[ { "path": ".env.example", "content": "# Database\nDATABASE_URL=\"mysql://user:password@localhost:3306/streamium\"\n\n# Authentication (REQUIRED - use a strong random secret, min 32 chars)\n# Generate with: openssl rand -base64 32\nJWT_SECRET=\"your-secure-jwt-secret-min-32-characters\"\n\n# TMDB API (REQUIRED)\nTMDB_API_KEY=\"your-tmdb-api-key\"\nTMDB_API_URL=\"https://api.themoviedb.org/3\"\nTMDB_IMAGE_URL=\"https://image.tmdb.org/t/p\"\n\n# Streaming Providers\nVIDSRC_BASE_URL=\"https://vidsrc.cc/v2/embed\"\nVIDLINK_BASE_URL=\"https://vidlink.pro\"\nMOVIES111_BASE_URL=\"https://111movies.com\"\nEMBED2_BASE_URL=\"https://www.2embed.cc\"\n" }, { "path": ".github/FUNDING.yml", "content": "ko_fi: kasterby\n\n" }, { "path": ".gitignore", "content": "# Environment\n.env\n.env.*\n!.env.example\n\n# Dependencies\nnode_modules\npackage-lock.json\n\n# Build output\n.svelte-kit\nbuild\ndist\n\n# Database\n*.db\n*.db-journal\nprisma/dev.db\nprisma/migrations\n\n# IDE\n.idea\n.vscode\n*.swp\n*.swo\n\n# Logs\nlogs\n*.log\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\n\n# OS\n.DS_Store\nThumbs.db\n\n# Cache\n.cache\nstatic/image-cache/\n\n# Testing\ncoverage\n.nyc_output\n\n# Temporary files\n*.tmp\n*.temp\n" }, { "path": ".npmrc", "content": "engine-strict=true\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing to Streamium\n\nThank you for your interest in contributing to Streamium! This document provides guidelines and instructions for contributing.\n\n## Getting Started\n\n1. Fork the repository\n2. Clone your fork: `git clone https://github.com/gmonarque/streamium.git`\n3. Create a new branch: `git checkout -b feature/your-feature-name`\n4. Copy `.env.example` to `.env` and configure your environment variables\n5. Install dependencies: `npm install`\n6. Initialize the database: `npx prisma migrate dev`\n7. Start the development server: `npm run dev`\n\n## Development Guidelines\n\n### Code Style\n\n- Use TypeScript for type safety\n- Follow the existing code style and formatting\n- Use meaningful variable and function names\n- Keep functions small and focused\n- Add comments only when necessary to explain complex logic\n\n### Commit Messages\n\n- Use clear and descriptive commit messages\n- Start with a verb in present tense (e.g., \"Add\", \"Fix\", \"Update\")\n- Reference issue numbers when applicable\n\nExample:\n```\nAdd password strength validation\nFix rate limiting on login endpoint\nUpdate user profile UI components\n```\n\n### Pull Requests\n\n1. Update your branch with the latest main branch\n2. Ensure all tests pass\n3. Update documentation if needed\n4. Create a pull request with a clear description of changes\n5. Link any related issues\n\n### Testing\n\n- Write tests for new features\n- Ensure existing tests pass\n- Test your changes in different browsers\n- Check mobile responsiveness\n\n### Security\n\n- Follow security guidelines in SECURITY.md\n- Never commit sensitive data\n- Use environment variables for secrets\n- Implement rate limiting for new endpoints\n- Validate and sanitize all user input\n\n## Project Structure\n\n```\nstreamium/\n├── src/\n│ ├── lib/ # Components, services, stores\n│ ├── routes/ # SvelteKit routes and API\n│ └── app.html # App template\n├── prisma/\n│ └── schema.prisma # Database schema\n└── static/ # Static assets\n```\n\n## Need Help?\n\n- Check existing issues and pull requests\n- Read the documentation\n- Ask questions in discussions\n- Follow the code of conduct\n\n## Code of Conduct\n\n- Be respectful and inclusive\n- No harassment or discrimination\n- Constructive feedback only\n- Follow project maintainers' decisions\n\nThank you for contributing to Streamium!\n" }, { "path": "Dockerfile", "content": "FROM node:18-slim\n\nWORKDIR /app\n\nRUN apt-get update && apt-get install -y \\\n openssl \\\n default-mysql-client \\\n && rm -rf /var/lib/apt/lists/*\n\nRUN corepack enable\n\nCOPY package.json pnpm-lock.yaml ./\nCOPY prisma ./prisma/\n\nRUN pnpm install --frozen-lockfile\n\nCOPY . .\n\nRUN pnpm prisma generate\nRUN pnpm run build\nRUN pnpm prune --prod\n\nEXPOSE 5173\n\nENV NODE_ENV=production\n\nCMD [\"node\", \"build\"]\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2024 https://github.com/gmonarque\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# Streamium\n\nA SvelteKit streaming UI that embeds content from third-party providers and uses TMDB for movie/TV metadata.\n\n

\n \"Streamium\n \"Streamium\n \"Streamium\n

\n\n## Features\n- TMDB-powered catalog, search, and filters\n- Multiple embed providers (VidSrc, VidLink, 111Movies, 2Embed)\n- Auth, watchlist, and comments with moderation\n- Server-rendered UI with image proxying\n- Basic security controls (CSRF, captcha, rate limiting, CSP)\n\n## Tech Stack\n- SvelteKit + TypeScript + Tailwind CSS\n- Prisma + MySQL\n- JWT auth, Zod validation\n\n## Quickstart (Local)\n\nPrereqs: Node.js 18+, pnpm, and MySQL (optional if you only browse content).\n\n1) Configure env:\n```bash\ncp .env.example .env\n```\n\n2) Install deps:\n```bash\npnpm install\n```\n\n3) (Optional) DB setup:\n```bash\npnpm prisma generate\npnpm prisma migrate dev\n```\n\n4) Run dev server:\n```bash\npnpm dev\n```\n\nApp runs at http://localhost:5173\n\n## Docker\n\n1) Set required env vars (at minimum):\n- `JWT_SECRET`\n- `TMDB_API_KEY`\n- `MYSQL_PASSWORD`\n- `MYSQL_ROOT_PASSWORD`\n\n2) Start:\n```bash\ndocker compose up --build\n```\n\n3) Run migrations:\n```bash\ndocker compose exec web pnpm prisma migrate dev\n```\n\n## Environment Variables\n\nKey entries in `.env.example`:\n- `DATABASE_URL`\n- `JWT_SECRET`\n- `TMDB_API_KEY`\n- `TMDB_API_URL`\n- Provider URLs: `VIDSRC_BASE_URL`, `VIDLINK_BASE_URL`, `MOVIES111_BASE_URL`, `EMBED2_BASE_URL`\n\n## Scripts\n- `pnpm dev` – start dev server\n- `pnpm build` – production build\n- `pnpm test` – run tests\n\n## License\nMIT\n\n## Legal Disclaimer\nThis project embeds third‑party content and does not host media files. Use it only with properly licensed content and in compliance with applicable laws. The software is provided “as is” without warranty.\n" }, { "path": "SECURITY.md", "content": "# Security Policy\n\n## Reporting a Vulnerability\n\nIf you discover a security vulnerability within Streamium, please send a private message on github. All security vulnerabilities will be promptly addressed.\n\nPlease include the following information in your report:\n- Description of the vulnerability\n- Steps to reproduce the issue\n- Potential impact\n- Any suggested fixes (if applicable)\n\n## Security Measures\n\nStreamium implements several security measures:\n\n1. **Authentication**\n - JWT-based authentication\n - Secure password hashing\n - Rate limiting on login attempts\n - Password reset with secure tokens\n\n2. **Data Protection**\n - Input validation and sanitization\n - XSS protection\n - CSRF protection\n - SQL injection prevention through Prisma ORM\n\n3. **API Security**\n - Rate limiting on sensitive endpoints\n - Request validation\n - Secure error handling\n\n## Development Guidelines\n\nWhen contributing to Streamium, please ensure:\n\n1. All passwords are hashed using bcrypt\n2. Sensitive data is never logged\n3. Environment variables are used for secrets\n4. Input is properly validated and sanitized\n5. Rate limiting is implemented on sensitive endpoints\n6. Error messages don't leak sensitive information\n\n## Known Issues\n\nThere are currently no known security issues. Check this section for updates on security-related issues and their status.\n" }, { "path": "docker-compose.yml", "content": "services:\n web:\n build: .\n ports:\n - \"5173:5173\"\n volumes:\n - .:/app\n - /app/node_modules\n environment:\n - DATABASE_URL=${DATABASE_URL:-mysql://root:rootpassword@db:3306/streamium}\n - JWT_SECRET=${JWT_SECRET:?JWT_SECRET is required}\n - TMDB_API_KEY=${TMDB_API_KEY:?TMDB_API_KEY is required}\n - TMDB_API_URL=https://api.themoviedb.org/3\n - TMDB_IMAGE_URL=https://image.tmdb.org/t/p\n - VIDSRC_BASE_URL=https://vidsrc.cc/v2/embed\n - VIDSRC_PRO_BASE_URL=https://vidsrc.pro/embed\n - EMBEDSU_BASE_URL=https://embed.su/embed\n - NODE_ENV=${NODE_ENV:-development}\n depends_on:\n - db\n\n db:\n image: mysql:8\n ports:\n - \"3307:3306\"\n environment:\n - MYSQL_DATABASE=streamium\n - MYSQL_USER=${MYSQL_USER:-user}\n - MYSQL_PASSWORD=${MYSQL_PASSWORD:?MYSQL_PASSWORD is required}\n - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:?MYSQL_ROOT_PASSWORD is required}\n volumes:\n - mysql_data:/var/lib/mysql\n - ./init.sql:/docker-entrypoint-initdb.d/init.sql\n\nvolumes:\n mysql_data:\n" }, { "path": "init.sql", "content": "GRANT CREATE ON *.* TO 'user'@'%';\nCREATE DATABASE IF NOT EXISTS `streamium_shadow`;\nGRANT ALL PRIVILEGES ON `streamium_shadow`.* TO 'user'@'%';\nGRANT ALL PRIVILEGES ON `streamium`.* TO 'user'@'%';\nFLUSH PRIVILEGES;\n" }, { "path": "package.json", "content": "{\n \"name\": \"streamium\",\n \"version\": \"0.0.1\",\n \"type\": \"module\",\n \"scripts\": {\n \"dev\": \"vite dev\",\n \"build\": \"vite build\",\n \"preview\": \"vite preview\",\n \"test\": \"vitest run\",\n \"check\": \"svelte-kit sync && svelte-check --tsconfig ./tsconfig.json\",\n \"check:watch\": \"svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch\",\n \"start\": \"node server.js\"\n },\n \"devDependencies\": {\n \"@sveltejs/adapter-auto\": \"^3.3.1\",\n \"@sveltejs/vite-plugin-svelte\": \"^4.0.0\",\n \"@types/bcryptjs\": \"^2.4.6\",\n \"@types/node\": \"^22.9.0\",\n \"autoprefixer\": \"^10.4.20\",\n \"postcss\": \"^8.4.49\",\n \"svelte-check\": \"^4.0.0\",\n \"tailwindcss\": \"^3.4.14\",\n \"typescript\": \"^5.0.0\",\n \"vite\": \"^5.4.11\",\n \"vitest\": \"^4.0.18\"\n },\n \"dependencies\": {\n \"@emoji-mart/data\": \"^1.2.1\",\n \"@emoji-mart/react\": \"^1.1.1\",\n \"@melt-ui/pp\": \"^0.3.2\",\n \"@prisma/client\": \"5.22.0\",\n \"@sveltejs/adapter-node\": \"^5.2.9\",\n \"@sveltejs/kit\": \"^2.8.0\",\n \"@tailwindcss/aspect-ratio\": \"^0.4.2\",\n \"@tailwindcss/forms\": \"^0.5.9\",\n \"@tailwindcss/typography\": \"^0.5.15\",\n \"@tiptap/core\": \"^2.9.1\",\n \"@tiptap/extension-link\": \"^2.9.1\",\n \"@tiptap/starter-kit\": \"^2.9.1\",\n \"@tiptap/suggestion\": \"^2.9.1\",\n \"@types/dompurify\": \"^3.0.5\",\n \"@types/jsonwebtoken\": \"^9.0.7\",\n \"@types/sharp\": \"^0.31.1\",\n \"bcryptjs\": \"^3.0.3\",\n \"date-fns\": \"^4.1.0\",\n \"dompurify\": \"^3.2.0\",\n \"emoji-mart\": \"^5.6.0\",\n \"isomorphic-dompurify\": \"^2.17.0\",\n \"jsonwebtoken\": \"^9.0.2\",\n \"mysql2\": \"^3.11.4\",\n \"prisma\": \"5.22.0\",\n \"sharp\": \"^0.33.5\",\n \"svelte\": \"^5.0.0\",\n \"svelte-preprocess\": \"^6.0.3\",\n \"svelte-sequential-preprocessor\": \"^2.0.2\",\n \"zod\": \"^3.23.8\"\n },\n \"engines\": {\n \"node\": \">=18.0.0\"\n },\n \"pnpm\": {\n \"overrides\": {\n \"cookie\": \"0.7.2\"\n }\n }\n}\n" }, { "path": "postcss.config.js", "content": "export default {\n plugins: {\n tailwindcss: {},\n autoprefixer: {},\n },\n};\n" }, { "path": "prisma/schema.prisma", "content": "generator client {\n provider = \"prisma-client-js\"\n}\n\ndatasource db {\n provider = \"mysql\"\n url = env(\"DATABASE_URL\")\n}\n\nmodel User {\n id Int @id @default(autoincrement())\n username String @unique\n email String? @unique\n passwordHash String\n resetToken String?\n resetTokenExp DateTime?\n isAdmin Boolean @default(false)\n createdAt DateTime @default(now())\n updatedAt DateTime @updatedAt\n watchlist Watchlist[]\n comments Comment[]\n commentLikes CommentLike[]\n\n @@map(\"users\")\n}\n\nmodel Watchlist {\n id Int @id @default(autoincrement())\n userId Int\n mediaId Int\n mediaType String\n title String\n posterPath String?\n voteAverage Float @default(0)\n addedAt DateTime @default(now())\n user User @relation(fields: [userId], references: [id], onDelete: Cascade)\n\n @@unique([userId, mediaId, mediaType])\n @@map(\"watchlist\")\n}\n\nmodel Comment {\n id Int @id @default(autoincrement())\n userId Int\n mediaId Int\n mediaType String\n season Int?\n episode Int?\n content String @db.Text\n createdAt DateTime @default(now())\n updatedAt DateTime @updatedAt\n parentId Int?\n flagged Boolean @default(false)\n flagReason String? @db.Text\n flaggedAt DateTime?\n user User @relation(fields: [userId], references: [id], onDelete: Cascade)\n parent Comment? @relation(\"CommentReplies\", fields: [parentId], references: [id], onDelete: Cascade)\n replies Comment[] @relation(\"CommentReplies\")\n likes CommentLike[]\n\n @@index([mediaId, mediaType])\n @@index([mediaId, mediaType, season, episode])\n @@index([userId])\n @@index([parentId])\n @@index([flagged])\n @@map(\"comments\")\n}\n\nmodel CommentLike {\n id Int @id @default(autoincrement())\n userId Int\n commentId Int\n createdAt DateTime @default(now())\n user User @relation(fields: [userId], references: [id], onDelete: Cascade)\n comment Comment @relation(fields: [commentId], references: [id], onDelete: Cascade)\n\n @@unique([userId, commentId])\n @@map(\"comment_likes\")\n}\n\nmodel ImageCache {\n id Int @id @default(autoincrement())\n url String @unique\n path String\n format String\n width Int?\n height Int?\n quality Int\n createdAt DateTime @default(now())\n accessedAt DateTime @default(now())\n\n @@index([url])\n @@map(\"image_cache\")\n}\n" }, { "path": "server.js", "content": "// Production server wrapper\nimport('./build/index.js').catch(err => {\n console.error('Failed to import app:', err);\n process.exit(1);\n});\n" }, { "path": "src/app.css", "content": "@tailwind base;\n@tailwind components;\n@tailwind utilities;\n\n@layer base {\n html {\n @apply antialiased;\n }\n\n body {\n @apply bg-gray-900 text-white;\n }\n\n .sveltekit-body {\n display: contents;\n }\n\n /* Custom scrollbar */\n ::-webkit-scrollbar {\n @apply w-2;\n }\n\n ::-webkit-scrollbar-track {\n @apply bg-gray-800;\n }\n\n ::-webkit-scrollbar-thumb {\n @apply bg-gray-600 rounded-full hover:bg-gray-500 transition-colors;\n }\n}\n\n@layer components {\n .btn {\n @apply inline-flex items-center justify-center px-4 py-2 rounded-lg font-medium transition-colors;\n }\n\n .btn-primary {\n @apply bg-primary-500 text-white hover:bg-primary-600;\n }\n\n .btn-secondary {\n @apply bg-gray-700 text-white hover:bg-gray-600;\n }\n\n .input {\n @apply px-3 py-2 bg-gray-800 border border-gray-700 rounded-lg text-white placeholder-gray-400 focus:outline-none focus:ring-2 focus:ring-primary-500 focus:border-transparent;\n }\n\n .card {\n @apply bg-gray-800 rounded-lg overflow-hidden;\n }\n\n .card-hover {\n @apply transition-transform hover:scale-105;\n }\n}\n\n/* Loading animation */\n@keyframes pulse {\n 0%,\n 100% {\n opacity: 1;\n }\n 50% {\n opacity: 0.5;\n }\n}\n\n.animate-pulse {\n animation: pulse 2s cubic-bezier(0.4, 0, 0.6, 1) infinite;\n}\n\n/* Fade animations */\n.fade-enter {\n opacity: 0;\n}\n\n.fade-enter-active {\n opacity: 1;\n transition: opacity 200ms ease-in;\n}\n\n.fade-exit {\n opacity: 1;\n}\n\n.fade-exit-active {\n opacity: 0;\n transition: opacity 200ms ease-out;\n}\n\n/* Hero section gradient */\n.hero-gradient {\n background: linear-gradient(\n to bottom,\n transparent 0%,\n rgba(17, 24, 39, 0.7) 50%,\n rgba(17, 24, 39, 1) 100%\n );\n}\n\n/* Media card hover effects */\n.media-card-overlay {\n @apply absolute inset-0 bg-black bg-opacity-0 transition-all duration-300;\n}\n\n.media-card:hover .media-card-overlay {\n @apply bg-opacity-60;\n}\n\n.media-card-content {\n @apply absolute inset-0 flex flex-col justify-end p-4 opacity-0 transition-opacity duration-300;\n}\n\n.media-card:hover .media-card-content {\n @apply opacity-100;\n}\n\n/* Toast notifications */\n.toast {\n @apply fixed bottom-4 right-4 px-4 py-2 rounded-lg shadow-lg transform transition-all duration-300;\n}\n\n.toast-enter {\n @apply translate-y-full opacity-0;\n}\n\n.toast-enter-active {\n @apply translate-y-0 opacity-100;\n}\n\n.toast-exit {\n @apply translate-y-0 opacity-100;\n}\n\n.toast-exit-active {\n @apply translate-y-full opacity-0;\n}\n" }, { "path": "src/app.d.ts", "content": "/// \n\n// See https://kit.svelte.dev/docs/types#app\ndeclare global {\n namespace App {\n interface Error {\n message: string;\n code?: string;\n }\n interface Locals {\n user: {\n id: number;\n username: string;\n email: string;\n isAdmin: boolean;\n } | null;\n }\n interface PageData {\n user: {\n id: number;\n username: string;\n email: string;\n isAdmin: boolean;\n } | null;\n }\n interface Platform {}\n }\n\n namespace NodeJS {\n interface ProcessEnv {\n TMDB_API_KEY: string;\n DATABASE_URL: string;\n JWT_SECRET: string;\n }\n }\n}\n\nexport {};\n" }, { "path": "src/app.html", "content": "\n\n \n \n \n \n %sveltekit.head%\n \n \n
%sveltekit.body%
\n \n\n" }, { "path": "src/env.d.ts", "content": "/// \n\ninterface ImportMetaEnv {\n readonly VITE_TMDB_API_KEY: string;\n readonly TMDB_API_KEY: string;\n readonly JWT_SECRET: string;\n readonly DATABASE_URL: string;\n readonly SMTP_HOST: string;\n readonly SMTP_PORT: string;\n readonly SMTP_USER: string;\n readonly SMTP_PASS: string;\n readonly SMTP_FROM: string;\n readonly NODE_ENV: \"development\" | \"production\";\n readonly VIDSRC_BASE_URL: string;\n readonly VIDLINK_BASE_URL: string;\n readonly MOVIES111_BASE_URL: string;\n readonly EMBED2_BASE_URL: string;\n}\n\ninterface ImportMeta {\n readonly env: ImportMetaEnv;\n}\n\ndeclare module \"$env/static/private\" {\n export const JWT_SECRET: string;\n export const DATABASE_URL: string;\n export const TMDB_API_KEY: string;\n export const SMTP_HOST: string;\n export const SMTP_PORT: string;\n export const SMTP_USER: string;\n export const SMTP_PASS: string;\n export const SMTP_FROM: string;\n export const NODE_ENV: \"development\" | \"production\";\n export const VIDSRC_BASE_URL: string;\n export const VIDLINK_BASE_URL: string;\n export const MOVIES111_BASE_URL: string;\n export const EMBED2_BASE_URL: string;\n}\n\ndeclare module \"$env/static/public\" {\n export const PUBLIC_TMDB_API_KEY: string;\n}\n" }, { "path": "src/hooks.server.ts", "content": "import type { Handle } from \"@sveltejs/kit\";\nimport { getSession, createCsrfToken } from \"$lib/server/auth\";\nimport { prisma } from \"$lib/server/prisma\";\nimport { isDatabaseConnectionError } from \"$lib/server/services/db-error\";\nimport { dev } from \"$app/environment\";\nimport crypto from \"node:crypto\";\nimport { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from \"$lib/constants/security\";\n\nconst ADMIN_RATE_LIMIT = 100;\nconst ADMIN_RATE_WINDOW = 5 * 60 * 1000;\nconst adminRateLimits = new Map();\nconst CSRF_MAX_AGE = 60 * 60 * 24 * 7;\n\nfunction checkAdminRateLimit(ip: string): boolean {\n const now = Date.now();\n const limit = adminRateLimits.get(ip);\n\n if (!limit) {\n adminRateLimits.set(ip, { count: 1, firstAttempt: now });\n return true;\n }\n\n if (now - limit.firstAttempt >= ADMIN_RATE_WINDOW) {\n adminRateLimits.set(ip, { count: 1, firstAttempt: now });\n return true;\n }\n\n if (limit.count >= ADMIN_RATE_LIMIT) {\n return false;\n }\n\n limit.count++;\n adminRateLimits.set(ip, limit);\n return true;\n}\n\nsetInterval(() => {\n const now = Date.now();\n for (const [key, limit] of adminRateLimits.entries()) {\n if (now - limit.firstAttempt >= ADMIN_RATE_WINDOW) {\n adminRateLimits.delete(key);\n }\n }\n}, ADMIN_RATE_WINDOW);\n\nfunction setSecurityHeaders(response: Response, nonce: string): void {\n const isDev = dev;\n\n response.headers.set('X-Frame-Options', 'DENY');\n response.headers.set('X-Content-Type-Options', 'nosniff');\n response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');\n response.headers.set(\n 'Content-Security-Policy',\n \"default-src 'self'; \" +\n (isDev\n ? \"script-src 'self' 'unsafe-inline' 'unsafe-eval'; \"\n : `script-src 'self' 'nonce-${nonce}'; `) +\n (isDev\n ? \"style-src 'self' 'unsafe-inline'; \"\n : `style-src 'self' 'nonce-${nonce}'; `) +\n \"img-src 'self' data: https:; \" +\n \"font-src 'self' data:; \" +\n \"frame-src 'self' \" +\n \"https://vidsrc.cc/ https://*.vidsrc.cc/ \" +\n \"https://vidplay.site/ https://*.vidplay.site/ \" +\n \"https://vidplay.online/ https://*.vidplay.online/ \" +\n \"https://vidlink.pro/ https://*.vidlink.pro/ \" +\n \"https://111movies.com/ https://*.111movies.com/ \" +\n \"https://2embed.cc/ https://*.2embed.cc/;\"\n );\n}\n\nexport const handle: Handle = async ({ event, resolve }) => {\n const nonce = crypto.randomBytes(16).toString(\"base64\");\n const isAdminRoute = event.url.pathname.startsWith('/admin');\n const method = event.request.method.toUpperCase();\n const hasSessionCookie = Boolean(event.cookies.get(\"session\"));\n\n if (![\"GET\", \"HEAD\", \"OPTIONS\"].includes(method) && hasSessionCookie) {\n const origin = event.request.headers.get(\"origin\");\n if (origin && origin !== event.url.origin) {\n const response = new Response(\"Cross-origin requests not allowed\", { status: 403 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n\n const csrfHeader = event.request.headers.get(CSRF_HEADER_NAME);\n const csrfCookie = event.cookies.get(CSRF_COOKIE_NAME);\n if (!csrfHeader || !csrfCookie || csrfHeader !== csrfCookie) {\n const response = new Response(\"Invalid CSRF token\", { status: 403 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n }\n\n // Authenticate user BEFORE resolving the request\n try {\n const session = await getSession(event.cookies);\n\n if (session?.userId) {\n const user = await prisma.user.findUnique({\n where: {\n id: session.userId,\n },\n select: {\n id: true,\n username: true,\n email: true,\n isAdmin: true,\n },\n });\n\n if (user) {\n event.locals.user = {\n id: user.id,\n username: user.username,\n email: user.email || '',\n isAdmin: user.isAdmin,\n };\n\n if (isAdminRoute) {\n if (!user.isAdmin) {\n const response = new Response('Unauthorized', { status: 403 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n\n const clientIp = event.getClientAddress();\n if (!checkAdminRateLimit(clientIp)) {\n const response = new Response('Too Many Requests', { status: 429 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n }\n if (!event.cookies.get(CSRF_COOKIE_NAME)) {\n const csrfToken = createCsrfToken();\n event.cookies.set(CSRF_COOKIE_NAME, csrfToken, {\n path: \"/\",\n sameSite: \"strict\",\n secure: !dev,\n httpOnly: false,\n maxAge: CSRF_MAX_AGE,\n });\n }\n } else {\n event.cookies.delete(\"session\", { path: \"/\" });\n\n if (isAdminRoute) {\n const response = new Response('Unauthorized', { status: 403 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n }\n } else if (isAdminRoute) {\n const response = new Response('Unauthorized', { status: 403 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n } catch (error) {\n // Handle database connection errors gracefully\n if (isDatabaseConnectionError(error)) {\n console.error(\"Database unavailable during session validation\");\n // Don't delete session cookie - DB might come back\n // For admin routes, return 503; for others, continue without auth\n if (isAdminRoute) {\n const response = new Response('Service temporarily unavailable', { status: 503 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n // Continue without user context for non-admin routes\n } else {\n event.cookies.delete(\"session\", { path: \"/\" });\n console.error(\"Session validation error:\", error);\n\n if (isAdminRoute) {\n const response = new Response('Unauthorized', { status: 403 });\n setSecurityHeaders(response, nonce);\n return response;\n }\n }\n }\n\n // Only resolve AFTER auth checks pass\n const response = await resolve(event, {\n transformPageChunk: ({ html }) =>\n html\n .replace(/]*nonce=)/g, `\n\n
\n
\n \n \n {#if loading}\n \n \n \n \n {:else}\n \n \n \n {/if}\n \n {#if verified}\n \n \n \n {/if}\n
\n\n
\n \n \n
\n
\n" }, { "path": "src/lib/components/CommentForm.svelte", "content": "\n\n
\n

