stacker.news/api/resolvers/user.js

794 lines
25 KiB
JavaScript
Raw Normal View History

import { GraphQLError } from 'graphql'
2021-12-17 00:01:02 +00:00
import { decodeCursor, LIMIT, nextCursorEncoded } from '../../lib/cursor'
2022-11-15 20:51:55 +00:00
import { msatsToSats } from '../../lib/format'
2023-02-08 19:38:04 +00:00
import { bioSchema, emailSchema, settingsSchema, ssValidate, userSchema } from '../../lib/validate'
2023-08-27 22:48:46 +00:00
import { getItem, updateItem, filterClause, createItem } from './item'
Allow zapping, posting and commenting without funds or an account (#336) * Add anon zaps * Add anon comments and posts (link, discussion, poll) * Use payment hash instead of invoice id as proof of payment Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs. * Allow pay per invoice for stackers The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice" * Fix onSuccess called twice For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice. This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice. * Keep invoice modal open if focus is lost * Skip anon user during trust calculation * Add error handling * Skip 'invoice not found' errors * Remove duplicate insufficient funds handling * Fix insufficient funds error detection * Fix invoice amount for comments * Allow pay per invoice for bounty and job posts * Also strike on payment after short press * Fix unexpected token 'export' * Fix eslint * Remove unused id param * Fix comment copy-paste error * Rename to useInvoiceable * Fix unexpected token 'export' * Fix onConfirmation called at every render * Add invoice HMAC This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN. Only the user which created the invoice knows the HMAC and thus can use the invoice hash. * make anon posting less hidden, add anon info button explainer * Fix anon users can't zap other anon users * Always show repeat and contacts on action error * Keep track of modal stack * give anon an icon * add generic date pivot helper * make anon user's invoices expire in 5 minutes * fix forgotten find and replace * use datePivot more places * add sat amounts to invoices * reduce anon invoice expiration to 3 minutes * don't abbreviate * Fix [object Object] as error message Any errors thrown here are already objects of shape { message: string } * Fix empty invoice creation attempts I stumbled across this while checking if anons can edit their items. I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error: Variable "$amount" of required type "Int!" was not provided. I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now. * anon func mods, e.g. inv limits * anon tips should be denormalized * remove redundant meTotalSats * correct overlay zap text for anon * exclude anon from trust graph before algo runs * remove balance limit on anon * give anon a bio and remove cowboy hat/top stackers; * make anon hat appear on profile * concat hash and hmac and call it a token * Fix localStorage cleared because error were swallowed * fix qr layout shift * restyle fund error modal * Catch invoice errors in fund error modal * invoice check backoff * anon info typo * make invoice expiration times have saner defaults * add comma to anon info * use builtin copy input label --------- Co-authored-by: ekzyis <ek@stacker.news> Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
import { datePivot } from '../../lib/time'
2021-09-23 17:42:00 +00:00
2022-10-26 14:56:22 +00:00
export function within (table, within) {
let interval = ' AND "' + table + '".created_at >= $1 - INTERVAL '
2021-12-17 00:01:02 +00:00
switch (within) {
2022-10-26 14:56:22 +00:00
case 'day':
2022-10-25 21:35:32 +00:00
interval += "'1 day'"
2021-12-17 00:01:02 +00:00
break
2022-07-14 00:55:10 +00:00
case 'week':
interval += "'7 days'"
break
case 'month':
interval += "'1 month'"
break
case 'year':
interval += "'1 year'"
break
default:
2022-10-26 14:56:22 +00:00
interval = ''
2022-10-25 21:35:32 +00:00
break
}
return interval
}
export function viewWithin (table, within) {
let interval = ' AND "' + table + '".day >= date_trunc(\'day\', timezone(\'America/Chicago\', $1 at time zone \'UTC\' - interval '
switch (within) {
case 'day':
interval += "'1 day'))"
break
case 'week':
interval += "'7 days'))"
break
case 'month':
interval += "'1 month'))"
break
case 'year':
interval += "'1 year'))"
break
default:
// HACK: we need to use the time parameter otherwise prisma *cries* about it
interval = ' AND users.created_at <= $1'
break
}
return interval
}
2022-10-26 14:56:22 +00:00
export function withinDate (within) {
2022-10-25 21:35:32 +00:00
switch (within) {
2022-10-26 14:56:22 +00:00
case 'day':
