Compare commits
356 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b285e27d55 | |||
| 3dfc0932ef | |||
| e04e97fb66 | |||
| ebc413f5e5 | |||
| d48797e297 | |||
| fe29c6fe58 | |||
| 3429dbec5f | |||
| 74026223ee | |||
| 896b7f57a7 | |||
| aa803260a1 | |||
| 8758cbd35d | |||
| 1d306ec0fc | |||
| 513b772cd4 | |||
| da25eac070 | |||
| 48614e622d | |||
| f8aeec8008 | |||
| b5fe61279b | |||
| e07886ecb1 | |||
| 4a3e12c85a | |||
| 54bc31c619 | |||
| d89438040b | |||
| 363f1632b1 | |||
| f0b7ad47d4 | |||
| 0e11817654 | |||
| d0e473920c | |||
| 0e56e4de9a | |||
| 8d3f862b41 | |||
| 74842dc624 | |||
| 1507ceb793 | |||
| 4b3c9d4fdd | |||
| eef90a152e | |||
| d8d1b06eee | |||
| c16008e67a | |||
| ff55d5de83 | |||
| 7cc2b50d23 | |||
| eb7fa98426 | |||
| 81d5383c42 | |||
| b6af682381 | |||
| ed79c30d2a | |||
| 471fadc6a4 | |||
| 564abdcf88 | |||
| c522e77599 | |||
| 28afcff551 | |||
| c34e2a8dbf | |||
| 25381f70a3 | |||
| 522beec82e | |||
| 3b485883ee | |||
| efeed17abc | |||
| cc34622630 | |||
| f6d256215a | |||
| fe5a3d6d3b | |||
| 7e142d471c | |||
| dbe2c4cb94 | |||
| 8c5b659ddf | |||
| a067a2fd01 | |||
| 8becdb45e4 | |||
| 25b5ed5516 | |||
| de5ab9186c | |||
| 7df078f5ed | |||
| 1d77ee83b3 | |||
| 5a4c460268 | |||
| 807edff327 | |||
| 0f3b4dbcff | |||
| 93ccc8c449 | |||
| e0360c98e2 | |||
| 11f89f6477 | |||
| 2d1fadb50c | |||
| 09e05eef18 | |||
| 73baf58002 | |||
| eec225c4ee | |||
| ca2c6487cf | |||
| e7cb60c996 | |||
| 49c53794f4 | |||
| 4a0689a4ac | |||
| 0eb72ba955 | |||
| e077258567 | |||
| a035edfb54 | |||
| bcd5a1d02d | |||
| a57fd355ba | |||
| 2ea91a8354 | |||
| de003e862a | |||
| aaf2825260 | |||
| 0f5db0ee91 | |||
| 53b33073ac | |||
| e3c5cff7b7 | |||
| 0c5e40c509 | |||
| edaf2dfd9e | |||
| 3ce460f72a | |||
| 4ba9da6721 | |||
| ad1cc361e9 | |||
| 2c2316fb5e | |||
| bb71e7b1c7 | |||
| 5c1f64c7d1 | |||
| b3cf024e9e | |||
| 6e120bdaa7 | |||
| 40acbcccdd | |||
| b54371845f | |||
| b6c2598710 | |||
| a241e43d79 | |||
| 8ce986922a | |||
| 3469278260 | |||
| c66bf1eceb | |||
| 7b4d2421e2 | |||
| bf46b9492d | |||
| 1e1117c28e | |||
| 77a690fcf6 | |||
| 2683103fc1 | |||
| 2d2dd2bc47 | |||
| df9eace09f | |||
| 0a0a9e5a8d | |||
| 0c9678c42b | |||
| e40adfb0c7 | |||
| 3306a016a0 | |||
| e45167041f | |||
| ed53e25e57 | |||
| 2e5136b22a | |||
| 1bf612a087 | |||
| ec5c6afa23 | |||
| 82648a4398 | |||
| d2d6955cbf | |||
| c3eecf16b3 | |||
| 0036b55618 | |||
| aabb32081e | |||
| e089a0a997 | |||
| 00d1bd33e3 | |||
| 7ce8101cfa | |||
| b5c8a04f0b | |||
| 2ce80c241d | |||
| 13be7c3d9a | |||
| e08d3301bd | |||
| 9acf6ab3b4 | |||
| dbd76d53e8 | |||
| 68c937f3b6 | |||
| 21fb14facf | |||
| ee9924c313 | |||
| e10f3beed5 | |||
| 55dbb1005e | |||
| 219fc7c827 | |||
| 6e03ce0131 | |||
| 5612bb624d | |||
| 8230253142 | |||
| 890a887257 | |||
| e33b9864c8 | |||
| f6aa0ba4b0 | |||
| f48ebf2151 | |||
| 3bb9f10fad | |||
| 3e0763463f | |||
| 96adf98e1d | |||
| 3367cc2bf1 | |||
| 04435a3283 | |||
| be0e4995f3 | |||
| 936a70ab94 | |||
| 4f6c22d669 | |||
| 2a6dc5a304 | |||
| a66a5bfa08 | |||
| 36a5730e52 | |||
| 7860efce48 | |||
| ca60025fbe | |||
| 0bdc034f7a | |||
| 625fc3135a | |||
| a118c63411 | |||
| 7123ba439d | |||
| 850884d077 | |||
| a58f2ce0e4 | |||
| e922f5f3b9 | |||
| 04976a64e8 | |||
| 4aa6174968 | |||
| 41f4fd3497 | |||
| 1c06d1d0d1 | |||
| 711fabe9cc | |||
| 92633f935e | |||
| 07815c5a30 | |||
| bab57343e1 | |||
| ce8b5026c1 | |||
| d9bc7596c6 | |||
| 3ad3b1dd7f | |||
| 4d1f389cf1 | |||
| 4c7bc7baa9 | |||
| ca48b3e18e | |||
| a7f483792f | |||
| 80cc2a76e8 | |||
| 1e087be90a | |||
| 84d0385c95 | |||
| 0ed34c7720 | |||
| 52d0c559f9 | |||
| beda6ccd3d | |||
| c1ac77bc6a | |||
| cafe67e9c8 | |||
| 3adc4e32c9 | |||
| 903de7d41d | |||
| baa9961c3e | |||
| 66278e34b7 | |||
| 452a686e07 | |||
| 4ddc690c38 | |||
| 6216359c6f | |||
| 8c67d679d9 | |||
| 69673e7727 | |||
| d7f3d93c6c | |||
| 16cd3d0411 | |||
| ef8a32bb82 | |||
| 53311cbc95 | |||
| 7fc1301b31 | |||
| ee7ff06403 | |||
| 537a265409 | |||
| 8c991429c6 | |||
| 359af83c34 | |||
| ff486c80f8 | |||
| 42a6308261 | |||
| 08792dad3d | |||
| e9f4cb0178 | |||
| 8fbbb3c5ef | |||
| 30770a759b | |||
| 05c445e4da | |||
| d43a740eb6 | |||
| 350013acd9 | |||
| 3ad66f49c7 | |||
| 09c5a5e72e | |||
| fffc6030ce | |||
| fc8143758a | |||
| e0d28733ff | |||
| ccd65f61b8 | |||
| 5bc2ad3b6d | |||
| 2a4b0fb25e | |||
| 2a7c632840 | |||
| 3a72bc29ba | |||
| 020742fad3 | |||
| fd225564a3 | |||
| fdf14d5897 | |||
| 1a456c4847 | |||
| 2a045a5b37 | |||
| 19e7ea5da0 | |||
| 54d701fd8a | |||
| ec0c13bebc | |||
| 5643c8be10 | |||
| 2f70ef1b85 | |||
| ef832b823d | |||
| 99f0a545be | |||
| 1a95a5f2cb | |||
| 8abd8b2ae6 | |||
| 2f867b8e6c | |||
| a692024b4e | |||
| 8349e222fc | |||
| 68ecd881d9 | |||
| d80d28a402 | |||
| 1654131904 | |||
| 9ecbe480db | |||
| 32298595f2 | |||
| 2847412b5b | |||
| 4fa77bf82c | |||
| afa44d41b4 | |||
| e4cf143e9f | |||
| 543cbe56b9 | |||
| a9c8f1ecfe | |||
| d694ead7b6 | |||
| 8c5995c076 | |||
| cedc9ffae1 | |||
| c334a9d7b7 | |||
| 3a85f64726 | |||
| 00bb66ba0f | |||
| a2c79c149a | |||
| 061366da5a | |||
| d19609f87d | |||
| 51147a1429 | |||
| d61ba68e9b | |||
| 6db9178449 | |||
| ac383880b7 | |||
| 16349f5ad9 | |||
| 101a3f118c | |||
| 400b6ac2a5 | |||
| fb7490f1df | |||
| c1805e5b7c | |||
| fcedadcb5b | |||
| 2feb638329 | |||
| 4dfedd02a3 | |||
| 44117e906c | |||
| c90331b189 | |||
| 0dfecc2af7 | |||
| 446ea2ac45 | |||
| 01a9249002 | |||
| 7dcd62fdd7 | |||
| d67e582c03 | |||
| 75fe07865a | |||
| 597e200f37 | |||
| 3ef18d33b6 | |||
| c8601c0115 | |||
| a0021d1994 | |||
| 4b4dcab9b6 | |||
| 7f85362288 | |||
| 72e9b600b0 | |||
| 0eefbfd6a4 | |||
| c680e695d3 | |||
| 2c465c01d2 | |||
| 60faa4f064 | |||
| 854c4b3005 | |||
| ec1bdfca00 | |||
| 70f0f9e36a | |||
| 55f6176538 | |||
| 8d2cd97e17 | |||
| f1a12c2f44 | |||
| 4cc37e5760 | |||
| 3faca690dd | |||
| c2a8426b74 | |||
| 251c7af3f6 | |||
| cabcd94d92 | |||
| aa2290b7b4 | |||
| fcde7d3db6 | |||
| d889edfdb9 | |||
| 52e6378f40 | |||
| 12af378b18 | |||
| 1598646021 | |||
| 710ab06333 | |||
| 61c7da271c | |||
| 029aa2d4cc | |||
| 3f4792a39b | |||
| 150660819a | |||
| 912096a0f1 | |||
| e4fc7f033d | |||
| b918217497 | |||
| a3eb4719de | |||
| 3a823ca7ef | |||
| 76e7916ff6 | |||
| 54af644429 | |||
| 356bf1a5ba | |||
| 1dca6741f1 | |||
| 77a18a3cc1 | |||
| 5804f7266e | |||
| 65f2c87a74 | |||
| 409462fc09 | |||
| 762155a55e | |||
| 25d80bc31d | |||
| d5b4bba018 | |||
| 638c147cc0 | |||
| c702f1bdac | |||
| 01d02fcef6 | |||
| 9e0f929e40 | |||
| a29e00ee13 | |||
| 2207ac6132 | |||
| 3877b23894 | |||
| d5fbaa3034 | |||
| 16a4431158 | |||
| 422e3ccc2a | |||
| 946420db93 | |||
| a0eacf3011 | |||
| 622d3965a7 | |||
| 2ab01ed8f7 | |||
| 1ed624eaf1 | |||
| f3e2a6822b | |||
| 65063621a9 | |||
| 4e169c368d | |||
| aec915d5c1 | |||
| 5f574a765d | |||
| db17287113 | |||
| c864147982 | |||
| 2e8fa83814 | |||
| 5f87b3fa43 | |||
| 5689f7f6a3 |
@@ -0,0 +1,242 @@
|
|||||||
|
# Agent field notes — scrabble-game
|
||||||
|
|
||||||
|
Non-obvious, hard-won project knowledge that is **not** in the main docs (`CLAUDE.md`, `docs/*`,
|
||||||
|
`deploy/README.md`). Kept in the repo so it travels with a clone to any host. These are working
|
||||||
|
memory, not a spec — **verify any named file / flag / function against the current code before acting
|
||||||
|
on it**, and prefer the authoritative docs where they overlap. Add to this file as new gotchas turn up.
|
||||||
|
|
||||||
|
## Codegen & build
|
||||||
|
|
||||||
|
- **jetgen churns everything.** `backend/cmd/jetgen` regenerates go-jet code for *all* tables and may
|
||||||
|
reorder output. After running it, revert the churn on tables you did not touch and commit only your
|
||||||
|
table's change.
|
||||||
|
- **flatc is version-pinned** (`pkg/Makefile`, `REQUIRED_FLATC = 23.5.26`, hard-checked). A different
|
||||||
|
flatc silently churns the generated wire code and can flip wire defaults. Never regenerate FBS with
|
||||||
|
another flatc version.
|
||||||
|
- **gopls lags codegen.** Right after an FBS/jet regen, gopls shows phantom "undefined" errors. Trust
|
||||||
|
`go build` / `go test`, not the editor squiggles.
|
||||||
|
- **go-jet type mapping:** SQL `numeric` → `float64`, `interval` → `string`. Never store money as
|
||||||
|
`numeric` (float precision loss) — use **bigint minor units + a `Money` type**; store durations as
|
||||||
|
**int seconds**, not `interval`.
|
||||||
|
- **`go mod tidy` chokes on dot-free local module paths** (`scrabble/...`). Hand-edit `go.mod` when a
|
||||||
|
bump is needed. The solver (`../scrabble-solver`) is consumed via `go.work` replace locally, but a
|
||||||
|
prod bump goes through a solver **PR → master + a published tag**, not a local replace.
|
||||||
|
- **Run the whole CI suite locally before pushing** — unit + integration (`//go:build integration`,
|
||||||
|
Postgres) + the UI job + codegen check. Do not lean on CI to catch what a local run would.
|
||||||
|
- **CI runner shares this host's `/tmp` as a different user.** In workflow steps, write artifacts to
|
||||||
|
`${GITHUB_WORKSPACE}`, never a fixed `/tmp/...` path (cross-user permission failures otherwise).
|
||||||
|
- **pnpm corepack pre-flight flakes.** `pnpm exec` / `pnpm check` occasionally abort on a corepack
|
||||||
|
pre-flight. Dodge it by invoking the tool directly: `node_modules/.bin/<tool>`.
|
||||||
|
|
||||||
|
## Native Android build (Capacitor)
|
||||||
|
|
||||||
|
The native Android app is a Capacitor 8 wrapper of the `ui` SPA, scaffolded under
|
||||||
|
`ui/` (a Node project outside `go.work`). Hard-won bring-up facts — verify against current code:
|
||||||
|
|
||||||
|
- **Capacitor 8 needs JDK 21, not 17.** `@capacitor/android` compiles at `VERSION_21`; a JDK 17 Gradle
|
||||||
|
run dies with `error: invalid source release: 21`. Install sudo-free via the Homebrew **formula**
|
||||||
|
`brew install openjdk@21` (the `temurin@21` **cask** wants sudo for a system `.pkg`, unusable
|
||||||
|
non-interactively) + a user symlink into `~/Library/Java/JavaVirtualMachines/` so
|
||||||
|
`/usr/libexec/java_home -v 21` finds it. JDK 17 stays fine for `sdkmanager`/`avdmanager`.
|
||||||
|
- **Cap 8 SDK pins:** compileSdk/targetSdk **36**, minSdk **24**, Gradle **8.14.3**, AGP **8.13.0**
|
||||||
|
(`ui/android/variables.gradle`). Install `platforms;android-36` — Android Studio's newer
|
||||||
|
`android-36.1` does NOT satisfy compileSdk 36.
|
||||||
|
- **SDK is Android Studio's** at `~/Library/Android/sdk` (no `cmdline-tools` by default → `brew install
|
||||||
|
--cask android-commandlinetools`, then `sdkmanager`/`avdmanager --sdk_root=$HOME/Library/Android/sdk`).
|
||||||
|
Gradle finds it via **`ANDROID_HOME`** (`local.properties` is gitignored, machine-specific).
|
||||||
|
- **Build recipe:** `cd ui && pnpm build && node_modules/.bin/cap sync android`; then `cd ui/android &&
|
||||||
|
ANDROID_HOME=~/Library/Android/sdk JAVA_HOME=$(/usr/libexec/java_home -v 21) ./gradlew assembleDebug`
|
||||||
|
→ `ui/android/app/build/outputs/apk/debug/app-debug.apk`. Prefer the local `ui/node_modules/.bin/cap`
|
||||||
|
(dodges the corepack flake).
|
||||||
|
- **Emulator smoke:** existing AVDs `Pixel_10` / `Pixel_4_Android_10_API_29` / `Pixel_Android_9`;
|
||||||
|
`emulator -avd <name>`, `adb install -r <apk>`, `adb shell monkey -p ru.eruditgame.app -c
|
||||||
|
android.intent.category.LAUNCHER 1`, `adb exec-out screencap -p > x.png`. The boot wait needs `sleep`
|
||||||
|
→ run it as a **background** Bash task (foreground `sleep` is blocked). Browsers/WebView are cached, so a
|
||||||
|
full offline vs_ai turn is drivable via `adb shell input tap` (tap through the first-run coachmark tour —
|
||||||
|
each tap advances one step — then Hint places a suggested word; commit → the robot replies).
|
||||||
|
- **Android 15+ edge-to-edge safe-area (WebView-version-dependent, bit me on API 37).** targetSdk 36 forces
|
||||||
|
edge-to-edge — the WebView draws behind the status bar (top) and the gesture-nav home indicator (bottom).
|
||||||
|
On Android **WebView < 140**, `env(safe-area-inset-*)` wrongly reports **0**, so chrome relying on it draws
|
||||||
|
under the bars and is untappable: the top nav under the clock, and the game's bottom action bar's **centre**
|
||||||
|
button (Hint) under the home-indicator pill (side buttons still work; `navigation_mode`=2 is gesture nav).
|
||||||
|
Fix is CSS-only, in TWO parts: (1) Capacitor 8's **SystemBars** plugin (built into `@capacitor/core`,
|
||||||
|
`insetsHandling:'css'` default — no dep, no config) injects correct `--safe-area-inset-*`; consume them as
|
||||||
|
`--tg-safe-*: var(--safe-area-inset-*, env(safe-area-inset-*, 0px))` (`ui/src/app.css`) — fixes any consumer
|
||||||
|
that ALREADY applies the token (the bottom bars: `Game.svelte`/`Screen.svelte` `--tg-safe-bottom`).
|
||||||
|
(2) But a consumer that never applied the top inset on the native path is NOT fixed by the token alone — the
|
||||||
|
**header's** top inset was Telegram-fullscreen-scoped only, so the native header sat under the status bar on
|
||||||
|
EVERY WebView; it needed its own `.bar { padding-top: calc(var(--safe-area-inset-top, 0px) + 5px) }`
|
||||||
|
(`Header.svelte`, native-only via the plugin var; tg-fullscreen still overrides via specificity). **Measure
|
||||||
|
per element, don't eyeball** — a centred title at y=11 under a 54px bar reads as "fine" in a screenshot but
|
||||||
|
is overlapping; an emulator WebView auto-updated to ≥140 (Chrome 149) also hides the `env()`=0 half (so the
|
||||||
|
BOTTOM looks fine there while the user's < 140 device overlaps). **Inspect a live debug WebView** over CDP:
|
||||||
|
`adb forward tcp:9222 localabstract:$(adb shell cat /proc/net/unix | grep -o 'webview_devtools_remote_[0-9]*'
|
||||||
|
| head -1)`, then Playwright `chromium.connectOverCDP('http://localhost:9222')` → `page.evaluate` (read each
|
||||||
|
element's `getBoundingClientRect().top`, and `--safe-area-inset-*` vs `env(...)`).
|
||||||
|
- **`sharp` is whitelisted** in `ui/pnpm-workspace.yaml` (`allowBuilds: sharp: true`) — `@capacitor/assets`
|
||||||
|
uses it for `pnpm android:assets` (launcher icon/splash); else pnpm 11 raises `ERR_PNPM_IGNORED_BUILDS`.
|
||||||
|
- **Bundled offline dicts come from the `scrabble-dictionary` release** (`scrabble-dawg-<DICT_VERSION>.tar.gz`,
|
||||||
|
keyed on the `DICT_VERSION` Gitea var — the same source the backend image + CI `curl`), NOT
|
||||||
|
`scrabble-solver/dawg` (those are the solver's pinned test fixtures).
|
||||||
|
|
||||||
|
## Wire / schema evolution (client ↔ gateway ↔ backend)
|
||||||
|
|
||||||
|
- **FBS is additive-only.** Add **trailing** fields ("added trailing — backward-compatible"). Never
|
||||||
|
delete or reorder a mid-table field — **deprecate** it (`(deprecated)`); deleting shifts field IDs
|
||||||
|
and breaks older readers.
|
||||||
|
- **Retiring a domain field must also retire the WIRE field it fed** — by deprecation, not deletion,
|
||||||
|
and do not just zero it: a dead `0` the client dutifully syncs will clobber the real value.
|
||||||
|
- **The gateway transcodes FBS ↔ backend JSON DTOs in lockstep.** A wire change usually means editing
|
||||||
|
both the FBS schema and the backend DTO.
|
||||||
|
- **Seat display name is built in two places** — `game.Service` live events **and** the server REST
|
||||||
|
DTOs. Change both or they drift.
|
||||||
|
- **A per-viewer flag is computed only in the per-viewer REST DTO**; the client seeds it from REST,
|
||||||
|
then bumps it from the live event. Don't expect it on the shared broadcast.
|
||||||
|
|
||||||
|
## UI / Svelte 5
|
||||||
|
|
||||||
|
- **Never name a `$state` variable `state`.** `svelte-check` then misreads `$state` as a store
|
||||||
|
subscription. Rename (e.g. `view`).
|
||||||
|
- **Svelte trims literal edge whitespace** in markup. To keep a separator space, emit an expression:
|
||||||
|
`{' : '}`.
|
||||||
|
- **No global `.btn` / `.ghost` button classes.** Style buttons per-component with scoped CSS + design
|
||||||
|
tokens (mirror `NewGame`'s `.invite`).
|
||||||
|
- **A `$state` proxy fails structured-clone** when persisted to IndexedDB. Snapshot at the call site
|
||||||
|
with `$state.snapshot(...)` before storing.
|
||||||
|
|
||||||
|
## Platform / WebView quirks (Telegram, VK, iOS, native, old Android)
|
||||||
|
|
||||||
|
- **Telegram `showPopup` eats the user-activation.** Share / clipboard called from inside a
|
||||||
|
`showPopup` callback fail (no gesture). Use your own `Modal` for gesture-gated Web APIs.
|
||||||
|
- **iOS Telegram `<a download blob:>` navigates away** and strands the SPA. Deliver files by **Web
|
||||||
|
Share on mobile**, and only use a `<a download>` Blob path on **desktop**.
|
||||||
|
- **Android TG/VK WebViews** lack `navigator.share` and ignore `<a download>`. Deliver a
|
||||||
|
client-generated file by **copying it to the clipboard**.
|
||||||
|
- **VK Android WebView ignores `target=_blank`.** Open external links through `lib/links.ts`
|
||||||
|
(routes to `vk.com/away.php`). Verify on-device.
|
||||||
|
- **Per-platform file-delivery last hop differs** (TG / VK / plain browser) — there is a delivery
|
||||||
|
matrix; do not re-litigate it without new on-device facts.
|
||||||
|
- **Old Android System WebView floor ≈ Chrome 67.** The bundle targets **es2019** (esbuild lowers
|
||||||
|
syntax), a conditional `core-js` polyfill loads only on old engines, and `index.html` has a boot
|
||||||
|
gate (BigInt / Proxy are the hard block → the unsupported-engine screen). There's also a `vmin`
|
||||||
|
glyph fallback for old rendering.
|
||||||
|
- **iOS WKWebView overscroll and Telegram swipe-to-close are not reproducible in Playwright.** Verify
|
||||||
|
those live on the deployed contour, not in the e2e.
|
||||||
|
- **Telegram Desktop Mini App shows a persistent bottom-right loader** — that's the long-lived
|
||||||
|
Subscribe stream, cosmetic, deliberately left as-is.
