ban british users from nsfw

Author: dromzeh

src/lib/auth/middleware.ts

@@ -61,8 +61,7 @@ export const requireAuth = createMiddleware<{
 
         await next()
     } catch (error) {
-        console.error('Auth error:', error)
-        return c.json({ success: false, error: 'Authentication middlewarefailed' }, 401)
+        return c.json({ success: false, error: 'Authentication middleware failed' }, 401)
     }
 })
 
@@ -72,7 +71,7 @@ export const requireAdminOrContributor = createMiddleware<{
 }>(async (ctx, next) => {
     const user = ctx.get('fullUser')
     if (!user || (user.role !== 'admin' && user.role !== 'contributor')) {
-        throw new Error('Forbidden: Only admin or contributor can access this route')
+        return ctx.json({ success: false, message: 'Forbidden: Only admin or contributor can access this route' }, 403)
     }
     await next()
 })
@@ -81,9 +80,9 @@ export const requireAdmin = createMiddleware<{
     Bindings: Env
     Variables: AuthVariables
 }>(async (ctx, next) => {
-    const user = ctx.get('user')
+    const user = ctx.get('fullUser')
     if (!user || user.role !== 'admin') {
-        throw new Error('Forbidden: Only admin can access this route')
+        return ctx.json({ success: false, message: 'Forbidden: Only admin can access this route' }, 403)
     }
     await next()
 })

src/lib/db/connection.ts

@@ -6,7 +6,7 @@ import * as schema from '~/lib/db/schema'
 
 class LoggerWrapper implements Logger {
     logQuery(query: string, params: unknown[]): void {
-        console.log(`[DRIZZLE]: Query: ${query}, Parameters: ${params ?? 'none'}`)
+        // console.log(`[DRIZZLE]: Query: ${query}, Parameters: ${params ?? 'none'}`)
     }
 }
 

src/routes/asset/approval-queue.ts

@@ -3,8 +3,8 @@ import { AppHandler } from '~/lib/handler'
 import { getConnection } from '~/lib/db/connection'
 import { createRoute } from '@hono/zod-openapi'
 import { GenericResponses } from '~/lib/response-schemas'
-import { asset, user } from '~/lib/db/schema'
-import { eq, inArray } from 'drizzle-orm'
+import { asset, user, game, category, tag, assetToTag } from '~/lib/db/schema'
+import { eq, inArray, desc } from 'drizzle-orm'
 import { requireAuth, requireAdmin } from '~/lib/auth/middleware'
 
 const responseSchema = z.object({
@@ -13,12 +13,35 @@ const responseSchema = z.object({
         z.object({
             id: z.string(),
             name: z.string(),
+            gameId: z.string(),
+            categoryId: z.string(),
+            extension: z.string(),
             status: z.string(),
             uploadedBy: z.object({
                 id: z.string(),
                 username: z.string().nullable(),
                 image: z.string().nullable(),
             }),
+            game: z.object({
+                id: z.string(),
+                slug: z.string(),
+                name: z.string(),
+                lastUpdated: z.string(),
+                assetCount: z.number(),
+            }),
+            category: z.object({
+                id: z.string(),
+                name: z.string(),
+                slug: z.string(),
+            }),
+            tags: z.array(
+                z.object({
+                    id: z.string(),
+                    name: z.string(),
+                    slug: z.string(),
+                    color: z.string().nullable(),
+                }),
+            ),
         }),
     ),
 })
@@ -42,10 +65,25 @@ const approvalQueueRoute = createRoute({
     },
 })
 
+const paramsSchema = z.object({
+    id: z.string().openapi({
+        param: {
+            description: 'The asset ID',
+            in: 'path',
+            name: 'id',
+            required: true,
+        },
+        example: 'asset_123',
+    }),
+})
+
 const approveRoute = createRoute({
-    path: '/:id/approve',
+    path: '/{id}/approve',
     method: 'post',
     summary: 'Approve asset',
+    request: {
+        params: paramsSchema,
+    },
     description: 'Approve an asset. Admin only.',
     tags: ['Asset'],
     responses: {
@@ -58,9 +96,12 @@ const approveRoute = createRoute({
 })
 