Allow zapping, posting and commenting without funds or an account (#336) * Add anon zaps * Add anon comments and posts (link, discussion, poll) * Use payment hash instead of invoice id as proof of payment Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs. * Allow pay per invoice for stackers The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice" * Fix onSuccess called twice For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice. This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice. * Keep invoice modal open if focus is lost * Skip anon user during trust calculation * Add error handling * Skip 'invoice not found' errors * Remove duplicate insufficient funds handling * Fix insufficient funds error detection * Fix invoice amount for comments * Allow pay per invoice for bounty and job posts * Also strike on payment after short press * Fix unexpected token 'export' * Fix eslint * Remove unused id param * Fix comment copy-paste error * Rename to useInvoiceable * Fix unexpected token 'export' * Fix onConfirmation called at every render * Add invoice HMAC This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN. Only the user which created the invoice knows the HMAC and thus can use the invoice hash. * make anon posting less hidden, add anon info button explainer * Fix anon users can't zap other anon users * Always show repeat and contacts on action error * Keep track of modal stack * give anon an icon * add generic date pivot helper * make anon user's invoices expire in 5 minutes * fix forgotten find and replace * use datePivot more places * add sat amounts to invoices * reduce anon invoice expiration to 3 minutes * don't abbreviate * Fix [object Object] as error message Any errors thrown here are already objects of shape { message: string } * Fix empty invoice creation attempts I stumbled across this while checking if anons can edit their items. I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error: Variable "$amount" of required type "Int!" was not provided. I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now. * anon func mods, e.g. inv limits * anon tips should be denormalized * remove redundant meTotalSats * correct overlay zap text for anon * exclude anon from trust graph before algo runs * remove balance limit on anon * give anon a bio and remove cowboy hat/top stackers; * make anon hat appear on profile * concat hash and hmac and call it a token * Fix localStorage cleared because error were swallowed * fix qr layout shift * restyle fund error modal * Catch invoice errors in fund error modal * invoice check backoff * anon info typo * make invoice expiration times have saner defaults * add comma to anon info * use builtin copy input label --------- Co-authored-by: ekzyis <ek@stacker.news> Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
return datePivot(new Date(), { days: -1 })
2022-10-25 21:35:32 +00:00
case 'week':
Allow zapping, posting and commenting without funds or an account (#336) * Add anon zaps * Add anon comments and posts (link, discussion, poll) * Use payment hash instead of invoice id as proof of payment Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs. * Allow pay per invoice for stackers The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice" * Fix onSuccess called twice For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice. This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice. * Keep invoice modal open if focus is lost * Skip anon user during trust calculation * Add error handling * Skip 'invoice not found' errors * Remove duplicate insufficient funds handling * Fix insufficient funds error detection * Fix invoice amount for comments * Allow pay per invoice for bounty and job posts * Also strike on payment after short press * Fix unexpected token 'export' * Fix eslint * Remove unused id param * Fix comment copy-paste error * Rename to useInvoiceable * Fix unexpected token 'export' * Fix onConfirmation called at every render * Add invoice HMAC This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN. Only the user which created the invoice knows the HMAC and thus can use the invoice hash. * make anon posting less hidden, add anon info button explainer * Fix anon users can't zap other anon users * Always show repeat and contacts on action error * Keep track of modal stack * give anon an icon * add generic date pivot helper * make anon user's invoices expire in 5 minutes * fix forgotten find and replace * use datePivot more places * add sat amounts to invoices * reduce anon invoice expiration to 3 minutes * don't abbreviate * Fix [object Object] as error message Any errors thrown here are already objects of shape { message: string } * Fix empty invoice creation attempts I stumbled across this while checking if anons can edit their items. I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error: Variable "$amount" of required type "Int!" was not provided. I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now. * anon func mods, e.g. inv limits * anon tips should be denormalized * remove redundant meTotalSats * correct overlay zap text for anon * exclude anon from trust graph before algo runs * remove balance limit on anon * give anon a bio and remove cowboy hat/top stackers; * make anon hat appear on profile * concat hash and hmac and call it a token * Fix localStorage cleared because error were swallowed * fix qr layout shift * restyle fund error modal * Catch invoice errors in fund error modal * invoice check backoff * anon info typo * make invoice expiration times have saner defaults * add comma to anon info * use builtin copy input label --------- Co-authored-by: ekzyis <ek@stacker.news> Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