Add a Comment

\n\n {#if $authStore.isAuthenticated}\n
\n
\n \n\n
\n \n {charCount}/{MAX_CHARS} characters\n \n {#if error}\n {error}\n {/if}\n
\n
\n\n
\n \n {isSubmitting ? 'Posting...' : 'Post Comment'}\n \n
\n
\n {:else}\n
\n

Please log in to leave a comment.

\n
\n {/if}\n
\n" }, { "path": "src/lib/components/CommentList.svelte", "content": "\n\n
\n \n\n
\n Sort by:\n sortBy = 'recent'}\n >\n Most Recent\n \n \n sortBy = 'likes'}\n >\n Most Liked\n \n
\n\n {#if isLoading}\n
\n
\n
\n {:else if error}\n
\n

{error}

\n \n Try Again\n \n
\n {:else if comments.length === 0}\n
\n
\n \n \n \n
\n

No comments yet

\n

Be the first to share your thoughts!

\n
\n
\n
\n {:else}\n
\n {#each sortedComments as comment (comment.id)}\n {#if !comment.parentId}\n
\n
\n
\n
\n {comment.user.username[0].toUpperCase()}\n
\n
\n
{comment.user.username}
\n
\n {formatDate(comment.createdAt)}\n
\n
\n
\n
\n\n
\n {@html sanitizeContent(comment.content)}\n
\n\n
\n handleLike(comment.id)}\n disabled={!$authStore.isAuthenticated}\n >\n \n \n \n {comment._count.likes}\n \n\n {#if $authStore.isAuthenticated}\n handleReplyClick(comment.id)}\n >\n \n \n \n Reply\n \n {/if}\n\n {#if $authStore.isAuthenticated && !comment.flagged}\n handleFlag(comment.id)}\n >\n \n \n \n Report\n \n {/if}\n
\n\n {#if replyingToId === comment.id}\n
\n \n
\n {/if}\n\n {#if comment.replies.length > 0}\n
\n {#each comment.replies as reply (reply.id)}\n
\n
\n
\n {reply.user.username[0].toUpperCase()}\n
\n
\n
{reply.user.username}
\n
\n {formatDate(reply.createdAt)}\n
\n
\n
\n
\n {@html sanitizeContent(reply.content)}\n
\n
\n handleLike(reply.id)}\n disabled={!$authStore.isAuthenticated}\n >\n \n \n \n {reply._count.likes}\n \n\n {#if $authStore.isAuthenticated && !reply.flagged}\n handleFlag(reply.id)}\n >\n \n \n \n Report\n \n {/if}\n
\n
\n {/each}\n
\n {/if}\n
\n {/if}\n {/each}\n
\n {/if}\n
\n" }, { "path": "src/lib/components/CommentModeration.svelte", "content": "\n\n{#if isAdmin}\n
\n \n \n \n \n \n\n {#if comment.flagged}\n \n \n \n \n \n {:else}\n \n \n \n \n \n {/if}\n
\n{/if}\n" }, { "path": "src/lib/components/EmojiPicker.svelte", "content": "\n\n\n\n
\n \n \n \n \n \n\n {#if showPicker}\n
\n {/if}\n\n\n\n" }, { "path": "src/lib/components/EpisodeSelector.svelte", "content": "\n\n{#if showModal}\n
\n
\n \n
\n

Select Episode

\n \n \n \n \n \n
\n\n \n
\n \n
\n
\n {#each seasons as season}\n selectSeason(season.season_number)}\n >\n Season {season.season_number}\n \n {/each}\n
\n
\n\n \n
\n
\n {#if selectedSeason && episodes.length > 0}\n {#each episodes as episode}\n selectEpisode(episode.episode_number)}\n >\n
\n Episode {episode.episode_number}\n
\n
\n {episode.name}\n
\n \n {/each}\n {:else}\n
\n Select a season to view episodes\n
\n {/if}\n
\n
\n
\n
\n
\n{/if}\n" }, { "path": "src/lib/components/Hero.svelte", "content": "\n\n
\n {#if backdropUrl}\n
\n \n
\n
\n {/if}\n\n
\n
\n
\n

\n {title}\n

\n {#if media?.overview}\n

\n {media.overview}\n

\n {/if}\n
\n \n \n \n \n \n Watch Now\n \n
\n \n \n \n {media?.vote_average?.toFixed(1) || '0.0'}\n / 10\n
\n
\n
\n
\n
\n
\n" }, { "path": "src/lib/components/Image.svelte", "content": "\n\n
\n \n\n {#if !loaded}\n
\n {/if}\n
\n" }, { "path": "src/lib/components/MediaCard.svelte", "content": "\n\n
\n \n
\n \n\n \n
\n \n \n \n {voteAverage.toFixed(1)}\n
\n\n {#if !loading && releaseType !== 'Unknown Quality'}\n
\n {releaseType}\n
\n {/if}\n\n {#if certification}\n
\n {certification}\n
\n {/if}\n\n \n
\n
\n {title}\n
\n \n {type === 'movie' ? 'Movie' : 'TV Show'}\n \n
\n
\n
\n
\n \n\n {#if showWatchlist}\n \n \n
\n {/if}\n\n\n\n" }, { "path": "src/lib/components/MediaFilters.svelte", "content": "\n\n
\n
\n
\n \n \n {#each sortOptions as option}\n \n {/each}\n \n
\n\n
\n \n \n \n {#each genres as genre}\n \n {/each}\n \n
\n\n
\n \n \n \n {#each years as year}\n \n {/each}\n \n
\n
\n
\n" }, { "path": "src/lib/components/MediaPlayer.svelte", "content": "\n\n\n \n \n \n\n" }, { "path": "src/lib/components/MentionList.svelte", "content": "\n\n
\n {#each items as item, index}\n selectItem(index)}\n >\n
\n
\n \n {item.username[0].toUpperCase()}\n \n
\n {item.username}\n
\n \n {/each}\n
\n\n\n" }, { "path": "src/lib/components/Navbar.svelte", "content": "\n\n\n
\n
\n \n \n Streamium\n \n\n \n
\n {#each navItems as item}\n {#if !item.requiresAuth || $authStore.isAuthenticated}\n \n {item.label}\n \n {/if}\n {/each}\n
\n\n \n
\n \n \n \n \n \n\n {#if $authStore.isAuthenticated}\n \n
\n isUserMenuOpen = !isUserMenuOpen}\n aria-label=\"User menu\"\n >\n {$authStore.user?.username}\n \n \n \n \n\n {#if isUserMenuOpen}\n
\n {#if $authStore.user?.isAdmin}\n isUserMenuOpen = false}\n >\n
\n \n \n \n Moderation\n
\n \n {/if}\n \n Logout\n \n
\n {/if}\n
\n {:else}\n \n
\n \n Login\n \n \n Register\n \n
\n {/if}\n\n \n isMobileMenuOpen = !isMobileMenuOpen}\n aria-label=\"Toggle mobile menu\"\n >\n \n {#if isMobileMenuOpen}\n \n {:else}\n \n {/if}\n \n \n
\n
\n\n \n {#if isMobileMenuOpen}\n
\n {#each navItems as item}\n {#if !item.requiresAuth || $authStore.isAuthenticated}\n isMobileMenuOpen = false}\n >\n {item.label}\n \n {/if}\n {/each}\n\n {#if $authStore.isAuthenticated && $authStore.user?.isAdmin}\n isMobileMenuOpen = false}\n >\n Moderation\n \n {/if}\n\n {#if !$authStore.isAuthenticated}\n
\n isMobileMenuOpen = false}\n >\n Login\n \n isMobileMenuOpen = false}\n >\n Register\n \n
\n {/if}\n
\n {/if}\n
\n\n\n\n
\n" }, { "path": "src/lib/components/NextEpisode.svelte", "content": "\n\n{#if !loading && nextEpisode}\n \n Next: {nextEpisode.season_number !== currentSeason ? `S${nextEpisode.season_number}E${nextEpisode.episode_number}` : `E${nextEpisode.episode_number}`}\n \n \n \n \n{/if}\n" }, { "path": "src/lib/components/Pagination.svelte", "content": "\n\n\n\n{#if totalPages > 1}\n
\n Page {currentPage} of {totalPages}\n
\n{/if}\n" }, { "path": "src/lib/components/ReplyForm.svelte", "content": "\n\n
\n
\n \n\n
\n \n {charCount}/{MAX_CHARS} characters\n \n {#if error}\n {error}\n {/if}\n
\n
\n\n
\n \n Cancel\n \n \n {isSubmitting ? 'Posting...' : 'Post Reply'}\n \n
\n
\n" }, { "path": "src/lib/components/RichTextEditor.svelte", "content": "\n\n
\n
\n\n
\n editor?.chain().focus().toggleBold().run()}\n disabled={disabled}\n aria-label=\"Bold\"\n title=\"Bold\"\n >\n \n \n \n \n\n editor?.chain().focus().toggleItalic().run()}\n disabled={disabled}\n aria-label=\"Italic\"\n title=\"Italic\"\n >\n \n \n \n \n\n editor?.chain().focus().toggleStrike().run()}\n disabled={disabled}\n aria-label=\"Strikethrough\"\n title=\"Strikethrough\"\n >\n \n \n \n \n\n
\n\n \n
\n\n\n\n" }, { "path": "src/lib/components/Toast.svelte", "content": "\n\n
\n {#each toasts as toast (toast.id)}\n \n
\n {@html icons[toast.type]}\n
\n

{toast.message}

\n removeToast(toast.id)}\n aria-label=\"Close notification\"\n >\n \n \n \n \n
\n {/each}\n\n" }, { "path": "src/lib/components/VideoPlayer.svelte", "content": "\n\n
\n {#if loading}\n
\n
\n
\n {/if}\n\n \n\n {#if error}\n
\n
\n

