feat(telegram): promo bot + channel-chat moderation gate
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 19s
CI / ui (pull_request) Successful in 57s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m39s
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 19s
CI / ui (pull_request) Successful in 57s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m39s
Add a second standalone promo bot to the bot container (answers /start with a localized message + a URL button into the main bot's Mini App) and gate write access in a channel's linked discussion chat: grant on join when the Telegram user is registered and neither admin-suspended nor holding a new chat_muted role, and revoke/grant on the matching moderation change for a member currently in the chat. Eligibility (registered AND NOT suspended AND NOT chat_muted; the game suspension dominates) is resolved once in the backend and reached two ways: the bot's join-time unary ResolveChatEligibility over the existing mTLS bot-link, and a backend chat_access_changed event -> gateway -> ChatGate command (idempotent; a temporary-block-expiry sweeper may over-emit). The bot guards the block/unblock path with getChatMember, since bots cannot list members. A web_app button cannot open another bot's Mini App (it signs initData with the sending bot's token), so the promo button is a t.me ?startapp URL reusing the UI's VITE_TELEGRAM_LINK. The bot must be a chat admin with the restrict-members right and chat_member in its allowed updates. No schema change: chat_muted reuses the data-driven account_roles table.
This commit is contained in:
@@ -260,11 +260,16 @@ jobs:
|
|||||||
GM_BASICAUTH_HASH: ${{ secrets.TEST_GM_BASICAUTH_HASH }}
|
GM_BASICAUTH_HASH: ${{ secrets.TEST_GM_BASICAUTH_HASH }}
|
||||||
GRAFANA_ADMIN_PASSWORD: ${{ secrets.TEST_GRAFANA_ADMIN_PASSWORD }}
|
GRAFANA_ADMIN_PASSWORD: ${{ secrets.TEST_GRAFANA_ADMIN_PASSWORD }}
|
||||||
TELEGRAM_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_BOT_TOKEN }}
|
TELEGRAM_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_BOT_TOKEN }}
|
||||||
|
TELEGRAM_PROMO_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_PROMO_BOT_TOKEN }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.TEST_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.TEST_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.TEST_GRAFANA_ROOT_URL }}
|
GRAFANA_ROOT_URL: ${{ vars.TEST_GRAFANA_ROOT_URL }}
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.TEST_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.TEST_CADDY_SITE_ADDRESS }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.TEST_TELEGRAM_MINIAPP_URL }}
|
TELEGRAM_MINIAPP_URL: ${{ vars.TEST_TELEGRAM_MINIAPP_URL }}
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.TEST_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.TEST_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
|
TELEGRAM_CHAT_ID: ${{ vars.TEST_TELEGRAM_CHAT_ID }}
|
||||||
|
TELEGRAM_BOT_USERNAME: ${{ vars.TEST_TELEGRAM_BOT_USERNAME }}
|
||||||
|
# The promo button reuses the UI's Mini App link variable.
|
||||||
|
TELEGRAM_BOT_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
||||||
# The test contour always uses Telegram's test environment — pinned here,
|
# The test contour always uses Telegram's test environment — pinned here,
|
||||||
# not an operator variable. The prod workflow leaves it false.
|
# not an operator variable. The prod workflow leaves it false.
|
||||||
TELEGRAM_TEST_ENV: "true"
|
TELEGRAM_TEST_ENV: "true"
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ the edge before prod. Each phase maps back to the owner's raw pre-release TODO l
|
|||||||
| DV | Dictionary version hygiene: CI + image/compose seed track the current release (`v1.2.1`); a **seed-drift guard** records the flat dir's seed in an authoritative `.seed_version` marker so a bumped build seed on a live volume is ignored (it can't relabel live bytes — which would mis-serve the dictionary + void games pinned to the prior label); `DICT_VERSION` is the fresh-volume seed only, a live contour migrates through the admin console | owner ad-hoc | **done** |
|
| DV | Dictionary version hygiene: CI + image/compose seed track the current release (`v1.2.1`); a **seed-drift guard** records the flat dir's seed in an authoritative `.seed_version` marker so a bumped build seed on a live volume is ignored (it can't relabel live bytes — which would mis-serve the dictionary + void games pinned to the prior label); `DICT_VERSION` is the fresh-volume seed only, a live contour migrates through the admin console | owner ad-hoc | **done** |
|
||||||
| TX | Telegram egress off the main host: split the connector into a home **validator** (Mini App / Login-Widget HMAC, no VPN, no Bot API — so game login no longer depends on Telegram being reachable) and a remote **bot** (Bot API long-poll + `sendMessage`) that holds **no inbound port** and dials the gateway over a reverse **mTLS bot-link** (`pkg/proto/botlink/v1`); the gateway funnels out-of-app push (fire-and-forget, at-most-once) and the backend admin broadcasts (a relay that awaits the bot's ack) down the link. The bot is Telegram-rate-limited; **one bot now**, with seams (a bot registry + `owns_updates` + command ids) for N later; **no webhook** (rejected: one URL per token, adds inbound + a static address). The **unified test contour** runs the split (the bot keeps its VPN sidecar and dials the gateway by its internal name; certs from `deploy/gen-certs.sh`). The **prod** wiring — the bot on a separate host (no VPN), the gateway bot-link port published, `PROD_` certs with scheduled rotation, an SSH deploy of both hosts together — is the **deferred final stage** (Stage 18). | owner ad-hoc | **done** (code + test contour; prod wiring → Stage 18) |
|
| TX | Telegram egress off the main host: split the connector into a home **validator** (Mini App / Login-Widget HMAC, no VPN, no Bot API — so game login no longer depends on Telegram being reachable) and a remote **bot** (Bot API long-poll + `sendMessage`) that holds **no inbound port** and dials the gateway over a reverse **mTLS bot-link** (`pkg/proto/botlink/v1`); the gateway funnels out-of-app push (fire-and-forget, at-most-once) and the backend admin broadcasts (a relay that awaits the bot's ack) down the link. The bot is Telegram-rate-limited; **one bot now**, with seams (a bot registry + `owns_updates` + command ids) for N later; **no webhook** (rejected: one URL per token, adds inbound + a static address). The **unified test contour** runs the split (the bot keeps its VPN sidecar and dials the gateway by its internal name; certs from `deploy/gen-certs.sh`). The **prod** wiring — the bot on a separate host (no VPN), the gateway bot-link port published, `PROD_` certs with scheduled rotation, an SSH deploy of both hosts together — is the **deferred final stage** (Stage 18). | owner ad-hoc | **done** (code + test contour; prod wiring → Stage 18) |
|
||||||
| AG | Anti-abuse IP ban + honeypot/honeytoken (prod-only): a fail2ban-style in-memory `ratelimit.Banlist` keyed by client IP, fed by sustained rate-limiter rejections (the IP-keyed public/email/admin classes — the user class stays the soft-flag's concern), a **honeypot** decoy path (the contour caddy tags `/.env`, `/.git`, `/wp-*`, … with `X-Scrabble-Honeypot` and routes them to the gateway), and a **honeytoken** (`GATEWAY_HONEYTOKEN`, a planted bearer). The `abuseGuard` edge middleware refuses a banned IP with **429** before any work — closing the R3 gap that the static SPA/landing was outside the token bucket. Off by default — it keys by the real client IP the shared-NAT test contour does not expose (detection still logs there); enabled in prod via `GATEWAY_ABUSE_BAN_ENABLED`. Operators see + lift bans on the console **Throttled** page; the gateway syncs its active set to the backend (`/api/v1/internal/bans/sync`, `internal/banview`) every 30 s and applies operator unbans. | owner ad-hoc | **done** (code + test contour; ban enabled in prod → Stage 18) |
|
| AG | Anti-abuse IP ban + honeypot/honeytoken (prod-only): a fail2ban-style in-memory `ratelimit.Banlist` keyed by client IP, fed by sustained rate-limiter rejections (the IP-keyed public/email/admin classes — the user class stays the soft-flag's concern), a **honeypot** decoy path (the contour caddy tags `/.env`, `/.git`, `/wp-*`, … with `X-Scrabble-Honeypot` and routes them to the gateway), and a **honeytoken** (`GATEWAY_HONEYTOKEN`, a planted bearer). The `abuseGuard` edge middleware refuses a banned IP with **429** before any work — closing the R3 gap that the static SPA/landing was outside the token bucket. Off by default — it keys by the real client IP the shared-NAT test contour does not expose (detection still logs there); enabled in prod via `GATEWAY_ABUSE_BAN_ENABLED`. Operators see + lift bans on the console **Throttled** page; the gateway syncs its active set to the backend (`/api/v1/internal/bans/sync`, `internal/banview`) every 30 s and applies operator unbans. | owner ad-hoc | **done** (code + test contour; ban enabled in prod → Stage 18) |
|
||||||
|
| CM | Channel-chat moderation + promo bot: a second standalone bot in the bot container answers `/start` with a localized message + a **URL** button into the **main** bot's Mini App (`?startapp`; a `web_app` button would sign initData with the promo token, which the main validator rejects). The **main** bot gates write access in a channel's linked discussion chat — granting on join when the Telegram user is registered and neither admin-suspended nor holding a new **`chat_muted`** role, and revoking/granting on the matching moderation change for a member currently in the chat (a `getChatMember` guard, since bots cannot list members). Eligibility = `registered AND NOT suspended AND NOT chat_muted` (the game suspension dominates), resolved once in the backend and reached two ways: the bot's join-time unary `ResolveChatEligibility` over the existing mTLS bot-link, and a backend `chat_access_changed` event → gateway → `ChatGate` command (idempotent, so a temporary-block-expiry sweeper may over-emit). No schema change — `chat_muted` reuses `account_roles`. | owner ad-hoc | **done** |
|
||||||
| → | Stage 18 — prod contour deploy | — | see [`PLAN.md`](PLAN.md) |
|
| → | Stage 18 — prod contour deploy | — | see [`PLAN.md`](PLAN.md) |
|
||||||
|
|
||||||
## Key findings (these reshaped the raw list — read before starting a phase)
|
## Key findings (these reshaped the raw list — read before starting a phase)
|
||||||
@@ -579,3 +580,34 @@ Then Stage 18.
|
|||||||
(`game_limit_test.go`: count rule + HTTP gate 409 + accept bypass), server unit (error mapping), gateway
|
(`game_limit_test.go`: count rule + HTTP gate 409 + accept bypass), server unit (error mapping), gateway
|
||||||
transcode round-trip, UI codec + lobbycache unit, e2e (`gamelimit.spec.ts`). Bake-back: `docs/FUNCTIONAL.md`
|
transcode round-trip, UI codec + lobbycache unit, e2e (`gamelimit.spec.ts`). Bake-back: `docs/FUNCTIONAL.md`
|
||||||
(+`_ru`), `docs/ARCHITECTURE.md` §8, `docs/UI_DESIGN.md`, `backend/README.md`.
|
(+`_ru`), `docs/ARCHITECTURE.md` §8, `docs/UI_DESIGN.md`, `backend/README.md`.
|
||||||
|
|
||||||
|
- **CM — Channel-chat moderation + promo bot** (owner ad-hoc, not on the raw TODO list):
|
||||||
|
- **Locked decisions (interview):** the promo bot is a **goroutine in `cmd/bot`** (its own token, no
|
||||||
|
bot-link); the moderated chat's default-no-send is configured by a **human** in the group settings (the
|
||||||
|
bot only grants, never `setChatPermissions`); a non-eligible joiner is **left muted silently**; a
|
||||||
|
temporary-suspension expiry is handled by a **backend sweeper** that emits the re-evaluate event; and a new
|
||||||
|
**`chat_muted` role** is a chat-only mute with the **game suspension dominating**
|
||||||
|
(`eligible = registered AND NOT suspended AND NOT chat_muted`).
|
||||||
|
- **Bot API reality (verified against the docs):** a cross-bot Mini App launch must be a **URL button** to the
|
||||||
|
main bot's `t.me/<bot>?startapp` link — a `web_app` button signs initData with the *sending* bot's token,
|
||||||
|
which the main validator rejects — so the promo button reuses the UI's `VITE_TELEGRAM_LINK`. `chat_member`
|
||||||
|
updates arrive **only** when the bot is a chat **admin** with the "Ban users" right (the client label for the
|
||||||
|
Bot API `can_restrict_members`) and `chat_member` is in `allowed_updates`; bots cannot list members but can
|
||||||
|
`getChatMember` a single user, which is the membership guard on the block/unblock path.
|
||||||
|
- **Wire:** `pkg/proto/botlink/v1` gains a `ChatGateCommand` in the `Command` oneof and a unary
|
||||||
|
`ResolveChatEligibility`; the backend gains `notify.KindChatAccessChanged` (no payload, infra-only — never an
|
||||||
|
out-of-app message) and an internal `POST /api/v1/internal/chat-access` resolver; the gateway resolves the
|
||||||
|
join (by external_id) and the event (by user_id) through it and pushes the chat-gate command fire-and-forget
|
||||||
|
(at-most-once, recovered by the next moderation action or a re-join).
|
||||||
|
- **No schema change → no contour DB wipe:** `chat_muted` is a new `account.KnownRoles` entry (the
|
||||||
|
`account_roles` table is data-driven). The suspension-expiry sweeper is a new `account.SuspensionSweeper`
|
||||||
|
(a 1-minute window, idempotent) started in `cmd/backend`, alongside the guest reaper.
|
||||||
|
- **Deploy:** new `TEST_`/`PROD_` `TELEGRAM_PROMO_BOT_TOKEN` (secret), `TELEGRAM_BOT_USERNAME` and
|
||||||
|
`TELEGRAM_CHAT_ID` (variables); the promo link reuses the existing `*_VITE_TELEGRAM_LINK` variable as
|
||||||
|
`TELEGRAM_BOT_LINK`. The bot must be promoted to admin in the real discussion group, and the group default
|
||||||
|
set to no-send, as part of the Stage 18 prod cutover (the test contour exercises the code path).
|
||||||
|
- **Bake-back:** `docs/ARCHITECTURE.md`, `docs/FUNCTIONAL.md` (+`_ru`), `platform/telegram/README.md`,
|
||||||
|
`backend/README.md`, Go Doc comments. Tests: backend resolver truth table + publish on block/unblock/role +
|
||||||
|
the sweeper window (unit + integration); gateway hub `ResolveChatEligibility` + the chat-gate command; bot
|
||||||
|
`chat_member` grant + `ApplyChatGate` getChatMember-guard; promo `/start` localization + URL button; config
|
||||||
|
parsing.
|
||||||
|
|||||||
@@ -106,6 +106,13 @@ Telegram `external_id`, language and `notifications_in_app_only` flag) lets the
|
|||||||
route out-of-app push to the Telegram bot over the gateway bot-link; the Telegram login
|
route out-of-app push to the Telegram bot over the gateway bot-link; the Telegram login
|
||||||
seeds a new account's language and display name from the launch fields, and the
|
seeds a new account's language and display name from the launch fields, and the
|
||||||
`accounts.notifications_in_app_only` flag (default true).
|
`accounts.notifications_in_app_only` flag (default true).
|
||||||
|
The gateway-only `POST /api/v1/internal/chat-access` resolves a Telegram identity (the
|
||||||
|
bot's join-time query) or an account id (a `chat_access_changed` event) to its
|
||||||
|
**moderated-chat write eligibility** — `registered AND NOT suspended AND NOT chat_muted`.
|
||||||
|
That event is emitted on an admin block/unblock, a `chat_muted` role grant/revoke, or — via
|
||||||
|
the `account.SuspensionSweeper` started in `cmd/backend` — a temporary block lapsing;
|
||||||
|
`chat_muted` is an `account.KnownRoles` entry, a chat-only mute distinct from the game
|
||||||
|
suspension (which dominates it).
|
||||||
`accounts.is_guest` marks an ephemeral guest — a durable row
|
`accounts.is_guest` marks an ephemeral guest — a durable row
|
||||||
with no identity, excluded from statistics. The server-rendered
|
with no identity, excluded from statistics. The server-rendered
|
||||||
**admin console** at `/_gm` (`internal/adminconsole` + `internal/server/handlers_admin_console.go`;
|
**admin console** at `/_gm` (`internal/adminconsole` + `internal/server/handlers_admin_console.go`;
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ import (
|
|||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
|
|
||||||
"scrabble/backend/internal/account"
|
"scrabble/backend/internal/account"
|
||||||
@@ -160,6 +161,15 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
zap.Duration("interval", cfg.GuestReapInterval),
|
zap.Duration("interval", cfg.GuestReapInterval),
|
||||||
zap.Duration("retention", cfg.GuestRetention))
|
zap.Duration("retention", cfg.GuestRetention))
|
||||||
|
|
||||||
|
// Re-evaluate moderated-chat write access when a temporary block self-expires:
|
||||||
|
// no operator action fires then, so the sweeper emits the chat-access-changed
|
||||||
|
// event for lapsed blocks and the gateway re-pushes the chat-gate command.
|
||||||
|
chatSweeper := account.NewSuspensionSweeper(accounts, func(id uuid.UUID) {
|
||||||
|
hub.Publish(notify.ChatAccessChanged(id))
|
||||||
|
}, logger)
|
||||||
|
go chatSweeper.Run(ctx)
|
||||||
|
logger.Info("suspension expiry sweeper started", zap.Duration("interval", chatSweeper.Interval()))
|
||||||
|
|
||||||
// Lobby & social domains. Their REST and stream surface lives in the gateway,
|
// Lobby & social domains. Their REST and stream surface lives in the gateway,
|
||||||
// so they are handed to the server (like the route groups) for the handlers.
|
// so they are handed to the server (like the route groups) for the handlers.
|
||||||
mailer := newMailer(cfg.SMTP, logger)
|
mailer := newMailer(cfg.SMTP, logger)
|
||||||
|
|||||||
@@ -303,6 +303,14 @@ func (s *Store) CountAccounts(ctx context.Context) (int, error) {
|
|||||||
return int(dest.Count), nil
|
return int(dest.Count), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AccountByIdentity returns the account bound to (kind, externalID), or ErrNotFound
|
||||||
|
// when none exists. Unlike ProvisionByIdentity it never creates one: the chat-access
|
||||||
|
// resolver uses it to tell a registered Telegram user (eligible to be granted chat
|
||||||
|
// write access) from an unregistered one (left muted).
|
||||||
|
func (s *Store) AccountByIdentity(ctx context.Context, kind, externalID string) (Account, error) {
|
||||||
|
return s.findByIdentity(ctx, kind, externalID)
|
||||||
|
}
|
||||||
|
|
||||||
// findByIdentity joins identities to accounts and returns the matching account,
|
// findByIdentity joins identities to accounts and returns the matching account,
|
||||||
// or ErrNotFound.
|
// or ErrNotFound.
|
||||||
func (s *Store) findByIdentity(ctx context.Context, kind, externalID string) (Account, error) {
|
func (s *Store) findByIdentity(ctx context.Context, kind, externalID string) (Account, error) {
|
||||||
|
|||||||
@@ -24,11 +24,19 @@ const (
|
|||||||
// unconditionally, overriding the usual eligibility (a free account with an
|
// unconditionally, overriding the usual eligibility (a free account with an
|
||||||
// empty hint wallet otherwise sees it). See internal/ads.
|
// empty hint wallet otherwise sees it). See internal/ads.
|
||||||
RoleNoBanner = "no_banner"
|
RoleNoBanner = "no_banner"
|
||||||
|
|
||||||
|
// RoleChatMuted forbids the account from writing in the moderated Telegram
|
||||||
|
// discussion chat, without otherwise restricting the game (the chat-only
|
||||||
|
// counterpart to a full account suspension). It is one input to the chat-access
|
||||||
|
// gate; an active admin suspension mutes the player regardless, so this role only
|
||||||
|
// matters for an account that is not suspended. Granting or revoking it re-pushes
|
||||||
|
// the chat-gate command for a member currently in the chat.
|
||||||
|
RoleChatMuted = "chat_muted"
|
||||||
)
|
)
|
||||||
|
|
||||||
// KnownRoles is the set of roles the console may grant or revoke; an operator
|
// KnownRoles is the set of roles the console may grant or revoke; an operator
|
||||||
// cannot assign an unrecognised role.
|
// cannot assign an unrecognised role.
|
||||||
var KnownRoles = []string{RoleFeedbackBanned, RoleNoBanner}
|
var KnownRoles = []string{RoleFeedbackBanned, RoleNoBanner, RoleChatMuted}
|
||||||
|
|
||||||
// IsKnownRole reports whether role is a recognised account role.
|
// IsKnownRole reports whether role is a recognised account role.
|
||||||
func IsKnownRole(role string) bool {
|
func IsKnownRole(role string) bool {
|
||||||
|
|||||||
@@ -161,6 +161,31 @@ func (s *Store) queryCurrentSuspension(ctx context.Context, accountID uuid.UUID,
|
|||||||
return modelToSuspension(row), true, nil
|
return modelToSuspension(row), true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SuspensionsExpiredBetween returns the distinct account ids whose temporary block lapsed in the
|
||||||
|
// half-open window (since, until]: a non-lifted suspension with a blocked_until in that range. The
|
||||||
|
// chat-access sweeper uses it to re-evaluate chat write access when a temporary block self-expires,
|
||||||
|
// since no operator action fires then. An account that still has another active block may be
|
||||||
|
// included; the eligibility resolver returns the true state, so emitting for it is harmless.
|
||||||
|
func (s *Store) SuspensionsExpiredBetween(ctx context.Context, since, until time.Time) ([]uuid.UUID, error) {
|
||||||
|
rows, err := s.db.QueryContext(ctx,
|
||||||
|
`SELECT DISTINCT account_id FROM backend.account_suspensions
|
||||||
|
WHERE lifted_at IS NULL AND blocked_until > $1 AND blocked_until <= $2`,
|
||||||
|
since.UTC(), until.UTC())
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("account: suspensions expired between: %w", err)
|
||||||
|
}
|
||||||
|
defer rows.Close()
|
||||||
|
var out []uuid.UUID
|
||||||
|
for rows.Next() {
|
||||||
|
var id uuid.UUID
|
||||||
|
if err := rows.Scan(&id); err != nil {
|
||||||
|
return nil, fmt.Errorf("account: scan expired suspension: %w", err)
|
||||||
|
}
|
||||||
|
out = append(out, id)
|
||||||
|
}
|
||||||
|
return out, rows.Err()
|
||||||
|
}
|
||||||
|
|
||||||
// invalidateSuspension drops the account's cached block so the next CurrentSuspension re-reads it.
|
// invalidateSuspension drops the account's cached block so the next CurrentSuspension re-reads it.
|
||||||
// Called after Suspend and LiftSuspension.
|
// Called after Suspend and LiftSuspension.
|
||||||
func (s *Store) invalidateSuspension(accountID uuid.UUID) {
|
func (s *Store) invalidateSuspension(accountID uuid.UUID) {
|
||||||
|
|||||||
@@ -0,0 +1,84 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
)
|
||||||
|
|
||||||
|
// suspensionSweepInterval is how often the sweeper re-checks for temporary blocks
|
||||||
|
// that lapsed. A minute is well under the coarsest block grain (operators pick day
|
||||||
|
// presets) while keeping the query trivial.
