fix: prevent scroll-to-top on plan buttons + optimize aurora orbs rendering

Author: Manuel

api/dist/config/chains.d.ts

@@ -0,0 +1,9 @@
+export type ChainConfig = {
+    name: string;
+    chainId: number;
+    rpc: string;
+    explorer: string;
+    contract: string;
+};
+export declare function loadChains(): Record<number, ChainConfig>;
+export declare function getChain(chainId: number): ChainConfig | undefined;

api/dist/config/chains.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadChains = loadChains;
+exports.getChain = getChain;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+let cached = null;
+function loadChains() {
+    if (cached)
+        return cached;
+    const jsonPath = path_1.default.join(__dirname, '../../config/chains.json');
+    const raw = fs_1.default.readFileSync(jsonPath, 'utf-8');
+    const entries = JSON.parse(raw);
+    const result = {};
+    for (const entry of entries) {
+        const rpc = process.env[entry.rpcEnv] || entry.defaultRpc;
+        const contract = process.env[entry.contractEnv] || entry.contract;
+        result[entry.chainId] = {
+            name: entry.name,
+            chainId: entry.chainId,
+            rpc,
+            explorer: entry.explorer,
+            contract
+        };
+    }
+    cached = result;
+    return result;
+}
+function getChain(chainId) {
+    const chains = loadChains();
+    return chains[chainId];
+}

api/dist/index.d.ts

@@ -0,0 +1,2 @@
+declare const app: import("express-serve-static-core").Express;
+export default app;

api/dist/index.js

@@ -0,0 +1,123 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = __importDefault(require("express"));
+const cors_1 = __importDefault(require("cors"));
+const helmet_1 = __importDefault(require("helmet"));
+const morgan_1 = __importDefault(require("morgan"));
+const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
+const dotenv_1 = __importDefault(require("dotenv"));
+const auth_1 = require("./routes/auth");
+const transfer_1 = require("./routes/transfer");
+const webhook_1 = require("./routes/webhook");
+const admin_1 = require("./routes/admin");
+const usecases_1 = require("./routes/usecases");
+const billing_1 = require("./routes/billing");
+const apiKey_1 = require("./middleware/apiKey");
+const hmac_1 = require("./middleware/hmac");
+const errorHandler_1 = require("./middleware/errorHandler");
+dotenv_1.default.config();
+const app = (0, express_1.default)();
+const PORT = process.env.PORT || 3000;
+// Security middleware
+app.use((0, helmet_1.default)({
+    contentSecurityPolicy: {
+        directives: {
+            defaultSrc: ["'self'"],
+            scriptSrc: ["'self'"],
+            styleSrc: ["'self'", "'unsafe-inline'"],
+            connectSrc: ["'self'"],
+            frameAncestors: ["'none'"]
+        }
+    },
+    hsts: { maxAge: 31536000, includeSubDomains: true, preload: true },
+    referrerPolicy: { policy: 'strict-origin-when-cross-origin' }
+}));
+const allowedOrigins = (process.env.ALLOWED_ORIGINS || '').split(',').filter(o => o && o !== '*');
+app.use((0, cors_1.default)({
+    origin: allowedOrigins.length > 0 ? allowedOrigins : (process.env.NODE_ENV === 'production' ? false : true),
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'x-reverso-signature', 'x-reverso-timestamp', 'x-reverso-nonce']
+}));
+app.use((0, morgan_1.default)('combined'));
+// Raw body for Stripe webhook signature verification
+app.use('/api/v1/billing/webhook', express_1.default.raw({ type: 'application/json', limit: '1mb' }), (req, _res, next) => {
+    req.rawBody = req.body;
+    req.body = JSON.parse(req.body.toString());
+    next();
+});
+app.use(express_1.default.json({ limit: '10mb' }));
+// Global rate limit
+const globalLimiter = (0, express_rate_limit_1.default)({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 1000, // max 1000 requests per 15 min
+    message: { error: 'Too many requests, please try again later' }
+});
+app.use(globalLimiter);
+// Health check (no auth)
+app.get('/health', (req, res) => {
+    res.json({
+        status: 'ok',
+        version: '1.0.0',
+        timestamp: new Date().toISOString()
+    });
+});
+// API Documentation
+app.get('/', (req, res) => {
+    res.json({
+        name: 'REVERSO Enterprise API',
+        version: '1.0.0',
+        documentation: 'https://reverso.one/api',
+        endpoints: {
+            auth: '/api/v1/auth',
+            transfers: '/api/v1/transfers',
+            webhooks: '/api/v1/webhooks',
+            admin: '/api/v1/admin'
+        },
+        plans: {
+            starter: { price: '$99/month', txLimit: 100, features: ['API Access', 'Email Support'] },
+            business: { price: '$499/month', txLimit: -1, features: ['Unlimited TX', 'Dashboard', 'Priority Support'] },
+            enterprise: { price: '$2000/month', txLimit: -1, features: ['White-label', 'SLA', '24/7 Support', 'Custom Integration', 'Usecase APIs'] }
+        }
+    });
+});
+// Public routes
+app.use('/api/v1/auth', auth_1.authRouter);
+app.use('/api/v1/billing', billing_1.billingRouter);
+// Protected routes (require API key + HMAC)
+app.use('/api/v1/transfers', apiKey_1.apiKeyMiddleware, hmac_1.hmacMiddleware, transfer_1.transferRouter);
+app.use('/api/v1/webhooks', apiKey_1.apiKeyMiddleware, hmac_1.hmacMiddleware, webhook_1.webhookRouter);
+app.use('/api/v1/admin', apiKey_1.apiKeyMiddleware, hmac_1.hmacMiddleware, admin_1.adminRouter);
+app.use('/api/v1/usecases', apiKey_1.apiKeyMiddleware, hmac_1.hmacMiddleware, usecases_1.usecaseRouter);
+// Error handling
+app.use(errorHandler_1.errorHandler);
+// 404 handler
+app.use((req, res) => {
+    res.status(404).json({ error: 'Endpoint not found' });
+});
+app.listen(PORT, () => {
+    console.log(`
+╔═══════════════════════════════════════════════════════════╗
+║                                                           ║
+║   🔄 REVERSO Enterprise API v1.0.0                        ║
+║                                                           ║
+║   Server running on port ${PORT}                            ║
+║   Documentation: https://reverso.one/api              ║
+║                                                           ║
+║   Plans:                                                  ║
+║   • Starter:    $99/mo  - 100 tx/month                   ║
+║   • Business:   $499/mo - Unlimited tx                   ║
+║   • Enterprise: $2000/mo - White-label + SLA             ║
+║                                                           ║
+╚═══════════════════════════════════════════════════════════╝
+  `);
+    // Self-ping every 14 minutes to keep Render free tier awake
+    const SELF_URL = process.env.RENDER_EXTERNAL_URL || `http://localhost:${PORT}`;
+    setInterval(() => {
+        fetch(`${SELF_URL}/health`).catch(() => { });
+    }, 14 * 60 * 1000);
+});
+exports.default = app;