return datePivot(new Date(), { days: -7 })
2022-10-25 21:35:32 +00:00
case 'month':
Allow zapping, posting and commenting without funds or an account (#336) * Add anon zaps * Add anon comments and posts (link, discussion, poll) * Use payment hash instead of invoice id as proof of payment Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs. * Allow pay per invoice for stackers The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice" * Fix onSuccess called twice For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice. This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice. * Keep invoice modal open if focus is lost * Skip anon user during trust calculation * Add error handling * Skip 'invoice not found' errors * Remove duplicate insufficient funds handling * Fix insufficient funds error detection * Fix invoice amount for comments * Allow pay per invoice for bounty and job posts * Also strike on payment after short press * Fix unexpected token 'export' * Fix eslint * Remove unused id param * Fix comment copy-paste error * Rename to useInvoiceable * Fix unexpected token 'export' * Fix onConfirmation called at every render * Add invoice HMAC This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN. Only the user which created the invoice knows the HMAC and thus can use the invoice hash. * make anon posting less hidden, add anon info button explainer * Fix anon users can't zap other anon users * Always show repeat and contacts on action error * Keep track of modal stack * give anon an icon * add generic date pivot helper * make anon user's invoices expire in 5 minutes * fix forgotten find and replace * use datePivot more places * add sat amounts to invoices * reduce anon invoice expiration to 3 minutes * don't abbreviate * Fix [object Object] as error message Any errors thrown here are already objects of shape { message: string } * Fix empty invoice creation attempts I stumbled across this while checking if anons can edit their items. I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error: Variable "$amount" of required type "Int!" was not provided. I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now. * anon func mods, e.g. inv limits * anon tips should be denormalized * remove redundant meTotalSats * correct overlay zap text for anon * exclude anon from trust graph before algo runs * remove balance limit on anon * give anon a bio and remove cowboy hat/top stackers; * make anon hat appear on profile * concat hash and hmac and call it a token * Fix localStorage cleared because error were swallowed * fix qr layout shift * restyle fund error modal * Catch invoice errors in fund error modal * invoice check backoff * anon info typo * make invoice expiration times have saner defaults * add comma to anon info * use builtin copy input label --------- Co-authored-by: ekzyis <ek@stacker.news> Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
return datePivot(new Date(), { days: -30 })
2022-10-25 21:35:32 +00:00
case 'year':
Allow zapping, posting and commenting without funds or an account (#336) * Add anon zaps * Add anon comments and posts (link, discussion, poll) * Use payment hash instead of invoice id as proof of payment Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs. * Allow pay per invoice for stackers The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice" * Fix onSuccess called twice For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice. This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice. * Keep invoice modal open if focus is lost * Skip anon user during trust calculation * Add error handling * Skip 'invoice not found' errors * Remove duplicate insufficient funds handling * Fix insufficient funds error detection * Fix invoice amount for comments * Allow pay per invoice for bounty and job posts * Also strike on payment after short press * Fix unexpected token 'export' * Fix eslint * Remove unused id param * Fix comment copy-paste error * Rename to useInvoiceable * Fix unexpected token 'export' * Fix onConfirmation called at every render * Add invoice HMAC This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN. Only the user which created the invoice knows the HMAC and thus can use the invoice hash. * make anon posting less hidden, add anon info button explainer * Fix anon users can't zap other anon users * Always show repeat and contacts on action