRounded';
import CloseRoundedIcon from '@mui/icons-material/CloseRounded';
import RemoveRoundedIcon from '@mui/icons-material/RemoveRounded';
import { AutoComplete } from 'primereact/autocomplete/autocomplete.esm.js';
import { API_URL } from '../config';
// Sanitize HTML from external sources to prevent XSS
const sanitizeHtml = (html) => {
if (!html) return '';
return DOMPurify.sanitize(html, {
ALLOWED_TAGS: ['br', 'p', 'b', 'i', 'em', 'strong', 'span', 'div'],
ALLOWED_ATTR: ['class'],
});
};
export default function LyricSearch() {
const [showLyrics, setShowLyrics] = useState(false);
return (
<div className="lyric-search">
<h2 className="title">
<span>Lyric Search</span>
</h2>
<div className="card-text my-4">
<label htmlFor="lyric-search-input">Search:</label>
<LyricSearchInputField
id="lyric-search-input"
placeholder="Artist - Song"
setShowLyrics={setShowLyrics}
/>
<div id="spinner" className="hidden">
<CircularProgress variant="plain" color="primary" size="md" />
</div>
</div>
<h1 className="text-3xl font-bold mb-8 text-neutral-900 dark:text-white tracking-tight">
Lyric Search
</h1>
<LyricSearchInputField
id="lyric-search-input"
placeholder="Artist - Song"
setShowLyrics={setShowLyrics}
/>
</div>
);
}
@@ -53,6 +57,10 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
const [lyricsResult, setLyricsResult] = useState(null);
const [textSize, setTextSize] = useState("normal");
const [inputStatus, setInputStatus] = useState("hint");
const [youtubeVideo, setYoutubeVideo] = useState(null); // { video_id, title, channel, duration }
const [youtubeLoading, setYoutubeLoading] = useState(false);
const [highlightedVerse, setHighlightedVerse] = useState(null);
const [isLyricsVisible, setIsLyricsVisible] = useState(false);
const searchToastRef = useRef(null);
const autoCompleteRef = useRef(null);
const autoCompleteInputRef = useRef(null);
@@ -122,6 +130,39 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
setSuggestions(json);
}, []);
// Fetch YouTube video for the song
const fetchYouTubeVideo = useCallback(async (artist, song) => {
setYoutubeLoading(true);
try {
const res = await fetch(`${API_URL}/yt/search`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ t: `${artist} - ${song}` }),
});
if (!res.ok) {
setYoutubeVideo(null);
setYoutubeLoading(false);
return;
}
const data = await res.json();
if (data?.video_id) {
setYoutubeVideo({
video_id: data.video_id,
title: data.extras?.title || `${artist} - ${song}`,
channel: data.extras?.channel || '',
duration: data.extras?.duration || '',
thumbnail: data.extras?.thumbnails?.[0] || null,
});
} else {
setYoutubeVideo(null);
}
} catch (err) {
console.error('YouTube search failed:', err);
setYoutubeVideo(null);
}
setYoutubeLoading(false);
}, []);
// Toggle exclusion state for checkboxes
const toggleExclusion = (source) => {
const lower = source.toLowerCase();
@@ -194,10 +235,34 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
evaluateSearchValue(value);
}, [value, evaluateSearchValue]);
const handleSearch = async (searchValue = value) => {
if (autoCompleteRef.current) {
autoCompleteRef.current.hide();
// Robustly hide autocomplete panel
const hideAutocompletePanel = useCallback(() => {
// Method 1: Use PrimeReact API
if (autoCompleteRef.current?.hide) {
try {
autoCompleteRef.current.hide();
} catch (e) {
// Ignore
}
}
// Method 2: Clear suggestions to ensure panel hides
setSuggestions([]);
// Method 3: Force hide via DOM after a tick (fallback)
setTimeout(() => {
const panel = document.querySelector('.p-autocomplete-panel');
if (panel) {
panel.style.display = 'none';
panel.style.opacity = '0';
panel.style.visibility = 'hidden';
panel.style.pointerEvents = 'none';
}
}, 10);
}, []);
const handleSearch = async (searchValue = value) => {
hideAutocompletePanel();
autoCompleteInputRef.current?.blur(); // blur early so the suggestion panel closes immediately
const evaluation = evaluateSearchValue(searchValue);
@@ -210,6 +275,7 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
const { artist, song } = evaluation;
setIsLoading(true);
setLyricsResult(null);
setYoutubeVideo(null); // Reset YouTube video
setShowLyrics(false);
const toastId = "lyrics-searching-toast";
@@ -251,12 +317,21 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
const duration = ((Date.now() - startTime) / 1000).toFixed(1);
setTextSize("normal");
setLyricsResult({ artist: data.artist, song: data.song, lyrics: data.lyrics });
setHighlightedVerse(null);
setIsLyricsVisible(false);
// Trigger fade-in animation
requestAnimationFrame(() => {
requestAnimationFrame(() => setIsLyricsVisible(true));
});
setShowLyrics(true);
// Update URL hash with search parameters
const hash = `#${encodeURIComponent(data.artist)}/${encodeURIComponent(data.song)}`;
window.history.pushState(null, '', hash);
// Search for YouTube video (don't block on this)
fetchYouTubeVideo(data.artist, data.song);
dismissSearchToast();
toast.success(`Found! (Took ${duration}s)`, {
autoClose: 2500,
@@ -270,6 +345,7 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
});
} finally {
setIsLoading(false);
hideAutocompletePanel();
autoCompleteInputRef.current?.blur();
searchButtonRef.current?.blur();
searchToastRef.current = null;
@@ -279,6 +355,7 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
const handleKeyDown = (e) => {
if (e.key === "Enter") {
e.preventDefault();
hideAutocompletePanel();
handleSearch();
}
};
@@ -348,8 +425,7 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
onShow={handlePanelShow}
placeholder={placeholder}
autoFocus
style={{ width: '100%', maxWidth: '900px' }}
inputStyle={{ width: '100%' }}
style={{ width: '100%' }}
className={`lyric-search-input ${inputStatus === "error" ? "has-error" : ""} ${inputStatus === "ready" ? "has-ready" : ""}`}
aria-invalid={inputStatus === "error"}
aria-label={`Lyric search input. ${statusTitle}`}
@@ -370,30 +446,31 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
{statusTitle}
</span>
</div>
<Button
onClick={() => handleSearch()}
className="btn"
ref={searchButtonRef}
>
Search
</Button>
<div className="mt-4">
Exclude:<br />
<div id="exclude-checkboxes">
<div className="flex items-center gap-4 mt-5">
<Button
onClick={() => handleSearch()}
className="search-btn"
ref={searchButtonRef}
>
Search
</Button>
<div className="h-6 w-px bg-neutral-300 dark:bg-neutral-700" aria-hidden="true"></div>
<div className="exclude-sources">
<span className="exclude-label">Exclude:</span>
<UICheckbox id="excl-Genius" label="Genius" onToggle={toggleExclusion} />
<UICheckbox id="excl-LRCLib-Cache" label="LRCLib-Cache" onToggle={toggleExclusion} />
<UICheckbox id="excl-LRCLib-Cache" label="LRCLib" onToggle={toggleExclusion} />
<UICheckbox id="excl-Cache" label="Cache" onToggle={toggleExclusion} />
</div>
</div>
{isLoading && (
<div className="mt-3">
<div className="mt-6 flex justify-center">
<CircularProgress variant="plain" color="primary" size="md" />
</div>
)}
{lyricsResult && (
<div className={`lyrics-card lyrics-card-${theme} mt-4 p-4 rounded-md shadow-md`}>
<div className={`lyrics-card lyrics-card-${theme} mt-6 p-5 rounded-xl shadow-lg lyrics-card-animate ${isLyricsVisible ? 'lyrics-card-visible' : ''}`}>
<div className="lyrics-toolbar">
<div className="lyrics-title">
{lyricsResult.artist} - {lyricsResult.song}
@@ -439,10 +516,40 @@ export function LyricSearchInputField({ id, placeholder, setShowLyrics }) {
>
<LinkIcon fontSize="small" />
</IconButton>
{youtubeLoading && (
<IconButton
size="sm"
variant="plain"
color="neutral"
aria-label="Loading YouTube video..."
title="Finding video..."
className="lyrics-action-button"
disabled
sx={{ opacity: 0.3 }}
>
<PlayCircleOutlineIcon fontSize="small" />
</IconButton>
)}
{!youtubeLoading && youtubeVideo && (
<IconButton
size="sm"
variant="plain"
color="neutral"
aria-label="Watch on YouTube"
title={`Watch: ${youtubeVideo.title}`}
className="lyrics-action-button"
component="a"
href={`https://www.youtube.com/watch?v=${youtubeVideo.video_id}`}
target="_blank"
rel="noopener noreferrer"
>
<PlayCircleOutlineIcon fontSize="small" />
</IconButton>
)}
</div>
</div>
<div className={`lyrics-content ${textSize === "large" ? "lyrics-content-large" : ""}`}>
<div dangerouslySetInnerHTML={{ __html: lyricsResult.lyrics }} />
<div dangerouslySetInnerHTML={{ __html: sanitizeHtml(lyricsResult.lyrics) }} />
</div>
</div>
)}
@@ -460,10 +567,11 @@ export const UICheckbox = forwardRef(function UICheckbox(props = {}, ref) {
}));
const verifyExclusions = () => {
const checkboxes = document.querySelectorAll("#exclude-checkboxes input[type=checkbox]");
const checkedCount = [...checkboxes].filter(cb => cb.checked).length;
const checkboxes = document.querySelectorAll(".exclude-chip");
const checkedCount = [...checkboxes].filter(cb => cb.dataset.checked === 'true').length;
if (checkedCount === 3) {
// Reset all by triggering clicks
checkboxes.forEach(cb => cb.click());
if (!toast.isActive("lyrics-exclusion-reset-toast")) {
toast.error("All sources were excluded; exclusions have been reset.",
@@ -473,27 +581,27 @@ export const UICheckbox = forwardRef(function UICheckbox(props = {}, ref) {
}
};
const handleChange = (e) => {
const newChecked = e.target.checked;
const handleClick = () => {
const newChecked = !checked;
setChecked(newChecked);
if (props.onToggle) {
const source = props.label; // Use label as source identifier
const source = props.label;
props.onToggle(source);
}
verifyExclusions();
setTimeout(verifyExclusions, 0);
};
return (
<div>
<Checkbox
id={props.id}
key={props.label}
checked={checked}
label={props.label}
style={{ color: "inherit" }}
onChange={handleChange}
/>
</div>
<button
type="button"
id={props.id}
className={`exclude-chip ${checked ? 'exclude-chip--active' : ''}`}
data-checked={checked}
onClick={handleClick}
aria-pressed={checked}
>
{props.label}
</button>
);
});

57
src/components/Memes.jsx
View File

@@ -17,7 +17,10 @@ const Memes = () => {
const [hasMore, setHasMore] = useState(true);
const [selectedImage, setSelectedImage] = useState(null);
const [selectedIndex, setSelectedIndex] = useState(-1);
const [imageLoading, setImageLoading] = useState({});
const observerRef = useRef();
const touchStartRef = useRef(null);
const touchEndRef = useRef(null);
const theme = document.documentElement.getAttribute("data-theme")
const cacheRef = useRef({ pagesLoaded: new Set(), items: [] });
@@ -158,6 +161,43 @@ const Memes = () => {
setSelectedIndex(-1);
}, []);
// Touch swipe handlers for mobile navigation
const handleTouchStart = useCallback((e) => {
touchStartRef.current = e.touches[0].clientX;
touchEndRef.current = null;
}, []);
const handleTouchMove = useCallback((e) => {
touchEndRef.current = e.touches[0].clientX;
}, []);
const handleTouchEnd = useCallback(() => {
if (!touchStartRef.current || !touchEndRef.current) return;
const distance = touchStartRef.current - touchEndRef.current;
const minSwipeDistance = 50;
if (Math.abs(distance) > minSwipeDistance) {
if (distance > 0) {
// Swiped left -> next
handleNavigate(1);
} else {
// Swiped right -> prev
handleNavigate(-1);
}
}
touchStartRef.current = null;
touchEndRef.current = null;
}, [handleNavigate]);
// Track image loading state
const handleImageLoad = useCallback((id) => {
setImageLoading(prev => ({ ...prev, [id]: false }));
}, []);
const handleImageLoadStart = useCallback((id) => {
setImageLoading(prev => ({ ...prev, [id]: true }));
}, []);
const handleCopyImage = useCallback(async () => {
if (!selectedImage) return;
try {
@@ -181,6 +221,7 @@ const Memes = () => {
<div className="grid-container">
{images.map((img, i) => {
const isLast = i === images.length - 1;
const isLoading = imageLoading[img.id] !== false;
return (
<div
key={img.id}
@@ -191,13 +232,18 @@ const Memes = () => {
setSelectedIndex(i);
prefetchImage(images[i + 1]);
}}
style={{ cursor: 'pointer' }}
style={{ cursor: 'pointer', position: 'relative' }}
>
{isLoading && (
<div className="meme-skeleton" />
)}
<Image
src={img.url}
alt={`meme-${img.id}`}
imageClassName="meme-img"
imageClassName={`meme-img ${isLoading ? 'meme-img-loading' : ''}`}
loading="lazy"
onLoad={() => handleImageLoad(img.id)}
onLoadStart={() => handleImageLoadStart(img.id)}
/>
</div>
);
@@ -239,7 +285,12 @@ const Memes = () => {
dismissableMask={true}
>
{selectedImage && (
<div className="meme-dialog-body">
<div
className="meme-dialog-body"
onTouchStart={handleTouchStart}
onTouchMove={handleTouchMove}
onTouchEnd={handleTouchEnd}
>
<button
type="button"
className="meme-dialog-nav meme-dialog-nav-prev"

43
src/components/TRip/BreadcrumbNav.jsx
View File

@@ -7,26 +7,27 @@ export default function BreadcrumbNav({ currentPage }) {
];
return (
<div>
<nav aria-label="breadcrumb" className="mb-6 flex gap-4 text-sm font-medium text-blue-600 dark:text-blue-400">
{pages.map(({ key, label, href }, i) => {
return (
<React.Fragment key={key}>
<a
href={href}
className={`${currentPage === key
? "!font-bold underline" // active: always underlined + bold
: "hover:underline" // inactive: underline only on hover
}`}
aria-current={currentPage === key ? "page" : undefined}
>
{label}
</a>
{i < pages.length - 1 && <span aria-hidden="true">/</span>}
</React.Fragment>
);
})}
</nav >
</div>
<nav aria-label="breadcrumb" className="mb-8 flex items-center gap-2 text-sm">
{pages.map(({ key, label, href }, i) => {
const isActive = currentPage === key;
return (
<React.Fragment key={key}>
<a
href={href}
className={`px-3 py-1.5 rounded-full transition-colors ${isActive
? "bg-neutral-200 dark:bg-neutral-700 font-semibold text-neutral-900 dark:text-white"
: "text-neutral-500 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white hover:bg-neutral-100 dark:hover:bg-neutral-800"
}`}
aria-current={isActive ? "page" : undefined}
>
{label}
</a>
{i < pages.length - 1 && (
<span className="text-neutral-400 dark:text-neutral-600" aria-hidden="true">/</span>
)}
</React.Fragment>
);
})}
</nav>
);
}

6
src/components/TRip/MediaRequestForm.jsx
View File

@@ -6,6 +6,7 @@ import { AutoComplete } from "primereact/autocomplete";
import { authFetch } from "@/utils/authFetch";
import BreadcrumbNav from "./BreadcrumbNav";
import { API_URL, ENVIRONMENT } from "@/config";
import "./RequestManagement.css";
export default function MediaRequestForm() {
const [type, setType] = useState("artist");
@@ -918,7 +919,7 @@ export default function MediaRequestForm() {
return (
<div className="max-w-3xl mx-auto my-10 p-6 rounded-xl shadow-md bg-white dark:bg-neutral-900 text-neutral-900 dark:text-neutral-100 border border-neutral-200 dark:border-neutral-700">
<div className="trip-request-form mx-auto my-10 p-6 rounded-xl shadow-md bg-white dark:bg-neutral-900 text-neutral-900 dark:text-neutral-100 border border-neutral-200 dark:border-neutral-700">
<style>{`
/* Accordion tab backgrounds & text */
.p-accordion-tab {
@@ -990,7 +991,8 @@ export default function MediaRequestForm() {
}
`}</style>
<BreadcrumbNav currentPage="request" />
<h2 className="text-3xl font-semibold mt-0">New Request</h2>
<h2 className="text-2xl sm:text-3xl font-bold tracking-tight mb-2">New Request</h2>
<p className="text-neutral-500 dark:text-neutral-400 text-sm mb-6">Search for an artist to browse and select tracks for download.</p>
<div className="flex flex-col gap-6">
<div className="flex flex-col gap-4">
<label htmlFor="artistInput">Artist: </label>

