rate-limiter-flexible#RateLimiterRedis TypeScript Examples

The following examples show how to use rate-limiter-flexible#RateLimiterRedis. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: rateLimitMiddleware.ts    From vsinder with Apache License 2.0 6 votes vote down vote up
rateLimitMiddleware = (
  rateLimiter: RateLimiterRedis,
  m = "Too many requests, slow down",
  showTime = false
) => (req: any, res: any, next: any) => {
  rateLimiter
    .consume(req.userId)
    .then(() => {
      next();
    })
    .catch(({ msBeforeNext }) => {
      let tmpM = m;
      if (showTime) {
        let minutes = Math.floor(msBeforeNext / 1000 / 60);
        let hours = 0;
        if (minutes > 60) {
          hours = Math.floor(minutes / 60);
          minutes = minutes % 60;
        }
        const parts = [];
        if (hours) {
          parts.push(`${hours} hours`);
        }
        if (minutes) {
          parts.push(`${minutes} mins`);
        }
        tmpM += `resets in ${parts.join(" and ")}`;
      }
      res.status(429).send(tmpM);
    });
}
Example #2
Source File: rateLimitMiddleware.ts    From vsinder-api with Apache License 2.0 6 votes vote down vote up
rateLimitMiddleware = (
  rateLimiter: RateLimiterRedis,
  m = "Too many requests, slow down"
) => (req: any, res: any, next: any) => {
  rateLimiter
    .consume(req.userId)
    .then(() => {
      next();
    })
    .catch(() => {
      res.status(429).send(m);
    });
}
Example #3
Source File: limiter.ts    From ts-di-starter with MIT License 6 votes vote down vote up
/**
   * Create instance
   *
   * @param {CreateLimiterInterface} params
   * @returns {Limiter}
   */
  static create(params: CreateLimiterInterface): Limiter {
    const rateLimiterMemory = new RateLimiterMemory({
      keyPrefix: params.name,
      points: Math.round(params.points / CONSTANTS.WORKER_COUNT),
      duration: params.durationSec,
      blockDuration: params.blockDurationSec,
      execEvenly: params.execEvenly,
      execEvenlyMinDelayMs: params.execEvenlyMinDelayMs,
    });

    return new Limiter({
      name: params.name,
      reason: params.reason,
      getKey: params.getKey,
      shouldConsume: params.shouldConsume,
      shouldReset: params.shouldReset,
      max: params.points,
      blockDurationSec: params.blockDurationSec,
      limiter: new RateLimiterRedis({
        storeClient: params.redis,
        keyPrefix: params.name,
        points: params.points,
        duration: params.durationSec,
        blockDuration: params.blockDurationSec,
        execEvenly: params.execEvenly,
        execEvenlyMinDelayMs: params.execEvenlyMinDelayMs,
        insuranceLimiter: rateLimiterMemory,
      }),
    });
  }
Example #4
Source File: RateLimiter.ts    From gobarber-api with MIT License 5 votes vote down vote up
limiter = new RateLimiterRedis({
  storeClient: redisClient,
  keyPrefix: 'ratelimit',
  points: 5,
  duration: 1,
})
Example #5
Source File: rateLimiter.ts    From hotseat-api with MIT License 5 votes vote down vote up
rateLimiter = new RateLimiterRedis({
  storeClient: redisClient,
  points: 6,
  duration: 1,
  blockDuration: 10,
})
Example #6
Source File: limiter.ts    From ts-di-starter with MIT License 5 votes vote down vote up
readonly limiter: RateLimiterRedis;
Example #7
Source File: rateLimiter.ts    From gobarber-project with MIT License 5 votes vote down vote up
limiter = new RateLimiterRedis({
  storeClient: redisClient,
  keyPrefix: 'rateLimit',
  points: 5,
  duration: 1,
})
Example #8
Source File: rateLimiter.ts    From GoBarber with MIT License 5 votes vote down vote up
limiter = new RateLimiterRedis({
  storeClient: redisClient,
  keyPrefix: 'rateLimit',
  points: 5,
  duration: 1,
})
Example #9
Source File: ExpressRateLimit.ts    From expresso with MIT License 5 votes vote down vote up
rateLimiter = new RateLimiterRedis({
  storeClient: clientRedis,
  keyPrefix: 'middleware',
  points: RATE_LIMIT, // 10 requests
  duration: 1, // per 1 second by IP
})
Example #10
Source File: index.ts    From vsinder with Apache License 2.0 4 votes vote down vote up
main = async () => {
  const conn = await createConn();
  console.log("connected, running migrations now");
  await conn.runMigrations();
  console.log("migrations ran");

  const redisClient = new Redis(process.env.REDIS_URL, {
    enableOfflineQueue: false,
  });

  const defaultRateLimitOpts: IRateLimiterStoreOptions = {
    storeClient: redisClient,
    execEvenly: false,
    blockDuration: SECONDS_IN_A_HALF_A_DAY,
  };

  startPushNotificationRunner();
  resetNumSwipesDaily();

  const wsUsers: Record<
    string,
    { ws: WebSocket; openChatUserId: string | null }
  > = {};
  const wsSend = (key: string, v: any) => {
    if (key in wsUsers) {
      wsUsers[key].ws.send(JSON.stringify(v));
    }
  };

  const photoUrlTRegex = /(.+&t=)(\d+)/;
  passport.use(
    new GitHubStrategy(
      {
        clientID: process.env.GITHUB_CLIENT_ID,
        clientSecret: process.env.GITHUB_CLIENT_SECRET,
        callbackURL: `${process.env.SERVER_URL}/auth/github/callback`,
      },
      async (githubAccessToken, _, profile, cb) => {
        try {
          let user = await User.findOne({ githubId: profile.id });
          const data: Partial<User> = {
            githubAccessToken,
            githubId: profile.id,
            photoUrl:
              profile.photos?.[0].value ||
              (profile._json as any).avatar_url ||
              "",
            other: profile._json,
            profileUrl: profile.profileUrl,
            username: profile.username,
          };
          if (data.photoUrl && data.photoUrl.includes("?")) {
            let m;
            if (
              user?.photoUrl &&
              user.photoUrl.includes(data.photoUrl) &&
              (m = photoUrlTRegex.exec(user.photoUrl)) !== null
            ) {
              const t = parseInt(m[2]);
              if (!Number.isNaN(t)) {
                data.photoUrl = `${m[1]}${t + 1}`;
              }
            } else {
              data.photoUrl += "&t=0";
            }
          }
          if (user) {
            await User.update(user.id, data);
          } else {
            data.bio = (profile._json as any)?.bio || "";
            data.displayName = profile.displayName;
            user = await User.create(data).save();
          }
          cb(undefined, createTokens(user));
        } catch (err) {
          console.log(err);
          cb(new Error("internal error"));
        }
      }
    )
  );
  passport.serializeUser((user: any, done) => {
    done(null, user.accessToken);
  });

