feat: Add built dist files with EU compliance routes

- Include compiled TypeScript with new /impressum, /privacy, /terms routes
- Temporary commit of dist files for Docker deployment

dist/routes/recover.js

@@ -0,0 +1,74 @@
+import { Router } from "express";
+import rateLimit from "express-rate-limit";
+import { createPendingVerification, verifyCode } from "../services/verification.js";
+import { sendVerificationEmail } from "../services/email.js";
+import { getAllKeys } from "../services/keys.js";
+import logger from "../services/logger.js";
+const router = Router();
+const recoverLimiter = rateLimit({
+    windowMs: 60 * 60 * 1000,
+    max: 3,
+    message: { error: "Too many recovery attempts. Please try again in 1 hour." },
+    standardHeaders: true,
+    legacyHeaders: false,
+});
+router.post("/", recoverLimiter, async (req, res) => {
+    const { email } = req.body || {};
+    if (!email || typeof email !== "string" || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+        res.status(400).json({ error: "A valid email address is required." });
+        return;
+    }
+    const cleanEmail = email.trim().toLowerCase();
+    const keys = getAllKeys();
+    const userKey = keys.find(k => k.email === cleanEmail);
+    if (!userKey) {
+        res.json({ status: "recovery_sent", message: "If an account exists for this email, a verification code has been sent." });
+        return;
+    }
+    const pending = await createPendingVerification(cleanEmail);
+    sendVerificationEmail(cleanEmail, pending.code).catch(err => {
+        logger.error({ err, email: cleanEmail }, "Failed to send recovery email");
+    });
+    res.json({ status: "recovery_sent", message: "If an account exists for this email, a verification code has been sent." });
+});
+router.post("/verify", recoverLimiter, async (req, res) => {
+    const { email, code } = req.body || {};
+    if (!email || !code) {
+        res.status(400).json({ error: "Email and code are required." });
+        return;
+    }
+    const cleanEmail = email.trim().toLowerCase();
+    const cleanCode = String(code).trim();
+    const result = await verifyCode(cleanEmail, cleanCode);
+    switch (result.status) {
+        case "ok": {
+            const keys = getAllKeys();
+            const userKey = keys.find(k => k.email === cleanEmail);
+            if (userKey) {
+                res.json({
+                    status: "recovered",
+                    apiKey: userKey.key,
+                    tier: userKey.tier,
+                    message: "Your API key has been recovered. Save it securely — it is shown only once.",
+                });
+            }
+            else {
+                res.json({
+                    status: "recovered",
+                    message: "No API key found for this email.",
+                });
+            }
+            break;
+        }
+        case "expired":
+            res.status(410).json({ error: "Verification code has expired. Please request a new one." });
+            break;
+        case "max_attempts":
+            res.status(429).json({ error: "Too many failed attempts. Please request a new code." });
+            break;
+        case "invalid":
+            res.status(400).json({ error: "Invalid verification code." });
+            break;
+    }
+});
+export { router as recoverRouter };