error * Keep track of modal stack * give anon an icon * add generic date pivot helper * make anon user's invoices expire in 5 minutes * fix forgotten find and replace * use datePivot more places * add sat amounts to invoices * reduce anon invoice expiration to 3 minutes * don't abbreviate * Fix [object Object] as error message Any errors thrown here are already objects of shape { message: string } * Fix empty invoice creation attempts I stumbled across this while checking if anons can edit their items. I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error: Variable "$amount" of required type "Int!" was not provided. I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now. * anon func mods, e.g. inv limits * anon tips should be denormalized * remove redundant meTotalSats * correct overlay zap text for anon * exclude anon from trust graph before algo runs * remove balance limit on anon * give anon a bio and remove cowboy hat/top stackers; * make anon hat appear on profile * concat hash and hmac and call it a token * Fix localStorage cleared because error were swallowed * fix qr layout shift * restyle fund error modal * Catch invoice errors in fund error modal * invoice check backoff * anon info typo * make invoice expiration times have saner defaults * add comma to anon info * use builtin copy input label --------- Co-authored-by: ekzyis <ek@stacker.news> Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
return datePivot(new Date(), { days: -365 })
2022-10-25 21:35:32 +00:00
default:
2022-10-26 14:56:22 +00:00
return new Date(0)
2022-07-14 00:55:10 +00:00
}
}
2022-06-02 22:55:23 +00:00
async function authMethods (user, args, { models, me }) {
const accounts = await models.account.findMany({
where: {
userId: me.id
}
})
const oauth = accounts.map(a => a.provider)
2022-06-02 22:55:23 +00:00
return {
lightning: !!user.pubkey,
email: user.emailVerified && user.email,
twitter: oauth.indexOf('twitter') >= 0,
2023-01-18 18:49:20 +00:00
github: oauth.indexOf('github') >= 0,
nostr: !!user.nostrAuthPubkey
2022-06-02 22:55:23 +00:00
}
}
2021-03-25 19:29:24 +00:00
export default {
Query: {
2023-05-07 15:44:57 +00:00
me: async (parent, { skipUpdate }, { models, me }) => {
if (!me?.id) {
return null
}
2023-05-07 15:44:57 +00:00
if (!skipUpdate) {
models.user.update({ where: { id: me.id }, data: { lastSeenAt: new Date() } }).catch(console.error)
}
return await models.user.findUnique({ where: { id: me.id } })
},
2022-06-02 22:55:23 +00:00
settings: async (parent, args, { models, me }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2022-06-02 22:55:23 +00:00
}
return await models.user.findUnique({ where: { id: me.id } })
},
2021-04-22 22:14:32 +00:00
user: async (parent, { name }, { models }) => {
return await models.user.findUnique({ where: { name } })
},
2021-03-25 19:29:24 +00:00
users: async (parent, args, { models }) =>
2021-05-21 22:32:21 +00:00
await models.user.findMany(),
nameAvailable: async (parent, { name }, { models, me }) => {
let user
if (me) {
user = await models.user.findUnique({ where: { id: me.id } })
2021-05-21 22:32:21 +00:00
}
return user?.name?.toUpperCase() === name?.toUpperCase() || !(await models.user.findUnique({ where: { name } }))
2021-12-17 00:01:02 +00:00
},
2023-02-09 18:41:28 +00:00
topCowboys: async (parent, { cursor }, { models, me }) => {
const decodedCursor = decodeCursor(cursor)
2023-07-26 16:01:31 +00:00
const users = await models.$queryRawUnsafe(`
2023-08-29 01:12:33 +00:00
SELECT users.*,
coalesce(floor(sum(msats_spent)/1000),0) as spent,
coalesce(sum(posts),0) as nposts,
coalesce(sum(comments),0) as ncomments,
coalesce(sum(referrals),0) as referrals,
coalesce(floor(sum(msats_stacked)/1000),0) as stacked
2023-02-09 18:41:28 +00:00
FROM users
LEFT JOIN user_stats_days on users.id = user_stats_days.id
2023-05-01 21:49:47 +00:00
WHERE NOT "hideFromTopUsers" AND NOT "hideCowboyHat" AND streak IS NOT NULL
GROUP BY users.id
2023-02-09 18:41:28 +00:00
ORDER BY streak DESC, created_at ASC
OFFSET $1
LIMIT ${LIMIT}`, decodedCursor.offset)
return {
cursor: users.length === LIMIT ? nextCursorEncoded(decodedCursor) : null,
users
}
},
topUsers: async (parent, { cursor, when, by }, { models, me }) => {
2021-12-17 00:01:02 +00:00
const decodedCursor = decodeCursor(cursor)
2022-02-02 21:50:12 +00:00
let users
if (when !== 'day') {
let column
switch (by) {
case 'spent': column = 'spent'; break
case 'posts': column = 'nposts'; break
case 'comments': column = 'ncomments'; break
case 'referrals': column = 'referrals'; break
default: column = 'stacked'; break
}
2023-07-26 16:01:31 +00:00
users = await models.$queryRawUnsafe(`
WITH u AS (
SELECT users.*, floor(sum(msats_spent)/1000) as spent,
sum(posts) as nposts, sum(comments) as ncomments, sum(referrals) as referrals,
floor(sum(msats_stacked)/1000) as stacked
FROM user_stats_days
JOIN users on users.id = user_stats_days.id
WHERE NOT users."hideFromTopUsers"