  const app = express();
  app.set("trust proxy", 1);
  app.use(helmet());
  app.use(
    cors({
      origin: "*",
      maxAge: __prod__ ? 86400 : undefined,
      exposedHeaders: [
        "access-token",
        "refresh-token",
        "content-type",
        "content-length",
      ],
    })
  );
  const slackInteractions = createMessageAdapter(
    process.env.SLACK_SIGNING_SECRET
  );
  app.post("/slack", slackInteractions.expressMiddleware());
  app.use(express.json());
  app.use(passport.initialize());
  const router = Router();
  app.use(router);

  if (!__prod__) {
    app.get("/all-users", async (_, res) => res.send(await User.find()));
    app.post("/login", async (req, res) =>
      res.send(createTokens((await User.findOne(req.body.userId))!))
    );
  }

  slackInteractions.action({ type: "button" }, async (payload, respond) => {
    if (!payload.actions || !payload.actions.length) {
      respond({ text: "no actions?" });
      return;
    }

    const [{ action_id, value }] = payload.actions;
    if (action_id === "shadow-ban") {
      try {
        await User.update(value, { shadowBanned: true });
        respond({ text: "banned" });
      } catch (err) {
        respond({ text: "Something went wrong: " + err.message });
      }
    }
  });

  router.post("/email/login", async (req, res, next) => {
    const { email, password } = req.body;
    if (
      email !== process.env.APPLE_EMAIL &&
      password !== process.env.APPLE_PASSWORD
    ) {
      next(
        createError(
          400,
          "this is for the apple tester only, you should login with github"
        )
      );
      return;
    }

    let user = await User.findOne({ appleId: process.env.APPLE_EMAIL });
    if (!user) {
      user = await User.create({
        appleId: process.env.APPLE_EMAIL,
        photoUrl: "https://via.placeholder.com/150x150",
        shadowBanned: true,
      }).save();
    }

    res.send(createTokens(user));
  });

  router.post("/apple/login", async (req, res, next) => {
    const { user: appleId } = req.body;
    if (typeof appleId !== "string") {
      next(createError(400, "something went wrong with apple auth"));
      return;
    }

    let user = await User.findOne({ appleId });
    if (!user) {
      user = await User.create({
        displayName: req.body?.fullName?.givenName || "",
        goal: "friendship",
        birthday: new Date(),
        codeImgIds: ["v56pytkbl-1606765556556.png"],
        appleId,
        photoUrl: "https://via.placeholder.com/150x150",
        shadowBanned: true,
      }).save();
    } else if (!user.goal) {
      user.displayName = req.body?.fullName?.givenName || "";
      user.goal = "friendship";
      user.birthday = new Date();
      user.codeImgIds = ["v56pytkbl-1606765556556.png"];
      await user.save();
    }

    res.send(createTokens(user));
  });

  router.get("/auth/github/rn2", (req, res, next) => {
    const state = Buffer.from(JSON.stringify({ rn2: true })).toString("base64");
    passport.authenticate("github", {
      session: false,
      state,
    })(req, res, next);
  });

  router.get("/auth/github/rn", (req, res, next) => {
    const state = Buffer.from(JSON.stringify({ rn: true })).toString("base64");
    passport.authenticate("github", {
      session: false,
      state,
    })(req, res, next);
  });

  router.get("/auth/github", (req, res, next) => {
    const state = Buffer.from(JSON.stringify({ rn: false })).toString("base64");
    passport.authenticate("github", {
      session: false,
      state,
    })(req, res, next);
  });

  router.get(
    "/auth/github/callback",
    passport.authenticate("github"),
    (req: any, res) => {
      if (!req.user.accessToken || !req.user.refreshToken) {
        res.send(`something went wrong`);
        return;
      }
      const { state } = req.query;
      const { rn, rn2 } = JSON.parse(Buffer.from(state, "base64").toString());
      if (rn2) {
        res.redirect(
          `${
            __prod__
              ? `vsinder://`
              : `exp:${
                  process.env.SERVER_URL.replace("http:", "").split(":")[0]
                }:19000/--/`
          }tokens2/${req.user.accessToken}/${req.user.refreshToken}`
        );
      } else if (rn) {
        res.redirect(
          `${
            __prod__
              ? `vsinder://`
              : `exp:${
                  process.env.SERVER_URL.replace("http:", "").split(":")[0]
                }:19000/--/`
          }tokens/${req.user.accessToken}/${req.user.refreshToken}`
        );
      } else {
        res.redirect(
          `http://localhost:54321/callback/${req.user.accessToken}/${req.user.refreshToken}`
        );
      }
    }
  );

  router.put(
    "/user/imgs",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/imgs/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, UserCodeImgs);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      await User.update(req.userId, req.body);

      res.json({ ok: true });
    }
  );

  router.put(
    "/user/push-token",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 20,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/push-token/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, UpdatePushTokenStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      await User.update(req.userId, req.body);

      res.json({ ok: true });
    }
  );

  router.put(
    "/user",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/",
      })
    ),
    async (req: any, res, next) => {
      if (req.body.goal === "friendship") {
        req.body.ageRangeMin = 18;
        req.body.ageRangeMax = 33;
      }
      if (!req.body.location) {
        req.body.location = "";
      }
      try {
        assert(req.body, UpdateUser);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      if (!req.body.gendersToShow) {
        req.body.gendersToShow =
          req.body.genderToShow === "everyone"
            ? ["male", "female", "non-binary"]
            : [req.body.genderToShow];
      }

      await User.update(req.userId, req.body);

      res.json({ user: await getUser(req.userId) });
    }
  );

  const MS_IN_HOUR = 1000 * 60 * 60;
  const cache: Record<string, { data: any; date: Date }> = {};
  router.get("/leaderboard/:category?", async (req, res, next) => {
    let { category } = req.params;
    if (!category) {
      category = "overall";
    }