api/dist/middleware/apiKey.d.ts

@@ -0,0 +1,29 @@
+import { Request, Response, NextFunction } from 'express';
+import { ApiKey, ApiPlan, PLAN_CONFIG } from '../types';
+export interface AuthenticatedRequest extends Request {
+    apiKey?: ApiKey;
+}
+/**
+ * API Key middleware - validates and tracks usage
+ */
+export declare function apiKeyMiddleware(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise<Response<any, Record<string, any>> | undefined>;
+/**
+ * Increment transaction counter for API key
+ */
+export declare function incrementTxCount(apiKeyId: string): void;
+/**
+ * Create new API key
+ */
+export declare function createApiKey(userId: string, plan: ApiPlan, webhookUrl?: string, allowedOrigins?: string[]): Promise<ApiKey>;
+/**
+ * Get API key by ID
+ */
+export declare function getApiKey(id: string): ApiKey | undefined;
+/**
+ * Revoke API key
+ */
+export declare function revokeApiKey(id: string): boolean;
+/**
+ * Check if plan has feature
+ */
+export declare function hasFeature(plan: ApiPlan, feature: keyof typeof PLAN_CONFIG.starter): boolean;

api/dist/middleware/apiKey.js

@@ -0,0 +1,176 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.apiKeyMiddleware = apiKeyMiddleware;
+exports.incrementTxCount = incrementTxCount;
+exports.createApiKey = createApiKey;
+exports.getApiKey = getApiKey;
+exports.revokeApiKey = revokeApiKey;
+exports.hasFeature = hasFeature;
+const uuid_1 = require("uuid");
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const types_1 = require("../types");
+// In-memory store (replace with MongoDB/PostgreSQL in production)
+const apiKeys = new Map();
+// Simple per-key rate limiter (requests per minute)
+const rateWindows = new Map();
+const REQUESTS_PER_MINUTE = 300; // adjust per plan if needed
+/**
+ * API Key middleware - validates and tracks usage
+ */
+async function apiKeyMiddleware(req, res, next) {
+    try {
+        const authHeader = req.headers.authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            return res.status(401).json({
+                error: 'Missing or invalid API key',
+                code: 'UNAUTHORIZED'
+            });
+        }
+        const apiKeyValue = authHeader.substring(7); // Remove 'Bearer '
+        // Find API key (hash compare only)
+        let foundKey;
+        for (const [, key] of apiKeys) {
+            const isValid = await bcryptjs_1.default.compare(apiKeyValue, key.hashedKey);
+            if (isValid) {
+                foundKey = key;
+                break;
+            }
+        }
+        if (!foundKey) {
+            return res.status(401).json({
+                error: 'Invalid API key',
+                code: 'INVALID_API_KEY'
+            });
+        }
+        if (!foundKey.isActive) {
+            return res.status(403).json({
+                error: 'API key is disabled',
+                code: 'API_KEY_DISABLED'
+            });
+        }
+        if (foundKey.expiresAt < new Date()) {
+            return res.status(403).json({
+                error: 'API key has expired',
+                code: 'API_KEY_EXPIRED'
+            });
+        }
+        // Check rate limit based on plan usage cap
+        const planConfig = types_1.PLAN_CONFIG[foundKey.plan];
+        if (planConfig.txLimit !== -1 && foundKey.txUsed >= planConfig.txLimit) {
+            return res.status(429).json({
+                error: 'Monthly transaction limit exceeded',
+                code: 'TX_LIMIT_EXCEEDED',
+                details: {
+                    plan: foundKey.plan,
+                    limit: planConfig.txLimit,
+                    used: foundKey.txUsed,
+                    upgrade: 'Contact sales@reverso.one to upgrade'
+                }
+            });
+        }
+        // Per-key rate limit (burst control, 1-minute window)
+        const now = Date.now();
+        const windowStart = now - 60_000;
+        const window = rateWindows.get(foundKey.id);