|
||||||
|
const suspensionSweepInterval = time.Minute
|
||||||
|
|
||||||
|
// suspensionExpiryQuerier is the slice of the account store the sweeper depends on:
|
||||||
|
// the accounts whose temporary block lapsed in a window. *Store satisfies it; a fake
|
||||||
|
// drives the sweeper's unit tests.
|
||||||
|
type suspensionExpiryQuerier interface {
|
||||||
|
SuspensionsExpiredBetween(ctx context.Context, since, until time.Time) ([]uuid.UUID, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SuspensionSweeper re-evaluates chat write access when a temporary block self-
|
||||||
|
// expires. No operator action fires on expiry — the suspension gate just re-reads
|
||||||
|
// the wall clock — so without this a temporarily blocked player would stay muted in
|
||||||
|
// the moderated discussion chat after their block lapsed. Each tick it finds blocks
|
||||||
|
// that expired since the previous tick and calls onExpire for the affected accounts;
|
||||||
|
// onExpire is wired to publish the chat-access-changed event, after which the gateway
|
||||||
|
// re-resolves the true eligibility. A liberal call (an account that still has another
|
||||||
|
// active block) is therefore harmless. The window is in-memory, so a block that
|
||||||
|
// expires while the process is down is not re-granted until the next operator action
|
||||||
|
// or the player rejoins — an accepted best-effort gap.
|
||||||
|
type SuspensionSweeper struct {
|
||||||
|
store suspensionExpiryQuerier
|
||||||
|
onExpire func(accountID uuid.UUID)
|
||||||
|
log *zap.Logger
|
||||||
|
// since is the upper bound of the previous swept window; the next sweep covers
|
||||||
|
// (since, now]. It advances only on a successful query, so a failed tick retries
|
||||||
|
// the same window rather than dropping expiries.
|
||||||
|
since time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSuspensionSweeper builds the sweeper over the account store, the per-account
|
||||||
|
// expiry callback (publishing the chat-access-changed event) and a logger. The first
|
||||||
|
// window opens at construction time, so blocks that lapsed earlier are not re-emitted.
|
||||||
|
func NewSuspensionSweeper(store *Store, onExpire func(accountID uuid.UUID), log *zap.Logger) *SuspensionSweeper {
|
||||||
|
if log == nil {
|
||||||
|
log = zap.NewNop()
|
||||||
|
}
|
||||||
|
return &SuspensionSweeper{store: store, onExpire: onExpire, log: log, since: time.Now().UTC()}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Interval reports the sweep cadence, for the startup log line.
|
||||||
|
func (w *SuspensionSweeper) Interval() time.Duration { return suspensionSweepInterval }
|
||||||
|
|
||||||
|
// Run sweeps every Interval until ctx is cancelled.
|
||||||
|
func (w *SuspensionSweeper) Run(ctx context.Context) {
|
||||||
|
ticker := time.NewTicker(suspensionSweepInterval)
|
||||||
|
defer ticker.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-ticker.C:
|
||||||
|
w.sweep(ctx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// sweep emits a chat-access-changed signal for every account whose temporary block
|
||||||
|
// lapsed in (since, now], then advances the window. On a query error it keeps the
|
||||||
|
// window so the next tick retries it.
|
||||||
|
func (w *SuspensionSweeper) sweep(ctx context.Context) {
|
||||||
|
now := time.Now().UTC()
|
||||||
|
ids, err := w.store.SuspensionsExpiredBetween(ctx, w.since, now)
|
||||||
|
if err != nil {
|
||||||
|
w.log.Warn("suspension expiry sweep failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
w.since = now
|
||||||
|
for _, id := range ids {
|
||||||
|
w.onExpire(id)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,80 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
)
|
||||||
|
|
||||||
|
// fakeExpiryQuerier records the `since` bound of each call and replays a scripted
|
||||||
|
// result/error per call, so the sweeper's window and dispatch logic is testable
|
||||||
|
// without a database.
|
||||||
|
type fakeExpiryQuerier struct {
|
||||||
|
results [][]uuid.UUID
|
||||||
|
errs []error
|
||||||
|
sinces []time.Time
|
||||||
|
idx int
|
||||||
|
}
|
||||||
|
|
||||||
|
func (f *fakeExpiryQuerier) SuspensionsExpiredBetween(_ context.Context, since, _ time.Time) ([]uuid.UUID, error) {
|
||||||
|
f.sinces = append(f.sinces, since)
|
||||||
|
i := f.idx
|
||||||
|
f.idx++
|
||||||
|
if i < len(f.errs) && f.errs[i] != nil {
|
||||||
|
return nil, f.errs[i]
|
||||||
|
}
|
||||||
|
if i < len(f.results) {
|
||||||
|
return f.results[i], nil
|
||||||
|
}
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func newSweeper(store suspensionExpiryQuerier, onExpire func(uuid.UUID)) *SuspensionSweeper {
|
||||||
|
return &SuspensionSweeper{
|
||||||
|
store: store,
|
||||||
|
onExpire: onExpire,
|
||||||
|
log: zap.NewNop(),
|
||||||
|
since: time.Now().Add(-time.Minute).UTC(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestSuspensionSweeperDispatchesAndAdvances(t *testing.T) {
|
||||||
|
id1, id2 := uuid.New(), uuid.New()
|
||||||
|
fake := &fakeExpiryQuerier{results: [][]uuid.UUID{{id1, id2}, nil}}
|
||||||
|
var got []uuid.UUID
|
||||||
|
w := newSweeper(fake, func(id uuid.UUID) { got = append(got, id) })
|
||||||
|
|
||||||
|
first := w.since
|
||||||
|
w.sweep(context.Background())
|
||||||
|
assert.Equal(t, []uuid.UUID{id1, id2}, got, "every expired account is dispatched")
|
||||||
|
assert.True(t, w.since.After(first), "the window advances on success")
|
||||||
|
|
||||||
|
// A second sweep opens the next window at the previous upper bound.
|
||||||
|
prev := w.since
|
||||||
|
w.sweep(context.Background())
|
||||||
|
require.Len(t, fake.sinces, 2)
|
||||||
|
assert.True(t, fake.sinces[1].After(fake.sinces[0]), "consecutive windows are contiguous and forward")
|
||||||
|
assert.True(t, fake.sinces[1].Equal(prev), "the next window starts at the previous upper bound")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestSuspensionSweeperKeepsWindowOnError(t *testing.T) {
|
||||||
|
fake := &fakeExpiryQuerier{errs: []error{errors.New("db down")}}
|
||||||
|
w := newSweeper(fake, func(uuid.UUID) { t.Fatal("onExpire must not run when the query fails") })
|
||||||
|
|
||||||
|
before := w.since
|
||||||
|
w.sweep(context.Background())
|
||||||
|
assert.True(t, w.since.Equal(before), "the window is retained on error so the next tick retries it")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNewSuspensionSweeperDefaults(t *testing.T) {
|
||||||
|
w := NewSuspensionSweeper(nil, func(uuid.UUID) {}, nil)
|
||||||
|
assert.Equal(t, time.Minute, w.Interval())
|
||||||
|
assert.NotNil(t, w.log, "a nil logger is tolerated")
|
||||||
|
assert.WithinDuration(t, time.Now().UTC(), w.since, time.Second, "the first window opens at construction time")
|
||||||
|
}
|
||||||
@@ -0,0 +1,272 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap/zaptest"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/notify"
|
||||||
|
"scrabble/backend/internal/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
// chatAccessBody mirrors the backend's /internal/chat-access JSON for the test.
|
||||||
|
type chatAccessBody struct {
|
||||||
|
ExternalID string `json:"external_id"`
|
||||||
|
Registered bool `json:"registered"`
|
||||||
|
Eligible bool `json:"eligible"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// chatAccess issues the gateway-internal chat-access query and asserts a 200.
|
||||||
|
func chatAccess(t *testing.T, srv *server.Server, body string) chatAccessBody {
|
||||||
|
t.Helper()
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/internal/chat-access", strings.NewReader(body))
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
srv.Handler().ServeHTTP(rec, req)
|
||||||
|
if rec.Code != http.StatusOK {
|
||||||
|
t.Fatalf("chat-access %s = %d: %s", body, rec.Code, rec.Body.String())
|
||||||
|
}
|
||||||
|
var b chatAccessBody
|
||||||
|
if err := json.Unmarshal(rec.Body.Bytes(), &b); err != nil {
|
||||||
|
t.Fatalf("decode chat-access: %v", err)
|
||||||
|
}
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestChatAccessResolver drives the gateway-internal eligibility resolver over HTTP:
|
||||||
|
// the registered/suspended/chat_muted truth table by Telegram identity and by account
|
||||||
|
// id, the suspension dominating the chat_muted role, an unknown identity reported
|
||||||
|
// unregistered, and an account with no Telegram identity carrying an empty external_id.
|
||||||
|
func TestChatAccessResolver(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
accounts := account.NewStore(testDB)
|
||||||
|
srv := server.New(":0", server.Deps{Logger: zaptest.NewLogger(t), DB: testDB, Accounts: accounts})
|
||||||
|
|
||||||
|
ext := "tg-" + uuid.NewString()
|
||||||
|
acc, err := accounts.ProvisionTelegram(ctx, ext, "en", "", "Chatter")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
id := acc.ID
|
||||||
|
|
||||||
|
byExt := func() chatAccessBody { return chatAccess(t, srv, `{"external_id":"`+ext+`"}`) }
|
||||||
|
byUser := func() chatAccessBody { return chatAccess(t, srv, `{"user_id":"`+id.String()+`"}`) }
|
||||||
|
|
||||||
|
// A registered, unsuspended, unmuted account is eligible by either address, and the
|
||||||
|
// account-id query resolves back to its Telegram identity.
|
||||||
|
if b := byExt(); !b.Registered || !b.Eligible || b.ExternalID != ext {
|
||||||
|
t.Fatalf("fresh by external_id = %+v, want registered+eligible+ext", b)
|
||||||
|
}
|
||||||
|
if b := byUser(); !b.Registered || !b.Eligible || b.ExternalID != ext {
|
||||||
|
t.Fatalf("fresh by user_id = %+v, want registered+eligible+ext", b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A suspension mutes; a lift restores.
|
||||||
|
if _, err := accounts.Suspend(ctx, id, nil, "", "", nil); err != nil {
|
||||||
|
t.Fatalf("suspend: %v", err)
|
||||||
|
}
|
||||||
|
if b := byExt(); !b.Registered || b.Eligible {
|
||||||
|
t.Fatalf("suspended = %+v, want registered but not eligible", b)
|
||||||
|
}
|
||||||
|
if err := accounts.LiftSuspension(ctx, id); err != nil {
|
||||||
|
t.Fatalf("lift: %v", err)
|
||||||
|
}
|
||||||
|
if b := byExt(); !b.Eligible {
|
||||||
|
t.Fatalf("after lift = %+v, want eligible", b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The chat_muted role mutes independently; a revoke restores.
|
||||||
|
if err := accounts.GrantRole(ctx, id, account.RoleChatMuted); err != nil {
|
||||||
|
t.Fatalf("grant chat_muted: %v", err)
|
||||||
|
}
|
||||||
|
if b := byExt(); !b.Registered || b.Eligible {
|
||||||
|
t.Fatalf("chat_muted = %+v, want registered but not eligible", b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Suspension dominates: while chat_muted is set, lifting a concurrent suspension
|
||||||
|
// must not re-grant chat (the role still mutes).
|
||||||
|
if _, err := accounts.Suspend(ctx, id, nil, "", "", nil); err != nil {
|
||||||
|
t.Fatalf("suspend over mute: %v", err)
|
||||||
|
}
|
||||||
|
if b := byExt(); b.Eligible {
|
||||||
|
t.Fatalf("suspended+muted = %+v, want not eligible", b)
|
||||||
|
}
|
||||||
|
if err := accounts.LiftSuspension(ctx, id); err != nil {
|
||||||
|
t.Fatalf("lift over mute: %v", err)
|
||||||
|
}
|
||||||
|
if b := byExt(); b.Eligible {
|
||||||
|
t.Fatalf("lifted but still muted = %+v, want not eligible", b)
|
||||||
|
}
|
||||||
|
if err := accounts.RevokeRole(ctx, id, account.RoleChatMuted); err != nil {
|
||||||
|
t.Fatalf("revoke chat_muted: %v", err)
|
||||||
|
}
|
||||||
|
if b := byExt(); !b.Eligible {
|
||||||
|
t.Fatalf("after revoke = %+v, want eligible", b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// An unknown Telegram identity is unregistered (and thus left muted).
|
||||||
|
if b := chatAccess(t, srv, `{"external_id":"tg-missing-`+uuid.NewString()+`"}`); b.Registered || b.Eligible {
|
||||||
|
t.Fatalf("unknown identity = %+v, want neither registered nor eligible", b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// An account with no Telegram identity (a guest) carries an empty external_id, so
|
||||||
|
// the gateway has nothing to gate.
|
||||||
|
guest := provisionGuest(t)
|
||||||
|
if b := chatAccess(t, srv, `{"user_id":"`+guest.String()+`"}`); b.ExternalID != "" || b.Registered {
|
||||||
|
t.Fatalf("guest by user_id = %+v, want empty external_id and not registered", b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A request naming neither address is a bad request.
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/internal/chat-access", strings.NewReader(`{}`))
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
srv.Handler().ServeHTTP(rec, req)
|
||||||
|
if rec.Code != http.StatusBadRequest {
|
||||||
|
t.Fatalf("empty query = %d, want 400", rec.Code)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// captureNotifier records every published intent so a test can assert which live
|
||||||
|
// events a console action emitted.
|
||||||
|
type captureNotifier struct {
|
||||||
|
mu sync.Mutex
|
||||||
|
intents []notify.Intent
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *captureNotifier) Publish(in ...notify.Intent) {
|
||||||
|
c.mu.Lock()
|
||||||
|
defer c.mu.Unlock()
|
||||||
|
c.intents = append(c.intents, in...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// count returns how many intents of kind addressed to user were captured.
|
||||||
|
func (c *captureNotifier) count(user uuid.UUID, kind string) int {
|
||||||
|
c.mu.Lock()
|
||||||
|
defer c.mu.Unlock()
|
||||||
|
n := 0
|
||||||
|
for _, in := range c.intents {
|
||||||
|
if in.UserID == user && in.Kind == kind {
|
||||||
|
n++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return n
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestChatAccessPublishedOnModeration drives the admin console and asserts each
|
||||||
|
// moderation action that can change chat eligibility — block, unblock, and the
|
||||||
|
// chat_muted role grant/revoke — emits the chat_access_changed signal the gateway
|
||||||
|
// turns into a chat-gate command.
|
||||||
|
func TestChatAccessPublishedOnModeration(t *testing.T) {
|
||||||
|
notifier := &captureNotifier{}
|
||||||
|
srv := server.New(":0", server.Deps{
|
||||||
|
Logger: zaptest.NewLogger(t),
|
||||||
|
DB: testDB,
|
||||||
|
Accounts: account.NewStore(testDB),
|
||||||
|
Games: newGameService(),
|
||||||
|
Registry: testRegistry,
|
||||||
|
DictDir: dictDir(),
|
||||||
|
Notifier: notifier,
|
||||||
|
})
|
||||||
|
h := srv.Handler()
|
||||||
|
id := provisionAccount(t)
|
||||||
|
base := "http://admin.test/_gm/users/" + id.String()
|
||||||
|
const origin = "http://admin.test"
|
||||||
|
|
||||||
|
steps := []struct {
|
||||||
|
name, path, body string
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{"block", "/block", "duration=permanent", "Blocked"},
|
||||||
|
{"unblock", "/unblock", "", "Unblocked"},
|
||||||
|
{"grant chat_muted", "/grant-role", "role=chat_muted", "Role granted"},
|
||||||
|
{"revoke chat_muted", "/revoke-role", "role=chat_muted", "Role revoked"},
|
||||||
|
}
|
||||||
|
for i, s := range steps {
|
||||||
|
code, body := consoleDo(h, http.MethodPost, base+s.path, s.body, origin)
|
||||||
|
if code != http.StatusOK || !strings.Contains(body, s.want) {
|
||||||
|
t.Fatalf("%s = %d, has %q = %v", s.name, code, s.want, strings.Contains(body, s.want))
|
||||||
|
}
|
||||||
|
if got := notifier.count(id, notify.KindChatAccessChanged); got != i+1 {
|
||||||
|
t.Fatalf("after %s: chat_access_changed count = %d, want %d", s.name, got, i+1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestSuspensionsExpiredBetween checks the sweeper's window query: a non-lifted
|
||||||
|
// temporary block whose expiry falls in the window is returned, while one outside the
|
||||||
|
// window, a permanent block, and a lifted block are not.
|
||||||
|
func TestSuspensionsExpiredBetween(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
accounts := account.NewStore(testDB)
|
||||||
|
|
||||||
|
// A temporary block whose expiry already lapsed at a known instant.
|
||||||
|
tempID := provisionAccount(t)
|
||||||
|
expiry := time.Now().Add(-time.Hour).Truncate(time.Second)
|
||||||
|
if _, err := accounts.Suspend(ctx, tempID, &expiry, "", "", nil); err != nil {
|
||||||
|
t.Fatalf("suspend temp: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
contains := func(ids []uuid.UUID, want uuid.UUID) bool {
|
||||||
|
for _, id := range ids {
|
||||||
|
if id == want {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// A window straddling the expiry returns the account.
|
||||||
|
got, err := accounts.SuspensionsExpiredBetween(ctx, expiry.Add(-time.Minute), expiry.Add(time.Minute))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("expired between: %v", err)
|
||||||
|
}
|
||||||
|
if !contains(got, tempID) {
|
||||||
|
t.Fatalf("window over expiry missing the lapsed block %s", tempID)
|
||||||
|
}
|
||||||
|
// A window entirely after the expiry does not.
|
||||||
|
got, err = accounts.SuspensionsExpiredBetween(ctx, expiry.Add(time.Minute), expiry.Add(2*time.Minute))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("expired between (after): %v", err)
|
||||||
|
}
|
||||||
|
if contains(got, tempID) {
|
||||||
|
t.Fatalf("window after expiry should not return %s", tempID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A permanent block never appears, even in a wide window.
|
||||||
|
permID := provisionAccount(t)
|
||||||
|
if _, err := accounts.Suspend(ctx, permID, nil, "", "", nil); err != nil {
|
||||||
|
t.Fatalf("suspend perm: %v", err)
|
||||||
|
}
|
||||||
|
// A lifted block does not appear either. The block must still be in force when lifted
|
||||||
|
// (LiftSuspension only lifts in-force blocks), so its expiry is in the future and the
|
||||||
|
// wide window below still covers it — yet lifted_at excludes it.
|
||||||
|
liftID := provisionAccount(t)
|
||||||
|
liftExpiry := time.Now().Add(30 * time.Minute).Truncate(time.Second)
|
||||||
|
if _, err := accounts.Suspend(ctx, liftID, &liftExpiry, "", "", nil); err != nil {
|
||||||
|
t.Fatalf("suspend lift: %v", err)
|
||||||
|
}
|
||||||
|
if err := accounts.LiftSuspension(ctx, liftID); err != nil {
|
||||||
|
t.Fatalf("lift: %v", err)
|
||||||
|
}
|
||||||
|
wide, err := accounts.SuspensionsExpiredBetween(ctx, time.Now().Add(-2*time.Hour), time.Now().Add(time.Hour))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("expired between (wide): %v", err)
|
||||||
|
}
|
||||||
|
if contains(wide, permID) {
|
||||||
|
t.Fatalf("permanent block %s must not be reported as expired", permID)
|
||||||
|
}
|
||||||
|
if contains(wide, liftID) {
|
||||||
|
t.Fatalf("lifted block %s must not be reported as expired", liftID)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -216,6 +216,16 @@ func BannerChanged(userID uuid.UUID) Intent {
|
|||||||
return Notification(userID, NotifyBanner)
|
return Notification(userID, NotifyBanner)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ChatAccessChanged signals that userID's eligibility to write in the moderated
|
||||||
|
// Telegram discussion chat may have changed (an admin block/unblock, a chat_muted
|
||||||
|
// grant/revoke, or a temporary block lapsing). It carries no payload: the gateway
|
||||||
|
// resolves the user's Telegram identity and current eligibility and pushes the
|
||||||
|
// resulting chat-gate command to the bot. Unlike the lobby notifications it is an
|
||||||
|
// infra signal — a distinct top-level kind, never an out-of-app rendered message.
|
||||||
|
func ChatAccessChanged(userID uuid.UUID) Intent {
|
||||||
|
return Intent{UserID: userID, Kind: KindChatAccessChanged, EventID: eventID()}
|
||||||
|
}
|
||||||
|
|
||||||
// eventID returns a best-effort correlation id for one emitted event.
|
// eventID returns a best-effort correlation id for one emitted event.
|
||||||
func eventID() string {
|
func eventID() string {
|
||||||
if id, err := uuid.NewV7(); err == nil {
|
if id, err := uuid.NewV7(); err == nil {
|
||||||
|
|||||||
@@ -35,6 +35,13 @@ const (
|
|||||||
// KindGameOver announces a finished game to each seated player, driving the
|
// KindGameOver announces a finished game to each seated player, driving the
|
||||||
// out-of-app "game over" push.
|
// out-of-app "game over" push.
|
||||||
KindGameOver = "game_over"
|
KindGameOver = "game_over"
|
||||||
|
// KindChatAccessChanged signals that a player's eligibility to write in the
|
||||||
|
// moderated Telegram discussion chat may have changed (an admin block or unblock,
|
||||||
|
// a chat_muted grant or revoke, or a temporary block lapsing). It carries no
|
||||||
|
// payload and is never fanned out to in-app clients: the gateway consumes it to
|
||||||
|
// resolve the player's Telegram identity and current eligibility and push the
|
||||||
|
// resulting chat-gate command to the bot.
|
||||||
|
KindChatAccessChanged = "chat_access_changed"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Notification sub-kinds carried in a KindNotification event payload; the client
|
// Notification sub-kinds carried in a KindNotification event payload; the client
|
||||||
|
|||||||
@@ -0,0 +1,131 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/notify"
|
||||||
|
)
|
||||||
|
|
||||||
|
// chatAccessRequest is the gateway's chat write-eligibility query, addressed either
|
||||||
|
// by Telegram identity (ExternalID — the join path, when the bot sees a user enter
|
||||||
|
// the chat) or by account id (UserID — the change path, resolving an emitted
|
||||||
|
// chat-access-changed event). Exactly one field is set.
|
||||||
|
type chatAccessRequest struct {
|
||||||
|
ExternalID string `json:"external_id"`
|
||||||
|
UserID string `json:"user_id"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// chatAccessResponse is the resolved eligibility. ExternalID echoes the account's
|
||||||
|
// Telegram identity (empty when it has none — the gateway then has nothing to gate);
|
||||||
|
// Registered reports whether the lookup found an account at all; Eligible is the
|
||||||
|
// final gate the bot applies (registered and neither admin-suspended nor chat-muted).