${viewWithin('user_stats_days', when)}
GROUP BY users.id
ORDER BY ${column} DESC NULLS LAST, users.created_at DESC
)
SELECT * FROM u WHERE ${column} > 0
OFFSET $2
LIMIT ${LIMIT}`, decodedCursor.time, decodedCursor.offset)
return {
cursor: users.length === LIMIT ? nextCursorEncoded(decodedCursor) : null,
users
}
}
if (by === 'spent') {
2023-07-26 16:01:31 +00:00
users = await models.$queryRawUnsafe(`
2022-12-08 00:04:02 +00:00
SELECT users.*, sum(sats_spent) as spent
FROM
((SELECT "userId", floor(sum("ItemAct".msats)/1000) as sats_spent
FROM "ItemAct"
WHERE "ItemAct".created_at <= $1
${within('ItemAct', when)}
GROUP BY "userId")
UNION ALL
(SELECT "userId", sats as sats_spent
FROM "Donation"
WHERE created_at <= $1
${within('Donation', when)})) spending
JOIN users on spending."userId" = users.id
2022-12-01 21:31:04 +00:00
AND NOT users."hideFromTopUsers"
2022-02-02 21:50:12 +00:00
GROUP BY users.id, users.name
2022-10-25 21:35:32 +00:00
ORDER BY spent DESC NULLS LAST, users.created_at DESC
OFFSET $2
LIMIT ${LIMIT}`, decodedCursor.time, decodedCursor.offset)
} else if (by === 'posts') {
2023-07-26 16:01:31 +00:00
users = await models.$queryRawUnsafe(`
2023-07-27 00:18:42 +00:00
SELECT users.*, count(*)::INTEGER as nposts
2022-10-25 21:35:32 +00:00
FROM users
JOIN "Item" on "Item"."userId" = users.id
WHERE "Item".created_at <= $1 AND "Item"."parentId" IS NULL
2022-12-01 21:31:04 +00:00
AND NOT users."hideFromTopUsers"
2022-10-26 14:56:22 +00:00
${within('Item', when)}
2022-10-25 21:35:32 +00:00
GROUP BY users.id
ORDER BY nposts DESC NULLS LAST, users.created_at DESC
2022-10-25 21:35:32 +00:00
OFFSET $2
LIMIT ${LIMIT}`, decodedCursor.time, decodedCursor.offset)
} else if (by === 'comments') {
2023-07-26 16:01:31 +00:00
users = await models.$queryRawUnsafe(`
2023-07-27 00:18:42 +00:00
SELECT users.*, count(*)::INTEGER as ncomments
2022-10-25 21:35:32 +00:00
FROM users
JOIN "Item" on "Item"."userId" = users.id
WHERE "Item".created_at <= $1 AND "Item"."parentId" IS NOT NULL
2022-12-01 21:31:04 +00:00
AND NOT users."hideFromTopUsers"
2022-10-26 14:56:22 +00:00
${within('Item', when)}
2022-10-25 21:35:32 +00:00
GROUP BY users.id
ORDER BY ncomments DESC NULLS LAST, users.created_at DESC
2022-02-02 21:50:12 +00:00
OFFSET $2
LIMIT ${LIMIT}`, decodedCursor.time, decodedCursor.offset)
} else if (by === 'referrals') {
2023-07-26 16:01:31 +00:00
users = await models.$queryRawUnsafe(`
2023-07-27 00:18:42 +00:00
SELECT users.*, count(*)::INTEGER as referrals
2022-12-19 23:00:53 +00:00
FROM users
JOIN "users" referree on users.id = referree."referrerId"
WHERE referree.created_at <= $1
AND NOT users."hideFromTopUsers"
${within('referree', when)}
GROUP BY users.id
ORDER BY referrals DESC NULLS LAST, users.created_at DESC
OFFSET $2
LIMIT ${LIMIT}`, decodedCursor.time, decodedCursor.offset)
2022-02-02 21:50:12 +00:00
} else {
2023-07-26 16:01:31 +00:00
users = await models.$queryRawUnsafe(`
2023-05-02 22:02:08 +00:00
SELECT u.id, u.name, u.streak, u."photoId", u."hideCowboyHat", floor(sum(amount)/1000) as stacked
2022-07-14 00:55:10 +00:00
FROM
2022-11-15 20:51:55 +00:00
((SELECT users.*, "ItemAct".msats as amount
2022-07-14 00:55:10 +00:00
FROM "ItemAct"
JOIN "Item" on "ItemAct"."itemId" = "Item".id
JOIN users on "Item"."userId" = users.id
WHERE act <> 'BOOST' AND "ItemAct"."userId" <> users.id AND "ItemAct".created_at <= $1
2022-12-01 21:31:04 +00:00
AND NOT users."hideFromTopUsers"
2022-10-26 14:56:22 +00:00
${within('ItemAct', when)})
2022-07-14 00:55:10 +00:00
UNION ALL
2022-11-15 20:51:55 +00:00
(SELECT users.*, "Earn".msats as amount
2022-07-14 00:55:10 +00:00
FROM "Earn"
JOIN users on users.id = "Earn"."userId"
2022-12-01 21:31:04 +00:00
WHERE "Earn".msats > 0 ${within('Earn', when)}
2022-12-19 23:00:53 +00:00
AND NOT users."hideFromTopUsers")
UNION ALL
(SELECT users.*, "ReferralAct".msats as amount
FROM "ReferralAct"
JOIN users on users.id = "ReferralAct"."referrerId"
WHERE "ReferralAct".msats > 0 ${within('ReferralAct', when)}
AND NOT users."hideFromTopUsers")) u
2023-05-02 22:02:08 +00:00
GROUP BY u.id, u.name, u.created_at, u."photoId", u.streak, u."hideCowboyHat"
2022-10-25 21:35:32 +00:00
ORDER BY stacked DESC NULLS LAST, created_at DESC
2022-02-02 21:50:12 +00:00
OFFSET $2
LIMIT ${LIMIT}`, decodedCursor.time, decodedCursor.offset)
}
2021-12-17 00:01:02 +00:00
return {
cursor: users.length === LIMIT ? nextCursorEncoded(decodedCursor) : null,
users
}
2022-08-26 22:20:09 +00:00
},
hasNewNotes: async (parent, args, { me, models }) => {
if (!me) {
return false
}
const user = await models.user.findUnique({ where: { id: me.id } })
const lastChecked = user.checkedNotesAt || new Date(0)
// check if any votes have been cast for them since checkedNotesAt
if (user.noteItemSats) {
2023-07-26 16:01:31 +00:00
const votes = await models.$queryRawUnsafe(`
SELECT 1
FROM "Item"
JOIN "ItemAct" ON
"ItemAct"."itemId" = "Item".id
AND "ItemAct"."userId" <> "Item"."userId"
