Val Town Code SearchReturn to Val Town

83| `/api/v1/tour/{id}` | GET | Displays tour information. <br> Justification: This is the entry point for a user. Critically, it also establishes a secure, temporary session context for the browser before any payment action is taken. | 1. HTTP Security Headers: Enforces HSTS and CSP to protect the transport layer. <br> 2. Secure Cookie Seeding: Sets the SESSION (httpOnly) and XSRF-TOKEN cookies to prepare for CSRF protection on subsequent requests. | Seeds a stateful, CSRF-protected tab before any POST; Turnstile token will be needed for nonce |
84| `/api/v1/create-nonce` | POST | Issues a single-use, 60-second "permission slip" (nonce). <br> Justification: This acts as the primary security gate. It performs all the "heavy" validation to ensure a request is from a legitimate user, preventing bots from proceeding to the more sensitive fingerprint generation step. | 1. CSRF Protection: Validates the X-XSRF-TOKEN header against the SESSION cookie. <br> 2. Bot Detection: Verifies the cfToken from Cloudflare Turnstile. <br> 3. **Honeypot Detection**: Validates email_verify field contains exact 🍯 emoji. <br> 4. Rate Limiting: Applies strict IP-based limits to prevent abuse. <br> 5. **Debug Integration**: All security checks logged with correlation IDs. | Prevents bots, CSRF, honeypot traps, and brute-force; nonce limits replay window; debug provides security visibility |
85| `/api/v1/payment/exchange-nonce` | POST | Consumes a valid nonce to generate the final SHA3-512 payment fingerprint. <br> Justification: This isolates the final cryptographic step. By requiring a valid nonce, it ensures that server secrets (username/password) are only used after a request has passed all prior security checks. | 1. Nonce Validation: Checks that the provided nonce from the X-Payment-Nonce header exists, has not expired, and has not been used. <br> 2. Atomic Consumption: Uses a single database UPDATE to mark the nonce as "used", preventing race conditions and replay attacks. | Guarantees exactly one fingerprint per nonce; gateway creds never reach browser |
86| `/api/v1/payment/callback` | POST (Zenpay → server) | Receives the server-to-server payment status confirmation from the Zenpay gateway. <br> Justification: This provides a secure, out-of-band channel to learn the transaction outcome. Since it comes directly from the gateway's server, it is the definitive source of truth and cannot be spoofed by a malicious client. | 1. Callback Authentication: Verifies the ValidationCode sent by Zenpay. The server re-computes the expected SHA3-512 hash and rejects the callback if it doesn't match, preventing fraudulent or tampered-with status updates. | Authenticates callback without custom HMAC; thwarts spoof/replay |
87
116
117- **Creation:** A cryptographically random nonce is created only after all Layer 2 and 3 checks pass.
118- **60-Second TTL:** The nonce is stored in the database with an `expires_at` timestamp set to 60 seconds in the future.
119- **Atomic Consumption:** The server uses a single `UPDATE ... SET used=1 WHERE nonce=? AND used=0` query to validate and consume the nonce in one step, preventing race conditions.
120

50
51* **Platform:** The application is deployed on Val Town, a serverless Deno environment.
52* **Database:** The primary data store is SQLite.
53
54## 4. Requirements for a Successful Solution

65
66    subgraph "Data & External Services"
67        Database[(SQLite Database)]
68        Env[Environment Config]
69        Zenpay[Zenpay Gateway]
101    SessionLifecycle --> MemoryCleanup
102
103    NonceService --> Database
104    TokenService --> Database
105    PaymentService --> Env
106    PaymentService --> Zenpay
245- Generates cryptographically random nonces
246- Enforces strict 60-second TTL
247- Ensures single-use via atomic database updates
248- Binds nonces to user IP addresses
249- **NEW:** Debug logging for nonce generation and consumption
273## 4. Data Layer
274
275### 4.1. Database Schema
276
277Enhanced schema supporting debug infrastructure:
489- **Log File Management:** Automatic cleanup on server restart
490
491### 7.2. Database Performance
492
493- **WAL Mode:** Enables concurrent reads/writes for nonce table
508- Main entry point: `default app.fetch` export
509- Environment variable configuration
510- SQLite database with WAL mode
511- Debug log management
512

49  }
50
51  // Initialize database tables - let errors bubble up
52  await initializeTables();
53