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
- **UI test layers:** vitest (node env, pure logic, **no jsdom**) + Playwright **mock** e2e. The mock
|
||||||
|
e2e **bypasses the codec**, so wire/codec bugs need **codec unit tests**, not e2e coverage.
|
||||||
|
- **Mock overlay blocks e2e.** The cold-load overlay must be instant under the mock build or it
|
||||||
|
intercepts Playwright taps.
|
||||||
|
- **Mock tile pools lack a blank `'?'`.** The seeded game `G1` hard-codes one; flip `G1`'s variant to
|
||||||
|
eyeball per-variant tiles.
|
||||||
|
- **Durable Playwright MCP servers** (chromium + webkit) exist for UI inspection (there's a
|
||||||
|
plugin-config gotcha in wiring them).
|
||||||
|
- **The `playwright test` runner can't *fetch* browsers in this sandbox** — `playwright install` dies
|
||||||
|
with `EBADF` against the Playwright CDN (blocked network), even with the sandbox off. Run the e2e in
|
||||||
|
**CI** (the `ui` job installs chromium+webkit), or drive a state live through the **Playwright MCP**
|
||||||
|
browser against a local `vite --mode mock` server for visual verification. **But if chromium/webkit are
|
||||||
|
already cached** in `~/Library/Caches/ms-playwright/`, `playwright test` runs locally fine (only the CDN
|
||||||
|
fetch is blocked) — the native offline-first e2e was run green locally this way (chromium + webkit),
|
||||||
|
its dawgs from the sibling `../../scrabble-solver/dawg` via the webServer's `bundle-dicts.mjs` fallback.
|
||||||
|
- **A native (Capacitor) e2e must inject `window.androidBridge`, NOT `window.Capacitor.getPlatform`.**
|
||||||
|
`@capacitor/core` (pulled in during boot by `initNativeShell`'s dynamic `@capacitor/app` import)
|
||||||
|
**replaces** any pre-set `window.Capacitor` with its own shim and derives the platform from
|
||||||
|
`window.androidBridge` (android) / `window.webkit.messageHandlers` (ios) — so a bare injected
|
||||||
|
`Capacitor.getPlatform: () => 'android'` is clobbered to `web` and the boot falls to `/login`. Inject
|
||||||
|
`window.androidBridge = { postMessage(){} }` in an `addInitScript` (see `e2e/native.spec.ts` `simulateNative`);
|
||||||
|
`initNativeShell` is written to tolerate the stub bridge (`try/catch` round the `@capacitor/app` addListener).
|
||||||
|
- **`docker run -p ...` boot tests fail from the shell** (published ports unreachable in this env).
|
||||||
|
Use **testcontainers** for container-backed tests.
|
||||||
|
- **Distroless images run as UID 65532 (nonroot).** Bind-mounted TLS keys must be **0644** (not 0600)
|
||||||
|
or the service crash-loops on start.
|
||||||
|
|
||||||
|
## Deploy / test contour (operational)
|
||||||
|
|
||||||
|
- **The TEST contour runs on THIS dev host.** Inspect it via `docker` / Prometheus. A host-side
|
||||||
|
`curl` to caddy **hangs** (NAT hairpin) — don't debug the edge that way.
|
||||||
|
- **The contour's client IP is the home-router SNAT address**, not the real external IP. Correct in
|
||||||
|
prod, not a bug — which is why the IP ban / blocklist are **prod-only**.
|
||||||
|
- **The contour is one shared env, last-deploy-wins.** Keep a multi-PR batch a **linear stack** (one
|
||||||
|
PR, one deploy) so deploys don't clobber each other.
|
||||||
|
- **A schema/wire PR breaks the contour** until a `DROP SCHEMA` + backend restart. Note such a
|
||||||
|
prerelease step in `PRERELEASE.md`.
|
||||||
|
- **A contour DB wipe resets the account but not the client's stored locale**; the reconciler then
|
||||||
|
syncs the stale locale, masking a fresh TG `language_code` seed. Clear client prefs too when testing
|
||||||
|
locale.
|
||||||
|
- **`DNS=` in `TEST_AWG_CONF` pins the VPN netns to 1.1.1.1** → internal names go NXDOMAIN → the
|
||||||
|
bot-link silently dies. Diagnose from inside the netns.
|
||||||
|
- **Swap one contour service to a local image** without deploy secrets via a busybox-in-the-netns
|
||||||
|
socket-inspect trick (single-service recreate).
|
||||||
|
- **A rolling deploy did NOT recreate caddy on a config-only change.** Force `--force-recreate` for
|
||||||
|
caddy; don't trust "deploy green" for an edge-config change.
|
||||||
|
- **A new gateway edge route MUST be added to the Caddyfile `@gateway` matcher** or it falls through
|
||||||
|
to the landing catch-all. Add a CI probe for the route.
|
||||||
|
- **Prod caddy logs warnings only, no access log.** Trace a request via the backend "http request"
|
||||||
|
telemetry log or Tempo, not caddy.
|
||||||
|
- **Confirm a release is live without SSH** by grepping the served SPA: `__APP_VERSION__` inside
|
||||||
|
`/assets/main-*.js`.
|
||||||
|
- **"App hangs on load" was a dead HTTP/3 advert:** caddy sent `Alt-Svc: h3` with no UDP/443 open;
|
||||||
|
clients cache it ~30 days. Fix with `Alt-Svc: clear`.
|
||||||
|
- **Config-poison deploy loop:** a crash-looping config-mounted service + a missing bind source
|
||||||
|
produces a root-owned directory that then fails deploys. Break it by removing the root-owned dir.
|
||||||
|
- **Maintenance-window contract** (planned-deploy 503): a marker header, `/_gm` exempt, the flag spans
|
||||||
|
the whole roll, the SPA overlay reloads on recovery. Don't break these invariants.
|
||||||
|
- **A new dictionary goes live via a `/_gm/dictionary` upload, NOT a redeploy.** In-flight games keep
|
||||||
|
their pinned version. The **owner** does the upload.
|
||||||
|
- **Renderer deploy job flakes** on the skia-canvas GitHub binary download when its lockfile changes —
|
||||||
|
re-run, it's not your code.
|
||||||
|
|
||||||
|
## Repo workflow
|
||||||
|
|
||||||
|
- **PR-based, zero issues.** Work is tracked via PRs + `PRERELEASE.md`. "заведи задачу" means *do it*
|
||||||
|
/ add a plan line — not file a tracker issue.
|
||||||
|
- **`tea` CLI for all Gitea ops** (PRs, secrets, variables, dispatch). `gh` does **not** work here. The
|
||||||
|
agent **cannot self-approve** a PR but **can merge** it after the owner approves. Watch the
|
||||||
|
stale-mergeable trap (re-check mergeability right before merging).
|
||||||
|
- **Watch every push/merge/deploy to green** with `python3 ~/.claude/bin/gitea-ci-watch.py`, launched
|
||||||
|
**bare** under a background task. It polls run-level conclusions; its `ALL GREEN` already covers the
|
||||||
|
gated deploy job. Pass `--no-runs 600` when the runner is busy. A **merge** is the most-forgotten
|
||||||
|
case — watch the post-merge runs too.
|
||||||
|
- **After a merge, switch to the merged-into branch** (`development`/`master`), pull, and prune the
|
||||||
|
local feature branch.
|
||||||
|
- **The contour deploy probe checks the backend `/readyz`**; a PR deploy builds the PR's own code; a
|
||||||
|
wedged contour can be recovered by recreating the host container set.
|
||||||
|
|
||||||
|
## Domain semantics (not obvious from the code)
|
||||||
|
|
||||||
|
- **Account deletion must NOT delete any user messages** — including feedback / support. Interview the
|
||||||
|
owner on every deletion point before wiring it.
|
||||||
|
- **`account.time_zone` is `NOT NULL DEFAULT 'UTC'`, seeded from a detected ±HH:MM offset.** An email
|
||||||
|
account row is created at the **code-request** step, not at confirmation.
|
||||||
|
- **The robot has two distinct time windows:** a **sleep window** (~00:00–07:00, gates its moves and
|
||||||
|
nudges) vs the **player away window** (turn-timeout only). "окно отсутствия" in dialogue = the
|
||||||
|
**sleep** window.
|
||||||
|
|
||||||
|
## Production topology
|
||||||
|
|
||||||
|
- **Two prod hosts.** `main` — full stack + ACME/edge (Selectel); `tg` — Telegram bot only (vdsina).
|
||||||
|
SSH aliases `scrabble-main-ops` / `scrabble-tg-ops`. Deploy is **manual dispatch only**, rolling +
|
||||||
|
health-gated + auto-rollback. Hosts are provisioned by `deploy/ansible/` (inventory + vars there —
|
||||||
|
the source of truth for IPs/roles).
|
||||||
|
- **The agent has targeted root SSH** to the hosts (and may run the prod Ansible). Surface every
|
||||||
|
owner-side step **before** a deploy, not after.
|
||||||
|
|
||||||
|
## Feature-area pointers (state lives in the linked docs/plans, not here)
|
||||||
|
|
||||||
|
- **Monetization** — «Фишка» currency, per-platform wallets, ads. Agreements in
|
||||||
|
`docs/PAYMENTS_DECISIONS_ru.md`; a phased plan (E0–E9). go-jet money rule above applies.
|
||||||
|
- **PITR** — pgBackRest → Selectel S3 (encrypted, 30-day), currently **gated off**; runbook in
|
||||||
|
`deploy/README.md`. Gotcha: run pgBackRest via docker-exec **as the `postgres` user** with
|
||||||
|
`--pg1-user=scrabble`.
|
||||||
|
- **Offline mode** — the robot brain, move generator/validator/scorer and DAWG reader are **JS ports**
|
||||||
|
of the Go engine, bundled client-side and **parity-pinned** by golden tests. Multi-phase; native
|
||||||
|
offline-first bundles the dictionaries.
|
||||||
|
- **VK ID web login** — raw OAuth 2.1 against `id.vk.com`, a **separate VK "Web" app** from the Mini
|
||||||
|
App, server-side confidential code exchange.
|
||||||
|
- **Email relay** — Selectel SMTP + confirm / link / unlink / deletion codes + alerts.
|
||||||
|
- **Native Android** — Capacitor bundle model, client-version gate, offline-first, RuStore; the
|
||||||
|
design lives in `docs/ARCHITECTURE.md` (§2 gate, §3 identity, §13 native build).
|
||||||
@@ -0,0 +1,172 @@
|
|||||||
|
# Manual signed-APK build for the standalone Android app (RuStore). Runs ONLY from master, ONLY on
|
||||||
|
# workflow_dispatch with confirm=build — the same deliberate-manual shape as prod-deploy.yaml, never on
|
||||||
|
# a PR. It builds the native-flavoured SPA, bundles the offline dictionaries into the APK assets, and
|
||||||
|
# assembles a release APK, uploaded as a run artifact (RuStore upload stays manual for the MVP).
|
||||||
|
#
|
||||||
|
# Signing degrades gracefully: with the ANDROID_RUSTORE_* secrets present the APK is signed; without
|
||||||
|
# them build.gradle produces an UNSIGNED release APK (so a dry run still proves the whole pipeline).
|
||||||
|
# The keystore is a publication prerequisite — see deploy/README.md (Android build/release runbook).
|
||||||
|
# The toolchain is self-provisioned here (JDK 21 + a cached Android SDK), so the runner host needs
|
||||||
|
# nothing pre-installed.
|
||||||
|
name: android-build
|
||||||
|
run-name: "android build ${{ github.sha }}"
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
confirm:
|
||||||
|
description: 'Type "build" to confirm an APK build from master.'
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
env:
|
||||||
|
NO_COLOR: "1"
|
||||||
|
# The dictionary release, one source of truth (same Gitea variable the backend image + CI use). It
|
||||||
|
# both fetches the DAWGs and labels the bundled files (VITE_DICT_VERSION must equal __DICT_VERSION__).
|
||||||
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
|
VITE_DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
|
# Hide in-app purchases in the RuStore MVP (RuStore, not Google Play — VITE_GP_BUILD stays unset).
|
||||||
|
VITE_PAYMENTS_DISABLED: "1"
|
||||||
|
# The update overlay's store target; empty until publication (the button no-ops, and the version gate
|
||||||
|
# is dormant in the MVP so it never fires). Set the ANDROID_RUSTORE_URL variable when the app is live.
|
||||||
|
VITE_RUSTORE_URL: ${{ vars.ANDROID_RUSTORE_URL }}
|
||||||
|
# Host-executor runner: the Android SDK is pre-installed on the host. Override ANDROID_SDK_DIR if it
|
||||||
|
# lives elsewhere (the default matches deploy/README.md's install path).
|
||||||
|
ANDROID_HOME: ${{ vars.ANDROID_SDK_DIR || '/opt/android-sdk' }}
|
||||||
|
ANDROID_SDK_ROOT: ${{ vars.ANDROID_SDK_DIR || '/opt/android-sdk' }}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
if: ${{ github.ref == 'refs/heads/master' && inputs.confirm == 'build' }}
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
# Host-executor runner: the Android SDK is pre-installed on the host (JDK 21 comes from setup-java
|
||||||
|
# below). Fail fast + legibly if the runner user cannot read/execute it or a needed package is
|
||||||
|
# missing — this doubles as the runner-access check (deploy/README.md).
|
||||||
|
- name: Verify the host Android SDK
|
||||||
|
run: |
|
||||||
|
sm="$ANDROID_HOME/cmdline-tools/latest/bin/sdkmanager"
|
||||||
|
if [ ! -x "$sm" ]; then
|
||||||
|
echo "::error::sdkmanager not found/executable at $sm — set the ANDROID_SDK_DIR variable if the SDK lives elsewhere, or grant the runner user read+exec: sudo chmod -R a+rX \"$ANDROID_HOME\""; exit 1
|
||||||
|
fi
|
||||||
|
for pkg in "platforms/android-36" "build-tools"; do
|
||||||
|
if [ ! -d "$ANDROID_HOME/$pkg" ]; then
|
||||||
|
echo "::error::missing $ANDROID_HOME/$pkg — run: \"$sm\" 'platforms;android-36' 'build-tools;36.0.0'"; exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
echo "Android SDK OK at $ANDROID_HOME"; "$sm" --version
|
||||||
|
|
||||||
|
- name: Compute version + native build env
|
||||||
|
id: prep
|
||||||
|
env:
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
|
run: |
|
||||||
|
# A store release must sit on an exact vMAJOR.MINOR.PATCH tag (G tags before dispatch) so the
|
||||||
|
# versionCode is deterministic and strictly increasing across uploads. Refuse anything else
|
||||||
|
# rather than derive a versionCode from a "-N-gSHA" describe.
|
||||||
|
desc="$(git describe --tags --exact-match 2>/dev/null || true)"
|
||||||
|
case "$desc" in
|
||||||
|
v[0-9]*.[0-9]*.[0-9]*) ;;
|
||||||
|
*) echo "::error::HEAD is not on a clean vX.Y.Z tag (git describe --exact-match = '${desc:-none}'); tag the release first"; exit 1 ;;
|
||||||
|
esac
|
||||||
|
v="${desc#v}"
|
||||||
|
IFS=. read -r MA MI PA <<< "$v"
|
||||||
|
# 10# forces base-10 so a zero-padded part is never read as octal.
|
||||||
|
code=$(( 10#$MA * 1000000 + 10#$MI * 1000 + 10#$PA ))
|
||||||
|
# The native SPA talks to the production origin (reuse the prod public base URL); strip any
|
||||||
|
# trailing slash so the Connect endpoint never doubles it.
|
||||||
|
gateway="${PUBLIC_BASE_URL%/}"
|
||||||
|
{
|
||||||
|
echo "tag=$desc"
|
||||||
|
echo "name=$v"
|
||||||
|
echo "code=$code"
|
||||||
|
echo "gateway=$gateway"
|
||||||
|
} >> "$GITHUB_OUTPUT"
|
||||||
|
echo "release $desc -> versionName $v versionCode $code, gateway $gateway"
|
||||||
|
|
||||||
|
# Same release + fetch as the Go/UI jobs in ci.yaml — the bundled dicts come from this tarball,
|
||||||
|
# NOT the scrabble-solver sibling (ui is a Node project outside go.work).
|
||||||
|
- name: Fetch dictionary DAWGs
|
||||||
|
run: |
|
||||||
|
mkdir -p "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
curl -fsSL -o /tmp/dawg.tar.gz "https://gitea.iliadenisov.ru/developer/scrabble-dictionary/releases/download/${DICT_VERSION}/scrabble-dawg-${DICT_VERSION}.tar.gz"
|
||||||
|
tar xzf /tmp/dawg.tar.gz -C "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
ls -la "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
|
||||||
|
- name: Set up Node
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: 22
|
||||||
|
|
||||||
|
- name: Install pnpm
|
||||||
|
run: npm install -g pnpm@11.0.9
|
||||||
|
|
||||||
|
- name: Install deps
|
||||||
|
working-directory: ui
|
||||||
|
run: pnpm install --frozen-lockfile
|
||||||
|
|
||||||
|
- name: Build the SPA (native flavour)
|
||||||
|
working-directory: ui
|
||||||
|
env:
|
||||||
|
VITE_GATEWAY_URL: ${{ steps.prep.outputs.gateway }}
|
||||||
|
VITE_APP_VERSION: ${{ steps.prep.outputs.tag }}
|
||||||
|
run: pnpm run build
|
||||||
|
|
||||||
|
# Copy the release DAWGs into dist/dict/<variant>@<version>.dawg for the offline-first bundled tier
|
||||||
|
# (after the build, before cap sync copies dist/ into the native assets).
|
||||||
|
- name: Bundle the dictionaries
|
||||||
|
working-directory: ui
|
||||||
|
env:
|
||||||
|
DICT_DIR: ${{ github.workspace }}/dawg
|
||||||
|
run: node scripts/bundle-dicts.mjs
|
||||||
|
|
||||||
|
- name: Set up JDK 21
|
||||||
|
uses: actions/setup-java@v4
|
||||||
|
with:
|
||||||
|
distribution: temurin
|
||||||
|
java-version: "21"
|
||||||
|
|
||||||
|
# Local cap binary (dodges the corepack pre-flight flake); syncs dist/ (incl. dict/) + native deps.
|
||||||
|
- name: Sync the native project
|
||||||
|
working-directory: ui
|
||||||
|
run: node_modules/.bin/cap sync android
|
||||||
|
|
||||||
|
- name: Decode the release keystore
|
||||||
|
id: keystore
|
||||||
|
env:
|
||||||
|
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_RUSTORE_KEYSTORE_BASE64 }}
|
||||||
|
run: |
|
||||||
|
if [ -n "$ANDROID_KEYSTORE_BASE64" ]; then
|
||||||
|
printf '%s' "$ANDROID_KEYSTORE_BASE64" | base64 -d > "${GITHUB_WORKSPACE}/release.jks"
|
||||||
|
echo "file=${GITHUB_WORKSPACE}/release.jks" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "keystore decoded -> signed release build"
|
||||||
|
else
|
||||||
|
echo "file=" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "::warning::ANDROID_RUSTORE_KEYSTORE_BASE64 secret is not set — building an UNSIGNED release APK (not installable/publishable)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Assemble the release APK
|
||||||
|
working-directory: ui/android
|
||||||
|
env:
|
||||||
|
ANDROID_KEYSTORE_FILE: ${{ steps.keystore.outputs.file }}
|
||||||
|
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_RUSTORE_KEYSTORE_PASSWORD }}
|
||||||
|
ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_RUSTORE_KEY_ALIAS }}
|
||||||
|
ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_RUSTORE_KEY_PASSWORD }}
|
||||||
|
run: ./gradlew assembleRelease -PversionCode=${{ steps.prep.outputs.code }} -PversionName=${{ steps.prep.outputs.name }} --console=plain
|
||||||
|
|
||||||
|
- name: Upload the APK artifact
|
||||||
|
uses: actions/upload-artifact@v4
|
||||||
|
with:
|
||||||
|
name: erudit-${{ steps.prep.outputs.name }}-apk
|
||||||
|
path: ui/android/app/build/outputs/apk/release/*.apk
|
||||||
|
if-no-files-found: error
|
||||||
@@ -26,12 +26,12 @@ on:
|
|||||||
push:
|
push:
|
||||||
branches: [development]
|
branches: [development]
|
||||||
|
|
||||||
# The dictionary release the test suite validates against — the current
|
# The dictionary release. One Gitea variable is the single source of truth: the
|
||||||
# scrabble-dictionary release. Centralised here so a release bump is one edit; the
|
# test suite validates against it here (inherited by the unit/integration jobs) and
|
||||||
# unit/integration jobs inherit it. The deploy job overrides it per contour with
|
# both contours' deploy jobs seed a fresh volume with the same value. A release bump
|
||||||
# vars.TEST_DICT_VERSION (the seed for a fresh volume), see deploy/README.md.
|
# is one edit (the variable). See deploy/README.md.
|
||||||
env:
|
env:
|
||||||
DICT_VERSION: v1.3.1
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# changes detects which areas a PR/push touched, so the test jobs can skip when
|
# changes detects which areas a PR/push touched, so the test jobs can skip when
|
||||||
@@ -73,6 +73,9 @@ jobs:
|
|||||||
go=false; ui=false
|
go=false; ui=false
|
||||||
if echo "$files" | grep -qE '^(backend/|pkg/|gateway/|platform/|loadtest/|go\.work)'; then go=true; fi
|
if echo "$files" | grep -qE '^(backend/|pkg/|gateway/|platform/|loadtest/|go\.work)'; then go=true; fi
|
||||||
if echo "$files" | grep -qE '^ui/'; then ui=true; fi
|
if echo "$files" | grep -qE '^ui/'; then ui=true; fi
|
||||||
|
# The render sidecar bundles ui/src/lib, so its dir rides the ui lane (the
|
||||||
|
# deploy's compose build picks it up either way).
|
||||||
|
if echo "$files" | grep -qE '^renderer/'; then ui=true; fi
|
||||||
# A workflow or deploy change re-runs everything as a safety net.
|
# A workflow or deploy change re-runs everything as a safety net.
|
||||||
if echo "$files" | grep -qE '^(\.gitea/workflows/|deploy/)'; then go=true; ui=true; fi
|
if echo "$files" | grep -qE '^(\.gitea/workflows/|deploy/)'; then go=true; ui=true; fi
|
||||||
else
|
else
|
||||||
@@ -199,19 +202,96 @@ jobs:
|
|||||||
- name: Bundle-size budget
|
- name: Bundle-size budget
|
||||||
run: node scripts/bundle-size.mjs
|
run: node scripts/bundle-size.mjs
|
||||||
|
|
||||||
|
# The render sidecar executes the shared ui/src/lib/gameimage.ts on skia-canvas;
|
||||||
|
# its smoke test guards the bundling + skia seam (docs/TESTING.md).
|
||||||
|
- name: Render sidecar test
|
||||||
|
working-directory: renderer
|
||||||
|
run: |
|
||||||
|
pnpm install --frozen-lockfile
|
||||||
|
pnpm test
|
||||||
|
|
||||||
- name: Install Playwright browsers
|
- name: Install Playwright browsers
|
||||||
run: pnpm exec playwright install chromium webkit
|
run: pnpm exec playwright install chromium webkit
|
||||||
timeout-minutes: 5
|
timeout-minutes: 5
|
||||||
|
|
||||||
|
# The offline e2e plays a real local vs_ai game, so it needs the per-variant dawgs; fetch the
|
||||||
|
# release the same way the Go jobs do and point the mock preview's copy step (scripts/
|
||||||
|
# e2e-dict.mjs, via E2E_DICT_DIR below) at it.
|
||||||
|
- name: Fetch dictionary DAWGs
|
||||||
|
run: |
|
||||||
|
mkdir -p "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
curl -fsSL -o /tmp/dawg.tar.gz "https://gitea.iliadenisov.ru/developer/scrabble-dictionary/releases/download/${DICT_VERSION}/scrabble-dawg-${DICT_VERSION}.tar.gz"
|
||||||
|
tar xzf /tmp/dawg.tar.gz -C "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
ls -la "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
|
||||||
- name: E2E smoke (mock)
|
- name: E2E smoke (mock)
|
||||||
run: pnpm run test:e2e
|
run: pnpm run test:e2e
|
||||||
timeout-minutes: 5
|
timeout-minutes: 5
|
||||||
|
env:
|
||||||
|
E2E_DICT_DIR: ${{ github.workspace }}/dawg
|
||||||
|
|
||||||
|
# conformance proves the client's local move preview (the ported dawg reader +
|
||||||
|
# validator, ui/src/lib/dict) byte-for-byte against the authoritative Go engine:
|
||||||
|
# a Go step generates golden parity vectors from the release dictionaries, then the
|
||||||
|
# gated Vitest suite replays them. It spans both toolchains, so it runs whenever the
|
||||||
|
# Go engine side or the UI side changed.
|
||||||
|
conformance:
|
||||||
|
needs: changes
|
||||||
|
if: ${{ needs.changes.outputs.go == 'true' || needs.changes.outputs.ui == 'true' }}
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
env:
|
||||||
|
GOPRIVATE: gitea.iliadenisov.ru/*
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Fetch dictionary DAWGs
|
||||||
|
run: |
|
||||||
|
mkdir -p "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
curl -fsSL -o /tmp/dawg.tar.gz "https://gitea.iliadenisov.ru/developer/scrabble-dictionary/releases/download/${DICT_VERSION}/scrabble-dawg-${DICT_VERSION}.tar.gz"
|
||||||
|
tar xzf /tmp/dawg.tar.gz -C "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version-file: go.work
|
||||||
|
cache: true
|
||||||
|
|
||||||
|
- name: Generate golden parity vectors
|
||||||
|
run: |
|
||||||
|
go run ./backend/cmd/dictgen -dawg-dir "${GITHUB_WORKSPACE}/dawg" -out /tmp/dictgold
|
||||||
|
go run ./backend/cmd/validategen -dawg-dir "${GITHUB_WORKSPACE}/dawg" -out /tmp/validgold
|
||||||
|
go run ./backend/cmd/movegen -dawg-dir "${GITHUB_WORKSPACE}/dawg" -out "${GITHUB_WORKSPACE}/movegold"
|
||||||
|
|
||||||
|
- name: Set up Node
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: 22
|
||||||
|
|
||||||
|
- name: Install pnpm
|
||||||
|
run: npm install -g pnpm@11.0.9
|
||||||
|
|
||||||
|
- name: Install deps
|
||||||
|
working-directory: ui
|
||||||
|
run: pnpm install --frozen-lockfile
|
||||||
|
|
||||||
|
- name: Local-eval conformance (reader + validator vs the Go engine)
|
||||||
|
working-directory: ui
|
||||||
|
env:
|
||||||
|
DICT_DAWG_DIR: ${{ github.workspace }}/dawg
|
||||||
|
DICT_GOLD_DIR: /tmp/dictgold
|
||||||
|
DICT_VALID_DIR: /tmp/validgold
|
||||||
|
DICT_MOVEGEN_DIR: ${{ github.workspace }}/movegold
|
||||||
|
run: pnpm exec vitest run src/lib/dict/
|
||||||
|
|
||||||
# gate is the single branch-protection required check. It always runs and passes
|
# gate is the single branch-protection required check. It always runs and passes
|
||||||
# only when each upstream job succeeded or was skipped (a path-filtered no-op),
|
# only when each upstream job succeeded or was skipped (a path-filtered no-op),
|
||||||
# failing the merge if any actually failed or was cancelled.
|
# failing the merge if any actually failed or was cancelled.
|
||||||
gate:
|
gate:
|
||||||
needs: [unit, integration, ui]
|
needs: [unit, integration, ui, conformance]
|
||||||
if: always()
|
if: always()
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
defaults:
|
defaults:
|
||||||
@@ -221,7 +301,7 @@ jobs:
|
|||||||
- name: Aggregate required checks
|
- name: Aggregate required checks
|
||||||
run: |
|
run: |
|
||||||
fail=
|
fail=
|
||||||
for r in "unit:${{ needs.unit.result }}" "integration:${{ needs.integration.result }}" "ui:${{ needs.ui.result }}"; do
|
for r in "unit:${{ needs.unit.result }}" "integration:${{ needs.integration.result }}" "ui:${{ needs.ui.result }}" "conformance:${{ needs.conformance.result }}"; do
|
||||||
name="${r%%:*}"; res="${r#*:}"
|
name="${r%%:*}"; res="${r#*:}"
|
||||||
echo "$name = $res"
|
echo "$name = $res"
|
||||||
case "$res" in
|
case "$res" in
|
||||||
@@ -236,9 +316,13 @@ jobs:
|
|||||||
# Auto test-deploy on a PR into development and on the push that merges it.
|
# Auto test-deploy on a PR into development and on the push that merges it.
|
||||||
# A PR into master is test-only (this job is skipped); prod deploy is manual.
|
# A PR into master is test-only (this job is skipped); prod deploy is manual.
|
||||||
# Gates on `gate` (so a real test failure blocks the deploy) but runs even when
|
# Gates on `gate` (so a real test failure blocks the deploy) but runs even when
|
||||||
# some test jobs were path-skipped.
|
# some test jobs were path-skipped. Skipped entirely when neither the Go nor the
|
||||||
needs: [gate]
|
# UI side changed (e.g. a docs-only change): the contour image is unchanged, so
|
||||||
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/development') || (github.event_name == 'pull_request' && github.base_ref == 'development') }}
|
# there is nothing to redeploy. `changes` still defaults both to true when the
|
||||||
|
# diff is uncomputable, and a workflow/deploy edit forces both true, so an
|
||||||
|
# ambiguous or infra change still deploys as a safety net.
|
||||||
|
needs: [changes, gate]
|
||||||
|
if: ${{ (needs.changes.outputs.go == 'true' || needs.changes.outputs.ui == 'true') && ((github.event_name == 'push' && github.ref == 'refs/heads/development') || (github.event_name == 'pull_request' && github.base_ref == 'development')) }}
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
defaults:
|
defaults:
|
||||||
run:
|
run:
|
||||||
@@ -263,11 +347,54 @@ jobs:
|
|||||||
TELEGRAM_PROMO_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_PROMO_BOT_TOKEN }}
|
TELEGRAM_PROMO_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_PROMO_BOT_TOKEN }}