    if (category !== "overall" && category !== "male") {
      next(createError(400, "invalid category"));
      return;
    }

    if (
      !(category in cache) ||
      new Date().getTime() - cache[category].date.getTime() > MS_IN_HOUR
    ) {
      const data = await getConnection().query(`
      select u.id, flair, "numLikes", "displayName", date_part('year', age(birthday)) "age", bio, "codeImgIds", "photoUrl"
      from "user" u
      ${category === "male" ? `where gender = 'male'` : ""}
      order by u."numLikes" DESC
      limit 10
      `);
      cache[category] = { data, date: new Date() };
    }

    res.send({ profiles: cache[category].data });
  });

  router.get(
    "/feed",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 500,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/feed/",
      }),
      "You've been using the app too much and hit the rate limit, come back tomorrow"
    ),
    async (req: any, res, next) => {
      const user = await User.findOne(req.userId);
      if (!user) {
        next(createError(400, "your account got deleted"));
        return;
      }

      if (!user.birthday) {
        next(
          createError(
            400,
            "you need to set your birthday in the profile settings"
          )
        );
        return;
      }

      if (!user.gendersToShow.length) {
        res.json({
          profiles: [],
        });
        return;
      }

      const myAge = getAge(new Date(user.birthday));
      const paramNum = 4;
      const loveWhere = `
        and goal = 'love'
        and $${paramNum} = any("gendersToShow")
        and $${paramNum + 1} <= date_part('year', age(birthday))
        and $${paramNum + 2} >= date_part('year', age(birthday))
        and "ageRangeMin" <= $${paramNum + 3}
        and "ageRangeMax" >= $${paramNum + 4}
        ${
          user.gendersToShow.length
            ? "and (" +
              user.gendersToShow
                .map((_, i) => `gender = $${paramNum + 5 + i}`)
                .join(" or ") +
              ")"
            : ""
        }
    `;
      const loveParams = [
        req.userId,
        req.userId,
        req.userId,
        user.gender, // my gender matches their gender they want to see
        user.ageRangeMin,
        user.ageRangeMax,
        myAge,
        myAge,
        ...user.gendersToShow,
      ];
      const friendWhere = `and goal = 'friendship' and date_part('year', age(birthday)) ${
        myAge >= 18 ? ">=" : "<"
      } 18`;
      const friendParams = [req.userId, req.userId, req.userId];

      const profiles = await getConnection().query(
        `
        select u.id, flair, "displayName", date_part('year', age(birthday)) "age", bio, "codeImgIds", "photoUrl"
        from "user" u
        left join view v on v."viewerId" = $1 and u.id = v."targetId"
        left join view v2 on $2 = v2."targetId" and v2.liked = true and u.id = v2."viewerId"
        where
        v is null
        and u.id != $3
        ${user.goal === "love" ? loveWhere : friendWhere}
        and array_length("codeImgIds", 1) >= 1
        and "shadowBanned" != true
        order by
          random()
          - (case
              when (v2 is not null)
              then .2
              else -least(current_timestamp::date - u."lastSwipe"::date, 14) / 14.0
            end)
          - LEAST(u."numSwipesToday", 20) / 20.0
        limit 20;
        `,
        user.goal === "love" ? loveParams : friendParams
      );

      res.json({
        profiles,
      });
    }
  );

  router.get(
    "/matches/:cursor",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 500,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/matches/",
      }),
      "You've been using the app too much and hit the rate limit, come back tomorrow"
    ),
    async (req: any, res) => {
      res.send({
        matches: await getConnection().query(
          `
        select
        case
          when u.id = ma."userId1" then ma.read2
          else ma.read1
        end "read",
        ma.id "matchId",
        u.id "userId", u.flair, u."photoUrl", u."displayName", date_part('epoch', ma."createdAt") * 1000 "createdAt",
        (select json_build_object('text',
        case when char_length(text) > 40
        then substr(text, 0, 40) || '...'
        else text
        end
        , 'createdAt', date_part('epoch', m."createdAt")*1000)
        from message m
        where (m."recipientId" = ma."userId1" and m."senderId" = ma."userId2")
        or
        (m."senderId" = ma."userId1" and m."recipientId" = ma."userId2")
        order by m."createdAt" desc limit 1) message
        from match ma
        inner join "user" u on u.id != $1 and (u.id = ma."userId1" or u.id = ma."userId2")
        where (ma."userId1" = $2 or ma."userId2" = $3) and ma.unmatched = false
        limit 150
      `,
          [req.userId, req.userId, req.userId]
        ),
      });
    }
  );

  router.get(
    "/messages/:userId/:cursor?",
    isAuth(),
    async (req: any, res, next) => {
      try {
        req.params.cursor = req.params.cursor
          ? parseInt(req.params.cursor)
          : undefined;
        assert(req.params, GetMessageStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }
      const { userId, cursor } = req.params;
      const qb = getConnection()
        .createQueryBuilder()
        .select("m")
        .from(Message, "m")
        .where(
          `((m."recipientId" = :u1 and m."senderId" = :u2) or (m."recipientId" = :u3 and m."senderId" = :u4))`,
          {
            u1: userId,
            u2: req.userId,
            u3: req.userId,
            u4: userId,
          }
        )
        .orderBy(`"createdAt"`, "DESC")
        .take(21);
      if (cursor && Number.isInteger(cursor)) {
        qb.andWhere(`m."createdAt" < :cursor`, { cursor: new Date(cursor) });
      }
      const messages = await qb.getMany();
      res.send({
        messages: messages.slice(0, 20),
        hasMore: messages.length === 21,
      });

      if (req.userId in wsUsers) {
        wsUsers[req.userId].openChatUserId = userId;
      }

      if (!cursor) {
        const userIdOrder = getUserIdOrder(userId, req.userId);
        getConnection()
          .createQueryBuilder()
          .update(Match)
          .set({
            [userIdOrder.userId1 === req.userId ? "read1" : "read2"]: true,
          })
          .where(`"userId1" = :userId1 and "userId2" = :userId2`, userIdOrder)
          .execute();
      }
    }
  );

  router.post(
    "/unmatch",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/unmatch/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, UnmatchStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      const { userId } = req.body;

      await Match.delete(getUserIdOrder(req.userId, userId));
      wsSend(userId, { type: "unmatch", userId: req.userId });

      res.send({ ok: true });
    }
  );

  router.post(
    "/report",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/report/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, ReportStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      const { userId, message, unmatchOrReject } = req.body;

      if (unmatchOrReject === "unmatch") {
        await Match.delete(getUserIdOrder(req.userId, userId));
        wsSend(userId, { type: "unmatch", userId: req.userId });
      }

      if (unmatchOrReject === "reject") {
        await View.insert({
          viewerId: req.userId,
          targetId: userId,
          liked: false,
        });
      }

      res.send({ ok: true });