413
src/components/TRip/RequestManagement.css
View File

@@ -1,81 +1,442 @@
/* Table and Dark Overrides */
.p-datatable {
table-layout: fixed !important;
.trip-management-container {
width: 100%;
}
.p-datatable td span.truncate {
.trip-management-container .table-wrapper {
width: 100%;
}
.trip-management-container .p-datatable {
width: 100% !important;
display: block !important;
}
.trip-management-container .p-datatable-wrapper {
width: 100% !important;
overflow-x: auto;
}
.trip-management-container .p-datatable-table {
width: 100% !important;
table-layout: fixed !important;
min-width: 100% !important;
}
/* Force header and body rows to fill width */
.trip-management-container .p-datatable-thead,
.trip-management-container .p-datatable-tbody {
width: 100% !important;
}
.trip-management-container .p-datatable-thead > tr,
.trip-management-container .p-datatable-tbody > tr {
width: 100% !important;
}
/* Column widths - distribute across table */
.trip-management-container .p-datatable-thead > tr > th,
.trip-management-container .p-datatable-tbody > tr > td {
/* Default: auto distribute */
}
/* ID column - narrow */
.trip-management-container .p-datatable-thead > tr > th:nth-child(1),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(1) {
width: 10% !important;
}
/* Target column - widest */
.trip-management-container .p-datatable-thead > tr > th:nth-child(2),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(2) {
width: 22% !important;
}
/* Tracks column */
.trip-management-container .p-datatable-thead > tr > th:nth-child(3),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(3) {
width: 10% !important;
}
/* Status column */
.trip-management-container .p-datatable-thead > tr > th:nth-child(4),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(4) {
width: 12% !important;
text-align: center;
}
/* Progress column */
.trip-management-container .p-datatable-thead > tr > th:nth-child(5),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(5) {
width: 16% !important;
text-align: center;
}
/* Quality column */
.trip-management-container .p-datatable-thead > tr > th:nth-child(6),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(6) {
width: 10% !important;
text-align: center;
}
/* Tarball column - fills remaining */
.trip-management-container .p-datatable-thead > tr > th:nth-child(7),
.trip-management-container .p-datatable-tbody > tr > td:nth-child(7) {
width: 20% !important;
}
.trip-management-container .p-datatable td span.truncate {
display: block;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
/* Row hover cursor - indicate clickable */
.trip-management-container .p-datatable-tbody > tr {
cursor: pointer;
transition: background-color 0.15s ease;
}
/* Center-align headers for centered columns */
.trip-management-container .p-datatable-thead > tr > th:nth-child(4),
.trip-management-container .p-datatable-thead > tr > th:nth-child(5),
.trip-management-container .p-datatable-thead > tr > th:nth-child(6) {
text-align: center !important;
}
/* Skeleton loading styles */
.table-skeleton {
width: 100%;
border-radius: 0.5rem;
overflow: hidden;
}
.skeleton-row {
display: flex;
padding: 1rem 0.75rem;
border-bottom: 1px solid rgba(128, 128, 128, 0.2);
}
.skeleton-row:last-child {
border-bottom: none;
}
.skeleton-cell {
padding: 0 0.5rem;
}
.skeleton-bar {
height: 1rem;
background: linear-gradient(90deg, #2a2a2a 25%, #3a3a3a 50%, #2a2a2a 75%);
background-size: 200% 100%;
animation: shimmer 1.5s infinite;
border-radius: 0.25rem;
width: 80%;
}
@keyframes shimmer {
0% { background-position: 200% 0; }
100% { background-position: -200% 0; }
}
/* Light mode skeleton */
[data-theme="light"] .skeleton-bar {
background: linear-gradient(90deg, #e5e5e5 25%, #f0f0f0 50%, #e5e5e5 75%);
background-size: 200% 100%;
}
/* Empty state styles */
.empty-state {
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
padding: 3rem 1rem;
text-align: center;
}
.empty-state-icon {
font-size: 3rem;
color: #6b7280;
margin-bottom: 1rem;
}
.empty-state-text {
font-size: 1.125rem;
font-weight: 600;
color: #9ca3af;
margin-bottom: 0.25rem;
}
.empty-state-subtext {
font-size: 0.875rem;
color: #6b7280;
}
/* Dark Mode for Table */
[data-theme="dark"] .p-datatable {
background-color: #121212 !important;
[data-theme="dark"] .trip-management-container .p-datatable {
color: #e5e7eb !important;
}
[data-theme="dark"] .p-datatable-thead > tr > th {
[data-theme="dark"] .trip-management-container .p-datatable-thead > tr > th {
background-color: #1f1f1f !important;
color: #e5e7eb !important;
border-bottom: 1px solid #374151;
}
[data-theme="dark"] .p-datatable-tbody > tr {
[data-theme="dark"] .trip-management-container .p-datatable-tbody > tr {
background-color: #1a1a1a !important;
border-bottom: 1px solid #374151;
color: #e5e7eb !important;
}
[data-theme="dark"] .p-datatable-tbody > tr:nth-child(odd) {
[data-theme="dark"] .trip-management-container .p-datatable-tbody > tr:nth-child(odd) {
background-color: #222 !important;
}
[data-theme="dark"] .p-datatable-tbody > tr:hover {
[data-theme="dark"] .trip-management-container .p-datatable-tbody > tr:hover {
background-color: #333 !important;
color: #fff !important;
}
/* Paginator Dark Mode */
[data-theme="dark"] .p-paginator {
[data-theme="dark"] .trip-management-container .p-paginator {
background-color: #121212 !important;
color: #e5e7eb !important;
border-top: 1px solid #374151 !important;
}
[data-theme="dark"] .p-paginator .p-paginator-page,
[data-theme="dark"] .p-paginator .p-paginator-next,
[data-theme="dark"] .p-paginator .p-paginator-prev,
[data-theme="dark"] .p-paginator .p-paginator-first,
[data-theme="dark"] .p-paginator .p-paginator-last {
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-page,
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-next,
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-prev,
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-first,
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-last {
color: #e5e7eb !important;
background: transparent !important;
border: none !important;
}
[data-theme="dark"] .p-paginator .p-paginator-page:hover,
[data-theme="dark"] .p-paginator .p-paginator-next:hover,
[data-theme="dark"] .p-paginator .p-paginator-prev:hover {
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-page:hover,
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-next:hover,
[data-theme="dark"] .trip-management-container .p-paginator .p-paginator-prev:hover {
background-color: #374151 !important;
color: #fff !important;
border-radius: 0.25rem;
}
[data-theme="dark"] .p-paginator .p-highlight {
[data-theme="dark"] .trip-management-container .p-paginator .p-highlight {
background-color: #6b7280 !important;
color: #fff !important;
border-radius: 0.25rem !important;
}
/* Dark Mode for PrimeReact Dialog */
[data-theme="dark"] .p-dialog {
/* Dark Mode for PrimeReact Dialog - rendered via portal so needs global selector */
[data-theme="dark"] .p-dialog.dark\:bg-neutral-900 {
background-color: #1a1a1a !important;
color: #e5e7eb !important;
border-color: #374151 !important;
}
[data-theme="dark"] .p-dialog .p-dialog-header {
background-color: #121212 !important;
[data-theme="dark"] .p-dialog.dark\:bg-neutral-900 .p-dialog-header {
background-color: #171717 !important;
color: #e5e7eb !important;
border-bottom: 1px solid #374151 !important;
}
[data-theme="dark"] .p-dialog .p-dialog-content {
[data-theme="dark"] .p-dialog.dark\:bg-neutral-900 .p-dialog-header .p-dialog-header-icon {
color: #e5e7eb !important;
}
[data-theme="dark"] .p-dialog.dark\:bg-neutral-900 .p-dialog-header .p-dialog-header-icon:hover {
background-color: #374151 !important;
color: #fff !important;
}
[data-theme="dark"] .p-dialog.dark\:bg-neutral-900 .p-dialog-content {
background-color: #1a1a1a !important;
color: #e5e7eb !important;
}
[data-theme="dark"] .p-dialog .p-dialog-footer {
background-color: #121212 !important;
[data-theme="dark"] .p-dialog.dark\:bg-neutral-900 .p-dialog-footer {
background-color: #171717 !important;
border-top: 1px solid #374151 !important;
}
/* Progress Bar Styles */
.progress-bar-container {
display: flex;
align-items: center;
gap: 0.5rem;
width: 100%;
}
.progress-bar-track {
flex: 1;
height: 6px;
background-color: rgba(128, 128, 128, 0.2);
border-radius: 999px;
overflow: hidden;
}
.progress-bar-track-lg {
height: 10px;
}
.progress-bar-fill {
height: 100%;
border-radius: 999px;
transition: width 0.3s ease;
}
.progress-bar-text {
font-size: 0.75rem;
font-weight: 600;
min-width: 2.5rem;
text-align: right;
}
/* Container Styles */
.trip-management-container {
width: 100%;
}
.trip-management-container .overflow-x-auto {
overflow-x: auto;
max-width: 100%;
}
.trip-request-form {
width: 100%;
}
@media (max-width: 768px) {
.trip-management-container {
padding: 1rem;
margin: 1rem 0;
}
.trip-management-container h2 {
font-size: 1.5rem;
}
/* Stack filters on mobile */
.trip-management-container .flex-wrap {
flex-direction: column;
gap: 0.75rem;
}
/* Make table horizontally scrollable */
.trip-management-container .overflow-x-auto {
margin: 0 -1rem;
padding: 0 1rem;
}
/* Reduce column widths on mobile */
.p-datatable-thead > tr > th,
.p-datatable-tbody > tr > td {
padding: 0.5rem 0.25rem !important;
font-size: 0.8rem !important;
}
/* Hide less important columns on small screens */
.p-datatable .hide-mobile {
display: none !important;
}
}
@media (max-width: 480px) {
.trip-management-container {
padding: 0.75rem;
border-radius: 0.5rem;
}
.progress-bar-container {
flex-direction: column;
align-items: flex-start;
gap: 0.25rem;
}
.progress-bar-track {
width: 100%;
}
.progress-bar-text {
text-align: left;
}
}
/* ===== MediaRequestForm Mobile Styles ===== */
/* Form container responsive */
.trip-request-form {
width: 100%;
max-width: 48rem;
margin: 2.5rem auto;
padding: 1.5rem;
}
@media (max-width: 768px) {
.trip-request-form {
margin: 1rem auto;
padding: 1rem;
border-radius: 0.75rem;
}
.trip-request-form h2 {
font-size: 1.5rem;
}
/* Quality buttons stack on mobile */
.trip-quality-buttons {
flex-direction: column;
gap: 0.5rem;
}
.trip-quality-buttons button {
width: 100%;
}
/* Accordion improvements for mobile */
.p-accordion-header .p-accordion-header-link {
padding: 0.75rem !important;
font-size: 0.9rem !important;
}
.p-accordion-content {
padding: 0.5rem !important;
}
/* Track list items more compact on mobile */
.p-accordion-content li {
padding: 0.5rem !important;
font-size: 0.85rem !important;
}
/* Album header info stacks */
.album-header-info {
flex-direction: column;
align-items: flex-start !important;
gap: 0.25rem;
}
/* Audio player controls smaller on mobile */
.track-audio-controls button {
padding: 0.25rem 0.5rem !important;
}
}
@media (max-width: 480px) {
.trip-request-form {
margin: 0.5rem;
padding: 0.75rem;
}
.trip-request-form h2 {
font-size: 1.25rem;
}
/* Input fields full width */
.p-autocomplete,
.p-autocomplete-input {
width: 100% !important;
}
/* Smaller text in track listings */
.p-accordion-content li span {
font-size: 0.75rem !important;
}
/* Submit button full width */
.trip-submit-button {
width: 100%;
}
}

286
src/components/TRip/RequestManagement.jsx
View File

@@ -9,6 +9,7 @@ import { authFetch } from "@/utils/authFetch";
import { confirmDialog, ConfirmDialog } from "primereact/confirmdialog";
import BreadcrumbNav from "./BreadcrumbNav";
import { API_URL } from "@/config";
import "./RequestManagement.css";
const STATUS_OPTIONS = ["Queued", "Started", "Compressing", "Finished", "Failed"];
const TAR_BASE_URL = "https://codey.lol/m/m2"; // configurable prefix
@@ -20,6 +21,7 @@ export default function RequestManagement() {
const [filteredRequests, setFilteredRequests] = useState([]);
const [selectedRequest, setSelectedRequest] = useState(null);
const [isDialogVisible, setIsDialogVisible] = useState(false);
const [isLoading, setIsLoading] = useState(true);
const pollingRef = useRef(null);
const pollingDetailRef = useRef(null);
@@ -30,8 +32,9 @@ export default function RequestManagement() {
return `${TAR_BASE_URL}/${quality}/${filename}`;
};
const fetchJobs = async () => {
const fetchJobs = async (showLoading = true) => {
try {
if (showLoading) setIsLoading(true);
const res = await authFetch(`${API_URL}/trip/jobs/list`);
if (!res.ok) throw new Error("Failed to fetch jobs");
const data = await res.json();
@@ -43,6 +46,8 @@ export default function RequestManagement() {
toastId: 'fetch-fail-toast',
});
}
} finally {
setIsLoading(false);
}
};
@@ -123,13 +128,13 @@ export default function RequestManagement() {
const statusBodyTemplate = (rowData) => (
<span className={`inline-block px-3 py-1 rounded-full font-semibold text-sm ${getStatusColorClass(rowData.status)}`}>
<span className={`inline-flex items-center justify-center min-w-[90px] px-3 py-1 rounded-full font-semibold text-xs ${getStatusColorClass(rowData.status)}`}>
{rowData.status}
</span>
);
const qualityBodyTemplate = (rowData) => (
<span className={`inline-block px-3 py-1 rounded-full font-semibold text-sm ${getQualityColorClass(rowData.quality)}`}>
<span className={`inline-flex items-center justify-center min-w-[50px] px-3 py-1 rounded-full font-semibold text-xs ${getQualityColorClass(rowData.quality)}`}>
{rowData.quality}
</span>
);
@@ -158,6 +163,34 @@ export default function RequestManagement() {
return `${pct}%`;
};
const progressBarTemplate = (rowData) => {
const p = rowData.progress;
if (p === null || p === undefined || p === "") return "—";
const num = Number(p);
if (Number.isNaN(num)) return "—";
const pct = Math.min(100, Math.max(0, num > 1 ? Math.round(num) : num * 100));
const getProgressColor = () => {
if (rowData.status === "Failed") return "bg-red-500";
if (rowData.status === "Finished") return "bg-green-500";
if (pct < 30) return "bg-blue-400";
if (pct < 70) return "bg-blue-500";
return "bg-blue-600";
};
return (
<div className="progress-bar-container">
<div className="progress-bar-track">
<div
className={`progress-bar-fill ${getProgressColor()}`}
style={{ width: `${pct}%` }}
/>
</div>
<span className="progress-bar-text">{pct}%</span>
</div>
);
};
const confirmDelete = (requestId) => {
confirmDialog({
message: "Are you sure you want to delete this request?",
@@ -195,100 +228,15 @@ export default function RequestManagement() {
return (
<div className="w-max my-10 p-6 rounded-xl shadow-md
<div className="trip-management-container my-10 p-4 sm:p-6 rounded-xl shadow-md
bg-white dark:bg-neutral-900
text-neutral-900 dark:text-neutral-100
border border-neutral-200 dark:border-neutral-700
sm:p-4 md:p-6">
<style>{`
/* Table and Dark Overrides */
.p-datatable {
table-layout: fixed !important;
}
.p-datatable td span.truncate {
display: block;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
[data-theme="dark"] .p-datatable {
background-color: #121212 !important;
color: #e5e7eb !important;
}
[data-theme="dark"] .p-datatable-thead > tr > th {
background-color: #1f1f1f !important;
color: #e5e7eb !important;
border-bottom: 1px solid #374151;
}
[data-theme="dark"] .p-datatable-tbody > tr {
background-color: #1a1a1a !important;
border-bottom: 1px solid #374151;
color: #e5e7eb !important;
}
[data-theme="dark"] .p-datatable-tbody > tr:nth-child(odd) {
background-color: #222 !important;
}
[data-theme="dark"] .p-datatable-tbody > tr:hover {
background-color: #333 !important;
color: #fff !important;
}
/* Paginator Dark Mode */
[data-theme="dark"] .p-paginator {
background-color: #121212 !important;
color: #e5e7eb !important;
border-top: 1px solid #374151 !important;
}
[data-theme="dark"] .p-paginator .p-paginator-page,
[data-theme="dark"] .p-paginator .p-paginator-next,
[data-theme="dark"] .p-paginator .p-paginator-prev,
[data-theme="dark"] .p-paginator .p-paginator-first,
[data-theme="dark"] .p-paginator .p-paginator-last {
color: #e5e7eb !important;
background: transparent !important;
border: none !important;
}
[data-theme="dark"] .p-paginator .p-paginator-page:hover,
[data-theme="dark"] .p-paginator .p-paginator-next:hover,
[data-theme="dark"] .p-paginator .p-paginator-prev:hover {
background-color: #374151 !important;
color: #fff !important;
border-radius: 0.25rem;
}
[data-theme="dark"] .p-paginator .p-highlight {
background-color: #6b7280 !important;
color: #fff !important;
border-radius: 0.25rem !important;
}
/* Dark mode for PrimeReact Dialog */
[data-theme="dark"] .p-dialog {
background-color: #1a1a1a !important;
color: #e5e7eb !important;
border-color: #374151 !important;
}
[data-theme="dark"] .p-dialog .p-dialog-header {
background-color: #121212 !important;
color: #e5e7eb !important;
border-bottom: 1px solid #374151 !important;
}
[data-theme="dark"] .p-dialog .p-dialog-content {
background-color: #1a1a1a !important;
color: #e5e7eb !important;
}
[data-theme="dark"] .p-dialog .p-dialog-footer {
background-color: #121212 !important;
border-top: 1px solid #374151 !important;
color: #e5e7eb !important;
}
`}</style>
border border-neutral-200 dark:border-neutral-700">
<BreadcrumbNav currentPage="management" />
<h2 className="text-3xl font-semibold mt-0">Media Request Management</h2>
<h2 className="text-2xl sm:text-3xl font-bold tracking-tight mb-6">Manage Requests</h2>
<div className="flex flex-wrap gap-6 mb-6">
<div className="flex flex-wrap items-center gap-4 mb-6">
<Dropdown
value={filterStatus}
options={[{ label: "All Statuses", value: "all" }, ...STATUS_OPTIONS.map((s) => ({ label: s, value: s }))]}
@@ -298,68 +246,91 @@ export default function RequestManagement() {
/>
</div>
<div className="w-max overflow-x-auto rounded-lg">
<DataTable
value={filteredRequests}
paginator
rows={10}
removableSort
sortMode="multiple"
emptyMessage="No requests found."
onRowClick={handleRowClick}
>
<Column
field="id"
header="ID"
style={{ width: "6rem" }}
body={(row) => (
<span title={row.id}>
{row.id.split("-").slice(-1)[0]}
</span>
)}
/>
<Column field="target" header="Target" sortable style={{ width: "12rem" }} body={(row) => textWithEllipsis(row.target, "10rem")} />
<Column field="tracks" header="# Tracks" style={{ width: "8rem" }} body={(row) => row.tracks} />
<Column field="status" header="Status" body={statusBodyTemplate} style={{ width: "10rem", textAlign: "center" }} sortable />
<Column field="progress" header="Progress" body={(row) => formatProgress(row.progress)} style={{ width: "8rem", textAlign: "center" }} sortable />
<Column
field="quality"
header="Quality"
body={qualityBodyTemplate}
style={{ width: "6rem", textAlign: "center" }}
sortable />
<Column
field="tarball"
header={
<span className="flex items-center">
<i className="pi pi-download mr-1" /> {/* download icon in header */}
Tarball
</span>
{isLoading ? (
<div className="table-skeleton">
{[...Array(5)].map((_, i) => (
<div key={i} className="skeleton-row">
<div className="skeleton-cell w-[10%]"><div className="skeleton-bar" /></div>
<div className="skeleton-cell w-[22%]"><div className="skeleton-bar" /></div>
<div className="skeleton-cell w-[10%]"><div className="skeleton-bar" /></div>
<div className="skeleton-cell w-[12%]"><div className="skeleton-bar" /></div>
<div className="skeleton-cell w-[16%]"><div className="skeleton-bar" /></div>
<div className="skeleton-cell w-[10%]"><div className="skeleton-bar" /></div>
<div className="skeleton-cell w-[20%]"><div className="skeleton-bar" /></div>
</div>
))}
</div>
) : (
<div className="table-wrapper w-full">
<DataTable
value={filteredRequests}
paginator
rows={10}
removableSort
sortMode="multiple"
emptyMessage={
<div className="empty-state">
<i className="pi pi-inbox empty-state-icon" />
<p className="empty-state-text">No requests found</p>
<p className="empty-state-subtext">Requests you submit will appear here</p>
</div>
}
body={(row) => {
const url = tarballUrl(row.tarball, row.quality || "FLAC");
const encodedURL = encodeURI(url);
if (!url) return "—";
onRowClick={handleRowClick}
resizableColumns={false}
className="w-full"
style={{ width: '100%' }}
>
const fileName = url.split("/").pop();
<Column
field="id"
header="ID"
body={(row) => (
<span title={row.id}>
{row.id.split("-").slice(-1)[0]}
</span>
)}
/>
<Column field="target" header="Target" sortable body={(row) => textWithEllipsis(row.target, "100%")} />
<Column field="tracks" header="# Tracks" body={(row) => row.tracks} />
<Column field="status" header="Status" body={statusBodyTemplate} style={{ textAlign: "center" }} sortable />
<Column field="progress" header="Progress" body={progressBarTemplate} style={{ textAlign: "center" }} sortable />
<Column
field="quality"
header="Quality"
body={qualityBodyTemplate}
style={{ textAlign: "center" }}
sortable />
<Column
field="tarball"
header={
<span className="flex items-center">
<i className="pi pi-download mr-1" />
Tarball
</span>
}
body={(row) => {
const url = tarballUrl(row.tarball, row.quality || "FLAC");
const encodedURL = encodeURI(url);
if (!url) return "—";
return (
<a
href={encodedURL}
target="_blank"
rel="noopener noreferrer"
className="truncate text-blue-500 hover:underline"
title={fileName}
>
{truncate(fileName, 16)}
</a>
);
}}
style={{ width: "10rem" }}
/>
</DataTable>
</div>
const fileName = url.split("/").pop();
return (
<a
href={encodedURL}
target="_blank"
rel="noopener noreferrer"
className="truncate text-blue-500 hover:underline"
title={fileName}
>
{truncate(fileName, 28)}
</a>
);
}}
/>
</DataTable>
</div>
)}
<ConfirmDialog />
@@ -402,7 +373,18 @@ export default function RequestManagement() {
</p>
)}
{selectedRequest.progress !== undefined && selectedRequest.progress !== null && (
<p><strong>Progress:</strong> {formatProgress(selectedRequest.progress)}</p>
<div className="col-span-2">
<strong>Progress:</strong>
<div className="progress-bar-container mt-2">
<div className="progress-bar-track progress-bar-track-lg">
<div
className={`progress-bar-fill ${selectedRequest.status === "Failed" ? "bg-red-500" : selectedRequest.status === "Finished" ? "bg-green-500" : "bg-blue-500"}`}
style={{ width: `${Math.min(100, Math.max(0, Number(selectedRequest.progress) > 1 ? Math.round(selectedRequest.progress) : selectedRequest.progress * 100))}%` }}
/>
</div>
<span className="progress-bar-text">{formatProgress(selectedRequest.progress)}</span>
</div>
</div>
)}
</div>

12
src/components/ToastProvider.jsx
View File

@@ -1,19 +1,23 @@
import React, { lazy, Suspense } from 'react';
import React from 'react';
import { ToastContainer } from 'react-toastify';
import 'react-toastify/dist/ReactToastify.css';
const CustomToastContainer = () => {
const CustomToastContainer = ({ theme = 'light', newestOnTop = false, closeOnClick = true }) => {
// Map data-theme values to react-toastify theme
const toastTheme = theme === 'dark' ? 'dark' : 'light';
return (
<ToastContainer
position="top-right"
autoClose={5000}
hideProgressBar={false}
newestOnTop={false}
closeOnClick
newestOnTop={newestOnTop}
closeOnClick={closeOnClick}
rtl={false}
pauseOnFocusLoss={false}
draggable
pauseOnHover
theme={toastTheme}
/>
);
};