|
||||||
# VK Mini App protected key (offline HMAC for the launch-param signature); empty
|
# VK Mini App protected key (offline HMAC for the launch-param signature); empty
|
||||||
# leaves the VK auth path (auth.vk) disabled until the operator sets the secret.
|
# leaves the VK auth path (auth.vk) disabled until the operator sets the secret.
|
||||||
GATEWAY_VK_APP_SECRET: ${{ secrets.TEST_GATEWAY_VK_APP_SECRET }}
|
# One VK Mini App serves every contour -> unprefixed secret.
|
||||||
|
GATEWAY_VK_APP_SECRET: ${{ secrets.GATEWAY_VK_APP_SECRET }}
|
||||||
|
# VK ID web login (browser VK-identity linking): the VK ID "Web" app's protected key
|
||||||
|
# for the server-side confidential code exchange — a SEPARATE VK app from the Mini
|
||||||
|
# App above. One VK ID "Web" app serves every contour -> unprefixed secret.
|
||||||
|
GATEWAY_VK_ID_CLIENT_SECRET: ${{ secrets.GATEWAY_VK_ID_CLIENT_SECRET }}
|
||||||
|
# Client-version gate (ARCHITECTURE.md §2): one plain (unprefixed) variable serves every
|
||||||
|
# contour. In the test contour the stamped client version is a commit hash (unparseable ⇒
|
||||||
|
# fail-open), so setting these only enforces on real semver prod builds. Empty ⇒ dormant.
|
||||||
|
GATEWAY_MIN_CLIENT_VERSION: ${{ vars.GATEWAY_MIN_CLIENT_VERSION }}
|
||||||
|
GATEWAY_RECOMMENDED_CLIENT_VERSION: ${{ vars.GATEWAY_RECOMMENDED_CLIENT_VERSION }}
|
||||||
|
# Planted honeytoken bearer: presenting it flags the caller (logs + a ban metric on
|
||||||
|
# test where the IP ban is off; a 24h IP ban on prod). Per-contour secret; empty = trap off.
|
||||||
|
GATEWAY_HONEYTOKEN: ${{ secrets.TEST_GATEWAY_HONEYTOKEN }}
|
||||||
|
# Signs the finished-game export download URLs (backend + compose interpolation).
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.TEST_EXPORT_SIGN_KEY }}
|
||||||
|
# Transactional email via the shared Selectel relay: one account for every
|
||||||
|
# contour -> unprefixed host/port/tls/user/pass. Empty host leaves the backend
|
||||||
|
# on the log mailer (email disabled) but the contour still boots.
|
||||||
|
SMTP_RELAY_USER: ${{ secrets.SMTP_RELAY_USER }}
|
||||||
|
SMTP_RELAY_PASS: ${{ secrets.SMTP_RELAY_PASS }}
|
||||||
|
SMTP_RELAY_HOST: ${{ vars.SMTP_RELAY_HOST }}
|
||||||
|
SMTP_RELAY_PORT: ${{ vars.SMTP_RELAY_PORT }}
|
||||||
|
SMTP_RELAY_TLS: ${{ vars.SMTP_RELAY_TLS }}
|
||||||
|
# Direct-rail (Robokassa) sandbox intake on the contour: the test shop's merchant login +
|
||||||
|
# Password1/Password2. IsTest is forced to 1 below so the contour can never take real money
|
||||||
|
# (independent of the shop's own mode). Empty login leaves the direct rail off.
|
||||||
|
ROBOKASSA_MERCHANT_LOGIN: ${{ secrets.TEST_BACKEND_ROBOKASSA_MERCHANT_LOGIN }}
|
||||||
|
ROBOKASSA_PASSWORD1: ${{ secrets.TEST_BACKEND_ROBOKASSA_PASSWORD1 }}
|
||||||
|
ROBOKASSA_PASSWORD2: ${{ secrets.TEST_BACKEND_ROBOKASSA_PASSWORD2 }}
|
||||||
|
ROBOKASSA_TEST: "1"
|
||||||
|
SMTP_RELAY_FROM: ${{ vars.TEST_SMTP_RELAY_FROM }}
|
||||||
|
# Operator alerts: backend admin emails (new feedback / complaints) + Grafana
|
||||||
|
# infra alerts. Distinct senders + recipients; Grafana uses the relay's STARTTLS
|
||||||
|
# host:port. Empty leaves the alert worker off and Grafana SMTP disabled.
|
||||||
|
SMTP_RELAY_ADMIN_FROM: ${{ vars.TEST_SMTP_RELAY_ADMIN_FROM }}
|
||||||
|
ADMIN_EMAIL: ${{ vars.TEST_ADMIN_EMAIL }}
|
||||||
|
SMTP_RELAY_SERVICE_FROM: ${{ vars.TEST_SMTP_RELAY_SERVICE_FROM }}
|
||||||
|
SERVICE_EMAIL: ${{ vars.TEST_SERVICE_EMAIL }}
|
||||||
|
GRAFANA_SMTP_PORT: ${{ vars.GRAFANA_SMTP_PORT }}
|
||||||
|
GF_SMTP_ENABLED: ${{ vars.TEST_GF_SMTP_ENABLED }}
|
||||||
|
# Canonical public origin for links in the email (this contour's URL);
|
||||||
|
# required by the backend whenever SMTP_RELAY_HOST is set.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.TEST_PUBLIC_BASE_URL }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.TEST_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.TEST_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.TEST_GRAFANA_ROOT_URL }}
|
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.TEST_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.TEST_CADDY_SITE_ADDRESS }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.TEST_TELEGRAM_MINIAPP_URL }}
|
# TELEGRAM_MINIAPP_URL, GRAFANA_ROOT_URL and VITE_VK_ID_REDIRECT_URL are derived
|
||||||
|
# from PUBLIC_BASE_URL in the run step below, not stored as their own variables.
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.TEST_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.TEST_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
TELEGRAM_CHAT_ID: ${{ vars.TEST_TELEGRAM_CHAT_ID }}
|
TELEGRAM_CHAT_ID: ${{ vars.TEST_TELEGRAM_CHAT_ID }}
|
||||||
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.TEST_TELEGRAM_SUPPORT_CHAT_ID }}
|
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.TEST_TELEGRAM_SUPPORT_CHAT_ID }}
|
||||||
@@ -280,11 +407,19 @@ jobs:
|
|||||||
VITE_TELEGRAM_BOT_ID: ${{ vars.TEST_VITE_TELEGRAM_BOT_ID }}
|
VITE_TELEGRAM_BOT_ID: ${{ vars.TEST_VITE_TELEGRAM_BOT_ID }}
|
||||||
VITE_TELEGRAM_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
VITE_TELEGRAM_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
||||||
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.TEST_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.TEST_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
||||||
VITE_GATEWAY_URL: ${{ vars.TEST_VITE_GATEWAY_URL }}
|
# VK Mini App landing link + VK ID "Web" app id: one value each serves every
|
||||||
# Unset vars render empty -> the compose ":-" defaults apply.
|
# contour -> unprefixed. VITE_VK_APP_ID also feeds the gateway (GATEWAY_VK_ID_APP_ID);
|
||||||
|
# the VK ID redirect URL is derived from PUBLIC_BASE_URL in the run step below.
|
||||||
|
VITE_VK_APP_LINK: ${{ vars.VITE_VK_APP_LINK }}
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
# Rewarded-ad test stub: set TEST_VITE_ADS_STUB=1 to swap real ads for a toast on the
|
||||||
|
# contour (empty = real ads, for capturing the real VK ad result). Prod never sets it.
|
||||||
|
VITE_ADS_STUB: ${{ vars.TEST_VITE_ADS_STUB }}
|
||||||
|
# VITE_GATEWAY_URL omitted: the SPA is served same-origin, so it stays the
|
||||||
|
# compose ":-" empty default. Other unset vars likewise fall to their defaults.
|
||||||
POSTGRES_DB: ${{ vars.TEST_POSTGRES_DB }}
|
POSTGRES_DB: ${{ vars.TEST_POSTGRES_DB }}
|
||||||
POSTGRES_USER: ${{ vars.TEST_POSTGRES_USER }}
|
POSTGRES_USER: ${{ vars.TEST_POSTGRES_USER }}
|
||||||
DICT_VERSION: ${{ vars.TEST_DICT_VERSION }}
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
LOG_LEVEL: ${{ vars.TEST_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.TEST_LOG_LEVEL }}
|
||||||
run: |
|
run: |
|
||||||
# Seed the config files to a stable host path. The runner checks out into
|
# Seed the config files to a stable host path. The runner checks out into
|
||||||
@@ -295,8 +430,34 @@ jobs:
|
|||||||
conf="$HOME/.scrabble-deploy"
|
conf="$HOME/.scrabble-deploy"
|
||||||
rm -rf "$conf"
|
rm -rf "$conf"
|
||||||
mkdir -p "$conf"
|
mkdir -p "$conf"
|
||||||
cp -r caddy otelcol prometheus tempo grafana "$conf"/
|
cp -r caddy otelcol prometheus tempo grafana blackbox "$conf"/
|
||||||
export SCRABBLE_CONFIG_DIR="$conf"
|
export SCRABBLE_CONFIG_DIR="$conf"
|
||||||
|
# Maintenance page for the redeploy window, mirroring prod-deploy.sh so the SPA
|
||||||
|
# overlay is exercised on the test contour too (not only prod). Raised just before
|
||||||
|
# the recreate and lowered once caddy is back (below); the trap clears it if the
|
||||||
|
# step fails so the contour never sticks in maintenance (and the reseed above wipes a
|
||||||
|
# stale flag anyway). The caddy-routed probes run in the NEXT step, after it is lowered.
|
||||||
|
maint_flag="$conf/caddy/on"
|
||||||
|
trap 'rm -f "$maint_flag"' EXIT
|
||||||
|
# Derive the public URLs from the one canonical origin instead of storing each as
|
||||||
|
# its own variable (paths are structural SPA routes / the Caddy /_gm sub-path).
|
||||||
|
# Exported before build so the VK ID redirect is baked into the SPA.
|
||||||
|
base="${PUBLIC_BASE_URL%/}"
|
||||||
|
export TELEGRAM_MINIAPP_URL="$base/telegram/"
|
||||||
|
export GRAFANA_ROOT_URL="$base/_gm/grafana/"
|
||||||
|
export VITE_VK_ID_REDIRECT_URL="$base/app/"
|
||||||
|
# Grafana's SMTP from_address must be a BARE address (it rejects the "Name" <addr>
|
||||||
|
# form the backend go-mail accepts) and validates it even when SMTP is disabled — a
|
||||||
|
# bad value crash-loops Grafana. Split the display-format SERVICE From into a bare
|
||||||
|
# address + name for Grafana; the backend keeps the full form.
|
||||||
|
svc_from="${SMTP_RELAY_SERVICE_FROM:-}"
|
||||||
|
case "$svc_from" in
|
||||||
|
*"<"*">"*)
|
||||||
|
export GRAFANA_SMTP_FROM_ADDRESS="$(printf '%s' "$svc_from" | sed -E 's/.*<([^>]+)>.*/\1/')"
|
||||||
|
export GRAFANA_SMTP_FROM_NAME="$(printf '%s' "$svc_from" | sed -E 's/[[:space:]]*<[^>]*>.*$//; s/^"//; s/"$//')" ;;
|
||||||
|
*)
|
||||||
|
export GRAFANA_SMTP_FROM_ADDRESS="$svc_from" ;;
|
||||||
|
esac
|
||||||
# Bot-link mTLS material for the test contour: a private CA + gateway/bot
|
# Bot-link mTLS material for the test contour: a private CA + gateway/bot
|
||||||
# leaves (CN=gateway, the service name the bot dials). Prod supplies these
|
# leaves (CN=gateway, the service name the bot dials). Prod supplies these
|
||||||
# from PROD_ secrets instead. Regenerated each deploy; both ends redeploy
|
# from PROD_ secrets instead. Regenerated each deploy; both ends redeploy
|
||||||
@@ -309,12 +470,23 @@ jobs:
|
|||||||
# bot on its own host instead (deploy/docker-compose.bot.yml), and the prod
|
# bot on its own host instead (deploy/docker-compose.bot.yml), and the prod
|
||||||
# main host omits both. Without the profile they would not start here.
|
# main host omits both. Without the profile they would not start here.
|
||||||
docker compose --ansi never --profile telegram-local build --progress plain
|
docker compose --ansi never --profile telegram-local build --progress plain
|
||||||
|
# Raise the maintenance page, THEN bring caddy onto the reseeded config mount so it
|
||||||
|
# actually carries the flag: the running caddy sits on the stale pre-reseed mount (the
|
||||||
|
# dir was rm'd + recreated — see the force-recreate note below), so a flag written to
|
||||||
|
# the new dir is invisible until caddy is recreated. With the fresh caddy up, an open
|
||||||
|
# SPA sees the 503 marker + overlay for the whole recreate window, not a bare reconnect.
|
||||||
|
: > "$maint_flag"
|
||||||
|
docker compose --ansi never up -d --force-recreate --no-deps caddy
|
||||||
docker compose --ansi never --profile telegram-local up -d --remove-orphans
|
docker compose --ansi never --profile telegram-local up -d --remove-orphans
|
||||||
# The config-only services bind-mount the reseeded config dir. A plain `up -d`
|
# The config-only services bind-mount the reseeded config dir. A plain `up -d`
|
||||||
# leaves them on the previous bind mount (the dir was rm'd + recreated), so a
|
# leaves them on the previous bind mount (the dir was rm'd + recreated), so a
|
||||||
# changed Caddyfile or Grafana dashboard is ignored — force-recreate them to
|
# changed Grafana dashboard is ignored — force-recreate them to pick up the fresh
|
||||||
# pick up the fresh config.
|
# config. (Caddy was already recreated above so it would carry the maintenance flag.)
|
||||||
docker compose --ansi never up -d --force-recreate --no-deps caddy otelcol prometheus tempo grafana
|
docker compose --ansi never up -d --force-recreate --no-deps otelcol prometheus tempo grafana
|
||||||
|
# Lower the maintenance page: services are back. An open SPA's poll now gets through
|
||||||
|
# (once the gateway finishes booting) and reloads into the fresh client; the caddy
|
||||||
|
# probes in the next step see 200. The EXIT trap is a backstop if we failed earlier.
|
||||||
|
rm -f "$maint_flag"
|
||||||
|
|
||||||
- name: Probe the landing, gateway and backend
|
- name: Probe the landing, gateway and backend
|
||||||
run: |
|
run: |
|
||||||
@@ -340,6 +512,100 @@ jobs:
|
|||||||
docker logs --tail 50 scrabble-backend || true
|
docker logs --tail 50 scrabble-backend || true
|
||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
|
- name: Probe the /offer/ public offer page is served
|
||||||
|
run: |
|
||||||
|
set -u
|
||||||
|
# /offer/ is rendered by the render sidecar: it splices the live catalog price list
|
||||||
|
# (fetched from the backend's internal endpoint) into the committed ui/legal/offer_ru.md.
|
||||||
|
# If the @offer caddy route is missing, the request falls to the landing shell (also 200),
|
||||||
|
# and if the backend fetch fails the sidecar returns 502 — so assert offer-specific content
|
||||||
|
# (the seller INN, §11) AND that the pricing marker was substituted (proves the fetch +
|
||||||
|
# splice ran), never just the status. Data-independent: an empty catalog still substitutes
|
||||||
|
# the marker with nothing, so "pricing_template" must be absent either way.
|
||||||
|
# Full body is needed (the INN is in §11 and the marker check spans the page), so this
|
||||||
|
# cannot be a head-only probe like the legal one. Retry with a timeout instead: the offer is
|
||||||
|
# now bilingual (RU + EN, larger), and a single-shot fetch can race the renderer's restart in
|
||||||
|
# the same deploy.
|
||||||
|
ok=
|
||||||
|
for i in $(seq 1 20); do
|
||||||
|
out="$(docker run --rm --network edge alpine:3.20 wget -q -T 10 -O - http://scrabble/offer/ 2>&1 || true)"
|
||||||
|
if echo "$out" | grep -q "290210610742" && ! echo "$out" | grep -q "pricing_template"; then
|
||||||
|
echo "ok: /offer/ serves the rendered offer with the price list spliced in"
|
||||||
|
ok=1
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
if [ -z "$ok" ]; then
|
||||||
|
echo "FAIL: /offer/ did not serve the rendered offer (route fell through, or the price splice failed)"
|
||||||
|
docker logs --tail 50 scrabble-renderer || true
|
||||||
|
docker logs --tail 50 scrabble-backend || true
|
||||||
|
docker logs --tail 50 scrabble-landing || true
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Probe the /privacy/ and /eula/ legal pages are served
|
||||||
|
run: |
|
||||||
|
set -u
|
||||||
|
# /privacy/ and /eula/ are static legal markdown rendered by the render sidecar. If the
|
||||||
|
# @legal caddy route is missing they fall to the landing shell (also 200, canonical
|
||||||
|
# erudit-game.ru/), so assert the page-specific canonical URL — it uniquely identifies the
|
||||||
|
# rendered legal doc reaching the edge, not the landing catch-all. Read only the <head>
|
||||||
|
# (head -c 4096; the canonical link sits in the first bytes): the check is then
|
||||||
|
# size-independent, so the large EULA page does not exceed the timeout while the monitoring
|
||||||
|
# stack is still booting post-deploy and starving the CPU-capped renderer. Retry like the
|
||||||
|
# landing/gateway/backend probe to ride out that window.
|
||||||
|
for route in privacy eula; do
|
||||||
|
ok=
|
||||||
|
for i in $(seq 1 20); do
|
||||||
|
head_out="$(docker run --rm --network edge alpine:3.20 sh -c "wget -q -T 10 -O - http://scrabble/${route}/ 2>/dev/null | head -c 4096" || true)"
|
||||||
|
if printf '%s' "$head_out" | grep -qF "erudit-game.ru/${route}/"; then
|
||||||
|
echo "ok: /${route}/ serves the rendered legal page"
|
||||||
|
ok=1
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
if [ -z "$ok" ]; then
|
||||||
|
echo "FAIL: /${route}/ did not serve the rendered legal page (@legal route missing?)"
|
||||||
|
docker logs --tail 50 scrabble-renderer || true
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
- name: Probe the /pay/ callback route reaches the gateway
|
||||||
|
run: |
|
||||||
|
set -u
|
||||||
|
# /pay/robokassa/result must reach the gateway, not fall to the landing catch-all. An
|
||||||
|
# unsigned probe is rejected downstream, so the gateway answers a 4xx/5xx (never a 200 or
|
||||||
|
# a 404 landing.html), which proves the edge route is wired.
|
||||||
|
out="$(docker run --rm --network edge alpine:3.20 wget -S -q -O /dev/null http://scrabble/pay/robokassa/result 2>&1 || true)"
|
||||||
|
echo "$out" | grep -E "HTTP/" || true
|
||||||
|
if echo "$out" | grep -qE "HTTP/1\.1 (4|5)[0-9][0-9]"; then
|
||||||
|
echo "ok: /pay/ reaches the gateway (non-landing response)"
|
||||||
|
else
|
||||||
|
echo "FAIL: /pay/robokassa/result did not reach the gateway (landing catch-all?)"
|
||||||
|
docker logs --tail 50 scrabble-gateway || true
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Probe the /dict edge route reaches the gateway
|
||||||
|
run: |
|
||||||
|
set -u
|
||||||
|
# The client fetches each game's dictionary blob at {edge}/dict/{variant}/{version}
|
||||||
|
# for the local move preview. If caddy does not route /dict to the gateway the request
|
||||||
|
# falls to the static landing and the client silently gets a non-dawg blob. Probed
|
||||||
|
# unauthenticated it must be the gateway's 401 (the route reaches the gateway), never a
|
||||||
|
# 404/200 from the landing catch-all.
|
||||||
|
out="$(docker run --rm --network edge alpine:3.20 wget -S -q -O /dev/null http://scrabble/dict/scrabble_en/v1 2>&1 || true)"
|
||||||
|
echo "$out" | grep -E "HTTP/" || true
|
||||||
|
if echo "$out" | grep -q " 401"; then
|
||||||
|
echo "ok: /dict reaches the gateway (401 unauthenticated)"
|
||||||
|
else
|
||||||
|
echo "FAIL: /dict did not reach the gateway (expected 401) — caddy route missing?"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Probe the Telegram validator and bot liveness
|
- name: Probe the Telegram validator and bot liveness
|
||||||
run: |
|
run: |
|
||||||
set -u
|
set -u
|
||||||
|
|||||||
@@ -40,11 +40,22 @@ jobs:
|
|||||||
VITE_TELEGRAM_BOT_ID: ${{ vars.PROD_VITE_TELEGRAM_BOT_ID }}
|
VITE_TELEGRAM_BOT_ID: ${{ vars.PROD_VITE_TELEGRAM_BOT_ID }}
|
||||||
VITE_TELEGRAM_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
VITE_TELEGRAM_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
||||||
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.PROD_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.PROD_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
||||||
VITE_GATEWAY_URL: ${{ vars.PROD_VITE_GATEWAY_URL }}
|
# VK Mini App link + VK ID "Web" app id: one value each serves every contour.
|
||||||
|
VITE_VK_APP_LINK: ${{ vars.VITE_VK_APP_LINK }}
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
# VITE_GATEWAY_URL omitted: the SPA is served same-origin (compose ":-" default).
|
||||||
POSTGRES_PASSWORD: ${{ secrets.PROD_POSTGRES_PASSWORD }}
|
POSTGRES_PASSWORD: ${{ secrets.PROD_POSTGRES_PASSWORD }}
|
||||||
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# `docker compose build` interpolates the WHOLE compose file, so every :?-guarded
|
||||||
DICT_VERSION: ${{ vars.PROD_DICT_VERSION }}
|
# runtime var must be present at build even though it is not a build-arg — incl. the
|
||||||
|
# backend's EXPORT_SIGN_KEY (added with the finished-game export after v1.7.0, which is
|
||||||
|
# why the first v1.8.0 build tripped on it). POSTGRES_PASSWORD/GM_BASICAUTH_HASH above
|
||||||
|
# are here for the same reason; DICT_VERSION + the derived Mini App URL cover the rest.
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.PROD_EXPORT_SIGN_KEY }}
|
||||||
|
# PUBLIC_BASE_URL drives the derived VK ID redirect (baked into the SPA) and the
|
||||||
|
# Mini App URL; both are computed in the build step, not stored variables.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@@ -58,10 +69,15 @@ jobs:
|
|||||||
working-directory: deploy
|
working-directory: deploy
|
||||||
run: |
|
run: |
|
||||||
export TAG="${{ steps.ver.outputs.tag }}" APP_VERSION="${{ steps.ver.outputs.tag }}" SCRABBLE_CONFIG_DIR=.
|
export TAG="${{ steps.ver.outputs.tag }}" APP_VERSION="${{ steps.ver.outputs.tag }}" SCRABBLE_CONFIG_DIR=.
|
||||||
# The four main-stack images via compose (reuses the build args, incl. VERSION);
|
# Derive the public URLs from the one canonical origin: the VK ID redirect is a
|
||||||
|
# build-arg baked into the SPA, and the Mini App URL satisfies the (profiled-out)
|
||||||
|
# bot service's compose ":?" guard during parse. See deploy/write-prod-env.sh.
|
||||||
|
base="${PUBLIC_BASE_URL%/}"
|
||||||
|
export VITE_VK_ID_REDIRECT_URL="$base/app/" TELEGRAM_MINIAPP_URL="$base/telegram/"
|
||||||
|
# The main-stack images via compose (reuses the build args, incl. VERSION);
|
||||||
# the bot separately, since it is profiled out of the prod compose.
|
# the bot separately, since it is profiled out of the prod compose.
|
||||||
docker compose -f docker-compose.yml -f docker-compose.prod.yml build
|
docker compose -f docker-compose.yml -f docker-compose.prod.yml build
|
||||||
docker compose -f docker-compose.yml -f docker-compose.prod.yml push backend gateway landing validator
|
docker compose -f docker-compose.yml -f docker-compose.prod.yml push postgres backend gateway landing validator renderer
|
||||||
docker build -f ../platform/telegram/Dockerfile --target bot --build-arg VERSION="$TAG" -t "$REGISTRY/scrabble-telegram-bot:$TAG" ..
|
docker build -f ../platform/telegram/Dockerfile --target bot --build-arg VERSION="$TAG" -t "$REGISTRY/scrabble-telegram-bot:$TAG" ..
