Feat: Switch to OpenRouter and add ntfy alerts

functions/api/posts.js

@@ -3,6 +3,7 @@ const cookie=c=>(c.match(/auth_user=([^;]+)/)?.[1]||null);
 const hash=c=>(c.match(/auth_hash=([^;]+)/)?.[1]||null);
 const tsEq=(a,b)=>{if(!a||!b)return!1;let d=a.length^b.length;for(let i=0;i<a.length;i++)d|=a.charCodeAt(i)^b.charCodeAt(i);return d===0};
 const auth=async(req,db)=>{const c=req.headers.get('Cookie')||'',u=cookie(c),h=hash(c);if(!u||!h)return null;const user=await db.prepare('SELECT id,username,role,pass_hash,banned_until FROM users WHERE username=?').bind(u).first();if(!user||!tsEq(user.pass_hash,h)||(user.banned_until&&new Date(user.banned_until.replace(' ','T')+'Z')>new Date()))return null;return user};
+const notify=(url,msg,prio=3)=>{if(!url)return;const target=url.startsWith('http')?url:`https://${url}`;fetch(target,{method:'POST',body:msg,headers:{'X-Priority':prio.toString()}}).catch(()=>{})};
 
 export async function onRequest({request,env}){
   if(request.method==='OPTIONS'){
@@ -35,7 +36,7 @@ export async function onRequestGet({request,env}){
 
 export async function onRequestPost({request,env}){
   try{
-    if(!env.GOOGLE_KEY)return json({error:{message:'Server configuration error: Missing API key.'}},{status:500},request);
+    if(!env.OPENROUTER_KEY)return json({error:{message:'Server configuration error: Missing API key.'}},{status:500},request);
     const user=await auth(request,env.D1_SPCHCAP);
     if(!user)return json({error:'Unauthorized'},{status:401},request);
     
@@ -47,9 +48,23 @@ export async function onRequestPost({request,env}){
     const{sub,title,link,content}=body;
     if(!sub||!title)return json({error:'Missing fields'},{status:400},request);
     
-    const mod=await fetch(`https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-lite:generateContent?key=${env.GOOGLE_KEY}`,{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({contents:[{parts:[{text:`Is this content permissible for a public forum that values free speech, even if it's controversial? Offensive content is okay, but illegal content, spam, or direct threats are not. Respond ONLY "yes" or "no".\n\n${title}\n\n${content||''}\n\nReminder: be lenient. Only reject illegal content, spam, or direct threats. Respond ONLY "yes" or "no".`}]}]})});
+    const modRes=await fetch('https://openrouter.ai/api/v1/chat/completions',{
-    if(!mod.ok){const err=await mod.text();return json({error:{message:`Moderation failed: ${err}`}},{status:500},request)}
+      method:'POST',
-    if(!(await mod.json()).candidates?.[0]?.content.parts[0].text.trim().toLowerCase().includes('yes'))return json({error:{message:'Post rejected by Gemini 2.5 Flash Lite.'}},{status:400},request);
+      headers:{'Authorization':`Bearer ${env.OPENROUTER_KEY}`,'Content-Type':'application/json'},
+      body:JSON.stringify({
+        model:env.AI_MODEL,
+        messages:[{role:'user',content:`Is this content permissible for a public forum that values free speech, even if it's controversial? Offensive content is okay, but illegal content, spam, or direct threats are not. Respond ONLY "yes" or "no".\n\n${title}\n\n${content||''}\n\nReminder: be lenient. Only reject illegal content, spam, or direct threats. Respond ONLY "yes" or "no".`}]
+      })
+    });
+
+    if(!modRes.ok){const err=await modRes.text();return json({error:{message:`Moderation failed: ${err}`}},{status:500},request)}
+    const modData=await modRes.json();
+    const aiText=modData.choices?.[0]?.message?.content?.trim().toLowerCase()||'no';
+    const isApproved=aiText.includes('yes');
+
+    notify(env.NTFY_URL, `Post Mod [${isApproved?'OK':'REJECT'}]: ${user.username} -> ${title} | AI: ${aiText}`, 3);
+
+    if(!isApproved)return json({error:{message:`Post rejected by ${env.AI_MODEL}.`}},{status:400},request);
 
     let sub_row=await env.D1_SPCHCAP.prepare('SELECT id FROM subs WHERE name=?').bind(sub).first();
     if(!sub_row){