Merge pull request #61 from DataScience-GT/refactor/routes

Refactor/routes

Author: aamoghS

.env.cloudrun.example

@@ -56,3 +56,4 @@ migrations/
 .claude/settings.local.json
 packages/db/scripts/seed.ts
 packages/db/scripts/seed2.ts
+scripts/seed-stripe.ts

.env.example

@@ -29,5 +29,13 @@ env:
     secret: AUTH_GOOGLE_SECRET
   - variable: AUTH_URL
     value: https://query--dsgt-website.us-east4.hosted.app
+    # Stripe Configuration
+  - variable: STRIPE_SECRET_KEY
+    # Project Number identifier (safe to commit) used for robust resolution
+    secret: projects/672446353769/secrets/STRIPE_SECRET_KEY
+  - variable: NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY
+    secret: projects/672446353769/secrets/NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY
+  - variable: STRIPE_WEBHOOK_SECRET
+    secret: projects/672446353769/secrets/STRIPE_WEBHOOK_SECRET
   - variable: NODE_ENV
     value: production

.gitignore

@@ -23,12 +23,14 @@
     "typecheck": "turbo run typecheck"
   },
   "dependencies": {
+    "@query/db": "workspace:*",
     "@tanstack/react-router": "^1.141.2",
     "autoprefixer": "^10.4.22",
     "chart.js": "^4.5.1",
+    "csv-parse": "^6.1.0",
     "minimatch": "^10.1.1",
-    "postcss": "^8.5.6",
     "next": "^16.0.0",
+    "postcss": "^8.5.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },

apphosting.yaml

@@ -260,11 +260,66 @@ export type SecurityEvent = {
 const securityLog: SecurityEvent[] = [];
 const MAX_LOG_SIZE = 1000;
 
+import { db, auditLogs } from "@query/db";
+
+const flushQueue: Omit<SecurityEvent, 'timestamp'>[] = [];
+const FLUSH_INTERVAL = 5000;
+const MAX_BATCH_SIZE = 50;
+let flushTimer: NodeJS.Timeout | null = null;
+
+async function flushLogs() {
+  if (flushQueue.length === 0) return;
+
+  const batch = flushQueue.splice(0, MAX_BATCH_SIZE);
+
+  if (!db) {
+    console.warn(`[Security] DB unavailable, dropping ${batch.length} logs`);
+    return;
+  }
+
+  try {
+    const values = batch.map(event => {
+      const safeDetails = event.details ? event.details.replace(/(password|token|secret)=[^&]*/gi, '$1=***') : undefined;
+      const severity = event.type === 'injection_attempt' ? 'critical' :
+        event.type === 'auth_failure' ? 'warn' : 'info';
+
+      return {
+        action: event.type,
+        userId: event.identifier.startsWith('user:') ? event.identifier.split(':')[1] : null,
+        resourceId: event.identifier,
+        metadata: { details: safeDetails },
+        severity,
+      };
+    });
+
+    await db.insert(auditLogs).values(values);
+  } catch (err) {
+    console.error(`[Security] Failed to flush ${batch.length} logs:`, err);
+    // In a real system, might want to re-queue, but for now we drop to avoid endless growth
+  }
+}
+
+// Start flush timer
+if (!flushTimer) {
+  flushTimer = setInterval(() => {
+    void flushLogs();
+  }, FLUSH_INTERVAL);
+}
+
 export function logSecurityEvent(event: Omit<SecurityEvent, 'timestamp'>) {
+  // Keep in-memory for immediate/short-term checks
   securityLog.push({ ...event, timestamp: Date.now() });
   if (securityLog.length > MAX_LOG_SIZE) {
     securityLog.shift();
   }
+
+  // Queue for DB persistence
+  flushQueue.push(event);
+
+  // Instant flush if critical or queue full
+  if (event.type === 'injection_attempt' || flushQueue.length >= MAX_BATCH_SIZE) {
+    void flushLogs();
+  }
 }
 
 export function getRecentSecurityEvents(minutes: number = 60): SecurityEvent[] {

package.json

@@ -7,6 +7,7 @@ import { hackathonRouter } from "./routers/hackathon";
 import { eventRouter } from "./routers/events";
 import { judgeRouter } from "./routers/judge";
 import { stripeRouter } from "./routers/stripe";
+import { auditRouter } from "./routers/audit";
 
