feat(legal): host the privacy policy and EULA at /privacy/ and /eula/
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 22s
CI / ui (pull_request) Successful in 1m14s
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Failing after 40s

Author ui/legal/{privacy,eula}_ru.md, reworked from the source documents: the seller INN is unified (290210610742), contacts unified to the Telegram bot + email + postal address, the EULA governing-law clause leads with Russian law + jurisdiction as residence tiers, the single-binding-language clause is dropped, data collection is scoped to voluntary/support provision, and "Компания" is no longer shout-cased.

Serve both as static pages through the render sidecar, reusing a shared renderLegalHtml generalised from renderOfferHtml: new GET /privacy/ and GET /eula/ (301 from the slashless form), the markdown baked into the image, no backend fetch. Route them at the edge via the @legal caddy matcher with a CI probe asserting each page's canonical URL + the seller INN, so a missing route cannot silently fall through to the landing. Add the two links to the landing footer.

Docs baked in: ARCHITECTURE (renderer legal pages + edge routing), FUNCTIONAL (+_ru) footer, renderer/README routes. Tests: renderer legal.test.mjs, ui renderLegalHtml unit, landing footer e2e.
This commit is contained in:
Ilia Denisov
2026-07-13 12:08:27 +02:00
parent 93ccc8c449
commit 0f3b4dbcff
19 changed files with 778 additions and 77 deletions
+11 -5
View File
@@ -126,11 +126,15 @@
<footer class="ft">
<span class="legal">
<a class="offer" href="/offer/">{t('landing.offer')}</a>
<a class="doc" href="/eula/">{t('landing.eula')}</a>
<span class="sep" aria-hidden="true">|</span>
<!-- The feedback bot: the same Telegram contact the offer lists (section 11 «Реквизиты»);
<a class="doc" href="/privacy/">{t('landing.privacy')}</a>
<span class="sep" aria-hidden="true">|</span>
<a class="doc" href="/offer/">{t('landing.offer')}</a>
<span class="sep" aria-hidden="true">|</span>
<!-- The feedback bot: the Telegram contact the legal documents list as the seller's contact;
external, opens in a new tab. -->
<a class="offer" href="https://t.me/Erudit_GameBot" target="_blank" rel="noopener noreferrer">{t('landing.feedback')}</a>
<a class="doc" href="https://t.me/Erudit_GameBot" target="_blank" rel="noopener noreferrer">{t('landing.feedback')}</a>
</span>
<span>{t('about.version', { v: __APP_VERSION__ })}</span>
</footer>
@@ -295,16 +299,18 @@
}
.ft .legal {
display: flex;
flex-wrap: wrap;
justify-content: center;
align-items: center;
gap: 8px;
}
.ft .sep {
color: var(--text-muted);
}
.ft .offer {
.ft .doc {
color: inherit;
}
.ft .offer:hover {
.ft .doc:hover {
color: var(--accent);
}
</style>
+2
View File
@@ -286,6 +286,8 @@ export const en = {
'landing.captionTelegram': 'Telegram',
'landing.captionVK': 'VK',
'landing.captionWeb': 'Web',
'landing.eula': 'Terms of Use',
'landing.privacy': 'Privacy Policy',
'landing.offer': 'Public offer',
'landing.feedback': 'Feedback',
+2
View File
@@ -286,6 +286,8 @@ export const ru: Record<MessageKey, string> = {
'landing.captionTelegram': 'Telegram',
'landing.captionVK': 'VK',
'landing.captionWeb': 'Веб-версия',
'landing.eula': 'Пользовательское соглашение',
'landing.privacy': 'Политика конфиденциальности',
'landing.offer': 'Публичная оферта',
'landing.feedback': 'Обратная связь',
+20 -1
View File
@@ -1,5 +1,5 @@
import { describe, it, expect } from 'vitest';
import { renderOfferHtml } from './offer';
import { renderOfferHtml, renderLegalHtml } from './offer';
describe('renderOfferHtml', () => {
it('wraps rendered markdown in a standalone Russian HTML document', () => {
@@ -21,3 +21,22 @@ describe('renderOfferHtml', () => {
expect(html).toContain('<li>первый</li>');
});
});
describe('renderLegalHtml', () => {