84
src/components/req/ReqForm.jsx
View File

@@ -15,17 +15,21 @@ export default function ReqForm() {
const [selectedTitle, setSelectedTitle] = useState("");
const [isSubmitting, setIsSubmitting] = useState(false);
const [suggestions, setSuggestions] = useState([]);
const [posterLoading, setPosterLoading] = useState(true);
useEffect(() => {
if (title !== selectedTitle && selectedOverview) {
setSelectedOverview("");
setSelectedTitle("");
if (title !== selectedTitle) {
if (selectedOverview) setSelectedOverview("");
if (selectedItem) setSelectedItem(null);
if (type) setType("");
if (selectedTitle) setSelectedTitle("");
setPosterLoading(true);
}
}, [title, selectedTitle, selectedOverview]);
}, [title, selectedTitle, selectedOverview, selectedItem, type]);
const searchTitles = async (event) => {
const query = event.query;
if (query.length < 3) {
if (query.length < 2) {
setSuggestions([]);
return;
}
@@ -103,20 +107,29 @@ export default function ReqForm() {
}, 0);
};
const formatMediaType = (mediaTypeValue) => {
if (!mediaTypeValue) return "";
if (mediaTypeValue === "tv") return "TV Series";
if (mediaTypeValue === "movie") return "Movie";
return mediaTypeValue.charAt(0).toUpperCase() + mediaTypeValue.slice(1);
};
const selectedTypeLabel = formatMediaType(selectedItem?.mediaType || type);
return (
<div className="flex items-center justify-center min-h-[60vh] p-4">
<div className="w-full max-w-lg p-8 bg-white dark:bg-[#1E1E1E] rounded-3xl shadow-2xl border border-gray-200 dark:border-gray-700">
<div className="w-full max-w-lg p-8 bg-white dark:bg-[#141414] rounded-2xl shadow-lg shadow-neutral-900/5 dark:shadow-black/20 border border-neutral-200/60 dark:border-neutral-800/60">
<div className="text-center mb-8">
<h1 className="text-4xl font-bold text-gray-800 dark:text-white mb-2">
<h1 className="text-3xl font-bold text-neutral-900 dark:text-white mb-2 tracking-tight font-['IBM_Plex_Sans',sans-serif]">
Request Movies/TV
</h1>
<p className="text-gray-600 dark:text-gray-400 text-sm">
<p className="text-neutral-500 dark:text-neutral-400 text-sm">
Submit your request for review
</p>
</div>
<form onSubmit={handleSubmit} className="space-y-6">
<div className="space-y-2">
<label htmlFor="title" className="block text-sm font-semibold text-gray-700 dark:text-gray-300">
<label htmlFor="title" className="block text-sm font-medium text-neutral-700 dark:text-neutral-300">
Title <span className="text-red-500">*</span>
</label>
<AutoComplete
@@ -124,6 +137,7 @@ export default function ReqForm() {
value={title}
suggestions={suggestions}
completeMethod={searchTitles}
minLength={2}
onChange={(e) => setTitle(typeof e.value === 'string' ? e.value : e.value.label)}
onSelect={(e) => {
setType(e.value.mediaType === 'tv' ? 'tv' : 'movie');
@@ -136,38 +150,50 @@ export default function ReqForm() {
placeholder="Enter movie or TV title"
title="Enter movie or TV show title"
className="w-full"
inputClassName="w-full border-2 border-gray-200 dark:border-gray-600 rounded-xl px-4 py-3 focus:border-[#12f8f4] transition-colors"
panelClassName="border-2 border-gray-200 dark:border-gray-600 rounded-xl"
inputClassName="w-full border border-neutral-200 dark:border-neutral-700 rounded-xl px-4 py-3 bg-white dark:bg-neutral-900/50 focus:border-blue-500 dark:focus:border-blue-400 focus:ring-2 focus:ring-blue-500/20 transition-all outline-none"
panelClassName="rounded-xl overflow-hidden"
field="label"
onShow={attachScrollFix}
itemTemplate={(item) => (
<div className="p-2 hover:bg-gray-100 dark:hover:bg-gray-700 rounded">
<div className="p-2 rounded">
<span className="font-medium">{item.label}</span>
{item.year && <span className="text-sm text-gray-500 ml-2">({item.year})</span>}
<span className="text-xs text-gray-400 ml-2 uppercase">{item.mediaType === 'tv' ? 'TV' : 'Movie'}</span>
{item.year && <span className="text-sm text-neutral-500 ml-2">({item.year})</span>}
<span className="text-xs text-neutral-400 ml-2 uppercase">{item.mediaType === 'tv' ? 'TV' : 'Movie'}</span>
</div>
)}
/>
{selectedItem && selectedTypeLabel && (
<div className="text-xs font-medium uppercase text-neutral-500 dark:text-neutral-400 tracking-wide">
Selected type: <span className="font-bold text-neutral-700 dark:text-neutral-200">{selectedTypeLabel}</span>
</div>
)}
</div>
{selectedOverview && (
<div className="space-y-2">
<label className="block text-sm font-semibold text-gray-700 dark:text-gray-300">
<label className="block text-sm font-medium text-neutral-700 dark:text-neutral-300">
Synopsis
</label>
<div className="p-3 bg-gray-50 dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-600">
<div className="p-4 bg-neutral-50 dark:bg-neutral-900/50 rounded-xl border border-neutral-200/60 dark:border-neutral-700/60">
<div className="flex flex-col sm:flex-row gap-4">
<div className="flex-1">
<p className="text-sm text-gray-600 dark:text-gray-400 leading-relaxed">
<p className="text-sm text-neutral-600 dark:text-neutral-400 leading-relaxed">
{selectedOverview}
</p>
</div>
{selectedItem?.poster_path && (
<img
src={`https://image.tmdb.org/t/p/w200${selectedItem.poster_path}`}
alt="Poster"
className="w-24 sm:w-32 md:w-40 h-auto rounded-lg border border-gray-200 dark:border-gray-600"
/>
<div className="relative w-24 sm:w-32 md:w-40 flex-shrink-0 overflow-hidden rounded-lg">
{posterLoading && (
<div className="w-full bg-neutral-200 dark:bg-neutral-700 rounded-lg animate-pulse" style={{ aspectRatio: '2/3' }} />
)}
<img
src={`https://image.tmdb.org/t/p/w200${selectedItem.poster_path}`}
alt="Poster"
className={`w-full h-auto rounded-lg border border-neutral-200 dark:border-neutral-700 transition-opacity duration-300 ${posterLoading ? 'hidden' : 'block'}`}
onLoad={() => setPosterLoading(false)}
onError={() => setPosterLoading(false)}
/>
</div>
)}
</div>
</div>
@@ -175,28 +201,28 @@ export default function ReqForm() {
)}
<div className="space-y-2">
<label htmlFor="year" className="block text-sm font-semibold text-gray-700 dark:text-gray-300">
Year <span className="text-gray-500">(optional)</span>
<label htmlFor="year" className="block text-sm font-medium text-neutral-700 dark:text-neutral-300">
Year <span className="text-neutral-400">(optional)</span>
</label>
<InputText
id="year"
value={year}
onChange={(e) => setYear(e.target.value)}
placeholder="e.g. 2023"
className="w-full border-2 border-gray-200 dark:border-gray-600 rounded-xl px-4 py-3 focus:border-[#12f8f4] transition-colors"
className="w-full border border-neutral-200 dark:border-neutral-700 rounded-xl px-4 py-3 bg-white dark:bg-neutral-900/50 focus:border-blue-500 dark:focus:border-blue-400 focus:ring-2 focus:ring-blue-500/20 transition-all outline-none"
/>
</div>
<div className="space-y-2">
<label htmlFor="requester" className="block text-sm font-semibold text-gray-700 dark:text-gray-300">
Your Name <span className="text-gray-500">(optional)</span>
<label htmlFor="requester" className="block text-sm font-medium text-neutral-700 dark:text-neutral-300">
Your Name <span className="text-neutral-400">(optional)</span>
</label>
<InputText
id="requester"
value={requester}
onChange={(e) => setRequester(e.target.value)}
placeholder="Who is requesting this?"
className="w-full border-2 border-gray-200 dark:border-gray-600 rounded-xl px-4 py-3 focus:border-[#12f8f4] transition-colors"
className="w-full border border-neutral-200 dark:border-neutral-700 rounded-xl px-4 py-3 bg-white dark:bg-neutral-900/50 focus:border-blue-500 dark:focus:border-blue-400 focus:ring-2 focus:ring-blue-500/20 transition-all outline-none"
/>
</div>
@@ -204,7 +230,7 @@ export default function ReqForm() {
<Button
type="submit"
disabled={isSubmitting}
className="w-full py-3 px-6 bg-[#12f8f4] text-gray-900 font-semibold rounded-xl disabled:opacity-50 disabled:cursor-not-allowed"
className="w-full py-3 px-6 bg-neutral-900 dark:bg-white text-white dark:text-neutral-900 font-semibold rounded-xl hover:bg-neutral-800 dark:hover:bg-neutral-100 disabled:opacity-50 disabled:cursor-not-allowed transition-colors shadow-sm"
>
{isSubmitting ? "Submitting..." : "Submit Request"}
</Button>

44
src/config.js
View File

@@ -7,7 +7,14 @@ export const metaData = {
description: "CODEY STUFF!",
shareTitle: "CODEY STUFF",
shareDescription: "CODEY STUFF!",
shareImageAlt: "/images/favicon.png",
// alt text for the share/OG image (descriptive; not a filename)
shareImageAlt: "CODEY STUFF logo",
// default favicon / site icon used when no per-subsite override is provided
favicon: "/images/favicon.png",
// additional icons array (optional) for multi-icon support
icons: [
{ rel: 'icon', href: '/images/favicon.png' },
],
};
export const API_URL = "https://api.codey.lol";
@@ -16,7 +23,7 @@ export const RADIO_API_URL = "https://radio-api.codey.lol";
export const socialLinks = {
};
export const MAJOR_VERSION = "0.4"
export const MAJOR_VERSION = "0.5"
export const RELEASE_FLAG = null;
export const ENVIRONMENT = import.meta.env.DEV ? "Dev" : "Prod";
@@ -25,13 +32,42 @@ export const WHITELABELS = {
'req.boatson.boats': {
title: 'Request Media',
name: 'REQ',
brandColor: '#12f8f4',
brandColor: '', // inherit
siteTitle: 'Request Media',
logoText: 'Request Media',
// optional meta overrides for whitelabel/subsite
shareTitle: 'Request Media',
shareDescription: 'Request Media',
ogImage: '/images/req.png',
shareImageAlt: 'Request Media logo',
favicon: '/images/req.png',
// optional canonical/base url for this subsite (useful when host-forcing or in prod)
baseUrl: 'https://req.boatson.boats',
// human-readable site name for social meta
siteName: 'Request Media'
},
};
// Subsite mapping: host -> site path
export const SUBSITES = {
'req.boatson.boats': '/subsites/req',
};
};
// Protected routes configuration
// Routes listed here require authentication - middleware will redirect to /login if not authenticated
// Can be a string (just auth required) or object with roles array for role-based access
export const PROTECTED_ROUTES = [
'/radio',
{ path: '/lighting', roles: ['lighting'] },
{ path: '/discord-logs', roles: ['discord'] },
'/memes',
'/TRip',
'/TRip/requests',
];
// Routes that should skip auth check entirely (public routes)
export const PUBLIC_ROUTES = [
'/',
'/login',
'/api/',
];

1
src/content/config.ts
View File

@@ -1 +0,0 @@

16
src/env.d.ts vendored
View File

@@ -1 +1,17 @@
/// <reference path="../.astro/types.d.ts" />
// Extend Astro.locals with custom properties set by middleware
declare namespace App {
interface Locals {
user?: {
id?: string;
username?: string;
user?: string;
roles?: string[];
[key: string]: unknown;
};
whitelabel?: string | null;
isSubsite?: boolean;
refreshedCookies?: string[];
}
}

46
src/hooks/requireAuthHook.js
View File

@@ -1,7 +1,24 @@
// requireAuthHook.js
import { API_URL } from "@/config";
// WeakMap to cache auth promises per Astro context (request)
const authCache = new WeakMap();
export const requireAuthHook = async (Astro) => {
// Check if we already have a cached promise for this request
if (authCache.has(Astro)) {
return authCache.get(Astro);
}
// Create a promise and cache it immediately to prevent race conditions
const authPromise = performAuth(Astro);
authCache.set(Astro, authPromise);
// Return the promise - all callers will await the same promise
return authPromise;
};
async function performAuth(Astro) {
try {
const cookieHeader = Astro.request.headers.get("cookie") ?? "";
let res = await fetch(`${API_URL}/auth/id`, {
@@ -21,19 +38,30 @@ export const requireAuthHook = async (Astro) => {
return null;
}
const setCookieHeader = refreshRes.headers.get("set-cookie");
let newCookieHeader = cookieHeader;
if (setCookieHeader) {
const cookiesArray = setCookieHeader.split(/,(?=\s*\w+=)/);
cookiesArray.forEach((c) => Astro.response.headers.append("set-cookie", c));
newCookieHeader = cookiesArray.map(c => c.split(";")[0]).join("; ");
// Get all Set-Cookie headers (getSetCookie returns an array)
let setCookies = [];
if (typeof refreshRes.headers.getSetCookie === 'function') {
setCookies = refreshRes.headers.getSetCookie();
} else {
// Fallback for older Node versions
const setCookieHeader = refreshRes.headers.get("set-cookie");
if (setCookieHeader) {
// Split on comma followed by a cookie name (word=), avoiding splitting on Expires dates
setCookies = setCookieHeader.split(/,(?=\s*[a-zA-Z_][a-zA-Z0-9_]*=)/);
}
}
if (setCookies.length === 0) {
console.error("No set-cookie header found in refresh response");
return null;
}
// Forward cookies to client
setCookies.forEach((c) => Astro.response.headers.append("set-cookie", c.trim()));
// Build new cookie header for the retry request
const newCookieHeader = setCookies.map(c => c.split(";")[0].trim()).join("; ");
res = await fetch(`${API_URL}/auth/id`, {
headers: { Cookie: newCookieHeader },
credentials: "include",
@@ -52,4 +80,4 @@ export const requireAuthHook = async (Astro) => {
console.error("[SSR] requireAuthHook error:", err);
return null;
}
};
}

20
src/layouts/Base.astro
View File

@@ -3,6 +3,7 @@ interface Props {
title?: string;
description?: string;
image?: string;
hideFooter?: boolean;
}
import Themes from "astro-themes";
@@ -13,6 +14,8 @@ import Nav from "./Nav.astro";
import SubNav from "./SubNav.astro";
import Footer from "../components/Footer.astro";
import "@fontsource/ibm-plex-sans/500.css";
import "@fontsource/ibm-plex-sans/600.css";
import "@fontsource/geist-sans/400.css";
import "@fontsource/geist-sans/600.css";
import "@fontsource/geist-mono/400.css";
@@ -20,7 +23,7 @@ import "@fontsource/geist-mono/600.css";
import "@styles/global.css";
import "@fonts/fonts.css";
const { title, description, image } = Astro.props;
const { title, description, image, hideFooter = false } = Astro.props;
const hostHeader = Astro.request?.headers?.get('host') || '';
const host = hostHeader.split(':')[0];
@@ -69,26 +72,31 @@ if (import.meta.env.DEV) {
content="index, follow, max-video-preview:-1, max-image-preview:large, max-snippet:-1"
/>
<Themes />
<BaseHead title={whitelabel?.siteTitle ?? title} description={description} image={image ?? metaData.ogImage} isWhitelabel={!!whitelabel} />
<BaseHead title={whitelabel?.siteTitle ?? title} description={description} image={image ?? metaData.ogImage} isWhitelabel={!!whitelabel} whitelabel={whitelabel} subsite={detectedSubsite} />
<script>
import "@scripts/lenisSmoothScroll.js";
import "@scripts/main.jsx";
</script>
</head>
<body
class="antialiased flex flex-col items-center justify-center mx-auto mt-2 lg:mt-8 mb-20 lg:mb-40
class="antialiased flex flex-col items-center mx-auto min-h-screen
scrollbar-hide"
style={`--brand-color: ${whitelabel?.brandColor ?? '#111827'}`}>
<!-- Nav is outside main to allow full-width -->
<div class="w-full">
{whitelabel ? <SubNav whitelabel={whitelabel} subsite={detectedSubsite} /> : <Nav />}
</div>
<main
class="page-enter flex-auto min-w-0 mt-2 md:mt-6 flex flex-col px-6 sm:px-4 md:px-0 max-w-3xl w-full">
class="page-enter flex-auto min-w-0 mt-6 md:mt-8 flex flex-col px-4 sm:px-6 md:px-0 max-w-3xl w-full pb-8">
<noscript>
<div style="background: #f44336; color: white; padding: 1em; text-align: center;">
This site requires JavaScript to function. Please enable JavaScript in your browser.
</div>
</noscript>
{whitelabel ? <SubNav whitelabel={whitelabel} subsite={detectedSubsite} /> : <Nav />}
<slot />
<Footer />
{!hideFooter && <Footer />}
</main>
<style>
/* Minimal page transition to replace deprecated ViewTransitions */

10
src/layouts/Nav.astro
View File

@@ -21,6 +21,7 @@ const navItems = [
{ label: "Memes", href: "/memes" },
{ label: "TRip", href: "/TRip", auth: true, icon: "pirate" },
{ label: "Lighting", href: "/lighting", auth: true },
{ label: "Discord Logs", href: "/discord-logs", auth: true },
{ label: "Status", href: "https://status.boatson.boats", icon: "external" },
{ label: "Git", href: "https://kode.boatson.boats", icon: "external" },
{ label: "Login", href: "/login", guestOnly: true },
@@ -45,13 +46,13 @@ const currentPath = Astro.url.pathname;
<script src="/scripts/nav-controls.js" defer data-api-url={API_URL}></script>
<nav class="w-full px-4 sm:px-6 py-4 bg-transparent sticky top-0 z-50 backdrop-blur-sm bg-white/80 dark:bg-[#121212]/80 border-b border-neutral-200/50 dark:border-neutral-800/50">
<nav class="w-full px-4 sm:px-6 py-3 sticky top-0 z-50 backdrop-blur-xl bg-white/75 dark:bg-[#0a0a0a]/75 border-b border-neutral-200/40 dark:border-neutral-800/40 shadow-sm shadow-neutral-900/5 dark:shadow-black/20">
<div class="max-w-7xl mx-auto">
<div class="nav-bar-row flex items-center gap-4 justify-between">
<!-- Logo/Brand -->
<a
href="/"
class="text-xl sm:text-2xl font-semibold header-text whitespace-nowrap hover:opacity-80 transition-opacity">
class="text-xl sm:text-2xl font-bold tracking-tight bg-gradient-to-r from-neutral-900 to-neutral-600 dark:from-white dark:to-neutral-400 bg-clip-text text-transparent whitespace-nowrap hover:opacity-80 transition-opacity font-['IBM_Plex_Sans',sans-serif]">
{metaData.title}
</a>
@@ -75,10 +76,9 @@ const currentPath = Astro.url.pathname;
<a
href={item.href}
class={isActive
? "flex items-center gap-0 px-2.5 py-1.5 rounded-md text-xs font-medium transition-all duration-200 text-white"
: "flex items-center gap-0 px-2.5 py-1.5 rounded-md text-xs font-medium transition-all duration-200 text-neutral-700 dark:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800"
? "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-semibold transition-all duration-200 text-white bg-neutral-900 dark:bg-white dark:text-neutral-900 shadow-sm font-['IBM_Plex_Sans',sans-serif]"
: "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-medium transition-all duration-200 text-neutral-600 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white hover:bg-neutral-100 dark:hover:bg-neutral-800/60 font-['IBM_Plex_Sans',sans-serif]"
}
style={isActive ? `background: #111827` : undefined}
target={isExternal ? "_blank" : undefined}
rel={(isExternal || isAuthedPath) ? "external" : undefined}
onclick={item.onclick}

4
src/layouts/subsites/defaultNav.astro
View File

@@ -7,9 +7,9 @@ const currentPath = Astro.url.pathname;
<script src="/scripts/nav-controls.js" defer data-api-url={API_URL}></script>
<nav class="w-full px-4 sm:px-6 py-4 bg-transparent sticky top-0 z-50 backdrop-blur-sm bg-white/80 dark:bg-[#121212]/80 border-b border-neutral-200/50 dark:border-neutral-800/50">
<nav class="w-full px-4 sm:px-6 py-3 sticky top-0 z-50 backdrop-blur-xl bg-white/75 dark:bg-[#0a0a0a]/75 border-b border-neutral-200/40 dark:border-neutral-800/40 shadow-sm shadow-neutral-900/5 dark:shadow-black/20">
<div class="max-w-7xl mx-auto flex items-center justify-between">
<a href="/" class="text-xl sm:text-2xl font-semibold" style={`color: ${whitelabel?.brandColor ?? 'var(--brand-color)'}`}>
<a href="/" class="text-xl sm:text-2xl font-bold tracking-tight bg-gradient-to-r from-neutral-900 to-neutral-600 dark:from-white dark:to-neutral-400 bg-clip-text text-transparent whitespace-nowrap hover:opacity-80 transition-opacity font-['IBM_Plex_Sans',sans-serif]">
{whitelabel?.logoText ?? 'Subsite'}
</a>
<div class="flex items-center gap-4">

