feat: add routes-f rewards endpoints#503
Open
Obiajulu-gif wants to merge 34 commits intoStreamFi-x:devfrom
Open
feat: add routes-f rewards endpoints#503Obiajulu-gif wants to merge 34 commits intoStreamFi-x:devfrom
Obiajulu-gif wants to merge 34 commits intoStreamFi-x:devfrom
Conversation
Implement full moderation system including: - Ban/timeout users with duration options (1m, 5m, 10m, 1h, permanent) - Delete messages with context menu - Slow mode (3s, 5s, 10s, 30s intervals) - Follower-only chat mode - Link blocking with URL regex detection - Active bans management panel Database changes: - Add chat_bans table with expires_at for timeouts - Add slow_mode_seconds, follower_only_chat, link_blocking to users table API endpoints: - POST /api/streams/chat/ban - ban/timeout users - DELETE /api/streams/chat/ban/[username] - unban users - GET /api/streams/chat/ban - list active bans - PATCH /api/streams/settings - update chat settings - Updated POST /api/streams/chat with enforcement logic UI components: - Right-click context menu on chat messages (stream owner only) - ChatModerationSettings panel in stream manager - Ban list with unban functionality - Settings toggles for follower-only and link blocking Enforcement: - Server-side validation for all moderation rules - 429 responses with Retry-After headers for timeouts - Clear error messages for banned/timed-out users
- Add mocks for permanent ban check - Add mocks for timeout check - Add mocks for slow mode validation - Update combined lookup to include moderation settings
- Remove slow mode mock when slow_mode_seconds is 0 - Add streamer_id to combined lookup mock
…ration feat: Chat Moderation Tools for Streamers
Keep both StreamAccessSettings (access-control) and ChatModerationSettings (dev) in stream manager page, and combine index definitions in schema.sql. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…l-foundation Feat/access control foundation
setStreamData was called without accessType and accessConfig, causing a TS error and silently dropping access-control settings on save. Use a functional state update to spread existing state. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Covers POST and GET handlers across all three import sources (twitch, youtube, json). Includes edge cases for: - invalid source / missing data fields - user rate limit (24h) and DB errors - overwrite_existing flag behaviour - social_links and categories field mapping - twitch token never persisted to DB - youtube ssrf guard - job status polling Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three pre-existing errors unrelated to the import api: - app/api/users/[username]/route.ts: password_hash destructured intentionally to omit it — suppress no-unused-vars - StreamAccessSettings.tsx: add curly braces to if statements - view-stream.tsx: add curly brace to if statement; suppress no-unused-vars on isCheckingAccess (set but never read) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace chained .replace() calls in decodeHTMLEntities with a single-pass regex to prevent double-unescaping (CodeQL high alert) - Add eslint-disable-next-line on stub functions in lib/stream/access.ts where _-prefixed params are intentionally unused pending future issues - Run prettier on files that had format drift Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(routes-f): data import api for onboarding from other platforms
…ations-system feat: add realtime notifications system
…on, and background jobs API - Issue StreamFi-x#405: Shared Zod validation layer (_lib/validate.ts, _lib/schemas.ts) with validateBody/validateQuery helpers; dev-only /validate testing endpoint; import/route.ts refactored to use shared validators - Issue StreamFi-x#399: Username conflict resolution API (check availability + suggestions, reserved/banned word list, admin dispute resolution with atomic DB transaction) - Issue StreamFi-x#396: Background jobs API (enqueue, poll status, cancel) with cron processor, exponential backoff retry, 30-day auto-cleanup; DB migration for jobs table
Required by the new upload sign route to generate pre-signed PUT URLs for Cloudflare R2 (S3-compatible API). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…username suggestions
Generates pre-signed R2 PUT URLs for direct client-to-storage uploads,
avoiding the Next.js server as a proxy.
- Auth required (session cookie via verifySession)
- IP rate limit: 5 req/min; user rate limit: 10 uploads/hr
- Validates type (avatar | banner | thumbnail), filename, and
content_type against an explicit allowlist (jpeg/png/webp)
- Returns 400 with accepted-types list on invalid content_type
- Object key namespaced by userId: {type}s/{userId}/{uuid}.{ext}
- Pre-signed URL TTL: 300 s (5 min)
- R2 endpoint derived from R2_ACCOUNT_ID env var
- public_url constructed from CDN_BASE_URL env var
Closes StreamFi-x#392
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Covers auth (401), all validation errors (400), missing R2 config (500), presigner failure (500), happy paths for all three upload types and content types, object key structure (userId namespacing, folder prefix, extension), S3Client config verification, and UUID uniqueness. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ation-conflicts-jobs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…pi-392 feat(uploads): add pre-signed upload URL route
|
@Obiajulu-gif is attempting to deploy a commit to the david's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
@Obiajulu-gif Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request implements a comprehensive rewards system for users, including database schema, business logic, and API endpoints for rewards balance, redemption, and history. It also adds robust test coverage for these endpoints. The most important changes are grouped below by theme.
Rewards System Core Logic and Database:
db.tswith reward tiers, definitions, and catalog, as well as logic for syncing reward events (watching, chatting, tipping), calculating balances, and handling atomic transactions for redemption. Includes schema creation and helper utilities.API Endpoints:
GET /api/routes-f/rewardsendpoint to return the authenticated user's current reward points, lifetime points, and tier, ensuring schema and synchronization before responding.POST /api/routes-f/rewards/redeemendpoint to allow users to redeem rewards atomically, with validation, transactional safety, and detailed response/error handling.GET /api/routes-f/rewards/historyendpoint to return paginated reward event history for the user, with support for cursor-based pagination and error handling.Test Coverage:
Closes #455