{error}

\n {\n retryCount = 0;\n tryNextProvider();\n }}\n >\n Try Different Provider\n \n
\n
\n {/if}\n
\n\n\n" }, { "path": "src/lib/components/WatchlistButton.svelte", "content": "\n\n\n \n {#if inWatchlist}\n \n {:else}\n \n {/if}\n \n\n" }, { "path": "src/lib/constants/security.ts", "content": "export const CSRF_COOKIE_NAME = \"csrf\";\nexport const CSRF_HEADER_NAME = \"x-csrf-token\";\n" }, { "path": "src/lib/extensions/mention.ts", "content": "import { Extension, type Editor, type Range } from \"@tiptap/core\";\nimport Suggestion, { type SuggestionOptions } from \"@tiptap/suggestion\";\n\ntype HTMLAttrs = Record;\n\ninterface MentionNode {\n attrs: {\n id?: string | null;\n label?: string | null;\n };\n}\n\nexport interface MentionOptions {\n HTMLAttributes?: HTMLAttrs;\n renderLabel?: (props: { options: MentionOptions; node: MentionNode }) => string;\n suggestion?: Partial;\n}\n\ninterface CommandProps {\n id: number;\n label: string;\n}\n\nexport const Mention = Extension.create({\n name: \"mention\",\n\n addOptions() {\n return {\n HTMLAttributes: {},\n renderLabel({ options, node }) {\n return `@${node.attrs.label ?? \"\"}`;\n },\n suggestion: {\n char: \"@\",\n command: ({\n editor,\n range,\n props,\n }: {\n editor: Editor;\n range: Range;\n props: CommandProps;\n }) => {\n editor\n .chain()\n .focus()\n .insertContentAt(range, [\n {\n type: \"text\",\n text: `@${props.label}`,\n marks: [\n {\n type: \"mention\",\n attrs: { id: props.id, label: props.label },\n },\n ],\n },\n {\n type: \"text\",\n text: \" \",\n },\n ])\n .run();\n },\n allow: ({ editor, range }: { editor: Editor; range: Range }) => {\n return editor.can().insertContentAt(range, {});\n },\n },\n };\n },\n\n addAttributes() {\n return {\n id: {\n default: null,\n parseHTML: (element: HTMLElement) =>\n element.getAttribute(\"data-mention-id\"),\n renderHTML: (attributes: { id?: string | null }) => {\n if (!attributes.id) {\n return {};\n }\n\n return {\n \"data-mention-id\": attributes.id,\n };\n },\n },\n label: {\n default: null,\n parseHTML: (element: HTMLElement) =>\n element.getAttribute(\"data-mention-label\"),\n renderHTML: (attributes: { label?: string | null }) => {\n if (!attributes.label) {\n return {};\n }\n\n return {\n \"data-mention-label\": attributes.label,\n };\n },\n },\n };\n },\n\n parseHTML() {\n return [\n {\n tag: \"span[data-mention]\",\n },\n ];\n },\n\n renderHTML({\n node,\n HTMLAttributes,\n }: {\n node: MentionNode;\n HTMLAttributes: HTMLAttrs;\n }) {\n return [\n \"span\",\n {\n \"data-mention\": \"\",\n class: \"mention text-primary-400\",\n ...this.options.HTMLAttributes,\n ...HTMLAttributes,\n },\n this.options.renderLabel({\n options: this.options,\n node,\n }),\n ];\n },\n\n addProseMirrorPlugins() {\n return [\n Suggestion({\n editor: this.editor,\n ...this.options.suggestion,\n }),\n ];\n },\n});\n" }, { "path": "src/lib/index.ts", "content": "// place files you want to import through the `$lib` alias in this folder.\n" }, { "path": "src/lib/server/admin-middleware.ts", "content": "import type { RequestEvent } from \"@sveltejs/kit\";\nimport { error } from \"@sveltejs/kit\";\nimport { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from \"$lib/constants/security\";\n\nexport async function requireAdmin(event: RequestEvent) {\n const user = event.locals.user;\n\n if (!user) {\n throw error(401, \"Authentication required\");\n }\n\n if (!user.isAdmin) {\n throw error(403, \"Admin access required\");\n }\n\n\n const origin = event.request.headers.get('origin');\n if (origin && origin !== event.url.origin) {\n throw error(403, \"Cross-origin requests not allowed\");\n }\n\n\n if (event.request.method !== 'GET') {\n const csrfToken = event.request.headers.get(CSRF_HEADER_NAME);\n const csrfCookie = event.cookies.get(CSRF_COOKIE_NAME);\n\n if (!csrfToken || !csrfCookie || csrfToken !== csrfCookie) {\n throw error(403, \"Invalid CSRF token\");\n }\n }\n\n\n if (['POST', 'PUT', 'PATCH'].includes(event.request.method)) {\n const contentType = event.request.headers.get('content-type');\n if (!contentType?.includes('application/json')) {\n throw error(415, \"Content type must be application/json\");\n }\n }\n}\n" }, { "path": "src/lib/server/auth.ts", "content": "import type { User } from \"@prisma/client\";\nimport jwt from \"jsonwebtoken\";\nimport type { Cookies } from \"@sveltejs/kit\";\nimport { JWT_SECRET } from \"$env/static/private\";\nimport crypto from \"node:crypto\";\nimport { CSRF_COOKIE_NAME } from \"$lib/constants/security\";\nconst COOKIE_NAME = \"session\";\nconst SESSION_MAX_AGE = 60 * 60 * 24 * 7;\n\ninterface Session {\n userId: number;\n exp: number;\n}\n\nexport async function createSession(user: User): Promise {\n const token = jwt.sign(\n { userId: user.id, exp: Math.floor(Date.now() / 1000) + SESSION_MAX_AGE },\n JWT_SECRET,\n );\n return token;\n}\n\nexport async function getSession(cookies: Cookies): Promise {\n const token = cookies.get(COOKIE_NAME);\n if (!token) return null;\n\n try {\n const session = jwt.verify(token, JWT_SECRET) as Session;\n return session;\n } catch {\n return null;\n }\n}\n\nexport function createSessionCookie(token: string, secure: boolean = true): string {\n const secureFlag = secure ? \" Secure;\" : \"\";\n return `${COOKIE_NAME}=${token}; Path=/; HttpOnly; SameSite=Strict;${secureFlag} Max-Age=${SESSION_MAX_AGE}`;\n}\n\nexport function clearSessionCookie(): string {\n return `${COOKIE_NAME}=; Path=/; HttpOnly; SameSite=Strict; Max-Age=0`;\n}\n\nexport function createCsrfToken(): string {\n return crypto.randomBytes(32).toString(\"hex\");\n}\n\nexport function createCsrfCookie(token: string, secure: boolean = true): string {\n const secureFlag = secure ? \" Secure;\" : \"\";\n return `${CSRF_COOKIE_NAME}=${token}; Path=/; SameSite=Strict;${secureFlag} Max-Age=${SESSION_MAX_AGE}`;\n}\n\nexport function clearCsrfCookie(): string {\n return `${CSRF_COOKIE_NAME}=; Path=/; SameSite=Strict; Max-Age=0`;\n}\n" }, { "path": "src/lib/server/prisma.ts", "content": "import { PrismaClient } from \"@prisma/client\";\n\nconst globalForPrisma = globalThis as unknown as { prisma?: PrismaClient };\n\nexport const prisma = globalForPrisma.prisma ?? new PrismaClient();\n\nif (process.env.NODE_ENV !== \"production\") {\n globalForPrisma.prisma = prisma;\n}\n" }, { "path": "src/lib/server/services/auth.ts", "content": "import { JWT_SECRET } from \"$env/static/private\";\nimport jsonwebtoken from \"jsonwebtoken\";\nimport bcrypt from \"bcryptjs\";\nimport { prisma } from \"$lib/server/prisma\";\nimport type {\n UserSession,\n TokenPayload,\n AuthServiceInterface,\n} from \"$lib/types/auth\";\n\ninterface UserData {\n id: number;\n username: string;\n email: string | null;\n isAdmin: boolean;\n}\n\nfunction toUserSession(data: UserData): UserSession {\n return {\n id: data.id,\n username: data.username,\n email: data.email,\n isAdmin: Boolean(data.isAdmin),\n };\n}\n\nclass AuthService implements AuthServiceInterface {\n private static instance: AuthService;\n\n private constructor() {}\n\n static getInstance(): AuthService {\n if (!AuthService.instance) {\n AuthService.instance = new AuthService();\n }\n return AuthService.instance;\n }\n\n async hashPassword(password: string): Promise {\n const salt = await bcrypt.genSalt(10);\n return bcrypt.hash(password, salt);\n }\n\n async comparePasswords(password: string, hash: string): Promise {\n return bcrypt.compare(password, hash);\n }\n\n async generateToken(user: UserSession): Promise {\n // Only store userId in token - fetch other data from DB when needed\n // This prevents privilege escalation if JWT secret is compromised\n const payload: TokenPayload = {\n userId: user.id,\n };\n\n return jsonwebtoken.sign(payload, JWT_SECRET, { expiresIn: \"7d\" });\n }\n\n async verifyToken(token: string): Promise {\n try {\n const decoded = jsonwebtoken.verify(token, JWT_SECRET) as TokenPayload;\n return decoded;\n } catch (error) {\n throw new Error(\"Invalid token\");\n }\n }\n\n async createUser(\n username: string,\n email: string | null,\n password: string,\n ): Promise {\n const hashedPassword = await this.hashPassword(password);\n\n const user = await prisma.user.create({\n data: {\n username,\n email,\n passwordHash: hashedPassword,\n isAdmin: false,\n },\n select: {\n id: true,\n username: true,\n email: true,\n isAdmin: true,\n },\n });\n\n return toUserSession(user);\n }\n\n async validateUser(\n usernameOrEmail: string,\n password: string,\n ): Promise {\n // Use Prisma query builder instead of raw SQL for better portability\n const user = await prisma.user.findFirst({\n where: {\n OR: [\n { username: usernameOrEmail },\n { email: usernameOrEmail },\n ],\n },\n select: {\n id: true,\n username: true,\n email: true,\n passwordHash: true,\n isAdmin: true,\n },\n });\n\n if (!user) return null;\n\n const isValid = await this.comparePasswords(password, user.passwordHash);\n if (!isValid) return null;\n\n return toUserSession(user);\n }\n\n async findUserByIdentifier(identifier: string): Promise {\n // Use Prisma query builder instead of raw SQL for better portability\n const user = await prisma.user.findFirst({\n where: {\n OR: [\n { username: identifier },\n { email: identifier },\n ],\n },\n select: {\n id: true,\n username: true,\n email: true,\n isAdmin: true,\n },\n });\n\n return user ? toUserSession(user) : null;\n }\n\n async updatePassword(userId: number, newPassword: string): Promise {\n const hashedPassword = await this.hashPassword(newPassword);\n\n await prisma.user.update({\n where: { id: userId },\n data: { passwordHash: hashedPassword },\n });\n }\n\n async createResetToken(identifier: string): Promise {\n const user = await this.findUserByIdentifier(identifier);\n if (!user) return null;\n\n const resetToken = jsonwebtoken.sign({ userId: user.id }, JWT_SECRET, {\n expiresIn: \"1h\",\n });\n const resetTokenExp = new Date(Date.now() + 60 * 60 * 1000);\n\n await prisma.user.update({\n where: { id: user.id },\n data: {\n resetToken,\n resetTokenExp,\n },\n });\n\n return resetToken;\n }\n\n async validateResetToken(token: string): Promise {\n try {\n const decoded = jsonwebtoken.verify(token, JWT_SECRET) as { userId: number };\n\n const user = await prisma.user.findFirst({\n where: {\n id: decoded.userId,\n resetToken: token,\n resetTokenExp: {\n gt: new Date(),\n },\n },\n select: {\n id: true,\n },\n });\n\n return user ? user.id : null;\n } catch {\n return null;\n }\n }\n\n async clearResetToken(userId: number): Promise {\n await prisma.user.update({\n where: { id: userId },\n data: {\n resetToken: null,\n resetTokenExp: null,\n },\n });\n }\n}\n\nexport const authService = AuthService.getInstance();\n" }, { "path": "src/lib/server/services/captcha.test.ts", "content": "import { describe, it, expect } from \"vitest\";\nimport { CaptchaService } from \"./captcha\";\n\ndescribe(\"CaptchaService\", () => {\n it(\"generates and validates captchas\", () => {\n const { id, text } = CaptchaService.generateCaptcha();\n\n expect(id).toHaveLength(32);\n expect(text).toHaveLength(6);\n expect(CaptchaService.validateCaptcha(id, text, { consume: true })).toBe(true);\n expect(CaptchaService.validateCaptcha(id, text, { consume: true })).toBe(false);\n });\n\n it(\"allows non-consuming validation\", () => {\n const { id, text } = CaptchaService.generateCaptcha();\n\n expect(CaptchaService.validateCaptcha(id, text, { consume: false })).toBe(true);\n expect(CaptchaService.validateCaptcha(id, text, { consume: true })).toBe(true);\n expect(CaptchaService.validateCaptcha(id, text, { consume: true })).toBe(false);\n });\n});\n" }, { "path": "src/lib/server/services/captcha.ts", "content": "import crypto from 'crypto';\n\ninterface CaptchaEntry {\n text: string;\n createdAt: number;\n}\n\nconst CAPTCHA_EXPIRY = 5 * 60 * 1000; // 5 minutes\nconst captchaStore = new Map();\n\n// Cleanup expired captchas every minute\nsetInterval(() => {\n const now = Date.now();\n for (const [id, entry] of captchaStore.entries()) {\n if (now - entry.createdAt > CAPTCHA_EXPIRY) {\n captchaStore.delete(id);\n }\n }\n}, 60 * 1000);\n\nexport class CaptchaService {\n private static readonly CHARS = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz';\n private static readonly LENGTH = 6;\n\n static generateCaptcha(): { id: string; text: string } {\n const text = Array(this.LENGTH)\n .fill(0)\n .map(() => this.CHARS[Math.floor(Math.random() * this.CHARS.length)])\n .join('');\n\n const id = crypto.randomBytes(16).toString('hex');\n\n captchaStore.set(id, {\n text,\n createdAt: Date.now(),\n });\n\n return { id, text };\n }\n\n static validateCaptcha(\n id: string,\n userInput: string,\n options: { consume?: boolean } = {},\n ): boolean {\n const entry = captchaStore.get(id);\n\n if (!entry) {\n return false;\n }\n\n // Check if expired\n if (Date.now() - entry.createdAt > CAPTCHA_EXPIRY) {\n captchaStore.delete(id);\n return false;\n }\n\n const matches = entry.text.toLowerCase() === userInput.toLowerCase();\n const consume = options.consume ?? true;\n if (consume || !matches) {\n captchaStore.delete(id);\n }\n\n return matches;\n }\n\n static invalidateCaptcha(id: string): void {\n captchaStore.delete(id);\n }\n}\n" }, { "path": "src/lib/server/services/comments.ts", "content": "import { prisma } from \"$lib/server/prisma\";\n\ntype MediaType = \"movie\" | \"tv\";\n\ninterface CreateCommentInput {\n userId: number;\n mediaId: number;\n mediaType: MediaType;\n content: string;\n parentId?: number | null;\n}\n\ninterface CommentUser {\n username: string;\n}\n\ninterface CommentCounts {\n likes: number;\n replies: number;\n}\n\ninterface BaseComment {\n id: number;\n userId: number;\n mediaId: number;\n mediaType: string;\n content: string;\n createdAt: Date;\n updatedAt: Date;\n parentId: number | null;\n flagged: boolean;\n flagReason?: string | null;\n flaggedAt?: Date | null;\n}\n\nexport interface CommentWithDetails extends BaseComment {\n user: CommentUser;\n _count: CommentCounts;\n isLiked?: boolean;\n}\n\nexport class CommentService {\n private static instance: CommentService;\n\n private constructor() {}\n\n static getInstance(): CommentService {\n if (!CommentService.instance) {\n CommentService.instance = new CommentService();\n }\n return CommentService.instance;\n }\n\n async createComment(input: CreateCommentInput): Promise {\n return prisma.comment.create({\n data: {\n userId: input.userId,\n mediaId: input.mediaId,\n mediaType: input.mediaType,\n content: input.content,\n parentId: input.parentId,\n },\n });\n }\n\n async getComments(\n mediaId: number,\n mediaType: MediaType,\n currentUserId?: number | null,\n parentId: number | null = null,\n page = 1,\n limit = 10,\n ): Promise<{ comments: CommentWithDetails[]; total: number }> {\n const skip = (page - 1) * limit;\n\n const [comments, total] = await Promise.all([\n prisma.comment.findMany({\n where: {\n mediaId,\n mediaType,\n parentId,\n },\n include: {\n user: {\n select: {\n username: true,\n },\n },\n _count: {\n select: {\n likes: true,\n replies: true,\n },\n },\n },\n orderBy: {\n createdAt: 'desc',\n },\n skip,\n take: limit,\n }),\n prisma.comment.count({\n where: {\n mediaId,\n mediaType,\n parentId,\n },\n }),\n ]);\n\n if (currentUserId) {\n const likes = await prisma.commentLike.findMany({\n where: {\n userId: currentUserId,\n commentId: {\n in: comments.map(c => c.id),\n },\n },\n select: {\n commentId: true,\n },\n });\n\n const likedCommentIds = new Set(likes.map(l => l.commentId));\n comments.forEach(comment => {\n (comment as CommentWithDetails).isLiked = likedCommentIds.has(comment.id);\n });\n }\n\n return {\n comments: comments as CommentWithDetails[],\n total,\n };\n }\n\n async getFlaggedComments(\n page = 1,\n limit = 10,\n ): Promise<{ comments: CommentWithDetails[]; total: number }> {\n const skip = (page - 1) * limit;\n\n const [comments, total] = await Promise.all([\n prisma.comment.findMany({\n where: {\n flagged: true,\n },\n include: {\n user: {\n select: {\n username: true,\n },\n },\n _count: {\n select: {\n likes: true,\n replies: true,\n },\n },\n },\n orderBy: {\n flaggedAt: 'desc',\n },\n skip,\n take: limit,\n }),\n prisma.comment.count({\n where: {\n flagged: true,\n },\n }),\n ]);\n\n return {\n comments: comments as CommentWithDetails[],\n total,\n };\n }\n\n async getReplies(\n commentId: number,\n currentUserId?: number | null,\n page = 1,\n limit = 5,\n ): Promise<{ replies: CommentWithDetails[]; total: number }> {\n const skip = (page - 1) * limit;\n\n const [replies, total] = await Promise.all([\n prisma.comment.findMany({\n where: {\n parentId: commentId,\n },\n include: {\n user: {\n select: {\n username: true,\n },\n },\n _count: {\n select: {\n likes: true,\n replies: true,\n },\n },\n },\n orderBy: {\n createdAt: 'desc',\n },\n skip,\n take: limit,\n }),\n prisma.comment.count({\n where: {\n parentId: commentId,\n },\n }),\n ]);\n\n if (currentUserId) {\n const likes = await prisma.commentLike.findMany({\n where: {\n userId: currentUserId,\n commentId: {\n in: replies.map(r => r.id),\n },\n },\n select: {\n commentId: true,\n },\n });\n\n const likedReplyIds = new Set(likes.map(l => l.commentId));\n replies.forEach(reply => {\n (reply as CommentWithDetails).isLiked = likedReplyIds.has(reply.id);\n });\n }\n\n return {\n replies: replies as CommentWithDetails[],\n total,\n };\n }\n\n async likeComment(userId: number, commentId: number): Promise {\n await prisma.commentLike.create({\n data: {\n userId,\n commentId,\n },\n });\n }\n\n async unlikeComment(userId: number, commentId: number): Promise {\n await prisma.commentLike.delete({\n where: {\n userId_commentId: {\n userId,\n commentId,\n },\n },\n });\n }\n\n async updateComment(\n commentId: number,\n userId: number,\n content: string,\n ): Promise {\n return prisma.comment.update({\n where: {\n id: commentId,\n userId,\n },\n data: {\n content,\n },\n });\n }\n\n async deleteComment(commentId: number, userId: number): Promise {\n const comment = await prisma.comment.findUnique({\n where: { id: commentId },\n });\n\n if (!comment) {\n throw new Error(\"Comment not found\");\n }\n\n const user = await prisma.user.findUnique({\n where: { id: userId },\n select: { isAdmin: true }\n });\n\n if (comment.userId !== userId && !user?.isAdmin) {\n throw new Error(\"Unauthorized\");\n }\n\n await prisma.comment.delete({\n where: { id: commentId },\n });\n }\n\n async flagComment(commentId: number, reason?: string): Promise {\n return prisma.comment.update({\n where: {\n id: commentId,\n },\n data: {\n flagged: true,\n flagReason: reason || \"No reason provided\",\n flaggedAt: new Date(),\n },\n });\n }\n\n async unflagComment(commentId: number): Promise {\n return prisma.comment.update({\n where: {\n id: commentId,\n },\n data: {\n flagged: false,\n flagReason: null,\n flaggedAt: null,\n },\n });\n }\n}\n\nexport const commentService = CommentService.getInstance();\n" }, { "path": "src/lib/server/services/db-error.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport {\n PrismaClientInitializationError,\n PrismaClientKnownRequestError,\n PrismaClientValidationError,\n} from \"@prisma/client/runtime/library\";\n\nexport interface DbErrorResponse {\n error: string;\n code?: string;\n}\n\nexport function isDatabaseConnectionError(error: unknown): boolean {\n if (error instanceof PrismaClientInitializationError) {\n return true;\n }\n if (error instanceof PrismaClientKnownRequestError) {\n // P1001: Can't reach database server\n // P1002: Database server timed out\n // P1003: Database does not exist\n // P1008: Operations timed out\n // P1017: Server has closed the connection\n const connectionErrors = ['P1001', 'P1002', 'P1003', 'P1008', 'P1017'];\n return connectionErrors.includes(error.code);\n }\n return false;\n}\n\nexport function handleDatabaseError(error: unknown, operation: string) {\n if (isDatabaseConnectionError(error)) {\n console.error(`Database unavailable during ${operation}:`,\n error instanceof Error ? error.message : 'Unknown error'\n );\n return json(\n { error: \"Service temporarily unavailable\", code: \"DB_UNAVAILABLE\" } as DbErrorResponse,\n { status: 503 }\n );\n }\n\n if (error instanceof PrismaClientKnownRequestError) {\n console.error(`Database error during ${operation}:`, error.code, error.message);\n\n // Handle specific known errors\n switch (error.code) {\n case 'P2002': // Unique constraint violation\n return json(\n { error: \"Resource already exists\", code: \"DUPLICATE\" } as DbErrorResponse,\n { status: 409 }\n );\n case 'P2025': // Record not found\n return json(\n { error: \"Resource not found\", code: \"NOT_FOUND\" } as DbErrorResponse,\n { status: 404 }\n );\n default:\n return json(\n { error: `Failed to ${operation}`, code: \"DB_ERROR\" } as DbErrorResponse,\n { status: 500 }\n );\n }\n }\n\n if (error instanceof PrismaClientValidationError) {\n console.error(`Validation error during ${operation}:`, error.message);\n return json(\n { error: \"Invalid request data\", code: \"VALIDATION_ERROR\" } as DbErrorResponse,\n { status: 400 }\n );\n }\n\n // Generic error\n console.error(`Error during ${operation}:`, error);\n return json(\n { error: `Failed to ${operation}` } as DbErrorResponse,\n { status: 500 }\n );\n}\n" }, { "path": "src/lib/server/services/rate-limit.ts", "content": "interface RateLimit {\n count: number;\n firstAttempt: number;\n}\n\nexport class RateLimitService {\n private static readonly LOGIN_LIMIT = 5;\n private static readonly REGISTER_LIMIT = 3;\n private static readonly COMMENT_LIMIT = 5;\n private static readonly RESET_PASSWORD_LIMIT = 3;\n private static readonly LIKE_LIMIT = 30;\n\n private static readonly LOGIN_WINDOW = 15 * 60 * 1000; // 15 minutes\n private static readonly REGISTER_WINDOW = 60 * 60 * 1000; // 1 hour\n private static readonly COMMENT_WINDOW = 5 * 60 * 1000; // 5 minutes\n private static readonly RESET_PASSWORD_WINDOW = 60 * 60 * 1000; // 1 hour\n private static readonly LIKE_WINDOW = 60 * 1000; // 1 minute\n\n private static rateLimits = new Map();\n\n static checkLoginLimit(ip: string): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `login:${ip}`,\n this.LOGIN_LIMIT,\n this.LOGIN_WINDOW\n );\n }\n\n static checkRegisterLimit(ip: string): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `register:${ip}`,\n this.REGISTER_LIMIT,\n this.REGISTER_WINDOW\n );\n }\n\n static checkCommentLimit(userId: number): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `comment:${userId}`,\n this.COMMENT_LIMIT,\n this.COMMENT_WINDOW\n );\n }\n\n static checkPasswordResetLimit(identifier: string): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `reset:${identifier}`,\n this.RESET_PASSWORD_LIMIT,\n this.RESET_PASSWORD_WINDOW\n );\n }\n\n static checkLikeLimit(userId: number): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `like:${userId}`,\n this.LIKE_LIMIT,\n this.LIKE_WINDOW\n );\n }\n\n private static checkLimit(\n key: string,\n maxAttempts: number,\n timeWindow: number\n ): {\n allowed: boolean;\n timeLeft?: number;\n } {\n const now = Date.now();\n const limit = this.rateLimits.get(key);\n\n if (!limit) {\n this.rateLimits.set(key, { count: 1, firstAttempt: now });\n return { allowed: true };\n }\n\n if (now - limit.firstAttempt >= timeWindow) {\n this.rateLimits.set(key, { count: 1, firstAttempt: now });\n return { allowed: true };\n }\n\n if (limit.count >= maxAttempts) {\n const timeLeft = Math.ceil(\n (timeWindow - (now - limit.firstAttempt)) / 1000\n );\n return { allowed: false, timeLeft };\n }\n\n limit.count++;\n this.rateLimits.set(key, limit);\n return { allowed: true };\n }\n\n static cleanup() {\n const now = Date.now();\n const maxWindow = Math.max(\n this.LOGIN_WINDOW,\n this.REGISTER_WINDOW,\n this.COMMENT_WINDOW,\n this.RESET_PASSWORD_WINDOW\n );\n\n for (const [key, limit] of this.rateLimits.entries()) {\n if (now - limit.firstAttempt >= maxWindow) {\n this.rateLimits.delete(key);\n }\n }\n }\n}\n\nsetInterval(() => RateLimitService.cleanup(), 60 * 1000);\n\n// Legacy exports for backward compatibility\nclass InstanceRateLimitService {\n private requestCounts = new Map();\n private readonly windowMs: number;\n private readonly maxRequests: number;\n\n constructor(windowMs: number = 60 * 1000, maxRequests: number = 100) {\n this.windowMs = windowMs;\n this.maxRequests = maxRequests;\n }\n\n checkRateLimit(ip: string): boolean {\n const now = Date.now();\n const userRequests = this.requestCounts.get(ip);\n\n if (!userRequests) {\n this.requestCounts.set(ip, { count: 1, timestamp: now });\n return true;\n }\n\n if (now - userRequests.timestamp > this.windowMs) {\n this.requestCounts.set(ip, { count: 1, timestamp: now });\n return true;\n }\n\n if (userRequests.count >= this.maxRequests) {\n return false;\n }\n\n userRequests.count++;\n return true;\n }\n}\n\nexport const commentRateLimit = new InstanceRateLimitService(60 * 1000, 100);\nexport const authRateLimit = new InstanceRateLimitService(15 * 60 * 1000, 50);\n" }, { "path": "src/lib/server/services/watchlist.ts", "content": "import { prisma } from \"$lib/server/prisma\";\n\ninterface PrismaError extends Error {\n code?: string;\n}\n\nexport class WatchlistService {\n private static instance: WatchlistService;\n\n private constructor() {}\n\n static getInstance(): WatchlistService {\n if (!WatchlistService.instance) {\n WatchlistService.instance = new WatchlistService();\n }\n return WatchlistService.instance;\n }\n\n async addToWatchlist(\n userId: number,\n mediaId: number,\n mediaType: \"movie\" | \"tv\",\n title: string,\n posterPath: string | null,\n voteAverage: number,\n ) {\n try {\n const watchlistItem = await prisma.watchlist.create({\n data: {\n userId,\n mediaId,\n mediaType,\n title,\n posterPath,\n voteAverage,\n },\n });\n return watchlistItem;\n } catch (error) {\n if ((error as PrismaError).code === \"P2002\") {\n throw new Error(\"Item already in watchlist\");\n }\n throw error;\n }\n }\n\n async removeFromWatchlist(\n userId: number,\n mediaId: number,\n mediaType: \"movie\" | \"tv\",\n ) {\n return prisma.watchlist.deleteMany({\n where: {\n userId,\n mediaId,\n mediaType,\n },\n });\n }\n\n async getWatchlist(userId: number) {\n return prisma.watchlist.findMany({\n where: {\n userId,\n },\n orderBy: {\n addedAt: \"desc\",\n },\n });\n }\n\n async isInWatchlist(\n userId: number,\n mediaId: number,\n mediaType: \"movie\" | \"tv\",\n ) {\n const count = await prisma.watchlist.count({\n where: {\n userId,\n mediaId,\n mediaType,\n },\n });\n return count > 0;\n }\n\n async getWatchlistCount(userId: number) {\n return prisma.watchlist.count({\n where: {\n userId,\n },\n });\n }\n}\n\nexport const watchlistService = WatchlistService.getInstance();\n" }, { "path": "src/lib/services/api-client.ts", "content": "class ApiError extends Error {\n constructor(\n public status: number,\n message: string,\n ) {\n super(message);\n this.name = \"ApiError\";\n }\n}\n\nexport class ApiClient {\n constructor(\n private baseUrl: string,\n private apiKey?: string,\n ) {}\n\n private async handleResponse(response: Response): Promise {\n if (!response.ok) {\n throw new ApiError(\n response.status,\n `API request failed: ${response.statusText}`,\n );\n }\n\n const data = await response.json();\n return data as T;\n }\n\n async get(\n endpoint: string,\n params: Record = {},\n ): Promise {\n const searchParams = new URLSearchParams(params);\n if (this.apiKey) {\n searchParams.append(\"api_key\", this.apiKey);\n }\n\n const url = `${this.baseUrl}${endpoint}?