feat(admin): manual account blocking (suspensions)
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 45s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m10s
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 45s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m10s
Operator-driven hard block, the counterpart to the soft high-rate flag: permanent or until a date, with an optional reason chosen from an editable en+ru picklist (snapshotted onto the block). A block forfeits the player's active games (opponent wins, as a resignation) and cancels their open matchmaking games. A backend gate refuses a blocked account on every /api/v1/user/* route except the block-status probe with 403 account_blocked, which threads through the gateway as the Execute result_code; the UI surfaces it as a terminal blocked screen and stops all push/poll. Temporary blocks self-expire; the operator can unblock at any time (lost games stay lost). Sessions are not revoked, so the blocked client can still reach the exempt block-status endpoint. Backend: migration 00003 (account_suspensions + suspension_reasons) + jet regen; account suspension store; game.ForfeitAllForAccount; requireNotSuspended gate + block-status endpoint; admin console block/unblock + Reasons CRUD. Wire: fbs BlockStatus + account.block_status gateway op. UI: blocked screen, app state, transport/codec, i18n. Docs: ARCHITECTURE, FUNCTIONAL(+ru), PRERELEASE (AB).
This commit is contained in:
@@ -81,6 +81,20 @@ func encodeProfile(p backendclient.ProfileResp) []byte {
|
||||
return b.FinishedBytes()
|
||||
}
|
||||
|
||||
// encodeBlockStatus builds a BlockStatus payload.
|
||||
func encodeBlockStatus(s backendclient.BlockStatusResp) []byte {
|
||||
b := flatbuffers.NewBuilder(128)
|
||||
until := b.CreateString(s.Until)
|
||||
reason := b.CreateString(s.Reason)
|
||||
fb.BlockStatusStart(b)
|
||||
fb.BlockStatusAddBlocked(b, s.Blocked)
|
||||
fb.BlockStatusAddPermanent(b, s.Permanent)
|
||||
fb.BlockStatusAddUntil(b, until)
|
||||
fb.BlockStatusAddReason(b, reason)
|
||||
b.Finish(fb.BlockStatusEnd(b))
|
||||
return b.FinishedBytes()
|
||||
}
|
||||
|
||||
// encodeLinkResult builds a LinkResult payload. A switched-session token
|
||||
// (a guest initiator whose durable counterpart won) is carried as a nested Session
|
||||
// for the client to adopt; it is omitted otherwise. supportedLangs is the variant
|
||||
|
||||
@@ -22,6 +22,7 @@ const (
|
||||
MsgAuthEmailReq = "auth.email.request"
|
||||
MsgAuthEmailLogin = "auth.email.login"
|
||||
MsgProfileGet = "profile.get"
|
||||
MsgBlockStatus = "account.block_status"
|
||||
MsgGameSubmitPlay = "game.submit_play"
|
||||
MsgGameState = "game.state"
|
||||
MsgLobbyEnqueue = "lobby.enqueue"
|
||||
@@ -95,6 +96,7 @@ func NewRegistry(backend *backendclient.Client, tg TelegramValidator, defaultLan
|
||||
r.ops[MsgAuthEmailReq] = Op{Handler: authEmailRequestHandler(backend), Email: true}
|
||||
r.ops[MsgAuthEmailLogin] = Op{Handler: authEmailLoginHandler(backend, defaultLanguages), Email: true}
|
||||
r.ops[MsgProfileGet] = Op{Handler: profileHandler(backend), Auth: true}
|
||||
r.ops[MsgBlockStatus] = Op{Handler: blockStatusHandler(backend), Auth: true}
|
||||
r.ops[MsgGameSubmitPlay] = Op{Handler: submitPlayHandler(backend), Auth: true}
|
||||
r.ops[MsgGameState] = Op{Handler: gameStateHandler(backend), Auth: true}
|
||||
r.ops[MsgLobbyEnqueue] = Op{Handler: enqueueHandler(backend), Auth: true}
|
||||
@@ -199,6 +201,16 @@ func profileHandler(backend *backendclient.Client) Handler {
|
||||
}
|
||||
}
|
||||
|
||||
func blockStatusHandler(backend *backendclient.Client) Handler {
|
||||
return func(ctx context.Context, req Request) ([]byte, error) {
|
||||
bs, err := backend.BlockStatus(ctx, req.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return encodeBlockStatus(bs), nil
|
||||
}
|
||||
}
|
||||
|
||||
func submitPlayHandler(backend *backendclient.Client) Handler {
|
||||
return func(ctx context.Context, req Request) ([]byte, error) {
|
||||
in := fb.GetRootAsSubmitPlayRequest(req.Payload, 0)
|
||||
|
||||
@@ -0,0 +1,64 @@
|
||||
package transcode_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"scrabble/gateway/internal/transcode"
|
||||
fb "scrabble/pkg/fbs/scrabblefb"
|
||||
)
|
||||
|
||||
// TestBlockStatusRoundTrip checks the account.block_status op forwards to the backend block-status
|
||||
// endpoint and encodes its JSON into the BlockStatus FlatBuffer.