it('applies the given title and canonical URL to the shared chrome', () => {
const html = renderLegalHtml('# Политика конфиденциальности\n\nтекст', {
title: 'Политика конфиденциальности — Эрудит',
canonical: 'https://erudit-game.ru/privacy/',
});
expect(html).toContain('<!doctype html>');
expect(html).toContain('<title>Политика конфиденциальности — Эрудит</title>');
expect(html).toContain('href="https://erudit-game.ru/privacy/"');
expect(html).toContain('<h1>Политика конфиденциальности</h1>');
});
it('renderOfferHtml is the offer preset over it', () => {
const html = renderOfferHtml('# Публичная оферта');
expect(html).toContain('<title>Публичная оферта — Эрудит</title>');
expect(html).toContain('href="https://erudit-game.ru/offer/"');
});
});
+27 -14
View File
@@ -1,27 +1,29 @@
import { marked } from 'marked';
/**
* renderOfferHtml renders the public-offer markdown source into a standalone,
* self-contained HTML document served at `/offer/`. It runs server-side in the
* render sidecar (`renderer/src/offer.mjs`), which reads the owner-edited
* `ui/legal/offer_ru.md`, splices the live catalog price list into it and calls
* this function — one renderer shared with the browser build, kept unit-tested
* here (`offer.test.ts`).
* renderLegalHtml renders a legal-document markdown source into a standalone,
* self-contained HTML document. It backs every public legal page — the offer at
* `/offer/`, the privacy policy at `/privacy/` and the EULA at `/eula/` — served by
* the render sidecar (`renderer/src/{offer,legal}.mjs`), which reads the owner-edited
* markdown under `ui/legal/` and, for the offer only, splices the live catalog price
* list in before calling this. One renderer shared with the browser build, kept
* unit-tested here (`offer.test.ts`).
*
* The input `markdown` is trusted repository content plus the backend's own
* catalog projection, not user input, so the rendered HTML is deliberately not
* sanitised. The page carries its own minimal light/dark styling so it needs
* neither the app bundle nor `app.css`.
* `title` becomes the document `<title>`; `canonical` its absolute canonical URL.
* The input `markdown` is trusted repository content plus the backend's own catalog
* projection, not user input, so the rendered HTML is deliberately not sanitised. The
* page carries its own minimal light/dark styling so it needs neither the app bundle
* nor `app.css`.
*/
export function renderOfferHtml(markdown: string): string {
export function renderLegalHtml(markdown: string, opts: { title: string; canonical: string }): string {
const body = marked.parse(markdown, { async: false }) as string;
return `<!doctype html>
<html lang="ru">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Публичная оферта — Эрудит</title>
<link rel="canonical" href="https://erudit-game.ru/offer/" />
<title>${opts.title}</title>
<link rel="canonical" href="${opts.canonical}" />
<meta name="theme-color" media="(prefers-color-scheme: light)" content="#f3f4f6" />
<meta name="theme-color" media="(prefers-color-scheme: dark)" content="#0f1115" />
<style>
@@ -81,7 +83,7 @@ export function renderOfferHtml(markdown: string): string {
li {
margin: 0.25em 0;
}
/* The price tables (§4.4) span the full content width. */
/* Tables span the full content width (the offer price list §4.4, the privacy data table). */
table {
width: 100%;
border-collapse: collapse;
@@ -116,3 +118,14 @@ export function renderOfferHtml(markdown: string): string {
</html>
`;
}
/**
* renderOfferHtml renders the public-offer markdown (its price list already spliced
* in) as the standalone `/offer/` page — a thin preset over {@link renderLegalHtml}.
*/
export function renderOfferHtml(markdown: string): string {
return renderLegalHtml(markdown, {
title: 'Публичная оферта — Эрудит',
canonical: 'https://erudit-game.ru/offer/',
});
}