182
src/layouts/subsites/reqNav.astro
View File

@@ -1,28 +1,182 @@
---
// Req specific subsite nav placeholder. Keeps markup minimal for now.
import { Icon } from "astro-icon/components";
import { API_URL } from "../../config";
import { requireAuthHook } from "@/hooks/requireAuthHook";
import { padlockIconSvg, userIconSvg, externalLinkIconSvg } from "@/utils/navAssets";
import "@/assets/styles/nav.css";
const whitelabel = Astro.props?.whitelabel ?? null;
const currentPath = Astro.url.pathname;
const subsitePathPrefix = "/subsites/req";
const links = [
// Add req-specific nav items here in future
const user = await requireAuthHook(Astro);
const isLoggedIn = Boolean(user);
const userDisplayName = user?.user ?? null;
type NavItem = {
label: string;
href: string;
auth?: boolean;
guestOnly?: boolean;
icon?: "external" | "padlock" | "pirate" | string;
onclick?: string;
};
const baseNavItems: NavItem[] = [
// { label: "Submit Request", href: "/" },
];
const navItems: NavItem[] = isLoggedIn
? [...baseNavItems, { label: "Logout", href: "#logout", onclick: "handleLogout()" }]
: baseNavItems;
const visibleNavItems: NavItem[] = navItems.filter((item) => {
if (item.auth && !isLoggedIn) return false;
if (item.guestOnly && isLoggedIn) return false;
return true;
});
const normalize = (url) => (url || "/").replace(/\/+$/, "") || "/";
const trimmedPath = currentPath.startsWith(subsitePathPrefix)
? currentPath.slice(subsitePathPrefix.length) || "/"
: currentPath;
const normalizedCurrent = normalize(trimmedPath);
---
<script src="/scripts/nav-controls.js" defer data-api-url={API_URL}></script>
<nav class="w-full px-4 sm:px-6 py-4 bg-transparent sticky top-0 z-50 backdrop-blur-sm bg-white/80 dark:bg-[#121212]/80 border-b border-neutral-200/50 dark:border-neutral-800/50">
<div class="max-w-7xl mx-auto flex items-center justify-between">
<a href="/" class="text-xl sm:text-2xl font-semibold" style={`color: ${whitelabel?.brandColor ?? 'var(--brand-color)'}`}>
{whitelabel?.logoText ?? 'REQ'}
</a>
<ul class="flex items-center gap-4">
<li>
<button aria-label="Toggle theme" type="button" class="flex items-center justify-center w-8 h-8 rounded-md hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-colors" onclick="toggleTheme()">
<Icon name="fa6-solid:circle-half-stroke" class="h-4 w-4 text-[#1c1c1c] dark:text-[#D4D4D4]" />
<nav class="w-full px-4 sm:px-6 py-3 sticky top-0 z-50 backdrop-blur-xl bg-white/75 dark:bg-[#0a0a0a]/75 border-b border-neutral-200/40 dark:border-neutral-800/40 shadow-sm shadow-neutral-900/5 dark:shadow-black/20">
<div class="max-w-7xl mx-auto">
<div class="nav-bar-row flex items-center gap-4 justify-between">
<a
href="/"
class="text-xl sm:text-2xl font-bold tracking-tight bg-gradient-to-r from-neutral-900 to-neutral-600 dark:from-white dark:to-neutral-400 bg-clip-text text-transparent whitespace-nowrap hover:opacity-80 transition-opacity font-['IBM_Plex_Sans',sans-serif]"
>
{whitelabel?.logoText ?? 'REQ'}
</a>
<div class="desktop-nav flex items-center">
<ul class="desktop-nav-list">
{visibleNavItems.map((item) => {
const isExternal = item.href?.startsWith("http");
const isAuthedPath = item.auth ?? false;
const normalizedHref = normalize(item.href);
const isActive = !isExternal && (
normalizedHref === '/'
? normalizedCurrent === '/'
: normalizedCurrent === normalizedHref || normalizedCurrent.startsWith(normalizedHref + '/')
);
return (
<li>
<a
href={item.href}
class={isActive
? "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-semibold transition-all duration-200 text-white bg-neutral-900 dark:bg-white dark:text-neutral-900 shadow-sm font-['IBM_Plex_Sans',sans-serif]"
: "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-medium transition-all duration-200 text-neutral-600 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white hover:bg-neutral-100 dark:hover:bg-neutral-800/60 font-['IBM_Plex_Sans',sans-serif]"}
target={isExternal ? "_blank" : undefined}
rel={(isExternal || isAuthedPath) ? "external" : undefined}
onclick={item.onclick}
>
{item.label}
{item.icon === "external" && (
<span class="inline-flex ml-0.5" aria-hidden="true" set:html={externalLinkIconSvg}></span>
)}
{item.icon === "padlock" && (
<span class="inline-flex" aria-hidden="true" set:html={padlockIconSvg}></span>
)}
{item.icon === "pirate" && (
<span class="inline-flex ml-1" role="img" aria-label="Pirate flag">🏴‍☠️</span>
)}
</a>
</li>
);
})}
</ul>
<button
aria-label="Toggle theme"
type="button"
class="flex items-center justify-center w-8 h-8 rounded-md hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-colors"
onclick="toggleTheme()"
>
<Icon
name="fa6-solid:circle-half-stroke"
class="h-4 w-4 text-[#1c1c1c] dark:text-[#D4D4D4]"
/>
</button>
</li>
</ul>
</div>
<div class="mobile-nav flex items-center gap-2">
<button
aria-label="Toggle theme"
type="button"
class="flex items-center justify-center w-9 h-9 rounded-lg hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-colors"
onclick="toggleTheme()"
>
<Icon
name="fa6-solid:circle-half-stroke"
class="h-5 w-5 text-[#1c1c1c] dark:text-[#D4D4D4]"
/>
</button>
<button
id="mobile-menu-btn"
aria-label="Toggle menu"
type="button"
class="flex items-center justify-center w-9 h-9 rounded-lg hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-colors"
>
<svg id="menu-icon" class="w-6 h-6 text-neutral-700 dark:text-neutral-300" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16"></path>
</svg>
<svg id="close-icon" class="w-6 h-6 text-neutral-700 dark:text-neutral-300" style="display: none;" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
</svg>
</button>
</div>
</div>
<div
id="mobile-menu"
class="mobile-menu-dropdown md:hidden"
>
<ul class="flex flex-col gap-1 py-4">
{visibleNavItems.map((item) => {
const isExternal = item.href?.startsWith("http");
const isAuthedPath = item.auth ?? false;
const normalizedHref = normalize(item.href);
const isActive = !isExternal && (
normalizedHref === '/'
? normalizedCurrent === '/'
: normalizedCurrent === normalizedHref || normalizedCurrent.startsWith(normalizedHref + '/')
);
return (
<li>
<a
href={item.href}
class={isActive
? "flex items-center gap-0 px-4 py-3 rounded-lg text-base font-medium transition-all duration-200 text-white bg-neutral-900 dark:bg-white dark:text-neutral-900 font-['IBM_Plex_Sans',sans-serif]"
: "flex items-center gap-0 px-4 py-3 rounded-lg text-base font-medium transition-all duration-200 text-neutral-700 dark:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800 font-['IBM_Plex_Sans',sans-serif]"}
target={isExternal ? "_blank" : undefined}
rel={(isExternal || isAuthedPath) ? "external" : undefined}
onclick={item.onclick}
>
<span>{item.label}</span>
{item.icon === "external" && (
<span class="inline-flex ml-0.5" aria-hidden="true" set:html={externalLinkIconSvg}></span>
)}
{item.icon === "padlock" && (
<span class="inline-flex" aria-hidden="true" set:html={padlockIconSvg}></span>
)}
{item.icon === "pirate" && (
<span class="inline-flex ml-1" role="img" aria-label="Pirate flag">🏴‍☠️</span>
)}
</a>
</li>
);
})}
</ul>
</div>
</div>
</nav>

244
src/middleware.js
View File

@@ -1,9 +1,164 @@
import { defineMiddleware } from 'astro:middleware';
import { SUBSITES } from './config.js';
import { SUBSITES, PROTECTED_ROUTES, PUBLIC_ROUTES } from './config.js';
import { getSubsiteByHost, getSubsiteFromSignal } from './utils/subsites.js';
const API_URL = "https://api.codey.lol";
// Auth check function (mirrors requireAuthHook logic but for middleware)
async function checkAuth(request) {
try {
const cookieHeader = request.headers.get("cookie") ?? "";
if (import.meta.env.DEV) console.log(`[middleware:checkAuth] Cookie header present: ${!!cookieHeader}`);
let res = await fetch(`${API_URL}/auth/id`, {
headers: { Cookie: cookieHeader },
credentials: "include",
});
if (import.meta.env.DEV) console.log(`[middleware:checkAuth] Initial auth/id status: ${res.status}`);
if (res.status === 401) {
// Try refresh
const refreshRes = await fetch(`${API_URL}/auth/refresh`, {
method: "POST",
headers: { Cookie: cookieHeader },
credentials: "include",
});
if (!refreshRes.ok) {
return { authenticated: false, user: null, cookies: null };
}
// Get refreshed cookies
let setCookies = [];
if (typeof refreshRes.headers.getSetCookie === 'function') {
setCookies = refreshRes.headers.getSetCookie();
} else {
const setCookieHeader = refreshRes.headers.get("set-cookie");
if (setCookieHeader) {
setCookies = setCookieHeader.split(/,(?=\s*[a-zA-Z_][a-zA-Z0-9_]*=)/);
}
}
if (setCookies.length === 0) {
return { authenticated: false, user: null, cookies: null };
}
// Build new cookie header for retry
const newCookieHeader = setCookies.map(c => c.split(";")[0].trim()).join("; ");
res = await fetch(`${API_URL}/auth/id`, {
headers: { Cookie: newCookieHeader },
credentials: "include",
});
if (!res.ok) {
return { authenticated: false, user: null, cookies: null };
}
const user = await res.json();
return { authenticated: true, user, cookies: setCookies };
}
if (!res.ok) {
return { authenticated: false, user: null, cookies: null };
}
const user = await res.json();
return { authenticated: true, user, cookies: null };
} catch (err) {
console.error("[middleware] Auth check error:", err);
return { authenticated: false, user: null, cookies: null };
}
}
// Check if a path matches any protected route and return the config
function getProtectedRouteConfig(pathname) {
// Normalize pathname for comparison (lowercase)
const normalizedPath = pathname.toLowerCase();
for (const route of PROTECTED_ROUTES) {
const routePath = typeof route === 'string' ? route : route.path;
const normalizedRoute = routePath.toLowerCase();
const matches = normalizedPath === normalizedRoute || normalizedPath.startsWith(normalizedRoute + '/');
if (matches) {
return typeof route === 'string' ? { path: route, roles: null } : route;
}
}
return null;
}
// Check if a path is explicitly public
function isPublicRoute(pathname) {
for (const route of PUBLIC_ROUTES) {
// For routes ending with /, match any path starting with that prefix
if (route.endsWith('/') && route !== '/') {
if (pathname.startsWith(route)) {
if (import.meta.env.DEV) console.log(`[middleware] isPublicRoute: ${pathname} matched ${route} (prefix)`);
return true;
}
} else {
// For other routes, match exactly or as a path prefix (route + /)
if (pathname === route) {
if (import.meta.env.DEV) console.log(`[middleware] isPublicRoute: ${pathname} matched ${route} (exact)`);
return true;
}
// Special case: don't treat / as a prefix for all paths
if (route !== '/' && pathname.startsWith(route + '/')) {
if (import.meta.env.DEV) console.log(`[middleware] isPublicRoute: ${pathname} matched ${route}/ (subpath)`);
return true;
}
}
}
if (import.meta.env.DEV) console.log(`[middleware] isPublicRoute(${pathname}) = false`);
return false;
}
export const onRequest = defineMiddleware(async (context, next) => {
try {
const pathname = context.url.pathname;
// Skip auth check for static assets and API routes
const skipAuthPrefixes = ['/_astro', '/_', '/assets', '/scripts', '/favicon', '/images', '/_static'];
const shouldSkipAuth = skipAuthPrefixes.some(p => pathname.startsWith(p));
// Check authentication for protected routes
const protectedConfig = getProtectedRouteConfig(pathname);
if (import.meta.env.DEV) console.log(`[middleware] Path: ${pathname}, Protected: ${!!protectedConfig}, SkipAuth: ${shouldSkipAuth}`);
if (!shouldSkipAuth && protectedConfig && !isPublicRoute(pathname)) {
const { authenticated, user, cookies } = await checkAuth(context.request);
if (import.meta.env.DEV) console.log(`[middleware] Auth result: authenticated=${authenticated}`);
if (!authenticated) {
// Redirect to login with return URL
const returnUrl = encodeURIComponent(pathname + context.url.search);
if (import.meta.env.DEV) console.log(`[middleware] Auth required for ${pathname}, redirecting to login`);
return context.redirect(`/login?returnUrl=${returnUrl}`, 302);
}
// Check role-based access if roles are specified
if (protectedConfig.roles && protectedConfig.roles.length > 0) {
const userRoles = user?.roles || [];
const hasRequiredRole = protectedConfig.roles.some(role => userRoles.includes(role));
if (!hasRequiredRole) {
if (import.meta.env.DEV) console.log(`[middleware] User lacks required role for ${pathname}, redirecting to login`);
return context.redirect('/login', 302);
}
}
// Store user in locals for downstream use
context.locals.user = user;
// Forward any refreshed cookies
if (cookies && cookies.length > 0) {
context.locals.refreshedCookies = cookies;
}
if (import.meta.env.DEV) console.log(`[middleware] Auth OK for ${pathname}, user: ${user?.username || user?.id || 'unknown'}`);
}
// Check the Host header to differentiate subdomains
// Build a headers map safely because Headers.get(':authority') throws
const headersMap = {};
@@ -17,8 +172,20 @@ export const onRequest = defineMiddleware(async (context, next) => {
const urlHost = context.url?.hostname || '';
const host = (hostHeader || authorityHeader || urlHost).split(':')[0]; // normalize remove port
const requestIp = (headersMap['x-forwarded-for']?.split(',')[0]?.trim())
|| headersMap['x-real-ip']
|| headersMap['cf-connecting-ip']
|| headersMap['forwarded']?.split(';').find(kv => kv.trim().startsWith('for='))?.split('=')[1]?.replace(/"/g, '')
|| context.request.headers.get('x-client-ip')
|| 'unknown';
// Cloudflare geo data (available in production)
const cfCountry = headersMap['cf-ipcountry'] || null;
const userAgent = headersMap['user-agent'] || null;
// Debug info for incoming requests
if (import.meta.env.DEV) console.log(`[middleware] incoming: host=${hostHeader} path=${context.url.pathname}`);
if (import.meta.env.DEV) console.log(`[middleware] incoming: host=${hostHeader} ip=${requestIp} path=${context.url.pathname}`);
// else console.log(`[middleware] request from ${requestIp}${cfCountry ? ` (${cfCountry})` : ''}${userAgent ? ` [${userAgent}]` : ''}: ${context.url.pathname}`);
// When the host header is missing, log all headers for debugging and
// attempt to determine host from forwarded headers or a dev query header.
@@ -109,15 +276,82 @@ export const onRequest = defineMiddleware(async (context, next) => {
// Let Astro handle the request first
const response = await next();
// Add security headers to response
const securityHeaders = new Headers(response.headers);
// Prevent clickjacking
securityHeaders.set('X-Frame-Options', 'SAMEORIGIN');
// Prevent MIME type sniffing
securityHeaders.set('X-Content-Type-Options', 'nosniff');
// XSS protection (legacy, but still useful)
securityHeaders.set('X-XSS-Protection', '1; mode=block');
// Referrer policy - send origin only on cross-origin requests
securityHeaders.set('Referrer-Policy', 'strict-origin-when-cross-origin');
// HSTS - enforce HTTPS (only in production)
if (!import.meta.env.DEV) {
securityHeaders.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
}
// Permissions policy - restrict sensitive APIs
securityHeaders.set('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
// Content Security Policy - restrict resource loading
// Note: 'unsafe-inline' and 'unsafe-eval' needed for React/Astro hydration
// In production, consider using nonces or hashes for stricter CSP
const cspDirectives = [
"default-src 'self'",
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com",
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
"font-src 'self' https://fonts.gstatic.com data:",
"img-src 'self' data: blob: https: http:",
"media-src 'self' blob: https:",
"connect-src 'self' https://api.codey.lol https://*.codey.lol wss:",
// Allow YouTube for video embeds
"frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com",
"object-src 'none'",
"base-uri 'self'",
"form-action 'self'",
"frame-ancestors 'self'",
"upgrade-insecure-requests",
].join('; ');
securityHeaders.set('Content-Security-Policy', cspDirectives);
// Forward any refreshed auth cookies to the client
if (context.locals.refreshedCookies && context.locals.refreshedCookies.length > 0) {
const newResponse = new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: securityHeaders,
});
context.locals.refreshedCookies.forEach(cookie => {
newResponse.headers.append('set-cookie', cookie.trim());
});
// If it's a 404, redirect to home
if (newResponse.status === 404 && !context.url.pathname.startsWith('/api/')) {
if (import.meta.env.DEV) console.log(`404 redirect: ${context.url.pathname} -> /`);
return context.redirect('/', 302);
}
return newResponse;
}
// If it's a 404, redirect to home
if (response.status === 404 && !context.url.pathname.startsWith('/api/')) {
if (import.meta.env.DEV) console.log(`404 redirect: ${context.url.pathname} -> /`);
return context.redirect('/', 302);
}
// no post-processing of response
return response;
// Return response with security headers
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: securityHeaders,
});
} catch (error) {
// Handle any middleware errors by redirecting to home
console.error('Middleware error:', error);

23
src/pages/TRip/index.astro
View File

@@ -1,19 +1,20 @@
---
import Base from "@/layouts/Base.astro";
import Root from "@/components/AppLayout.jsx";
import { requireAuthHook } from "@/hooks/requireAuthHook";
const user = await requireAuthHook(Astro);
if (!user) {
return Astro.redirect('/login');
}
// Auth is handled by middleware - user available in Astro.locals.user
// Middleware redirects to /login if not authenticated
const user = Astro.locals.user as any;
---
<Base>
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="qs2.MediaRequestForm" client:only="react">
</Root>
<section class="page-section trip-section">
<Root child="qs2.MediaRequestForm" client:only="react" />
</section>
</Base>
<style is:global>
/* Override main container width for TRip pages */
body:has(.trip-section) main.page-enter {
max-width: 1400px !important;
}
</style>

24
src/pages/TRip/requests.astro
View File

@@ -1,19 +1,21 @@
---
import Base from "@/layouts/Base.astro";
import Root from "@/components/AppLayout.jsx";
import { requireAuthHook } from "@/hooks/requireAuthHook";
const user = await requireAuthHook(Astro);
if (!user) {
return Astro.redirect('/login');
}
// Auth is handled by middleware - user available in Astro.locals.user
// Middleware redirects to /login if not authenticated
const user = Astro.locals.user as any;
---
<Base>
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="qs2.RequestManagement" client:only="react">
</Root>
<section class="page-section trip-section">
<Root child="qs2.RequestManagement" client:only="react" />
</section>
</Base>
<style is:global>
/* Override main container width for TRip pages */
html:has(.trip-section) main.page-enter {
max-width: 1400px !important;
width: 100% !important;
}
</style>

132
src/pages/api/discord/cached-image.js Normal file
View File

@@ -0,0 +1,132 @@
/**
* API endpoint to serve cached images from the database
* Serves avatars, emojis, attachments, etc. from local cache
*
* Security: Uses HMAC signatures to prevent enumeration of image IDs.
* Images can only be accessed with a valid signature generated server-side.
*/
import sql from '../../../utils/db.js';
import crypto from 'crypto';
import {
checkRateLimit,
recordRequest,
} from '../../../utils/rateLimit.js';
// Secret for signing image IDs - prevents enumeration attacks
const IMAGE_CACHE_SECRET = import.meta.env.IMAGE_CACHE_SECRET;
if (!IMAGE_CACHE_SECRET) {
console.error('CRITICAL: IMAGE_CACHE_SECRET environment variable is not set!');
}
/**
* Generate HMAC signature for an image ID
* @param {string|number} imageId - The image ID to sign
* @returns {string} - The hex signature
*/
export function signImageId(imageId) {
if (!IMAGE_CACHE_SECRET) {
throw new Error('IMAGE_CACHE_SECRET not configured');
}
const hmac = crypto.createHmac('sha256', IMAGE_CACHE_SECRET);
hmac.update(String(imageId));
return hmac.digest('hex').substring(0, 16); // Short signature is sufficient
}
/**
* Verify HMAC signature for an image ID
* @param {string|number} imageId - The image ID
* @param {string} signature - The signature to verify
* @returns {boolean} - Whether signature is valid
*/
function verifyImageSignature(imageId, signature) {
if (!IMAGE_CACHE_SECRET || !signature) return false;
const expected = signImageId(imageId);
// Timing-safe comparison
try {
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
} catch {
return false;
}
}
export async function GET({ request }) {
// Rate limit check - higher limit for images but still protected
const rateCheck = checkRateLimit(request, {
limit: 100,
windowMs: 1000,
burstLimit: 500,
burstWindowMs: 10_000,
});
if (!rateCheck.allowed) {
return new Response('Rate limit exceeded', {
status: 429,
headers: { 'Retry-After': '1' },
});
}
recordRequest(request, 1000);
const url = new URL(request.url);
const imageId = url.searchParams.get('id');
const signature = url.searchParams.get('sig');
const sourceUrl = url.searchParams.get('url');
if (!imageId && !sourceUrl) {
return new Response('Missing id or url parameter', { status: 400 });
}
// Validate imageId is a valid integer if provided
if (imageId && !/^\d+$/.test(imageId)) {
return new Response('Invalid image id', { status: 400 });
}
// Require valid signature for ID-based lookups to prevent enumeration
if (imageId && !verifyImageSignature(imageId, signature)) {
return new Response('Invalid or missing signature', { status: 403 });
}
try {
let image;
if (imageId) {
// Look up by image_id (signature already verified above)
const result = await sql`
SELECT image_data, content_type, source_url
FROM image_cache
WHERE image_id = ${imageId}
`;
image = result[0];
} else {
// Look up by source_url - no signature needed as URL itself is the identifier
const result = await sql`
SELECT image_data, content_type, source_url
FROM image_cache
WHERE source_url = ${sourceUrl}
`;
image = result[0];
}
if (!image) {
return new Response('Image not found in cache', { status: 404 });
}
// image_data is a Buffer (bytea)
const imageBuffer = image.image_data;
const contentType = image.content_type || 'image/png';
return new Response(imageBuffer, {
status: 200,
headers: {
'Content-Type': contentType,
'Content-Length': imageBuffer.length.toString(),
'Cache-Control': 'public, max-age=31536000, immutable', // Cache for 1 year since it's immutable
'X-Content-Type-Options': 'nosniff',
},
});
} catch (error) {
console.error('Error serving cached image:', error);
return new Response('Failed to serve image', { status: 500 });
}
}

128
src/pages/api/discord/channels.js Normal file
View File

@@ -0,0 +1,128 @@
/**
* API endpoint to fetch Discord channels from database
*/
import sql from '../../../utils/db.js';
import { requireApiAuth, createApiResponse } from '../../../utils/apiAuth.js';
import {
checkRateLimit,
recordRequest,
} from '../../../utils/rateLimit.js';
export async function GET({ request }) {
// Rate limit check
const rateCheck = checkRateLimit(request, {
limit: 20,
windowMs: 1000,
burstLimit: 100,
burstWindowMs: 10_000,
});
if (!rateCheck.allowed) {
return new Response(JSON.stringify({
error: rateCheck.isFlooding ? 'Too many requests - please slow down' : 'Rate limit exceeded'
}), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '1' },
});
}
recordRequest(request, 1000);
// Check authentication
const { user, error: authError, setCookieHeader } = await requireApiAuth(request);
if (authError) return authError;
// Helper to validate Discord snowflake IDs (17-20 digit strings)
const isValidSnowflake = (id) => !id || /^\d{17,20}$/.test(id);
try {
const url = new URL(request.url);
const guildId = url.searchParams.get('guildId');
// Validate snowflake format
if (!isValidSnowflake(guildId)) {
return createApiResponse({ error: 'Invalid guildId format' }, 400);
}
let channels;
// Channel types: 0=text, 2=voice, 4=category, 5=announcement, 10/11/12=threads
// Fetch text channels (type 0), categories (type 4), and threads (types 10, 11, 12)
if (guildId) {
// Fetch channels for specific guild with message counts
// Use LEFT JOIN with aggregated counts to avoid N+1 subqueries
channels = await sql`
WITH channel_counts AS (
SELECT channel_id, COUNT(*) as message_count
FROM messages
WHERE is_deleted = FALSE
GROUP BY channel_id
)
SELECT
c.channel_id,
c.name,
c.type,
c.position,
c.parent_id,
c.topic,
c.guild_id,
g.name as guild_name,
g.icon_url as guild_icon,
COALESCE(cc.message_count, 0) as message_count
FROM channels c
LEFT JOIN guilds g ON c.guild_id = g.guild_id
LEFT JOIN channel_counts cc ON c.channel_id = cc.channel_id
WHERE c.guild_id = ${guildId}
AND c.type IN (0, 4, 10, 11, 12)
ORDER BY c.position ASC, c.name ASC
`;
} else {
// Fetch all text channels, categories, and threads with message counts
// Use LEFT JOIN with aggregated counts to avoid N+1 subqueries
channels = await sql`
WITH channel_counts AS (
SELECT channel_id, COUNT(*) as message_count
FROM messages
WHERE is_deleted = FALSE
GROUP BY channel_id
)
SELECT
c.channel_id,
c.name,
c.type,
c.position,
c.parent_id,
c.topic,
c.guild_id,
g.name as guild_name,
g.icon_url as guild_icon,
COALESCE(cc.message_count, 0) as message_count
FROM channels c
LEFT JOIN guilds g ON c.guild_id = g.guild_id
LEFT JOIN channel_counts cc ON c.channel_id = cc.channel_id
WHERE c.type IN (0, 4, 10, 11, 12)
ORDER BY g.name ASC, c.position ASC, c.name ASC
`;
}
// Transform to expected format
const formattedChannels = channels.map(ch => ({
id: ch.channel_id.toString(),
name: ch.name,
type: ch.type,
position: ch.position,
parentId: ch.parent_id?.toString() || null,
topic: ch.topic || null,
guildId: ch.guild_id?.toString() || null,
guildName: ch.guild_name,
guildIcon: ch.guild_icon,
messageCount: parseInt(ch.message_count) || 0,
}));
return createApiResponse(formattedChannels, 200, setCookieHeader);
} catch (error) {
console.error('Error fetching channels:', error);
return createApiResponse({ error: 'Failed to fetch channels' }, 500, setCookieHeader);
}
}