      // sketchy not catching errors ;;
      Report.insert({ reporterId: req.userId, targetId: userId, message });
      if (["hi", "hello", "hey"].includes((message as string).toLowerCase())) {
        return;
      }
      User.findOne(userId).then((u) => {
        fetch(process.env.SLACK_REPORT_URL, {
          method: "post",
          headers: {
            "Content-type": "application/json",
          },
          body: JSON.stringify({
            blocks: [
              {
                type: "section",
                fields: [
                  {
                    type: "mrkdwn",
                    text: "*Reporter id:*\n" + req.userId,
                  },
                  {
                    type: "mrkdwn",
                    text: "*Target id:*\n" + userId,
                  },
                  {
                    type: "mrkdwn",
                    text: "*type:*\n" + unmatchOrReject,
                  },
                  {
                    type: "mrkdwn",
                    text: "*message:*\n" + message,
                  },
                ],
              },
              ...(u?.codeImgIds.map((id) => ({
                type: "image",
                title: {
                  type: "plain_text",
                  text: id,
                  emoji: true,
                },
                image_url: `https://img.vsinder.com/${id}`,
                alt_text: "code",
              })) || []),
              ...(u?.photoUrl
                ? [
                    {
                      type: "image",
                      title: {
                        type: "plain_text",
                        text:
                          u.displayName +
                          " | " +
                          u.gender +
                          " | " +
                          u.goal +
                          " | " +
                          u.bio +
                          " | " +
                          u.photoUrl,
                        emoji: true,
                      },
                      image_url: u.photoUrl,
                      alt_text: "code",
                    },
                  ]
                : []),
              {
                type: "actions",
                elements: [
                  {
                    type: "button",
                    action_id: "shadow-ban",
                    text: {
                      type: "plain_text",
                      emoji: true,
                      text: "shadow ban",
                    },
                    style: "primary",
                    value: userId,
                  },
                ],
              },
            ],
          }),
        });
      });
    }
  );

  router.post(
    "/message",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 1000,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/message/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, MessageStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      if (
        !(await Match.findOne(getUserIdOrder(req.userId, req.body.recipientId)))
      ) {
        next(createError(400, "you got unmatched"));
        return;
      }

      const m = await Message.create({
        ...req.body,
        senderId: req.userId,
      } as Message).save();

      wsSend(m.recipientId, { type: "new-message", message: m });

      res.send({ message: m });

      if (
        !(m.recipientId in wsUsers) ||
        wsUsers[m.recipientId].openChatUserId !== req.userId
      ) {
        const userIdOrder = getUserIdOrder(req.userId, m.recipientId);
        Match.update(
          { ...userIdOrder, unmatched: false },
          { [userIdOrder.userId1 === m.recipientId ? "read1" : "read2"]: false }
        );
      }

      if (!(m.recipientId in wsUsers)) {
        queuePushNotifToSend({
          idToSendTo: m.recipientId,
          otherId: req.userId,
          type: "message",
          text: m.text.slice(0, 100),
        });
      }
    }
  );

  router.post(
    "/view",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 500,
        duration: SECONDS_IN_A_HALF_A_DAY,
        blockDuration: 0,
        keyPrefix: "rl/view/",
      }),
      `You've hit the rate limit of 500 swipes, `,
      true
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, ViewStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }
      const { userId, liked } = req.body;
      let fav: View | undefined = undefined;
      try {
        const [_fav] = await Promise.all([
          liked
            ? View.findOne({
                viewerId: userId,
                targetId: req.userId,
                liked: true,
              })
            : Promise.resolve(undefined),
          View.insert({
            viewerId: req.userId,
            targetId: userId,
            liked,
          }),
        ]);
        fav = _fav;
      } catch (err) {
        if (err.message.includes("duplicate key")) {
          res.json({
            match: false,
            ok: false,
          });
          return;
        } else {
          throw err;
        }
      }

      let match = false;
      if (fav) {
        await Match.insert(getUserIdOrder(userId, req.userId));
        match = true;
      }

      res.json({
        match,
        ok: true,
      });

      if (match) {
        const ids = getUserIdOrder(userId, req.userId);
        wsSend(userId, {
          type: "new-match",
          ...ids,
        });
        wsSend(req.userId, {
          type: "new-match",
          ...ids,
        });
        // does not have a ws connection
        if (!(userId in wsUsers)) {
          queuePushNotifToSend({
            idToSendTo: userId,
            otherId: req.userId,
            type: "match",
          });
        }
      }

      if (liked) {
        User.update(userId, { numLikes: () => '"numLikes" + 1' });
        wsSend(userId, { type: "new-like" });
      }

      User.update(req.userId, {
        numSwipesToday: () => `"numSwipesToday" + 1`,
        numSwipes: () => `"numSwipes" + 1`,
        lastSwipe: () => "CURRENT_TIMESTAMP",
      });
    }
  );

  router.get(
    "/user/:id",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 200,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/:id",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.params, OneUserStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }
      const { id } = req.params;

      const { userId1, userId2 } = getUserIdOrder(req.userId, id);
      const isMe = userId1 === userId2;

      const [user] = await getConnection().query(
        `
    select u.id, flair, "displayName", date_part('year', age(birthday)) "age", bio, "codeImgIds", "photoUrl"
    ${
      isMe
        ? `
    from "user" u
    where  u.id = $1
    `
        : `
    from "user" u, match m
    where  m."userId1" = $1 and m."userId2" = $2 and u.id = $3
    `
    }
    `,
        isMe ? [id] : [userId1, userId2, id]
      );

      res.json({
        user,
      });
    }
  );

  router.post("/account/delete", isAuth(), async (req: any, res) => {
    if (isUuid.v4(req.userId)) {
      await User.delete(req.userId);
    }

    res.json({
      ok: true,
    });
  });

  router.get("/me", isAuth(false), async (req: any, res) => {
    if (!req.userId) {
      res.json({
        user: null,
      });
      return;
    }

    res.json({
      user: await getUser(req.userId),
    });
  });

  router.use((err: any, _: any, res: any, next: any) => {
    if (res.headersSent) {
      return next(err);
    }
    if (err.statusCode) {
      res.status(err.statusCode).send(err.message);
    } else {
      console.log(err);
      res.status(500).send("internal server error");
    }
  });

  const server = http.createServer(app);
  const wss = new Server({ noServer: true });
  wss.on("connection", (ws: WebSocket, userId: string) => {
    if (!userId) {
      ws.terminate();
      return;
    }