|
||||||
|
type chatAccessResponse struct {
|
||||||
|
ExternalID string `json:"external_id"`
|
||||||
|
Registered bool `json:"registered"`
|
||||||
|
Eligible bool `json:"eligible"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleChatAccess resolves whether a Telegram user may write in the moderated
|
||||||
|
// discussion chat. It is gateway-internal: the gateway's bot-link serves the bot's
|
||||||
|
// join-time query (by external_id) and resolves an emitted chat-access-changed event
|
||||||
|
// (by user_id) through it.
|
||||||
|
func (s *Server) handleChatAccess(c *gin.Context) {
|
||||||
|
var req chatAccessRequest
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil {
|
||||||
|
abortBadRequest(c, "invalid body")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
switch {
|
||||||
|
case req.ExternalID != "":
|
||||||
|
s.respondChatAccessByExternalID(c, req.ExternalID)
|
||||||
|
case req.UserID != "":
|
||||||
|
s.respondChatAccessByUserID(c, req.UserID)
|
||||||
|
default:
|
||||||
|
abortBadRequest(c, "external_id or user_id required")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// respondChatAccessByExternalID answers the join-path query: an unknown identity is
|
||||||
|
// reported unregistered (and left muted); a known one carries its current eligibility.
|
||||||
|
func (s *Server) respondChatAccessByExternalID(c *gin.Context, externalID string) {
|
||||||
|
ctx := c.Request.Context()
|
||||||
|
resp := chatAccessResponse{ExternalID: externalID}
|
||||||
|
acc, err := s.accounts.AccountByIdentity(ctx, account.KindTelegram, externalID)
|
||||||
|
if errors.Is(err, account.ErrNotFound) {
|
||||||
|
c.JSON(http.StatusOK, resp)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
resp.Registered = true
|
||||||
|
eligible, err := s.chatEligible(ctx, acc.ID)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
resp.Eligible = eligible
|
||||||
|
c.JSON(http.StatusOK, resp)
|
||||||
|
}
|
||||||
|
|
||||||
|
// respondChatAccessByUserID answers the change-path query: an account with no
|
||||||
|
// Telegram identity carries an empty external_id (nothing for the gateway to gate);
|
||||||
|
// otherwise it carries the identity and the current eligibility.
|
||||||
|
func (s *Server) respondChatAccessByUserID(c *gin.Context, raw string) {
|
||||||
|
ctx := c.Request.Context()
|
||||||
|
uid, err := uuid.Parse(raw)
|
||||||
|
if err != nil {
|
||||||
|
abortBadRequest(c, "invalid user_id")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var resp chatAccessResponse
|
||||||
|
ext, err := s.accounts.IdentityExternalID(ctx, uid, account.KindTelegram)
|
||||||
|
if errors.Is(err, account.ErrNotFound) {
|
||||||
|
c.JSON(http.StatusOK, resp)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
resp.ExternalID = ext
|
||||||
|
resp.Registered = true
|
||||||
|
eligible, err := s.chatEligible(ctx, uid)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
resp.Eligible = eligible
|
||||||
|
c.JSON(http.StatusOK, resp)
|
||||||
|
}
|
||||||
|
|
||||||
|
// chatEligible reports whether the account may write in the moderated discussion
|
||||||
|
// chat: not currently admin-suspended and not holding the chat_muted role. A
|
||||||
|
// suspension dominates — it mutes regardless of the role. Registration is established
|
||||||
|
// by the caller's identity lookup.
|
||||||
|
func (s *Server) chatEligible(ctx context.Context, accountID uuid.UUID) (bool, error) {
|
||||||
|
if _, blocked, err := s.accounts.CurrentSuspension(ctx, accountID); err != nil {
|
||||||
|
return false, err
|
||||||
|
} else if blocked {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
muted, err := s.accounts.HasRole(ctx, accountID, account.RoleChatMuted)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
return !muted, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// publishChatAccessChange emits the chat-access-changed signal for the account, so
|
||||||
|
// the gateway re-resolves the player's chat eligibility and pushes the chat-gate
|
||||||
|
// command to the bot. Best-effort (notify.Nop when no notifier is wired).
|
||||||
|
func (s *Server) publishChatAccessChange(id uuid.UUID) {
|
||||||
|
s.notifier.Publish(notify.ChatAccessChanged(id))
|
||||||
|
}
|
||||||
@@ -37,6 +37,13 @@ func (s *Server) registerRoutes() {
|
|||||||
// before delivering an out-of-app notification.
|
// before delivering an out-of-app notification.
|
||||||
in.POST("/push-target", s.handlePushTarget)
|
in.POST("/push-target", s.handlePushTarget)
|
||||||
}
|
}
|
||||||
|
if s.accounts != nil {
|
||||||
|
// Moderated-chat write eligibility for the Telegram bot: resolve a Telegram
|
||||||
|
// identity (the bot's join-time query) or an account id (a chat-access-changed
|
||||||
|
// event) to whether the user may write in the discussion chat. It needs only the
|
||||||
|
// account store, not the session service, so it registers independently.
|
||||||
|
s.internal.POST("/chat-access", s.handleChatAccess)
|
||||||
|
}
|
||||||
if s.ratewatch != nil {
|
if s.ratewatch != nil {
|
||||||
// The gateway's periodic rate-limiter rejection summary: feeds the
|
// The gateway's periodic rate-limiter rejection summary: feeds the
|
||||||
// admin console's throttled view and the high-rate auto-flag.
|
// admin console's throttled view and the high-rate auto-flag.
|
||||||
|
|||||||
@@ -987,6 +987,9 @@ func (s *Server) consoleBlockUser(c *gin.Context) {
|
|||||||
s.consoleError(c, err)
|
s.consoleError(c, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// Re-evaluate the player's moderated-chat write access: a block mutes them in
|
||||||
|
// the discussion chat if they are currently in it.
|
||||||
|
s.publishChatAccessChange(id)
|
||||||
s.renderConsoleMessage(c, "Blocked", fmt.Sprintf("account blocked; %d game(s) forfeited", forfeited), back)
|
s.renderConsoleMessage(c, "Blocked", fmt.Sprintf("account blocked; %d game(s) forfeited", forfeited), back)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1001,6 +1004,9 @@ func (s *Server) consoleUnblockUser(c *gin.Context) {
|
|||||||
s.consoleError(c, err)
|
s.consoleError(c, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// Re-evaluate the player's moderated-chat write access: an unblock restores it
|
||||||
|
// (unless they are still chat-muted) for a member currently in the chat.
|
||||||
|
s.publishChatAccessChange(id)
|
||||||
s.renderConsoleMessage(c, "Unblocked", "the block was lifted; lost games are not restored", "/_gm/users/"+id.String())
|
s.renderConsoleMessage(c, "Unblocked", "the block was lifted; lost games are not restored", "/_gm/users/"+id.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -248,6 +248,9 @@ func (s *Server) consoleGrantRole(c *gin.Context) {
|
|||||||
if role == account.RoleNoBanner {
|
if role == account.RoleNoBanner {
|
||||||
s.publishBannerChange(id)
|
s.publishBannerChange(id)
|
||||||
}
|
}
|
||||||
|
if role == account.RoleChatMuted {
|
||||||
|
s.publishChatAccessChange(id)
|
||||||
|
}
|
||||||
s.renderConsoleMessage(c, "Role granted", "granted "+role, back)
|
s.renderConsoleMessage(c, "Role granted", "granted "+role, back)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -270,6 +273,9 @@ func (s *Server) consoleRevokeRole(c *gin.Context) {
|
|||||||
if role == account.RoleNoBanner {
|
if role == account.RoleNoBanner {
|
||||||
s.publishBannerChange(id)
|
s.publishBannerChange(id)
|
||||||
}
|
}
|
||||||
|
if role == account.RoleChatMuted {
|
||||||
|
s.publishChatAccessChange(id)
|
||||||
|
}
|
||||||
s.renderConsoleMessage(c, "Role revoked", "revoked "+role, back)
|
s.renderConsoleMessage(c, "Role revoked", "revoked "+role, back)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -46,6 +46,10 @@ GRAFANA_ADMIN_PASSWORD=admin
|
|||||||
AWG_CONF= # required; AmneziaWG sidecar config (the bot's Telegram egress)
|
AWG_CONF= # required; AmneziaWG sidecar config (the bot's Telegram egress)
|
||||||
TELEGRAM_BOT_TOKEN= # required
|
TELEGRAM_BOT_TOKEN= # required
|
||||||
TELEGRAM_GAME_CHANNEL_ID=
|
TELEGRAM_GAME_CHANNEL_ID=
|
||||||
|
TELEGRAM_CHAT_ID= # moderated discussion chat (channel's linked group); empty disables gating
|
||||||
|
TELEGRAM_PROMO_BOT_TOKEN= # optional standalone promo bot token; empty disables it
|
||||||
|
TELEGRAM_BOT_USERNAME= # main bot @username without the @ (promo message); required when the promo token is set
|
||||||
|
TELEGRAM_BOT_LINK= # main bot Mini App link for the promo button (reuse VITE_TELEGRAM_LINK); required when the promo token is set
|
||||||
TELEGRAM_MINIAPP_URL= # required
|
TELEGRAM_MINIAPP_URL= # required
|
||||||
TELEGRAM_TEST_ENV=false
|
TELEGRAM_TEST_ENV=false
|
||||||
TELEGRAM_API_BASE_URL=
|
TELEGRAM_API_BASE_URL=
|
||||||
|
|||||||
@@ -268,6 +268,16 @@ services:
|
|||||||
# at boot; an empty value leaves the bot down while the rest of the contour comes up.
|
# at boot; an empty value leaves the bot down while the rest of the contour comes up.
|
||||||
TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN:-}
|
TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN:-}
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${TELEGRAM_GAME_CHANNEL_ID:-}
|
TELEGRAM_GAME_CHANNEL_ID: ${TELEGRAM_GAME_CHANNEL_ID:-}
|
||||||
|
# The moderated discussion chat (a channel's linked group) the bot gates write
|
||||||
|
# access in. Empty disables gating; the bot must be an admin there with the
|
||||||
|
# "Ban users" right and receives chat_member updates only as an admin.
|
||||||
|
TELEGRAM_CHAT_ID: ${TELEGRAM_CHAT_ID:-}
|
||||||
|
# The optional standalone promo bot (its own token) answering /start with a button
|
||||||
|
# into the main bot's app. Empty disables it; when set it needs the main bot's
|
||||||
|
# @username and the Mini App link (reused from the UI's VITE_TELEGRAM_LINK).
|
||||||
|
TELEGRAM_PROMO_BOT_TOKEN: ${TELEGRAM_PROMO_BOT_TOKEN:-}
|
||||||
|
TELEGRAM_BOT_USERNAME: ${TELEGRAM_BOT_USERNAME:-}
|
||||||
|
TELEGRAM_BOT_LINK: ${TELEGRAM_BOT_LINK:-}
|
||||||
TELEGRAM_MINIAPP_URL: ${TELEGRAM_MINIAPP_URL:?set TELEGRAM_MINIAPP_URL}
|
TELEGRAM_MINIAPP_URL: ${TELEGRAM_MINIAPP_URL:?set TELEGRAM_MINIAPP_URL}
|
||||||
TELEGRAM_TEST_ENV: ${TELEGRAM_TEST_ENV:-false}
|
TELEGRAM_TEST_ENV: ${TELEGRAM_TEST_ENV:-false}
|
||||||
TELEGRAM_API_BASE_URL: ${TELEGRAM_API_BASE_URL:-}
|
TELEGRAM_API_BASE_URL: ${TELEGRAM_API_BASE_URL:-}
|
||||||
|
|||||||
+23
-2
@@ -824,7 +824,13 @@ the bot renders the message and skips the rest — so in-app-only sub-kinds like
|
|||||||
block-state sync to the blocker) never become a platform push. Operator broadcasts
|
block-state sync to the blocker) never become a platform push. Operator broadcasts
|
||||||
(`SendToUser` / `SendToGameChannel`, §10 admin) render in an **operator-chosen** language in
|
(`SendToUser` / `SendToGameChannel`, §10 admin) render in an **operator-chosen** language in
|
||||||
the console; the backend calls them on the **gateway's bot-link relay**, which forwards them
|
the console; the backend calls them on the **gateway's bot-link relay**, which forwards them
|
||||||
to the bot and **awaits its delivery ack** (so the console still reports delivered/not).
|
to the bot and **awaits its delivery ack** (so the console still reports delivered/not). Beyond
|
||||||
|
messages the same bot-link carries a **chat-gate control path** — a `ChatGate` command sets a user's
|
||||||
|
write access in the moderated discussion chat and the bot's unary `ResolveChatEligibility` resolves a
|
||||||
|
joiner's eligibility (neither renders a message; see *Moderated discussion chat* below). An optional
|
||||||
|
**standalone promo bot** runs in the bot container (`TELEGRAM_PROMO_BOT_TOKEN`): a second bot
|
||||||
|
answering `/start` with a URL button into the **main** bot's Mini App (`?startapp`, since a `web_app`
|
||||||
|
button would sign initData with the promo token); it is self-contained — no bot-link, no gateway.
|
||||||
Session-revocation events and cursor-based stream resume stay deferred (single-instance MVP).
|
Session-revocation events and cursor-based stream resume stay deferred (single-instance MVP).
|
||||||
|
|
||||||
A separate **advertising-banner** channel feeds the client's one-line strip (UI_DESIGN.md),
|
A separate **advertising-banner** channel feeds the client's one-line strip (UI_DESIGN.md),
|
||||||
@@ -987,9 +993,24 @@ revoked token would fail session resolution at the gateway *before* the gate, se
|
|||||||
login instead of the blocked screen). A block instantly **forfeits** every active game the player
|
login instead of the blocked screen). A block instantly **forfeits** every active game the player
|
||||||
is in (the opponent wins, exactly as a resignation — the engine resigns off-turn) and cancels
|
is in (the opponent wins, exactly as a resignation — the engine resigns off-turn) and cancels
|
||||||
their open matchmaking games; a temporary block lapses automatically once its expiry passes (no
|
their open matchmaking games; a temporary block lapses automatically once its expiry passes (no
|
||||||
sweeper — the gate recomputes against `now`). No operator identity is recorded (shared
|
sweeper for the gate — it recomputes against `now`). No operator identity is recorded (shared
|
||||||
Basic-Auth).
|
Basic-Auth).
|
||||||
|
|
||||||
|
**Moderated discussion chat.** A channel's linked discussion group is gated by the Telegram bot
|
||||||
|
(`TELEGRAM_CHAT_ID`): the group defaults to no-send, and a user may write only while they are
|
||||||
|
**registered and neither admin-suspended nor holding the chat-only `chat_muted` role**
|
||||||
|
(`eligible = registered AND NOT suspended AND NOT chat_muted` — the game suspension dominates). A
|
||||||
|
single backend resolver behind `POST /api/v1/internal/chat-access` answers both directions: the
|
||||||
|
bot's join-time `ResolveChatEligibility` (over the mTLS bot-link) grants write access to an
|
||||||
|
eligible joiner, and a `chat_access_changed` event — emitted on a block/unblock, a `chat_muted`
|
||||||
|
grant/revoke, or a temporary block lapsing (a dedicated `account.SuspensionSweeper`, since no
|
||||||
|
request fires then) — drives a `ChatGate` command the gateway pushes to the bot. The bot applies it
|
||||||
|
only to a member currently in the chat (a per-user `getChatMember` probe, since bots cannot list
|
||||||
|
members); the signal is idempotent and is never an in-app or out-of-app message. `chat_muted` is an
|
||||||
|
`account_roles` entry (an operator toggle in the console), so it needs no schema change. The bot
|
||||||
|
must be an administrator in the group with the **restrict-members** right and `chat_member` in its
|
||||||
|
allowed updates.
|
||||||
|
|
||||||
**Short numeric codes** (email confirm-codes and friend codes) are stored
|
**Short numeric codes** (email confirm-codes and friend codes) are stored
|
||||||
only as SHA-256 hashes and are short-lived and single-use. The unauthenticated
|
only as SHA-256 hashes and are short-lived and single-use. The unauthenticated
|
||||||
email path carries a tight per-IP sub-limit (5 / 10 min); the **friend-code redeem**
|
email path carries a tight per-IP sub-limit (5 / 10 min); the **friend-code redeem**
|
||||||
|
|||||||
+12
-1
@@ -33,7 +33,10 @@ App** launch authenticates from the platform's signed `initData`, themes the UI
|
|||||||
the Telegram colours, and — on first contact — seeds the new account's interface
|
the Telegram colours, and — on first contact — seeds the new account's interface
|
||||||
language from the Telegram client. Telegram runs a **single bot**: every player uses
|
language from the Telegram client. Telegram runs a **single bot**: every player uses
|
||||||
the same bot, and all of its chat and out-of-app notifications are written in the
|
the same bot, and all of its chat and out-of-app notifications are written in the
|
||||||
player's own **interface language** (en/ru). Guests are session-only with restricted features
|
player's own **interface language** (en/ru). A separate optional **promo bot** can run alongside the
|
||||||
|
main one — its only job is to answer `/start` with a short message and a button that opens the
|
||||||
|
**main** bot's app, where the player picks their game variant; it is an onboarding entry point that
|
||||||
|
touches nothing else. Guests are session-only with restricted features
|
||||||
(auto-match only; no friends, stats or history); an abandoned guest that never
|
(auto-match only; no friends, stats or history); an abandoned guest that never
|
||||||
joined a game and has been idle past the retention window is garbage-collected. While the app is open the client
|
joined a game and has been idle past the retention window is garbage-collected. While the app is open the client
|
||||||
keeps a live stream and receives in-app updates in real time — the opponent's move,
|
keeps a live stream and receives in-app updates in real time — the opponent's move,
|
||||||
@@ -320,6 +323,14 @@ plus the reason when one was given, and the app stops all background traffic wit
|
|||||||
temporary block lifts itself when it expires; the operator can also **unblock** from the user card
|
temporary block lifts itself when it expires; the operator can also **unblock** from the user card
|
||||||
at any time (games already lost stay lost).
|
at any time (games already lost stay lost).
|
||||||
|
|
||||||
|
Where the bot manages a channel's **linked discussion chat**, only a **registered** player who is
|
||||||
|
**not blocked** may write there: the bot grants the right to write when such a player joins, while an
|
||||||
|
unregistered or blocked one stays muted (the promo bot points newcomers at the game so they register).
|
||||||
|
An operator can also **mute a player in the chat only** — a `chat_muted` role on the user card —
|
||||||
|
without a full account block; an account block mutes them in the chat regardless. Muting/unmuting and
|
||||||
|
blocking/unblocking take effect for a player already in the chat; one who is not in it is unaffected
|
||||||
|
until they next join.
|
||||||
|
|
||||||
From the user card the operator can also **top up a player's hint wallet**: an additive grant
|
From the user card the operator can also **top up a player's hint wallet**: an additive grant
|
||||||
(1–100 hints per action) that raises the balance shown on the card. Grants are **raise-only** —
|
(1–100 hints per action) that raises the balance shown on the card. Grants are **raise-only** —
|
||||||
the console can never lower a wallet (a player only loses hints by spending them in a game), so an
|
the console can never lower a wallet (a player only loses hints by spending them in a game), so an
|
||||||
|
|||||||
+12
-1
@@ -34,7 +34,10 @@ Mini App** авторизует по подписанным `initData` плат
|
|||||||
в цвета Telegram и — при первом контакте — задаёт язык интерфейса нового аккаунта по
|
в цвета Telegram и — при первом контакте — задаёт язык интерфейса нового аккаунта по
|
||||||
языку Telegram-клиента. Telegram держит **единого бота**: все игроки пользуются одним
|
языку Telegram-клиента. Telegram держит **единого бота**: все игроки пользуются одним
|
||||||
и тем же ботом, а весь его чат и внеприложенческие уведомления пишутся на **языке
|
и тем же ботом, а весь его чат и внеприложенческие уведомления пишутся на **языке
|
||||||
интерфейса** самого игрока (en/ru). Гость — только сессия, с урезанными функциями (только
|
интерфейса** самого игрока (en/ru). Рядом с основным может работать отдельный опциональный
|
||||||
|
**промо-бот** — его единственная задача отвечать на `/start` коротким сообщением и кнопкой,
|
||||||
|
открывающей приложение **основного** бота, где игрок выбирает нужный вариант игры; это точка входа
|
||||||
|
для онбординга, не затрагивающая больше ничего. Гость — только сессия, с урезанными функциями (только
|
||||||
авто-подбор; без друзей, статистики и истории); заброшенный гость, не вошедший ни
|
авто-подбор; без друзей, статистики и истории); заброшенный гость, не вошедший ни
|
||||||
в одну игру и простаивавший дольше окна удержания, удаляется сборщиком. Пока приложение открыто, клиент
|
в одну игру и простаивавший дольше окна удержания, удаляется сборщиком. Пока приложение открыто, клиент
|
||||||
держит живой стрим и получает обновления в реальном времени — ход соперника, ваш ход,
|
держит живой стрим и получает обновления в реальном времени — ход соперника, ваш ход,
|
||||||
@@ -329,6 +332,14 @@ high-rate флага. С карточки пользователя операт
|
|||||||
истечении срока; оператор также может **разблокировать** с карточки пользователя в любой момент
|
истечении срока; оператор также может **разблокировать** с карточки пользователя в любой момент
|
||||||
(уже проигранные партии не возвращаются).
|
(уже проигранные партии не возвращаются).
|
||||||
|
|
||||||
|
Там, где бот ведёт **привязанный к каналу чат-обсуждение**, писать в нём может только
|
||||||
|
**зарегистрированный** игрок, который **не заблокирован**: при входе такого игрока бот выдаёт право
|
||||||
|
писать, а незарегистрированному или заблокированному — оставляет немым (промо-бот направляет
|
||||||
|
новичков в игру, чтобы они зарегистрировались). Оператор также может **замьютить игрока только в
|
||||||
|
чате** — роль `chat_muted` на карточке пользователя — без полной блокировки аккаунта; блокировка
|
||||||
|
аккаунта всё равно мьютит его в чате. Мьют/размьют и блокировка/разблокировка срабатывают для
|
||||||
|
игрока, уже находящегося в чате; того, кого в чате нет, это не затрагивает до его следующего входа.
|
||||||
|
|
||||||
С карточки пользователя оператор также может **пополнить кошелёк подсказок** игрока: аддитивное
|
С карточки пользователя оператор также может **пополнить кошелёк подсказок** игрока: аддитивное
|
||||||
начисление (1–100 подсказок за раз), которое **только увеличивает** баланс на карточке. Начисления
|
начисление (1–100 подсказок за раз), которое **только увеличивает** баланс на карточке. Начисления
|
||||||
**только в плюс** — понизить кошелёк из консоли нельзя (игрок теряет подсказки только тратя их в
|
**только в плюс** — понизить кошелёк из консоли нельзя (игрок теряет подсказки только тратя их в
|
||||||
|
|||||||
@@ -147,7 +147,11 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
// fire-and-forget; the backend admin relay (plaintext, internal) awaits the Ack.
|
// fire-and-forget; the backend admin relay (plaintext, internal) awaits the Ack.