|
||||||
docker push "$REGISTRY/scrabble-telegram-bot:$TAG"
|
docker push "$REGISTRY/scrabble-telegram-bot:$TAG"
|
||||||
|
|
||||||
@@ -82,18 +98,76 @@ jobs:
|
|||||||
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
||||||
GRAFANA_ADMIN_PASSWORD: ${{ secrets.PROD_GRAFANA_ADMIN_PASSWORD }}
|
GRAFANA_ADMIN_PASSWORD: ${{ secrets.PROD_GRAFANA_ADMIN_PASSWORD }}
|
||||||
TELEGRAM_BOT_TOKEN: ${{ secrets.PROD_TELEGRAM_BOT_TOKEN }}
|
TELEGRAM_BOT_TOKEN: ${{ secrets.PROD_TELEGRAM_BOT_TOKEN }}
|
||||||
GATEWAY_VK_APP_SECRET: ${{ secrets.PROD_GATEWAY_VK_APP_SECRET }}
|
GATEWAY_VK_APP_SECRET: ${{ secrets.GATEWAY_VK_APP_SECRET }}
|
||||||
|
# Robokassa direct-rail (backend BACKEND_ROBOKASSA_*): the prod shop login + the pass phrases
|
||||||
|
# that sign the launch request / verify the Result callback, and the test-mode flag — a var so
|
||||||
|
# go-live is a flag flip, not a secret redeploy ("1" runs test payments against the test
|
||||||
|
# passwords; empty/"0" is live). An empty login leaves the direct rail disabled.
|
||||||
|
ROBOKASSA_MERCHANT_LOGIN: ${{ secrets.PROD_BACKEND_ROBOKASSA_MERCHANT_LOGIN }}
|
||||||
|
ROBOKASSA_PASSWORD1: ${{ secrets.PROD_BACKEND_ROBOKASSA_PASSWORD1 }}
|
||||||
|
ROBOKASSA_PASSWORD2: ${{ secrets.PROD_BACKEND_ROBOKASSA_PASSWORD2 }}
|
||||||
|
ROBOKASSA_TEST: ${{ vars.PROD_BACKEND_ROBOKASSA_TEST }}
|
||||||
|
# VK ID web login: the "Web" app id (the gateway reuses it as GATEWAY_VK_ID_APP_ID at
|
||||||
|
# runtime) + the app's protected key. Both shared across contours. The redirect URL is
|
||||||
|
# derived from PUBLIC_BASE_URL in deploy/write-prod-env.sh.
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
GATEWAY_VK_ID_CLIENT_SECRET: ${{ secrets.GATEWAY_VK_ID_CLIENT_SECRET }}
|
||||||
|
# Client-version gate (ARCHITECTURE.md §2): plain (unprefixed) vars, shared across contours
|
||||||
|
# (empty ⇒ dormant). On prod the stamped client version is a real semver, so the gate enforces
|
||||||
|
# here — set GATEWAY_MIN_CLIENT_VERSION to the release in the same rollout that ships a breaking
|
||||||
|
# wire change; bump GATEWAY_RECOMMENDED_CLIENT_VERSION (≥ min) to nudge upgrades softly.
|
||||||
|
GATEWAY_MIN_CLIENT_VERSION: ${{ vars.GATEWAY_MIN_CLIENT_VERSION }}
|
||||||
|
GATEWAY_RECOMMENDED_CLIENT_VERSION: ${{ vars.GATEWAY_RECOMMENDED_CLIENT_VERSION }}
|
||||||
|
# Planted honeytoken bearer: presenting it earns a 24h IP ban + a high-severity alarm.
|
||||||
|
# Per-contour secret; empty = trap off. Rendered by deploy/write-prod-env.sh.
|
||||||
|
GATEWAY_HONEYTOKEN: ${{ secrets.PROD_GATEWAY_HONEYTOKEN }}
|
||||||
|
# Community IP blocklist (Spamhaus DROP): opt-in. Set _ENABLED=true + _URL (the feed) once
|
||||||
|
# verified; _ALLOW is a comma-separated never-block set (own infra). Empty ⇒ off.
|
||||||
|
GATEWAY_BLOCKLIST_ENABLED: ${{ vars.PROD_GATEWAY_BLOCKLIST_ENABLED }}
|
||||||
|
GATEWAY_BLOCKLIST_URL: ${{ vars.PROD_GATEWAY_BLOCKLIST_URL }}
|
||||||
|
GATEWAY_BLOCKLIST_ALLOW: ${{ vars.PROD_GATEWAY_BLOCKLIST_ALLOW }}
|
||||||
|
# Signs the finished-game export download URLs (backend BACKEND_EXPORT_SIGN_KEY).
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.PROD_EXPORT_SIGN_KEY }}
|
||||||
|
# Transactional email via the shared Selectel relay (confirm-codes): one account for
|
||||||
|
# every contour -> unprefixed host/port/tls/user/pass.
|
||||||
|
SMTP_RELAY_USER: ${{ secrets.SMTP_RELAY_USER }}
|
||||||
|
SMTP_RELAY_PASS: ${{ secrets.SMTP_RELAY_PASS }}
|
||||||
|
SMTP_RELAY_HOST: ${{ vars.SMTP_RELAY_HOST }}
|
||||||
|
SMTP_RELAY_PORT: ${{ vars.SMTP_RELAY_PORT }}
|
||||||
|
SMTP_RELAY_TLS: ${{ vars.SMTP_RELAY_TLS }}
|
||||||
|
SMTP_RELAY_FROM: ${{ vars.PROD_SMTP_RELAY_FROM }}
|
||||||
|
# Operator alerts: backend admin emails + Grafana infra alerts (distinct senders +
|
||||||
|
# recipients; Grafana uses the relay's STARTTLS host:port).
|
||||||
|
SMTP_RELAY_ADMIN_FROM: ${{ vars.PROD_SMTP_RELAY_ADMIN_FROM }}
|
||||||
|
ADMIN_EMAIL: ${{ vars.PROD_ADMIN_EMAIL }}
|
||||||
|
SMTP_RELAY_SERVICE_FROM: ${{ vars.PROD_SMTP_RELAY_SERVICE_FROM }}
|
||||||
|
SERVICE_EMAIL: ${{ vars.PROD_SERVICE_EMAIL }}
|
||||||
|
GRAFANA_SMTP_PORT: ${{ vars.GRAFANA_SMTP_PORT }}
|
||||||
|
GF_SMTP_ENABLED: ${{ vars.PROD_GF_SMTP_ENABLED }}
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
PROD_BOTLINK_CA: ${{ secrets.PROD_BOTLINK_CA }}
|
PROD_BOTLINK_CA: ${{ secrets.PROD_BOTLINK_CA }}
|
||||||
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
||||||
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.PROD_GRAFANA_ROOT_URL }}
|
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
DICT_VERSION: ${{ vars.PROD_DICT_VERSION }}
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
||||||
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# Point-in-time recovery (pgBackRest -> S3), prod main host only. Endpoint/bucket/
|
||||||
|
# region + the archive-mode switch are variables; the S3 keys + the repository cipher
|
||||||
|
# passphrase are secrets. All empty/off until the operator arms archiving; flipping
|
||||||
|
# PROD_PGBACKREST_ARCHIVE_MODE=on activates it (deploy/README.md, arming).
|
||||||
|
PGBACKREST_ARCHIVE_MODE: ${{ vars.PROD_PGBACKREST_ARCHIVE_MODE }}
|
||||||
|
PGBACKREST_S3_ENDPOINT: ${{ vars.PROD_PGBACKREST_S3_ENDPOINT }}
|
||||||
|
PGBACKREST_S3_PORT: ${{ vars.PROD_PGBACKREST_S3_PORT }}
|
||||||
|
PGBACKREST_S3_BUCKET: ${{ vars.PROD_PGBACKREST_S3_BUCKET }}
|
||||||
|
PGBACKREST_S3_REGION: ${{ vars.PROD_PGBACKREST_S3_REGION }}
|
||||||
|
PGBACKREST_S3_KEY: ${{ secrets.PROD_PGBACKREST_S3_KEY }}
|
||||||
|
PGBACKREST_S3_KEY_SECRET: ${{ secrets.PROD_PGBACKREST_S3_KEY_SECRET }}
|
||||||
|
PGBACKREST_CIPHER_PASS: ${{ secrets.PROD_PGBACKREST_CIPHER_PASS }}
|
||||||
|
# TELEGRAM_MINIAPP_URL and GRAFANA_ROOT_URL are derived from PUBLIC_BASE_URL in
|
||||||
|
# deploy/write-prod-env.sh, not stored variables.
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@@ -121,25 +195,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-main
|
mkdir -p stage/certs-main
|
||||||
cat > stage/env.sh <<EOF
|
# Shared with prod-rollback so the two paths render an identical runtime env.
|
||||||
export REGISTRY='$REGISTRY'
|
APP_VERSION="$TAG" bash deploy/write-prod-env.sh stage/env.sh
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
|
||||||
export POSTGRES_DB='${POSTGRES_DB:-scrabble}'
|
|
||||||
export POSTGRES_USER='${POSTGRES_USER:-scrabble}'
|
|
||||||
export POSTGRES_PASSWORD='$POSTGRES_PASSWORD'
|
|
||||||
export GM_BASICAUTH_USER='${GM_BASICAUTH_USER:-gm}'
|
|
||||||
export GM_BASICAUTH_HASH='$GM_BASICAUTH_HASH'
|
|
||||||
export GRAFANA_ADMIN_PASSWORD='$GRAFANA_ADMIN_PASSWORD'
|
|
||||||
export GRAFANA_ROOT_URL='$GRAFANA_ROOT_URL'
|
|
||||||
export CADDY_SITE_ADDRESS='$CADDY_SITE_ADDRESS'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
export DICT_VERSION='$DICT_VERSION'
|
|
||||||
export APP_VERSION='$TAG'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export GATEWAY_VK_APP_SECRET='$GATEWAY_VK_APP_SECRET'
|
|
||||||
export GATEWAY_ABUSE_BAN_ENABLED='true'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
||||||
@@ -150,7 +207,7 @@ jobs:
|
|||||||
ssh_main 'mkdir -p /opt/scrabble/compose'
|
ssh_main 'mkdir -p /opt/scrabble/compose'
|
||||||
tar -C deploy -czf - docker-compose.yml docker-compose.prod.yml prod-deploy.sh \
|
tar -C deploy -czf - docker-compose.yml docker-compose.prod.yml prod-deploy.sh \
|
||||||
| ssh_main 'tar -C /opt/scrabble/compose -xzf -'
|
| ssh_main 'tar -C /opt/scrabble/compose -xzf -'
|
||||||
tar -C deploy -czf - caddy otelcol prometheus tempo grafana \
|
tar -C deploy -czf - caddy otelcol prometheus tempo grafana blackbox \
|
||||||
| ssh_main 'tar -C /opt/scrabble -xzf -'
|
| ssh_main 'tar -C /opt/scrabble -xzf -'
|
||||||
tar -C stage -czf - certs-main \
|
tar -C stage -czf - certs-main \
|
||||||
| ssh_main 'rm -rf /opt/scrabble/certs && mkdir -p /opt/scrabble/certs && tar -C /opt/scrabble/certs --strip-components=1 -xzf -'
|
| ssh_main 'rm -rf /opt/scrabble/certs && mkdir -p /opt/scrabble/certs && tar -C /opt/scrabble/certs --strip-components=1 -xzf -'
|
||||||
@@ -178,7 +235,8 @@ jobs:
|
|||||||
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
||||||
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# PUBLIC_BASE_URL drives the derived Mini App URL in deploy/write-prod-bot-env.sh.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
||||||
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.PROD_TELEGRAM_SUPPORT_CHAT_ID }}
|
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.PROD_TELEGRAM_SUPPORT_CHAT_ID }}
|
||||||
@@ -195,20 +253,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-bot
|
mkdir -p stage/certs-bot
|
||||||
cat > stage/env.bot.sh <<EOF
|
# Shared with prod-rollback so the two paths render an identical bot env.
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
BOT_IMAGE="$REGISTRY/scrabble-telegram-bot:$TAG" bash deploy/write-prod-bot-env.sh stage/env.bot.sh
|
||||||
export BOT_IMAGE='$REGISTRY/scrabble-telegram-bot:$TAG'
|
|
||||||
export BOTLINK_GATEWAY_ADDR='$MAIN_HOST:9443'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export TELEGRAM_GAME_CHANNEL_ID='$TELEGRAM_GAME_CHANNEL_ID'
|
|
||||||
export TELEGRAM_CHAT_ID='$TELEGRAM_CHAT_ID'
|
|
||||||
export TELEGRAM_SUPPORT_CHAT_ID='$TELEGRAM_SUPPORT_CHAT_ID'
|
|
||||||
export TELEGRAM_PROMO_BOT_TOKEN='$TELEGRAM_PROMO_BOT_TOKEN'
|
|
||||||
export TELEGRAM_BOT_USERNAME='$TELEGRAM_BOT_USERNAME'
|
|
||||||
export TELEGRAM_BOT_LINK='$TELEGRAM_BOT_LINK'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
||||||
|
|||||||
@@ -51,13 +51,52 @@ jobs:
|
|||||||
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
||||||
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.PROD_GRAFANA_ROOT_URL }}
|
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
DICT_VERSION: ${{ vars.PROD_DICT_VERSION }}
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
||||||
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
|
# Full runtime env — parity with prod-deploy's deploy-main so a rollback re-renders
|
||||||
|
# the SAME env.sh (email / VK login / Grafana alerts survive a rollback). TELEGRAM_MINIAPP_URL
|
||||||
|
# and GRAFANA_ROOT_URL are derived from PUBLIC_BASE_URL in deploy/write-prod-env.sh.
|
||||||
|
GATEWAY_VK_APP_SECRET: ${{ secrets.GATEWAY_VK_APP_SECRET }}
|
||||||
|
# Robokassa direct-rail: the rollback re-renders the same runtime env (write-prod-env.sh), so
|
||||||
|
# it must carry the same credentials or the direct rail goes dark after a rollback.
|
||||||
|
ROBOKASSA_MERCHANT_LOGIN: ${{ secrets.PROD_BACKEND_ROBOKASSA_MERCHANT_LOGIN }}
|
||||||
|
ROBOKASSA_PASSWORD1: ${{ secrets.PROD_BACKEND_ROBOKASSA_PASSWORD1 }}
|
||||||
|
ROBOKASSA_PASSWORD2: ${{ secrets.PROD_BACKEND_ROBOKASSA_PASSWORD2 }}
|
||||||
|
ROBOKASSA_TEST: ${{ vars.PROD_BACKEND_ROBOKASSA_TEST }}
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
GATEWAY_VK_ID_CLIENT_SECRET: ${{ secrets.GATEWAY_VK_ID_CLIENT_SECRET }}
|
||||||
|
GATEWAY_HONEYTOKEN: ${{ secrets.PROD_GATEWAY_HONEYTOKEN }}
|
||||||
|
# Community IP blocklist — rendered on rollback too so a rollback keeps the same edge policy.
|
||||||
|
GATEWAY_BLOCKLIST_ENABLED: ${{ vars.PROD_GATEWAY_BLOCKLIST_ENABLED }}
|
||||||
|
GATEWAY_BLOCKLIST_URL: ${{ vars.PROD_GATEWAY_BLOCKLIST_URL }}
|
||||||
|
GATEWAY_BLOCKLIST_ALLOW: ${{ vars.PROD_GATEWAY_BLOCKLIST_ALLOW }}
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.PROD_EXPORT_SIGN_KEY }}
|
||||||
|
SMTP_RELAY_USER: ${{ secrets.SMTP_RELAY_USER }}
|
||||||
|
SMTP_RELAY_PASS: ${{ secrets.SMTP_RELAY_PASS }}
|
||||||
|
SMTP_RELAY_HOST: ${{ vars.SMTP_RELAY_HOST }}
|
||||||
|
SMTP_RELAY_PORT: ${{ vars.SMTP_RELAY_PORT }}
|
||||||
|
SMTP_RELAY_TLS: ${{ vars.SMTP_RELAY_TLS }}
|
||||||
|
SMTP_RELAY_FROM: ${{ vars.PROD_SMTP_RELAY_FROM }}
|
||||||
|
SMTP_RELAY_ADMIN_FROM: ${{ vars.PROD_SMTP_RELAY_ADMIN_FROM }}
|
||||||
|
ADMIN_EMAIL: ${{ vars.PROD_ADMIN_EMAIL }}
|
||||||
|
SMTP_RELAY_SERVICE_FROM: ${{ vars.PROD_SMTP_RELAY_SERVICE_FROM }}
|
||||||
|
SERVICE_EMAIL: ${{ vars.PROD_SERVICE_EMAIL }}
|
||||||
|
GRAFANA_SMTP_PORT: ${{ vars.GRAFANA_SMTP_PORT }}
|
||||||
|
GF_SMTP_ENABLED: ${{ vars.PROD_GF_SMTP_ENABLED }}
|
||||||
|
# PITR archiving parity: a rollback must re-render the SAME env.sh, else it would
|
||||||
|
# silently disarm WAL archiving (PGBACKREST_ARCHIVE_MODE would fall back to off).
|
||||||
|
PGBACKREST_ARCHIVE_MODE: ${{ vars.PROD_PGBACKREST_ARCHIVE_MODE }}
|
||||||
|
PGBACKREST_S3_ENDPOINT: ${{ vars.PROD_PGBACKREST_S3_ENDPOINT }}
|
||||||
|
PGBACKREST_S3_PORT: ${{ vars.PROD_PGBACKREST_S3_PORT }}
|
||||||
|
PGBACKREST_S3_BUCKET: ${{ vars.PROD_PGBACKREST_S3_BUCKET }}
|
||||||
|
PGBACKREST_S3_REGION: ${{ vars.PROD_PGBACKREST_S3_REGION }}
|
||||||
|
PGBACKREST_S3_KEY: ${{ secrets.PROD_PGBACKREST_S3_KEY }}
|
||||||
|
PGBACKREST_S3_KEY_SECRET: ${{ secrets.PROD_PGBACKREST_S3_KEY_SECRET }}
|
||||||
|
PGBACKREST_CIPHER_PASS: ${{ secrets.PROD_PGBACKREST_CIPHER_PASS }}
|
||||||
INPUT_TARGET: ${{ inputs.target_version }}
|
INPUT_TARGET: ${{ inputs.target_version }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@@ -89,24 +128,9 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-main
|
mkdir -p stage/certs-main
|
||||||
cat > stage/env.sh <<EOF
|
# Same writer as prod-deploy's deploy-main -> the rollback re-renders the FULL
|
||||||
export REGISTRY='$REGISTRY'
|
# runtime env (not a subset), so email / VK login / Grafana alerts survive it.
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
APP_VERSION="$TARGET" bash deploy/write-prod-env.sh stage/env.sh
|
||||||
export POSTGRES_DB='${POSTGRES_DB:-scrabble}'
|
|
||||||
export POSTGRES_USER='${POSTGRES_USER:-scrabble}'
|
|
||||||
export POSTGRES_PASSWORD='$POSTGRES_PASSWORD'
|
|
||||||
export GM_BASICAUTH_USER='${GM_BASICAUTH_USER:-gm}'
|
|
||||||
export GM_BASICAUTH_HASH='$GM_BASICAUTH_HASH'
|
|
||||||
export GRAFANA_ADMIN_PASSWORD='$GRAFANA_ADMIN_PASSWORD'
|
|
||||||
export GRAFANA_ROOT_URL='$GRAFANA_ROOT_URL'
|
|
||||||
export CADDY_SITE_ADDRESS='$CADDY_SITE_ADDRESS'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
export DICT_VERSION='$DICT_VERSION'
|
|
||||||
export APP_VERSION='$TARGET'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export GATEWAY_ABUSE_BAN_ENABLED='true'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
||||||
@@ -147,9 +171,11 @@ jobs:
|
|||||||
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
||||||
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# PUBLIC_BASE_URL drives the derived Mini App URL; SUPPORT_CHAT_ID for parity with deploy.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
||||||
|
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.PROD_TELEGRAM_SUPPORT_CHAT_ID }}
|
||||||
TELEGRAM_BOT_USERNAME: ${{ vars.PROD_TELEGRAM_BOT_USERNAME }}
|
TELEGRAM_BOT_USERNAME: ${{ vars.PROD_TELEGRAM_BOT_USERNAME }}
|
||||||
TELEGRAM_BOT_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
TELEGRAM_BOT_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
||||||
steps:
|
steps:
|
||||||
@@ -163,19 +189,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-bot
|
mkdir -p stage/certs-bot
|
||||||
cat > stage/env.bot.sh <<EOF
|
# Same writer as prod-deploy's deploy-bot (parity; includes TELEGRAM_SUPPORT_CHAT_ID).
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
BOT_IMAGE="$REGISTRY/scrabble-telegram-bot:$TARGET" bash deploy/write-prod-bot-env.sh stage/env.bot.sh
|
||||||
export BOT_IMAGE='$REGISTRY/scrabble-telegram-bot:$TARGET'
|
|
||||||
export BOTLINK_GATEWAY_ADDR='$MAIN_HOST:9443'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export TELEGRAM_GAME_CHANNEL_ID='$TELEGRAM_GAME_CHANNEL_ID'
|
|
||||||
export TELEGRAM_CHAT_ID='$TELEGRAM_CHAT_ID'
|
|
||||||
export TELEGRAM_PROMO_BOT_TOKEN='$TELEGRAM_PROMO_BOT_TOKEN'
|
|
||||||
export TELEGRAM_BOT_USERNAME='$TELEGRAM_BOT_USERNAME'
|
|
||||||
export TELEGRAM_BOT_LINK='$TELEGRAM_BOT_LINK'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
||||||
|
|||||||
@@ -125,9 +125,10 @@ gateway/ # module scrabble/gateway: Connect-RPC edge, embeds
|
|||||||
ui/ # Svelte + Vite SPA + landing (Node project, not in go.work)
|
ui/ # Svelte + Vite SPA + landing (Node project, not in go.work)
|
||||||
pkg/ # shared: telemetry, version, wire/FlatBuffers, proto, mtls
|
pkg/ # shared: telemetry, version, wire/FlatBuffers, proto, mtls
|
||||||
platform/telegram/ # Telegram side-service: cmd/validator (HMAC, no VPN) + cmd/bot (Bot API; dials gateway over reverse mTLS bot-link)
|
platform/telegram/ # Telegram side-service: cmd/validator (HMAC, no VPN) + cmd/bot (Bot API; dials gateway over reverse mTLS bot-link)
|
||||||
|
renderer/ # image-render sidecar (Node + skia-canvas): runs ui/src/lib/gameimage.ts server-side for the finished-game PNG export
|
||||||
loadtest/ # module scrabble/loadtest: the load/stress harness
|
loadtest/ # module scrabble/loadtest: the load/stress harness
|
||||||
docs/ .gitea/workflows/ CLAUDE.md README.md
|
docs/ .gitea/workflows/ CLAUDE.md README.md
|
||||||
backend/Dockerfile gateway/Dockerfile platform/telegram/Dockerfile loadtest/Dockerfile # multi-stage distroless; gateway/Dockerfile has the `landing` target, platform/telegram/Dockerfile has `validator`+`bot` targets
|
backend/Dockerfile gateway/Dockerfile platform/telegram/Dockerfile loadtest/Dockerfile renderer/Dockerfile # multi-stage distroless (renderer: node:22-slim + skia-canvas + fonts); gateway/Dockerfile has the `landing` target, platform/telegram/Dockerfile has `validator`+`bot` targets
|
||||||
deploy/ # docker-compose (+ prod overlay + bot host) + ansible provisioning + caddy + landing + otelcol (OTLP + docker_stats) + prometheus/tempo/grafana + node_exporter + postgres_exporter; prod-deploy.sh
|
deploy/ # docker-compose (+ prod overlay + bot host) + ansible provisioning + caddy + landing + otelcol (OTLP + docker_stats) + prometheus/tempo/grafana + node_exporter + postgres_exporter; prod-deploy.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -143,6 +144,7 @@ go run ./backend/cmd/backend # /healthz, /readyz on :8080
|
|||||||
|
|
||||||
cd ui && pnpm install && pnpm check && pnpm test:unit && pnpm build # the UI
|
cd ui && pnpm install && pnpm check && pnpm test:unit && pnpm build # the UI
|
||||||
pnpm start # UI mock mode: lobby -> game, no backend
|
pnpm start # UI mock mode: lobby -> game, no backend
|
||||||
|
cd renderer && pnpm install && pnpm test # image-render sidecar (bundles ui/src/lib/gameimage.ts, skia smoke)
|
||||||
|
|
||||||
docker build --build-arg DICT_VERSION=v1.3.0 -f backend/Dockerfile -t scrabble-backend . # DICT_VERSION required (no default); gateway embeds the SPA
|
docker build --build-arg DICT_VERSION=v1.3.0 -f backend/Dockerfile -t scrabble-backend . # DICT_VERSION required (no default); gateway embeds the SPA
|
||||||
docker build -f gateway/Dockerfile --target gateway -t scrabble-gateway .
|
docker build -f gateway/Dockerfile --target gateway -t scrabble-gateway .
|
||||||
@@ -154,3 +156,11 @@ The `ui` module is a Node project (pnpm), **not** in `go.work`; it is the `ui` j
|
|||||||
the single `.gitea/workflows/ci.yaml`. Committed edge codegen under `ui/src/gen/`
|
the single `.gitea/workflows/ci.yaml`. Committed edge codegen under `ui/src/gen/`
|
||||||
(regenerate with `pnpm codegen`); pnpm build-script approval lives in
|
(regenerate with `pnpm codegen`); pnpm build-script approval lives in
|
||||||
`ui/pnpm-workspace.yaml` (`allowBuilds: esbuild: true`).
|
`ui/pnpm-workspace.yaml` (`allowBuilds: esbuild: true`).
|
||||||
|
|
||||||
|
## Agent field notes
|
||||||
|
|
||||||
|
Non-obvious, hard-won knowledge the agent has accumulated that is **not** captured in the docs above,
|
||||||
|
kept in the repo so it travels with a clone. Verify any named file/flag against current code before
|
||||||
|
acting on it.
|
||||||
|
|
||||||
|
@.claude/CLAUDE.md
|
||||||
|
|||||||
@@ -0,0 +1,698 @@
|
|||||||
|
# apple/ — native iOS/iPadOS app plan
|
||||||
|
|
||||||
|
Native **SwiftUI** application for iPhone and iPad, written **from scratch** (not a Capacitor
|
||||||
|
wrapper, unlike the Android app under `ui/android`). This document is the **source of truth and
|
||||||
|
continuity** for the effort: it lives in the repo so it travels to whatever machine does the work —
|
||||||
|
in particular the **Mac Claude session** that does the actual building. Read it first; append to it
|
||||||
|
as decisions land. Nothing here is final until built and verified; any decision can be reopened.
|
||||||
|
Items still open carry an **[OPEN / TRACKED]** or **[GATE]** marker.
|
||||||
|
|
||||||
|
Chat with the owner is in Russian per the user-level guide; this doc, like all repo docs, is in
|
||||||
|
**English**.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 0. Working model — two contexts
|
||||||
|
|
||||||
|
- **Mac (primary).** All real development happens in a **Claude session on the Mac**: SwiftUI code,
|
||||||
|
`xcodebuild`, Simulator, tests, screenshots, signing, TestFlight/App Store. The Apple toolchain is
|
||||||
|
native there.
|
||||||
|
- **Linux dev-host (this repo's usual environment).** Used only to **lay groundwork for CI** (a macOS
|
||||||
|
runner, later) and to edit platform-agnostic Swift packages / docs. It **cannot** build or run an
|
||||||
|
iOS app — SwiftUI/UIKit and the iOS SDK exist only inside Xcode on macOS. (Swift the language runs
|
||||||
|
on Linux, but that is server-side Swift, irrelevant to iOS UI.)
|
||||||
|
|
||||||
|
Consequence: the heavy loop (build/sim/screenshot) is Mac-only; keep the SwiftUI shell thin and push
|
||||||
|
logic into plain Swift packages — good for testability regardless of host.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 1. Tooling to install / verify on the Mac host
|
||||||
|
|
||||||
|
Do this first on the Mac before any code. The owner already has Xcode + Command Line Tools + a
|
||||||
|
simulator installed generally; the steps below are mostly **verify**, a few are **install**.
|
||||||
|
|
||||||
|
### Verify (already present, confirm versions)
|
||||||
|
- **Xcode 26** (latest) — we always build against the **newest SDK** (this is what grants the iOS 26
|
||||||
|
Liquid Glass appearance to standard controls; see §3). Confirm `xcodebuild -version`.
|
||||||
|
- **Command Line Tools** — `xcode-select -p` points at the Xcode 26 toolchain.
|
||||||
|
- **Swift 6** toolchain (bundled with Xcode 26) — `swift --version`.
|
||||||
|
- **Simulator runtimes** — need **both**:
|
||||||
|
- **iOS 18** runtime (our minimum deployment target — verify the app runs/looks correct there),
|
||||||
|
- **iOS 26** runtime (latest — verify Liquid Glass appearance).
|
||||||
|
Check under Xcode ▸ Settings ▸ Platforms; install any missing runtime there.
|
||||||
|
|
||||||
|
### Install (Homebrew, sudo-free where possible)
|
||||||
|
- **XcodeGen** — `brew install xcodegen`. Generates the `.xcodeproj` from a declarative `project.yml`
|
||||||
|
(see §4). This is the project-management tool of record.
|
||||||
|
- **swiftlint** and/or **swift-format** — `brew install swiftlint swift-format`. Lint/format gate.
|
||||||
|
- *(optional, CI ergonomics)* **xcbeautify** — `brew install xcbeautify`, prettifies `xcodebuild`
|
||||||
|
logs. Not required for local work.
|
||||||
|
|
||||||
|
### No install needed (SPM dependencies, pulled by the build)
|
||||||
|
- **swift-snapshot-testing** (Point-Free, open-source) — snapshot tests, added as an SPM package.
