improve: API block check (#93)

edenchazard · web-flow · commit 81bcd609daa8 · 2024-12-29T14:39:38.000Z
diff --git a/components/WarningApiBlock.vue b/components/WarningApiBlock.vue
@@ -44,7 +44,7 @@ async function checkApiBlock() {
   }
 
   working.value = true;
-  const blocked = await $fetch<true | false>('/api/user/scroll/check');
+  const blocked = await $fetch<true | false>('/api/checks/blocked');
 
   if (!blocked) {
     reloadNuxtApp();
diff --git a/pages/index.vue b/pages/index.vue
@@ -43,7 +43,11 @@
       />
     </div>
 
-    <form v-else class="flex flex-col space-y-4" @submit.prevent="saveScroll()">
+    <form
+      v-else-if="!authData.user.apiBlocked"
+      class="flex flex-col space-y-4"
+      @submit.prevent="saveScroll()"
+    >
       <div class="*:max-w-prose order-1">
         <div
           v-if="fetchScrollError"
diff --git a/server/api/checks/blocked.ts b/server/api/checks/blocked.ts
@@ -0,0 +1,102 @@
+import { userTable } from '~/database/schema';
+import { db } from '~/server/db';
+import type { DragonData } from '~/types/DragonTypes';
+import { getToken, getServerSession } from '#auth';
+import { eq } from 'drizzle-orm';
+import { z } from 'zod';
+import { decrypt } from '~/utils/accessTokenHandling';
+import type { JWT } from 'next-auth/jwt';
+
+export default defineEventHandler(async (event) => {
+  const { clientSecret, accessTokenPassword } = useRuntimeConfig();
+
+  let username: string | null = null;
+  let accessToken: string | null = null;
+  let userId: number | null = null;
+
+  const querySchema = z.object({
+    userId: z.coerce.number().optional(),
+    clientSecret: z.string().optional(),
+  });
+
+  const query = await querySchema.parseAsync(getQuery(event));
+
+  if (query.userId && query.clientSecret) {
+    if (query.clientSecret !== clientSecret) {
+      return;
+    }
+    const [user] = await db
+      .select({
+        username: userTable.username,
+        accessToken: userTable.accessToken,
+      })
+      .from(userTable)
+      .where(eq(userTable.id, query.userId));
+    if (!user.username || !user.accessToken) {
+      return;
+    }
+
+    username = user.username;
+    accessToken = decrypt(user.accessToken, accessTokenPassword);
+    userId = query.userId;
+  } else {
+    const [t, s] = await Promise.all([
+      getToken({ event }) as Promise<JWT>,
+      getServerSession(event),
+    ]);
+
+    if (!t || !s) {
+      return;
+    }
+
+    accessToken = t.sessionToken as string;
+    username = s.user.username;
+    userId = s.user.id;
+  }
+
+  // First, we'll grab a single dragon from the user with their private token.
+  // That way, we know the dragon definitely exists.
+  // We'll then test it again using the client secret.
+  const privateResponse = await dragCaveFetch()<
+    DragCaveApiResponse<{ hasNextPage: boolean; endCursor: null | number }> & {
+      dragons: Record<string, DragonData>;
+    }
+  >('/user', {
+    query: {
+      username,
+      limit: 1,
+    },
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+    },
+  });
+
+  const singleDragon = Object.keys(privateResponse?.dragons ?? {})[0];
+
+  let blocked = false;
+
+  if (singleDragon) {
+    const publicResponse = await dragCaveFetch()<{
+      errors: unknown[];
+      dragons?: DragonData;
+    }>(`/dragon/${singleDragon}`, {
+      timeout: 20000,
+      retry: 3,
+      retryDelay: 1000 * 5,
+      headers: {
+        Authorization: `Bearer ${clientSecret}`,
+      },
+    });
+
+    blocked = publicResponse.errors.length > 0;
+  }
+
+  await db
+    .update(userTable)
+    .set({
+      apiBlocked: blocked,
+    })
+    .where(eq(userTable.id, userId));
+
+  return blocked;
+});
diff --git a/server/api/user/scroll/check.ts b/server/api/user/scroll/check.ts
diff --git a/server/clean-up.ts b/server/clean-up.ts
@@ -1,11 +1,12 @@
 import chunkArray from '~/utils/chunkArray';
 import { db } from '~/server/db';
-import { hatcheryTable, recordingsTable, userTable } from '~/database/schema';
+import { hatcheryTable, recordingsTable } from '~/database/schema';
 import { inArray } from 'drizzle-orm';
 import { DateTime } from 'luxon';
 import { dragCaveFetch } from '~/server/utils/dragCaveFetch';
 import { isIncubated, isStunned } from '~/utils/calculations';
 import type { DragonData } from '~/types/DragonTypes';
+import { blockedApiQueue } from './queue';
 