    // console.log("ws open: ", userId);
    wsUsers[userId] = { openChatUserId: null, ws };

    ws.on("message", (e: any) => {
      const {
        type,
        userId: openChatUserId,
      }: { type: "message-open"; userId: string } = JSON.parse(e);
      if (type === "message-open") {
        if (userId in wsUsers) {
          wsUsers[userId].openChatUserId = openChatUserId;
        }
      }
    });

    ws.on("close", () => {
      // console.log("ws close: ", userId);
      delete wsUsers[userId];
    });
  });
  server.on("upgrade", async function upgrade(request, socket, head) {
    const good = (userId: string) => {
      wss.handleUpgrade(request, socket, head, function done(ws) {
        wss.emit("connection", ws, userId);
      });
    };
    const bad = () => {
      socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
      socket.destroy();
    };
    try {
      const {
        query: { accessToken, refreshToken },
      } = url.parse(request.url, true);
      if (
        !accessToken ||
        !refreshToken ||
        typeof accessToken !== "string" ||
        typeof refreshToken !== "string"
      ) {
        return bad();
      }
      try {
        const data = verify(
          accessToken,
          process.env.ACCESS_TOKEN_SECRET
        ) as any;
        return good(data.userId);
      } catch {}

      try {
        const data = verify(
          refreshToken,
          process.env.REFRESH_TOKEN_SECRET
        ) as any;
        const user = await User.findOne(data.userId);
        // token has been invalidated or user deleted
        if (!user || user.tokenVersion !== data.tokenVersion) {
          return bad();
        }
        return good(data.userId);
      } catch {}
    } catch {}

    return bad();
  });
  server.listen(process.env.PORT ? parseInt(process.env.PORT) : 3001, () => {
    console.log("server started");
  });
}
Example #11
Source File: index.ts    From vsinder-api with Apache License 2.0 4 votes vote down vote up
main = async () => {
  const conn = await createConnection({
    type: "postgres",
    database: __prod__ ? undefined : "vsinder",
    url: __prod__ ? process.env.DATABASE_URL : undefined,
    entities: [join(__dirname, "./entities/*")],
    migrations: [join(__dirname, "./migrations/*")],
    // synchronize: !__prod__,
    logging: !__prod__,
  });
  console.log("connected, running migrations now");
  await conn.runMigrations();
  console.log("migrations ran");

  const redisClient = new Redis(process.env.REDIS_URL, {
    enableOfflineQueue: false,
  });

  const defaultRateLimitOpts: IRateLimiterStoreOptions = {
    storeClient: redisClient,
    execEvenly: false,
    blockDuration: SECONDS_IN_A_HALF_A_DAY,
  };

  startPushNotificationRunner();
  resetNumSwipesDaily();

  const wsUsers: Record<
    string,
    { ws: WebSocket; openChatUserId: string | null }
  > = {};
  const wsSend = (key: string, v: any) => {
    if (key in wsUsers) {
      wsUsers[key].ws.send(JSON.stringify(v));
    }
  };

  passport.use(
    new GitHubStrategy(
      {
        clientID: process.env.GITHUB_CLIENT_ID,
        clientSecret: process.env.GITHUB_CLIENT_SECRET,
        callbackURL: `${process.env.SERVER_URL}/auth/github/callback`,
      },
      async (githubAccessToken, _, profile, cb) => {
        try {
          let user = await User.findOne({ githubId: profile.id });
          const data: Partial<User> = {
            githubAccessToken,
            githubId: profile.id,
            photoUrl:
              profile.photos?.[0].value ||
              (profile._json as any).avatar_url ||
              "",
            other: profile._json,
            profileUrl: profile.profileUrl,
            username: profile.username,
          };
          if (user) {
            await User.update(user.id, data);
          } else {
            data.bio = (profile._json as any)?.bio || "";
            data.displayName = profile.displayName;
            user = await User.create(data).save();
          }
          cb(undefined, createTokens(user));
        } catch (err) {
          console.log(err);
          cb(new Error("internal error"));
        }
      }
    )
  );
  passport.serializeUser((user: any, done) => {
    done(null, user.accessToken);
  });

  const app = express();
  app.set("trust proxy", 1);
  app.use(helmet());
  app.use(
    cors({
      origin: "*",
      maxAge: __prod__ ? 86400 : undefined,
      exposedHeaders: [
        "access-token",
        "refresh-token",
        "content-type",
        "content-length",
      ],
    })
  );
  const slackInteractions = createMessageAdapter(
    process.env.SLACK_SIGNING_SECRET
  );
  app.post("/slack", slackInteractions.expressMiddleware());
  app.use(express.json());
  app.use(passport.initialize());
  const router = Router();
  app.use(router);

  if (!__prod__) {
    app.get("/all-users", async (_, res) => res.send(await User.find()));
    app.post("/login", async (req, res) =>
      res.send(createTokens((await User.findOne(req.body.userId))!))
    );
  }

  slackInteractions.action({ type: "button" }, async (payload, respond) => {
    if (!payload.actions || !payload.actions.length) {
      respond({ text: "no actions?" });
      return;
    }

    const [{ action_id, value }] = payload.actions;
    if (action_id === "shadow-ban") {
      try {
        await User.update(value, { shadowBanned: true });
        respond({ text: "banned" });
      } catch (err) {
        respond({ text: "Something went wrong: " + err.message });
      }
    }
  });

  router.post("/email/login", async (req, res, next) => {
    const { email, password } = req.body;
    if (
      email !== process.env.APPLE_EMAIL &&
      password !== process.env.APPLE_PASSWORD
    ) {
      next(
        createError(
          400,
          "this is for the apple tester only, you should login with github"
        )
      );
      return;
    }