 const denyRoute = createRoute({
-    path: '/:id/deny',
+    path: '/{id}/deny',
     method: 'post',
     summary: 'Deny asset',
+    request: {
+        params: paramsSchema,
+    },
     description: 'Deny an asset. Admin only.',
     tags: ['Asset'],
     responses: {
@@ -76,37 +117,104 @@ export const AssetApprovalQueueRoute = (handler: AppHandler) => {
     handler.use('/approval-queue', requireAuth, requireAdmin)
     handler.openapi(approvalQueueRoute, async ctx => {
         const { drizzle } = getConnection(ctx.env)
-        const pendingAssets = await drizzle.select().from(asset).where(eq(asset.status, 'pending'))
+        const pendingAssets = await drizzle
+            .select({
+                id: asset.id,
+                name: asset.name,
+                downloadCount: asset.downloadCount,
+                viewCount: asset.viewCount,
+                size: asset.size,
+                extension: asset.extension,
+                status: asset.status,
+                createdAt: asset.createdAt,
+                gameId: game.id,
+                gameSlug: game.slug,
+                gameName: game.name,
+                gameLastUpdated: game.lastUpdated,
+                gameAssetCount: game.assetCount,
+                categoryId: category.id,
+                categoryName: category.name,
+                categorySlug: category.slug,
+                isSuggestive: asset.isSuggestive,
+                uploadedBy: asset.uploadedBy,
+            })
+            .from(asset)
+            .innerJoin(game, eq(asset.gameId, game.id))
+            .innerJoin(category, eq(asset.categoryId, category.id))
+            .innerJoin(user, eq(asset.uploadedBy, user.id))
+            .where(eq(asset.status, 'pending'))
+            .orderBy(desc(asset.createdAt))
+
+        const assetTags = await drizzle
+            .select({
+                tagId: tag.id,
+                tagName: tag.name,
+                tagSlug: tag.slug,
+                tagColor: tag.color,
+            })
+            .from(assetToTag)
+            .innerJoin(tag, eq(assetToTag.tagId, tag.id))
+            .where(
+                inArray(
+                    assetToTag.assetId,
+                    pendingAssets.map(a => a.id),
+                ),
+            )
+
         const uploaderIds = pendingAssets.map(a => a.uploadedBy)
-        const uploaders =
-            uploaderIds.length > 0
-                ? await drizzle
-                      .select({
-                          id: user.id,
-                          username: user.username,
-                          image: user.image,
-                      })
-                      .from(user)
-                      .where(inArray(user.id, uploaderIds))
-                : []
+        const uploaders = await drizzle
+            .select({
+                id: user.id,
+                username: user.username,
+                image: user.image,
+            })
+            .from(user)
+            .where(inArray(user.id, uploaderIds))
+
         const uploaderMap = Object.fromEntries(uploaders.map(u => [u.id, u]))
-        const assets = pendingAssets.map(a => ({
+
+        const formattedAssets = pendingAssets.map(a => ({
             id: a.id,
             name: a.name,
             status: a.status,
-            uploadedBy: uploaderMap[a.uploadedBy] || { id: a.uploadedBy, username: null, image: null },
+            gameId: a.gameId,
+            categoryId: a.categoryId,
+            extension: a.extension,
+            uploadedBy: uploaderMap[a.uploadedBy]!,
+            game: {
+                id: a.gameId,
+                slug: a.gameSlug,
+                name: a.gameName,
+                lastUpdated: a.gameLastUpdated,
+                assetCount: a.gameAssetCount,
+            },
+            category: {
+                id: a.categoryId,
+                name: a.categoryName,
+                slug: a.categorySlug,
+            },
+            tags: assetTags.map(t => ({
+                id: t.tagId,
+                name: t.tagName,
+                slug: t.tagSlug,
+                color: t.tagColor,
+            })),
         }))
-        return ctx.json({ success: true, assets }, 200)
+
+        return ctx.json({ success: true, assets: formattedAssets }, 200)
     })
 }
 
 export const AssetApproveRoute = (handler: AppHandler) => {
-    handler.use('/:id/approve', requireAuth, requireAdmin)
+    handler.use('/{id}/approve', requireAuth, requireAdmin)
     handler.openapi(approveRoute, async ctx => {
         const user = ctx.get('user')
 
-        const id = ctx.req.param('id')
+        if (!user) {
+            return ctx.json({ success: false, message: 'User context failed' }, 401)
+        }
 
+        const id = ctx.req.param('id')
         const { drizzle } = getConnection(ctx.env)
 
         const [foundAsset] = await drizzle.select().from(asset).where(eq(asset.id, id))
@@ -117,18 +225,29 @@ export const AssetApproveRoute = (handler: AppHandler) => {
 
         await drizzle.update(asset).set({ status: 'approved' }).where(eq(asset.id, id))
 