332
src/pages/api/discord/members.js Normal file
View File

@@ -0,0 +1,332 @@
/**
* API endpoint to fetch Discord guild members with roles
* Optionally filters by channel visibility using permission overwrites
*/
import sql from '../../../utils/db.js';
import { requireApiAuth } from '../../../utils/apiAuth.js';
import {
checkRateLimit,
recordRequest,
} from '../../../utils/rateLimit.js';
import { signImageId } from './cached-image.js';
// Discord permission flags
const VIEW_CHANNEL = 0x400n; // 1024
const ADMINISTRATOR = 0x8n; // 8
/**
* Calculate which members can view a specific channel
* Emulates Discord's permission calculation:
* 1. Start with @everyone role permissions
* 2. Apply role-based overwrites (allow/deny)
* 3. Apply member-specific overwrites (allow/deny)
* 4. Check if VIEW_CHANNEL permission is granted
*/
async function getChannelVisibleMembers(channelId, guildId) {
// Get guild info including owner
const guildInfo = await sql`
SELECT owner_id FROM guilds WHERE guild_id = ${guildId}
`;
const ownerId = guildInfo[0]?.owner_id;
// Get @everyone role (same ID as guild)
const everyoneRole = await sql`
SELECT role_id, permissions FROM roles WHERE role_id = ${guildId}
`;
const basePermissions = everyoneRole[0]?.permissions ? BigInt(everyoneRole[0].permissions) : 0n;
// Get all channel permission overwrites
const overwrites = await sql`
SELECT target_id, target_type, allow_permissions, deny_permissions
FROM channel_permission_overwrites
WHERE channel_id = ${channelId}
`;
// Build overwrite lookups
const roleOverwrites = new Map();
const memberOverwrites = new Map();
for (const ow of overwrites) {
const targetId = ow.target_id.toString();
const allow = BigInt(ow.allow_permissions);
const deny = BigInt(ow.deny_permissions);
if (ow.target_type === 'role') {
roleOverwrites.set(targetId, { allow, deny });
} else {
memberOverwrites.set(targetId, { allow, deny });
}
}
// Get all guild members with their roles
const members = await sql`
SELECT gm.user_id, gm.roles
FROM guild_members gm
WHERE gm.guild_id = ${guildId}
`;
// Get all role permissions for the guild
const allRoles = await sql`
SELECT role_id, permissions FROM roles WHERE guild_id = ${guildId}
`;
const rolePermissions = new Map();
for (const role of allRoles) {
rolePermissions.set(role.role_id.toString(), BigInt(role.permissions || 0));
}
const visibleMemberIds = new Set();
for (const member of members) {
const userId = member.user_id.toString();
const memberRoles = (member.roles || []).map(r => r.toString());
// Owner always has access
if (ownerId && member.user_id.toString() === ownerId.toString()) {
visibleMemberIds.add(userId);
continue;
}
// Check if any role has ADMINISTRATOR
let isAdmin = false;
for (const roleId of memberRoles) {
const perms = rolePermissions.get(roleId) || 0n;
if (perms & ADMINISTRATOR) {
isAdmin = true;
break;
}
}
if (isAdmin) {
visibleMemberIds.add(userId);
continue;
}
// Calculate effective permissions
let permissions = basePermissions;
// Apply @everyone role overwrite first
const everyoneOverwrite = roleOverwrites.get(guildId.toString());
if (everyoneOverwrite) {
permissions = (permissions & ~everyoneOverwrite.deny) | everyoneOverwrite.allow;
}
// Apply role overwrites (combined)
let allowCombined = 0n;
let denyCombined = 0n;
for (const roleId of memberRoles) {
const ow = roleOverwrites.get(roleId);
if (ow) {
allowCombined |= ow.allow;
denyCombined |= ow.deny;
}
}
permissions = (permissions & ~denyCombined) | allowCombined;
// Apply member-specific overwrite (highest priority)
const memberOverwrite = memberOverwrites.get(userId);
if (memberOverwrite) {
permissions = (permissions & ~memberOverwrite.deny) | memberOverwrite.allow;
}
// Check VIEW_CHANNEL permission
if (permissions & VIEW_CHANNEL) {
visibleMemberIds.add(userId);
}
}
return visibleMemberIds;
}
export async function GET({ request }) {
// Rate limit check
const rateCheck = checkRateLimit(request, {
limit: 20,
windowMs: 1000,
burstLimit: 100,
burstWindowMs: 10_000,
});
if (!rateCheck.allowed) {
return new Response(JSON.stringify({
error: rateCheck.isFlooding ? 'Too many requests - please slow down' : 'Rate limit exceeded'
}), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '1' },
});
}
recordRequest(request, 1000);
// Check authentication
const { user, error: authError, setCookieHeader } = await requireApiAuth(request);
if (authError) return authError;
// Helper to create responses with optional Set-Cookie header
const createResponse = (data, status = 200) => new Response(JSON.stringify(data), {
status,
headers: {
'Content-Type': 'application/json',
...(setCookieHeader && { 'Set-Cookie': setCookieHeader }),
},
});
// Helper to validate Discord snowflake IDs (17-20 digit strings)
const isValidSnowflake = (id) => !id || /^\d{17,20}$/.test(id);
try {
const url = new URL(request.url);
const guildId = url.searchParams.get('guildId');
const channelId = url.searchParams.get('channelId'); // Optional: filter by channel visibility
if (!guildId) {
return createResponse({ error: 'guildId is required' }, 400);
}
// Validate snowflake formats
if (!isValidSnowflake(guildId) || !isValidSnowflake(channelId)) {
return createResponse({ error: 'Invalid ID format' }, 400);
}
// If channelId provided, get visible members for that channel
let visibleMemberIds = null;
if (channelId) {
visibleMemberIds = await getChannelVisibleMembers(channelId, guildId);
}
// Fetch all members for the guild with their user info
const members = await sql`
SELECT
gm.user_id,
gm.nickname,
gm.roles,
gm.guild_avatar_url,
gm.cached_guild_avatar_id,
u.username,
u.display_name,
u.global_name,
u.avatar_url,
u.cached_avatar_id,
u.is_bot
FROM guild_members gm
JOIN users u ON gm.user_id = u.user_id
WHERE gm.guild_id = ${guildId}
ORDER BY u.username ASC
`;
// Fetch all roles for the guild
const roles = await sql`
SELECT
role_id,
name,
color,
position,
hoist
FROM roles
WHERE guild_id = ${guildId}
ORDER BY position DESC
`;
// Create role lookup map
const roleMap = {};
roles.forEach(role => {
roleMap[role.role_id.toString()] = {
id: role.role_id.toString(),
name: role.name,
color: role.color ? `#${role.color.toString(16).padStart(6, '0')}` : null,
position: role.position,
hoist: role.hoist, // "hoist" means the role is displayed separately in member list
};
});
// Filter members by channel visibility if channelId was provided
const filteredMembers = visibleMemberIds
? members.filter(m => visibleMemberIds.has(m.user_id.toString()))
: members;
// Format members with their highest role for color
const formattedMembers = filteredMembers.map(member => {
const memberRoles = (member.roles || []).map(r => r.toString());
// Find highest positioned role with color for display
let displayRole = null;
let highestPosition = -1;
memberRoles.forEach(roleId => {
const role = roleMap[roleId];
if (role && role.position > highestPosition) {
highestPosition = role.position;
if (role.color && role.color !== '#000000') {
displayRole = role;
}
}
});
// Find all hoisted roles for grouping
const hoistedRoles = memberRoles
.map(rid => roleMap[rid])
.filter(r => r && r.hoist)
.sort((a, b) => b.position - a.position);
const primaryRole = hoistedRoles[0] || displayRole || null;
// Prefer cached avatar, then guild avatar, then user avatar
const cachedAvatarId = member.cached_guild_avatar_id || member.cached_avatar_id;
let avatarUrl;
if (cachedAvatarId) {
const sig = signImageId(cachedAvatarId);
avatarUrl = `/api/discord/cached-image?id=${cachedAvatarId}&sig=${sig}`;
} else {
avatarUrl = member.guild_avatar_url || member.avatar_url;
}
return {
id: member.user_id.toString(),
username: member.username,
displayName: member.nickname || member.global_name || member.username,
avatar: avatarUrl,
isBot: member.is_bot || false,
color: displayRole?.color || null,
primaryRoleId: primaryRole?.id || null,
primaryRoleName: primaryRole?.name || null,
roles: memberRoles,
};
});
// Group members by their primary (highest hoisted) role
const membersByRole = {};
const noRoleMembers = [];
formattedMembers.forEach(member => {
if (member.primaryRoleId) {
if (!membersByRole[member.primaryRoleId]) {
membersByRole[member.primaryRoleId] = {
role: roleMap[member.primaryRoleId],
members: [],
};
}
membersByRole[member.primaryRoleId].members.push(member);
} else {
noRoleMembers.push(member);
}
});
// Sort groups by role position (highest first)
const sortedGroups = Object.values(membersByRole)
.sort((a, b) => b.role.position - a.role.position);
// Add "Online" or default group for members without hoisted roles
if (noRoleMembers.length > 0) {
sortedGroups.push({
role: { id: 'none', name: 'Members', color: null, position: -1 },
members: noRoleMembers,
});
}
return createResponse({
roles: Object.values(roleMap).sort((a, b) => b.position - a.position),
groups: sortedGroups,
totalMembers: formattedMembers.length,
});
} catch (error) {
console.error('Error fetching members:', error);
return createResponse({ error: 'Failed to fetch members' }, 500);
}
}

916
src/pages/api/discord/messages.js Normal file
View File

@@ -0,0 +1,916 @@
/**
* API endpoint to fetch Discord messages from database
* Includes user info, attachments, embeds, and reactions
*/
import sql from '../../../utils/db.js';
import { requireApiAuth } from '../../../utils/apiAuth.js';
import {
checkRateLimit,
recordRequest,
} from '../../../utils/rateLimit.js';
import { signImageId } from './cached-image.js';
import crypto from 'crypto';
const IMAGE_PROXY_SECRET = import.meta.env.IMAGE_PROXY_SECRET;
if (!IMAGE_PROXY_SECRET) {
console.error('WARNING: IMAGE_PROXY_SECRET not set, image signing will fail');
}
// Trusted domains that don't need proxying
const TRUSTED_DOMAINS = new Set([
'cdn.discordapp.com',
'media.discordapp.net',
'i.imgur.com',
'imgur.com',
'i.redd.it',
'preview.redd.it',
'youtube.com',
'i.ytimg.com',
'img.youtube.com',
'youtu.be',
'twitter.com',
'pbs.twimg.com',
'abs.twimg.com',
'instagram.com',
'github.com',
'raw.githubusercontent.com',
'avatars.githubusercontent.com',
'user-images.githubusercontent.com',
]);
function isTrustedDomain(url) {
try {
const hostname = new URL(url).hostname.toLowerCase();
return TRUSTED_DOMAINS.has(hostname) ||
Array.from(TRUSTED_DOMAINS).some(domain => hostname.endsWith('.' + domain));
} catch {
return false;
}
}
function generateSignature(url) {
return crypto
.createHmac('sha256', IMAGE_PROXY_SECRET)
.update(url)
.digest('hex');
}
/**
* Get the best URL for an image - prefer cached version if available
* @param {number|null} cachedImageId - The cached image ID from database
* @param {string|null} originalUrl - The original CDN URL
* @param {string} baseUrl - Base URL for constructing cached image URLs
* @returns {string|null} The URL to use
*/
function getCachedOrProxyUrl(cachedImageId, originalUrl, baseUrl) {
// Prefer cached image if available
if (cachedImageId) {
const sig = signImageId(cachedImageId);
return `${baseUrl}/api/discord/cached-image?id=${cachedImageId}&sig=${sig}`;
}
// Fall back to original URL with proxy if needed
if (!originalUrl) return null;
if (isTrustedDomain(originalUrl)) {
return originalUrl;
}
const signature = generateSignature(originalUrl);
const encodedUrl = encodeURIComponent(originalUrl);
return `${baseUrl}/api/image-proxy?url=${encodedUrl}&sig=${signature}`;
}
function getSafeImageUrl(originalUrl, baseUrl) {
if (!originalUrl) return null;
if (isTrustedDomain(originalUrl)) {
return originalUrl;
}
const signature = generateSignature(originalUrl);
const encodedUrl = encodeURIComponent(originalUrl);
return `${baseUrl}/api/image-proxy?url=${encodedUrl}&sig=${signature}`;
}
export async function GET({ request }) {
// Rate limit check
const rateCheck = checkRateLimit(request, {
limit: 30,
windowMs: 1000,
burstLimit: 150,
burstWindowMs: 10_000,
});
if (!rateCheck.allowed) {
return new Response(JSON.stringify({
error: rateCheck.isFlooding ? 'Too many requests - please slow down' : 'Rate limit exceeded'
}), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '1' },
});
}
recordRequest(request, 1000);
// Check authentication
const { user, error: authError, setCookieHeader } = await requireApiAuth(request);
if (authError) return authError;
// Helper to create responses with optional Set-Cookie header
const createResponse = (data, status = 200) => new Response(JSON.stringify(data), {
status,
headers: {
'Content-Type': 'application/json',
...(setCookieHeader && { 'Set-Cookie': setCookieHeader }),
},
});
// Helper to validate Discord snowflake IDs (17-20 digit strings)
const isValidSnowflake = (id) => !id || /^\d{17,20}$/.test(id);
try {
const url = new URL(request.url);
const channelId = url.searchParams.get('channelId');
const limit = Math.min(parseInt(url.searchParams.get('limit') || '50', 10), 100);
const before = url.searchParams.get('before'); // For pagination
const after = url.searchParams.get('after');
const around = url.searchParams.get('around'); // For jumping to specific message
const editedSince = url.searchParams.get('editedSince'); // ISO timestamp for fetching recently edited messages
const baseUrl = `${url.protocol}//${url.host}`;
if (!channelId) {
return createResponse({ error: 'channelId is required' }, 400);
}
// Validate snowflake formats
if (!isValidSnowflake(channelId) || !isValidSnowflake(before) || !isValidSnowflake(after) || !isValidSnowflake(around)) {
return createResponse({ error: 'Invalid ID format' }, 400);
}
// Get guild_id from channel
const channelInfo = await sql`
SELECT guild_id FROM channels WHERE channel_id = ${channelId}
`;
const guildId = channelInfo[0]?.guild_id;
// Build the query with optional pagination
// Joins guild_members for nickname and gets highest role color
let messages;
if (editedSince) {
// Fetch messages edited since the given timestamp
const editedSinceDate = new Date(editedSince);
messages = await sql`
SELECT
m.message_id,
m.raw_data,
m.message_type,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
m.webhook_id,
m.reference_guild_id,
c.guild_id as message_guild_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.channel_id = ${channelId}
AND m.edited_at > ${editedSinceDate}
AND m.is_deleted = FALSE
ORDER BY m.edited_at DESC
LIMIT ${limit}
`;
} else if (before) {
messages = await sql`
SELECT
m.message_id,
m.raw_data,
m.message_type,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.channel_id = ${channelId}
AND m.message_id < ${before}
AND m.is_deleted = FALSE
ORDER BY m.created_at DESC
LIMIT ${limit}
`;
} else if (after) {
messages = await sql`
SELECT
m.message_id,
m.raw_data,
m.message_type,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
m.webhook_id,
m.reference_guild_id,
c.guild_id as message_guild_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.channel_id = ${channelId}
AND m.message_id > ${after}
AND m.is_deleted = FALSE
ORDER BY m.created_at ASC
LIMIT ${limit}
`;
} else if (around) {
// Fetch messages around a specific message ID (half before, half after)
const halfLimit = Math.floor(limit / 2);
messages = await sql`
(
SELECT
m.message_id,
m.raw_data,
m.message_type,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
m.webhook_id,
m.reference_guild_id,
c.guild_id as message_guild_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.channel_id = ${channelId}
AND m.message_id <= ${around}
AND m.is_deleted = FALSE
ORDER BY m.created_at DESC
LIMIT ${halfLimit + 1}
)
UNION ALL
(
SELECT
m.message_id,
m.message_type,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
m.webhook_id,
m.reference_guild_id,
c.guild_id as message_guild_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.channel_id = ${channelId}
AND m.message_id > ${around}
AND m.is_deleted = FALSE
ORDER BY m.created_at ASC
LIMIT ${halfLimit}
)
ORDER BY created_at ASC
`;
} else {
messages = await sql`
SELECT
m.message_id,
m.raw_data,
m.message_type,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
m.webhook_id,
m.reference_guild_id,
c.guild_id as message_guild_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.channel_id = ${channelId}
AND m.is_deleted = FALSE
ORDER BY m.created_at DESC
LIMIT ${limit}
`;
}
// Messages are already in DESC order (newest first) - no need to reverse
if (messages.length === 0) {
return createResponse({ messages: [], users: {} });
}
// Get all message IDs for fetching related data
const messageIds = messages.map(m => m.message_id);
// Get unique author IDs for fetching cached avatar info
const authorIds = [...new Set(messages.map(m => m.author_id).filter(Boolean))];
// Fetch cached avatar IDs for all authors
const userAvatarCache = {};
if (authorIds.length > 0) {
const avatarInfo = await sql`
SELECT
u.user_id,
u.cached_avatar_id,
gm.cached_guild_avatar_id
FROM users u
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND gm.guild_id = ${guildId}
WHERE u.user_id = ANY(${authorIds})
`;
for (const info of avatarInfo) {
userAvatarCache[info.user_id.toString()] = {
cachedAvatarId: info.cached_guild_avatar_id || info.cached_avatar_id,
};
}
}
// Extract all mentioned user IDs from message content
const mentionedUserIds = new Set();
const userMentionRegex = /<@!?(\d+)>/g;
for (const msg of messages) {
if (msg.content) {
let match;
while ((match = userMentionRegex.exec(msg.content)) !== null) {
mentionedUserIds.add(match[1]);
}
}
}
// Fetch mentioned users with their display names and colors
let mentionedUsers = [];
if (mentionedUserIds.size > 0) {
const mentionedIds = Array.from(mentionedUserIds);
mentionedUsers = await sql`
SELECT
u.user_id,
u.username,
COALESCE(gm.nickname, u.global_name, u.username) as display_name,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as color
FROM users u
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND gm.guild_id = ${guildId}
WHERE u.user_id = ANY(${mentionedIds})
`;
}
// Build users map for mentions
const usersMap = {};
for (const user of mentionedUsers) {
const colorHex = user.color ? `#${user.color.toString(16).padStart(6, '0')}` : null;
usersMap[user.user_id.toString()] = {
username: user.username,
displayName: user.display_name,
color: colorHex,
};
}
// Fetch attachments for all messages
const attachments = await sql`
SELECT
attachment_id, message_id, filename, url, proxy_url,
content_type, size, width, height, cached_image_id
FROM attachments
WHERE message_id = ANY(${messageIds})
`;
// Fetch embeds for all messages
const embeds = await sql`
SELECT
embed_id, message_id, embed_type, title, description, url,
raw_data,
color, timestamp as embed_timestamp,
footer_text, footer_icon_url, cached_footer_icon_id,
image_url, image_width, image_height, cached_image_id,
thumbnail_url, thumbnail_width, thumbnail_height, cached_thumbnail_id,
video_url, video_width, video_height,
provider_name, provider_url,
author_name, author_url, author_icon_url, cached_author_icon_id
FROM embeds
WHERE message_id = ANY(${messageIds})
`;
// Fetch message components (buttons, selects, etc.) for all messages
const messageComponents = await sql`
SELECT
component_id, message_id, component_type, custom_id, label, style, url, disabled, placeholder,
min_values, max_values, raw_data
FROM message_components
WHERE message_id = ANY(${messageIds})
ORDER BY component_id
`;
// Fetch embed fields for all embeds
const embedIds = embeds.map(e => e.embed_id);
let embedFields = [];
if (embedIds.length > 0) {
embedFields = await sql`
SELECT embed_id, name, value, inline, position
FROM embed_fields
WHERE embed_id = ANY(${embedIds})
ORDER BY position ASC
`;
}
// Index embed fields by embed_id
const fieldsByEmbed = {};
for (const field of embedFields) {
if (!fieldsByEmbed[field.embed_id]) {
fieldsByEmbed[field.embed_id] = [];
}
fieldsByEmbed[field.embed_id].push({
name: field.name,
value: field.value,
inline: field.inline || false,
});
}
// Fetch reactions for all messages (aggregate counts since each reaction is a row)
const reactions = await sql`
SELECT
message_id, emoji_id, emoji_name, emoji_animated,
COUNT(*) FILTER (WHERE is_removed = FALSE) as count
FROM reactions
WHERE message_id = ANY(${messageIds})
AND is_removed = FALSE
GROUP BY message_id, emoji_id, emoji_name, emoji_animated
`;
// Fetch stickers for all messages
const stickers = await sql`
SELECT
ms.message_id,
s.sticker_id,
s.name,
s.format_type
FROM message_stickers ms
JOIN stickers s ON ms.sticker_id = s.sticker_id
WHERE ms.message_id = ANY(${messageIds})
`;
// Fetch polls for all messages
const polls = await sql`
SELECT
p.message_id,
p.question_text,
p.question_emoji_id,
p.question_emoji_name,
p.question_emoji_animated,
p.allow_multiselect,
p.expiry,
p.is_finalized,
p.total_votes
FROM polls p
WHERE p.message_id = ANY(${messageIds})
`;
// Fetch poll answers
const pollAnswers = await sql`
SELECT
pa.message_id,
pa.answer_id,
pa.answer_text,
pa.answer_emoji_id,
pa.answer_emoji_name,
pa.answer_emoji_animated,
pa.vote_count
FROM poll_answers pa
WHERE pa.message_id = ANY(${messageIds})
ORDER BY pa.answer_id
`;
// Fetch poll votes with user info
const pollMessageIds = polls.map(p => p.message_id);
let pollVotes = [];
if (pollMessageIds.length > 0) {
pollVotes = await sql`
SELECT
pv.message_id,
pv.answer_id,
pv.user_id,
u.username,
COALESCE(gm.nickname, u.global_name, u.username) as display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as avatar_url
FROM poll_votes pv
LEFT JOIN users u ON pv.user_id = u.user_id
LEFT JOIN guild_members gm ON pv.user_id = gm.user_id AND gm.guild_id = ${guildId}
WHERE pv.message_id = ANY(${pollMessageIds})
AND pv.is_removed = FALSE
ORDER BY pv.voted_at ASC
`;
}
// Fetch referenced messages for replies
const referencedIds = messages
.filter(m => m.reference_message_id)
.map(m => m.reference_message_id);
let referencedMessages = [];
if (referencedIds.length > 0) {
referencedMessages = await sql`
SELECT
m.message_id,
m.content,
u.user_id as author_id,
u.username as author_username,
u.avatar_url as author_avatar,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.message_id = ANY(${referencedIds})
`;
}
// Index related data by message_id for quick lookup
const attachmentsByMessage = {};
const embedsByMessage = {};
const reactionsByMessage = {};
const stickersByMessage = {};
const componentsByMessage = {};
const pollsByMessage = {};
const referencedById = {};
for (const att of attachments) {
if (!attachmentsByMessage[att.message_id]) {
attachmentsByMessage[att.message_id] = [];
}
attachmentsByMessage[att.message_id].push({
id: att.attachment_id.toString(),
filename: att.filename,
url: getCachedOrProxyUrl(att.cached_image_id, att.url || att.proxy_url, baseUrl),
contentType: att.content_type,
size: att.size,
width: att.width,
height: att.height,
});
}
for (const embed of embeds) {
if (!embedsByMessage[embed.message_id]) {
embedsByMessage[embed.message_id] = [];
}
embedsByMessage[embed.message_id].push({
type: embed.embed_type || 'rich',
title: embed.title,
description: embed.description,
url: embed.url,
color: embed.color,
timestamp: embed.embed_timestamp,
footer: embed.footer_text ? {
text: embed.footer_text,
iconUrl: getCachedOrProxyUrl(embed.cached_footer_icon_id, embed.footer_icon_url, baseUrl),
} : null,
image: embed.image_url ? {
url: getCachedOrProxyUrl(embed.cached_image_id, embed.image_url, baseUrl),
width: embed.image_width,
height: embed.image_height,
} : null,
thumbnail: embed.thumbnail_url ? {
url: getCachedOrProxyUrl(embed.cached_thumbnail_id, embed.thumbnail_url, baseUrl),
width: embed.thumbnail_width,
height: embed.thumbnail_height,
} : null,
video: embed.video_url ? {
url: embed.video_url, // Video URLs usually need to be direct for embedding
width: embed.video_width,
height: embed.video_height,
} : null,
provider: embed.provider_name ? {
name: embed.provider_name,
url: embed.provider_url,
} : null,
author: embed.author_name ? {
name: embed.author_name,
url: embed.author_url,
iconUrl: getCachedOrProxyUrl(embed.cached_author_icon_id, embed.author_icon_url, baseUrl),
} : null,
fields: fieldsByEmbed[embed.embed_id] || [],
rawData: embed.raw_data || null,
});
}
for (const reaction of reactions) {
if (!reactionsByMessage[reaction.message_id]) {
reactionsByMessage[reaction.message_id] = [];
}
reactionsByMessage[reaction.message_id].push({
emoji: reaction.emoji_id
? { id: reaction.emoji_id.toString(), name: reaction.emoji_name, animated: reaction.emoji_animated }
: { name: reaction.emoji_name },
count: parseInt(reaction.count, 10),
});
}
// Sticker format types: 1=PNG, 2=APNG, 3=Lottie, 4=GIF
const stickerExtensions = { 1: 'png', 2: 'png', 3: 'json', 4: 'gif' };
for (const sticker of stickers) {
if (!stickersByMessage[sticker.message_id]) {
stickersByMessage[sticker.message_id] = [];
}
const ext = stickerExtensions[sticker.format_type] || 'png';
stickersByMessage[sticker.message_id].push({
id: sticker.sticker_id.toString(),
name: sticker.name,
formatType: sticker.format_type,
url: `https://media.discordapp.net/stickers/${sticker.sticker_id}.${ext}?size=160`,
});
}
// Index message components
for (const comp of messageComponents) {
if (!componentsByMessage[comp.message_id]) componentsByMessage[comp.message_id] = [];
componentsByMessage[comp.message_id].push({
id: comp.component_id.toString(),
type: comp.component_type,
customId: comp.custom_id,
label: comp.label,
style: comp.style,
url: comp.url,
disabled: !!comp.disabled,
placeholder: comp.placeholder,
minValues: comp.min_values,
maxValues: comp.max_values,
rawData: comp.raw_data || null,
});
}
// Index poll votes by message_id and answer_id
const pollVotesByAnswer = {};
for (const vote of pollVotes) {
const key = `${vote.message_id}-${vote.answer_id}`;
if (!pollVotesByAnswer[key]) {
pollVotesByAnswer[key] = [];
}
// Build avatar URL
let avatarUrl = null;
if (vote.avatar_url) {
if (vote.avatar_url.startsWith('http')) {
avatarUrl = vote.avatar_url;
} else {
avatarUrl = `https://cdn.discordapp.com/avatars/${vote.user_id}/${vote.avatar_url}.png?size=32`;
}
}
pollVotesByAnswer[key].push({
id: vote.user_id.toString(),
username: vote.username,
displayName: vote.display_name || vote.username,
avatar: avatarUrl,
});
}
// Index poll answers by message_id
const pollAnswersByMessage = {};
for (const answer of pollAnswers) {
if (!pollAnswersByMessage[answer.message_id]) {
pollAnswersByMessage[answer.message_id] = [];
}
const voteKey = `${answer.message_id}-${answer.answer_id}`;
pollAnswersByMessage[answer.message_id].push({
id: answer.answer_id,
text: answer.answer_text,
emoji: answer.answer_emoji_id
? { id: answer.answer_emoji_id.toString(), name: answer.answer_emoji_name, animated: answer.answer_emoji_animated }
: answer.answer_emoji_name ? { name: answer.answer_emoji_name } : null,
voteCount: answer.vote_count || 0,
voters: pollVotesByAnswer[voteKey] || [],
});
}
// Index polls by message_id
for (const poll of polls) {
const answers = pollAnswersByMessage[poll.message_id] || [];
pollsByMessage[poll.message_id] = {
question: {
text: poll.question_text,
emoji: poll.question_emoji_id
? { id: poll.question_emoji_id.toString(), name: poll.question_emoji_name, animated: poll.question_emoji_animated }
: poll.question_emoji_name ? { name: poll.question_emoji_name } : null,
},
answers,
allowMultiselect: poll.allow_multiselect || false,
expiry: poll.expiry?.toISOString() || null,
isFinalized: poll.is_finalized || false,
totalVotes: poll.total_votes || 0,
};
}
for (const ref of referencedMessages) {
// Handle avatar URL for referenced message author
const refAvatarSource = ref.author_guild_avatar || ref.author_avatar;
let refAvatarUrl;
if (refAvatarSource) {
if (refAvatarSource.startsWith('http')) {
refAvatarUrl = refAvatarSource;
} else {
refAvatarUrl = `https://cdn.discordapp.com/avatars/${ref.author_id}/${refAvatarSource}.png?size=32`;
}
}
referencedById[ref.message_id] = {
id: ref.message_id.toString(),
content: ref.content,
author: {
id: ref.author_id?.toString(),
username: ref.author_username,
displayName: ref.author_display_name,
avatar: refAvatarUrl,
},
};
}
// Build the formatted response
const formattedMessages = messages.map(msg => {
// Check for cached avatar first
const authorId = msg.author_id?.toString();
const cachedInfo = userAvatarCache[authorId];
let avatarUrl;
if (cachedInfo?.cachedAvatarId) {
// Use cached avatar from database
const sig = signImageId(cachedInfo.cachedAvatarId);
avatarUrl = `${baseUrl}/api/discord/cached-image?id=${cachedInfo.cachedAvatarId}&sig=${sig}`;
} else {
// Handle avatar URL - prefer guild avatar, then user avatar
const avatarSource = msg.author_guild_avatar || msg.author_avatar;
if (avatarSource) {
// If it's already a full URL, use it directly
if (avatarSource.startsWith('http')) {
avatarUrl = avatarSource;
} else {
// Otherwise, construct the CDN URL from the hash
// Guild avatars use a different path
if (msg.author_guild_avatar && guildId) {
avatarUrl = `https://cdn.discordapp.com/guilds/${guildId}/users/${msg.author_id}/avatars/${msg.author_guild_avatar}.png`;
} else {
avatarUrl = `https://cdn.discordapp.com/avatars/${msg.author_id}/${avatarSource}.png`;
}
}
} else {
avatarUrl = `https://cdn.discordapp.com/embed/avatars/${(parseInt(msg.author_discriminator || '0', 10) || parseInt(msg.author_id, 10)) % 5}.png`;
}
}
// Convert color from decimal to hex if present
const colorHex = msg.author_color ? `#${msg.author_color.toString(16).padStart(6, '0')}` : null;
// Determine if this is a server-forwarded webhook message
// Server-forwarded messages have a webhook_id AND reference_guild_id differs from current guild
const isWebhook = !!msg.webhook_id;
const isServerForwarded = isWebhook && msg.reference_guild_id &&
msg.reference_guild_id.toString() !== msg.message_guild_id?.toString();
return {
id: msg.message_id.toString(),
type: msg.message_type,
content: msg.content,
timestamp: msg.created_at?.toISOString(),
editedTimestamp: msg.edited_at?.toISOString() || null,
author: {
id: msg.author_id?.toString(),
username: msg.author_username || 'Unknown User',
displayName: msg.author_display_name || msg.author_username || 'Unknown User',
discriminator: msg.author_discriminator || '0000',
avatar: avatarUrl,
bot: msg.author_bot || false,
isWebhook: isWebhook,
isServerForwarded: isServerForwarded,
color: colorHex,
},
attachments: attachmentsByMessage[msg.message_id] || [],
embeds: embedsByMessage[msg.message_id] || [],
components: componentsByMessage[msg.message_id] || [],
rawData: msg.raw_data || null,
stickers: stickersByMessage[msg.message_id] || [],
reactions: reactionsByMessage[msg.message_id] || [],
poll: pollsByMessage[msg.message_id] || null,
referencedMessage: msg.reference_message_id
? referencedById[msg.reference_message_id] || null
: null,
};
});
return createResponse({ messages: formattedMessages, users: usersMap });
} catch (error) {
console.error('Error fetching messages:', error);
return createResponse({ error: 'Failed to fetch messages' }, 500);
}
}