 export async function cleanUp() {
   const { clientSecret } = useRuntimeConfig();
@@ -27,7 +28,7 @@ export async function cleanUp() {
   const removeFromHatchery: string[] = [];
   const updateIncubated: string[] = [];
   const updateStunned: string[] = [];
-  const apiBlocked: Set<number> = new Set();
+  const apiBlockedTest: Set<number> = new Set();
   let hatchlings = 0;
   let eggs = 0;
   let adults = 0;
@@ -66,7 +67,7 @@ export async function cleanUp() {
         // Sucks for them. We'll remove it, and add a note to the user.
         if (code in apiResponse.dragons === false) {
           removeFromHatchery.push(code);
-          apiBlocked.add(hatcheryDragon.userId);
+          apiBlockedTest.add(hatcheryDragon.userId);
           continue;
         }
 
@@ -171,14 +172,27 @@ export async function cleanUp() {
     )
   );
 
-  await Promise.allSettled(
-    chunkArray(Array.from(apiBlocked), 200).map(async (chunk) =>
-      db
-        .update(userTable)
-        .set({ apiBlocked: true })
-        .where(inArray(userTable.id, chunk))
-    )
-  );
+  // We can't totally be sure that just because we couldn't find one of their dragons
+  // that they're blocking us. For example, maybe they transferred it to an account
+  // that does have the Garden blocked. To be thorough, we'll find something
+  // on their scroll and check against that.
+  for (const userId of apiBlockedTest) {
+    console.log('Adding to blockedApiQueue', userId);
+    await blockedApiQueue.add(
+      'blockedApiQueue',
+      {
+        userId,
+      },
+      {
+        removeOnComplete: {
+          age: 1000 * 60 * 60 * 24 * 7,
+        },
+        removeOnFail: {
+          age: 1000 * 60 * 60 * 24 * 14,
+        },
+      }
+    );
+  }
 
   const end = new Date().getTime();
 
diff --git a/server/plugins/queues/blockedApiQueue.ts b/server/plugins/queues/blockedApiQueue.ts
@@ -0,0 +1,29 @@
+import { Worker as BullWorker } from 'bullmq';
+
+const {
+  redis: { host, port },
+  clientSecret,
+} = useRuntimeConfig();
+
+export default defineNitroPlugin(async () => {
+  new BullWorker<{ userId: number }>(
+    'blockedApiQueue',
+    async (job) => {
+      await $fetch('/api/checks/blocked', {
+        query: {
+          userId: job.data.userId,
+          clientSecret,
+        },
+      });
+    },
+    {
+      connection: {
+        host,
+        port: Number(port),
+      },
+      concurrency: 10,
+    }
+  );
+
+  console.info('API block check worker started');
+});
diff --git a/server/queue/index.ts b/server/queue/index.ts
@@ -17,3 +17,10 @@ export const shareScrollQueue = new Queue('shareScrollQueue', {
     port: Number(port),
   },
 });
+
+export const blockedApiQueue = new Queue('blockedApiQueue', {
+  connection: {
+    host,
+    port: Number(port),
+  },
+});

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ async function checkApiBlock() {`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`working.value = true;`
`47`		`- const blocked = await $fetch<true \| false>('/api/user/scroll/check');`
	`47`	`+ const blocked = await $fetch<true \| false>('/api/checks/blocked');`
`48`	`48`
`49`	`49`	`if (!blocked) {`
`50`	`50`	`reloadNuxtApp();`