|
||||||
|
- **MetricKit** — first-party Apple framework for crash/hang/diagnostic capture; nothing to install.
|
||||||
|
|
||||||
|
### Deferred / not now
|
||||||
|
- **Apple Developer account** — in process; see the gate in §11. Not required to start (Simulator work
|
||||||
|
is unblocked without it).
|
||||||
|
- **fastlane / signing automation** — only when we reach device builds / CI / release. Revisit then.
|
||||||
|
- **macOS CI runner** (Gitea Actions on a Mac, or a cloud Mac) — the Linux-side groundwork; designed
|
||||||
|
later.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 2. Fixed decisions
|
||||||
|
| Topic | Decision |
|
||||||
|
|---|---|
|
||||||
|
| Language / UI | Native **SwiftUI**, from scratch; **not** Capacitor. |
|
||||||
|
| Targets | **iPhone first**, then **iPad** (iPadOS) as a first-class target: reuse controls, adapt via layout. Possibly macOS/Catalyst far later — do not design for it now, but the `apple/` name leaves the door open. |
|
||||||
|
| Minimum OS | **iOS 18** (reaches ~A12 devices, iPhone XS/XR and newer; wide parity). Always **build with the latest SDK** (Xcode 26). |
|
||||||
|
| Directory | **`apple/`** in this monorepo (covers iPhone/iPad/future Mac; `ios/` too narrow, `swiftui/` names a framework not a platform). CI + docs stay co-located with the engine/wire. |
|
||||||
|
| Project tooling | **XcodeGen** (`project.yml`) + **SPM** modules. Not a hand-managed `.xcodeproj` (merge-hostile `project.pbxproj`, opaque, non-reproducible). Tuist only if modularization outgrows XcodeGen. |
|
||||||
|
| State management | **`@Observable`** (Observation framework), the idiomatic first-party default. **Not TCA** (heavy boilerplate, steep curve, large dependency; its benefits do not pay off at our size). Introduce a light unidirectional pattern by hand only where genuinely needed. |
|
||||||
|
| Concurrency | **Swift 6 strict concurrency** from the start (actors / `Sendable`) — cheaper to write new than to retrofit. |
|
||||||
|
| Localization / a11y | **First-class from the first screen**: RU/EN via String Catalogs, Dynamic Type, Dark Mode, Reduce Motion. Cheap now, expensive to retrofit. |
|
||||||
|
| Design relationship to web | **Not a mirror of the web app.** Board + game mechanics are preserved; the rest is designed fresh with iOS-native idioms. |
|
||||||
|
| UI philosophy | **System controls by default, custom only when necessary.** (Also "modern for free": Liquid Glass auto-applies to standard chrome on iOS 26.) |
|
||||||
|
| Auth | **Sign in with Apple** (required by Apple when any third-party social login is offered) **plus** email / VK / Telegram / … in the usual stacked-button login. Backend already has VK/TG/email; Apple is the only new provider. Details deferred to the descriptive phase. |
|
||||||
|
| Payments | Target **both** external rails (Robokassa / analogs, primary for RU) **and** Apple IAP, behind a **region-aware payment seam**. See §9 for the out-of-region reject risk (tracked separately). |
|
||||||
|
| Bundle id | Reuse **`ru.eruditgame.app`** (Apple/Google namespaces are independent; one bundle id for the universal iPhone+iPad app). |
|
||||||
|
| Design scope vs delivery | **Design/inventory scope = the full (online) app** — describe every moving part up front (online has more by design). **Implementation/delivery may stage** (stub online surfaces + stub engine first, wire real behind the same seams later). These are different axes; do not shrink the *design* to offline-first. |
|
||||||
|
| Crash reporting | **MetricKit only** (first-party, self-hosted upload; see §8). No PLCrashReporter, no Sentry for now. |
|
||||||
|
| Analytics | **None.** Nothing is tracked. No speculative "entry points" either (YAGNI; cheap to add later since actions centralize in `@Observable` models). Monitoring stays backend-only, as today. |
|
||||||
|
| Onboarding | **TipKit** (first-party, iOS 17+) for the coachmark tours, not a custom dimmed-overlay reimplementation of the web coachmarks. |
|
||||||
|
| Login (v1 surface) | **Sign in with Apple + email + guest.** VK / Telegram sign-in **deferred** to a later delivery (the login screen extends trivially with more stacked buttons). Note: with no third-party *social* provider in v1, SIWA is technically optional (email is not a social login), but we ship it deliberately; once VK/TG land it becomes mandatory. |
|
||||||
|
| Wallet / store / ad banner | **Designed in v1** (full inventory), **delivery staged.** Keeps the region-aware payment seam + the out-of-region reject risk (§10) in scope from the start. |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 3. Why "min iOS 18" does not freeze the design (reference)
|
||||||
|
|
||||||
|
Appearance is governed by the **SDK you build against** + whether you use **standard components**,
|
||||||
|
**not** by the deployment target. Building with the iOS 26 SDK means standard controls
|
||||||
|
(NavigationStack, toolbars, TabView, Button, List, sheets, alerts, Form) **automatically** adopt
|
||||||
|
Liquid Glass on iOS 26, and render the iOS 18 style on iOS 18 — with no per-version code. iOS 26-only
|
||||||
|
APIs (e.g. `.glassEffect` on custom views) are used behind `if #available(iOS 26, *)` with a fallback.
|
||||||
|
**Custom-drawn UI** (board, tiles, score) looks identical on every version because we own it — so the
|
||||||
|
minimum has almost no visual cost for the game's core surface.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 4. Proposed layout under `apple/` (to refine at setup)
|
||||||
|
|
||||||
|
```
|
||||||
|
apple/
|
||||||
|
project.yml # XcodeGen spec (committed; the .xcodeproj is generated, gitignored)
|
||||||
|
App/ # thin app target: @main entry, Info.plist, entitlements, asset catalog, app icon, capabilities, signing
|
||||||
|
Packages/ # SPM modules — the real code (merge-friendly, testable; non-UI ones buildable on Linux)
|
||||||
|
Domain/ # game state, rules glue, scoring, turn model (platform-agnostic)
|
||||||
|
Engine/ # Swift port of the move generator/validator/scorer + DAWG reader (parity-pinned) — later
|
||||||
|
Wire/ # Connect-Swift + FlatBuffers client to the gateway (same wire as web/Android)
|
||||||
|
DesignSystem/ # tokens, typography (SF), board/tile visual spec, reusable components
|
||||||
|
Features/ # per-screen feature modules (views + @Observable models)
|
||||||
|
DataMocks/ # mock implementations of the data protocols (the "seam"); powers Previews + e2e stubs
|
||||||
|
Tests/ # or per-package tests: Swift Testing, snapshot, XCUITest
|
||||||
|
README.md
|
||||||
|
```
|
||||||
|
|
||||||
|
Workflow discipline (XcodeGen): the generated `.xcodeproj` is a **disposable artifact** — never edit
|
||||||
|
project structure in the Xcode UI expecting it to persist; change `project.yml` and regenerate. Files
|
||||||
|
are picked up by globs, not hand-listed. XcodeGen passes through arbitrary raw build settings and
|
||||||
|
custom build phases, so custom needs are expressible; worst case escape hatches are committing the
|
||||||
|
`.xcodeproj` or migrating to Tuist — no dead end.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 5. Determining optimization principles
|
||||||
|
These five shape the architecture from the start (not "add later"):
|
||||||
|
|
||||||
|
1. **Push (APNs) instead of a live socket while backgrounded.** For a turn-based game we do **not** hold
|
||||||
|
a socket in the background; the opponent's move arrives via **push**. This is an energy-architecture
|
||||||
|
decision, not just notifications — it puts APNs on the critical path.
|
||||||
|
2. **Board rendered with `Canvas`**, not a tree of ~225 `View` nodes (far cheaper in perf and memory).
|
||||||
|
3. **Engine off the main thread** — move generation, DAWG traversal, scoring, hints run on a background
|
||||||
|
actor/Task; the UI stays responsive. Swift 6 concurrency enforces this.
|
||||||
|
4. **`mmap` the dictionary (DAWG)** — memory-map, do not load the whole thing into RAM; low footprint.
|
||||||
|
5. **Fast silent boot + spinner-less resume via cache.** Show UI instantly; move heavy init (dictionary
|
||||||
|
prep) off the launch path (lazy until first needed). On foreground, render the persisted state
|
||||||
|
immediately and **silently** re-establish the stream, reconciling deltas — no blocking overlay. (Same
|
||||||
|
spirit as the Android native "silent+fast boot" and the web "offline return-online poll".)
|
||||||
|
|
||||||
|
### Lifecycle / background (the mechanism behind #1 and #5)
|
||||||
|
`ScenePhase`: on `.background`/`.inactive` tear down the live stream, stop timers, release resources; on
|
||||||
|
`.active` resume from cache + silent reconnect. Respect **Low Data Mode / cellular**
|
||||||
|
(`NWPathMonitor.isConstrained/isExpensive`). Batch network to avoid keeping the radio awake (radio tail).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 6. Hygiene practices (apply as we go)
|
||||||
|
|
||||||
|
- **Memory warnings** — purge caches; watch for retain cycles (`[weak self]` around streams/observation).
|
||||||
|
- **Kill any animation while backgrounded** (do not tick the turn clock in the background).
|
||||||
|
- **Low Power Mode** (`ProcessInfo.isLowPowerModeEnabled`) — trim animations/background activity.
|
||||||
|
- **Reduce Motion** (`accessibilityReduceMotion`) — drop lavish animations (accessibility **and** battery).
|
||||||
|
- **Thermal state** — reduce load under throttling.
|
||||||
|
- Let the screen sleep; no needless wake locks. No sensors (geo/motion) — none are needed.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 7. Storage — persist eagerly, do not trust `willTerminate`
|
||||||
|
There is **no reliable destructive callback** on iOS: `willTerminate` is often **not** called (swipe
|
||||||
|
force-kill, memory kill happen silently). Relying on catching a "destroy" event is a trap.
|
||||||
|
|
||||||
|
Pattern: **persist on the way to background** (`scenePhase → .inactive/.background`); snapshot the state
|
||||||
|
that matters (in-progress tile placement on the board, an uncommitted move). For the uncommitted
|
||||||
|
placement, also persist **incrementally** on meaningful changes (a tile placed / removed), **coalesced**
|
||||||
|
(not on every drag pixel). Data volume is tiny, writes are cheap. Store: SwiftData or plain file/SQLite —
|
||||||
|
decide at implementation. Net effect: even a silent kill loses nothing; the last valid state is on disk.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 8. Testing — take all three layers
|
||||||
|
|
||||||
|
The mock **seam** (protocol-backed data access with `DataMocks`) is both the Preview data source **and**
|
||||||
|
the e2e stub mechanism.
|
||||||
|
|
||||||
|
1. **Unit — Swift Testing** (`import Testing`, `@Test`, `#expect`): domain/logic, engine **parity golden
|
||||||
|
tests**, wire **codec** tests, view-models. Pure (non-UI) SPM packages are **Linux/CI-buildable** — a
|
||||||
|
slice of tests can run in the ordinary CI without a Mac.
|
||||||
|
2. **Snapshot — swift-snapshot-testing**: visual regression of SwiftUI views against reference images
|
||||||
|
(fixed simulator device for determinism). Valuable for a from-scratch design.
|
||||||
|
3. **e2e — XCUITest against the mock seam**: the native analogue of the web Playwright mock e2e. The app
|
||||||
|
launches with a launch argument that switches to `DataMocks`; the whole UI is driven deterministically
|
||||||
|
with no server. Runs on the Mac runner in CI.
|
||||||
|
|
||||||
|
Lesson carried from web: the mock e2e **bypasses the real network**, so wire/codec bugs are **not** caught
|
||||||
|
there — they need the **codec unit tests**.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 9. Crash reporting & analytics
|
||||||
|
- **Crashes: MetricKit.** `MXMetricManager` delivers crash/hang/CPU/disk diagnostics to the app; we
|
||||||
|
**upload the payload to our own backend** and view it in the existing **Grafana/logs** contour — fully
|
||||||
|
self-hosted, zero third-party, no paid service. Apple's Xcode Organizer / App Store Connect also provides
|
||||||
|
aggregated crashes for TestFlight/release builds for free.
|
||||||
|
- **Operational requirement:** crashes are unreadable without **symbolication** → CI **must archive the
|
||||||
|
`dSYM`** for every build/release (artifact), else reports are raw addresses.
|
||||||
|
- **Analytics: none** (see §2). No tracking, no ATT prompt, no IDFA — cleaner privacy labels as a bonus.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 10. Payments — region-aware seam, out-of-region reject risk (tracked)
|
||||||
|
|
||||||
|
- Target **both** external rails (Robokassa/analogs, primary for RU) and Apple IAP, behind a **region-aware
|
||||||
|
payment seam** (distribution region is set per-country in App Store Connect).
|
||||||
|
- **The RU situation is a genuine grey/in-flux area:** Apple has effectively disabled IAP for RU accounts
|
||||||
|
while external merchants are not yet blocked — hence real apps running both paths. We follow that.
|
||||||
|
- **[OPEN / TRACKED] Out-of-region payments:** external payment for digital goods is a **rejection risk
|
||||||
|
outside the RU region** (App Store guideline 3.1.1). We need a mechanism to route/avoid so we do not get
|
||||||
|
rejected. Re-verify current policy at the payments implementation phase. Do not die on this hill; the
|
||||||
|
owner's real-world observation stands, but the risk is on record.
|
||||||
|
- **[OPEN / TRACKED] Cross-platform spend compliance:** must not let web-funded (same-email) chips be
|
||||||
|
spent inside the iOS app (see §14 → I). A dedicated payments session will settle the iOS spend-
|
||||||
|
visibility. iOS v1 shows the packs but blocks Buy with a soft redirect to the web/Android build.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 11. Gates
|
||||||
|
|
||||||
|
- **[GATE] Apple Developer account** (in process). Development in the **Simulator is unblocked without it**.
|
||||||
|
It blocks, downstream: running on a **physical device**, enabling **Sign in with Apple** (needs an App ID
|
||||||
|
+ capability), **push (APNs)**, **TestFlight / App Store release**. Sequence work so these land after the
|
||||||
|
account is active.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 12. Audio — future (only if sounds are added)
|
||||||
|
|
||||||
|
Two common anti-patterns we must **not** ship, both fixed via `AVAudioSession`:
|
||||||
|
|
||||||
|
1. **Never silence the user's other audio.** Category **`.ambient`** (+ `.mixWithOthers`): mixes with the
|
||||||
|
user's music/podcast, does **not** interrupt it, and respects the **silent switch**. The typical mistake
|
||||||
|
is `.playback`, which stops others — we do not use it.
|
||||||
|
2. **Never "capture" audio at launch.** Activate the audio session **lazily — only while actually playing a
|
||||||
|
sound** — and do not hold it active otherwise; never activate on boot. Avoids the "launched and muted my
|
||||||
|
music while playing nothing" annoyance.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 13. Development sequence (the process, agreed)
|
||||||
|
|
||||||
|
**Design the full online app up front; build in a vertical slice, then breadth.** Order:
|
||||||
|
|
||||||
|
1. **Screen & moving-parts inventory** — enumerate every screen and, per screen, its states, data, and
|
||||||
|
reactions to actions (re-imagined for iOS, informed by the web functional domains but not mirroring
|
||||||
|
them). *(Next up — to be filled in below as we do step 1.)*
|
||||||
|
2. **Navigation / state skeleton** — an app-level router; transitions expressed as state (`NavigationStack`
|
||||||
|
path, state-bound sheets), not bolted on afterward.
|
||||||
|
3. **One vertical slice first — the game screen** (with stubs), fully interactive. This is where the
|
||||||
|
**design system** (tokens, SF typography, board/tile visual spec) and the **reusable component kit** are
|
||||||
|
born — on the highest-value screen, not on a login form.
|
||||||
|
4. **Then breadth** — the remaining screens along the established patterns; each screen built with its
|
||||||
|
controls **and** mock data together (not screens-then-transitions-then-controls in horizontal passes —
|
||||||
|
SwiftUI is data-driven, so a screen and its controls co-evolve and transitions fall out of the state
|
||||||
|
model).
|
||||||
|
|
||||||
|
Throughout: mock is an **architectural seam** (protocol + `DataMocks`), not throwaway — the real
|
||||||
|
networking later slots in behind the same protocols. The **Swift engine port** is its own workstream
|
||||||
|
(stub the game during the presentation phase; wire the real parity-pinned engine later).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 14. Inventory — screens & moving parts (step 1)
|
||||||
|
|
||||||
|
Seeded from `docs/FUNCTIONAL.md`, re-imagined for iOS-native idioms. Tags: **[keep]** as-is in
|
||||||
|
spirit, **[re-imagine]** with a native idiom, **[deferred]** designed but delivered later. The
|
||||||
|
per-screen **moving parts** (states / data / actions) are filled in section by section next, starting
|
||||||
|
with the game screen (the vertical slice).
|
||||||
|
|
||||||
|
### A. Boot / launch
|
||||||
|
- **Loading splash** [keep] — crossword tiles (ЭРУДИТ / ЗАГРУЗКА / ОЖИДАНИЕ), minimal, aligned with the
|
||||||
|
fast-silent-boot principle (no empty flash).
|
||||||
|
- **Offline first-launch → straight into the lobby as guest** [keep] (as Android).
|
||||||
|
- **"Couldn't load" + Retry** [re-imagine] native, no web-sign-in fallback.
|
||||||
|
- **"Client too old" update screen** [keep] native: Update (Store) / Play offline.
|
||||||
|
|
||||||
|
### B. Onboarding
|
||||||
|
- **Coachmark tours** (lobby series + game series) [re-imagine] via **TipKit**.
|
||||||
|
|
||||||
|
### C. Auth / identity (v1: SIWA + email + guest)
|
||||||
|
- **Login screen** [re-imagine] stacked buttons: **Sign in with Apple** (native sheet) + **Email** + **guest**.
|
||||||
|
VK / Telegram rows **[deferred]**.
|
||||||
|
- **Email code entry** [keep].
|
||||||
|
|
||||||
|
### D. Lobby
|
||||||
|
- **"My games" list** [keep] — three sections (your turn / opponent / finished; empty hidden), ordering
|
||||||
|
rules, unread dots (red/amber), status-blink, swipe-to-remove finished, server games greyed-out offline.
|
||||||
|
Swipe/kebab → native **swipe actions**.
|
||||||
|
- **Bottom tab bar** [re-imagine] → `TabView`: New Game / Statistics / Settings hub.
|
||||||
|
|
||||||
|
### E. New Game
|
||||||
|
- **New Game screen** [keep] — Quick game (AI / random), With friends (invite / pass-and-play), variant
|
||||||
|
pick (gated by preferences), RU "multiple words per turn" toggle, per-kind caps 🔒 prompts.
|
||||||
|
- **Friend invite** [keep] — pick from friend list.
|
||||||
|
- **Pass-and-play setup** [keep] — host PIN keypad, player rows (2–4), optional per-seat PIN.
|
||||||
|
|
||||||
|
### F. Game — VERTICAL SLICE (step 3)
|
||||||
|
- **Game board screen** [keep] — board on **`Canvas`**, rack, action bar (combined pass/exchange, hint,
|
||||||
|
shuffle, confirm), on-board legality preview + score badge, bag count.
|
||||||
|
- **Scoreboard header / seats** [keep] — opponent cards with add-friend 🤝 / block ✖️.
|
||||||
|
- **Move history** [keep].
|
||||||
|
- **Comms screen** [keep] — 💬 chat / 🔎 dictionary tabs.
|
||||||
|
- **Dictionary word-check** [keep] — complaint, external reference link (network-gated).
|
||||||
|
- **Hint** [keep] — lays suggested tiles; vs_ai 🔒 idle-gate + countdown (steady in-app timer).
|
||||||
|
- **Pass / exchange** [re-imagine] native sheet.
|
||||||
|
- **Pass-and-play in game** [keep] — seat PIN unlock, leader controls (skip / remove / end early).
|
||||||
|
- **Connection-lost banner + frozen play area** [keep].
|
||||||
|
- **End-of-game + export** [keep] — GCG + PNG via the native **share sheet**.
|
||||||
|
|
||||||
|
### G. Social / friends
|
||||||
|
- **Friends screen** (Settings → Friends) [keep] — list, one-time code (issue / redeem), requests,
|
||||||
|
block / unblock / unfriend; kebab → native **context menu**.
|
||||||
|
- **Incoming invitations** [keep] — accept / decline.
|
||||||
|
|
||||||
|
### H. Profile & settings
|
||||||
|
- **Settings hub** [re-imagine] grouped `List`: settings, profile, friends, wallet, about.
|
||||||
|
- **Settings** [keep] — language, theme, board bonus-label style, reduce-motion, zoom-the-board,
|
||||||
|
notifications-in-app-only, block toggles.
|
||||||
|
- **Profile** [keep] — display name, timezone, away window, variant preferences, sign-in methods
|
||||||
|
(link / unlink / merge), delete account; inline editing.
|
||||||
|
- **Merge confirmation** (irreversible) [keep].
|
||||||
|
- **Delete account** [keep] — mailed code / typed phrase.
|
||||||
|
|
||||||
|
### I. Wallet & store (designed in v1, delivery staged)
|
||||||
|
- **Wallet** [keep, deferred delivery] — balance (per-platform chips), Active line, Buy / Spend toggle,
|
||||||
|
watch-ad option, Exchange confirm, store-compliance warnings. Region/store-aware; ties to the §10
|
||||||
|
payment seam.
|
||||||
|
|
||||||
|
### J. Feedback
|
||||||
|
- **Feedback screen** [keep] — message + single attachment, reply display, feedback-banned state.
|
||||||
|
|
||||||
|
### K. Info / legal
|
||||||
|
- **About** [keep] — version, links.
|
||||||
|
- **Legal docs** (EULA / privacy / offer) [re-imagine] — in-app viewer or Safari, not web pages.
|
||||||
|
|
||||||
|
### L. Cross-cutting (not screens)
|
||||||
|
- **Advertising banner** under the nav (free players) [keep] — component, campaign rotation / colours / urgent.
|
||||||
|
- **Push (APNs)** + real-time in-app updates — data flows, not a screen (APNs is also the background
|
||||||
|
energy model, §5).
|
||||||
|
|
||||||
|
### Excluded (web / platform-specific — not in the native iOS app)
|
||||||
|
- **Admin console `/_gm`** — server-rendered web, not part of any client.
|
||||||
|
- **Landing page** — web-only.
|
||||||
|
- **Telegram / VK Mini App** hosting + their diagnostic screens — the iOS app is not a Mini App.
|
||||||
|
- **PWA install CTA** — web-only.
|
||||||
|
- **Promo bot**, **Telegram support chat** — Telegram-side (in-app Feedback in §J is kept).
|
||||||
|
|
||||||
|
### Native idioms replacing web mechanics
|
||||||
|
`TabView` (tab bar) · native swipe actions / context menus (swipe-remove, kebab) · sheets (popups/modals)
|
||||||
|
· `ShareLink` / share sheet (export) · **TipKit** (coachmarks) · grouped `List` (settings/legal) · SIWA
|
||||||
|
native sheet (auth).
|
||||||
|
|
||||||
|
### Assets, tiles & icons- **Tiles are drawn as runtime vectors** (a rounded rect + a font glyph + the point value, on the board
|
||||||
|
`Canvas`) — **no image assets, no pre-generation, no local-store cache.** Resolution-independent (crisp
|
||||||
|
under zoom-on-drop), theme/variant/locale-adaptive for free. Cache rendered tile images
|
||||||
|
(`ImageRenderer`) **only if** profiling later shows a need. The crossword loading splash **reuses the
|
||||||
|
same tile component** (zero assets).
|
||||||
|
- **LaunchScreen** is static, OS-level, a simple brand mark (background + logo/wordmark; system font or a
|
||||||
|
single logo image — **no tile assets**). Its duration **equals the real launch time** — it **cannot** be
|
||||||
|
extended or held programmatically (and fake delays are discouraged); the "longer" splash is the **in-app
|
||||||
|
crossword splash** (its timing is ours, shown until the lobby is ready). Match the LaunchScreen
|
||||||
|
background to the in-app splash so the OS→app handoff is seamless (no flash).
|
||||||
|
- **Icons = SF Symbols** (the system icon set) everywhere — all the emoji in this plan are placeholders
|
||||||
|
for meaning; the real UI uses SF Symbols (gear, chart.bar, dice, bubble.left, shuffle, lightbulb,
|
||||||
|
person.badge.plus, xmark/hand.raised, square.and.arrow.up, lock, …). **Custom vectors only where no
|
||||||
|
system symbol fits:** the three variant emblems and the tiles.
|
||||||
|
|
||||||
|
### Per-screen moving parts
|
||||||
|
|
||||||
|
#### F. Game screen — detail
|
||||||
|
|
||||||
|
**Layout**
|
||||||
|
- **iPhone: full board always visible + zoom-on-drop** (hybrid, web-parity, setting-gated by the
|
||||||
|
existing "Zoom the board" toggle). Board scaled to width; on tile drop it magnifies toward the drop
|
||||||
|
point for precision.
|
||||||
|
- **Bottom-anchored stack**, top→bottom: *(top strip — the ad banner (L) + connection chrome, else
|
||||||
|
empty)* → **seats header** → **board** → **rack** → **bottom toolbar**. Everything is packed to the
|
||||||
|
bottom; the top strip hosts the L banner / Connecting…/Offline/connection-lost chrome, else empty.
|
||||||
|
- **Orientation: iPhone portrait-only; iPad portrait + landscape.**
|
||||||
|
|
||||||
|
**Four regions**
|
||||||
|
1. **Scoreboard / header** — seats (name, score, whose-turn), unread dot (red msg / amber nudge),
|
||||||
|
connectivity state ("Connecting…" / Offline chip / connection-lost banner), 💬 entry to history/comms.
|
||||||
|
2. **Board (`Canvas`)** — 15×15 grid, placed tiles, staged tiles with on-board legality preview
|
||||||
|
(light green when a word forms, darker on run-through board tiles, pink when none; orange badge =
|
||||||
|
score), zoom-on-drop.
|
||||||
|
3. **Rack** — player tiles, drag/tap to place, shuffle, in-rack reorder.
|
||||||
|
4. **Action bar** — combined pass/exchange, hint (vs_ai 🔒 idle-gate + countdown), shuffle, confirm
|
||||||
|
(only when the move is legal), bag count.
|
||||||
|
|
||||||
|
**State axes (repaint the screen)**
|
||||||
|
- **Whose turn:** mine (preview + submit) vs opponent's (draft placement only, position-only).
|
||||||
|
- **Phase:** waiting for opponent (auto-match "searching for opponent"; resign/chat/nudge off) →
|
||||||
|
active → finished.
|
||||||
|
- **Connectivity:** online / connecting / offline / connection-lost-in-online-game (frozen).
|
||||||
|
- **Kind:** vs_ai (honest 🤖: unlimited wallet-free hints idle-gated, no chat/nudge/add-friend, no
|
||||||
|
clock — 7-day only, no export) · auto-match 2p (possibly a disguised robot) · friend 2–4 ·
|
||||||
|
pass-and-play (seats, PINs, leader).
|
||||||
|
- **Variant:** Erudite / RU Scrabble / EN Scrabble; RU "multiple words per turn" toggle changes the
|
||||||
|
preview (main word only vs all perpendiculars).
|
||||||
|
|
||||||
|
**Interactions**
|
||||||
|
- Place tile (drag or tap; the game infers direction) · **blank ('?') letter picker** · recall a
|
||||||
|
staged tile to the rack · legality preview on-device (first-time warm-up; server fallback) · confirm
|
||||||
|
(only when legal) · resign · shuffle · **hint** (per-game allowance → wallet; vs_ai unlimited but
|
||||||
|
idle-gated 30 min, 🔒 + steady in-app countdown) · zoom-on-drop (setting) · **per-game composition
|
||||||
|
persistence** (rack arrangement + uncommitted move restored, cross-device).
|
||||||
|
|
||||||
|
**Sub-surfaces (from the header)**
|
||||||
|
- **Seat cards** (with history open): add-friend 🤝 / block ✖️, confirm on a fading ✅; disabled/
|
||||||
|
disappear rules.
|
||||||
|
- **Move history** (words, coordinates, scores; pass/exchange/resign/timeout notes; closing ± endgame
|
||||||
|
settlement).
|
||||||
|
- **Comms** — chat (1 msg/turn, ≤60 chars, no links) + dictionary word-check (complaint, external
|
||||||
|
reference link); **nudge**.
|
||||||
|
- **Pass-and-play** — seat PIN unlock (keypad replaces the locked seat's rack); leader button →
|
||||||
|
skip / remove / end-early (leader password); hints and chat off.
|
||||||
|
- **End-of-game** — result, final scores (yours first), export 📤 (GCG + PNG, never for honest-AI);
|
||||||
|
"could not be continued → draw" organizer note.
|
||||||
|
- **Connection-lost (online game)** — slim banner, play area freezes (rack + move controls disable;
|
||||||
|
resign/add-friend/block/chat hidden; a started move stays as a draft); if already in chat/dictionary
|
||||||
|
you stay (chat read-only, dictionary keeps checking on-device).
