From 91c737c907f174b5252877876126a8b81e6cb831 Mon Sep 17 00:00:00 2001
From: Pinapelz <yukais@pinapelz.com>
Date: Fri, 7 Nov 2025 22:46:34 -0800
Subject: add support to limit registration to invite codes

---
 backend/schema.prisma        |  6 ++++++
 backend/src/index.ts         |  3 +++
 backend/src/routes/auth.ts   | 22 +++++++++++++++++++++-
 backend/src/routes/server.ts | 36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 backend/src/routes/server.ts

(limited to 'backend')

diff --git a/backend/schema.prisma b/backend/schema.prisma
index fbc2f90..26f57dd 100644
--- a/backend/schema.prisma
+++ b/backend/schema.prisma
@@ -55,3 +55,9 @@ model Charts {
   game   Game   @relation(fields: [gameInternalName], references: [internalName])
   scores Score[]
 }
+
+model InviteCodes {
+  id              Int       @id @default(autoincrement())
+  code            String    @unique
+  remaining       Int
+}
diff --git a/backend/src/index.ts b/backend/src/index.ts
index c0089c2..9511f28 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -11,6 +11,7 @@ import * as userRoutes from './routes/user';
 import * as gameRoutes from './routes/game';
 import * as scoreRoutes from './routes/score';
 import * as adminRoutes from './routes/admin';
+import * as serverRoutes from './routes/server';
 
 const app = express();
 const port = 5000;
@@ -48,6 +49,8 @@ startSessionCleanup();
 app.post('/api/register', authRoutes.handleRegistration);
 app.post('/api/authenticate', authRoutes.handleAuthentication);
 app.post('/api/logout', requireAuth, authRoutes.handleLogout);
+app.get('/api/info', serverRoutes.handleGetInstanceInfo);
+app.post('/api/admin/createInvite', serverRoutes.handleCreateInviteCode);
 
 app.get('/api/me', userRoutes.handleMeRoute);
 app.get('/api/session', userRoutes.handleGetCurrentSession);
diff --git a/backend/src/routes/auth.ts b/backend/src/routes/auth.ts
index f857dea..8bc6274 100644
--- a/backend/src/routes/auth.ts
+++ b/backend/src/routes/auth.ts
@@ -6,12 +6,24 @@ import crypto from 'crypto';
 
 export const handleRegistration = async (req: express.Request, res: express.Response) => {
   try {
-    const { username, password, email } = req.body;
+    const { username, password, email, code: inviteCode } = req.body;
+    const requireInvite = process.env.REQUIRE_INVITE === 'true';
 
     if (!username || !password || !email) {
       return res.status(400).json({ error: 'All fields are required' });
     }
 
+    if (requireInvite && !inviteCode) {
+      return res.status(400).json({ error: 'Invite code is required' });
+    }
+
+    if (requireInvite && inviteCode) {
+      const invite = await prisma.inviteCodes.findUnique({ where: { code: inviteCode } });
+      if (!invite || invite.remaining <= 0) {
+        return res.status(400).json({ error: 'Invalid invite code' });
+      }
+    }
+
     const existingUser = await prisma.user.findFirst({
       where: {
         OR: [
@@ -38,6 +50,14 @@ export const handleRegistration = async (req: express.Request, res: express.Resp
       }
     });
 
+    // Decrement invite code usage if required
+    if (requireInvite && inviteCode) {
+      await prisma.inviteCodes.update({
+        where: { code: inviteCode },
+        data: { remaining: { decrement: 1 } }
+      });
+    }
+
     // Create session for the new user
     req.session.userId = user.id;
     const sessionId = await createSession(user.id);
diff --git a/backend/src/routes/server.ts b/backend/src/routes/server.ts
new file mode 100644
index 0000000..7377fff
--- /dev/null
+++ b/backend/src/routes/server.ts
@@ -0,0 +1,36 @@
+import { prisma } from '../config/db';
+import express from 'express';
+
+export const handleGetInstanceInfo = async (req: express.Request, res: express.Response) => {
+  try {
+    const userCount = await prisma.user.count();
+    const requireInvite = process.env.REQUIRE_INVITE || false;
+    return res.status(200).json({ userCount, requireInvite });
+  } catch (error) {
+    console.error('Unable to get instance info:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+}
+
+export const handleCreateInviteCode = async (req: express.Request, res: express.Response) => {
+  try {
+    const { uses, code } = req.body;
+    if (!uses) {
+      return res.status(400).json({ error: 'Missing required parameter: uses (number of maximum usages of this code)' });
+    }
+    const codeAlreadyExists = await prisma.inviteCodes.findUnique({ where: { code } });
+    if (codeAlreadyExists) {
+      return res.status(400).json({ error: 'Invite code already exists' });
+    }
+    const inviteCode = await prisma.inviteCodes.create({
+      data: {
+        code: code || Math.random().toString(36).substring(2, 15),
+        remaining: uses,
+      },
+    });
+    return res.status(200).json({ inviteCode });
+  } catch (error) {
+    console.error('Unable to create invite code:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+}
-- 
cgit v1.2.3