138
src/pages/api/discord/reaction-users.js Normal file
View File

@@ -0,0 +1,138 @@
/**
* API endpoint to fetch users who reacted with a specific emoji on a message
*/
import sql from '../../../utils/db.js';
import { requireApiAuth } from '../../../utils/apiAuth.js';
import {
checkRateLimit,
recordRequest,
} from '../../../utils/rateLimit.js';
import { signImageId } from './cached-image.js';
export async function GET({ request }) {
// Rate limit check
const rateCheck = checkRateLimit(request, {
limit: 20,
windowMs: 1000,
burstLimit: 100,
burstWindowMs: 10_000,
});
if (!rateCheck.allowed) {
return new Response(JSON.stringify({
error: rateCheck.isFlooding ? 'Too many requests - please slow down' : 'Rate limit exceeded'
}), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '1' },
});
}
recordRequest(request, 1000);
// Check authentication
const { user, error: authError, setCookieHeader } = await requireApiAuth(request);
if (authError) return authError;
// Helper to create responses with optional Set-Cookie header
const createResponse = (data, status = 200) => new Response(JSON.stringify(data), {
status,
headers: {
'Content-Type': 'application/json',
...(setCookieHeader && { 'Set-Cookie': setCookieHeader }),
},
});
// Helper to validate Discord snowflake IDs (17-20 digit strings)
const isValidSnowflake = (id) => !id || /^\d{17,20}$/.test(id);
try {
const url = new URL(request.url);
const messageId = url.searchParams.get('messageId');
const emojiName = url.searchParams.get('emojiName');
const emojiId = url.searchParams.get('emojiId'); // null for unicode emoji
if (!messageId || !emojiName) {
return createResponse({ error: 'messageId and emojiName are required' }, 400);
}
// Validate snowflake formats
if (!isValidSnowflake(messageId) || !isValidSnowflake(emojiId)) {
return createResponse({ error: 'Invalid ID format' }, 400);
}
// Get the guild_id from the message's channel for proper display names
const messageInfo = await sql`
SELECT c.guild_id
FROM messages m
JOIN channels c ON m.channel_id = c.channel_id
WHERE m.message_id = ${messageId}
`;
const guildId = messageInfo[0]?.guild_id;
// Fetch users who reacted with this emoji
let users;
if (emojiId) {
users = await sql`
SELECT
u.user_id,
u.username,
u.avatar_url,
u.cached_avatar_id,
COALESCE(gm.nickname, u.global_name, u.username) as display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as guild_avatar,
gm.cached_guild_avatar_id
FROM reactions r
JOIN users u ON r.user_id = u.user_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND gm.guild_id = ${guildId}
WHERE r.message_id = ${messageId}
AND r.emoji_name = ${emojiName}
AND r.emoji_id = ${emojiId}
AND r.is_removed = FALSE
ORDER BY r.added_at ASC
`;
} else {
users = await sql`
SELECT
u.user_id,
u.username,
u.avatar_url,
u.cached_avatar_id,
COALESCE(gm.nickname, u.global_name, u.username) as display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as guild_avatar,
gm.cached_guild_avatar_id
FROM reactions r
JOIN users u ON r.user_id = u.user_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND gm.guild_id = ${guildId}
WHERE r.message_id = ${messageId}
AND r.emoji_name = ${emojiName}
AND r.emoji_id IS NULL
AND r.is_removed = FALSE
ORDER BY r.added_at ASC
`;
}
const formattedUsers = users.map(u => {
// Prefer cached avatar
const cachedAvatarId = u.cached_guild_avatar_id || u.cached_avatar_id;
let avatar;
if (cachedAvatarId) {
const sig = signImageId(cachedAvatarId);
avatar = `/api/discord/cached-image?id=${cachedAvatarId}&sig=${sig}`;
} else {
avatar = u.guild_avatar || u.avatar_url;
}
return {
id: u.user_id.toString(),
username: u.username,
displayName: u.display_name,
avatar,
};
});
return createResponse(formattedUsers);
} catch (error) {
console.error('Error fetching reaction users:', error);
return createResponse({ error: 'Failed to fetch reaction users' }, 500);
}
}

318
src/pages/api/discord/search.js Normal file
View File

@@ -0,0 +1,318 @@
/**
* API endpoint to search Discord messages
* Searches message content and embed content
*/
import sql from '../../../utils/db.js';
import { requireApiAuth } from '../../../utils/apiAuth.js';
import {
checkRateLimit,
recordRequest,
getCookieId,
} from '../../../utils/rateLimit.js';
// Escape LIKE/ILIKE metacharacters to prevent pattern injection
function escapeLikePattern(str) {
return str.replace(/[%_\\]/g, '\\$&');
}
export async function GET({ request }) {
// Rate limit check for authenticated endpoints
const rateCheck = checkRateLimit(request, {
limit: 10,
windowMs: 1000,
burstLimit: 50,
burstWindowMs: 10_000,
});
if (!rateCheck.allowed) {
return new Response(JSON.stringify({
error: rateCheck.isFlooding ? 'Too many requests - please slow down' : 'Rate limit exceeded'
}), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '1' },
});
}
recordRequest(request, 1000);
// Check authentication
const { user, error: authError, setCookieHeader } = await requireApiAuth(request);
if (authError) return authError;
if (authError) return authError;
// Helper to create responses with optional Set-Cookie header
const createResponse = (data, status = 200) => new Response(JSON.stringify(data), {
status,
headers: {
'Content-Type': 'application/json',
...(setCookieHeader && { 'Set-Cookie': setCookieHeader }),
},
});
// Helper to validate Discord snowflake IDs (17-20 digit strings)
const isValidSnowflake = (id) => !id || /^\d{17,20}$/.test(id);
try {
const url = new URL(request.url);
const channelId = url.searchParams.get('channelId');
const query = url.searchParams.get('q');
const limit = Math.min(parseInt(url.searchParams.get('limit') || '50', 10), 100);
if (!channelId) {
return createResponse({ error: 'channelId is required' }, 400);
}
// Validate snowflake format
if (!isValidSnowflake(channelId)) {
return createResponse({ error: 'Invalid channelId format' }, 400);
}
if (!query || query.trim().length < 2) {
return createResponse({ error: 'Search query must be at least 2 characters' }, 400);
}
// Escape LIKE metacharacters to prevent pattern injection
const escapedQuery = escapeLikePattern(query);
const searchPattern = `%${escapedQuery}%`;
// Search messages by content, author username, or embed content
const messages = await sql`
SELECT DISTINCT
m.message_id,
m.content,
m.created_at,
m.edited_at,
m.reference_message_id,
m.channel_id,
u.user_id as author_id,
u.username as author_username,
u.discriminator as author_discriminator,
u.avatar_url as author_avatar,
u.is_bot as author_bot,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name,
COALESCE(gm.guild_avatar_url, u.avatar_url) as author_guild_avatar,
(
SELECT r.color
FROM roles r
WHERE r.role_id = ANY(gm.roles)
AND r.color IS NOT NULL
AND r.color != 0
ORDER BY r.position DESC
LIMIT 1
) as author_color
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
LEFT JOIN embeds e ON m.message_id = e.message_id
WHERE m.channel_id = ${channelId}
AND m.is_deleted = FALSE
AND (
m.content ILIKE ${searchPattern}
OR u.username ILIKE ${searchPattern}
OR u.global_name ILIKE ${searchPattern}
OR gm.nickname ILIKE ${searchPattern}
OR e.title ILIKE ${searchPattern}
OR e.description ILIKE ${searchPattern}
OR e.author_name ILIKE ${searchPattern}
)
ORDER BY m.created_at DESC
LIMIT ${limit}
`;
if (messages.length === 0) {
return createResponse({ messages: [], totalCount: 0 });
}
// Get message IDs for fetching related data
const messageIds = messages.map(m => m.message_id);
// Fetch attachments
const attachments = await sql`
SELECT
message_id,
attachment_id,
filename,
url,
proxy_url,
content_type,
size,
width,
height
FROM attachments
WHERE message_id = ANY(${messageIds})
ORDER BY attachment_id
`;
// Fetch embeds
const embeds = await sql`
SELECT
embed_id, message_id, embed_type, title, description, url,
color, timestamp as embed_timestamp,
footer_text, footer_icon_url,
image_url, image_width, image_height,
thumbnail_url, thumbnail_width, thumbnail_height,
video_url, video_width, video_height,
provider_name, provider_url,
author_name, author_url, author_icon_url
FROM embeds
WHERE message_id = ANY(${messageIds})
`;
// Fetch reactions
const reactions = await sql`
SELECT
message_id,
emoji_id,
emoji_name,
emoji_animated,
COUNT(*) as count
FROM reactions
WHERE message_id = ANY(${messageIds})
AND is_removed = FALSE
GROUP BY message_id, emoji_id, emoji_name, emoji_animated
`;
// Fetch referenced messages (for replies)
const referencedIds = messages
.filter(m => m.reference_message_id)
.map(m => m.reference_message_id);
let referencedMessages = [];
if (referencedIds.length > 0) {
referencedMessages = await sql`
SELECT
m.message_id,
m.content,
u.user_id as author_id,
u.username as author_username,
COALESCE(gm.nickname, u.global_name, u.username) as author_display_name
FROM messages m
LEFT JOIN users u ON m.author_id = u.user_id
LEFT JOIN channels c ON m.channel_id = c.channel_id
LEFT JOIN guild_members gm ON u.user_id = gm.user_id AND c.guild_id = gm.guild_id
WHERE m.message_id = ANY(${referencedIds})
`;
}
// Build referenced message map
const referencedMap = {};
referencedMessages.forEach(ref => {
referencedMap[ref.message_id] = {
id: ref.message_id,
content: ref.content,
author: {
id: ref.author_id,
username: ref.author_username,
displayName: ref.author_display_name,
},
};
});
// Group attachments, embeds, and reactions by message
const attachmentsByMessage = {};
attachments.forEach(att => {
if (!attachmentsByMessage[att.message_id]) {
attachmentsByMessage[att.message_id] = [];
}
attachmentsByMessage[att.message_id].push({
id: att.attachment_id,
filename: att.filename,
url: att.url,
proxyUrl: att.proxy_url,
contentType: att.content_type,
size: att.size,
width: att.width,
height: att.height,
});
});
const embedsByMessage = {};
embeds.forEach(emb => {
if (!embedsByMessage[emb.message_id]) {
embedsByMessage[emb.message_id] = [];
}
embedsByMessage[emb.message_id].push({
type: emb.embed_type,
title: emb.title,
description: emb.description,
url: emb.url,
color: emb.color,
timestamp: emb.embed_timestamp,
footer: emb.footer_text ? {
text: emb.footer_text,
iconUrl: emb.footer_icon_url,
} : null,
image: emb.image_url ? {
url: emb.image_url,
width: emb.image_width,
height: emb.image_height,
} : null,
thumbnail: emb.thumbnail_url ? {
url: emb.thumbnail_url,
width: emb.thumbnail_width,
height: emb.thumbnail_height,
} : null,
video: emb.video_url ? {
url: emb.video_url,
width: emb.video_width,
height: emb.video_height,
} : null,
provider: emb.provider_name ? {
name: emb.provider_name,
url: emb.provider_url,
} : null,
author: emb.author_name ? {
name: emb.author_name,
url: emb.author_url,
iconUrl: emb.author_icon_url,
} : null,
fields: [],
});
});
const reactionsByMessage = {};
reactions.forEach(r => {
if (!reactionsByMessage[r.message_id]) {
reactionsByMessage[r.message_id] = [];
}
reactionsByMessage[r.message_id].push({
emoji: {
id: r.emoji_id,
name: r.emoji_name,
animated: r.emoji_animated,
},
count: r.count,
});
});
// Format response
const formattedMessages = messages.map(msg => ({
id: msg.message_id,
content: msg.content,
timestamp: msg.created_at,
editedAt: msg.edited_at,
author: {
id: msg.author_id,
username: msg.author_username,
discriminator: msg.author_discriminator,
avatar: msg.author_guild_avatar || msg.author_avatar,
displayName: msg.author_display_name,
bot: msg.author_bot,
color: msg.author_color ? `#${msg.author_color.toString(16).padStart(6, '0')}` : null,
},
attachments: attachmentsByMessage[msg.message_id] || [],
embeds: embedsByMessage[msg.message_id] || [],
reactions: reactionsByMessage[msg.message_id] || [],
referencedMessage: msg.reference_message_id ? referencedMap[msg.reference_message_id] : null,
}));
return createResponse({
messages: formattedMessages,
totalCount: formattedMessages.length,
});
} catch (error) {
console.error('Search error:', error);
return createResponse({ error: 'Failed to search messages' }, 500);
}
}