+        const file = await ctx.env.CDN.get(`limbo/${foundAsset.id}.${foundAsset.extension}`)
+
+        if (!file) {
+            return ctx.json({ success: false, message: 'Asset file not found' }, 404)
+        }
+
+        await ctx.env.CDN.put(`asset/${foundAsset.id}.${foundAsset.extension}`, file.body)
+        await ctx.env.CDN.delete(`limbo/${foundAsset.id}.${foundAsset.extension}`)
+
         if (ctx.env.DISCORD_WEBHOOK) {
             try {
                 await fetch(ctx.env.DISCORD_WEBHOOK, {
                     method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({
                         content: null,
                         embeds: [
                             {
-                                description: `Approved ${foundAsset.name} [${foundAsset.extension}]`,
+                                description: `Approved [${foundAsset.name}](https://wanderer.moe/asset/${foundAsset.id}) [.${foundAsset.extension.toUpperCase()}]`,
                                 color: 3669788,
                                 author: {
                                     name: user.username,
+                                    icon_url: user.image || undefined,
                                 },
                                 footer: {
                                     text: `${foundAsset.gameId} - ${foundAsset.categoryId}`,
@@ -149,10 +268,14 @@ export const AssetApproveRoute = (handler: AppHandler) => {
 }
 
 export const AssetDenyRoute = (handler: AppHandler) => {
-    handler.use('/:id/deny', requireAuth, requireAdmin)
+    handler.use('/{id}/deny', requireAuth, requireAdmin)
     handler.openapi(denyRoute, async ctx => {
         const user = ctx.get('user')
 
+        if (!user) {
+            return ctx.json({ success: false, message: 'User context failed' }, 401)
+        }
+
         const { drizzle } = getConnection(ctx.env)
         const id = ctx.req.param('id')
 
@@ -162,20 +285,24 @@ export const AssetDenyRoute = (handler: AppHandler) => {
             return ctx.json({ success: false, message: 'Asset not found' }, 404)
         }
 
-        await drizzle.update(asset).set({ status: 'denied' }).where(eq(asset.id, id))
+        await drizzle.delete(asset).where(eq(asset.id, id))
+
+        await ctx.env.CDN.delete(`limbo/${foundAsset.id}.${foundAsset.extension}`)
 
         if (ctx.env.DISCORD_WEBHOOK) {
             try {
                 await fetch(ctx.env.DISCORD_WEBHOOK, {
                     method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({
                         content: null,
                         embeds: [
                             {
-                                description: `Denied ${foundAsset.name} [${foundAsset.extension}]`,
+                                description: `Denied ${foundAsset.name} [.${foundAsset.extension.toUpperCase()}]`,
                                 color: 16734039,
                                 author: {
                                     name: user.username,
+                                    icon_url: user.image || undefined,
                                 },
                                 footer: {
                                     text: `${foundAsset.gameId} - ${foundAsset.categoryId}`,

src/routes/asset/id.ts

@@ -1,7 +1,7 @@
 import { z } from '@hono/zod-openapi'
 import { AppHandler } from '~/lib/handler'
 import { getConnection } from '~/lib/db/connection'
-import { eq } from 'drizzle-orm'
+import { and, eq } from 'drizzle-orm'
 import { asset, assetToTag, category, game, tag, user } from '~/lib/db/schema'
 import { createRoute } from '@hono/zod-openapi'
 import { GenericResponses } from '~/lib/response-schemas'
@@ -84,6 +84,8 @@ export const AssetIdRoute = (handler: AppHandler) => {
         const { id } = ctx.req.valid('param')
         const { drizzle } = getConnection(ctx.env)
 
+        const isGB = ctx.req.header('cf-ipcountry') === 'GB'
+
         try {
             const assetResult = await drizzle
                 .select({
@@ -108,7 +110,7 @@ export const AssetIdRoute = (handler: AppHandler) => {
                 .from(asset)
                 .innerJoin(game, eq(asset.gameId, game.id))
                 .innerJoin(category, eq(asset.categoryId, category.id))
-                .where(eq(asset.id, id))
+                .where(and(eq(asset.id, id), isGB ? eq(asset.isSuggestive, false) : undefined))
                 .limit(1)
 
             if (assetResult.length === 0) {

src/routes/asset/search.ts

@@ -173,6 +173,8 @@ export const AssetSearchRoute = (handler: AppHandler) => {
     handler.openapi(openRoute, async ctx => {
         const query = ctx.req.valid('query')
 
+        const isGB = ctx.req.header('cf-ipcountry') === 'GB'
+
         const { drizzle } = getConnection(ctx.env)
 
         const page = query.page ? parseInt(query.page) : 1
@@ -267,7 +269,13 @@ export const AssetSearchRoute = (handler: AppHandler) => {
                 .from(asset)
                 .innerJoin(game, eq(asset.gameId, game.id))
                 .innerJoin(category, eq(asset.categoryId, category.id))
-                .where(and(conditions.length > 0 ? and(...conditions) : undefined, eq(asset.status, 'approved')))
+                .where(
+                    and(
+                        conditions.length > 0 ? and(...conditions) : undefined,
+                        eq(asset.status, 'approved'),
+                        isGB ? eq(asset.isSuggestive, false) : undefined,
+                    ),
+                )
                 .orderBy(sortDirection(sortColumn))
 
             const countQuery = drizzle