|
||||||
var botHub *botlink.Hub
|
var botHub *botlink.Hub
|
||||||
if cfg.BotLinkEnabled() {
|
if cfg.BotLinkEnabled() {
|
||||||
botHub = botlink.NewHub(logger, tel.MeterProvider().Meter("scrabble/gateway/botlink"))
|
botHub = botlink.NewHub(logger, tel.MeterProvider().Meter("scrabble/gateway/botlink"),
|
||||||
|
func(ctx context.Context, externalID string) (bool, bool, error) {
|
||||||
|
r, rerr := backend.ChatEligibility(ctx, externalID)
|
||||||
|
return r.Registered, r.Eligible, rerr
|
||||||
|
})
|
||||||
tlsCfg, terr := mtls.ServerConfig(cfg.BotLink.CertFile, cfg.BotLink.KeyFile, cfg.BotLink.CAFile)
|
tlsCfg, terr := mtls.ServerConfig(cfg.BotLink.CertFile, cfg.BotLink.KeyFile, cfg.BotLink.CAFile)
|
||||||
if terr != nil {
|
if terr != nil {
|
||||||
return terr
|
return terr
|
||||||
@@ -361,6 +365,15 @@ func runPushPump(ctx context.Context, backend *backendclient.Client, hub *push.H
|
|||||||
}
|
}
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
// A chat-access-changed event is an infra signal, not an in-app event:
|
||||||
|
// resolve the recipient's Telegram identity and current eligibility and
|
||||||
|
// push the chat-gate command to the bot, without fanning it out to clients.
|
||||||
|
if ev.GetKind() == chatAccessChangedKind {
|
||||||
|
if bot != nil {
|
||||||
|
go deliverChatGate(ctx, backend, bot, ev.GetUserId(), logger)
|
||||||
|
}
|
||||||
|
continue
|
||||||
|
}
|
||||||
hub.Publish(push.Event{
|
hub.Publish(push.Event{
|
||||||
UserID: ev.GetUserId(),
|
UserID: ev.GetUserId(),
|
||||||
Kind: ev.GetKind(),
|
Kind: ev.GetKind(),
|
||||||
@@ -398,6 +411,27 @@ func deliverOutOfApp(ctx context.Context, backend *backendclient.Client, bot *bo
|
|||||||
bot.Send(botlink.NotifyCommand(target.ExternalID, kind, payload, target.Language))
|
bot.Send(botlink.NotifyCommand(target.ExternalID, kind, payload, target.Language))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// chatAccessChangedKind is the backend event signalling that a player's moderated-chat
|
||||||
|
// write eligibility may have changed; the gateway turns it into a bot-link chat-gate
|
||||||
|
// command rather than an in-app event (it mirrors notify.KindChatAccessChanged).
|
||||||
|
const chatAccessChangedKind = "chat_access_changed"
|
||||||
|
|
||||||
|
// deliverChatGate resolves a chat-access-changed event to the recipient's Telegram
|
||||||
|
// identity and current eligibility and pushes the chat-gate command to the bot. It is
|
||||||
|
// best-effort: a recipient with no Telegram identity is skipped, and a resolve failure
|
||||||
|
// is logged and dropped (the next moderation action, or a re-join, re-applies the gate).
|
||||||
|
func deliverChatGate(ctx context.Context, backend *backendclient.Client, bot *botlink.Hub, userID string, logger *zap.Logger) {
|
||||||
|
res, err := backend.ChatAccessByUser(ctx, userID)
|
||||||
|
if err != nil {
|
||||||
|
logger.Warn("chat-gate resolve failed", zap.String("user_id", userID), zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if res.ExternalID == "" {
|
||||||
|
return // no Telegram identity, nothing to gate
|
||||||
|
}
|
||||||
|
bot.Send(botlink.ChatGateCommand(res.ExternalID, res.Eligible))
|
||||||
|
}
|
||||||
|
|
||||||
// sleep waits for d or until ctx is cancelled, reporting whether it waited the
|
// sleep waits for d or until ctx is cancelled, reporting whether it waited the
|
||||||
// full duration.
|
// full duration.
|
||||||
func sleep(ctx context.Context, d time.Duration) bool {
|
func sleep(ctx context.Context, d time.Duration) bool {
|
||||||
|
|||||||
@@ -215,6 +215,34 @@ func (c *Client) PushTarget(ctx context.Context, userID string) (PushTargetResp,
|
|||||||
return out, err
|
return out, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ChatAccessResp is a user's moderated-chat write eligibility: ExternalID is their
|
||||||
|
// Telegram identity (empty when they have none, so the gateway has nothing to gate),
|
||||||
|
// Registered whether an account was found, and Eligible the final gate the bot applies
|
||||||
|
// (registered and neither admin-suspended nor chat-muted).
|
||||||
|
type ChatAccessResp struct {
|
||||||
|
ExternalID string `json:"external_id"`
|
||||||
|
Registered bool `json:"registered"`
|
||||||
|
Eligible bool `json:"eligible"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ChatEligibility resolves a Telegram identity to its moderated-chat write
|
||||||
|
// eligibility — the join path, when the bot sees a user enter the chat.
|
||||||
|
func (c *Client) ChatEligibility(ctx context.Context, externalID string) (ChatAccessResp, error) {
|
||||||
|
var out ChatAccessResp
|
||||||
|
err := c.do(ctx, http.MethodPost, "/api/v1/internal/chat-access", "", "",
|
||||||
|
map[string]string{"external_id": externalID}, &out)
|
||||||
|
return out, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// ChatAccessByUser resolves an account id to its Telegram identity and current
|
||||||
|
// moderated-chat write eligibility — the change path, for a chat-access-changed event.
|
||||||
|
func (c *Client) ChatAccessByUser(ctx context.Context, userID string) (ChatAccessResp, error) {
|
||||||
|
var out ChatAccessResp
|
||||||
|
err := c.do(ctx, http.MethodPost, "/api/v1/internal/chat-access", "", "",
|
||||||
|
map[string]string{"user_id": userID}, &out)
|
||||||
|
return out, err
|
||||||
|
}
|
||||||
|
|
||||||
// GuestAuth provisions a guest account and mints a session.
|
// GuestAuth provisions a guest account and mints a session.
|
||||||
func (c *Client) GuestAuth(ctx context.Context) (SessionResp, error) {
|
func (c *Client) GuestAuth(ctx context.Context) (SessionResp, error) {
|
||||||
var out SessionResp
|
var out SessionResp
|
||||||
|
|||||||
@@ -36,3 +36,15 @@ func SendToGameChannelCommand(text string) *botlinkv1.Command {
|
|||||||
}},
|
}},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ChatGateCommand builds a chat-gate command that sets whether the Telegram user
|
||||||
|
// identified by externalID may write in the moderated discussion chat. The bot
|
||||||
|
// applies it only to a member currently in the chat (guarded on getChatMember).
|
||||||
|
func ChatGateCommand(externalID string, allow bool) *botlinkv1.Command {
|
||||||
|
return &botlinkv1.Command{
|
||||||
|
Payload: &botlinkv1.Command_ChatGate{ChatGate: &botlinkv1.ChatGateCommand{
|
||||||
|
ExternalId: externalID,
|
||||||
|
Allow: allow,
|
||||||
|
}},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -31,13 +31,21 @@ var ErrNoBot = errors.New("botlink: no bot connected")
|
|||||||
// (at-most-once under backpressure).
|
// (at-most-once under backpressure).
|
||||||
const outboundBuffer = 64
|
const outboundBuffer = 64
|
||||||
|
|
||||||
|
// EligibilityResolver answers a Telegram identity's moderated-chat write eligibility
|
||||||
|
// for the bot's join-time ResolveChatEligibility query: registered reports whether the
|
||||||
|
// identity maps to an account, eligible is the final gate the bot acts on (registered
|
||||||
|
// and neither admin-suspended nor chat-muted). The gateway backs it with the backend
|
||||||
|
// chat-access endpoint.
|
||||||
|
type EligibilityResolver func(ctx context.Context, externalID string) (registered, eligible bool, err error)
|
||||||
|
|
||||||
// Hub registers connected bots and routes send commands to them. A single bot is
|
// Hub registers connected bots and routes send commands to them. A single bot is
|
||||||
// expected today; the registry already holds a set so adding more later needs no
|
// expected today; the registry already holds a set so adding more later needs no
|
||||||
// rewrite.
|
// rewrite.
|
||||||
type Hub struct {
|
type Hub struct {
|
||||||
botlinkv1.UnimplementedBotLinkServer
|
botlinkv1.UnimplementedBotLinkServer
|
||||||
|
|
||||||
log *zap.Logger
|
log *zap.Logger
|
||||||
|
eligibility EligibilityResolver
|
||||||
|
|
||||||
mu sync.Mutex
|
mu sync.Mutex
|
||||||
links map[*link]struct{}
|
links map[*link]struct{}
|
||||||
@@ -56,15 +64,18 @@ type link struct {
|
|||||||
out chan *botlinkv1.ToBot
|
out chan *botlinkv1.ToBot
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewHub builds a Hub. A nil meter disables metrics; a nil logger is tolerated.
|
// NewHub builds a Hub. resolve answers the bot's join-time chat-eligibility query
|
||||||
func NewHub(log *zap.Logger, meter metric.Meter) *Hub {
|
// (nil rejects it as unavailable). A nil meter disables metrics; a nil logger is
|
||||||
|
// tolerated.
|
||||||
|
func NewHub(log *zap.Logger, meter metric.Meter, resolve EligibilityResolver) *Hub {
|
||||||
if log == nil {
|
if log == nil {
|
||||||
log = zap.NewNop()
|
log = zap.NewNop()
|
||||||
}
|
}
|
||||||
h := &Hub{
|
h := &Hub{
|
||||||
log: log,
|
log: log,
|
||||||
links: make(map[*link]struct{}),
|
eligibility: resolve,
|
||||||
pending: make(map[string]chan *botlinkv1.Ack),
|
links: make(map[*link]struct{}),
|
||||||
|
pending: make(map[string]chan *botlinkv1.Ack),
|
||||||
}
|
}
|
||||||
if meter != nil {
|
if meter != nil {
|
||||||
h.connected, _ = meter.Int64UpDownCounter("botlink_connected_bots",
|
h.connected, _ = meter.Int64UpDownCounter("botlink_connected_bots",
|
||||||
@@ -120,6 +131,22 @@ func (h *Hub) Link(stream grpc.BidiStreamingServer[botlinkv1.FromBot, botlinkv1.
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ResolveChatEligibility serves the bot's join-time query: whether the Telegram user
|
||||||
|
// identified in the request may write in the moderated discussion chat. It delegates
|
||||||
|
// to the configured resolver (the backend chat-access endpoint), unlike the streamed
|
||||||
|
// Commands it is a plain request/response over the same mTLS channel.
|
||||||
|
func (h *Hub) ResolveChatEligibility(ctx context.Context, req *botlinkv1.ChatEligibilityRequest) (*botlinkv1.ChatEligibilityResponse, error) {
|
||||||
|
if h.eligibility == nil {
|
||||||
|
return nil, status.Error(codes.Unavailable, "chat eligibility resolver not configured")
|
||||||
|
}
|
||||||
|
registered, eligible, err := h.eligibility(ctx, req.GetExternalId())
|
||||||
|
if err != nil {
|
||||||
|
h.log.Warn("resolve chat eligibility failed", zap.String("external_id", req.GetExternalId()), zap.Error(err))
|
||||||
|
return nil, status.Error(codes.Internal, "resolve chat eligibility")
|
||||||
|
}
|
||||||
|
return &botlinkv1.ChatEligibilityResponse{Registered: registered, Eligible: eligible}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// register adds a connected bot.
|
// register adds a connected bot.
|
||||||
func (h *Hub) register(l *link) {
|
func (h *Hub) register(l *link) {
|
||||||
h.mu.Lock()
|
h.mu.Lock()
|
||||||
|
|||||||
@@ -8,7 +8,9 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/credentials/insecure"
|
"google.golang.org/grpc/credentials/insecure"
|
||||||
|
"google.golang.org/grpc/status"
|
||||||
"google.golang.org/grpc/test/bufconn"
|
"google.golang.org/grpc/test/bufconn"
|
||||||
|
|
||||||
botlinkv1 "scrabble/pkg/proto/botlink/v1"
|
botlinkv1 "scrabble/pkg/proto/botlink/v1"
|
||||||
@@ -23,12 +25,18 @@ type fakeBot struct {
|
|||||||
received chan *botlinkv1.Command
|
received chan *botlinkv1.Command
|
||||||
}
|
}
|
||||||
|
|
||||||
// startHub registers a Hub on an in-memory gRPC server and returns the hub plus a
|
// startHub registers a Hub (no chat-eligibility resolver) on an in-memory gRPC
|
||||||
// dialer for fake bots.
|
// server and returns the hub plus a dialer for fake bots.
|
||||||
func startHub(t *testing.T) (*Hub, func(t *testing.T) botlinkv1.BotLinkClient) {
|
func startHub(t *testing.T) (*Hub, func(t *testing.T) botlinkv1.BotLinkClient) {
|
||||||
|
return startHubWith(t, nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
// startHubWith is startHub with an explicit chat-eligibility resolver, for the
|
||||||
|
// ResolveChatEligibility tests.
|
||||||
|
func startHubWith(t *testing.T, resolve EligibilityResolver) (*Hub, func(t *testing.T) botlinkv1.BotLinkClient) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
lis := bufconn.Listen(1 << 20)
|
lis := bufconn.Listen(1 << 20)
|
||||||
hub := NewHub(nil, nil)
|
hub := NewHub(nil, nil, resolve)
|
||||||
srv := grpc.NewServer()
|
srv := grpc.NewServer()
|
||||||
botlinkv1.RegisterBotLinkServer(srv, hub)
|
botlinkv1.RegisterBotLinkServer(srv, hub)
|
||||||
go func() { _ = srv.Serve(lis) }()
|
go func() { _ = srv.Serve(lis) }()
|
||||||
@@ -162,6 +170,62 @@ func TestHubSendAsync(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestHubSendChatGate(t *testing.T) {
|
||||||
|
hub, dial := startHub(t)
|
||||||
|
ctx := t.Context()
|
||||||
|
bot := &fakeBot{ack: false}
|
||||||
|
bot.connect(t, ctx, hub, dial(t))
|
||||||
|
|
||||||
|
hub.Send(ChatGateCommand("42", true))
|
||||||
|
select {
|
||||||
|
case cmd := <-bot.received:
|
||||||
|
cg := cmd.GetChatGate()
|
||||||
|
if cg.GetExternalId() != "42" || !cg.GetAllow() {
|
||||||
|
t.Errorf("chat_gate = %+v, want external_id=42 allow=true", cg)
|
||||||
|
}
|
||||||
|
case <-time.After(time.Second):
|
||||||
|
t.Fatal("bot received no command")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHubResolveChatEligibility(t *testing.T) {
|
||||||
|
var gotExt string
|
||||||
|
_, dial := startHubWith(t, func(_ context.Context, ext string) (bool, bool, error) {
|
||||||
|
gotExt = ext
|
||||||
|
return true, ext == "good", nil
|
||||||
|
})
|
||||||
|
client := dial(t)
|
||||||
|
ctx := t.Context()
|
||||||
|
|
||||||
|
resp, err := client.ResolveChatEligibility(ctx, &botlinkv1.ChatEligibilityRequest{ExternalId: "good"})
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("ResolveChatEligibility: %v", err)
|
||||||
|
}
|
||||||
|
if gotExt != "good" {
|
||||||
|
t.Errorf("resolver external_id = %q, want good", gotExt)
|
||||||
|
}
|
||||||
|
if !resp.GetRegistered() || !resp.GetEligible() {
|
||||||
|
t.Errorf("resp = %+v, want registered+eligible", resp)
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err = client.ResolveChatEligibility(ctx, &botlinkv1.ChatEligibilityRequest{ExternalId: "muted"})
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("ResolveChatEligibility(muted): %v", err)
|
||||||
|
}
|
||||||
|
if !resp.GetRegistered() || resp.GetEligible() {
|
||||||
|
t.Errorf("resp = %+v, want registered but not eligible", resp)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHubResolveChatEligibilityUnconfigured(t *testing.T) {
|
||||||
|
_, dial := startHub(t) // nil resolver
|
||||||
|
client := dial(t)
|
||||||
|
_, err := client.ResolveChatEligibility(t.Context(), &botlinkv1.ChatEligibilityRequest{ExternalId: "x"})
|
||||||
|
if status.Code(err) != codes.Unavailable {
|
||||||
|
t.Fatalf("err = %v, want Unavailable", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestRelayServerNoBot(t *testing.T) {
|
func TestRelayServerNoBot(t *testing.T) {
|
||||||
hub, _ := startHub(t)
|
hub, _ := startHub(t)
|
||||||
relay := NewRelayServer(hub, 200*time.Millisecond)
|
relay := NewRelayServer(hub, 200*time.Millisecond)
|
||||||
|
|||||||
@@ -94,7 +94,7 @@ func startMTLSHub(t *testing.T) (hub *Hub, addr, caFile, cliCert, cliKey string)
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("listen: %v", err)
|
t.Fatalf("listen: %v", err)
|
||||||
}
|
}
|
||||||
hub = NewHub(nil, nil)
|
hub = NewHub(nil, nil, nil)
|
||||||
srv := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsCfg)))
|
srv := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsCfg)))
|
||||||
botlinkv1.RegisterBotLinkServer(srv, hub)
|
botlinkv1.RegisterBotLinkServer(srv, hub)
|
||||||
go func() { _ = srv.Serve(lis) }()
|
go func() { _ = srv.Serve(lis) }()
|
||||||
|
|||||||
@@ -224,6 +224,7 @@ type Command struct {
|
|||||||
// *Command_Notify
|
// *Command_Notify
|
||||||
// *Command_SendToUser
|
// *Command_SendToUser
|
||||||
// *Command_SendToChannel
|
// *Command_SendToChannel
|
||||||
|
// *Command_ChatGate
|
||||||
Payload isCommand_Payload `protobuf_oneof:"payload"`
|
Payload isCommand_Payload `protobuf_oneof:"payload"`
|
||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
sizeCache protoimpl.SizeCache
|
sizeCache protoimpl.SizeCache
|
||||||
@@ -300,6 +301,15 @@ func (x *Command) GetSendToChannel() *v1.SendToGameChannelRequest {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (x *Command) GetChatGate() *ChatGateCommand {
|
||||||
|
if x != nil {
|
||||||
|
if x, ok := x.Payload.(*Command_ChatGate); ok {
|
||||||
|
return x.ChatGate
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
type isCommand_Payload interface {
|
type isCommand_Payload interface {
|
||||||
isCommand_Payload()
|
isCommand_Payload()
|
||||||
}
|
}
|
||||||
@@ -316,12 +326,18 @@ type Command_SendToChannel struct {
|
|||||||
SendToChannel *v1.SendToGameChannelRequest `protobuf:"bytes,4,opt,name=send_to_channel,json=sendToChannel,proto3,oneof"`
|
SendToChannel *v1.SendToGameChannelRequest `protobuf:"bytes,4,opt,name=send_to_channel,json=sendToChannel,proto3,oneof"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Command_ChatGate struct {
|
||||||
|
ChatGate *ChatGateCommand `protobuf:"bytes,5,opt,name=chat_gate,json=chatGate,proto3,oneof"`
|
||||||
|
}
|
||||||
|
|
||||||
func (*Command_Notify) isCommand_Payload() {}
|
func (*Command_Notify) isCommand_Payload() {}
|
||||||
|
|
||||||
func (*Command_SendToUser) isCommand_Payload() {}
|
func (*Command_SendToUser) isCommand_Payload() {}
|
||||||
|
|
||||||
func (*Command_SendToChannel) isCommand_Payload() {}
|
func (*Command_SendToChannel) isCommand_Payload() {}
|
||||||
|
|
||||||
|
func (*Command_ChatGate) isCommand_Payload() {}
|
||||||
|
|
||||||
// Ack reports the outcome of the Command with command_id. delivered mirrors the
|
// Ack reports the outcome of the Command with command_id. delivered mirrors the
|
||||||
// connector delivery semantics (false when the kind is not rendered out-of-app, the
|
// connector delivery semantics (false when the kind is not rendered out-of-app, the
|
||||||
// user never started the bot, or no channel is configured); error carries an
|
// user never started the bot, or no channel is configured); error carries an
|
||||||
@@ -386,6 +402,166 @@ func (x *Ack) GetError() string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ChatGateCommand sets a Telegram user's write access in the moderated discussion
|
||||||
|
// chat. external_id is the user's Telegram identity (as in the backend identities
|
||||||
|
// table); allow grants the right to write when true and revokes it when false. The
|
||||||
|
// bot applies it only to a user currently in the chat — it guards on getChatMember,
|
||||||
|
// so a command for an absent user is a no-op. The gateway emits one whenever the
|
||||||
|
// user's eligibility may have changed: an admin block or unblock, a chat_muted
|
||||||
|
// grant or revoke, or a temporary block lapsing.
|
||||||
|
type ChatGateCommand struct {
|
||||||
|
state protoimpl.MessageState `protogen:"open.v1"`
|
||||||
|
ExternalId string `protobuf:"bytes,1,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"`
|
||||||
|
Allow bool `protobuf:"varint,2,opt,name=allow,proto3" json:"allow,omitempty"`
|
||||||
|
unknownFields protoimpl.UnknownFields
|
||||||
|
sizeCache protoimpl.SizeCache
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatGateCommand) Reset() {
|
||||||
|
*x = ChatGateCommand{}
|
||||||
|
mi := &file_botlink_v1_botlink_proto_msgTypes[5]
|
||||||
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||||
|
ms.StoreMessageInfo(mi)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatGateCommand) String() string {
|
||||||
|
return protoimpl.X.MessageStringOf(x)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*ChatGateCommand) ProtoMessage() {}
|
||||||
|
|
||||||
|
func (x *ChatGateCommand) ProtoReflect() protoreflect.Message {
|
||||||
|
mi := &file_botlink_v1_botlink_proto_msgTypes[5]
|
||||||
|
if x != nil {
|
||||||
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||||
|
if ms.LoadMessageInfo() == nil {
|
||||||
|
ms.StoreMessageInfo(mi)
|
||||||
|
}
|
||||||
|
return ms
|
||||||
|
}
|
||||||
|
return mi.MessageOf(x)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deprecated: Use ChatGateCommand.ProtoReflect.Descriptor instead.
|
||||||
|
func (*ChatGateCommand) Descriptor() ([]byte, []int) {
|
||||||
|
return file_botlink_v1_botlink_proto_rawDescGZIP(), []int{5}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatGateCommand) GetExternalId() string {
|
||||||
|
if x != nil {
|
||||||
|
return x.ExternalId
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatGateCommand) GetAllow() bool {
|
||||||
|
if x != nil {
|
||||||
|
return x.Allow
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// ChatEligibilityRequest asks whether the Telegram user identified by external_id
|
||||||
|
// may write in the moderated discussion chat.