${searchParams.toString()}`;\n const response = await fetch(url);\n return this.handleResponse(response);\n }\n}\n" }, { "path": "src/lib/services/auth.ts", "content": "import type { UserSession } from \"$lib/types/auth\";\nimport { csrfFetch } from \"$lib/utils/csrf\";\n\nclass AuthService {\n private static instance: AuthService;\n\n private constructor() {}\n\n static getInstance(): AuthService {\n if (!AuthService.instance) {\n AuthService.instance = new AuthService();\n }\n return AuthService.instance;\n }\n\n async login(usernameOrEmail: string, password: string): Promise {\n const response = await csrfFetch('/api/auth/login', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ usernameOrEmail, password }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to login');\n }\n\n return response.json();\n }\n\n async register(\n username: string,\n email: string | null,\n password: string,\n captchaId: string,\n captchaAnswer: string,\n ): Promise {\n const response = await csrfFetch('/api/auth/register', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ username, email, password, captchaId, captchaAnswer }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to register');\n }\n\n return response.json();\n }\n\n async logout(): Promise {\n const response = await csrfFetch('/api/auth/logout', {\n method: 'POST',\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to logout');\n }\n }\n\n async getCurrentUser(): Promise {\n const response = await fetch('/api/auth/me');\n\n if (!response.ok) {\n if (response.status === 401) {\n return null;\n }\n const error = await response.json();\n throw new Error(error.message || 'Failed to get current user');\n }\n\n return response.json();\n }\n\n async requestPasswordReset(identifier: string): Promise {\n const response = await csrfFetch('/api/auth/reset-password/request', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ identifier }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to request password reset');\n }\n }\n\n async resetPassword(token: string, newPassword: string): Promise {\n const response = await csrfFetch('/api/auth/reset-password/reset', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ token, newPassword }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to reset password');\n }\n }\n}\n\nexport const authService = AuthService.getInstance();\n" }, { "path": "src/lib/services/captcha.ts", "content": "export class CaptchaService {\n private static readonly OPERATORS = [\"+\", \"-\", \"*\"] as const;\n private static readonly MAX_NUMBER = 10;\n private static readonly MIN_NUMBER = 1;\n\n static generateChallenge(): { question: string; answer: number } {\n const num1 =\n Math.floor(Math.random() * (this.MAX_NUMBER - this.MIN_NUMBER + 1)) +\n this.MIN_NUMBER;\n const num2 =\n Math.floor(Math.random() * (this.MAX_NUMBER - this.MIN_NUMBER + 1)) +\n this.MIN_NUMBER;\n const operator =\n this.OPERATORS[Math.floor(Math.random() * this.OPERATORS.length)];\n\n let answer: number;\n switch (operator) {\n case \"+\":\n answer = num1 + num2;\n break;\n case \"-\":\n answer = num1 - num2;\n break;\n case \"*\":\n answer = num1 * num2;\n break;\n }\n\n const question = `What is ${num1} ${operator} ${num2}?`;\n return { question, answer };\n }\n\n static validateAnswer(\n userAnswer: string | number,\n correctAnswer: number,\n ): boolean {\n const parsedAnswer =\n typeof userAnswer === \"string\" ? parseInt(userAnswer, 10) : userAnswer;\n return !isNaN(parsedAnswer) && parsedAnswer === correctAnswer;\n }\n}\n" }, { "path": "src/lib/services/comments.ts", "content": "import { csrfFetch } from \"$lib/utils/csrf\";\n\ntype MediaType = \"movie\" | \"tv\";\n\ninterface CommentUser {\n username: string;\n}\n\ninterface CommentCounts {\n likes: number;\n replies: number;\n}\n\ninterface BaseComment {\n id: number;\n userId: number;\n mediaId: number;\n mediaType: string;\n content: string;\n createdAt: Date;\n updatedAt: Date;\n parentId: number | null;\n flagged: boolean;\n flagReason?: string | null;\n flaggedAt?: Date | null;\n}\n\nexport interface CommentWithDetails extends BaseComment {\n user: CommentUser;\n _count: CommentCounts;\n isLiked?: boolean;\n}\n\nexport class CommentService {\n async createComment(\n mediaId: number,\n mediaType: MediaType,\n content: string,\n parentId?: number | null,\n ): Promise {\n const response = await csrfFetch('/api/comments', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n mediaId,\n mediaType,\n content,\n parentId,\n }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to create comment');\n }\n\n return response.json();\n }\n\n async getComments(\n mediaId: number,\n mediaType: MediaType,\n parentId: number | null = null,\n page = 1,\n limit = 10,\n ): Promise<{ comments: CommentWithDetails[]; total: number }> {\n const params = new URLSearchParams({\n mediaId: mediaId.toString(),\n mediaType,\n page: page.toString(),\n limit: limit.toString(),\n });\n\n if (parentId !== null) {\n params.append('parentId', parentId.toString());\n }\n\n const response = await fetch(`/api/comments?${params}`);\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to fetch comments');\n }\n\n return response.json();\n }\n\n async getFlaggedComments(\n page = 1,\n limit = 10,\n ): Promise<{ comments: CommentWithDetails[]; total: number }> {\n const params = new URLSearchParams({\n page: page.toString(),\n limit: limit.toString(),\n });\n\n const response = await fetch(`/api/comments/flagged?${params}`);\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to fetch flagged comments');\n }\n\n return response.json();\n }\n\n async getReplies(\n commentId: number,\n page = 1,\n limit = 5,\n ): Promise<{ replies: CommentWithDetails[]; total: number }> {\n const params = new URLSearchParams({\n page: page.toString(),\n limit: limit.toString(),\n });\n\n const response = await fetch(`/api/comments/${commentId}?${params}`);\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to fetch replies');\n }\n\n return response.json();\n }\n\n async likeComment(commentId: number): Promise {\n const response = await csrfFetch('/api/comments/like', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ commentId }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to like comment');\n }\n }\n\n async updateComment(\n commentId: number,\n content: string,\n ): Promise {\n const response = await csrfFetch(`/api/comments/${commentId}`, {\n method: 'PUT',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ content }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to update comment');\n }\n\n return response.json();\n }\n\n async deleteComment(commentId: number): Promise {\n const response = await csrfFetch(`/api/comments/${commentId}`, {\n method: 'DELETE',\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to delete comment');\n }\n }\n\n async flagComment(commentId: number, reason?: string): Promise {\n const response = await csrfFetch(`/api/comments/${commentId}/flag`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ reason }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to flag comment');\n }\n }\n\n async unflagComment(commentId: number): Promise {\n const response = await csrfFetch(`/api/comments/${commentId}/unflag`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to unflag comment');\n }\n }\n}\n\nexport const commentService = new CommentService();\n" }, { "path": "src/lib/services/image.ts", "content": "import sharp from \"sharp\";\nimport { createHash } from \"crypto\";\nimport { mkdir, access, writeFile, readdir, unlink } from \"fs/promises\";\nimport { join } from \"path\";\nimport { PrismaClient } from \"@prisma/client\";\n\nconst prisma = new PrismaClient();\n\ninterface ImageOptions {\n width?: number;\n height?: number;\n quality?: number;\n format?: \"jpeg\" | \"webp\" | \"avif\" | \"png\";\n}\n\ninterface CacheEntry {\n id: number;\n url: string;\n path: string;\n format: string;\n width: number | null;\n height: number | null;\n quality: number;\n createdAt: Date;\n accessedAt: Date;\n}\n\nconst CACHE_DIR = \"static/image-cache\";\nconst DEFAULT_QUALITY = 80;\nconst DEFAULT_FORMAT = \"webp\";\nconst CACHE_CLEANUP_DAYS = 7;\n\nexport class ImageService {\n private static instance: ImageService;\n\n private constructor() {\n this.ensureCacheDir();\n this.scheduleCleanup();\n }\n\n static getInstance(): ImageService {\n if (!ImageService.instance) {\n ImageService.instance = new ImageService();\n }\n return ImageService.instance;\n }\n\n private async ensureCacheDir() {\n try {\n await access(CACHE_DIR);\n } catch {\n await mkdir(CACHE_DIR, { recursive: true });\n }\n }\n\n private generateCacheKey(url: string, options: ImageOptions): string {\n const hash = createHash(\"md5\");\n hash.update(url + JSON.stringify(options));\n return hash.digest(\"hex\");\n }\n\n private getCachePath(key: string, format: string): string {\n return join(CACHE_DIR, `${key}.${format}`);\n }\n\n private scheduleCleanup() {\n\n setInterval(() => this.cleanupCache(), 24 * 60 * 60 * 1000);\n }\n\n async cleanupCache(): Promise {\n try {\n const cutoffDate = new Date();\n cutoffDate.setDate(cutoffDate.getDate() - CACHE_CLEANUP_DAYS);\n\n\n const oldEntries = await prisma.$queryRaw`\n SELECT * FROM image_cache\n WHERE accessedAt < ${cutoffDate}\n `;\n\n\n await Promise.all(\n oldEntries.map(async (entry) => {\n try {\n await unlink(join(\"static\", entry.path));\n await prisma.$executeRaw`\n DELETE FROM image_cache WHERE id = ${entry.id}\n `;\n } catch (error) {\n console.error(\"Error cleaning up cache entry:\", error);\n }\n }),\n );\n } catch (error) {\n console.error(\"Error during cache cleanup:\", error);\n }\n }\n\n async optimizeImage(\n url: string,\n options: ImageOptions = {},\n ): Promise {\n const {\n width,\n height,\n quality = DEFAULT_QUALITY,\n format = DEFAULT_FORMAT,\n } = options;\n\n const cacheKey = this.generateCacheKey(url, options);\n const cachePath = this.getCachePath(cacheKey, format);\n const relativePath = cachePath.replace(\"static\", \"\");\n\n try {\n\n const cached = await prisma.$queryRaw`\n SELECT * FROM image_cache\n WHERE url = ${url}\n AND format = ${format}\n AND width = ${width || null}\n AND height = ${height || null}\n AND quality = ${quality}\n LIMIT 1\n `;\n\n if (cached.length > 0) {\n\n await prisma.$executeRaw`\n UPDATE image_cache\n SET accessedAt = ${new Date()}\n WHERE id = ${cached[0].id}\n `;\n return cached[0].path;\n }\n\n\n const response = await fetch(url);\n const buffer = Buffer.from(await response.arrayBuffer());\n\n let pipeline = sharp(buffer);\n\n\n if (width || height) {\n pipeline = pipeline.resize(width, height, {\n fit: \"cover\",\n withoutEnlargement: true,\n });\n }\n\n\n switch (format) {\n case \"jpeg\":\n pipeline = pipeline.jpeg({ quality });\n break;\n case \"webp\":\n pipeline = pipeline.webp({ quality });\n break;\n case \"avif\":\n pipeline = pipeline.avif({ quality });\n break;\n case \"png\":\n pipeline = pipeline.png({ quality });\n break;\n }\n\n const optimizedBuffer = await pipeline.toBuffer();\n await writeFile(cachePath, optimizedBuffer);\n\n\n await prisma.$executeRaw`\n INSERT INTO image_cache (url, path, format, width, height, quality, createdAt, accessedAt)\n VALUES (\n ${url},\n ${relativePath},\n ${format},\n ${width || null},\n ${height || null},\n ${quality},\n ${new Date()},\n ${new Date()}\n )\n `;\n\n return relativePath;\n } catch (error) {\n console.error(\"Image optimization error:\", error);\n throw error;\n }\n }\n\n async generateResponsiveSet(\n url: string,\n breakpoints: number[] = [320, 640, 768, 1024, 1280],\n ): Promise {\n const promises = breakpoints.map((width) =>\n this.optimizeImage(url, { width, format: \"webp\" }),\n );\n\n return Promise.all(promises);\n }\n\n async generateSrcSet(\n url: string,\n breakpoints: number[] = [320, 640, 768, 1024, 1280],\n ): Promise {\n const paths = await this.generateResponsiveSet(url, breakpoints);\n return paths\n .map((path, index) => `${path} ${breakpoints[index]}w`)\n .join(\", \");\n }\n\n\n isValidUrl(url: string): boolean {\n try {\n new URL(url);\n return true;\n } catch {\n return false;\n }\n }\n}\n\nexport const imageService = ImageService.getInstance();\n" }, { "path": "src/lib/services/providers.ts", "content": "import { browser } from \"$app/environment\";\nimport { get } from \"svelte/store\";\nimport { providerUrls } from \"$lib/stores/provider-urls\";\n\nexport interface Provider {\n id: string;\n name: string;\n getEmbedUrl: (\n mediaId: string | number,\n type: \"movie\" | \"tv\",\n season?: number,\n episode?: number,\n ) => string;\n}\n\nexport const providers: Provider[] = [\n {\n id: \"vidsrc\",\n name: \"VidSrc\",\n getEmbedUrl: (mediaId, type, season, episode) => {\n const urls = get(providerUrls);\n if (!urls?.vidsrc) return \"\";\n\n if (type === \"movie\") {\n return `${urls.vidsrc}/movie/${mediaId}?autoPlay=true`;\n } else {\n if (typeof season !== \"undefined\" && typeof episode !== \"undefined\") {\n return `${urls.vidsrc}/tv/${mediaId}/${season}/${episode}?autoPlay=true&autoNext=true`;\n }\n return `${urls.vidsrc}/tv/${mediaId}?autoPlay=true`;\n }\n },\n },\n {\n id: \"vidlink\",\n name: \"VidLink\",\n getEmbedUrl: (mediaId, type, season, episode) => {\n const urls = get(providerUrls);\n if (!urls?.vidlink) return \"\";\n\n if (type === \"movie\") {\n return `${urls.vidlink}/movie/${mediaId}?autoplay=true&title=true`;\n } else {\n if (typeof season !== \"undefined\" && typeof episode !== \"undefined\") {\n return `${urls.vidlink}/tv/${mediaId}/${season}/${episode}?autoplay=true&title=true`;\n }\n return `${urls.vidlink}/tv/${mediaId}/1/1?autoplay=true&title=true`;\n }\n },\n },\n {\n id: \"111movies\",\n name: \"111Movies\",\n getEmbedUrl: (mediaId, type, season, episode) => {\n const urls = get(providerUrls);\n if (!urls?.movies111) return \"\";\n\n if (type === \"movie\") {\n return `${urls.movies111}/movie/${mediaId}`;\n } else {\n if (typeof season !== \"undefined\" && typeof episode !== \"undefined\") {\n return `${urls.movies111}/tv/${mediaId}/${season}/${episode}`;\n }\n return `${urls.movies111}/tv/${mediaId}/1/1`;\n }\n },\n },\n {\n id: \"2embed\",\n name: \"2Embed\",\n getEmbedUrl: (mediaId, type, season, episode) => {\n const urls = get(providerUrls);\n if (!urls?.embed2) return \"\";\n\n if (type === \"movie\") {\n return `${urls.embed2}/embed/${mediaId}`;\n } else {\n if (typeof season !== \"undefined\" && typeof episode !== \"undefined\") {\n return `${urls.embed2}/embedtv/${mediaId}&s=${season}&e=${episode}`;\n }\n return `${urls.embed2}/embedtv/${mediaId}&s=1&e=1`;\n }\n },\n },\n];\n\nexport function getProvider(id: string): Provider | undefined {\n return providers.find((p) => p.id === id);\n}\n\nexport function getDefaultProvider(): Provider {\n if (!browser) {\n return providers[0];\n }\n\n const savedProvider = localStorage.getItem(\"selectedProvider\");\n if (savedProvider) {\n const provider = providers.find((p) => p.id === savedProvider);\n if (provider) return provider;\n }\n\n return providers.find((p) => p.id === \"vidsrc\") || providers[0];\n}\n" }, { "path": "src/lib/services/rate-limit.ts", "content": "interface RateLimit {\n count: number;\n firstAttempt: number;\n}\n\nexport class RateLimitService {\n private static readonly COMMENT_LIMIT = 5;\n private static readonly RESET_PASSWORD_LIMIT = 3;\n private static readonly COMMENT_WINDOW = 5 * 60 * 1000;\n private static readonly RESET_PASSWORD_WINDOW = 60 * 60 * 1000;\n private static rateLimits = new Map();\n\n static checkCommentLimit(userId: number): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `comment:${userId}`,\n this.COMMENT_LIMIT,\n this.COMMENT_WINDOW\n );\n }\n\n static checkPasswordResetLimit(identifier: string): {\n allowed: boolean;\n timeLeft?: number;\n } {\n return this.checkLimit(\n `reset:${identifier}`,\n this.RESET_PASSWORD_LIMIT,\n this.RESET_PASSWORD_WINDOW\n );\n }\n\n private static checkLimit(\n key: string,\n maxAttempts: number,\n timeWindow: number\n ): {\n allowed: boolean;\n timeLeft?: number;\n } {\n const now = Date.now();\n const limit = this.rateLimits.get(key);\n\n if (!limit) {\n this.rateLimits.set(key, { count: 1, firstAttempt: now });\n return { allowed: true };\n }\n\n if (now - limit.firstAttempt >= timeWindow) {\n this.rateLimits.set(key, { count: 1, firstAttempt: now });\n return { allowed: true };\n }\n\n if (limit.count >= maxAttempts) {\n const timeLeft = Math.ceil(\n (timeWindow - (now - limit.firstAttempt)) / 1000\n );\n return { allowed: false, timeLeft };\n }\n\n limit.count++;\n this.rateLimits.set(key, limit);\n return { allowed: true };\n }\n\n static cleanup() {\n const now = Date.now();\n const maxWindow = Math.max(this.COMMENT_WINDOW, this.RESET_PASSWORD_WINDOW);\n\n for (const [key, limit] of this.rateLimits.entries()) {\n if (now - limit.firstAttempt >= maxWindow) {\n this.rateLimits.delete(key);\n }\n }\n }\n\n static startCleanup() {\n setInterval(() => this.cleanup(), Math.max(this.COMMENT_WINDOW, this.RESET_PASSWORD_WINDOW));\n }\n}\n" }, { "path": "src/lib/services/release-type.ts", "content": "interface ReleaseInfo {\n releaseType: string;\n certifications: Record;\n}\n\nconst cache = new Map();\n\nexport async function getReleaseType(\n mediaId: number,\n mediaType: string,\n): Promise {\n try {\n const cacheKey = `${mediaId}_${mediaType}`;\n if (cache.has(cacheKey)) {\n return cache.get(cacheKey)!;\n }\n\n const response = await fetch(`/api/release-info/${mediaType}/${mediaId}`);\n\n if (!response.ok) {\n return {\n releaseType: \"Unknown Quality\",\n certifications: {},\n };\n }\n\n const result: ReleaseInfo = await response.json();\n cache.set(cacheKey, result);\n\n return result;\n } catch (error) {\n console.error(\"Error fetching release type and certifications:\", error);\n return {\n releaseType: \"Unknown Quality\",\n certifications: {},\n };\n }\n}\n" }, { "path": "src/lib/services/tmdb.ts", "content": "import { TMDB_API_KEY } from '$env/static/private';\nimport type { TMDBMovie, TMDBTVShow, TMDBResponse, TMDBGenre, TMDBMediaResponse } from '$lib/types/tmdb';\n\nconst TMDB_BASE_URL = 'https://api.themoviedb.org/3';\nconst MAX_RETRIES = 2;\ntype QueryParams = Record;\ntype HasVoteAverage = { vote_average?: number | null };\n\nexport class TMDBApiError extends Error {\n constructor(\n message: string,\n public statusCode: number,\n public isAuthError: boolean = false\n ) {\n super(message);\n this.name = 'TMDBApiError';\n }\n}\n\nexport class TMDBService {\n private apiKey: string;\n private baseUrl: string;\n\n constructor() {\n this.apiKey = TMDB_API_KEY || '';\n this.baseUrl = TMDB_BASE_URL;\n }\n\n isConfigured(): boolean {\n return !!this.apiKey && this.apiKey.length > 0;\n }\n\n private async fetch(endpoint: string, params: QueryParams = {}, retryCount = 0): Promise {\n if (!this.isConfigured()) {\n throw new TMDBApiError(\n 'TMDB API key is not configured. Please add TMDB_API_KEY to your .env file.',\n 401,\n true\n );\n }\n\n const url = new URL(`${this.baseUrl}${endpoint}`);\n url.searchParams.append('api_key', this.apiKey);\n\n if (!params['vote_average.gte']) {\n params['vote_average.gte'] = 0.1;\n }\n\n for (const [key, value] of Object.entries(params)) {\n if (value !== undefined && value !== null) {\n url.searchParams.append(key, value.toString());\n }\n }\n\n try {\n const response = await fetch(url.toString());\n\n if (!response.ok) {\n if (response.status === 401) {\n throw new TMDBApiError(\n 'Invalid TMDB API key. Please check your TMDB_API_KEY in .env file.',\n 401,\n true\n );\n }\n\n if (response.status >= 400 && response.status < 500) {\n throw new TMDBApiError(\n `TMDB API client error: ${response.status} ${response.statusText}`,\n response.status\n );\n }\n\n if (response.status >= 500 && retryCount < MAX_RETRIES) {\n await new Promise(resolve => setTimeout(resolve, 1000 * (retryCount + 1)));\n return this.fetch(endpoint, params, retryCount + 1);\n }\n\n throw new TMDBApiError(\n `TMDB API error: ${response.status} ${response.statusText}`,\n response.status\n );\n }\n\n const data = await response.json() as T;\n const results = (data as { results?: HasVoteAverage[] }).results;\n\n if (Array.isArray(results)) {\n (data as { results: HasVoteAverage[] }).results = results.filter(\n (item) => (item.vote_average ?? 0) > 0,\n );\n }\n\n return data;\n } catch (error) {\n if (error instanceof TMDBApiError) {\n throw error;\n }\n if (error instanceof Error) {\n throw new TMDBApiError(error.message, 500);\n }\n throw new TMDBApiError('Failed to fetch from TMDB API', 500);\n }\n }\n\n async getMovieDetails(id: number): Promise {\n return this.fetch(`/movie/${id}`, {\n append_to_response: 'videos'\n });\n }\n\n async getTVShowDetails(id: number): Promise {\n return this.fetch(`/tv/${id}`, {\n append_to_response: 'videos'\n });\n }\n\n async getMovieGenres(): Promise {\n const response = await this.fetch<{ genres: TMDBGenre[] }>('/genre/movie/list');\n return response.genres;\n }\n\n async getTVGenres(): Promise {\n const response = await this.fetch<{ genres: TMDBGenre[] }>('/genre/tv/list');\n return response.genres;\n }\n\n async searchMovies(query: string, page = 1): Promise> {\n return this.fetch>('/search/movie', {\n query,\n page,\n include_adult: false,\n language: 'en-US'\n });\n }\n\n async searchTVShows(query: string, page = 1): Promise> {\n return this.fetch>('/search/tv', {\n query,\n page,\n include_adult: false,\n language: 'en-US'\n });\n }\n\n async searchMulti(query: string, page = 1): Promise> {\n return this.fetch>('/search/multi', {\n query,\n page,\n include_adult: false,\n language: 'en-US'\n });\n }\n\n async discoverMovies(params: QueryParams = {}): Promise> {\n return this.fetch>('/discover/movie', {\n include_adult: false,\n language: 'en-US',\n ...params\n });\n }\n\n async discoverTVShows(params: QueryParams = {}): Promise> {\n return this.fetch>('/discover/tv', {\n include_adult: false,\n language: 'en-US',\n ...params\n });\n }\n\n async getTrending(mediaType: 'movie' | 'tv', timeWindow: 'day' | 'week' = 'week'): Promise> {\n return this.fetch>(`/trending/${mediaType}/${timeWindow}`);\n }\n\n async getTrendingMovies(timeWindow: 'day' | 'week' = 'week'): Promise> {\n return this.fetch>(`/trending/movie/${timeWindow}`);\n }\n\n async getTrendingTVShows(timeWindow: 'day' | 'week' = 'week'): Promise> {\n return this.fetch>(`/trending/tv/${timeWindow}`);\n }\n\n async getPopularMovies(page = 1): Promise> {\n return this.fetch>('/movie/popular', { page });\n }\n\n async getPopularTVShows(page = 1): Promise> {\n return this.fetch>('/tv/popular', { page });\n }\n\n async getTopRatedMovies(page = 1): Promise> {\n return this.fetch>('/movie/top_rated', { page });\n }\n\n async getTopRatedTVShows(page = 1): Promise> {\n return this.fetch>('/tv/top_rated', { page });\n }\n\n async getUpcomingMovies(page = 1): Promise> {\n return this.fetch>('/movie/upcoming', { page });\n }\n\n async getOnTheAirTVShows(page = 1): Promise> {\n return this.fetch>('/tv/on_the_air', { page });\n }\n\n getImageUrl(path: string | null, size: 'original' | 'w500' | 'w780' = 'w500'): string | null {\n if (!path) return null;\n return `https://image.tmdb.org/t/p/${size}${path}`;\n }\n}\n" }, { "path": "src/lib/services/watchlist.ts", "content": "import { csrfFetch } from \"$lib/utils/csrf\";\n\ninterface WatchlistItem {\n id: number;\n userId: number;\n mediaId: number;\n mediaType: \"movie\" | \"tv\";\n title: string;\n posterPath: string | null;\n voteAverage: number;\n addedAt: string;\n}\n\nexport class WatchlistService {\n async addToWatchlist(\n mediaId: number,\n mediaType: \"movie\" | \"tv\",\n title: string,\n posterPath: string | null,\n voteAverage: number,\n ): Promise {\n const response = await csrfFetch('/api/watchlist', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n mediaId,\n mediaType,\n title,\n posterPath,\n voteAverage,\n }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to add to watchlist');\n }\n\n return response.json();\n }\n\n async removeFromWatchlist(\n mediaId: number,\n mediaType: \"movie\" | \"tv\",\n ): Promise {\n const response = await csrfFetch('/api/watchlist', {\n method: 'DELETE',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ mediaId, mediaType }),\n });\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to remove from watchlist');\n }\n }\n\n async getWatchlist(): Promise {\n const response = await fetch('/api/watchlist');\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to fetch watchlist');\n }\n\n return response.json();\n }\n\n async isInWatchlist(\n mediaId: number,\n mediaType: \"movie\" | \"tv\",\n ): Promise {\n const response = await fetch(`/api/watchlist/check?mediaId=${mediaId}&mediaType=${mediaType}`);\n\n if (!response.ok) {\n const error = await response.json();\n throw new Error(error.message || 'Failed to check watchlist status');\n }\n\n const data = await response.json();\n return data.inWatchlist;\n }\n}\n\nexport const watchlistService = new WatchlistService();\n" }, { "path": "src/lib/shared/comment-validation.ts", "content": "export function containsUrl(text: string): boolean {\n const urlPatterns = [\n /https?:\\/\\/[^\\s/$.?#].[^\\s]*/i,\n /www\\.[^\\s/$.?#].[^\\s]*/i,\n /[^\\s/$.?#]+\\.