|
||||
func TestBlockStatusRoundTrip(t *testing.T) {
|
||||
backend, cleanup := fakeBackend(t, func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/api/v1/user/block-status" {
|
||||
t.Errorf("path = %q, want /api/v1/user/block-status", r.URL.Path)
|
||||
}
|
||||
_, _ = w.Write([]byte(`{"blocked":true,"permanent":false,"until":"2026-07-01T12:00:00Z","reason":"Спам"}`))
|
||||
})
|
||||
defer cleanup()
|
||||
|
||||
reg := transcode.NewRegistry(backend, nil)
|
||||
op, ok := reg.Lookup(transcode.MsgBlockStatus)
|
||||
if !ok {
|
||||
t.Fatal("account.block_status not registered")
|
||||
}
|
||||
payload, err := op.Handler(context.Background(), transcode.Request{UserID: "u-1"})
|
||||
if err != nil {
|
||||
t.Fatalf("handler: %v", err)
|
||||
}
|
||||
bs := fb.GetRootAsBlockStatus(payload, 0)
|
||||
if !bs.Blocked() || bs.Permanent() {
|
||||
t.Fatalf("blocked=%v permanent=%v, want true/false", bs.Blocked(), bs.Permanent())
|
||||
}
|
||||
if string(bs.Until()) != "2026-07-01T12:00:00Z" {
|
||||
t.Errorf("until = %q, want the forwarded instant", bs.Until())
|
||||
}
|
||||
if string(bs.Reason()) != "Спам" {
|
||||
t.Errorf("reason = %q, want Спам", bs.Reason())
|
||||
}
|
||||
}
|
||||
|
||||
// TestBlockedBackendSurfacesDomainCode checks that a backend 403 with code account_blocked (the
|
||||
// suspension gate) surfaces as a domain code, which the Execute layer turns into the envelope
|
||||
// result_code the UI keys off.
|
||||
func TestBlockedBackendSurfacesDomainCode(t *testing.T) {
|
||||
backend, cleanup := fakeBackend(t, func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
_, _ = w.Write([]byte(`{"error":{"code":"account_blocked","message":"account is blocked"}}`))
|
||||
})
|
||||
defer cleanup()
|
||||
|
||||
reg := transcode.NewRegistry(backend, nil)
|
||||
op, _ := reg.Lookup(transcode.MsgProfileGet) // any gated op hits the same gate
|
||||
_, err := op.Handler(context.Background(), transcode.Request{UserID: "u-1"})
|
||||
if err == nil {
|
||||
t.Fatal("expected an error from a blocked backend response")
|
||||
}
|
||||
code, ok := transcode.DomainCode(err)
|
||||
if !ok || code != "account_blocked" {
|
||||
t.Fatalf("DomainCode = (%q, %v), want (account_blocked, true)", code, ok)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user