|
||||||
|
type ChatEligibilityRequest struct {
|
||||||
|
state protoimpl.MessageState `protogen:"open.v1"`
|
||||||
|
ExternalId string `protobuf:"bytes,1,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"`
|
||||||
|
unknownFields protoimpl.UnknownFields
|
||||||
|
sizeCache protoimpl.SizeCache
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityRequest) Reset() {
|
||||||
|
*x = ChatEligibilityRequest{}
|
||||||
|
mi := &file_botlink_v1_botlink_proto_msgTypes[6]
|
||||||
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||||
|
ms.StoreMessageInfo(mi)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityRequest) String() string {
|
||||||
|
return protoimpl.X.MessageStringOf(x)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*ChatEligibilityRequest) ProtoMessage() {}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityRequest) ProtoReflect() protoreflect.Message {
|
||||||
|
mi := &file_botlink_v1_botlink_proto_msgTypes[6]
|
||||||
|
if x != nil {
|
||||||
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||||
|
if ms.LoadMessageInfo() == nil {
|
||||||
|
ms.StoreMessageInfo(mi)
|
||||||
|
}
|
||||||
|
return ms
|
||||||
|
}
|
||||||
|
return mi.MessageOf(x)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deprecated: Use ChatEligibilityRequest.ProtoReflect.Descriptor instead.
|
||||||
|
func (*ChatEligibilityRequest) Descriptor() ([]byte, []int) {
|
||||||
|
return file_botlink_v1_botlink_proto_rawDescGZIP(), []int{6}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityRequest) GetExternalId() string {
|
||||||
|
if x != nil {
|
||||||
|
return x.ExternalId
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
// ChatEligibilityResponse is the eligibility answer. registered reports whether the
|
||||||
|
// external_id maps to an account at all; eligible is the final gate the bot acts on
|
||||||
|
// (registered and neither admin-suspended nor chat-muted).
|
||||||
|
type ChatEligibilityResponse struct {
|
||||||
|
state protoimpl.MessageState `protogen:"open.v1"`
|
||||||
|
Registered bool `protobuf:"varint,1,opt,name=registered,proto3" json:"registered,omitempty"`
|
||||||
|
Eligible bool `protobuf:"varint,2,opt,name=eligible,proto3" json:"eligible,omitempty"`
|
||||||
|
unknownFields protoimpl.UnknownFields
|
||||||
|
sizeCache protoimpl.SizeCache
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityResponse) Reset() {
|
||||||
|
*x = ChatEligibilityResponse{}
|
||||||
|
mi := &file_botlink_v1_botlink_proto_msgTypes[7]
|
||||||
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||||
|
ms.StoreMessageInfo(mi)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityResponse) String() string {
|
||||||
|
return protoimpl.X.MessageStringOf(x)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*ChatEligibilityResponse) ProtoMessage() {}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityResponse) ProtoReflect() protoreflect.Message {
|
||||||
|
mi := &file_botlink_v1_botlink_proto_msgTypes[7]
|
||||||
|
if x != nil {
|
||||||
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||||
|
if ms.LoadMessageInfo() == nil {
|
||||||
|
ms.StoreMessageInfo(mi)
|
||||||
|
}
|
||||||
|
return ms
|
||||||
|
}
|
||||||
|
return mi.MessageOf(x)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deprecated: Use ChatEligibilityResponse.ProtoReflect.Descriptor instead.
|
||||||
|
func (*ChatEligibilityResponse) Descriptor() ([]byte, []int) {
|
||||||
|
return file_botlink_v1_botlink_proto_rawDescGZIP(), []int{7}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityResponse) GetRegistered() bool {
|
||||||
|
if x != nil {
|
||||||
|
return x.Registered
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *ChatEligibilityResponse) GetEligible() bool {
|
||||||
|
if x != nil {
|
||||||
|
return x.Eligible
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
var File_botlink_v1_botlink_proto protoreflect.FileDescriptor
|
var File_botlink_v1_botlink_proto protoreflect.FileDescriptor
|
||||||
|
|
||||||
const file_botlink_v1_botlink_proto_rawDesc = "" +
|
const file_botlink_v1_botlink_proto_rawDesc = "" +
|
||||||
@@ -400,22 +576,36 @@ const file_botlink_v1_botlink_proto_rawDesc = "" +
|
|||||||
"\x05Hello\x12\x1f\n" +
|
"\x05Hello\x12\x1f\n" +
|
||||||
"\vinstance_id\x18\x01 \x01(\tR\n" +
|
"\vinstance_id\x18\x01 \x01(\tR\n" +
|
||||||
"instanceId\x12!\n" +
|
"instanceId\x12!\n" +
|
||||||
"\fowns_updates\x18\x02 \x01(\bR\vownsUpdates\"\x99\x02\n" +
|
"\fowns_updates\x18\x02 \x01(\bR\vownsUpdates\"\xde\x02\n" +
|
||||||
"\aCommand\x12\x1d\n" +
|
"\aCommand\x12\x1d\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"command_id\x18\x01 \x01(\tR\tcommandId\x12=\n" +
|
"command_id\x18\x01 \x01(\tR\tcommandId\x12=\n" +
|
||||||
"\x06notify\x18\x02 \x01(\v2#.scrabble.telegram.v1.NotifyRequestH\x00R\x06notify\x12K\n" +
|
"\x06notify\x18\x02 \x01(\v2#.scrabble.telegram.v1.NotifyRequestH\x00R\x06notify\x12K\n" +
|
||||||
"\fsend_to_user\x18\x03 \x01(\v2'.scrabble.telegram.v1.SendToUserRequestH\x00R\n" +
|
"\fsend_to_user\x18\x03 \x01(\v2'.scrabble.telegram.v1.SendToUserRequestH\x00R\n" +
|
||||||
"sendToUser\x12X\n" +
|
"sendToUser\x12X\n" +
|
||||||
"\x0fsend_to_channel\x18\x04 \x01(\v2..scrabble.telegram.v1.SendToGameChannelRequestH\x00R\rsendToChannelB\t\n" +
|
"\x0fsend_to_channel\x18\x04 \x01(\v2..scrabble.telegram.v1.SendToGameChannelRequestH\x00R\rsendToChannel\x12C\n" +
|
||||||
|
"\tchat_gate\x18\x05 \x01(\v2$.scrabble.botlink.v1.ChatGateCommandH\x00R\bchatGateB\t\n" +
|
||||||
"\apayload\"X\n" +
|
"\apayload\"X\n" +
|
||||||
"\x03Ack\x12\x1d\n" +
|
"\x03Ack\x12\x1d\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"command_id\x18\x01 \x01(\tR\tcommandId\x12\x1c\n" +
|
"command_id\x18\x01 \x01(\tR\tcommandId\x12\x1c\n" +
|
||||||
"\tdelivered\x18\x02 \x01(\bR\tdelivered\x12\x14\n" +
|
"\tdelivered\x18\x02 \x01(\bR\tdelivered\x12\x14\n" +
|
||||||
"\x05error\x18\x03 \x01(\tR\x05error2O\n" +
|
"\x05error\x18\x03 \x01(\tR\x05error\"H\n" +
|
||||||
|
"\x0fChatGateCommand\x12\x1f\n" +
|
||||||
|
"\vexternal_id\x18\x01 \x01(\tR\n" +
|
||||||
|
"externalId\x12\x14\n" +
|
||||||
|
"\x05allow\x18\x02 \x01(\bR\x05allow\"9\n" +
|
||||||
|
"\x16ChatEligibilityRequest\x12\x1f\n" +
|
||||||
|
"\vexternal_id\x18\x01 \x01(\tR\n" +
|
||||||
|
"externalId\"U\n" +
|
||||||
|
"\x17ChatEligibilityResponse\x12\x1e\n" +
|
||||||
|
"\n" +
|
||||||
|
"registered\x18\x01 \x01(\bR\n" +
|
||||||
|
"registered\x12\x1a\n" +
|
||||||
|
"\beligible\x18\x02 \x01(\bR\beligible2\xc4\x01\n" +
|
||||||
"\aBotLink\x12D\n" +
|
"\aBotLink\x12D\n" +
|
||||||
"\x04Link\x12\x1c.scrabble.botlink.v1.FromBot\x1a\x1a.scrabble.botlink.v1.ToBot(\x010\x01B)Z'scrabble/pkg/proto/botlink/v1;botlinkv1b\x06proto3"
|
"\x04Link\x12\x1c.scrabble.botlink.v1.FromBot\x1a\x1a.scrabble.botlink.v1.ToBot(\x010\x01\x12s\n" +
|
||||||
|
"\x16ResolveChatEligibility\x12+.scrabble.botlink.v1.ChatEligibilityRequest\x1a,.scrabble.botlink.v1.ChatEligibilityResponseB)Z'scrabble/pkg/proto/botlink/v1;botlinkv1b\x06proto3"
|
||||||
|
|
||||||
var (
|
var (
|
||||||
file_botlink_v1_botlink_proto_rawDescOnce sync.Once
|
file_botlink_v1_botlink_proto_rawDescOnce sync.Once
|
||||||
@@ -429,31 +619,37 @@ func file_botlink_v1_botlink_proto_rawDescGZIP() []byte {
|
|||||||
return file_botlink_v1_botlink_proto_rawDescData
|
return file_botlink_v1_botlink_proto_rawDescData
|
||||||
}
|
}
|
||||||
|
|
||||||
var file_botlink_v1_botlink_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
|
var file_botlink_v1_botlink_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
|
||||||
var file_botlink_v1_botlink_proto_goTypes = []any{
|
var file_botlink_v1_botlink_proto_goTypes = []any{
|
||||||
(*FromBot)(nil), // 0: scrabble.botlink.v1.FromBot
|
(*FromBot)(nil), // 0: scrabble.botlink.v1.FromBot
|
||||||
(*ToBot)(nil), // 1: scrabble.botlink.v1.ToBot
|
(*ToBot)(nil), // 1: scrabble.botlink.v1.ToBot
|
||||||
(*Hello)(nil), // 2: scrabble.botlink.v1.Hello
|
(*Hello)(nil), // 2: scrabble.botlink.v1.Hello
|
||||||
(*Command)(nil), // 3: scrabble.botlink.v1.Command
|
(*Command)(nil), // 3: scrabble.botlink.v1.Command
|
||||||
(*Ack)(nil), // 4: scrabble.botlink.v1.Ack
|
(*Ack)(nil), // 4: scrabble.botlink.v1.Ack
|
||||||
(*v1.NotifyRequest)(nil), // 5: scrabble.telegram.v1.NotifyRequest
|
(*ChatGateCommand)(nil), // 5: scrabble.botlink.v1.ChatGateCommand
|
||||||
(*v1.SendToUserRequest)(nil), // 6: scrabble.telegram.v1.SendToUserRequest
|
(*ChatEligibilityRequest)(nil), // 6: scrabble.botlink.v1.ChatEligibilityRequest
|
||||||
(*v1.SendToGameChannelRequest)(nil), // 7: scrabble.telegram.v1.SendToGameChannelRequest
|
(*ChatEligibilityResponse)(nil), // 7: scrabble.botlink.v1.ChatEligibilityResponse
|
||||||
|
(*v1.NotifyRequest)(nil), // 8: scrabble.telegram.v1.NotifyRequest
|
||||||
|
(*v1.SendToUserRequest)(nil), // 9: scrabble.telegram.v1.SendToUserRequest
|
||||||
|
(*v1.SendToGameChannelRequest)(nil), // 10: scrabble.telegram.v1.SendToGameChannelRequest
|
||||||
}
|
}
|
||||||
var file_botlink_v1_botlink_proto_depIdxs = []int32{
|
var file_botlink_v1_botlink_proto_depIdxs = []int32{
|
||||||
2, // 0: scrabble.botlink.v1.FromBot.hello:type_name -> scrabble.botlink.v1.Hello
|
2, // 0: scrabble.botlink.v1.FromBot.hello:type_name -> scrabble.botlink.v1.Hello
|
||||||
4, // 1: scrabble.botlink.v1.FromBot.ack:type_name -> scrabble.botlink.v1.Ack
|
4, // 1: scrabble.botlink.v1.FromBot.ack:type_name -> scrabble.botlink.v1.Ack
|
||||||
3, // 2: scrabble.botlink.v1.ToBot.command:type_name -> scrabble.botlink.v1.Command
|
3, // 2: scrabble.botlink.v1.ToBot.command:type_name -> scrabble.botlink.v1.Command
|
||||||
5, // 3: scrabble.botlink.v1.Command.notify:type_name -> scrabble.telegram.v1.NotifyRequest
|
8, // 3: scrabble.botlink.v1.Command.notify:type_name -> scrabble.telegram.v1.NotifyRequest
|
||||||
6, // 4: scrabble.botlink.v1.Command.send_to_user:type_name -> scrabble.telegram.v1.SendToUserRequest
|
9, // 4: scrabble.botlink.v1.Command.send_to_user:type_name -> scrabble.telegram.v1.SendToUserRequest
|
||||||
7, // 5: scrabble.botlink.v1.Command.send_to_channel:type_name -> scrabble.telegram.v1.SendToGameChannelRequest
|
10, // 5: scrabble.botlink.v1.Command.send_to_channel:type_name -> scrabble.telegram.v1.SendToGameChannelRequest
|
||||||
0, // 6: scrabble.botlink.v1.BotLink.Link:input_type -> scrabble.botlink.v1.FromBot
|
5, // 6: scrabble.botlink.v1.Command.chat_gate:type_name -> scrabble.botlink.v1.ChatGateCommand
|
||||||
1, // 7: scrabble.botlink.v1.BotLink.Link:output_type -> scrabble.botlink.v1.ToBot
|
0, // 7: scrabble.botlink.v1.BotLink.Link:input_type -> scrabble.botlink.v1.FromBot
|
||||||
7, // [7:8] is the sub-list for method output_type
|
6, // 8: scrabble.botlink.v1.BotLink.ResolveChatEligibility:input_type -> scrabble.botlink.v1.ChatEligibilityRequest
|
||||||
6, // [6:7] is the sub-list for method input_type
|
1, // 9: scrabble.botlink.v1.BotLink.Link:output_type -> scrabble.botlink.v1.ToBot
|
||||||
6, // [6:6] is the sub-list for extension type_name
|
7, // 10: scrabble.botlink.v1.BotLink.ResolveChatEligibility:output_type -> scrabble.botlink.v1.ChatEligibilityResponse
|
||||||
6, // [6:6] is the sub-list for extension extendee
|
9, // [9:11] is the sub-list for method output_type
|
||||||
0, // [0:6] is the sub-list for field type_name
|
7, // [7:9] is the sub-list for method input_type
|
||||||
|
7, // [7:7] is the sub-list for extension type_name
|
||||||
|
7, // [7:7] is the sub-list for extension extendee
|
||||||
|
0, // [0:7] is the sub-list for field type_name
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() { file_botlink_v1_botlink_proto_init() }
|
func init() { file_botlink_v1_botlink_proto_init() }
|
||||||
@@ -469,6 +665,7 @@ func file_botlink_v1_botlink_proto_init() {
|
|||||||
(*Command_Notify)(nil),
|
(*Command_Notify)(nil),
|
||||||
(*Command_SendToUser)(nil),
|
(*Command_SendToUser)(nil),
|
||||||
(*Command_SendToChannel)(nil),
|
(*Command_SendToChannel)(nil),
|
||||||
|
(*Command_ChatGate)(nil),
|
||||||
}
|
}
|
||||||
type x struct{}
|
type x struct{}
|
||||||
out := protoimpl.TypeBuilder{
|
out := protoimpl.TypeBuilder{
|
||||||
@@ -476,7 +673,7 @@ func file_botlink_v1_botlink_proto_init() {
|
|||||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||||
RawDescriptor: unsafe.Slice(unsafe.StringData(file_botlink_v1_botlink_proto_rawDesc), len(file_botlink_v1_botlink_proto_rawDesc)),
|
RawDescriptor: unsafe.Slice(unsafe.StringData(file_botlink_v1_botlink_proto_rawDesc), len(file_botlink_v1_botlink_proto_rawDesc)),
|
||||||
NumEnums: 0,
|
NumEnums: 0,
|
||||||
NumMessages: 5,
|
NumMessages: 8,
|
||||||
NumExtensions: 0,
|
NumExtensions: 0,
|
||||||
NumServices: 1,
|
NumServices: 1,
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -20,6 +20,13 @@ service BotLink {
|
|||||||
// Link opens the single bot <-> gateway stream. The first client message is
|
// Link opens the single bot <-> gateway stream. The first client message is
|
||||||
// Hello; thereafter the client sends one Ack per received Command.
|
// Hello; thereafter the client sends one Ack per received Command.
|
||||||
rpc Link(stream FromBot) returns (stream ToBot);
|
rpc Link(stream FromBot) returns (stream ToBot);
|
||||||
|
|
||||||
|
// ResolveChatEligibility answers whether the Telegram user identified by
|
||||||
|
// external_id may write in the moderated discussion chat: registered with an
|
||||||
|
// account and neither admin-suspended nor chat-muted. The bot calls it over the
|
||||||
|
// same mTLS channel when a user joins the chat, to decide whether to grant the
|
||||||
|
// write permission. Delivery of the answer is request/response (not best-effort).
|
||||||
|
rpc ResolveChatEligibility(ChatEligibilityRequest) returns (ChatEligibilityResponse);
|
||||||
}
|
}
|
||||||
|
|
||||||
// FromBot is a message the bot sends to the gateway: the opening Hello, then one
|
// FromBot is a message the bot sends to the gateway: the opening Hello, then one
|
||||||
@@ -53,6 +60,7 @@ message Command {
|
|||||||
scrabble.telegram.v1.NotifyRequest notify = 2;
|
scrabble.telegram.v1.NotifyRequest notify = 2;
|
||||||
scrabble.telegram.v1.SendToUserRequest send_to_user = 3;
|
scrabble.telegram.v1.SendToUserRequest send_to_user = 3;
|
||||||
scrabble.telegram.v1.SendToGameChannelRequest send_to_channel = 4;
|
scrabble.telegram.v1.SendToGameChannelRequest send_to_channel = 4;
|
||||||
|
ChatGateCommand chat_gate = 5;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -65,3 +73,29 @@ message Ack {
|
|||||||
bool delivered = 2;
|
bool delivered = 2;
|
||||||
string error = 3;
|
string error = 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ChatGateCommand sets a Telegram user's write access in the moderated discussion
|
||||||
|
// chat. external_id is the user's Telegram identity (as in the backend identities
|
||||||
|
// table); allow grants the right to write when true and revokes it when false. The
|
||||||
|
// bot applies it only to a user currently in the chat — it guards on getChatMember,
|
||||||
|
// so a command for an absent user is a no-op. The gateway emits one whenever the
|
||||||
|
// user's eligibility may have changed: an admin block or unblock, a chat_muted
|
||||||
|
// grant or revoke, or a temporary block lapsing.
|
||||||
|
message ChatGateCommand {
|
||||||
|
string external_id = 1;
|
||||||
|
bool allow = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
// ChatEligibilityRequest asks whether the Telegram user identified by external_id
|
||||||
|
// may write in the moderated discussion chat.
|
||||||
|
message ChatEligibilityRequest {
|
||||||
|
string external_id = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
// ChatEligibilityResponse is the eligibility answer. registered reports whether the
|
||||||
|
// external_id maps to an account at all; eligible is the final gate the bot acts on
|
||||||
|
// (registered and neither admin-suspended nor chat-muted).
|
||||||
|
message ChatEligibilityResponse {
|
||||||
|
bool registered = 1;
|
||||||
|
bool eligible = 2;
|
||||||
|
}
|
||||||
|
|||||||
@@ -26,7 +26,8 @@ import (
|
|||||||
const _ = grpc.SupportPackageIsVersion9
|
const _ = grpc.SupportPackageIsVersion9
|
||||||
|
|
||||||
const (
|
const (
|
||||||
BotLink_Link_FullMethodName = "/scrabble.botlink.v1.BotLink/Link"
|
BotLink_Link_FullMethodName = "/scrabble.botlink.v1.BotLink/Link"
|
||||||
|
BotLink_ResolveChatEligibility_FullMethodName = "/scrabble.botlink.v1.BotLink/ResolveChatEligibility"
|
||||||
)
|
)
|
||||||
|
|
||||||
// BotLinkClient is the client API for BotLink service.
|
// BotLinkClient is the client API for BotLink service.
|
||||||
@@ -41,6 +42,12 @@ type BotLinkClient interface {
|
|||||||
// Link opens the single bot <-> gateway stream. The first client message is
|
// Link opens the single bot <-> gateway stream. The first client message is
|
||||||
// Hello; thereafter the client sends one Ack per received Command.
|
// Hello; thereafter the client sends one Ack per received Command.
|
||||||
Link(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[FromBot, ToBot], error)
|
Link(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[FromBot, ToBot], error)
|
||||||
|
// ResolveChatEligibility answers whether the Telegram user identified by
|
||||||
|
// external_id may write in the moderated discussion chat: registered with an
|
||||||
|
// account and neither admin-suspended nor chat-muted. The bot calls it over the
|
||||||
|
// same mTLS channel when a user joins the chat, to decide whether to grant the
|
||||||
|
// write permission. Delivery of the answer is request/response (not best-effort).
|
||||||
|
ResolveChatEligibility(ctx context.Context, in *ChatEligibilityRequest, opts ...grpc.CallOption) (*ChatEligibilityResponse, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type botLinkClient struct {
|
type botLinkClient struct {
|
||||||
@@ -64,6 +71,16 @@ func (c *botLinkClient) Link(ctx context.Context, opts ...grpc.CallOption) (grpc
|
|||||||
// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
|
// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
|
||||||
type BotLink_LinkClient = grpc.BidiStreamingClient[FromBot, ToBot]
|
type BotLink_LinkClient = grpc.BidiStreamingClient[FromBot, ToBot]
|
||||||
|
|
||||||
|
func (c *botLinkClient) ResolveChatEligibility(ctx context.Context, in *ChatEligibilityRequest, opts ...grpc.CallOption) (*ChatEligibilityResponse, error) {
|
||||||
|
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
|
||||||
|
out := new(ChatEligibilityResponse)
|
||||||
|
err := c.cc.Invoke(ctx, BotLink_ResolveChatEligibility_FullMethodName, in, out, cOpts...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return out, nil
|
||||||
|
}
|
||||||
|
|
||||||
// BotLinkServer is the server API for BotLink service.
|
// BotLinkServer is the server API for BotLink service.
|
||||||
// All implementations must embed UnimplementedBotLinkServer
|
// All implementations must embed UnimplementedBotLinkServer
|
||||||
// for forward compatibility.
|
// for forward compatibility.
|
||||||
@@ -76,6 +93,12 @@ type BotLinkServer interface {
|
|||||||
// Link opens the single bot <-> gateway stream. The first client message is
|
// Link opens the single bot <-> gateway stream. The first client message is
|
||||||
// Hello; thereafter the client sends one Ack per received Command.
|
// Hello; thereafter the client sends one Ack per received Command.