(com|net|org|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum|fr|uk|us|ca|eu|de|it|es)[^\\s]/i\n ];\n\n return urlPatterns.some(pattern => pattern.test(text));\n}\n\nexport function validateComment(content: string): { isValid: boolean; error?: string } {\n if (!content || content.trim().length === 0) {\n return { isValid: false, error: 'Comment cannot be empty' };\n }\n\n if (containsUrl(content)) {\n return { isValid: false, error: 'URLs are not allowed in comments' };\n }\n\n return { isValid: true };\n}\n" }, { "path": "src/lib/stores/auth.ts", "content": "import { writable } from \"svelte/store\";\nimport { csrfFetch } from \"$lib/utils/csrf\";\n\ninterface User {\n id: number;\n username: string;\n email: string | null;\n isAdmin: boolean;\n}\n\ninterface AuthState {\n isAuthenticated: boolean;\n user: User | null;\n loading: boolean;\n error: string | null;\n}\n\nfunction createAuthStore() {\n const { subscribe, set, update } = writable({\n isAuthenticated: false,\n user: null,\n loading: true,\n error: null,\n });\n\n return {\n subscribe,\n\n async initialize() {\n try {\n const response = await fetch(\"/api/auth/me\");\n if (response.ok) {\n const user = await response.json();\n set({\n isAuthenticated: true,\n user,\n loading: false,\n error: null,\n });\n } else {\n set({\n isAuthenticated: false,\n user: null,\n loading: false,\n error: null,\n });\n }\n } catch (error) {\n set({\n isAuthenticated: false,\n user: null,\n loading: false,\n error: \"Failed to initialize auth\",\n });\n }\n },\n\n async login(identifier: string, password: string) {\n try {\n const response = await csrfFetch(\"/api/auth/login\", {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ usernameOrEmail: identifier, password }),\n });\n\n if (!response.ok) {\n throw new Error(\"Login failed\");\n }\n\n const user = await response.json();\n set({\n isAuthenticated: true,\n user,\n loading: false,\n error: null,\n });\n\n return true;\n } catch (error) {\n update((state: AuthState) => ({\n ...state,\n error: \"Login failed\",\n loading: false,\n }));\n return false;\n }\n },\n\n async register(\n username: string,\n email: string | null,\n password: string,\n captchaId: string,\n captchaAnswer: string,\n ) {\n try {\n const response = await csrfFetch(\"/api/auth/register\", {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ username, email, password, captchaId, captchaAnswer }),\n });\n\n if (!response.ok) {\n throw new Error(\"Registration failed\");\n }\n\n const user = await response.json();\n set({\n isAuthenticated: true,\n user,\n loading: false,\n error: null,\n });\n\n return true;\n } catch (error) {\n update((state: AuthState) => ({\n ...state,\n error: \"Registration failed\",\n loading: false,\n }));\n return false;\n }\n },\n\n async logout() {\n try {\n await csrfFetch(\"/api/auth/logout\", { method: \"POST\" });\n } finally {\n set({\n isAuthenticated: false,\n user: null,\n loading: false,\n error: null,\n });\n }\n },\n\n clearError() {\n update((state: AuthState) => ({ ...state, error: null }));\n },\n };\n}\n\nexport const authStore = createAuthStore();\n" }, { "path": "src/lib/stores/comments.ts", "content": "import { writable } from \"svelte/store\";\nimport type { Comment } from \"$lib/types/comments\";\nimport { csrfFetch } from \"$lib/utils/csrf\";\n\ninterface CommentStore {\n comments: Comment[];\n total: number;\n loading: boolean;\n error: string | null;\n}\n\nfunction createCommentsStore() {\n const { subscribe, set, update } = writable({\n comments: [],\n total: 0,\n loading: false,\n error: null,\n });\n\n return {\n subscribe,\n async getComments(\n mediaType: string,\n mediaId: number,\n page = 1,\n limit = 10,\n ) {\n update((state) => ({ ...state, loading: true, error: null }));\n try {\n const response = await fetch(\n `/api/comments?mediaType=${mediaType}&mediaId=${mediaId}&page=${page}&limit=${limit}`,\n );\n if (!response.ok) throw new Error(\"Failed to fetch comments\");\n const data = await response.json();\n update((state) => ({\n ...state,\n comments: data.comments,\n total: data.total,\n loading: false,\n }));\n return data;\n } catch (error) {\n update((state) => ({\n ...state,\n error:\n error instanceof Error ? error.message : \"Failed to fetch comments\",\n loading: false,\n }));\n throw error;\n }\n },\n\n async addComment({\n mediaType,\n mediaId,\n content,\n rating,\n parentId,\n }: {\n mediaType: string;\n mediaId: number;\n content: string;\n rating?: number;\n parentId?: number;\n }) {\n try {\n const response = await csrfFetch(\"/api/comments\", {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n mediaType,\n mediaId,\n content,\n rating,\n parentId,\n }),\n });\n if (!response.ok) throw new Error(\"Failed to add comment\");\n const newComment = await response.json();\n update((state) => ({\n ...state,\n comments: [newComment, ...state.comments],\n total: state.total + 1,\n }));\n return newComment;\n } catch (error) {\n throw error;\n }\n },\n\n async toggleLike(commentId: number) {\n try {\n const response = await csrfFetch(`/api/comments/like`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ commentId }),\n });\n if (!response.ok) throw new Error(\"Failed to toggle like\");\n const { liked } = await response.json();\n update((state) => ({\n ...state,\n comments: state.comments.map((comment) => {\n if (comment.id === commentId) {\n return {\n ...comment,\n isLiked: liked,\n _count: {\n ...comment._count,\n likes: comment._count.likes + (liked ? 1 : -1),\n },\n };\n }\n return comment;\n }),\n }));\n } catch (error) {\n throw error;\n }\n },\n\n async updateComment(commentId: number, content: string) {\n try {\n const response = await csrfFetch(`/api/comments/${commentId}`, {\n method: \"PUT\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ content }),\n });\n if (!response.ok) throw new Error(\"Failed to update comment\");\n const updatedComment = await response.json();\n update((state) => ({\n ...state,\n comments: state.comments.map((comment) =>\n comment.id === commentId ? updatedComment : comment,\n ),\n }));\n return updatedComment;\n } catch (error) {\n throw error;\n }\n },\n\n async deleteComment(commentId: number) {\n try {\n const response = await csrfFetch(`/api/comments/${commentId}`, {\n method: \"DELETE\",\n });\n if (!response.ok) throw new Error(\"Failed to delete comment\");\n update((state) => ({\n ...state,\n comments: state.comments.filter(\n (comment) => comment.id !== commentId,\n ),\n total: state.total - 1,\n }));\n } catch (error) {\n throw error;\n }\n },\n };\n}\n\nexport const commentsStore = createCommentsStore();\n" }, { "path": "src/lib/stores/filters.ts", "content": "import { writable, derived, get } from \"svelte/store\";\nimport type {\n FilterState,\n FilterOptions,\n Genre,\n SortBy,\n SortOrder,\n WatchStatus,\n} from \"$lib/types/filters\";\nimport { defaultFilterState, createQueryString } from \"$lib/types/filters\";\nimport { goto } from \"$app/navigation\";\nimport { page } from \"$app/stores\";\nimport type { Page } from \"@sveltejs/kit\";\n\nconst sortByValues: SortBy[] = [\"popularity\", \"rating\", \"release_date\", \"title\"];\nconst sortOrderValues: SortOrder[] = [\"asc\", \"desc\"];\nconst watchStatusValues: WatchStatus[] = [\"all\", \"watching\", \"completed\", \"planned\"];\n\nfunction isSortBy(value: string): value is SortBy {\n return sortByValues.includes(value as SortBy);\n}\n\nfunction isSortOrder(value: string): value is SortOrder {\n return sortOrderValues.includes(value as SortOrder);\n}\n\nfunction isWatchStatus(value: string): value is WatchStatus {\n return watchStatusValues.includes(value as WatchStatus);\n}\n\nfunction createFilterStore() {\n const { subscribe, set, update } = writable(defaultFilterState);\n\n return {\n subscribe,\n\n initialize(genres: Genre[]) {\n update((state) => ({\n ...state,\n availableGenres: genres,\n }));\n },\n\n setFromQueryString(queryString: string) {\n const params = new URLSearchParams(queryString);\n\n update((state) => {\n const newState = { ...state };\n\n\n const query = params.get(\"query\");\n if (query) newState.query = query;\n\n\n const genres = params.get(\"genres\");\n if (genres) {\n newState.genres = genres.split(\",\").map(Number);\n }\n\n\n const year = params.get(\"year\");\n if (year) newState.year = parseInt(year);\n\n\n const rating = params.get(\"rating\");\n if (rating) newState.rating = parseInt(rating);\n\n\n const sortBy = params.get(\"sortBy\");\n if (sortBy && isSortBy(sortBy)) newState.sortBy = sortBy;\n\n const sortOrder = params.get(\"sortOrder\");\n if (sortOrder && isSortOrder(sortOrder)) newState.sortOrder = sortOrder;\n\n\n const watchStatus = params.get(\"watchStatus\");\n if (watchStatus && isWatchStatus(watchStatus)) {\n newState.watchStatus = watchStatus;\n }\n\n\n const page = params.get(\"page\");\n if (page) newState.page = parseInt(page);\n\n const limit = params.get(\"limit\");\n if (limit) newState.limit = parseInt(limit);\n\n return newState;\n });\n },\n\n updateFilters(filters: Partial, navigate = true) {\n update((state) => {\n const newState = {\n ...state,\n ...filters,\n\n page: \"page\" in filters ? filters.page || 1 : 1,\n };\n\n if (navigate) {\n const currentPage = get(page);\n const baseUrl = currentPage.url.pathname;\n const queryString = createQueryString(newState);\n goto(`${baseUrl}?${queryString}`, { replaceState: true });\n }\n\n return newState;\n });\n },\n\n reset() {\n update((state) => ({\n ...defaultFilterState,\n availableGenres: state.availableGenres,\n }));\n\n const currentPage = get(page);\n const baseUrl = currentPage.url.pathname;\n goto(baseUrl, { replaceState: true });\n },\n\n setResults(totalResults: number, totalPages: number) {\n update((state) => ({\n ...state,\n totalResults,\n totalPages,\n }));\n },\n };\n}\n\nexport const filters = createFilterStore();\n\n\nexport const activeFilters = derived(filters, ($filters) => {\n const active: string[] = [];\n\n if ($filters.query) {\n active.push(`Search: \"${$filters.query}\"`);\n }\n\n if ($filters.genres && $filters.genres.length > 0) {\n const genreNames = $filters.genres\n .map((id) => $filters.availableGenres.find((g) => g.id === id)?.name)\n .filter(Boolean);\n if (genreNames.length > 0) {\n active.push(`Genres: ${genreNames.join(\", \")}`);\n }\n }\n\n if ($filters.year) {\n active.push(`Year: ${$filters.year}`);\n }\n\n if ($filters.rating) {\n active.push(`Rating: ${$filters.rating}+`);\n }\n\n if ($filters.watchStatus && $filters.watchStatus !== \"all\") {\n active.push(`Status: ${$filters.watchStatus}`);\n }\n\n if ($filters.sortBy && $filters.sortBy !== \"popularity\") {\n active.push(`Sort: ${$filters.sortBy} (${$filters.sortOrder})`);\n }\n\n return active;\n});\n\nexport const hasActiveFilters = derived(\n activeFilters,\n ($activeFilters) => $activeFilters.length > 0,\n);\n\nexport const currentPage = derived(filters, ($filters) => $filters.page || 1);\n\nexport const totalPages = derived(filters, ($filters) => $filters.totalPages);\n\nexport const selectedGenres = derived(filters, ($filters) => {\n if (!$filters.genres) return [];\n return $filters.availableGenres.filter((genre) =>\n $filters.genres?.includes(genre.id),\n );\n});\n" }, { "path": "src/lib/stores/provider-urls.ts", "content": "import { writable } from \"svelte/store\";\n\ninterface ProviderUrls {\n vidsrc: string;\n vidlink: string;\n movies111: string;\n embed2: string;\n}\n\nexport const providerUrls = writable(null);\n\nexport async function loadProviderUrls() {\n if (typeof window === \"undefined\") return;\n\n try {\n const response = await fetch(\"/api/providers\");\n const urls = await response.json();\n providerUrls.set(urls);\n } catch (error) {\n console.error(\"Failed to load provider URLs:\", error);\n }\n}\n" }, { "path": "src/lib/stores/toast.ts", "content": "import { writable } from \"svelte/store\";\n\nexport interface Toast {\n id: string;\n type: \"success\" | \"error\" | \"info\" | \"warning\";\n message: string;\n duration?: number;\n}\n\nfunction createToastStore() {\n const { subscribe, update } = writable([]);\n\n function addToast(toast: Omit) {\n const id = Math.random().toString(36).substring(2);\n const duration = toast.duration || 5000;\n\n update((toasts) => [...toasts, { ...toast, id }]);\n\n\n setTimeout(() => {\n removeToast(id);\n }, duration);\n }\n\n function removeToast(id: string) {\n update((toasts) => toasts.filter((t) => t.id !== id));\n }\n\n function success(message: string, duration?: number) {\n addToast({ type: \"success\", message, duration });\n }\n\n function error(message: string, duration?: number) {\n addToast({ type: \"error\", message, duration });\n }\n\n function info(message: string, duration?: number) {\n addToast({ type: \"info\", message, duration });\n }\n\n function warning(message: string, duration?: number) {\n addToast({ type: \"warning\", message, duration });\n }\n\n return {\n subscribe,\n success,\n error,\n info,\n warning,\n remove: removeToast,\n };\n}\n\nexport const toastStore = createToastStore();\n" }, { "path": "src/lib/stores/watchlist.ts", "content": "import { writable } from \"svelte/store\";\nimport { authStore } from \"./auth\";\nimport { get } from \"svelte/store\";\nimport { csrfFetch } from \"$lib/utils/csrf\";\n\ninterface WatchlistItem {\n id: number;\n mediaId: number;\n mediaType: string;\n title: string;\n posterPath: string | null;\n voteAverage: number;\n addedAt: string;\n}\n\ninterface WatchlistStore {\n items: WatchlistItem[];\n total: number;\n loading: boolean;\n error: string | null;\n}\n\nfunction createWatchlistStore() {\n const { subscribe, set, update } = writable({\n items: [],\n total: 0,\n loading: false,\n error: null,\n });\n\n return {\n subscribe,\n async getWatchlist() {\n const auth = get(authStore);\n if (!auth.user) {\n update(state => ({ ...state, items: [], total: 0, loading: false, error: null }));\n return { items: [], total: 0 };\n }\n\n update((state) => ({ ...state, loading: true, error: null }));\n try {\n const response = await fetch(\"/api/watchlist\");\n if (!response.ok) throw new Error(\"Failed to fetch watchlist\");\n const data = await response.json();\n update((state) => ({\n ...state,\n items: data.items,\n total: data.total,\n loading: false,\n }));\n return data;\n } catch (error) {\n update((state) => ({\n ...state,\n error:\n error instanceof Error\n ? error.message\n : \"Failed to fetch watchlist\",\n loading: false,\n }));\n throw error;\n }\n },\n\n async addToWatchlist(\n mediaId: number,\n mediaType: string,\n title: string,\n posterPath: string | null,\n voteAverage: number,\n ) {\n const auth = get(authStore);\n if (!auth.user) {\n throw new Error(\"Must be logged in to add to watchlist\");\n }\n\n try {\n const response = await csrfFetch(\"/api/watchlist\", {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n mediaId,\n mediaType,\n title,\n posterPath,\n voteAverage,\n }),\n });\n if (!response.ok) throw new Error(\"Failed to add to watchlist\");\n const newItem = await response.json();\n update((state) => ({\n ...state,\n items: [newItem, ...state.items],\n total: state.total + 1,\n }));\n return newItem;\n } catch (error) {\n throw error;\n }\n },\n\n async removeFromWatchlist(mediaId: number, mediaType: string) {\n const auth = get(authStore);\n if (!auth.user) {\n throw new Error(\"Must be logged in to remove from watchlist\");\n }\n\n try {\n const response = await csrfFetch(\"/api/watchlist\", {\n method: \"DELETE\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ mediaId, mediaType }),\n });\n if (!response.ok) throw new Error(\"Failed to remove from watchlist\");\n update((state) => ({\n ...state,\n items: state.items.filter(\n (item) =>\n !(item.mediaId === mediaId && item.mediaType === mediaType),\n ),\n total: state.total - 1,\n }));\n } catch (error) {\n throw error;\n }\n },\n\n async isInWatchlist(mediaId: number, mediaType: string) {\n const auth = get(authStore);\n if (!auth.user) {\n return false;\n }\n\n try {\n const response = await fetch(\n `/api/watchlist/check?mediaId=${mediaId}&mediaType=${mediaType}`,\n );\n if (!response.ok) throw new Error(\"Failed to check watchlist status\");\n const { inWatchlist } = await response.json();\n return inWatchlist;\n } catch (error) {\n throw error;\n }\n },\n\n reset() {\n set({\n items: [],\n total: 0,\n loading: false,\n error: null,\n });\n }\n };\n}\n\nexport const watchlistStore = createWatchlistStore();\n" }, { "path": "src/lib/types/auth.ts", "content": "export interface UserSession {\n id: number;\n username: string;\n email: string | null;\n isAdmin: boolean;\n}\n\nexport interface TokenPayload {\n userId: number;\n}\n\nexport interface AuthServiceInterface {\n hashPassword(password: string): Promise;\n comparePasswords(password: string, hash: string): Promise;\n generateToken(user: UserSession): Promise;\n verifyToken(token: string): Promise;\n createUser(\n username: string,\n email: string | null,\n password: string,\n ): Promise;\n validateUser(\n usernameOrEmail: string,\n password: string,\n ): Promise;\n findUserByIdentifier(identifier: string): Promise;\n updatePassword(userId: number, newPassword: string): Promise;\n createResetToken(identifier: string): Promise;\n validateResetToken(token: string): Promise;\n clearResetToken(userId: number): Promise;\n}\n\n\nexport async function verifyToken(token: string): Promise {\n const { authService } = await import(\"$lib/server/services/auth\");\n return authService.verifyToken(token);\n}\n\n\nexport const userSelect = {\n id: true,\n username: true,\n email: true,\n isAdmin: true,\n} as const;\n" }, { "path": "src/lib/types/comments.ts", "content": "export interface Comment {\n id: number;\n content: string;\n userId: number;\n mediaId: number;\n mediaType: string;\n rating: number | null;\n parentId: number | null;\n createdAt: string;\n updatedAt: string;\n user: {\n username: string;\n };\n _count: {\n likes: number;\n replies: number;\n };\n isLiked?: boolean;\n flagged?: boolean;\n flagReason?: string | null;\n flaggedAt?: string | null;\n}\n\nexport interface CommentResponse {\n comments: Comment[];\n total: number;\n}\n" }, { "path": "src/lib/types/filters.ts", "content": "export type SortOrder = \"asc\" | \"desc\";\nexport type SortBy = \"popularity\" | \"rating\" | \"release_date\" | \"title\";\nexport type MediaType = \"movie\" | \"tv\";\nexport type WatchStatus = \"all\" | \"watching\" | \"completed\" | \"planned\";\n\nexport interface Genre {\n id: number;\n name: string;\n}\n\nexport interface FilterOptions {\n query?: string;\n genres?: number[];\n year?: number;\n rating?: number;\n sortBy?: SortBy;\n sortOrder?: SortOrder;\n watchStatus?: WatchStatus;\n page?: number;\n limit?: number;\n}\n\nexport interface FilterState extends FilterOptions {\n availableGenres: Genre[];\n totalResults: number;\n totalPages: number;\n}\n\nexport const defaultFilterState: FilterState = {\n query: \"\",\n genres: [],\n sortBy: \"popularity\",\n sortOrder: \"desc\",\n watchStatus: \"all\",\n page: 1,\n limit: 20,\n availableGenres: [],\n totalResults: 0,\n totalPages: 0,\n};\n\nexport const sortOptions: { value: SortBy; label: string }[] = [\n { value: \"popularity\", label: \"Popularity\" },\n { value: \"rating\", label: \"Rating\" },\n { value: \"release_date\", label: \"Release Date\" },\n { value: \"title\", label: \"Title\" },\n];\n\nexport const watchStatusOptions: { value: WatchStatus; label: string }[] = [\n { value: \"all\", label: \"All\" },\n { value: \"watching\", label: \"Watching\" },\n { value: \"completed\", label: \"Completed\" },\n { value: \"planned\", label: \"Plan to Watch\" },\n];\n\nexport const yearOptions: { value: number; label: string }[] = (() => {\n const currentYear = new Date().getFullYear();\n const years = [];\n for (let year = currentYear; year >= 1900; year--) {\n years.push({ value: year, label: year.toString() });\n }\n return years;\n})();\n\nexport const ratingOptions: { value: number; label: string }[] = [\n { value: 9, label: \"9+ Rating\" },\n { value: 8, label: \"8+ Rating\" },\n { value: 7, label: \"7+ Rating\" },\n { value: 6, label: \"6+ Rating\" },\n { value: 5, label: \"5+ Rating\" },\n { value: 0, label: \"All Ratings\" },\n];\n\nexport function createQueryString(filters: FilterOptions): string {\n const params = new URLSearchParams();\n\n if (filters.query) {\n params.set(\"query\", filters.query);\n }\n\n if (filters.genres && filters.genres.length > 0) {\n params.set(\"genres\", filters.genres.join(\",\"));\n }\n\n if (filters.year) {\n params.set(\"year\", filters.year.toString());\n }\n\n if (filters.rating) {\n params.set(\"rating\", filters.rating.toString());\n }\n\n if (filters.sortBy) {\n params.set(\"sortBy\", filters.sortBy);\n }\n\n if (filters.sortOrder) {\n params.set(\"sortOrder\", filters.sortOrder);\n }\n\n if (filters.watchStatus && filters.watchStatus !== \"all\") {\n params.set(\"watchStatus\", filters.watchStatus);\n }\n\n if (filters.page && filters.page > 1) {\n params.set(\"page\", filters.page.toString());\n }\n\n if (filters.limit && filters.limit !== 20) {\n params.set(\"limit\", filters.limit.toString());\n }\n\n return params.toString();\n}\n\nexport function parseQueryString(queryString: string): FilterOptions {\n const params = new URLSearchParams(queryString);\n const filters: FilterOptions = {};\n\n const query = params.get(\"query\");\n if (query) {\n filters.query = query;\n }\n\n const genres = params.get(\"genres\");\n if (genres) {\n filters.genres = genres.split(\",\").map(Number);\n }\n\n const year = params.get(\"year\");\n if (year) {\n filters.year = parseInt(year);\n }\n\n const rating = params.get(\"rating\");\n if (rating) {\n filters.rating = parseInt(rating);\n }\n\n const sortBy = params.get(\"sortBy\") as SortBy;\n if (sortBy) {\n filters.sortBy = sortBy;\n }\n\n const sortOrder = params.get(\"sortOrder\") as SortOrder;\n if (sortOrder) {\n filters.sortOrder = sortOrder;\n }\n\n const watchStatus = params.get(\"watchStatus\") as WatchStatus;\n if (watchStatus) {\n filters.watchStatus = watchStatus;\n }\n\n const page = params.get(\"page\");\n if (page) {\n filters.page = parseInt(page);\n }\n\n const limit = params.get(\"limit\");\n if (limit) {\n filters.limit = parseInt(limit);\n }\n\n return filters;\n}\n" }, { "path": "src/lib/types/provider.ts", "content": "export interface MediaProvider {\n id: string;\n name: string;\n supportsMovies: boolean;\n supportsTVShows: boolean;\n requiresLanguage?: boolean;\n languages?: string[];\n getMovieUrl: (\n mediaId: string | number,\n options?: ProviderOptions,\n ) => Promise;\n getTVShowUrl?: (\n mediaId: string | number,\n seasonId: number,\n episodeId: number,\n options?: ProviderOptions,\n ) => Promise;\n}\n\nexport interface ProviderOptions {\n language?: string;\n primaryColor?: string;\n secondaryColor?: string;\n iconColor?: string;\n autoPlay?: boolean;\n autoNext?: boolean;\n}\n\nexport interface StreamingQuality {\n quality: string;\n url: string;\n metadata?: {\n baseUrl?: string;\n [key: string]: unknown;\n };\n}\n\nexport interface ProviderResponse {\n url: string;\n type: \"iframe\" | \"hls\" | \"dash\";\n qualities?: StreamingQuality[];\n}\n" }, { "path": "src/lib/types/tmdb.ts", "content": "export interface TMDBReleaseDatesResponse {\n id: number;\n results: TMDBReleaseDateResult[];\n}\n\nexport interface TMDBReleaseDateResult {\n iso_3166_1: string;\n release_dates: TMDBReleaseDate[];\n}\n\nexport interface TMDBReleaseDate {\n certification: string;\n iso_639_1?: string;\n release_date: string;\n type: number;\n note?: string;\n}\n\nexport interface TMDBMediaResponse {\n id: number;\n title?: string;\n name?: string;\n overview: string;\n poster_path: string | null;\n backdrop_path: string | null;\n release_date?: string;\n first_air_date?: string;\n vote_average: number;\n vote_count: number;\n genre_ids: number[];\n media_type?: \"movie\" | \"tv\";\n popularity: number;\n}\n\nexport interface TMDBResponse {\n page: number;\n results: T[];\n total_pages: number;\n total_results: number;\n}\n\nexport interface TMDBVideoResponse {\n id: number;\n results: TMDBVideo[];\n}\n\nexport interface TMDBVideo {\n id: string;\n key: string;\n name: string;\n site: string;\n size: number;\n type: string;\n}\n\nexport interface TMDBMovie extends TMDBMediaResponse {\n title: string;\n release_date: string;\n media_type: \"movie\";\n}\n\nexport interface TMDBTVShow extends TMDBMediaResponse {\n name: string;\n first_air_date: string;\n media_type: \"tv\";\n}\n\nexport interface TMDBGenre {\n id: number;\n name: string;\n}\n\nexport interface TMDBWatchProvider {\n logo_path: string;\n provider_id: number;\n provider_name: string;\n display_priority: number;\n}\n\nexport interface TMDBWatchProviderRegion {\n link?: string;\n flatrate?: TMDBWatchProvider[];\n rent?: TMDBWatchProvider[];\n buy?: TMDBWatchProvider[];\n}\n\nexport interface TMDBWatchProvidersResponse {\n id: number;\n results: Record;\n}\n" }, { "path": "src/lib/utils/csrf.ts", "content": "import { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from \"$lib/constants/security\";\n\nfunction getCookie(name: string): string | null {\n if (typeof document === \"undefined\") return null;\n\n const escapedName = name.replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\");\n const match = document.cookie.match(new RegExp(`(?:^|; )${escapedName}=([^;]*)`));\n return match ? decodeURIComponent(match[1]) : null;\n}\n\nexport function getCsrfToken(): string | null {\n return getCookie(CSRF_COOKIE_NAME);\n}\n\nexport function withCsrfHeaders(init: RequestInit = {}): RequestInit {\n const token = getCsrfToken();\n if (!token) return init;\n\n const headers = new Headers(init.headers ?? {});\n headers.set(CSRF_HEADER_NAME, token);\n\n return {\n ...init,\n headers,\n };\n}\n\nexport async function csrfFetch(\n input: RequestInfo | URL,\n init: RequestInit = {},\n): Promise {\n const method = (init.method ?? \"GET\").toUpperCase();\n if (method === \"GET\" || method === \"HEAD\" || method === \"OPTIONS\") {\n return fetch(input, init);\n }\n\n return fetch(input, withCsrfHeaders(init));\n}\n" }, { "path": "src/routes/+layout.server.ts", "content": "import type { ServerLoad } from \"@sveltejs/kit\";\n\nexport const load: ServerLoad = async ({ locals }) => {\n return {\n user: locals.user,\n };\n};\n" }, { "path": "src/routes/+layout.svelte", "content": "\n\n
\n \n\n
\n \n
\n\n
\n
\n
\n
\n