 export const appRouter = createTRPCRouter({
   hello: helloRouter,
@@ -17,6 +18,7 @@ export const appRouter = createTRPCRouter({
   events: eventRouter,
   judge: judgeRouter,
   stripe: stripeRouter,
+  audit: auditRouter,
 });
 
 export type AppRouter = typeof appRouter;

packages/api/src/middleware/security.ts

@@ -35,6 +35,10 @@ export const adminRouter = createTRPCRouter({
   }),
 
   list: isAdmin.query(async ({ ctx }) => {
+    const cacheKey = `admins:list`;
+    const cached = ctx.cache.get<typeof allAdmins>(cacheKey);
+    if (cached) return cached;
+
     const allAdmins = await ctx.db!.query.admins.findMany({
       with: {
         user: {
@@ -50,6 +54,8 @@ export const adminRouter = createTRPCRouter({
       limit: 100,
     });
 
+    ctx.cache.set(cacheKey, allAdmins, 60);
+
     return allAdmins;
   }),
 

packages/api/src/root.ts

@@ -0,0 +1,47 @@
+import { z } from "zod";
+import { createTRPCRouter } from "../trpc";
+import { auditLogs, securitySeverityEnum } from "@query/db";
+import { isAdmin } from "../middleware/procedures";
+import { desc, eq, and, sql } from "drizzle-orm";
+
+export const auditRouter = createTRPCRouter({
+    list: isAdmin
+        .input(
+            z.object({
+                limit: z.number().min(1).max(100).default(50),
+                offset: z.number().min(0).default(0),
+                severity: z.enum(["info", "warn", "critical"]).optional(),
+                userId: z.string().optional(),
+            })
+        )
+        .query(async ({ ctx, input }) => {
+            const filters = and(
+                input.severity ? eq(auditLogs.severity, input.severity) : undefined,
+                input.userId ? eq(auditLogs.userId, input.userId) : undefined
+            );
+
+            const logs = await ctx.db!.query.auditLogs.findMany({
+                where: filters,
+                orderBy: [desc(auditLogs.createdAt)],
+                limit: input.limit,
+                offset: input.offset,
+            });
+
+            const totalResult = await ctx.db!
+                .select({ count: sql<number>`count(*)` })
+                .from(auditLogs)
+                .where(filters);
+
+            const total = Number(totalResult[0]?.count || 0);
+
+            return {
+                logs,
+                pagination: {
+                    total,
+                    limit: input.limit,
+                    offset: input.offset,
+                    hasMore: input.offset + input.limit < total,
+                }
+            };
+        }),
+});

packages/api/src/routers/admin.ts

@@ -261,6 +261,10 @@ export const hackathonRouter = createTRPCRouter({
   participants: publicProcedure
     .input(z.object({ hackathonId: z.string().uuid("Invalid hackathon ID") }))
     .query(async ({ ctx, input }) => {
+      const cacheKey = `hackathon:${input.hackathonId}:participants`;
+      const cached = ctx.cache.get<typeof participants>(cacheKey);
+      if (cached) return cached;
+
       const participants = await ctx.db!.query.hackathonParticipants.findMany({
         where: eq(hackathonParticipants.hackathonId, input.hackathonId),
         with: {
@@ -275,6 +279,8 @@ export const hackathonRouter = createTRPCRouter({
         },
       });
 
+      ctx.cache.set(cacheKey, participants, 60);
+
       return participants;
     }),
 
@@ -341,6 +347,10 @@ export const hackathonRouter = createTRPCRouter({
   projects: publicProcedure
     .input(z.object({ hackathonId: z.string().uuid("Invalid hackathon ID") }))
     .query(async ({ ctx, input }) => {
+      const cacheKey = `hackathon:${input.hackathonId}:projects`;
+      const cached = ctx.cache.get<typeof projects>(cacheKey);
+      if (cached) return cached;
+
       const projects = await ctx.db!.query.hackathonProjects.findMany({
         where: eq(hackathonProjects.hackathonId, input.hackathonId),
         with: {
@@ -363,6 +373,8 @@ export const hackathonRouter = createTRPCRouter({
         orderBy: (hackathonProjects, { desc }) => [desc(hackathonProjects.submittedAt)],
       });
 
+      ctx.cache.set(cacheKey, projects, 120);
+
       return projects;
     }),
 });