269
src/pages/api/image-proxy.js Normal file
View File

@@ -0,0 +1,269 @@
/**
* Server-side image proxy API endpoint
* Proxies images from untrusted domains to prevent user IP exposure
* Uses HMAC signatures to prevent abuse
*/
import {
checkRateLimit,
recordRequest,
getCookieId,
generateNonce,
createNonceCookie,
} from '../../utils/rateLimit.js';
// Secret key for signing URLs - MUST be set in production
const SIGNING_SECRET = import.meta.env.IMAGE_PROXY_SECRET;
if (!SIGNING_SECRET) {
console.error('CRITICAL: IMAGE_PROXY_SECRET environment variable is not set!');
}
// Private IP ranges to block (SSRF protection)
const PRIVATE_IP_PATTERNS = [
/^127\./, // localhost
/^10\./, // Class A private
/^172\.(1[6-9]|2[0-9]|3[0-1])\./, // Class B private
/^192\.168\./, // Class C private
/^169\.254\./, // Link-local
/^0\./, // Current network
/^224\./, // Multicast
/^255\./, // Broadcast
/^localhost$/i,
/^\[?::1\]?$/, // IPv6 localhost
/^\[?fe80:/i, // IPv6 link-local
/^\[?fc00:/i, // IPv6 private
/^\[?fd00:/i, // IPv6 private
];
function isPrivateUrl(urlString) {
try {
const url = new URL(urlString);
const hostname = url.hostname;
return PRIVATE_IP_PATTERNS.some(pattern => pattern.test(hostname));
} catch {
return true; // Block invalid URLs
}
}
// Max image size to proxy (25MB - needed for animated GIFs)
const MAX_IMAGE_SIZE = 25 * 1024 * 1024;
// Allowed content types
const ALLOWED_CONTENT_TYPES = [
'image/jpeg',
'image/png',
'image/gif',
'image/webp',
'image/svg+xml',
'image/bmp',
'image/x-icon',
'image/vnd.microsoft.icon',
'image/avif',
'image/apng',
];
// Image extensions for fallback content-type detection
const IMAGE_EXTENSIONS = {
'.jpg': 'image/jpeg',
'.jpeg': 'image/jpeg',
'.png': 'image/png',
'.gif': 'image/gif',
'.webp': 'image/webp',
'.svg': 'image/svg+xml',
'.bmp': 'image/bmp',
'.ico': 'image/x-icon',
'.avif': 'image/avif',
'.apng': 'image/apng',
};
/**
* Get content type from URL extension
*/
function getContentTypeFromUrl(url) {
try {
const pathname = new URL(url).pathname.toLowerCase();
for (const [ext, type] of Object.entries(IMAGE_EXTENSIONS)) {
if (pathname.endsWith(ext)) {
return type;
}
}
} catch {}
return null;
}
/**
* Generate HMAC signature for a URL
*/
export async function signImageUrl(imageUrl) {
const encoder = new TextEncoder();
const key = await crypto.subtle.importKey(
'raw',
encoder.encode(SIGNING_SECRET),
{ name: 'HMAC', hash: 'SHA-256' },
false,
['sign']
);
const signature = await crypto.subtle.sign('HMAC', key, encoder.encode(imageUrl));
const signatureHex = Array.from(new Uint8Array(signature))
.map(b => b.toString(16).padStart(2, '0'))
.join('');
return signatureHex;
}
/**
* Verify HMAC signature for a URL
*/
async function verifySignature(imageUrl, signature) {
const expectedSignature = await signImageUrl(imageUrl);
return signature === expectedSignature;
}
/**
* Create a signed proxy URL for an image
*/
export async function createSignedProxyUrl(imageUrl) {
const signature = await signImageUrl(imageUrl);
return `/api/image-proxy?url=${encodeURIComponent(imageUrl)}&sig=${signature}`;
}
export async function GET({ request }) {
// Rate limit check
const rateCheck = checkRateLimit(request, {
limit: 20,
windowMs: 1000,
burstLimit: 100,
burstWindowMs: 10_000,
});
let cookieId = getCookieId(request);
const hadCookie = !!cookieId;
if (!cookieId) {
cookieId = generateNonce();
}
if (!rateCheck.allowed) {
const response = new Response('Rate limit exceeded', {
status: 429,
headers: { 'Retry-After': '1' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
recordRequest(request, 1000);
const url = new URL(request.url);
const imageUrl = url.searchParams.get('url');
const signature = url.searchParams.get('sig');
if (!imageUrl) {
return new Response('Missing url parameter', { status: 400 });
}
if (!signature) {
return new Response('Missing signature', { status: 403 });
}
// Require signing secret to be configured
if (!SIGNING_SECRET) {
return new Response('Server misconfigured', { status: 500 });
}
// Verify the signature
const isValid = await verifySignature(imageUrl, signature);
if (!isValid) {
return new Response('Invalid signature', { status: 403 });
}
// Validate URL format
let parsedUrl;
try {
parsedUrl = new URL(imageUrl);
if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
throw new Error('Invalid protocol');
}
} catch {
return new Response('Invalid URL', { status: 400 });
}
// SSRF protection: block private/internal IPs
if (isPrivateUrl(imageUrl)) {
return new Response('URL not allowed', { status: 403 });
}
try {
const controller = new AbortController();
const timeout = setTimeout(() => controller.abort(), 10000);
const response = await fetch(imageUrl, {
method: 'GET',
headers: {
'User-Agent': 'Mozilla/5.0 (compatible; ImageProxy/1.0)',
'Accept': 'image/*',
},
signal: controller.signal,
redirect: 'follow',
});
clearTimeout(timeout);
if (!response.ok) {
return new Response('Failed to fetch image', { status: 502 });
}
let contentType = response.headers.get('content-type') || '';
const contentLength = parseInt(response.headers.get('content-length') || '0', 10);
// Validate content type - must be an image
let isAllowedType = ALLOWED_CONTENT_TYPES.some(type => contentType.startsWith(type));
// If server returned generic binary type, try to infer from URL extension
if (!isAllowedType && (contentType.includes('octet-stream') || contentType === '')) {
const inferredType = getContentTypeFromUrl(imageUrl);
if (inferredType) {
contentType = inferredType;
isAllowedType = true;
}
}
if (!isAllowedType) {
console.error(`[image-proxy] Invalid content type: ${contentType} for URL: ${imageUrl}`);
return new Response(`Invalid content type: ${contentType}`, { status: 400 });
}
// Check size limit
if (contentLength > MAX_IMAGE_SIZE) {
return new Response('Image too large', { status: 413 });
}
// Stream the image through
const imageData = await response.arrayBuffer();
// Double-check size after download
if (imageData.byteLength > MAX_IMAGE_SIZE) {
return new Response('Image too large', { status: 413 });
}
const proxyResponse = new Response(imageData, {
status: 200,
headers: {
'Content-Type': contentType,
'Content-Length': imageData.byteLength.toString(),
'Cache-Control': 'public, max-age=86400', // Cache for 1 day
'X-Content-Type-Options': 'nosniff',
},
});
if (!hadCookie) {
proxyResponse.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return proxyResponse;
} catch (err) {
console.error('[image-proxy] Error fetching image:', err.message);
return new Response('Failed to fetch image', { status: 500 });
}
}

279
src/pages/api/link-preview.js Normal file
View File

@@ -0,0 +1,279 @@
/**
* Server-side link preview API endpoint (Node.js / Astro)
* Uses linkedom for reliable HTML parsing and automatic entity decoding
* Returns signed proxy URLs for images from untrusted domains
*/
import {
checkRateLimit,
recordRequest,
getCookieId,
generateNonce,
createNonceCookie,
} from '../../utils/rateLimit.js';
import { signImageUrl } from './image-proxy.js';
import { parseHTML } from 'linkedom';
// Trusted domains that can be loaded client-side
const TRUSTED_DOMAINS = new Set([
'youtube.com', 'www.youtube.com', 'youtu.be', 'img.youtube.com', 'i.ytimg.com',
'instagram.com', 'www.instagram.com',
'twitter.com', 'x.com', 'www.twitter.com', 'pbs.twimg.com', 'abs.twimg.com',
'twitch.tv', 'www.twitch.tv', 'clips.twitch.tv',
'spotify.com', 'open.spotify.com',
'soundcloud.com', 'www.soundcloud.com',
'vimeo.com', 'www.vimeo.com',
'imgur.com', 'i.imgur.com',
'giphy.com', 'media.giphy.com',
'tenor.com', 'media.tenor.com',
'gfycat.com',
'reddit.com', 'www.reddit.com', 'v.redd.it', 'i.redd.it', 'preview.redd.it',
'github.com', 'gist.github.com', 'raw.githubusercontent.com', 'avatars.githubusercontent.com', 'user-images.githubusercontent.com',
'codepen.io', 'codesandbox.io',
'streamable.com', 'medal.tv',
'discord.com', 'cdn.discordapp.com', 'media.discordapp.net',
'picsum.photos', 'images.unsplash.com',
]);
function isTrustedDomain(url) {
try {
const parsed = new URL(url);
return TRUSTED_DOMAINS.has(parsed.hostname);
} catch {
return false;
}
}
async function getSafeImageUrl(imageUrl) {
if (!imageUrl) return null;
if (isTrustedDomain(imageUrl)) return imageUrl;
const signature = await signImageUrl(imageUrl);
return `/api/image-proxy?url=${encodeURIComponent(imageUrl)}&sig=${signature}`;
}
function parseMetaTags(html, url) {
const meta = {
url,
title: null,
description: null,
image: null,
siteName: null,
type: null,
video: null,
themeColor: null,
};
const decode = str => str?.replace(/&(#(?:x[0-9a-fA-F]+|\d+)|[a-zA-Z]+);/g,
(_, e) => e[0]==='#' ? String.fromCharCode(e[1]==='x'?parseInt(e.slice(2),16):parseInt(e.slice(1),10))
: ({amp:'&',lt:'<',gt:'>',quot:'"',apos:"'"}[e]||_));
const { document } = parseHTML(html);
// Open Graph / Twitter / fallback
meta.title =
decode(
document.querySelector('meta[property="og:title"]')?.getAttribute('content') ||
document.querySelector('meta[name="twitter:title"]')?.getAttribute('content') ||
document.querySelector('title')?.textContent || null
);
meta.description =
decode(
document.querySelector('meta[property="og:description"]')?.getAttribute('content') ||
document.querySelector('meta[name="twitter:description"]')?.getAttribute('content') ||
document.querySelector('meta[name="description"]')?.getAttribute('content') || null
);
meta.image =
decode(
document.querySelector('meta[property="og:image"]')?.getAttribute('content') ||
document.querySelector('meta[name="twitter:image"]')?.getAttribute('content') || null
);
meta.siteName =
decode(
document.querySelector('meta[property="og:site_name"]')?.getAttribute('content') ||
new URL(url).hostname.replace(/^www\./, '')
);
meta.type =
decode(
document.querySelector('meta[property="og:type"]')?.getAttribute('content') || null
);
meta.video =
decode(
document.querySelector('meta[property="og:video"]')?.getAttribute('content') || null
);
meta.themeColor =
decode(
document.querySelector('meta[name="theme-color"]')?.getAttribute('content') || null
);
// Resolve relative image URLs
if (meta.image && !meta.image.startsWith('http')) {
try {
meta.image = decode(new URL(meta.image, new URL(url).origin).href);
} catch {
meta.image = null;
}
}
return meta;
}
export async function GET({ request }) {
// Rate limit
const rateCheck = checkRateLimit(request, {
limit: 10,
windowMs: 1000,
burstLimit: 50,
burstWindowMs: 10_000,
});
let cookieId = getCookieId(request);
const hadCookie = !!cookieId;
if (!cookieId) cookieId = generateNonce();
if (!rateCheck.allowed) {
const errorMsg = rateCheck.isFlooding
? { error: 'Too many requests - please slow down' }
: { error: 'Rate limit exceeded' };
const resp = new Response(JSON.stringify(errorMsg), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '1' },
});
if (!hadCookie) resp.headers.set('Set-Cookie', createNonceCookie(cookieId));
return resp;
}
recordRequest(request, 1000);
const url = new URL(request.url);
const targetUrl = url.searchParams.get('url');
if (!targetUrl) {
return new Response(JSON.stringify({ error: 'Missing url parameter' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
}
// Validate URL
let parsedUrl;
try {
parsedUrl = new URL(targetUrl);
if (!['http:', 'https:'].includes(parsedUrl.protocol)) throw new Error();
} catch {
return new Response(JSON.stringify({ error: 'Invalid URL' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
}
const trusted = isTrustedDomain(targetUrl);
try {
const controller = new AbortController();
const timeout = setTimeout(() => controller.abort(), 8000);
const response = await fetch(targetUrl, {
method: 'GET',
headers: {
'User-Agent': 'Mozilla/5.0 (compatible; DiscordBot/2.0; +https://discordapp.com)',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
},
signal: controller.signal,
redirect: 'follow',
});
clearTimeout(timeout);
if (!response.ok) {
return new Response(JSON.stringify({
error: 'Failed to fetch URL',
status: response.status
}), {
status: 502,
headers: { 'Content-Type': 'application/json' },
});
}
const contentType = response.headers.get('content-type') || '';
// Handle direct image
if (contentType.startsWith('image/')) {
const safeImageUrl = await getSafeImageUrl(targetUrl);
const result = { url: targetUrl, type: 'image', image: safeImageUrl, trusted };
const resp = new Response(JSON.stringify(result), {
status: 200,
headers: { 'Content-Type': 'application/json', 'Cache-Control': 'public, max-age=3600' },
});
if (!hadCookie) resp.headers.set('Set-Cookie', createNonceCookie(cookieId));
return resp;
}
// Handle direct video
if (contentType.startsWith('video/')) {
if (!trusted) {
return new Response(JSON.stringify({ error: 'Untrusted video source' }), {
status: 403,
headers: { 'Content-Type': 'application/json' },
});
}
const result = { url: targetUrl, type: 'video', video: targetUrl, trusted };
const resp = new Response(JSON.stringify(result), {
status: 200,
headers: { 'Content-Type': 'application/json', 'Cache-Control': 'public, max-age=3600' },
});
if (!hadCookie) resp.headers.set('Set-Cookie', createNonceCookie(cookieId));
return resp;
}
if (!contentType.includes('text/html') && !contentType.includes('application/xhtml')) {
return new Response(JSON.stringify({ error: 'URL is not an HTML page', contentType }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
}
// Read first 50KB
const reader = response.body.getReader();
let html = '';
let bytesRead = 0;
const maxBytes = 50 * 1024;
while (bytesRead < maxBytes) {
const { done, value } = await reader.read();
if (done) break;
html += new TextDecoder().decode(value);
bytesRead += value.length;
if (html.includes('</head>')) break;
}
reader.cancel();
const meta = parseMetaTags(html, targetUrl);
meta.trusted = trusted;
// Convert image to safe URL
if (meta.image) meta.image = await getSafeImageUrl(meta.image);
const resp = new Response(JSON.stringify(meta), {
status: 200,
headers: { 'Content-Type': 'application/json', 'Cache-Control': 'public, max-age=3600' },
});
if (!hadCookie) resp.headers.set('Set-Cookie', createNonceCookie(cookieId));
return resp;
} catch (err) {
console.error('[link-preview] Error fetching URL:', err.message);
// Don't expose internal error details to client
return new Response(JSON.stringify({ error: 'Failed to fetch preview' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
}
}

97
src/pages/api/search.js
View File

@@ -1,24 +1,12 @@
const rateLimitMap = new Map();
function checkRateLimit(userId, limit = 5, windowMs = 1000) {
const now = Date.now();
const key = userId;
const entry = rateLimitMap.get(key);
if (!entry || now > entry.resetTime) {
rateLimitMap.set(key, { count: 1, resetTime: now + windowMs });
return true;
}
if (entry.count >= limit) {
return false;
}
entry.count++;
return true;
}
import { getSubsiteByHost } from '../../utils/subsites.js';
import {
checkRateLimit,
recordRequest,
getCookieId,
generateNonce,
createNonceCookie,
getClientIp,
} from '../../utils/rateLimit.js';
export async function GET({ request }) {
const host = request.headers.get('host');
@@ -28,27 +16,51 @@ export async function GET({ request }) {
return new Response('Not found', { status: 404 });
}
let userId = request.headers.get('cookie')?.split(';').find(c => c.trim().startsWith('nonce='))?.split('=')[1];
const hadCookie = !!userId;
if (!userId) {
userId = crypto.randomUUID();
// Rate limit check (5 requests per second, flood protection at 30/10s)
const rateCheck = checkRateLimit(request, {
limit: 5,
windowMs: 1000,
burstLimit: 30,
burstWindowMs: 10_000,
});
let cookieId = getCookieId(request);
const hadCookie = !!cookieId;
if (!cookieId) {
cookieId = generateNonce();
}
if (!checkRateLimit(userId)) {
const response = new Response(JSON.stringify({ error: 'Rate limit exceeded' }), { status: 429, headers: { 'Content-Type': 'application/json' } });
if (!rateCheck.allowed) {
const errorMsg = rateCheck.isFlooding
? { error: 'Too many requests - please slow down' }
: { error: 'Rate limit exceeded' };
const response = new Response(JSON.stringify(errorMsg), {
status: 429,
headers: {
'Content-Type': 'application/json',
'Retry-After': '1',
},
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
console.log(`[search] rate limited: ip=${rateCheck.ip} flooding=${rateCheck.isFlooding}`);
return response;
}
// Record the request for rate limiting
recordRequest(request, 1000);
const TMDB_API_KEY = import.meta.env.TMDB_API_KEY;
if (!TMDB_API_KEY) {
console.error('TMDB_API_KEY not set');
const response = new Response(JSON.stringify([]), { status: 500, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify([]), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
@@ -57,17 +69,23 @@ export async function GET({ request }) {
const q = url.searchParams.get('q');
if (!q || typeof q !== 'string' || !q.trim()) {
const response = new Response(JSON.stringify([]), { status: 200, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify([]), {
status: 200,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
if (q.length > 100) {
const response = new Response(JSON.stringify([]), { status: 200, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify([]), {
status: 200,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
@@ -96,16 +114,21 @@ export async function GET({ request }) {
overview: item.overview,
poster_path: item.poster_path,
}));
const response = new Response(JSON.stringify(filtered), { headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify(filtered), {
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
} catch (error) {
console.error('Error fetching suggestions:', error);
const response = new Response(JSON.stringify([]), { status: 500, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify([]), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}