+        if (!window || window.start < windowStart) {
+            rateWindows.set(foundKey.id, { start: now, count: 1 });
+        }
+        else {
+            if (window.count >= REQUESTS_PER_MINUTE) {
+                return res.status(429).json({
+                    error: 'Rate limit exceeded for API key',
+                    code: 'RATE_LIMITED'
+                });
+            }
+            window.count += 1;
+            rateWindows.set(foundKey.id, window);
+        }
+        // Check origin if configured
+        if (foundKey.allowedOrigins.length > 0 && !foundKey.allowedOrigins.includes('*')) {
+            const origin = req.headers.origin;
+            if (origin && !foundKey.allowedOrigins.includes(origin)) {
+                return res.status(403).json({
+                    error: 'Origin not allowed',
+                    code: 'ORIGIN_FORBIDDEN'
+                });
+            }
+        }
+        req.apiKey = foundKey;
+        next();
+    }
+    catch (error) {
+        console.error('API Key middleware error:', error);
+        res.status(500).json({
+            error: 'Authentication error',
+            code: 'AUTH_ERROR'
+        });
+    }
+}
+/**
+ * Increment transaction counter for API key
+ */
+function incrementTxCount(apiKeyId) {
+    const key = apiKeys.get(apiKeyId);
+    if (key) {
+        key.txUsed++;
+        apiKeys.set(apiKeyId, key);
+    }
+}
+/**
+ * Create new API key
+ */
+async function createApiKey(userId, plan, webhookUrl, allowedOrigins = []) {
+    const rawKey = `rsk_${plan}_${(0, uuid_1.v4)().replace(/-/g, '')}`;
+    const hashedKey = await bcryptjs_1.default.hash(rawKey, 10);
+    const signingSecret = `sig_${(0, uuid_1.v4)().replace(/-/g, '')}`;
+    const apiKey = {
+        id: (0, uuid_1.v4)(),
+        key: rawKey, // Only returned once at creation
+        hashedKey,
+        signingSecret,
+        userId,
+        plan,
+        txLimit: types_1.PLAN_CONFIG[plan].txLimit,
+        txUsed: 0,
+        webhookUrl,
+        allowedOrigins,
+        createdAt: new Date(),
+        expiresAt: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
+        isActive: true
+    };
+    // Store only hashed value to avoid keeping raw key in memory
+    apiKeys.set(apiKey.id, { ...apiKey, key: '' });
+    return apiKey;
+}
+/**
+ * Get API key by ID
+ */
+function getApiKey(id) {
+    return apiKeys.get(id);
+}
+/**
+ * Revoke API key
+ */
+function revokeApiKey(id) {
+    const key = apiKeys.get(id);
+    if (key) {
+        key.isActive = false;
+        apiKeys.set(id, key);
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if plan has feature
+ */
+function hasFeature(plan, feature) {
+    return !!types_1.PLAN_CONFIG[plan][feature];
+}
+// Create demo API key on startup
+(async () => {
+    const demoKey = await createApiKey('demo-user', 'business', undefined, ['*']);
+    console.log(`\n📌 Demo API Key: ${demoKey.key}\n`);
+})();

api/dist/middleware/errorHandler.d.ts

@@ -0,0 +1,17 @@
+import { Request, Response, NextFunction } from 'express';
+export interface ApiError extends Error {
+    statusCode?: number;
+    code?: string;
+}
+export declare function errorHandler(err: ApiError, req: Request, res: Response, next: NextFunction): void;
+export declare function asyncHandler(fn: Function): (req: Request, res: Response, next: NextFunction) => void;
+export declare class HttpError extends Error {
+    statusCode: number;
+    code: string;
+    constructor(message: string, statusCode?: number, code?: string);
+}
+export declare const BadRequest: (message: string, code?: string) => HttpError;
+export declare const Unauthorized: (message?: string, code?: string) => HttpError;
+export declare const Forbidden: (message?: string, code?: string) => HttpError;
+export declare const NotFound: (message?: string, code?: string) => HttpError;
+export declare const TooManyRequests: (message?: string, code?: string) => HttpError;