|
||||||
Link(grpc.BidiStreamingServer[FromBot, ToBot]) error
|
Link(grpc.BidiStreamingServer[FromBot, ToBot]) error
|
||||||
|
// ResolveChatEligibility answers whether the Telegram user identified by
|
||||||
|
// external_id may write in the moderated discussion chat: registered with an
|
||||||
|
// account and neither admin-suspended nor chat-muted. The bot calls it over the
|
||||||
|
// same mTLS channel when a user joins the chat, to decide whether to grant the
|
||||||
|
// write permission. Delivery of the answer is request/response (not best-effort).
|
||||||
|
ResolveChatEligibility(context.Context, *ChatEligibilityRequest) (*ChatEligibilityResponse, error)
|
||||||
mustEmbedUnimplementedBotLinkServer()
|
mustEmbedUnimplementedBotLinkServer()
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -89,6 +112,9 @@ type UnimplementedBotLinkServer struct{}
|
|||||||
func (UnimplementedBotLinkServer) Link(grpc.BidiStreamingServer[FromBot, ToBot]) error {
|
func (UnimplementedBotLinkServer) Link(grpc.BidiStreamingServer[FromBot, ToBot]) error {
|
||||||
return status.Errorf(codes.Unimplemented, "method Link not implemented")
|
return status.Errorf(codes.Unimplemented, "method Link not implemented")
|
||||||
}
|
}
|
||||||
|
func (UnimplementedBotLinkServer) ResolveChatEligibility(context.Context, *ChatEligibilityRequest) (*ChatEligibilityResponse, error) {
|
||||||
|
return nil, status.Errorf(codes.Unimplemented, "method ResolveChatEligibility not implemented")
|
||||||
|
}
|
||||||
func (UnimplementedBotLinkServer) mustEmbedUnimplementedBotLinkServer() {}
|
func (UnimplementedBotLinkServer) mustEmbedUnimplementedBotLinkServer() {}
|
||||||
func (UnimplementedBotLinkServer) testEmbeddedByValue() {}
|
func (UnimplementedBotLinkServer) testEmbeddedByValue() {}
|
||||||
|
|
||||||
@@ -117,13 +143,36 @@ func _BotLink_Link_Handler(srv interface{}, stream grpc.ServerStream) error {
|
|||||||
// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
|
// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
|
||||||
type BotLink_LinkServer = grpc.BidiStreamingServer[FromBot, ToBot]
|
type BotLink_LinkServer = grpc.BidiStreamingServer[FromBot, ToBot]
|
||||||
|
|
||||||
|
func _BotLink_ResolveChatEligibility_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||||
|
in := new(ChatEligibilityRequest)
|
||||||
|
if err := dec(in); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if interceptor == nil {
|
||||||
|
return srv.(BotLinkServer).ResolveChatEligibility(ctx, in)
|
||||||
|
}
|
||||||
|
info := &grpc.UnaryServerInfo{
|
||||||
|
Server: srv,
|
||||||
|
FullMethod: BotLink_ResolveChatEligibility_FullMethodName,
|
||||||
|
}
|
||||||
|
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||||
|
return srv.(BotLinkServer).ResolveChatEligibility(ctx, req.(*ChatEligibilityRequest))
|
||||||
|
}
|
||||||
|
return interceptor(ctx, in, info, handler)
|
||||||
|
}
|
||||||
|
|
||||||
// BotLink_ServiceDesc is the grpc.ServiceDesc for BotLink service.
|
// BotLink_ServiceDesc is the grpc.ServiceDesc for BotLink service.
|
||||||
// It's only intended for direct use with grpc.RegisterService,
|
// It's only intended for direct use with grpc.RegisterService,
|
||||||
// and not to be introspected or modified (even as a copy)
|
// and not to be introspected or modified (even as a copy)
|
||||||
var BotLink_ServiceDesc = grpc.ServiceDesc{
|
var BotLink_ServiceDesc = grpc.ServiceDesc{
|
||||||
ServiceName: "scrabble.botlink.v1.BotLink",
|
ServiceName: "scrabble.botlink.v1.BotLink",
|
||||||
HandlerType: (*BotLinkServer)(nil),
|
HandlerType: (*BotLinkServer)(nil),
|
||||||
Methods: []grpc.MethodDesc{},
|
Methods: []grpc.MethodDesc{
|
||||||
|
{
|
||||||
|
MethodName: "ResolveChatEligibility",
|
||||||
|
Handler: _BotLink_ResolveChatEligibility_Handler,
|
||||||
|
},
|
||||||
|
},
|
||||||
Streams: []grpc.StreamDesc{
|
Streams: []grpc.StreamDesc{
|
||||||
{
|
{
|
||||||
StreamName: "Link",
|
StreamName: "Link",
|
||||||
|
|||||||
@@ -42,6 +42,23 @@ Telegram identity to an account from a browser. Both map a rejection to gRPC
|
|||||||
launch button; a deep-link payload routes the launch to a game / invitation / friend
|
launch button; a deep-link payload routes the launch to a game / invitation / friend
|
||||||
code. This is **self-contained** — the bot never calls back into the game, so `/start`
|
code. This is **self-contained** — the bot never calls back into the game, so `/start`
|
||||||
onboarding works even when the game is down.
|
onboarding works even when the game is down.
|
||||||
|
- **Moderated-chat gating.** When `TELEGRAM_CHAT_ID` names a channel's linked discussion
|
||||||
|
group, the bot gates who may write there. The group is configured **default no-send**
|
||||||
|
(a human setting); the bot grants write access to a user who **joins** when they are
|
||||||
|
registered and neither admin-suspended nor `chat_muted`, asking the gateway over the
|
||||||
|
bot-link (`ResolveChatEligibility`). When an operator blocks/unblocks an account or
|
||||||
|
toggles its `chat_muted` role, the gateway pushes a `ChatGate` command and the bot
|
||||||
|
applies it — but only to a member currently in the chat (it probes one user with
|
||||||
|
`getChatMember`, since bots cannot list members). The bot must be an **administrator**
|
||||||
|
there with the **"Ban users"** right (the Bot API `can_restrict_members`), and it
|
||||||
|
subscribes to `chat_member` updates, which Telegram delivers only to a chat admin.
|
||||||
|
- **Promo bot (optional).** When `TELEGRAM_PROMO_BOT_TOKEN` is set, the container also
|
||||||
|
runs a **second, standalone** bot whose only job is to answer `/start` with a localized
|
||||||
|
message and a button that opens the **main** bot's Mini App. The button is a **URL** to
|
||||||
|
the main bot's direct link (`TELEGRAM_BOT_LINK`, the same link the UI uses) with
|
||||||
|
`?startapp` — a `web_app` button would launch under the promo bot's identity (its token
|
||||||
|
would sign the initData), which the main bot's validator rejects. It is fully
|
||||||
|
self-contained: no bot-link, no gateway, no game.
|
||||||
- **Rate limiting.** Outbound sends are throttled (`TELEGRAM_SEND_RATE_PER_SECOND`,
|
- **Rate limiting.** Outbound sends are throttled (`TELEGRAM_SEND_RATE_PER_SECOND`,
|
||||||
default 25) to respect the Bot API flood limits.
|
default 25) to respect the Bot API flood limits.
|
||||||
|
|
||||||
@@ -57,7 +74,9 @@ parsing is Telegram-specific.
|
|||||||
gateway also implements `SendToUser` / `SendToGameChannel` as the backend's admin
|
gateway also implements `SendToUser` / `SendToGameChannel` as the backend's admin
|
||||||
relay.
|
relay.
|
||||||
- `pkg/proto/botlink/v1`, service `BotLink` — the reverse bidi stream the **bot** dials
|
- `pkg/proto/botlink/v1`, service `BotLink` — the reverse bidi stream the **bot** dials
|
||||||
on the gateway (`Hello` / `Command` / `Ack`). Generated Go is committed under `pkg`.
|
on the gateway (`Hello` / `Command` / `Ack`), now also carrying a `ChatGateCommand` (set
|
||||||
|
a user's chat write access) and a unary `ResolveChatEligibility` (the bot's join-time
|
||||||
|
query) over the same mTLS channel. Generated Go is committed under `pkg`.
|
||||||
|
|
||||||
## Deep-link scheme
|
## Deep-link scheme
|
||||||
|
|
||||||
@@ -101,6 +120,10 @@ Bot (`cmd/bot`):
|
|||||||
| `TELEGRAM_BOTLINK_SERVER_NAME` | — (required) | the gateway certificate's expected SNI / CN |
|
| `TELEGRAM_BOTLINK_SERVER_NAME` | — (required) | the gateway certificate's expected SNI / CN |
|
||||||
| `TELEGRAM_BOTLINK_TLS_CERT` / `_KEY` / `_CA` | — (required) | the bot client cert, its key, and the CA that signs the gateway server cert |
|
| `TELEGRAM_BOTLINK_TLS_CERT` / `_KEY` / `_CA` | — (required) | the bot client cert, its key, and the CA that signs the gateway server cert |
|
||||||
| `TELEGRAM_GAME_CHANNEL_ID` | — | the bot's game channel chat id for `SendToGameChannel` |
|
| `TELEGRAM_GAME_CHANNEL_ID` | — | the bot's game channel chat id for `SendToGameChannel` |
|
||||||
|
| `TELEGRAM_CHAT_ID` | — | the moderated discussion chat id (a channel's linked group); empty disables chat gating |
|
||||||
|
| `TELEGRAM_PROMO_BOT_TOKEN` | — | the optional standalone promo bot's token; empty disables it |
|
||||||
|
| `TELEGRAM_BOT_USERNAME` | — | the main bot's @username without the @ (promo message); required when the promo bot runs |
|
||||||
|
| `TELEGRAM_BOT_LINK` | — | the main bot's Mini App link for the promo button (the UI's `VITE_TELEGRAM_LINK`); required when the promo bot runs |
|
||||||
| `TELEGRAM_OWNS_UPDATES` | `true` | run the exclusive `getUpdates` long-poll (one bot per token) |
|
| `TELEGRAM_OWNS_UPDATES` | `true` | run the exclusive `getUpdates` long-poll (one bot per token) |
|
||||||
| `TELEGRAM_SEND_RATE_PER_SECOND` | `25` | outbound Bot API send cap (0 disables) |
|
| `TELEGRAM_SEND_RATE_PER_SECOND` | `25` | outbound Bot API send cap (0 disables) |
|
||||||
| `TELEGRAM_INSTANCE_ID` | hostname | bot identity reported to the gateway |
|
| `TELEGRAM_INSTANCE_ID` | hostname | bot identity reported to the gateway |
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ import (
|
|||||||
"scrabble/platform/telegram/internal/bot"
|
"scrabble/platform/telegram/internal/bot"
|
||||||
"scrabble/platform/telegram/internal/botlink"
|
"scrabble/platform/telegram/internal/botlink"
|
||||||
"scrabble/platform/telegram/internal/config"
|
"scrabble/platform/telegram/internal/config"
|
||||||
|
"scrabble/platform/telegram/internal/promobot"
|
||||||
)
|
)
|
||||||
|
|
||||||
// telemetryShutdownTimeout bounds the OpenTelemetry flush during process exit.
|
// telemetryShutdownTimeout bounds the OpenTelemetry flush during process exit.
|
||||||
@@ -70,6 +71,7 @@ func run(ctx context.Context, cfg config.BotConfig, logger *zap.Logger) error {
|
|||||||
TestEnv: cfg.TestEnv,
|
TestEnv: cfg.TestEnv,
|
||||||
MiniAppURL: cfg.MiniAppURL,
|
MiniAppURL: cfg.MiniAppURL,
|
||||||
SendRatePerSecond: cfg.SendRatePerSecond,
|
SendRatePerSecond: cfg.SendRatePerSecond,
|
||||||
|
ChatID: cfg.ChatID,
|
||||||
}, logger)
|
}, logger)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -80,19 +82,47 @@ func run(ctx context.Context, cfg config.BotConfig, logger *zap.Logger) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
exec := botlink.NewExecutor(b, cfg.GameChannelID, logger)
|
exec := botlink.NewExecutor(b, cfg.GameChannelID, logger)
|
||||||
client := botlink.NewClient(botlink.ClientConfig{
|
client, err := botlink.NewClient(botlink.ClientConfig{
|
||||||
GatewayAddr: cfg.BotLink.GatewayAddr,
|
GatewayAddr: cfg.BotLink.GatewayAddr,
|
||||||
InstanceID: cfg.BotLink.InstanceID,
|
InstanceID: cfg.BotLink.InstanceID,
|
||||||
OwnsUpdates: cfg.OwnsUpdates,
|
OwnsUpdates: cfg.OwnsUpdates,
|
||||||
Creds: credentials.NewTLS(tlsCfg),
|
Creds: credentials.NewTLS(tlsCfg),
|
||||||
ReconnectDelay: cfg.BotLink.ReconnectDelay,
|
ReconnectDelay: cfg.BotLink.ReconnectDelay,
|
||||||
}, exec, logger)
|
}, exec, logger)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer func() { _ = client.Close() }()
|
||||||
|
// The chat-join eligibility query rides the same bot-link connection; wire it into
|
||||||
|
// the bot after the client is built — the late binding that breaks the bot <->
|
||||||
|
// client construction cycle.
|
||||||
|
b.SetEligibilityResolver(client.ResolveChatEligibility)
|
||||||
|
|
||||||
|
// The optional standalone promo bot: a second bot (its own token) that only answers
|
||||||
|
// /start with a button opening the main bot's Mini App. It is self-contained — no
|
||||||
|
// bot-link, no gateway — so onboarding works even when the game is down.
|
||||||
|
var promo *promobot.Bot
|
||||||
|
if cfg.PromoBotToken != "" {
|
||||||
|
promo, err = promobot.New(promobot.Config{
|
||||||
|
Token: cfg.PromoBotToken,
|
||||||
|
APIBaseURL: cfg.APIBaseURL,
|
||||||
|
TestEnv: cfg.TestEnv,
|
||||||
|
BotUsername: cfg.BotUsername,
|
||||||
|
BotLinkURL: cfg.BotLinkURL,
|
||||||
|
SendRatePerSecond: cfg.SendRatePerSecond,
|
||||||
|
}, logger)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
logger.Info("telegram bot starting",
|
logger.Info("telegram bot starting",
|
||||||
zap.String("gateway", cfg.BotLink.GatewayAddr),
|
zap.String("gateway", cfg.BotLink.GatewayAddr),
|
||||||
zap.String("miniapp_url", cfg.MiniAppURL),
|
zap.String("miniapp_url", cfg.MiniAppURL),
|
||||||
zap.Bool("owns_updates", cfg.OwnsUpdates),
|
zap.Bool("owns_updates", cfg.OwnsUpdates),
|
||||||
zap.Bool("test_env", cfg.TestEnv))
|
zap.Bool("test_env", cfg.TestEnv),
|
||||||
|
zap.Bool("chat_gating", cfg.ChatID != 0),
|
||||||
|
zap.Bool("promo_bot", promo != nil))
|
||||||
|
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
// The long-poll holds the exclusive getUpdates lease (one bot per token); a bot
|
// The long-poll holds the exclusive getUpdates lease (one bot per token); a bot
|
||||||
@@ -105,6 +135,11 @@ func run(ctx context.Context, cfg config.BotConfig, logger *zap.Logger) error {
|
|||||||
logger.Error("bot-link client stopped", zap.Error(err))
|
logger.Error("bot-link client stopped", zap.Error(err))
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
// The promo bot runs its own getUpdates long-poll on its own token (no 409 with
|
||||||
|
// the main bot's lease).
|
||||||
|
if promo != nil {
|
||||||
|
wg.Go(func() { promo.Run(ctx) })
|
||||||
|
}
|
||||||
|
|
||||||
<-ctx.Done()
|
<-ctx.Done()
|
||||||
wg.Wait()
|
wg.Wait()
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ package bot
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
tgbot "github.com/go-telegram/bot"
|
tgbot "github.com/go-telegram/bot"
|
||||||
@@ -30,8 +31,19 @@ type Config struct {
|
|||||||
// Telegram Bot API flood limits; 0 disables the limiter. The burst equals the
|
// Telegram Bot API flood limits; 0 disables the limiter. The burst equals the
|
||||||
// per-second rate.
|
// per-second rate.
|
||||||
SendRatePerSecond int
|
SendRatePerSecond int
|
||||||
|
// ChatID is the moderated discussion chat the bot gates write access in; 0
|
||||||
|
// disables chat gating (and the chat_member long-poll subscription). Gating needs
|
||||||
|
// the bot to be an administrator there with the restrict-members right.
|
||||||
|
ChatID int64
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EligibilityResolver answers whether the Telegram user identified by externalID
|
||||||
|
// (the decimal user id) may write in the moderated chat: registered and neither
|
||||||
|
// admin-suspended nor chat-muted. The bot calls it when a user joins the chat. It is
|
||||||
|
// late-bound (SetEligibilityResolver) because it is backed by the bot-link client,
|
||||||
|
// which is built after the bot.
|
||||||
|
type EligibilityResolver func(ctx context.Context, externalID string) (eligible bool, err error)
|
||||||
|
|
||||||
// Bot wraps a Telegram Bot API client and the Mini App launch URL.
|
// Bot wraps a Telegram Bot API client and the Mini App launch URL.
|
||||||
type Bot struct {
|
type Bot struct {
|
||||||
api *tgbot.Bot
|
api *tgbot.Bot
|
||||||
@@ -40,6 +52,11 @@ type Bot struct {
|
|||||||
// limiter throttles outbound sends to stay under the Bot API flood limits; nil
|
// limiter throttles outbound sends to stay under the Bot API flood limits; nil
|
||||||
// disables throttling.
|
// disables throttling.
|
||||||
limiter *rate.Limiter
|
limiter *rate.Limiter
|
||||||
|
// chatID is the moderated discussion chat (0 disables gating).
|
||||||
|
chatID int64
|
||||||
|
// eligibility resolves a joining user's chat write eligibility; nil leaves a
|
||||||
|
// joiner muted (fail-closed) until it is wired.
|
||||||
|
eligibility EligibilityResolver
|
||||||
}
|
}
|
||||||
|
|
||||||
// New builds the bot wrapper, registering the /start handler and a default handler
|
// New builds the bot wrapper, registering the /start handler and a default handler
|
||||||
@@ -49,15 +66,25 @@ func New(cfg Config, log *zap.Logger) (*Bot, error) {
|
|||||||
if log == nil {
|
if log == nil {
|
||||||
log = zap.NewNop()
|
log = zap.NewNop()
|
||||||
}
|
}
|
||||||
t := &Bot{miniAppURL: cfg.MiniAppURL, log: log}
|
t := &Bot{miniAppURL: cfg.MiniAppURL, log: log, chatID: cfg.ChatID}
|
||||||
if cfg.SendRatePerSecond > 0 {
|
if cfg.SendRatePerSecond > 0 {
|
||||||
t.limiter = rate.NewLimiter(rate.Limit(cfg.SendRatePerSecond), cfg.SendRatePerSecond)
|
t.limiter = rate.NewLimiter(rate.Limit(cfg.SendRatePerSecond), cfg.SendRatePerSecond)
|
||||||
}
|
}
|
||||||
|
|
||||||
opts := []tgbot.Option{
|
opts := []tgbot.Option{
|
||||||
tgbot.WithDefaultHandler(t.handleStart),
|
tgbot.WithDefaultHandler(t.handleUpdate),
|
||||||
tgbot.WithMessageTextHandler("/start", tgbot.MatchTypePrefix, t.handleStart),
|
tgbot.WithMessageTextHandler("/start", tgbot.MatchTypePrefix, t.handleStart),
|
||||||
}
|
}
|
||||||
|
if cfg.ChatID != 0 {
|
||||||
|
// chat_member updates are off by default; subscribe explicitly (alongside
|
||||||
|
// messages) so the bot sees joins in the moderated chat. The bot must also be an
|
||||||
|
// administrator there for Telegram to deliver them.
|
||||||
|
opts = append(opts, tgbot.WithAllowedUpdates(tgbot.AllowedUpdates{
|
||||||
|
models.AllowedUpdateMessage,
|
||||||
|
models.AllowedUpdateMyChatMember,
|
||||||
|
models.AllowedUpdateChatMember,
|
||||||
|
}))
|
||||||
|
}
|
||||||
if cfg.TestEnv {
|
if cfg.TestEnv {
|
||||||
// Route to the Bot API test environment (.../bot<token>/test/METHOD).
|
// Route to the Bot API test environment (.../bot<token>/test/METHOD).
|
||||||
opts = append(opts, tgbot.UseTestEnvironment())
|
opts = append(opts, tgbot.UseTestEnvironment())
|
||||||
@@ -176,3 +203,130 @@ func startPayload(text string) string {
|
|||||||
}
|
}
|
||||||
return strings.TrimSpace(strings.TrimPrefix(text, cmd))
|
return strings.TrimSpace(strings.TrimPrefix(text, cmd))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// handleUpdate is the default-handler dispatcher: a chat-member change in the
|
||||||
|
// moderated chat drives the write-access gate; anything else is treated as a message
|
||||||
|
// and gets the Mini App launch reply.
|
||||||
|
func (t *Bot) handleUpdate(ctx context.Context, api *tgbot.Bot, update *models.Update) {
|
||||||
|
if update.ChatMember != nil {
|
||||||
|
t.handleChatMember(ctx, update.ChatMember)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
t.handleStart(ctx, api, update)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetEligibilityResolver wires the chat-eligibility resolver after construction (the
|
||||||
|
// bot-link client backing it is built after the bot).
|
||||||
|
func (t *Bot) SetEligibilityResolver(resolve EligibilityResolver) {
|
||||||
|
t.eligibility = resolve
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleChatMember grants write access to a user who joins the moderated chat when
|
||||||
|
// they are registered and not blocked. A non-eligible joiner is left muted (the chat
|
||||||
|
// defaults to no-send), and a resolve failure fails closed (also left muted). Other
|
||||||
|
// status changes (leaves, restrictions, admin edits) are ignored.
|
||||||
|
func (t *Bot) handleChatMember(ctx context.Context, cm *models.ChatMemberUpdated) {
|
||||||
|
if t.chatID == 0 || cm.Chat.ID != t.chatID {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// Only a transition into plain membership is a join to evaluate.
|
||||||
|
if cm.NewChatMember.Type != models.ChatMemberTypeMember || cm.OldChatMember.Type == models.ChatMemberTypeMember {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
user := chatMemberUser(cm.NewChatMember)
|
||||||
|
if user == nil || user.IsBot {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if t.eligibility == nil {
|
||||||
|
return // resolver not wired: leave muted (fail closed)
|
||||||
|
}
|
||||||
|
eligible, err := t.eligibility(ctx, strconv.FormatInt(user.ID, 10))
|
||||||
|
if err != nil {
|
||||||
|
t.log.Warn("chat join eligibility failed", zap.Int64("user_id", user.ID), zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if !eligible {
|
||||||
|
return // not registered or blocked: leave muted
|
||||||
|
}
|
||||||
|
if err := t.setChatWrite(ctx, user.ID, true); err != nil {
|
||||||
|
t.log.Warn("grant chat write failed", zap.Int64("user_id", user.ID), zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ApplyChatGate applies a chat-gate command (an admin block/unblock or chat_muted
|
||||||
|
// change relayed by the gateway): it sets the user's write access, but only when they
|
||||||
|
// are currently in the chat. Bots cannot list members, so it probes the single user
|
||||||
|
// with getChatMember and is a no-op when they are absent (left/kicked) or an
|
||||||
|
// administrator (who cannot be restricted). It reports whether a restriction was
|
||||||
|
// applied.