WHERE "ItemAct".created_at > $2
AND "Item"."userId" = $1
2022-11-23 18:12:09 +00:00
AND "ItemAct".act = 'TIP'
LIMIT 1`, me.id, lastChecked)
if (votes.length > 0) {
return true
}
}
// check if they have any replies since checkedNotesAt
2023-07-26 16:01:31 +00:00
const newReplies = await models.$queryRawUnsafe(`
SELECT 1
FROM "Item"
JOIN "Item" p ON
"Item".created_at >= p.created_at
AND ${user.noteAllDescendants ? '"Item".path <@ p.path' : '"Item"."parentId" = p.id'}
AND "Item"."userId" <> $1
2023-06-01 19:54:44 +00:00
WHERE p."userId" = $1
AND "Item".created_at > $2::timestamp(3) without time zone
${await filterClause(me, models)}
LIMIT 1`, me.id, lastChecked)
if (newReplies.length > 0) {
return true
}
// break out thread subscription to decrease the search space of the already expensive reply query
2023-07-26 16:01:31 +00:00
const newtsubs = await models.$queryRawUnsafe(`
SELECT 1
FROM "ThreadSubscription"
JOIN "Item" p ON "ThreadSubscription"."itemId" = p.id
JOIN "Item" ON ${user.noteAllDescendants ? '"Item".path <@ p.path' : '"Item"."parentId" = p.id'}
WHERE
"ThreadSubscription"."userId" = $1
AND "Item".created_at > $2::timestamp(3) without time zone
${await filterClause(me, models)}
LIMIT 1`, me.id, lastChecked)
if (newtsubs.length > 0) {
return true
}
const newUserSubs = await models.$queryRawUnsafe(`
SELECT 1
FROM "UserSubscription"
JOIN "Item" ON "UserSubscription"."followeeId" = "Item"."userId"
WHERE
"UserSubscription"."followerId" = $1
AND "Item".created_at > $2::timestamp(3) without time zone
${await filterClause(me, models)}
LIMIT 1`, me.id, lastChecked)
if (newUserSubs.length > 0) {
return true
}
// check if they have any mentions since checkedNotesAt
if (user.noteMentions) {
2023-07-26 16:01:31 +00:00
const newMentions = await models.$queryRawUnsafe(`
SELECT "Item".id, "Item".created_at
FROM "Mention"
JOIN "Item" ON "Mention"."itemId" = "Item".id
WHERE "Mention"."userId" = $1
AND "Mention".created_at > $2
AND "Item"."userId" <> $1
LIMIT 1`, me.id, lastChecked)
if (newMentions.length > 0) {
return true
}
}
if (user.noteForwardedSats) {
const votes = await models.$queryRawUnsafe(`
SELECT 1
FROM "Item"
JOIN "ItemAct" ON
"ItemAct"."itemId" = "Item".id
AND "ItemAct"."userId" <> "Item"."userId"
JOIN "ItemForward" ON
"ItemForward"."itemId" = "Item".id
AND "ItemForward"."userId" = $1
WHERE "ItemAct".created_at > $2
AND "Item"."userId" <> $1
AND "ItemAct".act = 'TIP'
LIMIT 1`, me.id, lastChecked)
if (votes.length > 0) {
return true
}
}
const job = await models.item.findFirst({
where: {
maxBid: {
not: null
},
userId: me.id,
statusUpdatedAt: {
gt: lastChecked
}
}
})
2022-11-29 17:28:57 +00:00
if (job && job.statusUpdatedAt > job.createdAt) {
return true
}
if (user.noteEarning) {
const earn = await models.earn.findFirst({
where: {
userId: me.id,
createdAt: {
gt: lastChecked
},
msats: {
gte: 1000
}
}
})
if (earn) {
return true
}
}
if (user.noteDeposits) {
const invoice = await models.invoice.findFirst({
where: {
userId: me.id,
confirmedAt: {
gt: lastChecked
2023-08-31 16:38:45 +00:00
},
isHeld: {
not: true
}
}
})
if (invoice) {
return true
}
}
// check if new invites have been redeemed
if (user.noteInvites) {
2023-07-26 16:01:31 +00:00
const newInvitees = await models.$queryRawUnsafe(`
SELECT "Invite".id
FROM users JOIN "Invite" on users."inviteId" = "Invite".id
WHERE "Invite"."userId" = $1
AND users.created_at > $2
LIMIT 1`, me.id, lastChecked)
if (newInvitees.length > 0) {
return true
}
2022-12-19 22:27:52 +00:00
const referral = await models.user.findFirst({
where: {
referrerId: me.id,
createdAt: {
gt: lastChecked
}
}
})
if (referral) {
return true
}
}
2023-02-01 14:44:35 +00:00
if (user.noteCowboyHat) {
const streak = await models.streak.findFirst({
where: {
userId: me.id,
updatedAt: {
gt: lastChecked
}
}
})
if (streak) {
return true
}
}
return false
},
2022-10-25 17:13:06 +00:00
searchUsers: async (parent, { q, limit, similarity }, { models }) => {
2022-08-26 22:20:09 +00:00
return await models.$queryRaw`
2022-10-25 17:13:06 +00:00
SELECT * FROM users where id > 615 AND SIMILARITY(name, ${q}) > ${Number(similarity) || 0.1} ORDER BY SIMILARITY(name, ${q}) DESC LIMIT ${Number(limit) || 5}`
2021-05-21 22:32:21 +00:00
}
2021-03-25 19:29:24 +00:00
},
2021-05-22 00:09:11 +00:00
Mutation: {
2023-02-08 19:38:04 +00:00
setName: async (parent, data, { me, models }) => {
2021-05-22 00:09:11 +00:00
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2021-05-22 00:09:11 +00:00
}
2023-02-08 19:38:04 +00:00
await ssValidate(userSchema, data, models)
2022-08-26 22:26:42 +00:00
2021-05-22 00:09:11 +00:00
try {
2023-02-08 19:38:04 +00:00
await models.user.update({ where: { id: me.id }, data })
return data.name
2021-05-22 00:09:11 +00:00
} catch (error) {
if (error.code === 'P2002') {
throw new GraphQLError('name taken', { extensions: { code: 'BAD_INPUT' } })
2021-05-22 00:09:11 +00:00
}
throw error
}
2021-09-23 17:42:00 +00:00
},
2023-01-07 00:53:09 +00:00