    let user = await User.findOne({ appleId: process.env.APPLE_EMAIL });
    if (!user) {
      user = await User.create({
        appleId: process.env.APPLE_EMAIL,
        photoUrl: "https://via.placeholder.com/150x150",
        shadowBanned: true,
      }).save();
    }

    res.send(createTokens(user));
  });

  router.post("/apple/login", async (req, res, next) => {
    const { user: appleId } = req.body;
    if (typeof appleId !== "string") {
      next(createError(400, "something went wrong with apple auth"));
      return;
    }

    let user = await User.findOne({ appleId });
    if (!user) {
      user = await User.create({
        displayName: req.body?.fullName?.givenName || "",
        goal: "friendship",
        birthday: new Date(),
        codeImgIds: ["v56pytkbl-1606765556556.png"],
        appleId,
        photoUrl: "https://via.placeholder.com/150x150",
        shadowBanned: true,
      }).save();
    } else if (!user.goal) {
      user.displayName = req.body?.fullName?.givenName || "";
      user.goal = "friendship";
      user.birthday = new Date();
      user.codeImgIds = ["v56pytkbl-1606765556556.png"];
      await user.save();
    }

    res.send(createTokens(user));
  });

  router.get("/auth/github/rn", (req, res, next) => {
    const state = Buffer.from(JSON.stringify({ rn: true })).toString("base64");
    passport.authenticate("github", {
      session: false,
      state,
    })(req, res, next);
  });

  router.get("/auth/github", (req, res, next) => {
    const state = Buffer.from(JSON.stringify({ rn: false })).toString("base64");
    passport.authenticate("github", {
      session: false,
      state,
    })(req, res, next);
  });

  router.get(
    "/auth/github/callback",
    passport.authenticate("github"),
    (req: any, res) => {
      if (!req.user.accessToken || !req.user.refreshToken) {
        res.send(`something went wrong`);
        return;
      }
      const { state } = req.query;
      const { rn } = JSON.parse(Buffer.from(state, "base64").toString());
      if (rn) {
        res.redirect(
          `${
            __prod__
              ? `vsinder://`
              : `exp:${
                  process.env.SERVER_URL.replace("http:", "").split(":")[0]
                }:19005/--/`
          }tokens/${req.user.accessToken}/${req.user.refreshToken}`
        );
      } else {
        res.redirect(
          `http://localhost:54321/callback/${req.user.accessToken}/${req.user.refreshToken}`
        );
      }
    }
  );

  router.put(
    "/user/imgs",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/imgs/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, UserCodeImgs);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      await User.update(req.userId, req.body);

      res.json({ ok: true });
    }
  );

  router.put(
    "/user/push-token",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 20,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/push-token/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, UpdatePushTokenStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      await User.update(req.userId, req.body);

      res.json({ ok: true });
    }
  );

  router.put(
    "/user",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/",
      })
    ),
    async (req: any, res, next) => {
      if (req.body.goal === "friendship") {
        req.body.ageRangeMin = 18;
        req.body.ageRangeMax = 33;
        req.body.location = "online";
      }
      if (!req.body.location) {
        req.body.location = "online";
      }
      try {
        assert(req.body, UpdateUser);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      await User.update(req.userId, req.body);

      res.json({ user: await getUser(req.userId) });
    }
  );

  const MS_IN_HOUR = 1000 * 60 * 60;
  const cache: Record<string, { data: any; date: Date }> = {};
  router.get("/leaderboard/:category?", async (req, res, next) => {
    let { category } = req.params;
    if (!category) {
      category = "overall";
    }

    if (category !== "overall" && category !== "male") {
      next(createError(400, "invalid category"));
      return;
    }

    if (
      !(category in cache) ||
      new Date().getTime() - cache[category].date.getTime() > MS_IN_HOUR
    ) {
      const data = await getConnection().query(`
      select u.id, flair, "numLikes", "displayName", date_part('year', age(birthday)) "age", bio, "codeImgIds", "photoUrl"
      from "user" u
      ${category === "male" ? `where gender = 'male'` : ""}
      order by u."numLikes" DESC
      limit 10
      `);
      cache[category] = { data, date: new Date() };
    }

    res.send({ profiles: cache[category].data });
  });

  router.get(
    "/feed",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 500,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/feed/",
      }),
      "You've been using the app too much and hit the rate limit, come back tomorrow"
    ),
    async (req: any, res, next) => {
      const user = await User.findOne(req.userId);
      if (!user) {
        next(createError(400, "your account got deleted"));
        return;
      }

      if (!user.birthday) {
        next(
          createError(
            400,
            "you need to set your birthday in the profile settings"
          )
        );
        return;
      }

      const myAge = getAge(new Date(user.birthday));
      const paramNum = user.global ? 6 : 4;
      const loveWhere = `
        and goal = 'love'
        and ("genderToShow" = 'everyone' or "genderToShow" = $${paramNum})
        and $${paramNum + 1} <= date_part('year', age(birthday))
        and $${paramNum + 2} >= date_part('year', age(birthday))
        and "ageRangeMin" <= $${paramNum + 3}
        and "ageRangeMax" >= $${paramNum + 4}
        and (location = $${paramNum + 5} ${
        user.global ? `or global = true` : ""
      })
        ${
          user.genderToShow !== "everyone"
            ? `and gender = $${paramNum + 6}`
            : ""
        }
    `;
      const loveParams = [
        req.userId,
        req.userId,
        req.userId,
        ...(user.global ? [user.location, user.location] : []),
        user.gender, // my gender matches their gender they want to see
        user.ageRangeMin,
        user.ageRangeMax,
        myAge,
        myAge,
        user.location,
      ];
      if (user.genderToShow !== "everyone") {
        loveParams.push(
          user.genderToShow // their gender matches my gender I want to see
        );
      }
      const friendWhere = `and date_part('year', age(birthday)) ${
        myAge >= 18 ? ">=" : "<"
      } 18`;
      const friendParams = [req.userId, req.userId, req.userId];