|
||||||
|
func (t *Bot) ApplyChatGate(ctx context.Context, userID int64, allow bool) (bool, error) {
|
||||||
|
if t.chatID == 0 {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
member, err := t.api.GetChatMember(ctx, &tgbot.GetChatMemberParams{ChatID: t.chatID, UserID: userID})
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
switch member.Type {
|
||||||
|
case models.ChatMemberTypeMember, models.ChatMemberTypeRestricted:
|
||||||
|
if err := t.setChatWrite(ctx, userID, allow); err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
return true, nil
|
||||||
|
default:
|
||||||
|
return false, nil // absent, or an admin/owner who cannot be restricted
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// setChatWrite restricts the user in the moderated chat to either the full send
|
||||||
|
// permission set (allow) or none (mute); the non-send permissions stay at their
|
||||||
|
// default-deny either way.
|
||||||
|
func (t *Bot) setChatWrite(ctx context.Context, userID int64, allow bool) error {
|
||||||
|
perms := models.ChatPermissions{}
|
||||||
|
if allow {
|
||||||
|
perms = chatWritePerms()
|
||||||
|
}
|
||||||
|
_, err := t.api.RestrictChatMember(ctx, &tgbot.RestrictChatMemberParams{
|
||||||
|
ChatID: t.chatID,
|
||||||
|
UserID: userID,
|
||||||
|
Permissions: &perms,
|
||||||
|
})
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// chatWritePerms grants a member the ability to send every kind of message; the
|
||||||
|
// non-send permissions stay denied.
|
||||||
|
func chatWritePerms() models.ChatPermissions {
|
||||||
|
return models.ChatPermissions{
|
||||||
|
CanSendMessages: true,
|
||||||
|
CanSendAudios: true,
|
||||||
|
CanSendDocuments: true,
|
||||||
|
CanSendPhotos: true,
|
||||||
|
CanSendVideos: true,
|
||||||
|
CanSendVideoNotes: true,
|
||||||
|
CanSendVoiceNotes: true,
|
||||||
|
CanSendPolls: true,
|
||||||
|
CanSendOtherMessages: true,
|
||||||
|
CanAddWebPagePreviews: true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// chatMemberUser returns the user a ChatMember refers to across the union variants,
|
||||||
|
// or nil for an unrecognised type.
|
||||||
|
func chatMemberUser(m models.ChatMember) *models.User {
|
||||||
|
switch m.Type {
|
||||||
|
case models.ChatMemberTypeOwner:
|
||||||
|
return m.Owner.User
|
||||||
|
case models.ChatMemberTypeAdministrator:
|
||||||
|
return &m.Administrator.User
|
||||||
|
case models.ChatMemberTypeMember:
|
||||||
|
return m.Member.User
|
||||||
|
case models.ChatMemberTypeRestricted:
|
||||||
|
return m.Restricted.User
|
||||||
|
case models.ChatMemberTypeLeft:
|
||||||
|
return m.Left.User
|
||||||
|
case models.ChatMemberTypeBanned:
|
||||||
|
return m.Banned.User
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,165 @@
|
|||||||
|
package bot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/go-telegram/bot/models"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
)
|
||||||
|
|
||||||
|
const testChatID = 555
|
||||||
|
|
||||||
|
// chatAPI is a fake Bot API for the chat-gating tests: it answers getMe, returns a
|
||||||
|
// scripted getChatMember status, and records restrictChatMember calls.
|
||||||
|
type chatAPI struct {
|
||||||
|
memberStatus string // the status getChatMember reports (default "left")
|
||||||
|
restricts []restrictCall
|
||||||
|
}
|
||||||
|
|
||||||
|
type restrictCall struct {
|
||||||
|
userID string
|
||||||
|
canSend bool // can_send_messages in the applied permissions
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *chatAPI) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
switch {
|
||||||
|
case strings.HasSuffix(r.URL.Path, "/getMe"):
|
||||||
|
io.WriteString(w, `{"ok":true,"result":{"id":1,"is_bot":true,"first_name":"t","username":"tb"}}`)
|
||||||
|
case strings.HasSuffix(r.URL.Path, "/getChatMember"):
|
||||||
|
status := a.memberStatus
|
||||||
|
if status == "" {
|
||||||
|
status = "left"
|
||||||
|
}
|
||||||
|
io.WriteString(w, `{"ok":true,"result":{"status":"`+status+`","user":{"id":`+r.FormValue("user_id")+`,"is_bot":false,"first_name":"u"}}}`)
|
||||||
|
case strings.HasSuffix(r.URL.Path, "/restrictChatMember"):
|
||||||
|
var perms struct {
|
||||||
|
CanSendMessages bool `json:"can_send_messages"`
|
||||||
|
}
|
||||||
|
_ = json.Unmarshal([]byte(r.FormValue("permissions")), &perms)
|
||||||
|
a.restricts = append(a.restricts, restrictCall{userID: r.FormValue("user_id"), canSend: perms.CanSendMessages})
|
||||||
|
io.WriteString(w, `{"ok":true,"result":true}`)
|
||||||
|
default:
|
||||||
|
io.WriteString(w, `{"ok":true,"result":true}`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// newChatBot builds a gating bot (ChatID set) over the fake API, without an
|
||||||
|
// eligibility resolver — each test wires the one it needs.
|
||||||
|
func newChatBot(t *testing.T, api *chatAPI) *Bot {
|
||||||
|
t.Helper()
|
||||||
|
srv := httptest.NewServer(api)
|
||||||
|
t.Cleanup(srv.Close)
|
||||||
|
b, err := New(Config{Token: "123:ABC", APIBaseURL: srv.URL, MiniAppURL: "https://example.com/", ChatID: testChatID}, zap.NewNop())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("new bot: %v", err)
|
||||||
|
}
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
// chatMemberUpdate builds a status transition oldType -> member for userID in chatID.
|
||||||
|
func chatMemberUpdate(chatID, userID int64, oldType models.ChatMemberType) *models.ChatMemberUpdated {
|
||||||
|
return &models.ChatMemberUpdated{
|
||||||
|
Chat: models.Chat{ID: chatID},
|
||||||
|
OldChatMember: models.ChatMember{Type: oldType, Left: &models.ChatMemberLeft{User: &models.User{ID: userID}}},
|
||||||
|
NewChatMember: models.ChatMember{Type: models.ChatMemberTypeMember, Member: &models.ChatMemberMember{User: &models.User{ID: userID}}},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHandleChatMemberGrantsEligibleJoin(t *testing.T) {
|
||||||
|
api := &chatAPI{}
|
||||||
|
b := newChatBot(t, api)
|
||||||
|
b.SetEligibilityResolver(func(context.Context, string) (bool, error) { return true, nil })
|
||||||
|
|
||||||
|
b.handleChatMember(context.Background(), chatMemberUpdate(testChatID, 777, models.ChatMemberTypeLeft))
|
||||||
|
|
||||||
|
if len(api.restricts) != 1 || api.restricts[0].userID != "777" || !api.restricts[0].canSend {
|
||||||
|
t.Fatalf("restricts = %+v, want one grant (can_send=true) for 777", api.restricts)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHandleChatMemberSkipsIneligibleJoin(t *testing.T) {
|
||||||
|
api := &chatAPI{}
|
||||||
|
b := newChatBot(t, api)
|
||||||
|
b.SetEligibilityResolver(func(context.Context, string) (bool, error) { return false, nil })
|
||||||
|
|
||||||
|
b.handleChatMember(context.Background(), chatMemberUpdate(testChatID, 777, models.ChatMemberTypeLeft))
|
||||||
|
|
||||||
|
if len(api.restricts) != 0 {
|
||||||
|
t.Fatalf("an ineligible joiner was restricted: %+v (want left muted, no call)", api.restricts)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHandleChatMemberFailsClosedOnResolveError(t *testing.T) {
|
||||||
|
api := &chatAPI{}
|
||||||
|
b := newChatBot(t, api)
|
||||||
|
b.SetEligibilityResolver(func(context.Context, string) (bool, error) { return true, context.DeadlineExceeded })
|
||||||
|
|
||||||
|
b.handleChatMember(context.Background(), chatMemberUpdate(testChatID, 777, models.ChatMemberTypeLeft))
|
||||||
|
|
||||||
|
if len(api.restricts) != 0 {
|
||||||
|
t.Fatalf("a resolve error still granted write: %+v (want fail-closed)", api.restricts)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHandleChatMemberIgnoresOtherChatAndNonJoins(t *testing.T) {
|
||||||
|
api := &chatAPI{}
|
||||||
|
b := newChatBot(t, api)
|
||||||
|
b.SetEligibilityResolver(func(context.Context, string) (bool, error) { return true, nil })
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
// A different chat is ignored.
|
||||||
|
b.handleChatMember(ctx, chatMemberUpdate(999, 777, models.ChatMemberTypeLeft))
|
||||||
|
// A non-join transition (already a member) is ignored.
|
||||||
|
b.handleChatMember(ctx, chatMemberUpdate(testChatID, 777, models.ChatMemberTypeMember))
|
||||||
|
|
||||||
|
if len(api.restricts) != 0 {
|
||||||
|
t.Fatalf("restricts = %+v, want none for a foreign chat / non-join", api.restricts)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestApplyChatGatePresentMember(t *testing.T) {
|
||||||
|
for _, tc := range []struct {
|
||||||
|
name string
|
||||||
|
allow bool
|
||||||
|
}{{"grant", true}, {"mute", false}} {
|
||||||
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
|
api := &chatAPI{memberStatus: "member"}
|
||||||
|
b := newChatBot(t, api)
|
||||||
|
applied, err := b.ApplyChatGate(context.Background(), 777, tc.allow)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("apply: %v", err)
|
||||||
|
}
|
||||||
|
if !applied {
|
||||||
|
t.Fatal("applied = false, want true for a present member")
|
||||||
|
}
|
||||||
|
if len(api.restricts) != 1 || api.restricts[0].canSend != tc.allow {
|
||||||
|
t.Fatalf("restricts = %+v, want one with can_send=%v", api.restricts, tc.allow)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestApplyChatGateSkipsAbsentAndAdmin(t *testing.T) {
|
||||||
|
for _, status := range []string{"left", "kicked", "administrator", "creator"} {
|
||||||
|
t.Run(status, func(t *testing.T) {
|
||||||
|
api := &chatAPI{memberStatus: status}
|
||||||
|
b := newChatBot(t, api)
|
||||||
|
applied, err := b.ApplyChatGate(context.Background(), 777, false)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("apply: %v", err)
|
||||||
|
}
|
||||||
|
if applied {
|
||||||
|
t.Errorf("applied = true for status %q, want a no-op", status)
|
||||||
|
}
|
||||||
|
if len(api.restricts) != 0 {
|
||||||
|
t.Errorf("restricts = %+v for status %q, want none", api.restricts, status)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -37,27 +37,25 @@ type ClientConfig struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Client maintains the long-lived bot-link to the gateway, executing the commands
|
// Client maintains the long-lived bot-link to the gateway, executing the commands
|
||||||
// it receives and re-dialing after any break.
|
// it receives and re-dialing after any break. The same mTLS connection also serves
|
||||||
|
// the unary chat-eligibility query the bot makes on a chat join.
|
||||||
type Client struct {
|
type Client struct {
|
||||||
cfg ClientConfig
|
cfg ClientConfig
|
||||||
exec *Executor
|
exec *Executor
|
||||||
log *zap.Logger
|
log *zap.Logger
|
||||||
|
conn *grpc.ClientConn
|
||||||
|
client botlinkv1.BotLinkClient
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewClient builds the bot-link client over the executor.
|
// NewClient builds the bot-link client over the executor, dialing the gateway. The
|
||||||
func NewClient(cfg ClientConfig, exec *Executor, log *zap.Logger) *Client {
|
// gRPC connection is lazy, so the dial does not block on the gateway being up; the
|
||||||
|
// caller must Close it. The bot-link command stream is opened by Run.
|
||||||
|
func NewClient(cfg ClientConfig, exec *Executor, log *zap.Logger) (*Client, error) {
|
||||||
if log == nil {
|
if log == nil {
|
||||||
log = zap.NewNop()
|
log = zap.NewNop()
|
||||||
}
|
}
|
||||||
return &Client{cfg: cfg, exec: exec, log: log}
|
conn, err := grpc.NewClient(cfg.GatewayAddr,
|
||||||
}
|
grpc.WithTransportCredentials(cfg.Creds),
|
||||||
|
|
||||||
// Run dials the gateway and keeps the bot-link open, re-dialing after each break,
|
|
||||||
// until ctx is cancelled. The gRPC connection auto-reconnects the transport; this
|
|
||||||
// loop re-opens the Link stream on top of it.
|
|
||||||
func (c *Client) Run(ctx context.Context) error {
|
|
||||||
conn, err := grpc.NewClient(c.cfg.GatewayAddr,
|
|
||||||
grpc.WithTransportCredentials(c.cfg.Creds),
|
|
||||||
grpc.WithStatsHandler(otelgrpc.NewClientHandler()),
|
grpc.WithStatsHandler(otelgrpc.NewClientHandler()),
|
||||||
grpc.WithKeepaliveParams(keepalive.ClientParameters{
|
grpc.WithKeepaliveParams(keepalive.ClientParameters{
|
||||||
Time: clientKeepaliveTime,
|
Time: clientKeepaliveTime,
|
||||||
@@ -66,13 +64,30 @@ func (c *Client) Run(ctx context.Context) error {
|
|||||||
}),
|
}),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
defer func() { _ = conn.Close() }()
|
return &Client{cfg: cfg, exec: exec, log: log, conn: conn, client: botlinkv1.NewBotLinkClient(conn)}, nil
|
||||||
client := botlinkv1.NewBotLinkClient(conn)
|
}
|
||||||
|
|
||||||
|
// Close releases the bot-link connection.
|
||||||
|
func (c *Client) Close() error { return c.conn.Close() }
|
||||||
|
|
||||||
|
// ResolveChatEligibility asks the gateway whether the Telegram user identified by
|
||||||
|
// externalID may write in the moderated chat. The bot calls it on a chat join, over
|
||||||
|
// the same mTLS connection as the command stream.
|
||||||
|
func (c *Client) ResolveChatEligibility(ctx context.Context, externalID string) (bool, error) {
|
||||||
|
resp, err := c.client.ResolveChatEligibility(ctx, &botlinkv1.ChatEligibilityRequest{ExternalId: externalID})
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
return resp.GetEligible(), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run keeps the bot-link command stream open, re-opening it after each break, until
|
||||||
|
// ctx is cancelled. The gRPC connection auto-reconnects the transport underneath.
|
||||||
|
func (c *Client) Run(ctx context.Context) error {
|
||||||
for ctx.Err() == nil {
|
for ctx.Err() == nil {
|
||||||
if err := c.serve(ctx, client); err != nil && ctx.Err() == nil {
|
if err := c.serve(ctx, c.client); err != nil && ctx.Err() == nil {
|
||||||
c.log.Warn("bot-link stream ended", zap.Error(err))
|
c.log.Warn("bot-link stream ended", zap.Error(err))
|
||||||
}
|
}
|
||||||
if !sleep(ctx, c.cfg.ReconnectDelay) {
|
if !sleep(ctx, c.cfg.ReconnectDelay) {
|
||||||
|
|||||||
@@ -63,12 +63,16 @@ func TestClientServesCommands(t *testing.T) {
|
|||||||
t.Cleanup(srv.Stop)
|
t.Cleanup(srv.Stop)
|
||||||
|
|
||||||
sender := &fakeSender{}
|
sender := &fakeSender{}
|
||||||
client := NewClient(ClientConfig{
|
client, err := NewClient(ClientConfig{
|
||||||
GatewayAddr: lis.Addr().String(),
|
GatewayAddr: lis.Addr().String(),
|
||||||
InstanceID: "test",
|
InstanceID: "test",
|
||||||
Creds: insecure.NewCredentials(),
|
Creds: insecure.NewCredentials(),
|
||||||
ReconnectDelay: 50 * time.Millisecond,
|
ReconnectDelay: 50 * time.Millisecond,
|
||||||
}, NewExecutor(sender, 0, nil), nil)
|
}, NewExecutor(sender, 0, nil), nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("new client: %v", err)
|
||||||
|
}
|
||||||
|
t.Cleanup(func() { _ = client.Close() })
|
||||||
|
|
||||||
go func() { _ = client.Run(t.Context()) }()
|
go func() { _ = client.Run(t.Context()) }()
|
||||||
|
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ type Sender interface {
|
|||||||
Notify(ctx context.Context, chatID int64, text, buttonText, startParam string) error
|
Notify(ctx context.Context, chatID int64, text, buttonText, startParam string) error
|
||||||
// SendText sends a plain text message to chatID.
|
// SendText sends a plain text message to chatID.
|
||||||
SendText(ctx context.Context, chatID int64, text string) error
|
SendText(ctx context.Context, chatID int64, text string) error
|
||||||
|
// ApplyChatGate sets the Telegram user's write access in the moderated discussion
|
||||||
|
// chat, but only when they are currently in it; it reports whether a restriction
|
||||||
|
// was applied.
|
||||||
|
ApplyChatGate(ctx context.Context, userID int64, allow bool) (bool, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Executor turns a bot-link Command into a Bot API send. The delivered flag mirrors
|
// Executor turns a bot-link Command into a Bot API send. The delivered flag mirrors
|
||||||
@@ -53,11 +57,30 @@ func (e *Executor) Handle(ctx context.Context, cmd *botlinkv1.Command) (bool, er
|
|||||||
return e.sendToUser(ctx, p.SendToUser)
|
return e.sendToUser(ctx, p.SendToUser)
|
||||||
case *botlinkv1.Command_SendToChannel:
|
case *botlinkv1.Command_SendToChannel:
|
||||||
return e.sendToChannel(ctx, p.SendToChannel)
|
return e.sendToChannel(ctx, p.SendToChannel)
|
||||||
|
case *botlinkv1.Command_ChatGate:
|
||||||
|
return e.chatGate(ctx, p.ChatGate)
|
||||||
default:
|
default:
|
||||||
return false, fmt.Errorf("botlink: empty command")
|
return false, fmt.Errorf("botlink: empty command")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// chatGate applies a chat-gate command: it parses the target Telegram user id and
|
||||||
|
// sets their write access in the moderated chat (a no-op when they are not in it). A
|
||||||
|
// Bot API failure is logged and reported as not-delivered, not a hard error.
|
||||||
|
func (e *Executor) chatGate(ctx context.Context, req *botlinkv1.ChatGateCommand) (bool, error) {
|
||||||
|
userID, err := parseChatID(req.GetExternalId())
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
applied, err := e.sender.ApplyChatGate(ctx, userID, req.GetAllow())
|
||||||
|
if err != nil {
|
||||||
|
e.log.Warn("chat gate apply failed",
|
||||||
|
zap.String("external_id", req.GetExternalId()), zap.Bool("allow", req.GetAllow()), zap.Error(err))
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
return applied, nil
|
||||||
|
}
|
||||||
|
|
||||||
// notify renders an out-of-app push and sends it with a Mini App launch button.
|
// notify renders an out-of-app push and sends it with a Mini App launch button.
|
||||||
func (e *Executor) notify(ctx context.Context, req *telegramv1.NotifyRequest) (bool, error) {
|
func (e *Executor) notify(ctx context.Context, req *telegramv1.NotifyRequest) (bool, error) {
|
||||||
msg, ok := render.Render(req.GetKind(), req.GetPayload(), req.GetLanguage())
|
msg, ok := render.Render(req.GetKind(), req.GetPayload(), req.GetLanguage())
|
||||||
|
|||||||
@@ -13,9 +13,11 @@ import (
|
|||||||
|
|
||||||
// fakeSender records the delivery calls the executor makes.
|
// fakeSender records the delivery calls the executor makes.
|
||||||
type fakeSender struct {
|
type fakeSender struct {
|
||||||
notify []notifyCall
|
notify []notifyCall
|
||||||
text []textCall
|
text []textCall
|
||||||
err error
|
gate []gateCall
|
||||||
|
applied bool // ApplyChatGate's reported result
|
||||||
|
err error
|
||||||
}
|
}
|
||||||
|
|
||||||
type notifyCall struct {
|
type notifyCall struct {
|
||||||
@@ -26,6 +28,10 @@ type textCall struct {
|
|||||||
chatID int64
|
chatID int64
|
||||||
text string
|
text string
|
||||||
}
|
}
|
||||||
|
type gateCall struct {
|
||||||
|
userID int64
|
||||||
|
allow bool
|
||||||
|
}
|
||||||
|
|
||||||
func (f *fakeSender) Notify(_ context.Context, chatID int64, text, buttonText, startParam string) error {
|
func (f *fakeSender) Notify(_ context.Context, chatID int64, text, buttonText, startParam string) error {
|
||||||
f.notify = append(f.notify, notifyCall{chatID, text, buttonText, startParam})
|
f.notify = append(f.notify, notifyCall{chatID, text, buttonText, startParam})
|
||||||
@@ -37,6 +43,11 @@ func (f *fakeSender) SendText(_ context.Context, chatID int64, text string) erro
|
|||||||
return f.err
|
return f.err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (f *fakeSender) ApplyChatGate(_ context.Context, userID int64, allow bool) (bool, error) {
|
||||||
|
f.gate = append(f.gate, gateCall{userID, allow})
|
||||||
|
return f.applied, f.err
|
||||||
|
}
|
||||||
|
|
||||||
func yourTurnPayload(gameID string) []byte {
|
func yourTurnPayload(gameID string) []byte {
|
||||||
b := flatbuffers.NewBuilder(0)
|
b := flatbuffers.NewBuilder(0)
|
||||||
gid := b.CreateString(gameID)
|
gid := b.CreateString(gameID)
|
||||||
@@ -106,6 +117,46 @@ func TestExecutorSendToUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func chatGateCmd(externalID string, allow bool) *botlinkv1.Command {
|
||||||
|
return &botlinkv1.Command{Payload: &botlinkv1.Command_ChatGate{ChatGate: &botlinkv1.ChatGateCommand{
|
||||||
|
ExternalId: externalID, Allow: allow,
|
||||||
|
}}}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestExecutorChatGateApplied(t *testing.T) {
|
||||||
|
sender := &fakeSender{applied: true}
|
||||||
|
exec := NewExecutor(sender, 0, nil)
|
||||||
|
delivered, err := exec.Handle(context.Background(), chatGateCmd("777", true))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("handle: %v", err)
|
||||||
|
}
|
||||||
|
if !delivered || len(sender.gate) != 1 || sender.gate[0].userID != 777 || !sender.gate[0].allow {
|
||||||
|
t.Errorf("chat gate = %v / calls %+v", delivered, sender.gate)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestExecutorChatGateNotInChat(t *testing.T) {
|
||||||
|
sender := &fakeSender{applied: false} // user not in the chat
|
||||||
|
exec := NewExecutor(sender, 0, nil)
|
||||||
|
delivered, err := exec.Handle(context.Background(), chatGateCmd("888", false))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("handle: %v", err)
|
||||||
|
}
|
||||||
|
if delivered {
|
||||||
|
t.Error("expected delivered=false when the user is not in the chat")
|
||||||
|
}
|
||||||
|
if len(sender.gate) != 1 {
|
||||||
|
t.Errorf("gate calls = %d, want 1", len(sender.gate))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestExecutorChatGateInvalidExternalID(t *testing.T) {
|
||||||
|
exec := NewExecutor(&fakeSender{}, 0, nil)
|
||||||
|
if _, err := exec.Handle(context.Background(), chatGateCmd("not-a-number", true)); err == nil {
|
||||||
|
t.Error("expected an error for a non-numeric external_id")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestExecutorSendToChannel(t *testing.T) {
|
func TestExecutorSendToChannel(t *testing.T) {
|
||||||
channelCmd := &botlinkv1.Command{Payload: &botlinkv1.Command_SendToChannel{SendToChannel: &telegramv1.SendToGameChannelRequest{Text: "news"}}}
|
channelCmd := &botlinkv1.Command{Payload: &botlinkv1.Command_SendToChannel{SendToChannel: &telegramv1.SendToGameChannelRequest{Text: "news"}}}
|
||||||
|
|
||||||
|
|||||||
@@ -37,6 +37,24 @@ type BotConfig struct {
|
|||||||
// GameChannelID is the chat id of the bot's game channel for the admin channel
|
// GameChannelID is the chat id of the bot's game channel for the admin channel
|
||||||
// post (TELEGRAM_GAME_CHANNEL_ID, optional; 0 disables channel posts).