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **Comms sheet:** a **single detented sheet** with a segmented control **[History | Chat |
|
||||||
|
Dictionary]**; the board + seats header stay visible above; native swipe-to-dismiss + grabber.
|
||||||
|
**Opened by tapping the seats header** (where the unread dot / 💬 live). iPad landscape later adapts
|
||||||
|
it to a side column. (Simplifies the web's nested history → comms navigation.) The **export 📤**
|
||||||
|
lives inside this sheet (History segment, finished game) — **not** in the header.
|
||||||
|
- **Bottom toolbar (not a TabBar).** The in-game controls are actions, so they sit in a native bottom
|
||||||
|
toolbar (`ToolbarItem(.bottomBar)`, the Safari/Mail pattern), **not** the app `TabView` — which is
|
||||||
|
navigation and is **hidden inside the game**. Layout: **`[pass/exchange] — [hint ⇄ confirm] —
|
||||||
|
[shuffle]`** (3 slots). The centre control **morphs hint → confirm** only once a legal move is
|
||||||
|
staged (doubles as "you can commit" feedback). **Exchange** is inside the `pass/exchange` control
|
||||||
|
(select tiles = exchange, none = pass). **Recall** a staged tile by tapping it — no dedicated button.
|
||||||
|
- **Tile placement:** **both drag and tap-to-place**; recall by tap; the **blank ('?') letter picker**
|
||||||
|
is a popover over the variant's alphabet.
|
||||||
|
- **Seat cards:** composed from primitives (`HStack`/`VStack` + design tokens, optional `GroupBox`),
|
||||||
|
no prebuilt control. Base header shows name / score / whose-turn / unread dot only.
|
||||||
|
- **Opponent social actions:** **tap a seat card → a mini player panel** (popover on iPad, sheet on
|
||||||
|
iPhone) showing the relationship status (pending / friends / blocked) with **Add friend** / **Block**
|
||||||
|
(`Button(role: .destructive)` + native `confirmationDialog`). Replaces the web's in-place score-card
|
||||||
|
swap.
|
||||||
|
- **Rack:** shuffle button; reorder tiles by in-rack drag; tap selects a tile for tap-place; freed
|
||||||
|
slots render empty.
|
||||||
|
- **Waiting for opponent (auto-match):** the opponent card reads "searching for opponent" with a calm
|
||||||
|
activity indicator (not a blocking spinner); resign/chat/nudge hidden; you may arrange tiles if it is
|
||||||
|
your turn; a "you can close the app and come back" note.
|
||||||
|
- **vs_ai hint-lock:** the hint control carries a 🔒 badge while idle-gated; a tap shows a transient
|
||||||
|
"unlocks in N min" popover; the lock lifts live at the mark.
|
||||||
|
- **End-of-game:** a result plate on the board (win/lose/draw, final scores yours-first); export via the
|
||||||
|
sheet (above); never for honest-AI.
|
||||||
|
- **Connection-lost / offline chrome** (per FUNCTIONAL, native styling): offline = blue header + Offline
|
||||||
|
chip; brief blip = quiet "Connecting…" in the header; connection-lost in an online game = slim banner
|
||||||
|
+ frozen play area (rack/controls disabled, resign/social/chat hidden, started move kept as a draft).
|
||||||
|
|
||||||
|
*(F inventory + UX skeleton complete. Design-system specifics — colours, typography, tile visuals —
|
||||||
|
emerge while implementing the vertical slice, step 3.)*
|
||||||
|
|
||||||
|
#### D. Lobby — detail
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **List style:** native **inset-grouped `List`** (the Settings-app look — floating rounded section
|
||||||
|
cards over a grouped background). Sections: **your turn / opponent's turn / finished** (empty hidden).
|
||||||
|
- **Grouping (option A — unified lobby):** one lobby, all games in the three state sections. **Local
|
||||||
|
games** (offline vs_ai + pass-and-play, which never sync) are **badged inline** with an "on-device"
|
||||||
|
marker. When offline, **server rows grey out in place** (un-openable; a tap explains why) — not moved
|
||||||
|
or hidden.
|
||||||
|
- **Fold/unfold:** **opponent + finished** sections are collapsible (`DisclosureGroup`); **"your turn"
|
||||||
|
is always expanded** (it is the action section). Fold state is remembered per-device.
|
||||||
|
- **Bottom `TabView` (app navigation):** New Game / Statistics / Settings hub. (Confirmed: the TabBar
|
||||||
|
switches screens; in-game controls are a bottom toolbar, not this.)
|
||||||
|
- **Row anatomy:** opponent name (or "searching for opponent" for an unfilled auto-match) · a **variant
|
||||||
|
emblem** (three distinct icons — Erudit / RU Scrabble / EN Scrabble; **not** a national flag, which
|
||||||
|
can't separate the two Russian variants) · unread dot (red msg / amber nudge) · an **on-device badge**
|
||||||
|
for local games · a **result** for finished games. **No status icon** (the sections already group by
|
||||||
|
status). No avatars (name only). Compact, line-separated. *(Exact visual TBD on the slice.)*
|
||||||
|
|
||||||
|
**Behaviour (per FUNCTIONAL, kept)**
|
||||||
|
- **Ordering:** your-turn first (longest-waiting on top); opponent + finished most-recent first; a game
|
||||||
|
with any unread floats to the top within your-turn/opponent (finished keeps its order).
|
||||||
|
- **Live updates:** a listed game that becomes your-turn or finishes while the lobby is open
|
||||||
|
**flashes its row briefly** (the status-icon blink is retargeted to a row-level flash, since there is
|
||||||
|
no status icon); the game also moving into the *your turn* section is itself a signal. An opponent's-
|
||||||
|
turn change is silent, applied in place.
|
||||||
|
- **Unread dot:** next to the game — **red** when an unread message waits, **amber** when only nudges.
|
||||||
|
- **Remove finished:** native **swipe action** → ❌ (per-account, permanent, no undo). An AI game you
|
||||||
|
left (resign or 7-day lapse) auto-drops from *finished*; a normally-finished AI game stays until
|
||||||
|
removed; no other type auto-removes.
|
||||||
|
- **Cold open:** loading splash (crossword tiles ЭРУДИТ/ЗАГРУЗКА/ОЖИДАНИЕ) until the list is ready — no
|
||||||
|
empty flash.
|
||||||
|
- **Offline chrome:** blue header + Offline chip; Stats tab disabled; invitations hidden; server rows
|
||||||
|
greyed.
|
||||||
|
|
||||||
|
#### E. New Game — detail
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **Structure:** a top **segmented `[Quick game | With friends]`** + a contextual **inset-grouped form**
|
||||||
|
below (consistent with the lobby aesthetic).
|
||||||
|
- *Quick game:* opponent segmented **`[AI | Random]`** → variant (emblem chips) → RU "multiple words"
|
||||||
|
toggle → **Start**.
|
||||||
|
- *With friends:* rows **Invite a friend** / **Pass-and-play** → pushed sub-flows.
|
||||||
|
- **Variant picker:** **emblem chips / segmented** (≤3 variants); **hidden entirely when a single variant
|
||||||
|
is enabled** (the common default — Erudite only).
|
||||||
|
|
||||||
|
**Behaviour (per FUNCTIONAL, kept)**
|
||||||
|
- **Quick game:** AI default (instant 🤖, no wait) / Random (auto-match 2p — drops you into the game to
|
||||||
|
wait inside; "you can close the app and come back" note).
|
||||||
|
- **With friends offline → only pass-and-play** (invite needs the network).
|
||||||
|
- **RU "multiple words per turn":** default **off**; RU games only; English is always standard, no toggle.
|
||||||
|
- **Per-kind caps** (AI / random / friend): a start at its cap shows **🔒**; a tap opens a prompt — a
|
||||||
|
**guest** is invited to sign in / create an account, a **signed-in** player is told to finish a current
|
||||||
|
game. **Accepting an incoming invitation is never capped.**
|
||||||
|
- **Friend invite:** pick **2–4** from the friend list; the inviter sets the game settings; starts once
|
||||||
|
**all accept**; any decline cancels; an unanswered invite expires in **7 days**; shareable as a Telegram
|
||||||
|
deep link (on VK the link only opens the app, the code is entered by hand).
|
||||||
|
- **Pass-and-play setup:** host PIN keypad → "are you playing too?" (yes → first seat takes your name) →
|
||||||
|
name players 2–4 (add/remove; a removal asks the leader password) → optional per-seat PIN.
|
||||||
|
- **Per-game settings set** (inviter chooses for friend games; quick games use defaults): variant · RU
|
||||||
|
multiple-words · **move timeout** (5 min–24 h, default 24 h) · **hints** (allowed? how many each) ·
|
||||||
|
**leaver's-tile disposition** (returned to bag / removed — 3–4-player games only).
|
||||||
|
|
||||||
|
**UX decisions (sub-details)**
|
||||||
|
- **Cap 🔒 prompt:** a 🔒 badge on the **Start** control (looks unavailable); a tap opens a native
|
||||||
|
alert — guest: a "Sign in / Create account" action; signed-in: an informational "finish a current
|
||||||
|
game first."
|
||||||
|
- **Pass-and-play setup** (pushed, stepped): (a) 4-digit host PIN on a custom lock-screen-style keypad
|
||||||
|
(no built-in iOS control — composed); (b) "are you playing too?"; (c) player rows as an editable
|
||||||
|
`List` (EditMode add/remove; a removal is gated by the leader password); (d) per-seat PIN via a small
|
||||||
|
lock toggle in the row.
|
||||||
|
- **Friend-invite** (pushed): multi-select from the friends `List` (checkmarks, 2–4) → a **settings
|
||||||
|
step** reusing the per-game settings set → **Send** (+ shareable link). Setting controls: move
|
||||||
|
timeout = native picker (5 min–24 h); hints = toggle + stepper; leaver disposition = segmented
|
||||||
|
`[to bag | out of play]`.
|
||||||
|
|
||||||
|
#### C. Login / identity — detail (v1: SIWA + email + guest)
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **No hard login wall — guest by default** (offline-first, as Android native). First launch drops
|
||||||
|
straight into the lobby as a guest.
|
||||||
|
- **Reusable sign-in sheet:** a bottom **detented sheet** (same idiom as the comms sheet) with the
|
||||||
|
sign-in buttons in a **vertical stack** — **Sign in with Apple** (`SignInWithAppleButton`) + **Email**
|
||||||
|
(future VK/TG rows append here). **Shown once on first launch, dismissible** — dismiss = stays guest.
|
||||||
|
**Reused on demand** from the Profile "Sign in" action.
|
||||||
|
- **Email flow:** address → **6-digit code** entry → signed in / linked; rate-limit feedback (cooldown +
|
||||||
|
hourly cap). **Code-only on native** — the magic link is unused (it opens an external browser that
|
||||||
|
can't return to the app; mirrors the installed-PWA case in FUNCTIONAL).
|
||||||
|
- **SIWA:** native system sheet → gateway validates → create / link the account.
|
||||||
|
- **Merge on collision** (the identity already belongs to another account): guest initiator = seamless;
|
||||||
|
durable initiator = irreversible confirmation. Triggered by sign-in; the merge screen itself lives in
|
||||||
|
**H** (Accounts, linking & merge).
|
||||||
|
|
||||||
|
#### B. Onboarding — detail (TipKit, native)
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **TipKit, native flavour** (confirmed): contextual tips anchored to controls, ordered via **`TipGroup`**
|
||||||
|
— **no full-screen dimming, no tap-anywhere-advance**; each tip dismisses itself (its ✕ or performing
|
||||||
|
the action). Shown once; per-device eligibility.
|
||||||
|
- **Two tours:** **lobby series** (⚙️ settings, ✏️ statistics, 🎲 new-game tabs) + **game series**
|
||||||
|
(scoreboard header, pass/exchange, hint, shuffle, rack). Localized (en/ru).
|
||||||
|
- **First-launch sequence:** lobby (guest) → sign-in sheet (C) → on dismiss → the TipKit lobby tour
|
||||||
|
(so the sheet and the tips don't overlap).
|
||||||
|
|
||||||
|
#### G. Friends — detail (Settings → Friends)
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **Structure:** a single **inset-grouped `List`** with sections **Requests** (incoming: accept /
|
||||||
|
decline; outgoing: cancel) · **Friends** · **Blocked** (unblock). A toolbar **"+"** opens the add
|
||||||
|
sheet.
|
||||||
|
- **Add sheet ("+"):** **Enter a code** (6-digit redeem, valid 12 h) / **Share my code** (generate +
|
||||||
|
`ShareLink`).
|
||||||
|
- **Friend-row actions:** **swipe actions** — **Remove** (destructive) + **Block** — each gated by a
|
||||||
|
naming **`confirmationDialog`** ("Remove from friends?" / "Block this player?").
|
||||||
|
- Chat / nudge are **not** here — they live in the in-game comms sheet (F). Global block toggles
|
||||||
|
(incoming chat / friend requests) live in **Profile (H)**.
|
||||||
|
|
||||||
|
**Behaviour (per FUNCTIONAL, kept)**
|
||||||
|
- Two ways to friend: redeem a one-time code, or a request to someone you've played with
|
||||||
|
(accept / ignore→30-day lapse / decline→blocks until they hand you a code). Cancel your outgoing;
|
||||||
|
unfriend removes it.
|
||||||
|
- A per-user block is one-directional and silent; **unblock and unfriend live only here**.
|
||||||
|
|
||||||
|
#### H. Profile & settings — detail
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **Settings hub** = an icon **`List` of drill-down `NavigationLink` rows** (the Podcasts → Library
|
||||||
|
pattern), SF-symbol icons, with room left at the bottom for optional general info later. Rows:
|
||||||
|
- **Interface** (⚙️) → display-settings screen.
|
||||||
|
- **Friends** (person.2) → G.
|
||||||
|
- **Wallet** (creditcard) → I. **Hidden for guests.**
|
||||||
|
- **Info** (info.circle) → About + version + legal (K).
|
||||||
|
- **Feedback** → J. **Hidden for guests.** Unread-reply **badge** on the Settings tab **and** on this
|
||||||
|
row.
|
||||||
|
- **Profile = a top-right nav-bar icon** (`ToolbarItem(.topBarTrailing)`, `person.circle`; filled /
|
||||||
|
initial when signed in) on the settings hub: **guest → the sign-in sheet (C); signed-in → the profile
|
||||||
|
screen.** (Duplicated onto the lobby only if asked later.)
|
||||||
|
- **Interface screen** (display prefs): language · theme · board bonus-label style · reduce-motion ·
|
||||||
|
zoom-the-board.
|
||||||
|
|
||||||
|
**Guest has no editable settings** — the random nick is not changeable, the variant is always
|
||||||
|
`erudite_ru`, the timezone is auto-detected (never set by hand). So there is **no guest profile
|
||||||
|
screen**: the profile icon for a guest opens the **sign-in sheet** (confirms C). It also confirms E's
|
||||||
|
"variant picker hidden when a single variant is enabled" for guests.
|
||||||
|
|
||||||
|
**Profile screen (signed-in / durable)** — an inset-grouped `Form`:
|
||||||
|
- **Name** — inline `TextField` + validation (letters + `·`/`.`/`_` separator, optional trailing `.`
|
||||||
|
or ≤5 digits, ≤32 chars, ≤5 specials).
|
||||||
|
- **Play** — timezone (UTC-offset picker, pre-filled from the device) · away window (10-min grid, ≤12 h,
|
||||||
|
wraps midnight; a two-time range) · variant preferences (multi-select emblems, ≥1 kept) ·
|
||||||
|
notifications-in-app-only (`Switch`, default on).
|
||||||
|
- **Privacy** — global block toggles (incoming chat / friend requests).
|
||||||
|
- **Sign-in methods** — rows link / unlink; **email is "changed", not unlinked**; the **last** method
|
||||||
|
can't be unlinked; a provider that belongs to another account offers the irreversible **merge** (guest
|
||||||
|
initiator seamless, durable initiator confirmed).
|
||||||
|
- **Delete account** — destructive footer; confirm via a mailed code (email account) or a typed phrase.
|
||||||
|
Legal-retention removal (not erasure), per FUNCTIONAL.
|
||||||
|
|
||||||
|
#### I. Wallet & store — detail (durable only; delivery staged)
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **Structure:** inset-grouped — a **balance card** (running-context «Фишка» first, then linked
|
||||||
|
other-platform chips behind their logos: VK / Telegram / web / **Apple** as a new context) → **Active**
|
||||||
|
line (hints remaining + ad-free end date / "forever"; hidden when empty) → segmented **`[Buy | Spend]`**
|
||||||
|
→ rows. **No purchase history.**
|
||||||
|
- **Buy (v1):** the chip packs are **shown** (the user sees purchases exist in the game), but tapping
|
||||||
|
**Buy** shows a light message — *"Purchases are unavailable on the Apple platform. You might like
|
||||||
|
another version of [our app](landing)."* — a soft redirect to the Android/PWA build while payments are
|
||||||
|
not wired. Chosen over hiding so the offering stays visible; unlocking real Buy later (IAP / external
|
||||||
|
rails) is then just enabling the path.
|
||||||
|
- **Spend:** values (extra hints, days without ads) at a fixed chip price; **Exchange** action + a
|
||||||
|
confirm `confirmationDialog`.
|
||||||
|
|
||||||
|
**[OPEN / TRACKED — a dedicated payments session, not resolved here]**
|
||||||
|
- **Cross-platform spend compliance (Apple landmine):** we must **not** let a user buy chips on the web
|
||||||
|
(email login) and then **spend** them inside the iOS app where the same email is signed in — spending
|
||||||
|
externally-funded digital currency in-app violates App Store rules. This reshapes the iOS
|
||||||
|
**store-compliance spend-visibility** (what of the balance is spendable on iOS, given there is no
|
||||||
|
Apple-funded chip yet). The owner will settle it in a dedicated payments session. Ties to §10.
|
||||||
|
|
||||||
|
#### J. Feedback — detail (durable only; guests hidden)
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- inset-grouped `Form`: **`TextEditor`** (≤1024, live counter) → attachment row → **Send**.
|
||||||
|
- **Attachment:** one file ≤1 MB (images / PDF / text-log / office / RTF / archives). **"Attach"** →
|
||||||
|
menu **`PhotosPicker` (Photos)** / **`fileImporter` (Files)**; **no camera**. An unsupported file is
|
||||||
|
refused **without naming** the allowed types; the chosen file shows as a removable chip.
|
||||||
|
- **After send:** the form clears, "Ваше сообщение отправлено"; while the operator has not dealt with it,
|
||||||
|
a locked state "Ожидаем рассмотрения вашего последнего обращения" (Send disabled).
|
||||||
|
- **Reply** below: "Ответ на ваше последнее сообщение"; links open in `SFSafariViewController`; marked
|
||||||
|
read on view; gone after a week.
|
||||||
|
- **Unread-reply badge:** Settings tab + Feedback row (H).
|
||||||
|
- **Feedback-barred** player: Send disabled.
|
||||||
|
|
||||||
|
#### K. Info / legal — detail
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **About screen** (Info hub row): app name · **version** (native build + the client-version) · links to
|
||||||
|
the three legal docs · copyright; optional "Rate on the App Store".
|
||||||
|
- **Legal docs** (EULA `/eula/`, privacy `/privacy/`, offer `/offer/` + live price list): open via
|
||||||
|
**`SFSafariViewController` to the hosted URLs** — always current, the offer's price list stays live,
|
||||||
|
bilingual handled by the page; no render pipeline duplicated in the app. **Offline:** unavailable
|
||||||
|
("недоступно офлайн").
|
||||||
|
|
||||||
|
#### A. Boot / launch & update — detail
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **LaunchScreen:** static, OS-level, instant (**iOS cannot animate the launch screen**) — brand/logo.
|
||||||
|
- **In-app loading:** the crossword-tiles splash (ЭРУДИТ/ЗАГРУЗКА/ОЖИДАНИЕ) shows **only while the lobby
|
||||||
|
list isn't ready**; fast silent boot → usually straight to the lobby. Offline cold launch → straight to
|
||||||
|
the offline lobby.
|
||||||
|
- **"Couldn't load" + Retry:** a native screen when an online launch can't reach the backend (a quiet
|
||||||
|
retry first).
|
||||||
|
- **Client too old** (only on an online action, never while playing offline): full-screen, non-dismissable
|
||||||
|
— **Update** (App Store listing) + **Play offline** (keep on-device games).
|
||||||
|
- **"Update available" (soft, not required):** a **transient top banner styled like a native
|
||||||
|
notification** — "Пора обновить приложение", **tap → App Store**, **auto-dismiss after 5 s**, shown on
|
||||||
|
**every launch when online**. (iOS has no first-party toast → a custom notification-style banner;
|
||||||
|
deviates by choice from the web's persistent dismissible bar.)
|
||||||
|
|
||||||
|
#### L. Advertising banner — detail (cross-cutting component)
|
||||||
|
|
||||||
|
**UX decisions**
|
||||||
|
- **Placement:** a one-line strip **on the main tabs (Lobby / New Game / Statistics) AND in-game (F)** —
|
||||||
|
players spend most time in-game. Hidden in settings drill-downs and modal flows. **In-game it occupies
|
||||||
|
the top strip** (the empty space above the seats header), coexisting with the connection chrome
|
||||||
|
(Connecting… / Offline / connection-lost banner sit with it).
|
||||||
|
- **Audience:** free players only (not lifetime-paid, no purchased hints, no `no_banner` role); guests
|
||||||
|
see it; appears/disappears **in place** on a property change.
|
||||||
|
- **Language (native, no bot channel):** the **interface language** (RU default) — there is no "bot you
|
||||||
|
play through" here.
|
||||||
|
- **Not hidden under TipKit** (no dimming overlay, unlike the web coachmarks).
|
||||||
|
|
||||||
|
**Behaviour (per FUNCTIONAL, kept)**
|
||||||
|
- Operator campaigns (weight %, optional window); compete in proportion to weight; a **house/default**
|
||||||
|
campaign fills the unsold share; an **urgent** campaign shows to everyone and is the only thing shown.
|
||||||
|
- Fair weighted rotation; a multi-message campaign cycles in turn; transitions (fade-out → gap →
|
||||||
|
fade-in); long-message scroll; timings from the server (`/_gm/banners`).
|
||||||
|
- Per-non-default-campaign colours (theme-aware set + optional dark override; derived border); urgent flag.
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
# Icons
|
||||||
|
|
||||||
|
The whole shipped icon set is sliced from **one master** — see
|
||||||
|
[`brand/`](brand/) for the reference generator, the pinned font and the committed
|
||||||
|
outputs, and [`../../docs/ICON_BRANDBOOK.md`](../../docs/ICON_BRANDBOOK.md) for how the
|
||||||
|
mark is constructed. The per-platform target map (which file goes where) is in
|
||||||
|
[`../../docs/ICONS.md`](../../docs/ICONS.md).
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd brand
|
||||||
|
npm i opentype.js
|
||||||
|
node build-set.mjs # web (ui/public) + Capacitor layers (ui/assets) + vk/ tg/ store/
|
||||||
|
node build-android-res.mjs # Android launcher resources (all densities + monochrome)
|
||||||
|
```
|
||||||
|
|
||||||
|
> The earlier `build/` pipeline (LiberationSans glyph outlines → favicon/apple-touch/OG)
|
||||||
|
> was replaced by `brand/` when the icon was rebranded onto the Spectral «Э» master.
|
||||||
|
> The separate VK loading-screen animation lives in [`../vk/`](../vk/) and is unrelated.