      const profiles = await getConnection().query(
        `
        select u.id, flair, "displayName", date_part('year', age(birthday)) "age", bio, "codeImgIds", "photoUrl"
        from "user" u
        left join view v on v."viewerId" = $1 and u.id = v."targetId"
        left join view v2 on $2 = v2."targetId" and v2.liked = true and u.id = v2."viewerId"
        where
        v is null
        and u.id != $3
        ${user.goal === "love" ? loveWhere : friendWhere}
        and array_length("codeImgIds", 1) >= 1
        and "shadowBanned" != true
        order by
          (case
            ${
              user.goal === "love" && user.global
                ? `
            when (u.location = $4 and v2 is not null)
            then random() - 1.2
            when (u.location = $5)
            then random() - 1
            `
                : ""
            }
            when (v2 is not null)
            then random() - .2
            else random()
          end) - u."numSwipes" / ${activeSwipesMax}
        limit 20;
        `,
        user.goal === "love" ? loveParams : friendParams
      );

      res.json({
        profiles,
      });
    }
  );

  router.get(
    "/matches/:cursor",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 500,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/matches/",
      }),
      "You've been using the app too much and hit the rate limit, come back tomorrow"
    ),
    async (req: any, res) => {
      res.send({
        matches: await getConnection().query(
          `
        select
        case
          when u.id = ma."userId1" then ma.read2
          else ma.read1
        end "read",
        ma.id "matchId",
        u.id "userId", u.flair, u."photoUrl", u."displayName", date_part('epoch', ma."createdAt") * 1000 "createdAt",
        (select json_build_object('text', text, 'createdAt', date_part('epoch', m."createdAt")*1000)
        from message m
        where (m."recipientId" = ma."userId1" and m."senderId" = ma."userId2")
        or
        (m."senderId" = ma."userId1" and m."recipientId" = ma."userId2")
        order by m."createdAt" desc limit 1) message
        from match ma
        inner join "user" u on u.id != $1 and (u.id = ma."userId1" or u.id = ma."userId2")
        where (ma."userId1" = $2 or ma."userId2" = $3) and ma.unmatched = false
        limit 150
      `,
          [req.userId, req.userId, req.userId]
        ),
      });
    }
  );

  router.get(
    "/messages/:userId/:cursor?",
    isAuth(),
    async (req: any, res, next) => {
      try {
        req.params.cursor = req.params.cursor
          ? parseInt(req.params.cursor)
          : undefined;
        assert(req.params, GetMessageStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }
      const { userId, cursor } = req.params;
      const qb = getConnection()
        .createQueryBuilder()
        .select("m")
        .from(Message, "m")
        .where(
          `((m."recipientId" = :u1 and m."senderId" = :u2) or (m."recipientId" = :u3 and m."senderId" = :u4))`,
          {
            u1: userId,
            u2: req.userId,
            u3: req.userId,
            u4: userId,
          }
        )
        .orderBy(`"createdAt"`, "DESC")
        .take(21);
      if (cursor && Number.isInteger(cursor)) {
        qb.andWhere(`m."createdAt" < :cursor`, { cursor: new Date(cursor) });
      }
      const messages = await qb.getMany();
      res.send({
        messages: messages.slice(0, 20),
        hasMore: messages.length === 21,
      });

      if (req.userId in wsUsers) {
        wsUsers[req.userId].openChatUserId = userId;
      }

      if (!cursor) {
        const userIdOrder = getUserIdOrder(userId, req.userId);
        getConnection()
          .createQueryBuilder()
          .update(Match)
          .set({
            [userIdOrder.userId1 === req.userId ? "read1" : "read2"]: true,
          })
          .where(`"userId1" = :userId1 and "userId2" = :userId2`, userIdOrder)
          .execute();
      }
    }
  );

  router.post(
    "/unmatch",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/unmatch/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, UnmatchStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      const { userId } = req.body;

      await Match.delete(getUserIdOrder(req.userId, userId));
      wsSend(userId, { type: "unmatch", userId: req.userId });

      res.send({ ok: true });
    }
  );

  router.post(
    "/report",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 100,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/report/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, ReportStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      const { userId, message, unmatchOrReject } = req.body;

      if (unmatchOrReject === "unmatch") {
        await Match.delete(getUserIdOrder(req.userId, userId));
        wsSend(userId, { type: "unmatch", userId: req.userId });
      }

      if (unmatchOrReject === "reject") {
        await View.insert({
          viewerId: req.userId,
          targetId: userId,
          liked: false,
        });
      }

      res.send({ ok: true });

      // sketchy not catching errors ;;
      Report.insert({ reporterId: req.userId, targetId: userId, message });
      User.findOne(userId).then((u) => {
        fetch(process.env.SLACK_REPORT_URL, {
          method: "post",
          headers: {
            "Content-type": "application/json",
          },
          body: JSON.stringify({
            blocks: [
              {
                type: "section",
                fields: [
                  {
                    type: "mrkdwn",
                    text: "*Reporter id:*\n" + req.userId,
                  },
                  {
                    type: "mrkdwn",
                    text: "*Target id:*\n" + userId,
                  },
                  {
                    type: "mrkdwn",
                    text: "*type:*\n" + unmatchOrReject,
                  },
                  {
                    type: "mrkdwn",
                    text: "*message:*\n" + message,
                  },
                ],
              },
              ...(u?.codeImgIds.map((id) => ({
                type: "image",
                title: {
                  type: "plain_text",
                  text: id,
                  emoji: true,
                },
                image_url: `https://img.vsinder.com/${id}`,
                alt_text: "code",
              })) || []),
              ...(u?.photoUrl
                ? [
                    {
                      type: "image",
                      title: {
                        type: "plain_text",
                        text:
                          u.displayName +
                          " | " +
                          u.gender +
                          " | " +
                          u.bio +
                          " | " +
                          u.photoUrl,
                        emoji: true,
                      },
                      image_url: u.photoUrl,
                      alt_text: "code",
                    },
                  ]
                : []),
              {
                type: "actions",
                elements: [
                  {
                    type: "button",
                    action_id: "shadow-ban",
                    text: {
                      type: "plain_text",
                      emoji: true,
                      text: "shadow ban",
                    },
                    style: "primary",
                    value: userId,
                  },
                ],
              },
            ],
          }),
        });
      });
    }
  );

  router.post(
    "/message",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 1000,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/message/",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, MessageStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }

      if (
        !(await Match.findOne(getUserIdOrder(req.userId, req.body.recipientId)))
      ) {
        next(createError(400, "you got unmatched"));
        return;
      }

      const m = await Message.create({
        ...req.body,
        senderId: req.userId,
      } as Message).save();