This website doesn't host any file. Legal issues must be discussed with files hosts & providers. We are not affiliated with 3rd party providers & we have no control over the content they distribute.

\n
\n
\n DMCA\n \n \n \n \n GitHub\n \n
\n
\n
\n
\n
\n\n\n" }, { "path": "src/routes/+layout.ts", "content": "import { browser } from \"$app/environment\";\nimport { watchlistStore } from \"$lib/stores/watchlist\";\nimport { authStore } from \"$lib/stores/auth\";\nimport { get } from \"svelte/store\";\n\nexport const load = async () => {\n if (browser) {\n const auth = get(authStore);\n if (auth.user) {\n try {\n await watchlistStore.getWatchlist();\n } catch (error) {\n console.error(\"Failed to load watchlist:\", error);\n }\n } else {\n\n watchlistStore.reset();\n }\n }\n};\n" }, { "path": "src/routes/+page.server.ts", "content": "import type { ServerLoad } from \"@sveltejs/kit\";\nimport { TMDBService, TMDBApiError } from \"$lib/services/tmdb\";\n\nexport const load = (async () => {\n const tmdb = new TMDBService();\n\n if (!tmdb.isConfigured()) {\n return {\n trendingMovies: [],\n trendingTVShows: [],\n error: 'TMDB API key is not configured. Please add TMDB_API_KEY to your .env file.',\n };\n }\n\n try {\n const [trendingMovies, trendingTVShows] = await Promise.all([\n tmdb.getTrendingMovies(),\n tmdb.getTrendingTVShows(),\n ]);\n\n return {\n trendingMovies: trendingMovies.results.slice(0, 12),\n trendingTVShows: trendingTVShows.results.slice(0, 12),\n error: null,\n };\n } catch (err) {\n const error = err instanceof TMDBApiError\n ? err.message\n : 'Failed to load content. Please try again later.';\n\n console.error('Homepage load error:', err);\n\n return {\n trendingMovies: [],\n trendingTVShows: [],\n error,\n };\n }\n}) satisfies ServerLoad;\n" }, { "path": "src/routes/+page.svelte", "content": "\n\n{#if featuredMedia}\n \n{/if}\n\n
\n
\n
\n

Trending Movies

\n \n Show All\n \n \n \n \n
\n\n {#if loading}\n
\n
\n
\n {:else if error}\n
\n \n \n \n

{error}

\n

Get a free API key at themoviedb.org

\n
\n {:else if trendingMovies.length === 0}\n
\n No trending movies available\n
\n {:else}\n
\n {#each trendingMovies as movie (movie.id)}\n \n {/each}\n
\n {/if}\n
\n\n
\n
\n

Trending TV Shows

\n \n Show All\n \n \n \n \n
\n\n {#if loading}\n
\n
\n
\n {:else if error}\n \n {:else if trendingShows.length === 0}\n
\n No trending TV shows available\n
\n {:else}\n
\n {#each trendingShows as show (show.id)}\n \n {/each}\n
\n {/if}\n
\n
\n" }, { "path": "src/routes/admin/moderation/+page.server.ts", "content": "import { redirect } from '@sveltejs/kit';\nimport type { PageServerLoad } from './$types';\n\nexport const load: PageServerLoad = async ({ locals }) => {\n if (!locals.user?.isAdmin) {\n throw redirect(303, '/');\n }\n\n return {\n user: locals.user\n };\n};\n" }, { "path": "src/routes/admin/moderation/+page.svelte", "content": "\n\n
\n
\n

Comment Moderation

\n
\n\n {#if loading}\n
\n
\n
\n {:else if error}\n
\n {error}\n
\n {:else if comments.length === 0}\n
\n No flagged comments found\n
\n {:else}\n
\n {#each comments as comment (comment.id)}\n
\n
\n
\n

\n Posted by {comment.user.username} on {formatDate(comment.createdAt)}\n

\n

\n Flagged on {formatDate(comment.flaggedAt)}\n {#if comment.flagReason}\n - Reason: {comment.flagReason}\n {/if}\n

\n
\n
\n unflagComment(comment.id)}\n >\n Unflag\n \n deleteComment(comment.id)}\n >\n Delete\n \n
\n
\n\n