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
node_modules/
|
||||||
|
package-lock.json
|
||||||
@@ -0,0 +1,32 @@
|
|||||||
|
# Erudit icon — brand master
|
||||||
|
|
||||||
|
The reference construction of the Erudit app icon. The authoritative, human-readable
|
||||||
|
spec lives in [`docs/ICON_BRANDBOOK.md`](../../../docs/ICON_BRANDBOOK.md); this folder
|
||||||
|
holds the machine reproduction of exactly what that document describes.
|
||||||
|
|
||||||
|
| File | What |
|
||||||
|
|------|------|
|
||||||
|
| `build-icon.mjs` | reference generator — every dimension is a fraction of the side, matching the brand book |
|
||||||
|
| `render-png.mjs` | rasterises an icon SVG to PNG via the `ui` package's Playwright chromium |
|
||||||
|
| `Spectral-Bold.ttf` | the «Э» typeface (SIL OFL, `Spectral-OFL.txt`) — pinned so the letter never drifts |
|
||||||
|
| `icon-light.svg` / `.png` | the light master (1024) |
|
||||||
|
| `icon-dark.svg` / `.png` | the dark master (1024) |
|
||||||
|
| `icon-construction.svg` / `.png` | the percent-annotated construction scheme (figure in the brand book) |
|
||||||
|
|
||||||
|
## Regenerate
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd assets/icons/brand
|
||||||
|
npm i opentype.js # the only extra dep; render uses ui's chromium
|
||||||
|
|
||||||
|
node build-icon.mjs --variant light > icon-light.svg
|
||||||
|
node build-icon.mjs --variant dark > icon-dark.svg
|
||||||
|
node build-icon.mjs --variant light --scheme > icon-construction.svg
|
||||||
|
|
||||||
|
node render-png.mjs icon-light.svg icon-light.png 1024
|
||||||
|
node render-png.mjs icon-dark.svg icon-dark.png 1024
|
||||||
|
node render-png.mjs icon-construction.svg icon-construction.png 2048
|
||||||
|
```
|
||||||
|
|
||||||
|
The SVGs are resolution-free; render at any size. Downstream slicing (favicon / PWA /
|
||||||
|
iOS / Android) is a separate step — see [`docs/ICONS.md`](../../../docs/ICONS.md).
|
||||||
@@ -0,0 +1,93 @@
|
|||||||
|
Copyright 2017 The Spectral Project Authors (https://github.com/productiontype/Spectral)
|
||||||
|
|
||||||
|
This Font Software is licensed under the SIL Open Font License, Version 1.1.
|
||||||
|
This license is copied below, and is also available with a FAQ at:
|
||||||
|
https://openfontlicense.org
|
||||||
|
|
||||||
|
|
||||||
|
-----------------------------------------------------------
|
||||||
|
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
|
||||||
|
-----------------------------------------------------------
|
||||||
|
|
||||||
|
PREAMBLE
|
||||||
|
The goals of the Open Font License (OFL) are to stimulate worldwide
|
||||||
|
development of collaborative font projects, to support the font creation
|
||||||
|
efforts of academic and linguistic communities, and to provide a free and
|
||||||
|
open framework in which fonts may be shared and improved in partnership
|
||||||
|
with others.
|
||||||
|
|
||||||
|
The OFL allows the licensed fonts to be used, studied, modified and
|
||||||
|
redistributed freely as long as they are not sold by themselves. The
|
||||||
|
fonts, including any derivative works, can be bundled, embedded,
|
||||||
|
redistributed and/or sold with any software provided that any reserved
|
||||||
|
names are not used by derivative works. The fonts and derivatives,
|
||||||
|
however, cannot be released under any other type of license. The
|
||||||
|
requirement for fonts to remain under this license does not apply
|
||||||
|
to any document created using the fonts or their derivatives.
|
||||||
|
|
||||||
|
DEFINITIONS
|
||||||
|
"Font Software" refers to the set of files released by the Copyright
|
||||||
|
Holder(s) under this license and clearly marked as such. This may
|
||||||
|
include source files, build scripts and documentation.
|
||||||
|
|
||||||
|
"Reserved Font Name" refers to any names specified as such after the
|
||||||
|
copyright statement(s).
|
||||||
|
|
||||||
|
"Original Version" refers to the collection of Font Software components as
|
||||||
|
distributed by the Copyright Holder(s).
|
||||||
|
|
||||||
|
"Modified Version" refers to any derivative made by adding to, deleting,
|
||||||
|
or substituting -- in part or in whole -- any of the components of the
|
||||||
|
Original Version, by changing formats or by porting the Font Software to a
|
||||||
|
new environment.
|
||||||
|
|
||||||
|
"Author" refers to any designer, engineer, programmer, technical
|
||||||
|
writer or other person who contributed to the Font Software.
|
||||||
|
|
||||||
|
PERMISSION & CONDITIONS
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
|
a copy of the Font Software, to use, study, copy, merge, embed, modify,
|
||||||
|
redistribute, and sell modified and unmodified copies of the Font
|
||||||
|
Software, subject to the following conditions:
|
||||||
|
|
||||||
|
1) Neither the Font Software nor any of its individual components,
|
||||||
|
in Original or Modified Versions, may be sold by itself.
|
||||||
|
|
||||||
|
2) Original or Modified Versions of the Font Software may be bundled,
|
||||||
|
redistributed and/or sold with any software, provided that each copy
|
||||||
|
contains the above copyright notice and this license. These can be
|
||||||
|
included either as stand-alone text files, human-readable headers or
|
||||||
|
in the appropriate machine-readable metadata fields within text or
|
||||||
|
binary files as long as those fields can be easily viewed by the user.
|
||||||
|
|
||||||
|
3) No Modified Version of the Font Software may use the Reserved Font
|
||||||
|
Name(s) unless explicit written permission is granted by the corresponding
|
||||||
|
Copyright Holder. This restriction only applies to the primary font name as
|
||||||
|
presented to the users.
|
||||||
|
|
||||||
|
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
|
||||||
|
Software shall not be used to promote, endorse or advertise any
|
||||||
|
Modified Version, except to acknowledge the contribution(s) of the
|
||||||
|
Copyright Holder(s) and the Author(s) or with their explicit written
|
||||||
|
permission.
|
||||||
|
|
||||||
|
5) The Font Software, modified or unmodified, in part or in whole,
|
||||||
|
must be distributed entirely under this license, and must not be
|
||||||
|
distributed under any other license. The requirement for fonts to
|
||||||
|
remain under this license does not apply to any document created
|
||||||
|
using the Font Software.
|
||||||
|
|
||||||
|
TERMINATION
|
||||||
|
This license becomes null and void if any of the above conditions are
|
||||||
|
not met.
|
||||||
|
|
||||||
|
DISCLAIMER
|
||||||
|
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
|
||||||
|
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
|
||||||
|
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||||
|
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
|
||||||
|
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
|
||||||
|
OTHER DEALINGS IN THE FONT SOFTWARE.
|
||||||
|
After Width: | Height: | Size: 19 KiB |
@@ -0,0 +1,53 @@
|
|||||||
|
'use strict';
|
||||||
|
// Generate the Android launcher resources from the committed layers, at every
|
||||||
|
// density, with NO inset (our layers already fill the 108 dp canvas) and a
|
||||||
|
// monochrome (themed) layer. Run build-set.mjs first (it writes the layer PNGs).
|
||||||
|
//
|
||||||
|
// npm i opentype.js # (only build-icon/build-set need it; this reads PNGs)
|
||||||
|
// node build-set.mjs && node build-android-res.mjs
|
||||||
|
//
|
||||||
|
// Writes ui/android/app/src/main/res/mipmap-*/ic_launcher{,_round,_foreground,
|
||||||
|
// _background,_monochrome}.png. The two mipmap-anydpi-v26/*.xml are committed by hand.
|
||||||
|
import { readFileSync, writeFileSync } from 'node:fs';
|
||||||
|
import { fileURLToPath } from 'node:url';
|
||||||
|
import { dirname, join } from 'node:path';
|
||||||
|
|
||||||
|
const DIR = dirname(fileURLToPath(import.meta.url));
|
||||||
|
const ROOT = join(DIR, '..', '..', '..');
|
||||||
|
const RES = join(ROOT, 'ui', 'android', 'app', 'src', 'main', 'res');
|
||||||
|
const uri = p => 'data:image/png;base64,' + readFileSync(p).toString('base64');
|
||||||
|
const BG = uri(join(ROOT, 'ui', 'assets', 'icon-background.png'));
|
||||||
|
const FG = uri(join(ROOT, 'ui', 'assets', 'icon-foreground.png'));
|
||||||
|
const MONO = uri(join(DIR, 'android-monochrome.png'));
|
||||||
|
// The full-bleed master (square tile + master mark) — the legacy SQUARE launcher (API < 26)
|
||||||
|
// uses it so old Android shows a large mark rather than the safe-zone foreground shrunk into
|
||||||
|
// the middle. The round legacy icon keeps the safe-zone composite (a round mask would clip
|
||||||
|
// the master's corner ✻).
|
||||||
|
const MASTER = uri(join(ROOT, 'ui', 'assets', 'icon.png'));
|
||||||
|
|
||||||
|
// density: [adaptive-layer px (108 dp), legacy launcher px (48 dp)]
|
||||||
|
const D = { ldpi: [81, 36], mdpi: [108, 48], hdpi: [162, 72], xhdpi: [216, 96], xxhdpi: [324, 144], xxxhdpi: [432, 192] };
|
||||||
|
|
||||||
|
const pw = await import(join(ROOT, 'ui', 'node_modules', '@playwright', 'test', 'index.js'));
|
||||||
|
const { chromium } = pw.default ?? pw;
|
||||||
|
const browser = await chromium.launch();
|
||||||
|
const page = await browser.newPage({ deviceScaleFactor: 1 });
|
||||||
|
const im = (u, s) => `<img src="${u}" width="${s}" height="${s}" style="display:block">`;
|
||||||
|
async function shot(html, s, transparent) {
|
||||||
|
await page.setViewportSize({ width: s, height: s });
|
||||||
|
await page.setContent(`<!doctype html><meta charset=utf8><style>*{margin:0;padding:0}#r{width:${s}px;height:${s}px}</style><div id=r>${html}</div>`, { waitUntil: 'networkidle' });
|
||||||
|
return page.locator('#r').screenshot({ omitBackground: !!transparent });
|
||||||
|
}
|
||||||
|
for (const [d, [fg, lg]] of Object.entries(D)) {
|
||||||
|
const dir = join(RES, `mipmap-${d}`);
|
||||||
|
writeFileSync(join(dir, 'ic_launcher_background.png'), await shot(im(BG, fg), fg, false));
|
||||||
|
writeFileSync(join(dir, 'ic_launcher_foreground.png'), await shot(im(FG, fg), fg, true));
|
||||||
|
writeFileSync(join(dir, 'ic_launcher_monochrome.png'), await shot(im(MONO, fg), fg, true));
|
||||||
|
// Square launcher: the full-bleed master (large mark). Round launcher: the safe-zone
|
||||||
|
// composite, circle-clipped (the master's corner ✻ would be clipped by the round mask).
|
||||||
|
writeFileSync(join(dir, 'ic_launcher.png'), await shot(im(MASTER, lg), lg, false));
|
||||||
|
const round = `<div style="width:${lg}px;height:${lg}px;border-radius:50%;overflow:hidden;position:relative">${im(BG, lg)}<div style="position:absolute;inset:0">${im(FG, lg)}</div></div>`;
|
||||||
|
writeFileSync(join(dir, 'ic_launcher_round.png'), await shot(round, lg, true));
|
||||||
|
console.log('mipmap-' + d, 'ok');
|
||||||
|
}
|
||||||
|
await browser.close();
|
||||||
@@ -0,0 +1,163 @@
|
|||||||
|
'use strict';
|
||||||
|
// Erudit app-icon — the reference generator. Every dimension below is a FRACTION
|
||||||
|
// of the icon side, so this file reads the same as docs/ICON_BRANDBOOK.md and the
|
||||||
|
// icon reproduces at any resolution. Emits one variant/layer's SVG to stdout.
|
||||||
|
//
|
||||||
|
// node build-icon.mjs --variant light|dark [--layer full|background|foreground] [--scheme] > icon.svg
|
||||||
|
//
|
||||||
|
// Layers (for Android adaptive icons):
|
||||||
|
// full the standalone master (rounded tile + mark) — iOS / PWA / favicon
|
||||||
|
// background wood + grain + light/shadow, full-bleed square (the OS applies the mask)
|
||||||
|
// foreground only «Э» + ✻, transparent, re-placed for the round mask (see FG_* below)
|
||||||
|
//
|
||||||
|
// Deps: opentype.js (npm i opentype.js). Font: ./Spectral-Bold.ttf (OFL, bundled).
|
||||||
|
import { readFileSync } from 'node:fs';
|
||||||
|
import { fileURLToPath } from 'node:url';
|
||||||
|
import { dirname, join } from 'node:path';
|
||||||
|
import opentype from 'opentype.js';
|
||||||
|
|
||||||
|
const DIR = dirname(fileURLToPath(import.meta.url));
|
||||||
|
const args = process.argv.slice(2);
|
||||||
|
const has = f => args.includes('--' + f);
|
||||||
|
const val = (f, d) => { const i = args.indexOf('--' + f); return i >= 0 ? args[i + 1] : d; };
|
||||||
|
|
||||||
|
// ---- the design, in fractions of the side ----
|
||||||
|
const S = 1024; // reference side (the icon is resolution-free)
|
||||||
|
const RADIUS = 0.17; // tile corner radius (full master)
|
||||||
|
const STAR_BULB = 0.22; // spoke-end (and hub) radius, as fraction of star radius
|
||||||
|
const STAR_SPOKES = 6;
|
||||||
|
const GRAIN_COLS = 6, GRAIN_W = 1 / 32, GRAIN_SHIFT = 1 / 16, GRAIN_TILT = 4;
|
||||||
|
const SHEEN = 0.15; // white, transparent bottom-left -> this alpha top-right
|
||||||
|
const SHADE = 0.15; // black, this alpha bottom-left -> transparent top-right
|
||||||
|
|
||||||
|
// The mark, placed for the standalone master (bottom-right biased, full-bleed):
|
||||||
|
const MASTER = { lh: 0.6055, lc: [0.4814, 0.4922], sd: 0.1729, sc: [0.7881, 0.7881] };
|
||||||
|
// The mark, placed for the Android foreground layer (centred-ish inside the 61% safe
|
||||||
|
// zone, nudged right 8% / down 3% for optical balance under the round mask; smaller ✻).
|
||||||
|
// Every value is the earlier placement scaled 0.75 about the icon centre (0.5, 0.5): the
|
||||||
|
// whole mark is 25% smaller, its «Э»↔✻ arrangement unchanged, so the ✻ that used to graze
|
||||||
|
// the round mask now sits well inside the safe zone. Round-mask launchers (adaptive + the
|
||||||
|
// legacy round icon) get more breathing room; the full-bleed master is untouched.
|
||||||
|
const FOREGROUND = { lh: 0.4043, lc: [0.5176, 0.4963], sd: 0.0989, sc: [0.6970, 0.6700] };
|
||||||
|
|
||||||
|
const PALETTE = {
|
||||||
|
light: { wood: '#e6b053', ink: '#5a3a12', grain: '#d8a54e' },
|
||||||
|
dark: { wood: '#4a3316', ink: '#f2d9a0', grain: '#432e14' },
|
||||||
|
};
|
||||||
|
|
||||||
|
// Layers:
|
||||||
|
// full rounded tile + master mark (favicon.svg — browser rounds nothing)
|
||||||
|
// flat square tile + master mark (apple-touch, PWA "any" — OS rounds)
|
||||||
|
// background square tile, no mark (Android adaptive background)
|
||||||
|
// foreground mark only, transparent (Android adaptive foreground)
|
||||||
|
// maskable square tile + foreground mark (PWA maskable — safe-zone aware)
|
||||||
|
// monochrome foreground mark only, flat colour (Android 13+ themed layer)
|
||||||
|
const LAYERS = ['full', 'flat', 'background', 'foreground', 'maskable', 'monochrome'];
|
||||||
|
const variant = val('variant', 'light');
|
||||||
|
const layer = val('layer', 'full');
|
||||||
|
const P = PALETTE[variant];
|
||||||
|
if (!P) { console.error(`unknown --variant ${variant} (light|dark)`); process.exit(1); }
|
||||||
|
if (!LAYERS.includes(layer)) { console.error(`unknown --layer ${layer} (${LAYERS.join('|')})`); process.exit(1); }
|
||||||
|
|
||||||
|
const usesForegroundPlacement = ['foreground', 'maskable', 'monochrome'].includes(layer);
|
||||||
|
const drawBg = ['full', 'flat', 'background', 'maskable'].includes(layer);
|
||||||
|
const drawMark = layer !== 'background';
|
||||||
|
const MARK = usesForegroundPlacement ? FOREGROUND : MASTER;
|
||||||
|
const inkColour = layer === 'monochrome' ? val('mono', '#ffffff') : P.ink;
|
||||||
|
const RX = layer === 'full' ? RADIUS * S : 0; // only the standalone master keeps rounded corners
|
||||||
|
const font = opentype.parse(readFileSync(join(DIR, 'Spectral-Bold.ttf')).buffer);
|
||||||
|
|
||||||
|
// «Э» outline scaled so its ink bounding box is MARK.lh of the side, box centred on MARK.lc.
|
||||||
|
function letterSvg() {
|
||||||
|
const g = font.charToGlyph('Э');
|
||||||
|
const h0 = (() => { const b = g.getPath(0, 0, 1000).getBoundingBox(); return b.y2 - b.y1; })();
|
||||||
|
const scale = (MARK.lh * S) / h0;
|
||||||
|
const p = g.getPath(0, 0, 1000 * scale);
|
||||||
|
const bb = p.getBoundingBox();
|
||||||
|
const w = bb.x2 - bb.x1, h = bb.y2 - bb.y1;
|
||||||
|
const tx = MARK.lc[0] * S - (bb.x1 + w / 2);
|
||||||
|
const ty = MARK.lc[1] * S - (bb.y1 + h / 2);
|
||||||
|
return { svg: `<path transform="translate(${tx.toFixed(2)} ${ty.toFixed(2)})" d="${p.toPathData(2)}" fill="${inkColour}"/>`,
|
||||||
|
box: { x: bb.x1 + tx, y: bb.y1 + ty, w, h } };
|
||||||
|
}
|
||||||
|
|
||||||
|
// Teardrop-spoked asterisk ✻: each spoke tapers to a point at the centre and ends
|
||||||
|
// in a round bulb; a central disc equal to the bulb fuses them.
|
||||||
|
function starPath() {
|
||||||
|
const cx = MARK.sc[0] * S, cy = MARK.sc[1] * S, Rout = MARK.sd * S / 2;
|
||||||
|
const rb = Rout * STAR_BULB, R = Rout - rb;
|
||||||
|
const L = Math.sqrt(R * R - rb * rb), theta = Math.asin(rb / R);
|
||||||
|
const rot = (v, t) => [v[0] * Math.cos(t) - v[1] * Math.sin(t), v[0] * Math.sin(t) + v[1] * Math.cos(t)];
|
||||||
|
let d = '';
|
||||||
|
for (let k = 0; k < STAR_SPOKES; k++) {
|
||||||
|
const a = -Math.PI / 2 + k * 2 * Math.PI / STAR_SPOKES;
|
||||||
|
const u = [Math.cos(a), Math.sin(a)];
|
||||||
|
const d1 = rot(u, theta), d2 = rot(u, -theta);
|
||||||
|
const T1 = [cx + L * d1[0], cy + L * d1[1]], T2 = [cx + L * d2[0], cy + L * d2[1]];
|
||||||
|
d += `M${cx.toFixed(2)} ${cy.toFixed(2)} L${T1[0].toFixed(2)} ${T1[1].toFixed(2)} A${rb.toFixed(2)} ${rb.toFixed(2)} 0 1 0 ${T2[0].toFixed(2)} ${T2[1].toFixed(2)} Z `;
|
||||||
|
}
|
||||||
|
d += `M${cx} ${cy} m${-rb} 0 a${rb} ${rb} 0 1 0 ${2 * rb} 0 a${rb} ${rb} 0 1 0 ${-2 * rb} 0 Z`;
|
||||||
|
return `<path d="${d}" fill="${inkColour}"/>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
function grain() {
|
||||||
|
const colW = S / GRAIN_COLS, sw = GRAIN_W * S, shift = GRAIN_SHIFT * S;
|
||||||
|
const yTop = -0.2 * S, yBot = 1.2 * S, cy = S / 2;
|
||||||
|
let s = '';
|
||||||
|
for (let i = 1; i <= GRAIN_COLS; i++) {
|
||||||
|
const xr = i * colW - shift, x = xr - sw, cx = xr - sw / 2;
|
||||||
|
s += `<rect x="${x.toFixed(2)}" y="${yTop.toFixed(2)}" width="${sw.toFixed(2)}" height="${(yBot - yTop).toFixed(2)}" fill="${P.grain}" transform="rotate(${GRAIN_TILT} ${cx.toFixed(2)} ${cy.toFixed(2)})"/>`;
|
||||||
|
}
|
||||||
|
return `<g clip-path="url(#tile)">${s}</g>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
let body = '';
|
||||||
|
const L = letterSvg();
|
||||||
|
if (drawBg) { // tile + grain + light/shadow (the background)
|
||||||
|
body += `<rect width="${S}" height="${S}" rx="${RX}" fill="${P.wood}"/>`
|
||||||
|
+ `<defs><clipPath id="tile"><rect width="${S}" height="${S}" rx="${RX}"/></clipPath>`
|
||||||
|
+ `<linearGradient id="sheen" gradientUnits="userSpaceOnUse" x1="0" y1="${S}" x2="${S}" y2="0"><stop offset="0" stop-color="#fff" stop-opacity="0"/><stop offset="1" stop-color="#fff" stop-opacity="${SHEEN}"/></linearGradient>`
|
||||||
|
+ `<linearGradient id="shade" gradientUnits="userSpaceOnUse" x1="0" y1="${S}" x2="${S}" y2="0"><stop offset="0" stop-color="#000" stop-opacity="${SHADE}"/><stop offset="1" stop-color="#000" stop-opacity="0"/></linearGradient>`
|
||||||
|
+ `</defs>`
|
||||||
|
+ grain()
|
||||||
|
+ `<rect width="${S}" height="${S}" fill="url(#sheen)" clip-path="url(#tile)"/>`
|
||||||
|
+ `<rect width="${S}" height="${S}" fill="url(#shade)" clip-path="url(#tile)"/>`;
|
||||||
|
}
|
||||||
|
if (drawMark) body += L.svg + starPath(); // the mark
|
||||||
|
if (has('scheme')) body += scheme(L);
|
||||||
|
|
||||||
|
process.stdout.write(`<svg xmlns="http://www.w3.org/2000/svg" width="${S}" height="${S}" viewBox="0 0 ${S} ${S}">${body}</svg>\n`);
|
||||||
|
|
||||||
|
// Percent-based construction overlay for the brand book (full master only).
|
||||||
|
function scheme(L) {
|
||||||
|
const pc = n => (100 * n / S).toFixed(1) + '%';
|
||||||
|
const GC = '#0f172a', BX = '#d81b60', AC = '#0d9488';
|
||||||
|
const halo = 'paint-order="stroke" stroke="#fff" stroke-width="4"';
|
||||||
|
const cx = MARK.sc[0] * S, cy = MARK.sc[1] * S, sd = MARK.sd * S;
|
||||||
|
let g = `<g font-family="'Helvetica Neue',Arial,sans-serif">`;
|
||||||
|
for (let f = 1; f <= 3; f++) {
|
||||||
|
const p = f * S / 4;
|
||||||
|
g += `<line x1="${p}" y1="0" x2="${p}" y2="${S}" stroke="${GC}" stroke-opacity="0.18" stroke-width="1.2"/>`;
|
||||||
|
g += `<line x1="0" y1="${p}" x2="${S}" y2="${p}" stroke="${GC}" stroke-opacity="0.18" stroke-width="1.2"/>`;
|
||||||
|
g += `<text x="${p + 4}" y="20" font-size="17" font-weight="700" fill="${GC}" ${halo}>${f * 25}%</text>`;
|
||||||
|
g += `<text x="4" y="${p - 4}" font-size="17" font-weight="700" fill="${GC}" ${halo}>${f * 25}%</text>`;
|
||||||
|
}
|
||||||
|
g += `<line x1="${0.14 * S}" y1="${0.86 * S}" x2="${0.86 * S}" y2="${0.14 * S}" stroke="${AC}" stroke-width="3" stroke-dasharray="3 8" stroke-linecap="round"/>`;
|
||||||
|
g += `<circle cx="${0.86 * S}" cy="${0.14 * S}" r="6" fill="${AC}"/><circle cx="${0.14 * S}" cy="${0.86 * S}" r="6" fill="${AC}"/>`;
|
||||||
|
g += `<text x="${0.86 * S - 6}" y="${0.14 * S - 12}" text-anchor="end" font-size="18" font-weight="700" fill="${AC}" ${halo}>light: white 0%→15%</text>`;
|
||||||
|
g += `<text x="${0.14 * S + 10}" y="${0.86 * S + 26}" font-size="18" font-weight="700" fill="${AC}" ${halo}>shadow: black 15%→0%</text>`;
|
||||||
|
const { x, y, w, h } = L.box;
|
||||||
|
g += `<rect x="${x.toFixed(1)}" y="${y.toFixed(1)}" width="${w.toFixed(1)}" height="${h.toFixed(1)}" fill="none" stroke="${BX}" stroke-width="2.5"/>`;
|
||||||
|
g += `<line x1="${MARK.lc[0] * S}" y1="${MARK.lc[1] * S - 16}" x2="${MARK.lc[0] * S}" y2="${MARK.lc[1] * S + 16}" stroke="${BX}" stroke-width="2.5"/><line x1="${MARK.lc[0] * S - 16}" y1="${MARK.lc[1] * S}" x2="${MARK.lc[0] * S + 16}" y2="${MARK.lc[1] * S}" stroke="${BX}" stroke-width="2.5"/>`;
|
||||||
|
g += `<text x="${x.toFixed(1)}" y="${(y - 10).toFixed(1)}" font-size="19" font-weight="700" fill="${BX}" ${halo}>«Э» Spectral Bold · box H ${pc(h)} · W ${pc(w)}</text>`;
|
||||||
|
g += `<text x="${x.toFixed(1)}" y="${(y + h + 24).toFixed(1)}" font-size="18" font-weight="700" fill="${BX}" ${halo}>box center ${pc(MARK.lc[0] * S)} / ${pc(MARK.lc[1] * S)}</text>`;
|
||||||
|
g += `<rect x="${cx - sd / 2}" y="${cy - sd / 2}" width="${sd}" height="${sd}" fill="none" stroke="${BX}" stroke-width="2.5"/>`;
|
||||||
|
g += `<line x1="${cx}" y1="${cy - 14}" x2="${cx}" y2="${cy + 14}" stroke="${BX}" stroke-width="2.5"/><line x1="${cx - 14}" y1="${cy}" x2="${cx + 14}" y2="${cy}" stroke="${BX}" stroke-width="2.5"/>`;
|
||||||
|
g += `<text x="${(cx + sd / 2).toFixed(1)}" y="${(cy - sd / 2 - 10).toFixed(1)}" text-anchor="end" font-size="18" font-weight="700" fill="${BX}" ${halo}>✻ Ø ${pc(sd)} · center ${pc(cx)} / ${pc(cy)}</text>`;
|
||||||
|
g += `<text x="${RX + 14}" y="${RX - 6}" font-size="17" font-weight="700" fill="${GC}" ${halo}>corner r = 17%</text>`;
|
||||||
|
g += `<path d="M4 ${RX} A ${RX} ${RX} 0 0 1 ${RX} 4" fill="none" stroke="${GC}" stroke-width="2" stroke-dasharray="5 5"/>`;
|
||||||
|
g += `<rect x="${0.03 * S}" y="${S - 96}" width="${0.94 * S}" height="74" rx="12" fill="#0f172a" fill-opacity="0.82"/>`;
|
||||||
|
g += `<text x="${0.055 * S}" y="${S - 64}" font-size="18" font-weight="600" fill="#fff">Wood grain: 6 equal columns; a vertical stripe on each column's right edge,</text>`;
|
||||||
|
g += `<text x="${0.055 * S}" y="${S - 40}" font-size="18" font-weight="600" fill="#fff">width 1/32 of side; the whole set shifted left 1/16; every stripe tilted 4°.</text>`;
|
||||||
|
return g + `</g>`;
|
||||||
|
}
|
||||||
@@ -0,0 +1,105 @@
|
|||||||
|
'use strict';
|
||||||
|
// Slice the whole shipped icon set from the brand master (build-icon.mjs). Renders
|
||||||
|
// with the ui package's Playwright chromium. See docs/ICONS.md for the target map.