      wsSend(m.recipientId, { type: "new-message", message: m });

      res.send({ message: m });

      if (
        !(m.recipientId in wsUsers) ||
        wsUsers[m.recipientId].openChatUserId !== req.userId
      ) {
        const userIdOrder = getUserIdOrder(req.userId, m.recipientId);
        Match.update(
          { ...userIdOrder, unmatched: false },
          { [userIdOrder.userId1 === m.recipientId ? "read1" : "read2"]: false }
        );
      }

      if (!(m.recipientId in wsUsers)) {
        queuePushNotifToSend({
          idToSendTo: m.recipientId,
          otherId: req.userId,
          type: "message",
          text: m.text.slice(0, 100),
        });
      }
    }
  );

  router.post(
    "/view",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 500,
        duration: SECONDS_IN_A_HALF_A_DAY,
        blockDuration: 0,
        keyPrefix: "rl/view/",
      }),
      `You've hit the rate limit of 500 swipes a day, come back tomorrow`
    ),
    async (req: any, res, next) => {
      try {
        assert(req.body, ViewStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }
      const { userId, liked } = req.body;
      let fav: View | undefined = undefined;
      try {
        const [_fav] = await Promise.all([
          liked
            ? View.findOne({
                viewerId: userId,
                targetId: req.userId,
                liked: true,
              })
            : Promise.resolve(undefined),
          View.insert({
            viewerId: req.userId,
            targetId: userId,
            liked,
          }),
        ]);
        fav = _fav;
      } catch (err) {
        if (err.message.includes("duplicate key")) {
          res.json({
            match: false,
            ok: false,
          });
          return;
        } else {
          throw err;
        }
      }

      let match = false;
      if (fav) {
        await Match.insert(getUserIdOrder(userId, req.userId));
        match = true;
      }

      res.json({
        match,
        ok: true,
      });

      if (match) {
        const ids = getUserIdOrder(userId, req.userId);
        wsSend(userId, {
          type: "new-match",
          ...ids,
        });
        wsSend(req.userId, {
          type: "new-match",
          ...ids,
        });
        // does not have a ws connection
        if (!(userId in wsUsers)) {
          queuePushNotifToSend({
            idToSendTo: userId,
            otherId: req.userId,
            type: "match",
          });
        }
      }

      if (liked) {
        User.update(userId, { numLikes: () => '"numLikes" + 1' });
        wsSend(userId, { type: "new-like" });
      }

      User.update(req.userId, {
        numSwipes: () => `LEAST("numSwipes" + 1, ${activeSwipesMax})`,
      });
    }
  );

  router.get(
    "/user/:id",
    isAuth(),
    rateLimitMiddleware(
      new RateLimiterRedis({
        ...defaultRateLimitOpts,
        points: 200,
        duration: SECONDS_IN_A_HALF_A_DAY,
        keyPrefix: "rl/user/:id",
      })
    ),
    async (req: any, res, next) => {
      try {
        assert(req.params, OneUserStruct);
      } catch (err) {
        next(createError(400, err.message));
        return;
      }
      const { id } = req.params;

      const { userId1, userId2 } = getUserIdOrder(req.userId, id);
      const isMe = userId1 === userId2;

      const [user] = await getConnection().query(
        `
    select u.id, flair, "displayName", date_part('year', age(birthday)) "age", bio, "codeImgIds", "photoUrl"
    ${
      isMe
        ? `
    from "user" u
    where  u.id = $1
    `
        : `
    from "user" u, match m
    where  m."userId1" = $1 and m."userId2" = $2 and u.id = $3
    `
    }
    `,
        isMe ? [id] : [userId1, userId2, id]
      );

      res.json({
        user,
      });
    }
  );

  router.post("/account/delete", isAuth(), async (req: any, res) => {
    if (isUuid.v4(req.userId)) {
      await User.delete(req.userId);
    }

    res.json({
      ok: true,
    });
  });

  router.get("/me", isAuth(false), async (req: any, res) => {
    if (!req.userId) {
      res.json({
        user: null,
      });
      return;
    }

    res.json({
      user: await getUser(req.userId),
    });
  });

  router.use((err: any, _: any, res: any, next: any) => {
    if (res.headersSent) {
      return next(err);
    }
    if (err.statusCode) {
      res.status(err.statusCode).send(err.message);
    } else {
      console.log(err);
      res.status(500).send("internal server error");
    }
  });

  const server = http.createServer(app);
  const wss = new Server({ noServer: true });
  wss.on("connection", (ws: WebSocket, userId: string) => {
    if (!userId) {
      ws.terminate();
      return;
    }

    // console.log("ws open: ", userId);
    wsUsers[userId] = { openChatUserId: null, ws };

    ws.on("message", (e: any) => {
      const {
        type,
        userId: openChatUserId,
      }: { type: "message-open"; userId: string } = JSON.parse(e);
      if (type === "message-open") {
        if (userId in wsUsers) {
          wsUsers[userId].openChatUserId = openChatUserId;
        }
      }
    });

    ws.on("close", () => {
      // console.log("ws close: ", userId);
      delete wsUsers[userId];
    });
  });
  server.on("upgrade", async function upgrade(request, socket, head) {
    const good = (userId: string) => {
      wss.handleUpgrade(request, socket, head, function done(ws) {
        wss.emit("connection", ws, userId);
      });
    };
    const bad = () => {
      socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
      socket.destroy();
    };
    try {
      const {
        query: { accessToken, refreshToken },
      } = url.parse(request.url, true);
      if (
        !accessToken ||
        !refreshToken ||
        typeof accessToken !== "string" ||
        typeof refreshToken !== "string"
      ) {
        return bad();
      }
      try {
        const data = verify(
          accessToken,
          process.env.ACCESS_TOKEN_SECRET
        ) as any;
        return good(data.userId);
      } catch {}

      try {
        const data = verify(
          refreshToken,
          process.env.REFRESH_TOKEN_SECRET
        ) as any;
        const user = await User.findOne(data.userId);
        // token has been invalidated or user deleted
        if (!user || user.tokenVersion !== data.tokenVersion) {
          return bad();
        }
        return good(data.userId);
      } catch {}
    } catch {}

    return bad();
  });
  server.listen(process.env.PORT ? parseInt(process.env.PORT) : 3001, () => {
    console.log("server started");
  });
}