setSettings: async (parent, { nostrRelays, ...data }, { me, models }) => {
2021-10-30 16:20:11 +00:00
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2021-10-30 16:20:11 +00:00
}
2023-02-08 19:38:04 +00:00
await ssValidate(settingsSchema, { nostrRelays, ...data })
2023-01-07 00:53:09 +00:00
if (nostrRelays?.length) {
const connectOrCreate = []
for (const nr of nostrRelays) {
await models.nostrRelay.upsert({
where: { addr: nr },
update: { addr: nr },
create: { addr: nr }
})
connectOrCreate.push({
where: { userId_nostrRelayAddr: { userId: me.id, nostrRelayAddr: nr } },
create: { nostrRelayAddr: nr }
})
}
return await models.user.update({ where: { id: me.id }, data: { ...data, nostrRelays: { deleteMany: {}, connectOrCreate } } })
} else {
return await models.user.update({ where: { id: me.id }, data: { ...data, nostrRelays: { deleteMany: {} } } })
}
2021-10-30 16:20:11 +00:00
},
2021-12-09 20:40:40 +00:00
setWalkthrough: async (parent, { upvotePopover, tipPopover }, { me, models }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2021-12-09 20:40:40 +00:00
}
await models.user.update({ where: { id: me.id }, data: { upvotePopover, tipPopover } })
return true
},
2022-05-16 20:51:22 +00:00
setPhoto: async (parent, { photoId }, { me, models }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2022-05-16 20:51:22 +00:00
}
await models.user.update({
where: { id: me.id },
data: { photoId: Number(photoId) }
})
return Number(photoId)
},
2021-09-24 21:28:21 +00:00
upsertBio: async (parent, { bio }, { me, models }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2021-09-24 21:28:21 +00:00
}
2023-02-08 19:38:04 +00:00
await ssValidate(bioSchema, { bio })
2021-09-24 21:28:21 +00:00
const user = await models.user.findUnique({ where: { id: me.id } })
if (user.bioId) {
2023-08-27 22:48:46 +00:00
await updateItem(parent, { id: user.bioId, text: bio, title: `@${user.name}'s bio` }, { me, models })
2021-09-24 21:28:21 +00:00
} else {
2023-08-27 22:48:46 +00:00
await createItem(parent, { bio: true, text: bio, title: `@${user.name}'s bio` }, { me, models })
2022-08-18 18:15:24 +00:00
}
2021-09-24 21:28:21 +00:00
return await models.user.findUnique({ where: { id: me.id } })
2022-06-02 22:55:23 +00:00
},
unlinkAuth: async (parent, { authType }, { models, me }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2022-06-02 22:55:23 +00:00
}
2023-01-18 18:49:20 +00:00
let user
2022-06-02 22:55:23 +00:00
if (authType === 'twitter' || authType === 'github') {
2023-01-18 18:49:20 +00:00
user = await models.user.findUnique({ where: { id: me.id } })
const account = await models.account.findFirst({ where: { userId: me.id, provider: authType } })
2022-06-02 22:55:23 +00:00
if (!account) {
throw new GraphQLError('no such account', { extensions: { code: 'BAD_INPUT' } })
2022-06-02 22:55:23 +00:00
}
await models.account.delete({ where: { id: account.id } })
2023-01-18 18:49:20 +00:00
} else if (authType === 'lightning') {
user = await models.user.update({ where: { id: me.id }, data: { pubkey: null } })
} else if (authType === 'nostr') {
user = await models.user.update({ where: { id: me.id }, data: { nostrAuthPubkey: null } })
2023-01-18 18:49:20 +00:00
} else if (authType === 'email') {
user = await models.user.update({ where: { id: me.id }, data: { email: null, emailVerified: null } })
} else {
throw new GraphQLError('no such account', { extensions: { code: 'BAD_INPUT' } })
2022-06-02 22:55:23 +00:00
}
2023-01-18 18:49:20 +00:00
return await authMethods(user, undefined, { models, me })
2022-06-02 22:55:23 +00:00
},
linkUnverifiedEmail: async (parent, { email }, { models, me }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
2022-06-02 22:55:23 +00:00
}
2023-02-08 19:38:04 +00:00
await ssValidate(emailSchema, { email })
2022-06-02 22:55:23 +00:00
try {
2022-09-12 19:10:15 +00:00
await models.user.update({
where: { id: me.id },
data: { email: email.toLowerCase() }
})
2022-06-02 22:55:23 +00:00
} catch (error) {
if (error.code === 'P2002') {
throw new GraphQLError('email taken', { extensions: { code: 'BAD_INPUT' } })
2022-06-02 22:55:23 +00:00
}
throw error
}
return true
},
subscribeUser: async (parent, { id }, { me, models }) => {
const data = { followerId: Number(me.id), followeeId: Number(id) }
const old = await models.userSubscription.findUnique({ where: { followerId_followeeId: data } })
if (old) {
await models.userSubscription.delete({ where: { followerId_followeeId: data } })
} else {
await models.userSubscription.create({ data })
}
return { id }
},
hideWelcomeBanner: async (parent, data, { me, models }) => {
if (!me) {
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
}
await models.user.update({ where: { id: me.id }, data: { hideWelcomeBanner: true } })
return true
2021-09-24 21:28:21 +00:00
}
2021-05-22 00:09:11 +00:00
},
2021-03-25 19:29:24 +00:00
User: {
2022-06-02 22:55:23 +00:00
authMethods,
2023-06-03 00:55:45 +00:00