{comment.content}

\n\n
\n

Media: {comment.mediaType} #{comment.mediaId}

\n

Likes: {comment._count?.likes || 0}

\n

Replies: {comment._count?.replies || 0}

\n
\n
\n {/each}\n
\n {/if}\n
\n" }, { "path": "src/routes/api/auth/login/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { authService } from \"$lib/server/services/auth\";\nimport { createSessionCookie, createCsrfCookie, createCsrfToken } from \"$lib/server/auth\";\nimport { RateLimitService } from \"$lib/server/services/rate-limit\";\nimport { handleDatabaseError } from \"$lib/server/services/db-error\";\nimport { dev } from \"$app/environment\";\n\nexport async function POST({ request, getClientAddress }: RequestEvent) {\n const clientIp = getClientAddress();\n\n const rateLimit = RateLimitService.checkLoginLimit(clientIp);\n if (!rateLimit.allowed) {\n return json(\n { error: `Too many login attempts. Please try again in ${Math.ceil(rateLimit.timeLeft! / 60)} minutes.` },\n { status: 429 }\n );\n }\n\n try {\n const { usernameOrEmail, identifier, password } = await request.json();\n const loginIdentifier = usernameOrEmail ?? identifier;\n\n if (!loginIdentifier || !password) {\n return json({ error: \"Username/Email and password are required\" }, { status: 400 });\n }\n\n const user = await authService.validateUser(loginIdentifier, password);\n if (!user) {\n return json({ error: \"Invalid credentials\" }, { status: 401 });\n }\n\n const token = await authService.generateToken(user);\n const isProduction = !dev;\n const csrfToken = createCsrfToken();\n const headers = new Headers();\n headers.append(\"Set-Cookie\", createSessionCookie(token, isProduction));\n headers.append(\"Set-Cookie\", createCsrfCookie(csrfToken, isProduction));\n\n return json(user, {\n headers,\n });\n } catch (error) {\n return handleDatabaseError(error, \"login\");\n }\n}\n" }, { "path": "src/routes/api/auth/logout/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { clearSessionCookie, clearCsrfCookie } from \"$lib/server/auth\";\n\nexport async function POST(_event: RequestEvent) {\n try {\n const headers = new Headers();\n headers.append(\"Set-Cookie\", clearSessionCookie());\n headers.append(\"Set-Cookie\", clearCsrfCookie());\n\n return json(\n { success: true },\n {\n headers,\n },\n );\n } catch (error) {\n console.error(\"Logout error:\", error);\n return new Response(\"Internal server error\", { status: 500 });\n }\n}\n" }, { "path": "src/routes/api/auth/me/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { prisma } from \"$lib/server/prisma\";\nimport { getSession } from \"$lib/server/auth\";\n\nexport async function GET({ cookies }: RequestEvent) {\n try {\n const session = await getSession(cookies);\n if (!session?.userId) {\n return new Response(null, { status: 401 });\n }\n\n const user = await prisma.user.findUnique({\n where: { id: session.userId },\n select: {\n id: true,\n username: true,\n email: true,\n createdAt: true,\n updatedAt: true,\n },\n });\n\n if (!user) {\n return new Response(null, { status: 401 });\n }\n\n return json(user);\n } catch (error) {\n console.error(\"Error fetching user:\", error);\n return new Response(\"Internal server error\", { status: 500 });\n }\n}\n" }, { "path": "src/routes/api/auth/register/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { authService } from \"$lib/server/services/auth\";\nimport { createSessionCookie, createCsrfCookie, createCsrfToken } from \"$lib/server/auth\";\nimport { RateLimitService } from \"$lib/server/services/rate-limit\";\nimport { handleDatabaseError } from \"$lib/server/services/db-error\";\nimport { dev } from \"$app/environment\";\nimport { CaptchaService } from \"$lib/server/services/captcha\";\n\nconst PASSWORD_MIN_LENGTH = 8;\nconst PASSWORD_REGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d).+$/;\n\nexport async function POST({ request, getClientAddress }: RequestEvent) {\n const clientIp = getClientAddress();\n\n const rateLimit = RateLimitService.checkRegisterLimit(clientIp);\n if (!rateLimit.allowed) {\n return json(\n { error: `Too many registration attempts. Please try again in ${Math.ceil(rateLimit.timeLeft! / 60)} minutes.` },\n { status: 429 }\n );\n }\n\n try {\n const { username, email, password, captchaId, captchaAnswer } = await request.json();\n\n if (!username || !password) {\n return json({ error: \"Username and password are required\" }, { status: 400 });\n }\n\n if (username.length < 3 || username.length > 15) {\n return json({ error: \"Username must be between 3 and 15 characters\" }, { status: 400 });\n }\n\n if (!/^[a-zA-Z0-9_]+$/.test(username)) {\n return json({ error: \"Username can only contain letters, numbers, and underscores\" }, { status: 400 });\n }\n\n if (password.length < PASSWORD_MIN_LENGTH) {\n return json({ error: `Password must be at least ${PASSWORD_MIN_LENGTH} characters` }, { status: 400 });\n }\n\n if (!PASSWORD_REGEX.test(password)) {\n return json({ error: \"Password must contain at least one uppercase letter, one lowercase letter, and one number\" }, { status: 400 });\n }\n\n if (email && !/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/.test(email)) {\n return json({ error: \"Invalid email format\" }, { status: 400 });\n }\n\n if (!captchaId || !captchaAnswer) {\n return json({ error: \"Captcha verification is required\" }, { status: 400 });\n }\n\n const captchaValid = CaptchaService.validateCaptcha(captchaId, captchaAnswer, { consume: true });\n if (!captchaValid) {\n return json({ error: \"Invalid captcha. Please try again.\" }, { status: 400 });\n }\n\n const existingUser = await authService.findUserByIdentifier(email || username);\n if (existingUser) {\n if (email && existingUser.email === email) {\n return json({ error: \"Email already registered\" }, { status: 400 });\n }\n if (existingUser.username === username) {\n return json({ error: \"Username already taken\" }, { status: 400 });\n }\n }\n\n const user = await authService.createUser(username, email, password);\n const token = await authService.generateToken(user);\n const isProduction = !dev;\n const csrfToken = createCsrfToken();\n const headers = new Headers();\n headers.append(\"Set-Cookie\", createSessionCookie(token, isProduction));\n headers.append(\"Set-Cookie\", createCsrfCookie(csrfToken, isProduction));\n\n return json(user, {\n headers,\n });\n } catch (error) {\n return handleDatabaseError(error, \"register\");\n }\n}\n" }, { "path": "src/routes/api/auth/reset-password/request/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { authService } from \"$lib/server/services/auth\";\nimport { RateLimitService } from \"$lib/server/services/rate-limit\";\n\nexport async function POST({ request }: RequestEvent) {\n const { identifier } = await request.json();\n\n if (!identifier) {\n return json({ error: \"Username or email is required\" }, { status: 400 });\n }\n\n const rateLimit = RateLimitService.checkPasswordResetLimit(identifier);\n if (!rateLimit.allowed) {\n return json({\n error: `Too many reset attempts. Please try again in ${Math.ceil(rateLimit.timeLeft! / 60)} minutes.`\n }, { status: 429 });\n }\n\n try {\n const resetToken = await authService.createResetToken(identifier);\n if (!resetToken) {\n return json({\n message: \"If an account exists with this username/email, password reset instructions will be sent\"\n });\n }\n\n const user = await authService.findUserByIdentifier(identifier);\n if (!user?.email) {\n return json({\n message: \"If an account exists with this username/email, password reset instructions will be sent\"\n });\n }\n\n return json({\n message: \"If an account exists with this username/email, password reset instructions will be sent\"\n });\n } catch (error) {\n console.error(\"Password reset request error:\", error);\n return json(\n {\n error: \"An error occurred while processing your request\"\n },\n { status: 500 },\n );\n }\n}\n" }, { "path": "src/routes/api/auth/reset-password/reset/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { authService } from \"$lib/server/services/auth\";\nimport { RateLimitService } from \"$lib/server/services/rate-limit\";\n\nconst PASSWORD_MIN_LENGTH = 8;\nconst PASSWORD_REGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d).+$/;\n\nexport async function POST({ request }: RequestEvent) {\n const { token, newPassword } = await request.json();\n\n if (!token || !newPassword) {\n return json(\n { error: \"Token and new password are required\" },\n { status: 400 },\n );\n }\n\n if (newPassword.length < PASSWORD_MIN_LENGTH) {\n return json(\n { error: `Password must be at least ${PASSWORD_MIN_LENGTH} characters long` },\n { status: 400 },\n );\n }\n\n if (!PASSWORD_REGEX.test(newPassword)) {\n return json(\n { error: \"Password must contain at least one uppercase letter, one lowercase letter, and one number\" },\n { status: 400 },\n );\n }\n\n const rateLimit = RateLimitService.checkPasswordResetLimit(token);\n if (!rateLimit.allowed) {\n return json({\n error: `Too many attempts. Please try again in ${Math.ceil(rateLimit.timeLeft! / 60)} minutes.`\n }, { status: 429 });\n }\n\n try {\n const userId = await authService.validateResetToken(token);\n if (!userId) {\n return json(\n { error: \"Invalid or expired reset link. Please request a new one.\" },\n { status: 400 }\n );\n }\n\n await authService.updatePassword(userId, newPassword);\n await authService.clearResetToken(userId);\n\n return json({ message: \"Your password has been successfully reset\" });\n } catch (error) {\n console.error(\"Password reset error:\", error);\n return json(\n {\n error: \"An error occurred while resetting your password. Please try again.\"\n },\n { status: 500 },\n );\n }\n}\n" }, { "path": "src/routes/api/captcha/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { CaptchaService } from \"$lib/server/services/captcha\";\nimport { z } from \"zod\";\n\nconst validateSchema = z.object({\n id: z.string().length(32),\n answer: z.string().min(1).max(10),\n});\n\n// Generate a new captcha\nexport async function GET({ getClientAddress }: RequestEvent) {\n const { id, text } = CaptchaService.generateCaptcha();\n\n // Return captcha ID and text for client-side rendering\n // The text is only used for rendering the canvas image client-side\n // Validation still happens server-side\n return json({ id, text });\n}\n\n// Validate captcha (used during form submission)\nexport async function POST({ request }: RequestEvent) {\n try {\n const body = await request.json();\n const validation = validateSchema.safeParse(body);\n\n if (!validation.success) {\n return json({ valid: false, error: \"Invalid request\" }, { status: 400 });\n }\n\n const { id, answer } = validation.data;\n const isValid = CaptchaService.validateCaptcha(id, answer, { consume: false });\n\n return json({ valid: isValid });\n } catch {\n return json({ valid: false, error: \"Validation failed\" }, { status: 500 });\n }\n}\n" }, { "path": "src/routes/api/comments/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { getSession } from \"$lib/server/auth\";\nimport { validateComment } from \"$lib/shared/comment-validation\";\nimport { commentService } from \"$lib/server/services/comments\";\nimport { commentRateLimit } from \"$lib/server/services/rate-limit\";\nimport { handleDatabaseError } from \"$lib/server/services/db-error\";\nimport { z } from 'zod';\n\nconst mediaTypeSchema = z.enum(['movie', 'tv']);\nconst commentSchema = z.object({\n mediaId: z.number().int().positive(),\n mediaType: mediaTypeSchema,\n content: z.string().min(1).max(1000),\n parentId: z.number().int().positive().nullable().optional(),\n season: z.number().int().min(1).max(100).optional(),\n episode: z.number().int().min(1).max(2000).optional(),\n});\n\nfunction validateNumericInput(value: string | null, min: number, max: number): number | null {\n if (!value) return null;\n const num = parseInt(value);\n if (isNaN(num) || num < min || num > max) return null;\n return num;\n}\n\nfunction checkQueryComplexity(params: URLSearchParams): boolean {\n const complexityScore =\n (params.has('mediaId') ? 1 : 0) +\n (params.has('mediaType') ? 1 : 0) +\n (params.has('season') ? 2 : 0) +\n (params.has('episode') ? 2 : 0);\n\n return complexityScore <= 6;\n}\n\nexport async function GET({ url, cookies, getClientAddress }: RequestEvent) {\n try {\n const clientIp = getClientAddress();\n if (!checkRateLimit(clientIp)) {\n return json({ error: \"Rate limit exceeded\" }, { status: 429 });\n }\n\n if (!checkQueryComplexity(url.searchParams)) {\n return json({ error: \"Query too complex\" }, { status: 400 });\n }\n\n const rawMediaId = url.searchParams.get(\"mediaId\");\n const rawMediaType = url.searchParams.get(\"mediaType\");\n const rawPage = url.searchParams.get(\"page\") || \"1\";\n const rawLimit = url.searchParams.get(\"limit\") || \"10\";\n const rawParentId = url.searchParams.get(\"parentId\");\n\n const mediaId = validateNumericInput(rawMediaId, 1, Number.MAX_SAFE_INTEGER);\n if (!mediaId) {\n return json({ error: \"Invalid Media ID\" }, { status: 400 });\n }\n\n const mediaTypeResult = mediaTypeSchema.safeParse(rawMediaType);\n if (!mediaTypeResult.success) {\n return json({ error: \"Invalid media type\" }, { status: 400 });\n }\n const mediaType = mediaTypeResult.data;\n\n const page = validateNumericInput(rawPage, 1, 1000) || 1;\n const limit = validateNumericInput(rawLimit, 1, 100) || 10;\n const parentId = validateNumericInput(rawParentId, 1, Number.MAX_SAFE_INTEGER);\n\n const session = await getSession(cookies);\n const userId = session?.userId;\n\n const { comments, total } = await commentService.getComments(\n mediaId,\n mediaType,\n userId,\n parentId,\n page,\n limit\n );\n\n return json({\n comments,\n total,\n page,\n totalPages: Math.ceil(total / limit),\n });\n } catch (error) {\n return handleDatabaseError(error, \"fetch comments\");\n }\n}\n\nexport async function POST({ request, cookies, getClientAddress }: RequestEvent) {\n try {\n const clientIp = getClientAddress();\n if (!checkRateLimit(clientIp)) {\n return json({ error: \"Rate limit exceeded\" }, { status: 429 });\n }\n\n const session = await getSession(cookies);\n if (!session?.userId) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n const body = await request.json();\n const validationResult = commentSchema.safeParse(body);\n if (!validationResult.success) {\n return json({ error: \"Invalid request data\", details: validationResult.error }, { status: 400 });\n }\n\n const { content, mediaId, mediaType, parentId } = validationResult.data;\n\n const contentValidation = validateComment(content);\n if (!contentValidation.isValid) {\n return json({ error: contentValidation.error || \"Invalid comment content\" }, { status: 400 });\n }\n\n const comment = await commentService.createComment({\n userId: session.userId,\n mediaId,\n mediaType,\n content,\n parentId,\n });\n\n return json(comment);\n } catch (error) {\n return handleDatabaseError(error, \"create comment\");\n }\n}\n\nexport async function DELETE({ url, cookies, getClientAddress }: RequestEvent) {\n try {\n const clientIp = getClientAddress();\n if (!checkRateLimit(clientIp)) {\n return json({ error: \"Rate limit exceeded\" }, { status: 429 });\n }\n\n const session = await getSession(cookies);\n if (!session?.userId) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n const commentId = validateNumericInput(url.searchParams.get(\"id\"), 1, Number.MAX_SAFE_INTEGER);\n if (!commentId) {\n return json({ error: \"Invalid comment ID\" }, { status: 400 });\n }\n\n await commentService.deleteComment(commentId, session.userId);\n return json({ success: true });\n } catch (error) {\n return handleDatabaseError(error, \"delete comment\");\n }\n}\n\nfunction checkRateLimit(ip: string): boolean {\n return commentRateLimit.checkRateLimit(ip);\n}\n" }, { "path": "src/routes/api/comments/[id]/+server.ts", "content": "import { error, json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { prisma } from \"$lib/server/prisma\";\nimport { isDatabaseConnectionError } from \"$lib/server/services/db-error\";\n\nexport async function DELETE(event: RequestEvent) {\n const user = event.locals.user;\n if (!user) {\n throw error(401, \"Unauthorized\");\n }\n\n const id = event.params.id;\n if (!id) {\n throw error(400, \"Comment ID is required\");\n }\n\n const commentId = parseInt(id);\n if (isNaN(commentId) || commentId <= 0) {\n throw error(400, \"Invalid comment ID\");\n }\n\n try {\n const comment = await prisma.comment.findUnique({\n where: { id: commentId }\n });\n\n if (!comment) {\n throw error(404, \"Comment not found\");\n }\n\n // Clear authorization: user must own the comment OR be an admin\n const isOwner = comment.userId === user.id;\n if (!isOwner && !user.isAdmin) {\n throw error(403, \"You can only delete your own comments\");\n }\n\n const updatedComment = await prisma.comment.update({\n where: { id: commentId },\n data: {\n content: user.isAdmin && !isOwner ? \"[Comment removed by moderator]\" : \"[Comment deleted]\",\n flagged: false,\n flagReason: null,\n flaggedAt: null\n }\n });\n\n return json({ success: true, comment: updatedComment });\n } catch (err) {\n if (err && typeof err === 'object' && 'status' in err) {\n throw err; // Re-throw SvelteKit errors\n }\n if (isDatabaseConnectionError(err)) {\n console.error(\"Database unavailable:\", err instanceof Error ? err.message : 'Unknown error');\n throw error(503, \"Service temporarily unavailable\");\n }\n console.error(\"Error deleting comment:\", err);\n throw error(500, \"Failed to delete comment\");\n }\n}\n" }, { "path": "src/routes/api/comments/[id]/flag/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { prisma } from \"$lib/server/prisma\";\nimport { getSession } from \"$lib/server/auth\";\nimport { handleDatabaseError } from \"$lib/server/services/db-error\";\nimport { z } from \"zod\";\n\nconst flagSchema = z.object({\n reason: z.string().max(500).optional(),\n});\n\nexport async function POST({ params, request, cookies }: RequestEvent) {\n try {\n const session = await getSession(cookies);\n if (!session?.userId) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n const id = params.id;\n if (!id) {\n return json({ error: \"Comment ID is required\" }, { status: 400 });\n }\n\n const commentId = parseInt(id);\n if (isNaN(commentId) || commentId <= 0) {\n return json({ error: \"Invalid comment ID\" }, { status: 400 });\n }\n\n const body = await request.json();\n const validation = flagSchema.safeParse(body);\n if (!validation.success) {\n return json({ error: \"Invalid flag reason\" }, { status: 400 });\n }\n const { reason } = validation.data;\n\n\n const existingComment = await prisma.comment.findUnique({\n where: { id: commentId }\n });\n\n if (!existingComment) {\n return json({ error: \"Comment not found\" }, { status: 404 });\n }\n\n if (existingComment.flagged) {\n return json({ error: \"Comment is already flagged\" }, { status: 400 });\n }\n\n\n const updatedComment = await prisma.comment.update({\n where: { id: commentId },\n data: {\n flagged: true,\n flagReason: reason || \"No reason provided\",\n flaggedAt: new Date()\n }\n });\n\n return json({\n success: true,\n comment: updatedComment\n });\n } catch (error) {\n return handleDatabaseError(error, \"flag comment\");\n }\n}\n\nexport async function DELETE({ params, cookies }: RequestEvent) {\n try {\n const session = await getSession(cookies);\n if (!session?.userId) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n const user = await prisma.user.findUnique({\n where: { id: session.userId }\n });\n\n if (!user?.isAdmin) {\n return json({ error: \"Unauthorized\" }, { status: 403 });\n }\n\n const id = params.id;\n if (!id) {\n return json({ error: \"Comment ID is required\" }, { status: 400 });\n }\n\n const commentId = parseInt(id);\n if (isNaN(commentId)) {\n return json({ error: \"Invalid comment ID\" }, { status: 400 });\n }\n\n\n const updatedComment = await prisma.comment.update({\n where: { id: commentId },\n data: {\n flagged: false,\n flagReason: null,\n flaggedAt: null\n }\n });\n\n return json({\n success: true,\n comment: updatedComment\n });\n } catch (error) {\n return handleDatabaseError(error, \"unflag comment\");\n }\n}\n" }, { "path": "src/routes/api/comments/[id]/unflag/+server.ts", "content": "import { error, json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { requireAdmin } from \"$lib/server/admin-middleware\";\nimport { prisma } from \"$lib/server/prisma\";\n\nexport async function POST(event: RequestEvent) {\n await requireAdmin(event);\n\n const id = event.params.id;\n if (!id) {\n throw error(400, \"Comment ID is required\");\n }\n\n const commentId = parseInt(id);\n if (isNaN(commentId)) {\n throw error(400, \"Invalid comment ID\");\n }\n\n try {\n const existingComment = await prisma.comment.findUnique({\n where: { id: commentId }\n });\n\n if (!existingComment) {\n throw error(404, \"Comment not found\");\n }\n\n const updatedComment = await prisma.comment.update({\n where: { id: commentId },\n data: {\n flagged: false,\n flagReason: null,\n flaggedAt: null\n }\n });\n\n return json({\n success: true,\n comment: updatedComment\n });\n } catch (err) {\n console.error(\"Error unflagging comment:\", err);\n throw error(500, \"Failed to unflag comment\");\n }\n}\n" }, { "path": "src/routes/api/comments/flagged/+server.ts", "content": "import { error, json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { CommentService } from \"$lib/services/comments\";\nimport { requireAdmin } from \"$lib/server/admin-middleware\";\n\nconst commentService = new CommentService();\n\nexport async function GET(event: RequestEvent) {\n\n await requireAdmin(event);\n\n const page = parseInt(event.url.searchParams.get(\"page\") || \"1\");\n const limit = parseInt(event.url.searchParams.get(\"limit\") || \"10\");\n\n try {\n const { comments, total } = await commentService.getFlaggedComments(\n page,\n limit,\n );\n\n return json({\n comments,\n total,\n page,\n totalPages: Math.ceil(total / limit)\n });\n } catch (err) {\n console.error(\"Error fetching flagged comments:\", err);\n throw error(500, \"Failed to fetch flagged comments\");\n }\n}\n" }, { "path": "src/routes/api/comments/like/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { prisma } from \"$lib/server/prisma\";\nimport { getSession } from \"$lib/server/auth\";\nimport { RateLimitService } from \"$lib/server/services/rate-limit\";\nimport { handleDatabaseError } from \"$lib/server/services/db-error\";\nimport { z } from \"zod\";\n\nconst likeSchema = z.object({\n commentId: z.number().int().positive(),\n});\n\nexport async function POST({ request, cookies }: RequestEvent) {\n try {\n const session = await getSession(cookies);\n if (!session?.userId) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n // Rate limit likes to prevent spam\n const rateLimit = RateLimitService.checkLikeLimit(session.userId);\n if (!rateLimit.allowed) {\n return json(\n { error: `Too many likes. Please try again in ${rateLimit.timeLeft} seconds.` },\n { status: 429 }\n );\n }\n\n const body = await request.json();\n const validation = likeSchema.safeParse(body);\n if (!validation.success) {\n return json({ error: \"Invalid comment ID\" }, { status: 400 });\n }\n const { commentId } = validation.data;\n\n\n const comment = await prisma.comment.findUnique({\n where: { id: commentId },\n });\n\n if (!comment) {\n return json({ error: \"Comment not found\" }, { status: 404 });\n }\n\n\n const existingLike = await prisma.commentLike.findUnique({\n where: {\n userId_commentId: {\n userId: session.userId,\n commentId,\n },\n },\n });\n\n if (existingLike) {\n\n await prisma.commentLike.delete({\n where: {\n userId_commentId: {\n userId: session.userId,\n commentId,\n },\n },\n });\n } else {\n\n await prisma.commentLike.create({\n data: {\n userId: session.userId,\n commentId,\n },\n });\n }\n\n\n const updatedComment = await prisma.comment.findUnique({\n where: { id: commentId },\n include: {\n _count: {\n select: {\n likes: true,\n },\n },\n },\n });\n\n return json({\n isLiked: !existingLike,\n likeCount: updatedComment?._count.likes || 0,\n });\n } catch (err) {\n return handleDatabaseError(err, \"toggle like\");\n }\n}\n\nexport async function GET({ url, cookies }: RequestEvent) {\n try {\n const session = await getSession(cookies);\n if (!session?.userId) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n const rawCommentId = url.searchParams.get(\"commentId\");\n if (!rawCommentId) {\n return json({ error: \"Comment ID is required\" }, { status: 400 });\n }\n\n const commentId = parseInt(rawCommentId, 10);\n if (isNaN(commentId) || commentId <= 0) {\n return json({ error: \"Invalid comment ID\" }, { status: 400 });\n }\n\n const like = await prisma.commentLike.findUnique({\n where: {\n userId_commentId: {\n userId: session.userId,\n commentId,\n },\n },\n });\n\n const likeCount = await prisma.commentLike.count({\n where: {\n commentId,\n },\n });\n\n return json({\n isLiked: !!like,\n likeCount,\n });\n } catch (err) {\n return handleDatabaseError(err, \"check like status\");\n }\n}\n" }, { "path": "src/routes/api/image/[...path]/+server.ts", "content": "import { error } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_IMAGE_URL } from \"$env/static/private\";\n\n// Allowed image sizes from TMDB\nconst ALLOWED_SIZES = new Set([\n 'w45', 'w92', 'w154', 'w185', 'w300', 'w342', 'w500', 'w780',\n 'w1280', 'h632', 'original'\n]);\n\n// Image path pattern: alphanumeric, underscore, hyphen, and dots only\nconst PATH_PATTERN = /^[a-zA-Z0-9_\\-./]+$/;\n\nexport async function GET({ params, fetch }: RequestEvent) {\n if (!TMDB_IMAGE_URL) {\n throw error(500, \"TMDB image URL not configured\");\n }\n\n const path = params.path;\n if (!path) {\n throw error(400, \"Image path is required\");\n }\n\n const [size, ...imagePath] = path.split(\"/\");\n const actualPath = imagePath.join(\"/\");\n\n // Validate size against allowlist\n if (!ALLOWED_SIZES.has(size)) {\n throw error(400, \"Invalid image size\");\n }\n\n if (!actualPath) {\n throw error(400, \"Invalid image path\");\n }\n\n // Sanitize path - prevent path traversal\n if (actualPath.includes('..') || !PATH_PATTERN.test(actualPath)) {\n throw error(400, \"Invalid image path\");\n }\n\n try {\n const imageUrl = `${TMDB_IMAGE_URL}/${size}${actualPath.startsWith(\"/\") ? actualPath : \"/\" + actualPath}`;\n const response = await fetch(imageUrl);\n\n if (!response.ok) {\n throw error(response.status, \"Failed to fetch image\");\n }\n\n const contentType = response.headers.get(\"Content-Type\");\n const headers = new Headers();\n headers.set(\"Content-Type\", contentType || \"image/jpeg\");\n headers.set(\"Cache-Control\", \"public, max-age=31536000\");\n\n return new Response(response.body, {\n status: 200,\n headers,\n });\n } catch (err) {\n if (err && typeof err === 'object' && 'status' in err) {\n throw err; // Re-throw SvelteKit errors\n }\n console.error(\"Image proxy error:\", err);\n throw error(500, \"Failed to load image\");\n }\n}\n" }, { "path": "src/routes/api/movies/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\nimport type { TMDBResponse, TMDBMovie } from \"$lib/types/tmdb\";\n\nexport async function GET({ fetch, url }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: \"TMDB API is not configured. Please add TMDB_API_KEY to your .env file.\"\n }, { status: 200 });\n }\n\n const page = url.searchParams.get(\"page\") || \"1\";\n const sort = url.searchParams.get(\"sort\") || \"trending\";\n const genre = url.searchParams.get(\"genre\");\n const year = url.searchParams.get(\"year\");\n\n try {\n let apiUrl: string;\n const baseParams = `api_key=${TMDB_API_KEY}&language=en-US&page=${page}&vote_average.gte=0.1`;\n\n switch (sort) {\n case \"trending\":\n apiUrl = `${TMDB_API_URL}/trending/movie/week?${baseParams}`;\n break;\n case \"popular\":\n apiUrl = `${TMDB_API_URL}/movie/popular?${baseParams}`;\n break;\n case \"top_rated\":\n apiUrl = `${TMDB_API_URL}/movie/top_rated?${baseParams}`;\n break;\n case \"now_playing\":\n apiUrl = `${TMDB_API_URL}/movie/now_playing?${baseParams}`;\n break;\n case \"upcoming\":\n apiUrl = `${TMDB_API_URL}/movie/upcoming?${baseParams}`;\n break;\n default:\n apiUrl = `${TMDB_API_URL}/discover/movie?${baseParams}`;\n }\n\n if (genre || year) {\n apiUrl = `${TMDB_API_URL}/discover/movie?${baseParams}`;\n if (genre) apiUrl += `&with_genres=${genre}`;\n if (year) apiUrl += `&primary_release_year=${year}`;\n }\n\n const response = await fetch(apiUrl);\n\n if (response.status === 401) {\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: \"Invalid TMDB API key. Please check your TMDB_API_KEY in .env file.\"\n }, { status: 200 });\n }\n\n if (!response.ok) {\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: `Failed to fetch movies (${response.status})`\n }, { status: 200 });\n }\n\n const data = await response.json() as TMDBResponse;\n data.results = data.results.filter((movie) => movie.vote_average > 0);\n\n return json(data);\n } catch (err) {\n console.error(\"Error fetching movies:\", err);\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: \"Failed to fetch movies. Please try again later.\"\n }, { status: 200 });\n }\n}\n" }, { "path": "src/routes/api/movies/trending/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\n\nexport async function GET({ fetch }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n results: [],\n error: \"TMDB API is not configured\"\n }, { status: 200 });\n }\n\n try {\n const response = await fetch(\n `${TMDB_API_URL}/trending/movie/week?api_key=${TMDB_API_KEY}&language=en-US`,\n );\n\n if (!response.ok) {\n return json({\n results: [],\n error: `Failed to fetch trending movies (${response.status})`\n }, { status: 200 });\n }\n\n const data = await response.json();\n return json(data);\n } catch (err) {\n console.error(\"Error fetching trending movies:\", err);\n return json({\n results: [],\n error: \"Failed to fetch trending movies\"\n }, { status: 200 });\n }\n}\n" }, { "path": "src/routes/api/providers/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport { env } from \"$env/dynamic/private\";\n\n// Validate that URLs are HTTPS and from expected patterns\nfunction validateProviderUrl(url: string | undefined): string | null {\n if (!url) return null;\n\n try {\n const parsed = new URL(url);\n // Only allow HTTPS URLs\n if (parsed.protocol !== 'https:') {\n return null;\n }\n return url;\n } catch {\n return null;\n }\n}\n\nexport async function GET() {\n return json({\n vidsrc: validateProviderUrl(env.VIDSRC_BASE_URL),\n vidlink: validateProviderUrl(env.VIDLINK_BASE_URL),\n movies111: validateProviderUrl(env.MOVIES111_BASE_URL),\n embed2: validateProviderUrl(env.EMBED2_BASE_URL),\n });\n}\n" }, { "path": "src/routes/api/release-info/[type]/[id]/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\n\ninterface ReleaseDate {\n certification: string;\n iso_639_1?: string;\n release_date: string;\n type: number;\n note?: string;\n}\n\ninterface ReleaseDateResult {\n iso_3166_1: string;\n release_dates: ReleaseDate[];\n}\n\ninterface WatchProviderRegion {\n flatrate?: Array<{ provider_name: string }>;\n rent?: Array<{ provider_name: string }>;\n buy?: Array<{ provider_name: string }>;\n}\n\nexport async function GET({ params, fetch }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n releaseType: \"Unknown Quality\",\n certifications: {},\n });\n }\n\n const { type, id } = params;\n const mediaType = type === \"tv\" ? \"tv\" : \"movie\";\n\n try {\n const [releaseDatesResponse, watchProvidersResponse] = await Promise.all([\n fetch(`${TMDB_API_URL}/${mediaType}/${id}/release_dates?api_key=${TMDB_API_KEY}`),\n fetch(`${TMDB_API_URL}/${mediaType}/${id}/watch/providers?api_key=${TMDB_API_KEY}`),\n ]);\n\n if (!releaseDatesResponse.ok || !watchProvidersResponse.ok) {\n return json({\n releaseType: \"Unknown Quality\",\n certifications: {},\n });\n }\n\n const releaseDatesData = await releaseDatesResponse.json();\n const watchProvidersData = await watchProvidersResponse.json();\n\n const currentUtcDate = new Date(\n Date.UTC(\n new Date().getUTCFullYear(),\n new Date().getUTCMonth(),\n new Date().getUTCDate(),\n ),\n );\n\n const releases: ReleaseDate[] = releaseDatesData.results?.flatMap(\n (result: ReleaseDateResult) => result.release_dates,\n ) || [];\n\n // Extract certifications\n const certifications: Record = {};\n releaseDatesData.results?.forEach((result: ReleaseDateResult) => {\n const certificationEntry = result.release_dates.find(\n (release) => release.certification,\n );\n if (certificationEntry) {\n certifications[result.iso_3166_1] = certificationEntry.certification;\n }\n });\n\n // Check release types\n const isDigitalRelease = releases.some(\n (release) =>\n [4, 6].includes(release.type) &&\n new Date(release.release_date).getTime() <= currentUtcDate.getTime(),\n );\n\n const isInTheaters = releases.some((release) => {\n const releaseDate = new Date(release.release_date);\n return release.type === 3 && releaseDate.getTime() <= currentUtcDate.getTime();\n });\n\n const hasFutureRelease = releases.some(\n (release) => new Date(release.release_date).getTime() > currentUtcDate.getTime(),\n );\n\n const availableRegions = Object.keys(watchProvidersData.results || {});\n const isStreamingAvailable = availableRegions.some(\n (region) => (watchProvidersData.results?.[region]?.flatrate || []).length > 0,\n );\n\n const isRentalOrPurchaseAvailable = availableRegions.some((region: string) => {\n const data = watchProvidersData.results?.[region] as WatchProviderRegion | undefined;\n const rentProviders = data?.rent || [];\n const buyProviders = data?.buy || [];\n return rentProviders.length > 0 || buyProviders.length > 0;\n });\n\n // Determine release type\n let releaseType: string;\n if (isInTheaters && !isStreamingAvailable && !isDigitalRelease) {\n releaseType = \"Cam\";\n } else if (isStreamingAvailable || isDigitalRelease) {\n releaseType = \"HD\";\n } else if (hasFutureRelease && !isInTheaters) {\n releaseType = \"Not Released Yet\";\n } else if (isRentalOrPurchaseAvailable) {\n releaseType = \"Rental/Buy Available\";\n } else {\n releaseType = \"Unknown Quality\";\n }\n\n return json({ releaseType, certifications });\n } catch (err) {\n console.error(\"Error fetching release info:\", err);\n return json({\n releaseType: \"Unknown Quality\",\n certifications: {},\n });\n }\n}\n" }, { "path": "src/routes/api/tv/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\nimport type { TMDBResponse, TMDBTVShow } from \"$lib/types/tmdb\";\n\nexport async function GET({ fetch, url }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: \"TMDB API is not configured. Please add TMDB_API_KEY to your .env file.\"\n }, { status: 200 });\n }\n\n const page = url.searchParams.get(\"page\") || \"1\";\n const sort = url.searchParams.get(\"sort\") || \"trending\";\n const genre = url.searchParams.get(\"genre\");\n const year = url.searchParams.get(\"year\");\n\n try {\n let apiUrl: string;\n const baseParams = `api_key=${TMDB_API_KEY}&language=en-US&page=${page}&vote_average.gte=0.1`;\n\n switch (sort) {\n case \"trending\":\n apiUrl = `${TMDB_API_URL}/trending/tv/week?${baseParams}`;\n break;\n case \"popular\":\n apiUrl = `${TMDB_API_URL}/tv/popular?${baseParams}`;\n break;\n case \"top_rated\":\n apiUrl = `${TMDB_API_URL}/tv/top_rated?${baseParams}`;\n break;\n case \"on_the_air\":\n apiUrl = `${TMDB_API_URL}/tv/on_the_air?${baseParams}`;\n break;\n case \"airing_today\":\n apiUrl = `${TMDB_API_URL}/tv/airing_today?${baseParams}`;\n break;\n default:\n apiUrl = `${TMDB_API_URL}/discover/tv?${baseParams}`;\n }\n\n if (genre || year) {\n apiUrl = `${TMDB_API_URL}/discover/tv?${baseParams}`;\n if (genre) apiUrl += `&with_genres=${genre}`;\n if (year) apiUrl += `&first_air_date_year=${year}`;\n }\n\n const response = await fetch(apiUrl);\n\n if (response.status === 401) {\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: \"Invalid TMDB API key. Please check your TMDB_API_KEY in .env file.\"\n }, { status: 200 });\n }\n\n if (!response.ok) {\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: `Failed to fetch TV shows (${response.status})`\n }, { status: 200 });\n }\n\n const data = await response.json() as TMDBResponse;\n data.results = data.results.filter((show) => show.vote_average > 0);\n\n return json(data);\n } catch (err) {\n console.error(\"Error fetching TV shows:\", err);\n return json({\n results: [],\n total_pages: 0,\n total_results: 0,\n page: 1,\n error: \"Failed to fetch TV shows. Please try again later.\"\n }, { status: 200 });\n }\n}\n" }, { "path": "src/routes/api/tv/[id]/season/[season]/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\n\ninterface Episode {\n id: number;\n name: string;\n overview: string;\n episode_number: number;\n air_date: string;\n still_path: string | null;\n vote_average: number;\n vote_count: number;\n runtime: number | null;\n}\n\ninterface SeasonResponse {\n episodes: Episode[];\n}\n\nexport async function GET({ params, fetch }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n episodes: [],\n error: \"TMDB API is not configured\"\n }, { status: 200 });\n }\n\n const { id, season } = params;\n\n try {\n const response = await fetch(\n `${TMDB_API_URL}/tv/${id}/season/${season}?api_key=${TMDB_API_KEY}&language=en-US`,\n );\n\n if (!response.ok) {\n return json({\n episodes: [],\n error: `Failed to fetch season details (${response.status})`\n }, { status: 200 });\n }\n\n const data: SeasonResponse = await response.json();\n\n const currentDate = new Date();\n const episodes = data.episodes.filter((episode: Episode) => {\n const airDate = new Date(episode.air_date);\n return airDate <= currentDate;\n });\n\n return json({ episodes });\n } catch (err) {\n console.error(\"Error fetching season episodes:\", err);\n return json({\n episodes: [],\n error: \"Failed to fetch season episodes\"\n }, { status: 200 });\n }\n}\n" }, { "path": "src/routes/api/tv/[id]/seasons/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\n\nexport async function GET({ params, fetch }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n seasons: [],\n error: \"TMDB API is not configured\"\n }, { status: 200 });\n }\n\n const { id } = params;\n\n try {\n const response = await fetch(\n `${TMDB_API_URL}/tv/${id}?api_key=${TMDB_API_KEY}&language=en-US`,\n );\n\n if (!response.ok) {\n return json({\n seasons: [],\n error: `Failed to fetch TV show details (${response.status})`\n }, { status: 200 });\n }\n\n const data = await response.json();\n return json({ seasons: data.seasons });\n } catch (err) {\n console.error(\"Error fetching TV show seasons:\", err);\n return json({\n seasons: [],\n error: \"Failed to fetch TV show seasons\"\n }, { status: 200 });\n }\n}\n" }, { "path": "src/routes/api/tv/trending/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { TMDB_API_KEY, TMDB_API_URL } from \"$env/static/private\";\n\nexport async function GET({ fetch }: RequestEvent) {\n if (!TMDB_API_KEY || !TMDB_API_URL) {\n return json({\n results: [],\n error: \"TMDB API is not configured\"\n }, { status: 200 });\n }\n\n try {\n const response = await fetch(\n `${TMDB_API_URL}/trending/tv/week?api_key=${TMDB_API_KEY}&language=en-US`,\n );\n\n if (!response.ok) {\n return json({\n results: [],\n error: `Failed to fetch trending TV shows (${response.status})`\n }, { status: 200 });\n }\n\n const data = await response.json();\n return json(data);\n } catch (err) {\n console.error(\"Error fetching trending TV shows:\", err);\n return json({\n results: [],\n error: \"Failed to fetch trending TV shows\"\n }, { status: 200 });\n }\n}\n" }, { "path": "src/routes/api/users/search/+server.ts", "content": "import { error, json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { prisma } from \"$lib/server/prisma\";\n\nfunction escapeLikePattern(pattern: string): string {\n return pattern.replace(/[%_\\\\]/g, '\\\\$&');\n}\n\nexport async function GET({ url, locals }: RequestEvent) {\n if (!locals.user) {\n throw error(401, \"Unauthorized\");\n }\n\n const query = url.searchParams.get(\"q\");\n if (!query) {\n throw error(400, \"Query parameter is required\");\n }\n\n if (query.length > 50) {\n throw error(400, \"Query too long\");\n }\n\n try {\n const escapedQuery = escapeLikePattern(query);\n const users = await prisma.user.findMany({\n where: {\n username: {\n contains: escapedQuery,\n },\n NOT: {\n id: locals.user.id,\n },\n },\n select: {\n id: true,\n username: true,\n },\n orderBy: {\n username: 'asc',\n },\n take: 5,\n });\n\n return json(users);\n } catch (err) {\n console.error(\"Error searching users:\", err);\n throw error(500, \"Failed to search users\");\n }\n}\n" }, { "path": "src/routes/api/watchlist/+server.ts", "content": "import { json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { watchlistService } from \"$lib/server/services/watchlist\";\nimport { handleDatabaseError } from \"$lib/server/services/db-error\";\nimport { z } from \"zod\";\n\nconst mediaTypeSchema = z.enum([\"movie\", \"tv\"]);\n\nconst addToWatchlistSchema = z.object({\n mediaId: z.number().int().positive(),\n mediaType: mediaTypeSchema,\n title: z.string().min(1).max(500),\n posterPath: z.string().max(500).nullable().optional(),\n voteAverage: z.number().min(0).max(10).optional().default(0),\n});\n\nconst removeFromWatchlistSchema = z.object({\n mediaId: z.number().int().positive(),\n mediaType: mediaTypeSchema,\n});\n\nexport async function GET({ locals }: RequestEvent) {\n if (!locals.user) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n try {\n const items = await watchlistService.getWatchlist(locals.user.id);\n const total = await watchlistService.getWatchlistCount(locals.user.id);\n return json({ items, total });\n } catch (err) {\n return handleDatabaseError(err, \"fetch watchlist\");\n }\n}\n\nexport async function POST({ request, locals }: RequestEvent) {\n if (!locals.user) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n try {\n const body = await request.json();\n const validation = addToWatchlistSchema.safeParse(body);\n\n if (!validation.success) {\n return json(\n { error: \"Invalid request data\", details: validation.error.flatten() },\n { status: 400 },\n );\n }\n\n const { mediaId, mediaType, title, posterPath, voteAverage } = validation.data;\n\n const watchlistItem = await watchlistService.addToWatchlist(\n locals.user.id,\n mediaId,\n mediaType,\n title,\n posterPath ?? null,\n voteAverage,\n );\n\n return json(watchlistItem);\n } catch (err) {\n return handleDatabaseError(err, \"add to watchlist\");\n }\n}\n\nexport async function DELETE({ request, locals }: RequestEvent) {\n if (!locals.user) {\n return json({ error: \"Unauthorized\" }, { status: 401 });\n }\n\n try {\n const body = await request.json();\n const validation = removeFromWatchlistSchema.safeParse(body);\n\n if (!validation.success) {\n return json(\n { error: \"Invalid request data\", details: validation.error.flatten() },\n { status: 400 },\n );\n }\n\n const { mediaId, mediaType } = validation.data;\n\n await watchlistService.removeFromWatchlist(\n locals.user.id,\n mediaId,\n mediaType,\n );\n\n return json({ message: \"Item removed from watchlist\" });\n } catch (err) {\n return handleDatabaseError(err, \"remove from watchlist\");\n }\n}\n" }, { "path": "src/routes/api/watchlist/check/+server.ts", "content": "import { error, json } from \"@sveltejs/kit\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { watchlistService } from \"$lib/server/services/watchlist\";\nimport { isDatabaseConnectionError } from \"$lib/server/services/db-error\";\n\nexport async function GET({ url, locals }: RequestEvent) {\n if (!locals.user) {\n throw error(401, \"Unauthorized\");\n }\n\n const mediaId = parseInt(url.searchParams.get(\"mediaId\") || \"\");\n const mediaType = url.searchParams.get(\"mediaType\");\n\n if (isNaN(mediaId) || !mediaType || ![\"movie\", \"tv\"].includes(mediaType)) {\n throw error(400, \"Invalid mediaId or mediaType\");\n }\n\n try {\n const inWatchlist = await watchlistService.isInWatchlist(\n locals.user.id,\n mediaId,\n mediaType as \"movie\" | \"tv\"\n );\n\n return json({ inWatchlist });\n } catch (err) {\n if (isDatabaseConnectionError(err)) {\n console.error(\"Database unavailable:\", err instanceof Error ? err.message : 'Unknown error');\n throw error(503, \"Service temporarily unavailable\");\n }\n console.error(\"Error checking watchlist:\", err);\n throw error(500, \"Failed to check watchlist\");\n }\n}\n" }, { "path": "src/routes/dmca/+page.svelte", "content": "
\n
\n