128
src/pages/api/submit.js
View File

@@ -1,34 +1,12 @@
const rateLimitMap = new Map();
function checkRateLimit(userId, limit = 1, windowMs = 15000) { // 1 per 15 seconds for submits
const now = Date.now();
const key = userId;
const entry = rateLimitMap.get(key);
if (!entry || now > entry.resetTime) {
return true; // Allow, will be recorded later
}
if (entry.count >= limit) {
return false;
}
return true; // Allow, will be recorded later
}
function recordRequest(userId, windowMs = 15000) {
const now = Date.now();
const key = userId;
const entry = rateLimitMap.get(key);
if (!entry || now > entry.resetTime) {
rateLimitMap.set(key, { count: 1, resetTime: now + windowMs });
} else {
entry.count++;
}
}
import { getSubsiteByHost } from '../../utils/subsites.js';
import {
checkRateLimit,
recordRequest as recordRateLimitRequest,
getCookieId,
generateNonce,
createNonceCookie,
getClientIp,
} from '../../utils/rateLimit.js';
export async function POST({ request }) {
const host = request.headers.get('host');
@@ -37,17 +15,35 @@ export async function POST({ request }) {
return new Response('Not found', { status: 404 });
}
let userId = request.headers.get('cookie')?.split(';').find(c => c.trim().startsWith('nonce='))?.split('=')[1];
const hadCookie = !!userId;
if (!userId) {
userId = crypto.randomUUID();
// Rate limit check (1 request per 15 seconds, flood protection at 10/30s)
const rateCheck = checkRateLimit(request, {
limit: 1,
windowMs: 15_000,
burstLimit: 10,
burstWindowMs: 30_000,
});
let cookieId = getCookieId(request);
const hadCookie = !!cookieId;
if (!cookieId) {
cookieId = generateNonce();
}
if (!checkRateLimit(userId)) {
const response = new Response(JSON.stringify({ error: 'Rate limit exceeded' }), { status: 429, headers: { 'Content-Type': 'application/json' } });
if (!rateCheck.allowed) {
const errorMsg = rateCheck.isFlooding
? { error: 'Too many requests - please slow down' }
: { error: 'Rate limit exceeded. Please wait before submitting again.' };
const response = new Response(JSON.stringify(errorMsg), {
status: 429,
headers: {
'Content-Type': 'application/json',
'Retry-After': '15',
},
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
console.log(`[submit] rate limited: ip=${rateCheck.ip} flooding=${rateCheck.isFlooding}`);
return response;
}
@@ -55,9 +51,12 @@ export async function POST({ request }) {
if (!DISCORD_WEBHOOK_URL) {
console.error('DISCORD_WEBHOOK_URL not set');
const response = new Response(JSON.stringify({ error: 'Webhook not configured' }), { status: 500, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Webhook not configured' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
@@ -67,41 +66,56 @@ export async function POST({ request }) {
// Input validation
if (!title || typeof title !== 'string' || !title.trim()) {
const response = new Response(JSON.stringify({ error: 'Title is required and must be a non-empty string' }), { status: 400, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Title is required and must be a non-empty string' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
if (title.length > 200) {
const response = new Response(JSON.stringify({ error: 'Title must be 200 characters or less' }), { status: 400, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Title must be 200 characters or less' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
if (!['movie', 'tv'].includes(type)) {
const response = new Response(JSON.stringify({ error: 'Type must be either "movie" or "tv"' }), { status: 400, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Type must be either "movie" or "tv"' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
if (year && (typeof year !== 'string' || !/^\d{4}$/.test(year))) {
const response = new Response(JSON.stringify({ error: 'Year must be a 4-digit number if provided' }), { status: 400, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Year must be a 4-digit number if provided' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
if (requester && (typeof requester !== 'string' || requester.length > 500)) {
const response = new Response(JSON.stringify({ error: 'Requester name must be 500 characters or less if provided' }), { status: 400, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Requester name must be 500 characters or less if provided' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
@@ -216,18 +230,24 @@ export async function POST({ request }) {
throw new Error(`Discord webhook error: ${apiResponse.status}`);
}
recordRequest(userId);
// Record the request for rate limiting after successful submission
recordRateLimitRequest(request, 15_000);
const response = new Response(JSON.stringify({ success: true }), { headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ success: true }), {
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
} catch (error) {
console.error('Webhook submission error:', error);
const response = new Response(JSON.stringify({ error: 'Failed to submit' }), { status: 500, headers: { 'Content-Type': 'application/json' } });
const response = new Response(JSON.stringify({ error: 'Failed to submit' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', `nonce=${userId}; HttpOnly; Path=/; Max-Age=31536000`);
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}

26
src/pages/discord-logs.astro Normal file
View File

@@ -0,0 +1,26 @@
---
import Base from "../layouts/Base.astro";
import Root from "../components/AppLayout.jsx";
import "@styles/DiscordLogs.css";
// Auth + role check handled by middleware
// Middleware redirects to /login if not authenticated or lacks 'discord' role
const user = Astro.locals.user as any;
// Prevent browser caching of authenticated pages
Astro.response.headers.set('Cache-Control', 'no-store, no-cache, must-revalidate, private');
Astro.response.headers.set('Pragma', 'no-cache');
---
<Base title="Discord Archive" description="Archived Discord channel logs">
<section class="page-section discord-logs-section">
<Root child="DiscordLogs" client:only="react" />
</section>
</Base>
<style is:global>
/* Override main container width for Discord logs */
body:has(.discord-logs-section) main.page-enter {
max-width: 1400px !important;
}
</style>

17
src/pages/index.astro
View File

@@ -16,21 +16,12 @@ const whitelabel = WHITELABELS[host] ?? (detected ? WHITELABELS[detected.host] :
<Base>
{whitelabel ? (
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="ReqForm" client:only="react">
</Root>
</div>
<section class="page-section">
<Root child="ReqForm" client:only="react" />
</section>
) : (
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root
child="LyricSearch"
client:only="react"
/>
</div>
<section class="page-section">
<Root child="LyricSearch" client:only="react" />
</section>
)}
</Base>

15
src/pages/lighting.astro
View File

@@ -1,19 +1,14 @@
---
import Base from "@/layouts/Base.astro";
import Root from "@/components/AppLayout.jsx";
import { requireAuthHook } from "@/hooks/requireAuthHook";
const user = await requireAuthHook(Astro);
if (!user || !user.roles.includes('lighting')) {
return Astro.redirect('/login');
}
// Auth + role check handled by middleware
// Middleware redirects to /login if not authenticated or lacks 'lighting' role
const user = Astro.locals.user as any;
---
<Base>
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="Lighting" user?={user} client:only="react" />
</div>
<section class="page-section">
<Root child="Lighting" user?={user} client:only="react" />
</section>
</Base>

6
src/pages/login.astro
View File

@@ -8,9 +8,7 @@ const isLoggedIn = Boolean(user);
---
<Base>
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="LoginPage" loggedIn={isLoggedIn} client:only="react">
</Root>
<section class="page-section">
<Root child="LoginPage" loggedIn={isLoggedIn} client:only="react" />
</section>
</Base>

8
src/pages/memes.astro
View File

@@ -4,10 +4,8 @@ import Root from "../components/AppLayout.jsx";
import "@styles/MemeGrid.css";
---
<Base>
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="Memes" client:only="react">
</Root>
<Base hideFooter>
<section class="page-section">
<Root child="Memes" client:only="react" />
</section>
</Base>

12
src/pages/radio.astro
View File

@@ -1,14 +1,12 @@
---
import Base from "../layouts/Base.astro";
import Root from "../components/AppLayout.jsx";
// The Base layout exposes runtime subsite state — no per-page detection needed
import { requireAuthHook } from "@/hooks/requireAuthHook";
const user = await requireAuthHook(Astro);
// Auth handled by middleware - user available in Astro.locals.user
const user = Astro.locals.user as any;
---
<Base>
<section>
<div class="prose prose-neutral dark:prose-invert">
<Root child="Player" user={user} client:only="react">
</Root>
<section class="page-section">
<Root child="Player" user={user} client:only="react" />
</section>
</Base>

117
src/utils/apiAuth.js Normal file
View File

@@ -0,0 +1,117 @@
/**
* API route authentication helper
* Validates user session for protected API endpoints
*/
import { API_URL } from '@/config';
/**
* Check if the request has a valid authentication session
* @param {Request} request - The incoming request
* @returns {Promise<{user: object|null, error: Response|null, setCookieHeader: string|null}>}
*/
export async function requireApiAuth(request) {
try {
const cookieHeader = request.headers.get('cookie') ?? '';
if (!cookieHeader) {
return {
user: null,
error: new Response(JSON.stringify({ error: 'Authentication required' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
}),
setCookieHeader: null,
};
}
// Try to get user identity
let res = await fetch(`${API_URL}/auth/id`, {
headers: { Cookie: cookieHeader },
credentials: 'include',
});
let newSetCookieHeader = null;
// If unauthorized, try to refresh the token
if (res.status === 401) {
const refreshRes = await fetch(`${API_URL}/auth/refresh`, {
method: 'POST',
headers: { Cookie: cookieHeader },
credentials: 'include',
});
if (!refreshRes.ok) {
return {
user: null,
error: new Response(JSON.stringify({ error: 'Session expired' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
}),
setCookieHeader: null,
};
}
// Capture the Set-Cookie header from the refresh response to forward to client
newSetCookieHeader = refreshRes.headers.get('set-cookie');
let newCookieHeader = cookieHeader;
if (newSetCookieHeader) {
const cookiesArray = newSetCookieHeader.split(/,(?=\s*\w+=)/);
newCookieHeader = cookiesArray.map(c => c.split(';')[0]).join('; ');
} else {
return {
user: null,
error: new Response(JSON.stringify({ error: 'Session refresh failed' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
}),
setCookieHeader: null,
};
}
res = await fetch(`${API_URL}/auth/id`, {
headers: { Cookie: newCookieHeader },
credentials: 'include',
});
}
if (!res.ok) {
return {
user: null,
error: new Response(JSON.stringify({ error: 'Authentication failed' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
}),
setCookieHeader: null,
};
}
const user = await res.json();
return { user, error: null, setCookieHeader: newSetCookieHeader };
} catch (err) {
console.error('API auth error:', err);
return {
user: null,
error: new Response(JSON.stringify({ error: 'Authentication error' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
}),
setCookieHeader: null,
};
}
}
/**
* Helper to create a response with optional Set-Cookie header forwarding
* @param {any} data - Response data
* @param {number} status - HTTP status code
* @param {string|null} setCookieHeader - Set-Cookie header from auth refresh
*/
export function createApiResponse(data, status = 200, setCookieHeader = null) {
const headers = { 'Content-Type': 'application/json' };
if (setCookieHeader) {
headers['Set-Cookie'] = setCookieHeader;
}
return new Response(JSON.stringify(data), { status, headers });
}

93
src/utils/authFetch.js
View File

@@ -1,5 +1,9 @@
import { API_URL } from "@/config";
// Track in-flight refresh to avoid duplicate requests
let refreshPromise = null;
let lastRefreshTime = 0;
const REFRESH_COOLDOWN = 2000; // 2 second cooldown between refreshes
// Auth fetch wrapper
export const authFetch = async (url, options = {}, retry = true) => {
@@ -9,14 +13,11 @@ export const authFetch = async (url, options = {}, retry = true) => {
});
if (res.status === 401 && retry) {
// attempt refresh
// attempt refresh (non-blocking if already in progress)
try {
const refreshRes = await fetch(`${API_URL}/auth/refresh`, {
method: "POST",
credentials: "include",
});
const refreshSuccess = await doRefresh();
if (!refreshRes.ok) throw new Error("Refresh failed");
if (!refreshSuccess) throw new Error("Refresh failed");
// Retry original request once after refresh
return authFetch(url, options, false);
@@ -29,6 +30,44 @@ export const authFetch = async (url, options = {}, retry = true) => {
return res;
};
// Centralized refresh function that handles deduplication properly
async function doRefresh() {
const now = Date.now();
// If a refresh just succeeded recently, assume we're good
if (now - lastRefreshTime < REFRESH_COOLDOWN && !refreshPromise) {
return true;
}
// Reuse existing refresh promise if one is in flight
if (!refreshPromise) {
refreshPromise = (async () => {
try {
const refreshRes = await fetch(`${API_URL}/auth/refresh`, {
method: "POST",
credentials: "include",
});
if (refreshRes.ok) {
lastRefreshTime = Date.now();
return true;
}
return false;
} catch (err) {
console.error("Refresh request failed:", err);
return false;
}
})();
// Clear the promise after it resolves
refreshPromise.finally(() => {
refreshPromise = null;
});
}
return refreshPromise;
}
// Refresh token function (HttpOnly cookie flow)
export async function refreshAccessToken(cookieHeader) {
try {
@@ -51,6 +90,48 @@ export async function refreshAccessToken(cookieHeader) {
}
}
/**
* Ensure authentication is valid before making API requests.
* Makes a lightweight auth check against our own API and refreshes if needed.
* Returns true if auth is valid, false if user needs to log in.
*/
export async function ensureAuth() {
try {
// Try a lightweight request to our own API that requires auth
// Using HEAD or a simple endpoint to minimize overhead
const res = await fetch('/api/discord/channels', {
method: 'GET',
credentials: 'include',
});
if (res.ok) {
return true;
}
if (res.status === 401) {
// Try to refresh the token using our centralized refresh handler
const refreshSuccess = await doRefresh();
if (refreshSuccess) {
// Retry the auth check after refresh
const retryRes = await fetch('/api/discord/channels', {
method: 'GET',
credentials: 'include',
});
return retryRes.ok;
}
return false;
}
// Other errors (500, etc.) - assume auth is OK but server issue
return true;
} catch (err) {
console.error('Auth check failed:', err);
// Network error - don't redirect, let the actual API calls handle it
return true;
}
}
export function handleLogout() {
document.cookie.split(";").forEach((cookie) => {
const name = cookie.split("=")[0].trim();

18
src/utils/db.js Normal file
View File

@@ -0,0 +1,18 @@
/**
* PostgreSQL database connection for Discord logs
*/
import postgres from 'postgres';
// Database connection configuration
const sql = postgres({
host: import.meta.env.DISCORD_DB_HOST || 'localhost',
port: parseInt(import.meta.env.DISCORD_DB_PORT || '5432', 10),
database: import.meta.env.DISCORD_DB_NAME || 'discord',
username: import.meta.env.DISCORD_DB_USER || 'discord',
password: import.meta.env.DISCORD_DB_PASSWORD || '',
max: 10, // Max connections in pool
idle_timeout: 20,
connect_timeout: 10,
});
export default sql;

20
src/utils/jwt.js
View File

@@ -3,14 +3,30 @@ import fs from 'fs';
import path from 'path';
import os from 'os';
const secretFilePath = path.join(
// JWT keys location - can be configured via environment variable
// In production, prefer using a secret management service (Vault, AWS Secrets Manager, etc.)
const secretFilePath = import.meta.env.JWT_KEYS_PATH || path.join(
os.homedir(),
'.config',
'api_jwt_keys.json'
);
// Warn if using default location in production
if (!import.meta.env.JWT_KEYS_PATH && !import.meta.env.DEV) {
console.warn(
'[SECURITY WARNING] JWT_KEYS_PATH not set. Using default location ~/.config/api_jwt_keys.json. ' +
'Consider using a secret management service in production.'
);
}
// Load and parse keys JSON once at startup
const keyFileData = JSON.parse(fs.readFileSync(secretFilePath, 'utf-8'));
let keyFileData;
try {
keyFileData = JSON.parse(fs.readFileSync(secretFilePath, 'utf-8'));
} catch (err) {
console.error(`[CRITICAL] Failed to load JWT keys from ${secretFilePath}:`, err.message);
throw new Error('JWT keys file not found or invalid. Set JWT_KEYS_PATH environment variable.');
}
export function verifyToken(token) {
if (!token) {

275
src/utils/rateLimit.js Normal file
View File

@@ -0,0 +1,275 @@
/**
* Robust rate limiter using both IP address and cookie-based tracking.
* Implements sliding window with burst protection and automatic cleanup.
*/
// Separate maps for IP and cookie tracking
const ipRateLimitMap = new Map();
const cookieRateLimitMap = new Map();
// Global flood protection - track overall request volume per IP
const floodProtectionMap = new Map();
// Cleanup old entries every 60 seconds to prevent memory leaks
const CLEANUP_INTERVAL = 60_000;
let lastCleanup = Date.now();
// Trusted proxy configuration - only trust proxy headers from known sources
// Set TRUSTED_PROXY_IPS env var to comma-separated list of IPs/CIDRs
// If behind Cloudflare, Vercel, or similar, their proxy IPs are implicitly trusted
const TRUSTED_PROXIES = new Set(
(import.meta.env.TRUSTED_PROXY_IPS || '')
.split(',')
.map(ip => ip.trim())
.filter(Boolean)
);
// Common cloud provider proxy indicators
const VERCEL_INDICATOR = import.meta.env.VERCEL === '1';
const CLOUDFLARE_INDICATOR = typeof import.meta.env.CF_PAGES !== 'undefined' ||
typeof import.meta.env.CF_PAGES_URL !== 'undefined';
/**
* Check if request is from a trusted proxy.
* In production behind Vercel/Cloudflare, proxy headers are trustworthy.
*/
function isTrustedProxy(request) {
// If running on Vercel or Cloudflare, trust their headers
if (VERCEL_INDICATOR || CLOUDFLARE_INDICATOR) return true;
// If specific trusted proxies are configured, check them
if (TRUSTED_PROXIES.size > 0) {
// In a real deployment, you'd check the connecting IP against trusted IPs
// For now, if TRUSTED_PROXY_IPS is set, we trust the headers
return true;
}
// Default: don't trust proxy headers (direct connection)
return false;
}
function cleanupStaleEntries() {
const now = Date.now();
if (now - lastCleanup < CLEANUP_INTERVAL) return;
lastCleanup = now;
for (const [key, entry] of ipRateLimitMap) {
if (now > entry.resetTime + 60_000) ipRateLimitMap.delete(key);
}
for (const [key, entry] of cookieRateLimitMap) {
if (now > entry.resetTime + 60_000) cookieRateLimitMap.delete(key);
}
for (const [key, entry] of floodProtectionMap) {
if (now > entry.resetTime + 60_000) floodProtectionMap.delete(key);
}
}
/**
* Extract client IP from request headers with proxy support.
* Only trusts proxy headers when behind a known/configured proxy.
*/
export function getClientIp(request) {
const headers = request.headers;
// Only trust proxy headers if we're behind a trusted proxy
if (isTrustedProxy(request)) {
// Cloudflare's header is most reliable when using Cloudflare
const cfConnectingIp = headers.get('cf-connecting-ip');
if (cfConnectingIp && isValidIp(cfConnectingIp)) return normalizeIp(cfConnectingIp);
// Vercel/standard proxy header
const xForwardedFor = headers.get('x-forwarded-for');
if (xForwardedFor) {
// Take first IP (original client), trim whitespace
const ip = xForwardedFor.split(',')[0].trim();
if (ip && isValidIp(ip)) return normalizeIp(ip);
}
const xRealIp = headers.get('x-real-ip');
if (xRealIp && isValidIp(xRealIp)) return normalizeIp(xRealIp);
const trueClientIp = headers.get('true-client-ip');
if (trueClientIp && isValidIp(trueClientIp)) return normalizeIp(trueClientIp);
}
// Fallback - in production this typically means misconfiguration
// Log this case in development to catch configuration issues
if (import.meta.env.DEV) {
console.warn('[RateLimit] Could not determine client IP - proxy headers not trusted');
}
return 'unknown';
}
/**
* Basic IP validation to prevent header injection attacks.
*/
function isValidIp(ip) {
if (!ip || typeof ip !== 'string') return false;
// Basic sanity check - no weird characters, reasonable length
if (ip.length > 45) return false; // Max IPv6 length
if (!/^[\d.:a-fA-F]+$/.test(ip)) return false;
return true;
}
/**
* Normalize IP for consistent keying (lowercase, trim).
*/
function normalizeIp(ip) {
return ip.toLowerCase().trim();
}
/**
* Extract nonce cookie from request.
*/
export function getCookieId(request) {
const cookieHeader = request.headers.get('cookie');
if (!cookieHeader) return null;
const match = cookieHeader.split(';').find(c => c.trim().startsWith('nonce='));
if (!match) return null;
const value = match.split('=')[1]?.trim();
// Validate UUID format loosely
if (!value || value.length < 32 || value.length > 40) return null;
return value;
}
/**
* Check if an identifier is rate limited.
*/
function isLimited(map, key, limit, windowMs) {
const now = Date.now();
const entry = map.get(key);
if (!entry || now > entry.resetTime) {
return false; // Not limited, window expired or new
}
return entry.count >= limit;
}
/**
* Record a request for rate limiting.
*/
function recordHit(map, key, windowMs) {
const now = Date.now();
const entry = map.get(key);
if (!entry || now > entry.resetTime) {
map.set(key, { count: 1, resetTime: now + windowMs });
} else {
entry.count++;
}
}
/**
* Get current count for an identifier.
*/
function getCount(map, key) {
const now = Date.now();
const entry = map.get(key);
if (!entry || now > entry.resetTime) return 0;
return entry.count;
}
/**
* Check flood protection - aggressive rate limit for potential abuse.
* This triggers when an IP sends too many requests in a short burst.
*/
function checkFloodProtection(ip, burstLimit = 30, burstWindowMs = 10_000) {
if (ip === 'unknown') return false; // Can't flood-protect unknown IPs effectively
const now = Date.now();
const entry = floodProtectionMap.get(ip);
if (!entry || now > entry.resetTime) {
floodProtectionMap.set(ip, { count: 1, resetTime: now + burstWindowMs });
return false;
}
entry.count++;
return entry.count > burstLimit;
}
/**
* Main rate limit check combining IP and cookie tracking.
*
* @param {Request} request - The incoming request
* @param {Object} options - Rate limit configuration
* @param {number} options.limit - Max requests per window
* @param {number} options.windowMs - Window duration in ms
* @param {number} options.burstLimit - Flood protection burst limit
* @param {number} options.burstWindowMs - Flood protection window
* @returns {{ allowed: boolean, ip: string, cookieId: string|null, isFlooding: boolean }}
*/
export function checkRateLimit(request, options = {}) {
const {
limit = 5,
windowMs = 1000,
burstLimit = 30,
burstWindowMs = 10_000,
} = options;
cleanupStaleEntries();
const ip = getClientIp(request);
const cookieId = getCookieId(request);
// Check flood protection first (aggressive anti-abuse)
const isFlooding = checkFloodProtection(ip, burstLimit, burstWindowMs);
if (isFlooding) {
return { allowed: false, ip, cookieId, isFlooding: true };
}
// Check both IP and cookie limits
// Both must be under limit to allow the request
const ipLimited = ip !== 'unknown' && isLimited(ipRateLimitMap, ip, limit, windowMs);
const cookieLimited = cookieId && isLimited(cookieRateLimitMap, cookieId, limit, windowMs);
// If either is limited, deny
if (ipLimited || cookieLimited) {
return { allowed: false, ip, cookieId, isFlooding: false };
}
return { allowed: true, ip, cookieId, isFlooding: false };
}
/**
* Record a successful request for rate limiting tracking.
* Call this after the request is processed.
*/
export function recordRequest(request, windowMs = 1000) {
const ip = getClientIp(request);
const cookieId = getCookieId(request);
if (ip !== 'unknown') {
recordHit(ipRateLimitMap, ip, windowMs);
}
if (cookieId) {
recordHit(cookieRateLimitMap, cookieId, windowMs);
}
}
/**
* Generate a new nonce cookie value.
*/
export function generateNonce() {
return crypto.randomUUID();
}
/**
* Create Set-Cookie header value for nonce.
*/
export function createNonceCookie(nonce) {
return `nonce=${nonce}; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=31536000`;
}
export default {
checkRateLimit,
recordRequest,
getClientIp,
getCookieId,
generateNonce,
createNonceCookie,
};