since: async (user, args, { models }) => {
// get the user's first item
const item = await models.item.findFirst({
where: {
userId: user.id
},
orderBy: {
createdAt: 'asc'
}
})
return item?.id
},
maxStreak: async (user, args, { models }) => {
const [{ max }] = await models.$queryRaw`
SELECT MAX(COALESCE("endedAt", (now() AT TIME ZONE 'America/Chicago')::date) - "startedAt")
FROM "Streak" WHERE "userId" = ${user.id}`
return max
},
2022-10-26 14:56:22 +00:00
nitems: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.nitems !== 'undefined') {
2022-10-25 21:35:32 +00:00
return user.nitems
}
return await models.item.count({
where: {
userId: user.id,
createdAt: {
gte: withinDate(when)
}
}
})
},
nposts: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.nposts !== 'undefined') {
return user.nposts
}
2022-10-26 14:56:22 +00:00
return await models.item.count({
where: {
userId: user.id,
parentId: null,
createdAt: {
gte: withinDate(when)
}
}
})
2021-04-22 22:14:32 +00:00
},
2022-10-26 14:56:22 +00:00
ncomments: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.ncomments !== 'undefined') {
2022-10-25 21:35:32 +00:00
return user.ncomments
}
2022-10-26 14:56:22 +00:00
return await models.item.count({
where: {
userId: user.id,
parentId: { not: null },
createdAt: {
gte: withinDate(when)
}
}
})
2021-04-22 22:14:32 +00:00
},
nbookmarks: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.nBookmarks !== 'undefined') {
return user.nBookmarks
}
return await models.bookmark.count({
where: {
userId: user.id,
createdAt: {
gte: withinDate(when)
}
}
})
},
2022-10-26 14:56:22 +00:00
stacked: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.stacked !== 'undefined') {
2021-12-17 00:01:02 +00:00
return user.stacked
}
2022-03-17 20:13:19 +00:00
if (!when || when === 'forever') {
2022-10-26 14:56:22 +00:00
// forever
2022-11-15 20:51:55 +00:00
return (user.stackedMsats && msatsToSats(user.stackedMsats)) || 0
} else if (when === 'day') {
2023-07-26 16:01:31 +00:00
const [{ stacked }] = await models.$queryRawUnsafe(`
2022-10-26 14:56:22 +00:00
SELECT sum(amount) as stacked
FROM
2022-12-19 23:00:53 +00:00
((SELECT coalesce(sum("ItemAct".msats),0) as amount
2022-10-26 14:56:22 +00:00
FROM "ItemAct"
JOIN "Item" on "ItemAct"."itemId" = "Item".id
WHERE act <> 'BOOST' AND "ItemAct"."userId" <> $2 AND "Item"."userId" = $2
AND "ItemAct".created_at >= $1)
UNION ALL
2022-12-19 23:00:53 +00:00
(SELECT coalesce(sum("ReferralAct".msats),0) as amount
FROM "ReferralAct"
WHERE "ReferralAct".msats > 0 AND "ReferralAct"."referrerId" = $2
AND "ReferralAct".created_at >= $1)
UNION ALL
(SELECT coalesce(sum("Earn".msats), 0) as amount
2022-10-26 14:56:22 +00:00
FROM "Earn"
WHERE "Earn".msats > 0 AND "Earn"."userId" = $2
AND "Earn".created_at >= $1)) u`, withinDate(when), Number(user.id))
2022-11-15 20:51:55 +00:00
return (stacked && msatsToSats(stacked)) || 0
2022-10-26 14:56:22 +00:00
}
return 0
2021-04-27 21:30:58 +00:00
},
2022-10-26 14:56:22 +00:00
spent: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.spent !== 'undefined') {
2022-10-25 21:35:32 +00:00
return user.spent
}
2023-07-26 16:01:31 +00:00
const { _sum: { msats } } = await models.itemAct.aggregate({
_sum: {
2022-11-15 20:51:55 +00:00
msats: true
2022-10-25 17:13:06 +00:00
},
where: {
2022-10-26 14:56:22 +00:00
userId: user.id,
createdAt: {
gte: withinDate(when)
}
2022-10-25 17:13:06 +00:00
}
})
2022-11-15 20:51:55 +00:00
return (msats && msatsToSats(msats)) || 0
2022-10-25 17:13:06 +00:00
},
2022-12-19 23:00:53 +00:00
referrals: async (user, { when }, { models }) => {
2023-07-27 00:18:42 +00:00
if (typeof user.referrals !== 'undefined') {
return user.referrals
}
2023-07-27 00:18:42 +00:00
2022-12-19 23:00:53 +00:00
return await models.user.count({
where: {
referrerId: user.id,
createdAt: {
gte: withinDate(when)
}
}
})
},
sats: async (user, args, { models, me }) => {
if (me?.id !== user.id) {
return 0
}
2022-11-15 20:51:55 +00:00
return msatsToSats(user.msats)
2021-06-24 23:56:01 +00:00
},
2023-05-07 20:21:58 +00:00
bio: async (user, args, { models, me }) => {
return getItem(user, { id: user.bioId }, { models, me })
2021-09-23 17:42:00 +00:00
},
2021-10-15 23:07:51 +00:00
hasInvites: async (user, args, { models }) => {
const invites = await models.user.findUnique({
where: { id: user.id }
}).invites({ take: 1 })
return invites.length > 0
2023-01-07 00:53:09 +00:00
},
nostrRelays: async (user, args, { models }) => {
const relays = await models.userNostrRelay.findMany({
where: { userId: user.id }
})
return relays?.map(r => r.nostrRelayAddr)
},
meSubscription: async (user, args, { me, models }) => {
if (!me) return false
if (typeof user.meSubscription !== 'undefined') return user.meSubscription
const subscription = await models.userSubscription.findUnique({
where: {
followerId_followeeId: {
followerId: Number(me.id),
followeeId: Number(user.id)
}
}
})
return !!subscription
2021-05-11 15:52:50 +00:00
}
2021-03-25 19:29:24 +00:00
}
}