27    └── address-cache.ts    # Val Town blob storage cache
28
29database/
30└── database-schema.sql # SQLite schema and indexes
31
32docs/
44│   ├── handle-resolver.test.ts
45│   ├── address-cache.test.ts
46│   ├── database.test.ts
47│   └── spatial.test.ts
48├── integration/       # Integration tests for API endpoints
82```
83
84> **Note**: No manual database setup required! Tables are created automatically
85> when functions first run.
86
136**[📖 API Documentation](docs/api-documentation.md)**
137
138## 📊 Database Schema
139
140The system uses 4 main SQLite tables:

118async function resolveAddressRecord(uri: string): Promise<any> {
119  try {
120    // Parse AT URI: at://did:plc:venue-database/community.lexicon.location.address/cafe-de-plek
121    const parts = uri.replace("at://", "").split("/");
122

1// @val-town backfillCheckins
2// One-time script to backfill existing check-ins into the database
3import { sqlite } from "https://esm.town/v/stevekrouse/sqlite";
4

12  try {
13    // Check current stats
14    console.log("📊 Current Database Stats:");
15    const statsResponse = await fetch(`${ANCHOR_APPVIEW}/stats`);
16    if (statsResponse.ok) {
20      // Analyze the stats
21      if (stats.totalCheckins === 0) {
22        console.log("\n❌ No check-ins found in database");
23        console.log("This means either:");
24        console.log("  1. Jetstream poller hasn't run yet");

1#!/usr/bin/env node
2/**
3 * Backfill existing check-ins from PDS into the feed generator database
4 * This script fetches existing check-ins and processes them as if they came through Jetstream
5 */
38}
39
40async function importCheckinToDatabase(record: ATProtoRecord): Promise<boolean> {
41  // Extract the rkey from the URI
42  const uriParts = record.uri.split('/');
56  console.log(`📍 Importing check-in: "${checkinData.text || 'No message'}" (${rkey})`);
57  
58  // Simulate the database insert that the Jetstream poller would do
59  const importData = {
60    id: rkey,
70  };
71
72  // Since we can't directly access the Val Town SQLite database from here,
73  // we'll create the SQL statements that would need to be run
74  const insertSQL = `
108  const scriptContent = `
109// @val-town backfillCheckins
110// One-time script to backfill existing check-ins into the database
111import { sqlite } from "https://esm.town/v/stevekrouse/sqlite";
112
305    const record = checkins[i];
306    console.log(`📍 Processing check-in ${i + 1}/${checkins.length}:`);
307    await importCheckinToDatabase(record);
308  }
309
313  console.log("📋 Summary:");
314  console.log(`   Check-ins found: ${checkins.length}`);
315  console.log(`   Ready for import to Val Town database`);
316  console.log();
317  console.log("🎯 Next steps:");
318  console.log("1. Deploy the generated backfill script to Val Town");
319  console.log("2. Run it once to populate the database");
320  console.log("3. Check the dashboard - should show your data!");
321  console.log("4. Future check-ins will be captured automatically by Jetstream");

rust-nyc-talk-submissionsindex.ts10 matches

@colel•Updated 4 days ago

10});
11
12// Database setup
13const TABLE_NAME = "talk_submissions_3"; // Updated table name for new schema with submitter_name
14
15// Initialize database
16async function initDatabase() {
17  console.log(`💾 [DB] Initializing database table: ${TABLE_NAME}`);
18  await sqlite.execute(`CREATE TABLE IF NOT EXISTS ${TABLE_NAME} (
19    id INTEGER PRIMARY KEY AUTOINCREMENT,
26    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
27  )`);
28  console.log(`✅ [DB] Database initialization complete`);
29}
30
64
65// Initialize DB and check environment on startup
66await initDatabase();
67const discordConfigured = checkDiscordEnvironment();
68console.log(`🚀 [System] Talk submission system ready! Discord: ${discordConfigured ? "Enabled" : "Placeholder mode"}`);
109    }
110
111    console.log(`💾 [API] Inserting submission into database`);
112
113    // Insert submission into database
114    const result = await sqlite.execute(
115      `INSERT INTO ${TABLE_NAME} (speaker_name, talk_context, is_on_behalf, submitter_name) VALUES (?, ?, ?, ?)`,
118
119    const submissionId = Number(result.lastInsertRowid);
120    console.log(`✅ [API] Database insertion successful, submission ID: ${submissionId}`);
121
122    // Discord integration workflow
135    await postToOrganizersChannel(speakerName, talkContext, isOnBehalf, submitterName, discordChannelId);
136
137    console.log(`💾 [API] Updating database with Discord information`);
138
139    // Update submission with Discord info