|
// post (TELEGRAM_GAME_CHANNEL_ID, optional; 0 disables channel posts).
|
||||||
GameChannelID int64
|
GameChannelID int64
|
||||||
|
// ChatID is the chat id of the moderated discussion supergroup (a channel's linked
|
||||||
|
// chat) whose write access the bot gates by registration and moderation
|
||||||
|
// (TELEGRAM_CHAT_ID, optional; 0 disables chat gating). The bot must be an admin
|
||||||
|
// there with the "Ban users" right, and "chat_member" in its allowed updates.
|
||||||
|
ChatID int64
|
||||||
|
// PromoBotToken is the API token of the optional standalone promo bot run in this
|
||||||
|
// container — a second bot whose only job is to answer /start with a button that
|
||||||
|
// opens the main bot's Mini App (TELEGRAM_PROMO_BOT_TOKEN, optional; empty disables
|
||||||
|
// the promo bot).
|
||||||
|
PromoBotToken string
|
||||||
|
// BotUsername is the main bot's @username without the leading @, used in the promo
|
||||||
|
// bot's message text (TELEGRAM_BOT_USERNAME; required when the promo bot runs).
|
||||||
|
BotUsername string
|
||||||
|
// BotLinkURL is the main bot's Mini App direct link — the same value the UI builds
|
||||||
|
// share links from (VITE_TELEGRAM_LINK), e.g. https://t.me/<bot>/<app>. The promo
|
||||||
|
// button appends ?startapp=<payload> to it (TELEGRAM_BOT_LINK; required when the
|
||||||
|
// promo bot runs). It is distinct from the BotLink mTLS dial config below.
|
||||||
|
BotLinkURL string
|
||||||
// MiniAppURL is the HTTPS origin of the Mini App registered with BotFather; it is
|
// MiniAppURL is the HTTPS origin of the Mini App registered with BotFather; it is
|
||||||
// the base of every launch button (TELEGRAM_MINIAPP_URL, required).
|
// the base of every launch button (TELEGRAM_MINIAPP_URL, required).
|
||||||
MiniAppURL string
|
MiniAppURL string
|
||||||
@@ -114,6 +132,9 @@ func LoadBot() (BotConfig, error) {
|
|||||||
TestEnv: os.Getenv("TELEGRAM_TEST_ENV") == "true",
|
TestEnv: os.Getenv("TELEGRAM_TEST_ENV") == "true",
|
||||||
OwnsUpdates: os.Getenv("TELEGRAM_OWNS_UPDATES") != "false",
|
OwnsUpdates: os.Getenv("TELEGRAM_OWNS_UPDATES") != "false",
|
||||||
SendRatePerSecond: defaultSendRatePerSecond,
|
SendRatePerSecond: defaultSendRatePerSecond,
|
||||||
|
PromoBotToken: os.Getenv("TELEGRAM_PROMO_BOT_TOKEN"),
|
||||||
|
BotUsername: strings.TrimPrefix(os.Getenv("TELEGRAM_BOT_USERNAME"), "@"),
|
||||||
|
BotLinkURL: os.Getenv("TELEGRAM_BOT_LINK"),
|
||||||
LogLevel: envOr("TELEGRAM_LOG_LEVEL", "info"),
|
LogLevel: envOr("TELEGRAM_LOG_LEVEL", "info"),
|
||||||
BotLink: BotLinkClientConfig{
|
BotLink: BotLinkClientConfig{
|
||||||
GatewayAddr: os.Getenv("TELEGRAM_GATEWAY_ADDR"),
|
GatewayAddr: os.Getenv("TELEGRAM_GATEWAY_ADDR"),
|
||||||
@@ -128,6 +149,9 @@ func LoadBot() (BotConfig, error) {
|
|||||||
if cfg.GameChannelID, err = envInt64("TELEGRAM_GAME_CHANNEL_ID", 0); err != nil {
|
if cfg.GameChannelID, err = envInt64("TELEGRAM_GAME_CHANNEL_ID", 0); err != nil {
|
||||||
return BotConfig{}, err
|
return BotConfig{}, err
|
||||||
}
|
}
|
||||||
|
if cfg.ChatID, err = envInt64("TELEGRAM_CHAT_ID", 0); err != nil {
|
||||||
|
return BotConfig{}, err
|
||||||
|
}
|
||||||
if cfg.SendRatePerSecond, err = envInt("TELEGRAM_SEND_RATE_PER_SECOND", defaultSendRatePerSecond); err != nil {
|
if cfg.SendRatePerSecond, err = envInt("TELEGRAM_SEND_RATE_PER_SECOND", defaultSendRatePerSecond); err != nil {
|
||||||
return BotConfig{}, err
|
return BotConfig{}, err
|
||||||
}
|
}
|
||||||
@@ -155,6 +179,9 @@ func LoadBot() (BotConfig, error) {
|
|||||||
if cfg.BotLink.CertFile == "" || cfg.BotLink.KeyFile == "" || cfg.BotLink.CAFile == "" {
|
if cfg.BotLink.CertFile == "" || cfg.BotLink.KeyFile == "" || cfg.BotLink.CAFile == "" {
|
||||||
return BotConfig{}, fmt.Errorf("config: TELEGRAM_BOTLINK_TLS_CERT, _KEY and _CA are required")
|
return BotConfig{}, fmt.Errorf("config: TELEGRAM_BOTLINK_TLS_CERT, _KEY and _CA are required")
|
||||||
}
|
}
|
||||||
|
if cfg.PromoBotToken != "" && (cfg.BotUsername == "" || cfg.BotLinkURL == "") {
|
||||||
|
return BotConfig{}, fmt.Errorf("config: TELEGRAM_BOT_USERNAME and TELEGRAM_BOT_LINK are required when TELEGRAM_PROMO_BOT_TOKEN is set")
|
||||||
|
}
|
||||||
return cfg, nil
|
return cfg, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -103,6 +103,54 @@ func TestLoadBotRequired(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestLoadBotChatAndPromo verifies the moderated-chat id and the promo-bot
|
||||||
|
// configuration parse, the @-prefix is stripped from the username, and a promo token
|
||||||
|
// without a username/link is rejected.
|
||||||
|
func TestLoadBotChatAndPromo(t *testing.T) {
|
||||||
|
t.Run("parsed", func(t *testing.T) {
|
||||||
|
setBotRequired(t)
|
||||||
|
t.Setenv("TELEGRAM_CHAT_ID", "-100222")
|
||||||
|
t.Setenv("TELEGRAM_PROMO_BOT_TOKEN", "promo-token")
|
||||||
|
t.Setenv("TELEGRAM_BOT_USERNAME", "@ScrabbleBot")
|
||||||
|
t.Setenv("TELEGRAM_BOT_LINK", "https://t.me/ScrabbleBot/app")
|
||||||
|
c, err := LoadBot()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("LoadBot: %v", err)
|
||||||
|
}
|
||||||
|
if c.ChatID != -100222 {
|
||||||
|
t.Errorf("ChatID = %d, want -100222", c.ChatID)
|
||||||
|
}
|
||||||
|
if c.PromoBotToken != "promo-token" {
|
||||||
|
t.Errorf("PromoBotToken = %q", c.PromoBotToken)
|
||||||
|
}
|
||||||
|
if c.BotUsername != "ScrabbleBot" {
|
||||||
|
t.Errorf("BotUsername = %q, want the leading @ stripped", c.BotUsername)
|
||||||
|
}
|
||||||
|
if c.BotLinkURL != "https://t.me/ScrabbleBot/app" {
|
||||||
|
t.Errorf("BotLinkURL = %q", c.BotLinkURL)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("promo token requires username and link", func(t *testing.T) {
|
||||||
|
setBotRequired(t)
|
||||||
|
t.Setenv("TELEGRAM_PROMO_BOT_TOKEN", "promo-token")
|
||||||
|
if _, err := LoadBot(); err == nil {
|
||||||
|
t.Fatal("LoadBot: expected an error for a promo token without username/link")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("disabled by default", func(t *testing.T) {
|
||||||
|
setBotRequired(t)
|
||||||
|
c, err := LoadBot()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("LoadBot: %v", err)
|
||||||
|
}
|
||||||
|
if c.PromoBotToken != "" || c.ChatID != 0 {
|
||||||
|
t.Errorf("defaults: promo=%q chat=%d, want empty/0", c.PromoBotToken, c.ChatID)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
// TestLoadRejectsUnsupportedExporter verifies an exporter outside the supported set
|
// TestLoadRejectsUnsupportedExporter verifies an exporter outside the supported set
|
||||||
// fails validation (the validator path).
|
// fails validation (the validator path).
|
||||||
func TestLoadRejectsUnsupportedExporter(t *testing.T) {
|
func TestLoadRejectsUnsupportedExporter(t *testing.T) {
|
||||||
|
|||||||
@@ -0,0 +1,164 @@
|
|||||||
|
// Package promobot is the standalone promo bot: a second Telegram bot in the bot
|
||||||
|
// container whose only job is to answer /start with a localized message and a button
|
||||||
|
// that opens the MAIN bot's Mini App. It is self-contained — it never calls the
|
||||||
|
// gateway or the game — so onboarding works even when the game is down. The button is
|
||||||
|
// a URL to the main bot's direct Mini App link: a web_app button would launch the Mini
|
||||||
|
// App under the promo bot's identity (its token would sign the initData), which the
|
||||||
|
// main bot's validator would reject, so the cross-bot launch must be a t.me link. It
|
||||||
|
// reuses the same link the UI builds invitation links from (VITE_TELEGRAM_LINK).
|
||||||
|
package promobot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
tgbot "github.com/go-telegram/bot"
|
||||||
|
"github.com/go-telegram/bot/models"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
"golang.org/x/time/rate"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Config configures the promo bot.
|
||||||
|
type Config struct {
|
||||||
|
// Token is the promo bot's Bot API token.
|
||||||
|
Token string
|
||||||
|
// APIBaseURL overrides the Bot API host ("" uses https://api.telegram.org).
|
||||||
|
APIBaseURL string
|
||||||
|
// TestEnv routes requests to the Bot API test environment.
|
||||||
|
TestEnv bool
|
||||||
|
// BotUsername is the main bot's @username without the leading @, named in the
|
||||||
|
// message text.
|
||||||
|
BotUsername string
|
||||||
|
// BotLinkURL is the main bot's Mini App direct link; the button appends
|
||||||
|
// ?startapp=<payload> to it.
|
||||||
|
BotLinkURL string
|
||||||
|
// SendRatePerSecond caps outbound sends to respect the Bot API flood limits; 0
|
||||||
|
// disables the limiter. The burst equals the per-second rate.
|
||||||
|
SendRatePerSecond int
|
||||||
|
}
|
||||||
|
|
||||||
|
// Bot is the promo bot wrapper around a Telegram Bot API client.
|
||||||
|
type Bot struct {
|
||||||
|
api *tgbot.Bot
|
||||||
|
username string
|
||||||
|
linkURL string
|
||||||
|
log *zap.Logger
|
||||||
|
limiter *rate.Limiter
|
||||||
|
}
|
||||||
|
|
||||||
|
// New builds the promo bot, registering a /start (and default) handler that replies
|
||||||
|
// with the launch button. It does not start polling; call Run for that.
|
||||||
|
func New(cfg Config, log *zap.Logger) (*Bot, error) {
|
||||||
|
if log == nil {
|
||||||
|
log = zap.NewNop()
|
||||||
|
}
|
||||||
|
t := &Bot{username: cfg.BotUsername, linkURL: cfg.BotLinkURL, log: log}
|
||||||
|
if cfg.SendRatePerSecond > 0 {
|
||||||
|
t.limiter = rate.NewLimiter(rate.Limit(cfg.SendRatePerSecond), cfg.SendRatePerSecond)
|
||||||
|
}
|
||||||
|
opts := []tgbot.Option{
|
||||||
|
tgbot.WithDefaultHandler(t.handleStart),
|
||||||
|
tgbot.WithMessageTextHandler("/start", tgbot.MatchTypePrefix, t.handleStart),
|
||||||
|
}
|
||||||
|
if cfg.TestEnv {
|
||||||
|
opts = append(opts, tgbot.UseTestEnvironment())
|
||||||
|
}
|
||||||
|
if cfg.APIBaseURL != "" {
|
||||||
|
opts = append(opts, tgbot.WithServerURL(cfg.APIBaseURL))
|
||||||
|
}
|
||||||
|
api, err := tgbot.New(cfg.Token, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
t.api = api
|
||||||
|
return t, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run sets the bot command, then blocks on the long-poll update loop until ctx is
|
||||||
|
// cancelled.
|
||||||
|
func (t *Bot) Run(ctx context.Context) {
|
||||||
|
if _, err := t.api.SetMyCommands(ctx, &tgbot.SetMyCommandsParams{
|
||||||
|
Commands: []models.BotCommand{{Command: "start", Description: "Open Scrabble"}},
|
||||||
|
}); err != nil {
|
||||||
|
t.log.Warn("promo: set commands failed", zap.Error(err))
|
||||||
|
}
|
||||||
|
t.api.Start(ctx)
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleStart replies to any message (typically /start) with the localized promo text
|
||||||
|
// and a button that opens the main bot's Mini App, forwarding any /start payload.
|
||||||
|
func (t *Bot) handleStart(ctx context.Context, api *tgbot.Bot, update *models.Update) {
|
||||||
|
if update.Message == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := t.throttle(ctx); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
lang := ""
|
||||||
|
if update.Message.From != nil {
|
||||||
|
lang = update.Message.From.LanguageCode
|
||||||
|
}
|
||||||
|
text, button := promoText(lang, t.username)
|
||||||
|
if _, err := api.SendMessage(ctx, &tgbot.SendMessageParams{
|
||||||
|
ChatID: update.Message.Chat.ID,
|
||||||
|
Text: text,
|
||||||
|
ReplyMarkup: t.launchMarkup(button, startPayload(update.Message.Text)),
|
||||||
|
}); err != nil {
|
||||||
|
t.log.Warn("promo: reply to start failed", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// launchMarkup builds the single URL button that opens the main bot's Mini App at the
|
||||||
|
// optional startapp payload.
|
||||||
|
func (t *Bot) launchMarkup(buttonText, startParam string) *models.InlineKeyboardMarkup {
|
||||||
|
return &models.InlineKeyboardMarkup{
|
||||||
|
InlineKeyboard: [][]models.InlineKeyboardButton{{
|
||||||
|
{Text: buttonText, URL: t.launchURL(startParam)},
|
||||||
|
}},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// launchURL appends the startapp payload to the main bot's Mini App link; an empty
|
||||||
|
// payload returns the base link unchanged.
|
||||||
|
func (t *Bot) launchURL(startParam string) string {
|
||||||
|
if startParam == "" {
|
||||||
|
return t.linkURL
|
||||||
|
}
|
||||||
|
u, err := url.Parse(t.linkURL)
|
||||||
|
if err != nil {
|
||||||
|
return t.linkURL
|
||||||
|
}
|
||||||
|
q := u.Query()
|
||||||
|
q.Set("startapp", startParam)
|
||||||
|
u.RawQuery = q.Encode()
|
||||||
|
return u.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// throttle blocks until the rate limiter admits one send, or ctx is cancelled. It is
|
||||||
|
// a no-op when no limiter is configured.
|
||||||
|
func (t *Bot) throttle(ctx context.Context) error {
|
||||||
|
if t.limiter == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return t.limiter.Wait(ctx)
|
||||||
|
}
|
||||||
|
|
||||||
|
// startPayload extracts the deep-link payload from a "/start <payload>" command; any
|
||||||
|
// other text yields an empty payload (open the lobby).
|
||||||
|
func startPayload(text string) string {
|
||||||
|
const cmd = "/start"
|
||||||
|
if !strings.HasPrefix(text, cmd) {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return strings.TrimSpace(strings.TrimPrefix(text, cmd))
|
||||||
|
}
|
||||||
|
|
||||||
|
// promoText returns the localized message body and button label, naming the main bot
|
||||||
|
// (Russian for a "ru" language code, English otherwise).
|
||||||
|
func promoText(lang, username string) (text, button string) {
|
||||||
|
if strings.HasPrefix(strings.ToLower(lang), "ru") {
|
||||||
|
return "Откройте @" + username + " и выберите в настройках профиля нужный вариант игры.", "🤩 Хочу играть!"
|
||||||
|
}
|
||||||
|
return "Open @" + username + " and choose your game variant in the profile settings.", "🤩 I want to play!"
|
||||||
|
}
|
||||||
@@ -0,0 +1,105 @@
|
|||||||
|
package promobot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/go-telegram/bot/models"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestPromoTextLocalization(t *testing.T) {
|
||||||
|
en, enBtn := promoText("en", "ScrabbleBot")
|
||||||
|
if !strings.Contains(en, "@ScrabbleBot") || !strings.Contains(en, "profile settings") {
|
||||||
|
t.Errorf("en text = %q", en)
|
||||||
|
}
|
||||||
|
if enBtn != "🤩 I want to play!" {
|
||||||
|
t.Errorf("en button = %q", enBtn)
|
||||||
|
}
|
||||||
|
|
||||||
|
ru, ruBtn := promoText("ru-RU", "ScrabbleBot")
|
||||||
|
if !strings.Contains(ru, "@ScrabbleBot") || !strings.Contains(ru, "Откройте") {
|
||||||
|
t.Errorf("ru text = %q", ru)
|
||||||
|
}
|
||||||
|
if ruBtn != "🤩 Хочу играть!" {
|
||||||
|
t.Errorf("ru button = %q", ruBtn)
|
||||||
|
}
|
||||||
|
|
||||||
|
// An unknown language falls back to English.
|
||||||
|
if got, _ := promoText("de", "B"); !strings.Contains(got, "Open @B") {
|
||||||
|
t.Errorf("fallback text = %q, want English", got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLaunchURLAppendsStartapp(t *testing.T) {
|
||||||
|
b := &Bot{linkURL: "https://t.me/bot/app"}
|
||||||
|
if got := b.launchURL(""); got != "https://t.me/bot/app" {
|
||||||
|
t.Errorf("empty payload = %q, want the base link unchanged", got)
|
||||||
|
}
|
||||||
|
if got := b.launchURL("g123"); got != "https://t.me/bot/app?startapp=g123" {
|
||||||
|
t.Errorf("launchURL = %q, want startapp=g123 appended", got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLaunchMarkupIsURLButton(t *testing.T) {
|
||||||
|
b := &Bot{linkURL: "https://t.me/bot/app"}
|
||||||
|
btn := b.launchMarkup("Play", "f99").InlineKeyboard[0][0]
|
||||||
|
if btn.WebApp != nil {
|
||||||
|
t.Error("the promo button must not be a web_app button (it would sign initData with the promo token, which the main bot rejects)")
|
||||||
|
}
|
||||||
|
if !strings.Contains(btn.URL, "startapp=f99") {
|
||||||
|
t.Errorf("button URL = %q, want startapp=f99", btn.URL)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// fakeAPI answers getMe (so New succeeds offline) and records the last sendMessage.
|
||||||
|
type fakeAPI struct {
|
||||||
|
chatID, text, replyMarkup string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (f *fakeAPI) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
switch {
|
||||||
|
case strings.HasSuffix(r.URL.Path, "/getMe"):
|
||||||
|
io.WriteString(w, `{"ok":true,"result":{"id":1,"is_bot":true,"first_name":"t","username":"promo"}}`)
|
||||||
|
case strings.HasSuffix(r.URL.Path, "/sendMessage"):
|
||||||
|
f.chatID = r.FormValue("chat_id")
|
||||||
|
f.text = r.FormValue("text")
|
||||||
|
f.replyMarkup = r.FormValue("reply_markup")
|
||||||
|
io.WriteString(w, `{"ok":true,"result":{"message_id":1}}`)
|
||||||
|
default:
|
||||||
|
io.WriteString(w, `{"ok":true,"result":true}`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHandleStartReplies(t *testing.T) {
|
||||||
|
api := &fakeAPI{}
|
||||||
|
srv := httptest.NewServer(api)
|
||||||
|
t.Cleanup(srv.Close)
|
||||||
|
b, err := New(Config{Token: "1:2", APIBaseURL: srv.URL, BotUsername: "ScrabbleBot", BotLinkURL: "https://t.me/bot/app"}, zap.NewNop())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("new: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
b.handleStart(context.Background(), b.api, &models.Update{Message: &models.Message{
|
||||||
|
Chat: models.Chat{ID: 42},
|
||||||
|
From: &models.User{LanguageCode: "ru"},
|
||||||
|
Text: "/start f99",
|
||||||
|
}})
|
||||||
|
|
||||||
|
if api.chatID != "42" {
|
||||||
|
t.Errorf("chat_id = %q, want 42", api.chatID)
|
||||||
|
}
|
||||||
|
if !strings.Contains(api.text, "@ScrabbleBot") {
|
||||||
|
t.Errorf("text = %q, want the @mention", api.text)
|
||||||
|
}
|
||||||
|
if strings.Contains(api.replyMarkup, "web_app") {
|
||||||
|
t.Errorf("reply_markup = %q has a web_app button; want a url button", api.replyMarkup)
|
||||||
|
}
|
||||||
|
if !strings.Contains(api.replyMarkup, "startapp=f99") {
|
||||||
|
t.Errorf("reply_markup = %q, want startapp=f99 (the /start payload forwarded)", api.replyMarkup)
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user