DMCA Notice

\n\n
\n
\n

\n This site does not store any files on our server, we only linked to the media which is hosted on 3rd party services.\n

\n
\n\n

About Our Service

\n

\n This site is a search and indexing service that:\n

\n
    \n
  • Provides links to content hosted on third-party services
    • \n
  • Does not host or upload any media files
    • \n
  • Does not have control over third-party content
    • \n
  • Functions as a search engine for streaming content
    • \n
\n\n

Third-Party Content

\n

\n All media content displayed on this site is hosted by and streamed from third-party services. We:\n

\n
    \n
  • Do not upload or host any media files
    • \n
  • Do not control the content on third-party services
    • \n
  • Only provide indexing and search functionality
    • \n
  • Link to publicly available content from various sources
    • \n
\n\n

Copyright Claims

\n

\n If you find content that infringes your copyright:\n

\n
    \n
  • Contact the hosting service directly where the content is stored
    • \n
  • Request removal from the source hosting the content
    • \n
  • Once removed from the source, it will no longer be accessible through our service
    • \n
\n
\n
\n
\n" }, { "path": "src/routes/login/+page.svelte", "content": "\n\n
\n
\n
\n

Login

\n\n
\n {#if error}\n
\n {error}\n
\n {/if}\n\n
\n \n \n
\n\n
\n \n \n
\n\n
\n \n Forgot password?\n \n
\n\n \n {loading ? 'Logging in...' : 'Login'}\n \n\n
\n Don't have an account?\n \n Register\n \n
\n \n
\n
\n
\n" }, { "path": "src/routes/media/[id]/+page.server.ts", "content": "import { error } from \"@sveltejs/kit\";\nimport type { ServerLoad } from \"@sveltejs/kit\";\nimport { TMDBService } from \"$lib/services/tmdb\";\nimport type { TMDBMovie, TMDBTVShow } from \"$lib/types/tmdb\";\n\ninterface PageData {\n media: TMDBMovie | TMDBTVShow;\n type: \"movie\" | \"tv\";\n season?: number;\n episode?: number;\n}\n\nexport const load: ServerLoad = async ({ params, url }) => {\n const tmdb = new TMDBService();\n const mediaType = url.searchParams.get(\"type\") || \"movie\";\n const season = url.searchParams.get(\"season\");\n const episode = url.searchParams.get(\"episode\");\n const id = parseInt(params.id as string);\n\n if (isNaN(id)) {\n throw error(400, \"Invalid media ID\");\n }\n\n try {\n if (mediaType === \"movie\") {\n const movie = await tmdb.getMovieDetails(id);\n return {\n media: movie,\n type: \"movie\",\n } satisfies PageData;\n } else {\n const show = await tmdb.getTVShowDetails(id);\n return {\n media: show,\n type: \"tv\",\n season: season ? parseInt(season) : 1,\n episode: episode ? parseInt(episode) : 1,\n } satisfies PageData;\n }\n } catch (e) {\n console.error(\"Failed to load media details:\", e);\n throw error(500, \"Failed to load media details\");\n }\n};\n" }, { "path": "src/routes/media/[id]/+page.svelte", "content": "\n\n
\n
\n {#if media?.backdrop_path}\n
\n \n
\n
\n {/if}\n\n
\n
\n \n
\n
\n \n
\n \n {#each providers as provider}\n \n {/each}\n \n\n
\n \n
\n
\n\n \n
\n \n
\n\n
\n
\n
\n
\n \n {mediaType === 'tv' ? 'TV Series' : 'Movie'}\n \n {#if mediaType === 'tv'}\n \n {seasonCount} {seasonCount === 1 ? 'Season' : 'Seasons'} • {episodeCount} {episodeCount === 1 ? 'Episode' : 'Episodes'}\n \n {/if}\n
\n
\n

{media.title || media.name}

\n
\n {#if mediaType === 'tv'}\n showEpisodeModal = true}\n >\n {selectedSeason && selectedEpisode\n ? `S${selectedSeason}E${selectedEpisode}`\n : 'Select Episode'}\n \n\n {#if selectedSeason && selectedEpisode}\n \n {/if}\n {/if}\n
\n
\n
\n
\n\n
\n {formatDate(media.release_date || media.first_air_date)}\n {#if media.runtime}\n \n {media.runtime} min\n {/if}\n \n
\n \n \n \n {media.vote_average.toFixed(1)}\n
\n
\n\n

{media.overview}

\n\n {#if media.genres?.length}\n
\n {#each media.genres as genre}\n \n {genre.name}\n \n {/each}\n
\n {/if}\n
\n
\n\n
\n

Comments

\n \n
\n
\n\n \n
\n
\n
\n \n
\n
\n
\n
\n
\n
\n
\n\n\n" }, { "path": "src/routes/movies/+page.server.ts", "content": "import type { ServerLoad } from \"@sveltejs/kit\";\nimport { TMDBService } from \"$lib/services/tmdb\";\nimport type { FilterOptions } from \"$lib/types/filters\";\nimport { parseQueryString } from \"$lib/types/filters\";\n\nconst tmdbService = new TMDBService();\n\nexport const load: ServerLoad = async ({ url }) => {\n try {\n\n const filters = parseQueryString(url.search);\n\n\n const genres = await tmdbService.getMovieGenres();\n\n\n const {\n results: movies,\n total_pages: totalPages,\n total_results: totalResults,\n } = await fetchFilteredMovies(filters);\n\n return {\n movies,\n genres,\n totalPages: Math.min(totalPages, 500),\n totalResults,\n };\n } catch (error) {\n console.error(\"Failed to load movies:\", error);\n return {\n movies: [],\n genres: [],\n totalPages: 0,\n totalResults: 0,\n error: \"Failed to load movies\",\n };\n }\n};\n\nasync function fetchFilteredMovies(filters: FilterOptions) {\n const {\n query,\n genres,\n year,\n rating,\n sortBy = \"popularity\",\n sortOrder = \"desc\",\n page = 1,\n } = filters;\n\n\n if (query) {\n return tmdbService.searchMovies(query, page);\n }\n\n\n const params: Record = {\n page,\n sort_by: `${sortBy}.${sortOrder}`,\n \"vote_count.gte\": 100,\n };\n\n\n if (genres && genres.length > 0) {\n params.with_genres = genres.join(\",\");\n }\n\n\n if (year) {\n params.primary_release_year = year;\n }\n\n\n if (rating) {\n params[\"vote_average.gte\"] = rating;\n }\n\n\n params.with_original_language = \"en\";\n\n\n return tmdbService.discoverMovies(params);\n}\n" }, { "path": "src/routes/movies/+page.svelte", "content": "\n\n
\n
\n

Movies

\n
\n\n \n\n {#if selectedMovie}\n
\n
\n
\n

{selectedMovie.title}

\n selectedMovie = null}\n aria-label=\"Close video player\"\n >\n \n \n \n \n
\n \n
\n
\n {/if}\n\n {#if loading && movies.length === 0}\n
\n
\n
\n {:else if error}\n
\n {error}\n
\n {:else if movies.length === 0}\n
\n No movies found matching your criteria\n
\n {:else}\n
\n {#each movies as movie (movie.id)}\n handleMovieClick(movie)}\n on:keydown={(e) => e.key === 'Enter' && handleMovieClick(movie)}\n role=\"button\"\n tabindex=\"0\"\n >\n \n
\n {/each}\n
\n\n {#if page < totalPages}\n
\n \n {loading ? 'Loading...' : 'Load More'}\n \n
\n {/if}\n {/if}\n\n" }, { "path": "src/routes/register/+page.svelte", "content": "\n\n
\n
\n
\n

Create Account

\n\n
\n {#if error}\n
\n {error}\n
\n {/if}\n\n
\n \n \n

Must be at least 3 characters long

\n
\n\n
\n \n \n
\n\n
\n \n \n

\n Must be at least 8 characters with uppercase, lowercase, and numbers\n

\n
\n\n
\n \n \n
\n\n
\n \n
\n\n \n {loading ? 'Creating account...' : 'Create Account'}\n \n\n
\n Already have an account?\n \n Login\n \n
\n \n
\n
\n
\n" }, { "path": "src/routes/reset-password/+page.svelte", "content": "\n\n
\n
\n
\n
\n

\n Reset Password\n

\n

\n Enter your username or email to receive password reset instructions\n

\n
\n\n
\n {#if error}\n
\n {error}\n
\n {/if}\n\n {#if success}\n
\n {success}\n
\n {/if}\n\n
\n \n \n
\n\n
\n \n Back to login\n \n
\n\n \n {#if loading}\n \n \n \n \n Sending...\n {:else}\n Send Reset Instructions\n {/if}\n \n \n
\n
\n
\n" }, { "path": "src/routes/reset-password/[token]/+page.svelte", "content": "\n\n
\n
\n
\n
\n

\n Set New Password\n

\n

\n Please choose a strong password that includes uppercase and lowercase letters, numbers, and is at least 8 characters long.\n

\n
\n\n
\n {#if error}\n
\n {error}\n
\n {/if}\n\n {#if success}\n
\n {success}\n
\n {/if}\n\n
\n
\n \n \n
\n\n
\n \n \n
\n
\n\n \n {#if loading}\n \n \n \n \n Resetting password...\n {:else}\n Reset Password\n {/if}\n \n \n
\n
\n
\n" }, { "path": "src/routes/search/+page.server.ts", "content": "import type { PageServerLoad } from \"./$types\";\nimport { TMDBService } from \"$lib/services/tmdb\";\n\nconst tmdb = new TMDBService();\n\nexport const load = (async ({ url }) => {\n const query = url.searchParams.get(\"query\");\n const page = parseInt(url.searchParams.get(\"page\") || \"1\");\n\n if (!query) {\n return { results: [], totalPages: 0 };\n }\n\n const data = await tmdb.searchMulti(query, page);\n const results = data.results.filter(\n (item) =>\n (item.media_type === \"movie\" || item.media_type === \"tv\") &&\n item.poster_path &&\n item.vote_average > 0\n );\n\n return {\n results,\n totalPages: Math.min(data.total_pages, 500),\n };\n}) satisfies PageServerLoad;\n" }, { "path": "src/routes/search/+page.svelte", "content": "\n\n
\n

Search

\n\n
\n
\n \n \n Search\n \n
\n
\n\n {#if !searchQuery}\n
\n

Enter a search term

\n
\n {:else if results.length === 0}\n
\n

No results found

\n
\n {:else}\n
\n {#if mounted}\n {#each results as item (item.id)}\n \n {/each}\n {/if}\n
\n\n {#if totalPages > 1}\n
\n {#if parseInt($page.url.searchParams.get('page') || '1') > 1}\n \n Previous\n \n {/if}\n\n \n Page {$page.url.searchParams.get('page') || '1'} of {totalPages}\n \n\n {#if parseInt($page.url.searchParams.get('page') || '1') < totalPages}\n \n Next\n \n {/if}\n
\n {/if}\n {/if}\n
\n" }, { "path": "src/routes/tv/+page.server.ts", "content": "import type { ServerLoad } from \"@sveltejs/kit\";\nimport { TMDBService } from \"$lib/services/tmdb\";\nimport type { FilterOptions } from \"$lib/types/filters\";\nimport { parseQueryString } from \"$lib/types/filters\";\n\nconst tmdbService = new TMDBService();\n\nexport const load: ServerLoad = async ({ url }) => {\n try {\n\n const filters = parseQueryString(url.search);\n\n\n const genres = await tmdbService.getTVGenres();\n\n\n const {\n results: shows,\n total_pages: totalPages,\n total_results: totalResults,\n } = await fetchFilteredShows(filters);\n\n return {\n shows,\n genres,\n totalPages: Math.min(totalPages, 500),\n totalResults,\n };\n } catch (error) {\n console.error(\"Failed to load TV shows:\", error);\n return {\n shows: [],\n genres: [],\n totalPages: 0,\n totalResults: 0,\n error: \"Failed to load TV shows\",\n };\n }\n};\n\nasync function fetchFilteredShows(filters: FilterOptions) {\n const {\n query,\n genres,\n year,\n rating,\n sortBy = \"popularity\",\n sortOrder = \"desc\",\n page = 1,\n } = filters;\n\n\n if (query) {\n return tmdbService.searchTVShows(query, page);\n }\n\n\n const params: Record = {\n page,\n sort_by: `${sortBy}.${sortOrder}`,\n \"vote_count.gte\": 100,\n };\n\n\n if (genres && genres.length > 0) {\n params.with_genres = genres.join(\",\");\n }\n\n\n if (year) {\n params.first_air_date_year = year;\n }\n\n\n if (rating) {\n params[\"vote_average.gte\"] = rating;\n }\n\n\n params.with_original_language = \"en\";\n\n\n params.include_null_first_air_dates = false;\n params.screened_theatrically = true;\n params[\"with_status\"] = \"0,2,3\";\n\n\n return tmdbService.discoverTVShows(params);\n}\n" }, { "path": "src/routes/tv/+page.svelte", "content": "\n\n
\n
\n

TV Shows

\n
\n\n \n\n {#if selectedShow && selectedSeason && selectedEpisode}\n
\n
\n
\n
\n

{selectedShow.name}

\n

Season {selectedSeason} Episode {selectedEpisode}

\n
\n selectedShow = null}\n aria-label=\"Close video player\"\n >\n \n \n \n \n
\n \n
\n
\n {/if}\n\n {#if loading && shows.length === 0}\n
\n
\n
\n {:else if error}\n
\n {error}\n
\n {:else if shows.length === 0}\n
\n No TV shows found matching your criteria\n
\n {:else}\n
\n {#each shows as show (show.id)}\n handleShowClick(show)}\n on:keydown={(e) => e.key === 'Enter' && handleShowClick(show)}\n role=\"button\"\n tabindex=\"0\"\n >\n \n
\n {/each}\n
\n\n {#if page < totalPages}\n
\n \n {loading ? 'Loading...' : 'Load More'}\n \n
\n {/if}\n {/if}\n\n\n{#if showEpisodeModal && selectedShow}\n
\n
\n
\n

Select Episode

\n showEpisodeModal = false}\n aria-label=\"Close episode selection\"\n >\n \n \n \n \n
\n\n
\n \n
\n

Seasons

\n {#each seasons as season}\n selectSeason(season.season_number)}\n >\n
Season {season.season_number}
\n
{season.episode_count} Episodes
\n \n {/each}\n
\n\n \n {#if selectedSeason && episodes.length > 0}\n
\n

Episodes

\n {#each episodes as episode}\n selectEpisode(episode.episode_number)}\n >\n
\n Episode {episode.episode_number}: {episode.name}\n
\n
\n Air Date: {new Date(episode.air_date).toLocaleDateString()}\n
\n \n {/each}\n
\n {/if}\n
\n
\n
\n{/if}\n" }, { "path": "src/routes/watchlist/+page.server.ts", "content": "import { error } from \"@sveltejs/kit\";\nimport type { ServerLoad } from \"@sveltejs/kit\";\nimport { watchlistService } from \"$lib/server/services/watchlist\";\nimport { TMDBService } from \"$lib/services/tmdb\";\n\nexport const load: ServerLoad = async ({ locals }) => {\n if (!locals.user) {\n throw error(401, \"Unauthorized\");\n }\n\n const tmdbService = new TMDBService();\n\n try {\n const watchlist = await watchlistService.getWatchlist(locals.user.id);\n\n\n const mediaDetails = await Promise.all(\n watchlist.map(async (item) => {\n try {\n if (item.mediaType === \"movie\") {\n const movie = await tmdbService.getMovieDetails(item.mediaId);\n return {\n ...movie,\n mediaType: \"movie\" as const,\n addedAt: item.addedAt,\n };\n } else {\n const show = await tmdbService.getTVShowDetails(item.mediaId);\n return {\n ...show,\n mediaType: \"tv\" as const,\n addedAt: item.addedAt,\n };\n }\n } catch (error) {\n console.error(\n `Failed to fetch details for ${item.mediaType} ${item.mediaId}:`,\n error,\n );\n return null;\n }\n }),\n );\n\n\n const validMediaDetails = mediaDetails\n .filter((item): item is NonNullable => item !== null)\n .sort(\n (a, b) => new Date(b.addedAt).getTime() - new Date(a.addedAt).getTime(),\n );\n\n return {\n watchlistItems: validMediaDetails,\n };\n } catch (e) {\n console.error(\"Failed to load watchlist:\", e);\n throw error(500, \"Failed to load watchlist\");\n }\n};\n" }, { "path": "src/routes/watchlist/+page.svelte", "content": "\n\n
\n

My Watchlist

\n\n {#if loading}\n
\n
\n
\n {:else if error}\n
\n {error}\n
\n {:else if items.length === 0}\n
\n

Your watchlist is empty

\n

Add movies or TV shows to watch later!

\n
\n {:else}\n
\n {#each items as item (item.id)}\n \n {/each}\n
\n {/if}\n
\n" }, { "path": "svelte.config.js", "content": "import adapter from \"@sveltejs/adapter-node\";\nimport { preprocessMeltUI } from \"@melt-ui/pp\";\nimport sequence from \"svelte-sequential-preprocessor\";\nimport preprocess from \"svelte-preprocess\";\n\n/** @type {import('@sveltejs/kit').Config} */\nconst config = {\n kit: {\n adapter: adapter({\n out: 'build',\n precompress: true,\n envPrefix: 'APP_',\n polyfill: true,\n external: [],\n }),\n csrf: {\n checkOrigin: true,\n },\n },\n preprocess: sequence([\n preprocess({\n postcss: true,\n }),\n preprocessMeltUI(),\n ]),\n};\n\nexport default config;\n" }, { "path": "tailwind.config.js", "content": "/** @type {import('tailwindcss').Config} */\nexport default {\n content: [\"./src/**/*.{html,js,svelte,ts}\"],\n theme: {\n extend: {\n colors: {\n primary: {\n 50: \"#f0f9ff\",\n 100: \"#e0f2fe\",\n 200: \"#bae6fd\",\n 300: \"#7dd3fc\",\n 400: \"#38bdf8\",\n 500: \"#0ea5e9\",\n 600: \"#0284c7\",\n 700: \"#0369a1\",\n 800: \"#075985\",\n 900: \"#0c4a6e\",\n 950: \"#082f49\",\n },\n },\n animation: {\n \"spin-slow\": \"spin 3s linear infinite\",\n },\n transitionProperty: {\n \"max-height\": \"max-height\",\n },\n },\n },\n plugins: [\n require(\"@tailwindcss/typography\"),\n require(\"@tailwindcss/forms\"),\n require(\"@tailwindcss/aspect-ratio\"),\n ],\n};\n" }, { "path": "tsconfig.json", "content": "{\n \"extends\": \"./.svelte-kit/tsconfig.json\",\n \"compilerOptions\": {\n \"allowJs\": true,\n \"checkJs\": true,\n \"esModuleInterop\": true,\n \"forceConsistentCasingInFileNames\": true,\n \"resolveJsonModule\": true,\n \"skipLibCheck\": true,\n \"sourceMap\": true,\n \"strict\": true,\n \"moduleResolution\": \"bundler\"\n },\n \"include\": [\n \".svelte-kit/ambient.d.ts\",\n \".svelte-kit/types/**/$types.d.ts\",\n \"vite.config.ts\",\n \"src/**/*.js\",\n \"src/**/*.ts\",\n \"src/**/*.svelte\",\n \"tests/**/*.js\",\n \"tests/**/*.ts\",\n \"tests/**/*.svelte\"\n ]\n}\n" }, { "path": "vite.config.ts", "content": "import { sveltekit } from \"@sveltejs/kit/vite\";\nimport { defineConfig } from \"vite\";\n\nexport default defineConfig({\n plugins: [sveltekit()],\n test: {\n environment: \"node\",\n include: [\"src/**/*.test.ts\"],\n },\n});\n" } ]