|
||||||
|
//
|
||||||
|
// npm i opentype.js && node build-set.mjs
|
||||||
|
//
|
||||||
|
// Writes: ui/public/* (web), ui/assets/* (Capacitor layers), ./vk/* and ./store/*
|
||||||
|
// (manual-upload art). Wiring (manifest, html, Android res) is done separately.
|
||||||
|
import { execFileSync } from 'node:child_process';
|
||||||
|
import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
|
||||||
|
import { fileURLToPath } from 'node:url';
|
||||||
|
import { dirname, join } from 'node:path';
|
||||||
|
|
||||||
|
const DIR = dirname(fileURLToPath(import.meta.url));
|
||||||
|
const UI = join(DIR, '..', '..', '..', 'ui');
|
||||||
|
const PUB = join(UI, 'public'), ASSETS = join(UI, 'assets');
|
||||||
|
const VK = join(DIR, 'vk'), STORE = join(DIR, 'store'), TG = join(DIR, 'tg');
|
||||||
|
[VK, STORE, TG].forEach(d => mkdirSync(d, { recursive: true }));
|
||||||
|
|
||||||
|
// one SVG string for a variant+layer from the reference generator
|
||||||
|
const svgFor = (variant, layer) =>
|
||||||
|
execFileSync('node', [join(DIR, 'build-icon.mjs'), '--variant', variant, '--layer', layer], { encoding: 'utf8' });
|
||||||
|
|
||||||
|
const pw = await import(join(UI, 'node_modules', '@playwright', 'test', 'index.js'));
|
||||||
|
const { chromium } = pw.default ?? pw;
|
||||||
|
const browser = await chromium.launch();
|
||||||
|
const page = await browser.newPage();
|
||||||
|
|
||||||
|
async function pngFromSvg(svg, size, transparent) {
|
||||||
|
await page.setViewportSize({ width: size, height: size });
|
||||||
|
await page.setContent(`<!doctype html><meta charset=utf8><style>*{margin:0;padding:0}svg{display:block;width:${size}px;height:${size}px}</style>${svg}`, { waitUntil: 'networkidle' });
|
||||||
|
return page.locator('svg').screenshot({ omitBackground: !!transparent });
|
||||||
|
}
|
||||||
|
async function shootHtml(html, w, h) {
|
||||||
|
await page.setViewportSize({ width: w, height: h });
|
||||||
|
await page.setContent(html, { waitUntil: 'networkidle' });
|
||||||
|
return page.screenshot();
|
||||||
|
}
|
||||||
|
function icoFromPNG(png, sizePx) {
|
||||||
|
const h = Buffer.alloc(22);
|
||||||
|
h.writeUInt16LE(0, 0); h.writeUInt16LE(1, 2); h.writeUInt16LE(1, 4);
|
||||||
|
h.writeUInt8(sizePx, 6); h.writeUInt8(sizePx, 7);
|
||||||
|
h.writeUInt16LE(1, 10); h.writeUInt16LE(32, 12);
|
||||||
|
h.writeUInt32LE(png.length, 14); h.writeUInt32LE(22, 18);
|
||||||
|
return Buffer.concat([h, png]);
|
||||||
|
}
|
||||||
|
const write = (p, buf) => { writeFileSync(p, buf); console.log('wrote', p.replace(join(DIR, '..', '..', '..'), '.'), buf.length, 'b'); };
|
||||||
|
|
||||||
|
// ---- pre-render the SVG sources we need ----
|
||||||
|
const S = {
|
||||||
|
fullLight: svgFor('light', 'full'), fullDark: svgFor('dark', 'full'),
|
||||||
|
flatLight: svgFor('light', 'flat'), flatDark: svgFor('dark', 'flat'),
|
||||||
|
maskLight: svgFor('light', 'maskable'), maskDark: svgFor('dark', 'maskable'),
|
||||||
|
bgLight: svgFor('light', 'background'), fgLight: svgFor('light', 'foreground'),
|
||||||
|
monoLight: svgFor('light', 'monochrome'),
|
||||||
|
};
|
||||||
|
|
||||||
|
// ---- favicon.svg: light + dark in one file, toggled by prefers-color-scheme ----
|
||||||
|
const inner = svg => svg.replace(/^<svg[^>]*>/, '').replace(/<\/svg>\s*$/, '');
|
||||||
|
const faviconSvg =
|
||||||
|
`<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024">`
|
||||||
|
+ `<style>.d{display:none}@media(prefers-color-scheme:dark){.l{display:none}.d{display:inline}}</style>`
|
||||||
|
+ `<g class="l">${inner(S.fullLight)}</g><g class="d">${inner(S.fullDark)}</g></svg>\n`;
|
||||||
|
write(join(PUB, 'favicon.svg'), Buffer.from(faviconSvg));
|
||||||
|
|
||||||
|
// ---- web rasters ----
|
||||||
|
write(join(PUB, 'favicon.ico'), icoFromPNG(await pngFromSvg(S.flatLight, 32, false), 32));
|
||||||
|
write(join(PUB, 'apple-touch-icon.png'), await pngFromSvg(S.flatLight, 180, false));
|
||||||
|
write(join(PUB, 'icon-192.png'), await pngFromSvg(S.flatLight, 192, false));
|
||||||
|
write(join(PUB, 'icon-512.png'), await pngFromSvg(S.flatLight, 512, false));
|
||||||
|
write(join(PUB, 'icon-192-dark.png'), await pngFromSvg(S.flatDark, 192, false));
|
||||||
|
write(join(PUB, 'icon-512-dark.png'), await pngFromSvg(S.flatDark, 512, false));
|
||||||
|
write(join(PUB, 'icon-maskable-512.png'), await pngFromSvg(S.maskLight, 512, false));
|
||||||
|
write(join(PUB, 'icon-maskable-512-dark.png'), await pngFromSvg(S.maskDark, 512, false));
|
||||||
|
|
||||||
|
// ---- Capacitor layers (ui/assets) ----
|
||||||
|
write(join(ASSETS, 'icon.png'), await pngFromSvg(S.flatLight, 1024, false)); // legacy single
|
||||||
|
write(join(ASSETS, 'icon-foreground.png'), await pngFromSvg(S.fgLight, 1024, true)); // adaptive fg
|
||||||
|
write(join(ASSETS, 'icon-background.png'), await pngFromSvg(S.bgLight, 1024, false)); // adaptive bg
|
||||||
|
write(join(DIR, 'android-monochrome.png'), await pngFromSvg(S.monoLight, 1024, true)); // themed layer (wired manually)
|
||||||
|
|
||||||
|
// ---- VK (no rounding — flat light) ----
|
||||||
|
for (const px of [576, 278, 150, 32]) write(join(VK, `vk-${px}.png`), await pngFromSvg(S.flatLight, px, false));
|
||||||
|
|
||||||
|
// ---- Telegram bot: square, no rounding (TG crops the avatar to a circle) ----
|
||||||
|
write(join(TG, 'tg-512.png'), await pngFromSvg(S.flatLight, 512, false)); // bot avatar + Mini App icon
|
||||||
|
|
||||||
|
// ---- store art ----
|
||||||
|
write(join(STORE, 'rustore-512.png'), await pngFromSvg(S.flatLight, 512, false));
|
||||||
|
|
||||||
|
// ---- wordmark banner (board-green bg + master tile + «Эрудит» / Игра в слова) ----
|
||||||
|
const b64 = readFileSync(join(DIR, 'Spectral-Bold.ttf')).toString('base64');
|
||||||
|
const banner = (w, h, tile, t1, t2, gap, pad) => `<!doctype html><meta charset=utf8><style>
|
||||||
|
@font-face{font-family:Spectral;src:url(data:font/ttf;base64,${b64});font-weight:700}
|
||||||
|
*{margin:0;padding:0;box-sizing:border-box}
|
||||||
|
body{width:${w}px;height:${h}px;background:#2a3330;display:flex;align-items:center;gap:${gap}px;padding:0 ${pad}px;font-family:Spectral}
|
||||||
|
.tile{width:${tile}px;height:${tile}px;flex:none}.tile svg{width:${tile}px;height:${tile}px;display:block}
|
||||||
|
.wm{color:#e7ece8;text-align:center}.t1{font-weight:700;font-size:${t1}px;line-height:1.02;letter-spacing:-2px}
|
||||||
|
.t2{font-weight:700;font-size:${t2}px;line-height:1.1;color:#cdd6cf;margin-top:6px}
|
||||||
|
</style><div class=tile>${S.fullLight}</div><div class=wm><div class=t1>«Эрудит»</div><div class=t2>Игра в слова</div></div>`;
|
||||||
|
write(join(PUB, 'og-image.png'), await shootHtml(banner(1200, 630, 300, 150, 74, 64, 96), 1200, 630));
|
||||||
|
write(join(TG, 'tg-demo-640x360.png'), await shootHtml(banner(640, 360, 150, 72, 38, 30, 44), 640, 360));
|
||||||
|
|
||||||
|
await browser.close();
|
||||||
|
console.log('done');
|
||||||
|
After Width: | Height: | Size: 477 KiB |
|
After Width: | Height: | Size: 6.5 KiB |
|
After Width: | Height: | Size: 288 KiB |
@@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024"><rect width="1024" height="1024" rx="0" fill="#4a3316"/><defs><clipPath id="tile"><rect width="1024" height="1024" rx="0"/></clipPath><linearGradient id="sheen" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#fff" stop-opacity="0"/><stop offset="1" stop-color="#fff" stop-opacity="0.15"/></linearGradient><linearGradient id="shade" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#000" stop-opacity="0.15"/><stop offset="1" stop-color="#000" stop-opacity="0"/></linearGradient></defs><g clip-path="url(#tile)"><rect x="74.67" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 90.67 512.00)"/><rect x="245.33" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 261.33 512.00)"/><rect x="416.00" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 432.00 512.00)"/><rect x="586.67" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 602.67 512.00)"/><rect x="757.33" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 773.33 512.00)"/><rect x="928.00" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 944.00 512.00)"/></g><rect width="1024" height="1024" fill="url(#sheen)" clip-path="url(#tile)"/><rect width="1024" height="1024" fill="url(#shade)" clip-path="url(#tile)"/></svg>
|
||||||
|
After Width: | Height: | Size: 1.5 KiB |
|
After Width: | Height: | Size: 24 KiB |
@@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024"><path transform="translate(237.62 774.88)" d="M250.04-34.91Q326.35-34.91 368.57-91.33Q410.78-147.75 410.78-243.55Q410.78-249.23 410.78-254.91L254.10-254.91L208.64-185.91L195.65-185.91L195.65-368.57L208.64-368.57L254.10-299.56L407.53-299.56Q396.98-392.92 351.52-447.72Q306.06-502.52 241.11-502.52Q217.57-502.52 198.90-498.46Q180.22-494.40 162.36-482.22L83.62-354.77L69-354.77L77.93-505.76Q112.84-522.81 154.25-533.37Q195.65-543.92 259.78-543.92Q319.86-543.92 371.41-523.22Q422.96-502.52 460.71-465.58Q498.46-428.64 519.57-378.31Q540.67-327.98 540.67-267.90Q540.67-188.34 504.55-125.83Q468.42-63.32 405.10-27.60Q341.78 8.12 259.78 8.12Q200.52 8.12 150.59-3.25Q100.67-14.61 67.38-34.10L56.02-171.29L69.82-171.29L142.88-63.32Q165.61-50.33 191.59-42.62Q217.57-34.91 250.04-34.91" fill="#f2d9a0"/><path d="M781.00 744.04 L795.25 695.59 A14.85 14.85 0 1 0 766.76 695.59 Z M781.00 744.04 L830.08 732.15 A14.85 14.85 0 1 0 815.84 707.48 Z M781.00 744.04 L815.84 780.60 A14.85 14.85 0 1 0 830.08 755.93 Z M781.00 744.04 L766.76 792.49 A14.85 14.85 0 1 0 795.25 792.49 Z M781.00 744.04 L731.93 755.93 A14.85 14.85 0 1 0 746.17 780.60 Z M781.00 744.04 L746.17 707.48 A14.85 14.85 0 1 0 731.93 732.15 Z M781.0048 744.0384 m-14.845952 0 a14.845952 14.845952 0 1 0 29.691904 0 a14.845952 14.845952 0 1 0 -29.691904 0 Z" fill="#f2d9a0"/></svg>
|
||||||
|
After Width: | Height: | Size: 1.4 KiB |
|
After Width: | Height: | Size: 405 KiB |
@@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024"><rect width="1024" height="1024" rx="174.08" fill="#4a3316"/><defs><clipPath id="tile"><rect width="1024" height="1024" rx="174.08"/></clipPath><linearGradient id="sheen" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#fff" stop-opacity="0"/><stop offset="1" stop-color="#fff" stop-opacity="0.15"/></linearGradient><linearGradient id="shade" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#000" stop-opacity="0.15"/><stop offset="1" stop-color="#000" stop-opacity="0"/></linearGradient></defs><g clip-path="url(#tile)"><rect x="74.67" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 90.67 512.00)"/><rect x="245.33" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 261.33 512.00)"/><rect x="416.00" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 432.00 512.00)"/><rect x="586.67" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 602.67 512.00)"/><rect x="757.33" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 773.33 512.00)"/><rect x="928.00" y="-204.80" width="32.00" height="1433.60" fill="#432e14" transform="rotate(4 944.00 512.00)"/></g><rect width="1024" height="1024" fill="url(#sheen)" clip-path="url(#tile)"/><rect width="1024" height="1024" fill="url(#shade)" clip-path="url(#tile)"/><path transform="translate(157.86 804.91)" d="M280.84-39.21Q366.55-39.21 413.96-102.58Q461.38-165.95 461.38-273.54Q461.38-279.93 461.38-286.31L285.40-286.31L234.34-208.80L219.75-208.80L219.75-413.96L234.34-413.96L285.40-336.46L457.73-336.46Q445.88-441.32 394.81-502.86Q343.75-564.41 270.81-564.41Q244.37-564.41 223.39-559.85Q202.42-555.29 182.36-541.62L93.92-398.46L77.50-398.46L87.53-568.06Q126.74-587.21 173.24-599.06Q219.75-610.91 291.78-610.91Q359.25-610.91 417.15-587.66Q475.05-564.41 517.45-522.92Q559.85-481.44 583.56-424.90Q607.27-368.37 607.27-300.90Q607.27-211.54 566.69-141.33Q526.12-71.12 454.99-31Q383.87 9.12 291.78 9.12Q225.22 9.12 169.14-3.65Q113.06-16.41 75.68-38.30L62.92-192.39L78.42-192.39L160.48-71.12Q186.01-56.53 215.19-47.87Q244.37-39.21 280.84-39.21" fill="#f2d9a0"/><path d="M807.01 807.01 L825.70 743.46 A19.48 19.48 0 1 0 788.33 743.46 Z M807.01 807.01 L871.40 791.42 A19.48 19.48 0 1 0 852.71 759.05 Z M807.01 807.01 L852.71 854.97 A19.48 19.48 0 1 0 871.40 822.61 Z M807.01 807.01 L788.33 870.57 A19.48 19.48 0 1 0 825.70 870.57 Z M807.01 807.01 L742.63 822.61 A19.48 19.48 0 1 0 761.32 854.97 Z M807.01 807.01 L761.32 759.05 A19.48 19.48 0 1 0 742.63 791.42 Z M807.0144 807.0144 m-19.475456 0 a19.475456 19.475456 0 1 0 38.950912 0 a19.475456 19.475456 0 1 0 -38.950912 0 Z" fill="#f2d9a0"/></svg>
|
||||||
|
After Width: | Height: | Size: 2.8 KiB |
|
After Width: | Height: | Size: 290 KiB |
@@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024"><rect width="1024" height="1024" rx="0" fill="#e6b053"/><defs><clipPath id="tile"><rect width="1024" height="1024" rx="0"/></clipPath><linearGradient id="sheen" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#fff" stop-opacity="0"/><stop offset="1" stop-color="#fff" stop-opacity="0.15"/></linearGradient><linearGradient id="shade" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#000" stop-opacity="0.15"/><stop offset="1" stop-color="#000" stop-opacity="0"/></linearGradient></defs><g clip-path="url(#tile)"><rect x="74.67" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 90.67 512.00)"/><rect x="245.33" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 261.33 512.00)"/><rect x="416.00" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 432.00 512.00)"/><rect x="586.67" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 602.67 512.00)"/><rect x="757.33" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 773.33 512.00)"/><rect x="928.00" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 944.00 512.00)"/></g><rect width="1024" height="1024" fill="url(#sheen)" clip-path="url(#tile)"/><rect width="1024" height="1024" fill="url(#shade)" clip-path="url(#tile)"/></svg>
|
||||||
|
After Width: | Height: | Size: 1.5 KiB |
|
After Width: | Height: | Size: 24 KiB |
@@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024"><path transform="translate(237.62 774.88)" d="M250.04-34.91Q326.35-34.91 368.57-91.33Q410.78-147.75 410.78-243.55Q410.78-249.23 410.78-254.91L254.10-254.91L208.64-185.91L195.65-185.91L195.65-368.57L208.64-368.57L254.10-299.56L407.53-299.56Q396.98-392.92 351.52-447.72Q306.06-502.52 241.11-502.52Q217.57-502.52 198.90-498.46Q180.22-494.40 162.36-482.22L83.62-354.77L69-354.77L77.93-505.76Q112.84-522.81 154.25-533.37Q195.65-543.92 259.78-543.92Q319.86-543.92 371.41-523.22Q422.96-502.52 460.71-465.58Q498.46-428.64 519.57-378.31Q540.67-327.98 540.67-267.90Q540.67-188.34 504.55-125.83Q468.42-63.32 405.10-27.60Q341.78 8.12 259.78 8.12Q200.52 8.12 150.59-3.25Q100.67-14.61 67.38-34.10L56.02-171.29L69.82-171.29L142.88-63.32Q165.61-50.33 191.59-42.62Q217.57-34.91 250.04-34.91" fill="#5a3a12"/><path d="M781.00 744.04 L795.25 695.59 A14.85 14.85 0 1 0 766.76 695.59 Z M781.00 744.04 L830.08 732.15 A14.85 14.85 0 1 0 815.84 707.48 Z M781.00 744.04 L815.84 780.60 A14.85 14.85 0 1 0 830.08 755.93 Z M781.00 744.04 L766.76 792.49 A14.85 14.85 0 1 0 795.25 792.49 Z M781.00 744.04 L731.93 755.93 A14.85 14.85 0 1 0 746.17 780.60 Z M781.00 744.04 L746.17 707.48 A14.85 14.85 0 1 0 731.93 732.15 Z M781.0048 744.0384 m-14.845952 0 a14.845952 14.845952 0 1 0 29.691904 0 a14.845952 14.845952 0 1 0 -29.691904 0 Z" fill="#5a3a12"/></svg>
|
||||||
|
After Width: | Height: | Size: 1.4 KiB |
|
After Width: | Height: | Size: 411 KiB |
@@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="1024" height="1024" viewBox="0 0 1024 1024"><rect width="1024" height="1024" rx="174.08" fill="#e6b053"/><defs><clipPath id="tile"><rect width="1024" height="1024" rx="174.08"/></clipPath><linearGradient id="sheen" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#fff" stop-opacity="0"/><stop offset="1" stop-color="#fff" stop-opacity="0.15"/></linearGradient><linearGradient id="shade" gradientUnits="userSpaceOnUse" x1="0" y1="1024" x2="1024" y2="0"><stop offset="0" stop-color="#000" stop-opacity="0.15"/><stop offset="1" stop-color="#000" stop-opacity="0"/></linearGradient></defs><g clip-path="url(#tile)"><rect x="74.67" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 90.67 512.00)"/><rect x="245.33" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 261.33 512.00)"/><rect x="416.00" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 432.00 512.00)"/><rect x="586.67" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 602.67 512.00)"/><rect x="757.33" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 773.33 512.00)"/><rect x="928.00" y="-204.80" width="32.00" height="1433.60" fill="#d8a54e" transform="rotate(4 944.00 512.00)"/></g><rect width="1024" height="1024" fill="url(#sheen)" clip-path="url(#tile)"/><rect width="1024" height="1024" fill="url(#shade)" clip-path="url(#tile)"/><path transform="translate(157.86 804.91)" d="M280.84-39.21Q366.55-39.21 413.96-102.58Q461.38-165.95 461.38-273.54Q461.38-279.93 461.38-286.31L285.40-286.31L234.34-208.80L219.75-208.80L219.75-413.96L234.34-413.96L285.40-336.46L457.73-336.46Q445.88-441.32 394.81-502.86Q343.75-564.41 270.81-564.41Q244.37-564.41 223.39-559.85Q202.42-555.29 182.36-541.62L93.92-398.46L77.50-398.46L87.53-568.06Q126.74-587.21 173.24-599.06Q219.75-610.91 291.78-610.91Q359.25-610.91 417.15-587.66Q475.05-564.41 517.45-522.92Q559.85-481.44 583.56-424.90Q607.27-368.37 607.27-300.90Q607.27-211.54 566.69-141.33Q526.12-71.12 454.99-31Q383.87 9.12 291.78 9.12Q225.22 9.12 169.14-3.65Q113.06-16.41 75.68-38.30L62.92-192.39L78.42-192.39L160.48-71.12Q186.01-56.53 215.19-47.87Q244.37-39.21 280.84-39.21" fill="#5a3a12"/><path d="M807.01 807.01 L825.70 743.46 A19.48 19.48 0 1 0 788.33 743.46 Z M807.01 807.01 L871.40 791.42 A19.48 19.48 0 1 0 852.71 759.05 Z M807.01 807.01 L852.71 854.97 A19.48 19.48 0 1 0 871.40 822.61 Z M807.01 807.01 L788.33 870.57 A19.48 19.48 0 1 0 825.70 870.57 Z M807.01 807.01 L742.63 822.61 A19.48 19.48 0 1 0 761.32 854.97 Z M807.01 807.01 L761.32 759.05 A19.48 19.48 0 1 0 742.63 791.42 Z M807.0144 807.0144 m-19.475456 0 a19.475456 19.475456 0 1 0 38.950912 0 a19.475456 19.475456 0 1 0 -38.950912 0 Z" fill="#5a3a12"/></svg>
|
||||||
|
After Width: | Height: | Size: 2.8 KiB |
@@ -0,0 +1,12 @@
|
|||||||
|
{
|
||||||
|
"name": "erudit-icon-brand",
|
||||||
|
"private": true,
|
||||||
|
"type": "module",
|
||||||
|
"description": "Reference generator for the Erudit app-icon set (see docs/ICON_BRANDBOOK.md).",
|
||||||
|
"scripts": {
|
||||||
|
"build": "node build-set.mjs && node build-android-res.mjs"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"opentype.js": "^1.3.4"
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
'use strict';
|
||||||
|
// Rasterise an icon SVG to PNG at a given size, using the `ui` package's cached
|
||||||
|
// Playwright chromium (no extra install). Usage:
|
||||||
|
// node render-png.mjs <in.svg> <out.png> [size=1024]
|
||||||
|
import { readFileSync, writeFileSync } from 'node:fs';
|
||||||
|
import { fileURLToPath } from 'node:url';
|
||||||
|
import { dirname, join } from 'node:path';
|
||||||
|
|
||||||
|
const DIR = dirname(fileURLToPath(import.meta.url));
|
||||||
|
const pw = await import(join(DIR, '..', '..', '..', 'ui', 'node_modules', '@playwright', 'test', 'index.js'));
|
||||||
|
const { chromium } = pw.default ?? pw;
|
||||||
|
|
||||||
|
const [, , svgPath, pngPath, size] = process.argv;
|
||||||
|
const S = Number(size) || 1024;
|
||||||
|
const svg = readFileSync(svgPath, 'utf8');
|
||||||
|
const b = await chromium.launch();
|
||||||
|
const pg = await b.newPage({ viewport: { width: S, height: S }, deviceScaleFactor: 1 });
|
||||||
|
await pg.setContent(`<!doctype html><meta charset=utf8><style>*{margin:0;padding:0}</style>${svg}`, { waitUntil: 'networkidle' });
|
||||||
|
writeFileSync(pngPath, await pg.locator('svg').screenshot({ omitBackground: true }));
|
||||||
|
await b.close();
|
||||||
|
console.log('wrote', pngPath, S + 'px');
|
||||||
|
After Width: | Height: | Size: 103 KiB |
|
After Width: | Height: | Size: 103 KiB |
|
After Width: | Height: | Size: 32 KiB |
|
After Width: | Height: | Size: 15 KiB |
|
After Width: | Height: | Size: 38 KiB |
|
After Width: | Height: | Size: 1.6 KiB |
|
After Width: | Height: | Size: 122 KiB |
@@ -49,9 +49,14 @@ COPY --from=build /out/backend /usr/local/bin/backend
|
|||||||
# Own the seed dictionary as the nonroot runtime user (UID 65532): a named volume
|
# Own the seed dictionary as the nonroot runtime user (UID 65532): a named volume
|
||||||
# mounted at /opt/dawg inherits this ownership on first use, so the admin console
|
# mounted at /opt/dawg inherits this ownership on first use, so the admin console
|
||||||
# can write new version subdirectories at runtime. The volume preserves uploaded
|
# can write new version subdirectories at runtime. The volume preserves uploaded
|
||||||
# versions across deploys and, once seeded, is not re-seeded — so after bootstrap
|
# versions across deploys and, once seeded, is not re-seeded (ARCHITECTURE.md §5).
|
||||||
# every dictionary change goes through the console, not a rebuild (ARCHITECTURE.md §5).
|
|
||||||
COPY --from=dawg --chown=65532:65532 /dawg /opt/dawg
|
COPY --from=dawg --chown=65532:65532 /dawg /opt/dawg
|
||||||
|
# A second, UNSHADOWED copy of the build's DAWGs: the /opt/dawg volume mount hides the
|
||||||
|
# image's copy there, so this is where engine.DeliverVersion reads the build version from
|
||||||
|
# to add it (add-only) to the volume on boot — the deploy-delivers path that lets a bumped
|
||||||
|
# BACKEND_DICT_VERSION go live for new games without an admin upload (ARCHITECTURE.md §5).
|
||||||
|
COPY --from=dawg --chown=65532:65532 /dawg /opt/dawg-seed
|
||||||
ENV BACKEND_DICT_DIR=/opt/dawg
|
ENV BACKEND_DICT_DIR=/opt/dawg
|
||||||
|
ENV BACKEND_DICT_SEED_DIR=/opt/dawg-seed
|
||||||
ENV BACKEND_DICT_VERSION=${DICT_VERSION}
|
ENV BACKEND_DICT_VERSION=${DICT_VERSION}
|
||||||
ENTRYPOINT ["/usr/local/bin/backend"]
|
ENTRYPOINT ["/usr/local/bin/backend"]
|
||||||
|
|||||||
@@ -33,11 +33,16 @@ real game seating the caller with an **empty opponent seat** (status `open`) or,
|
|||||||
another player already waits for the same variant and per-turn word rule, seats the
|
another player already waits for the same variant and per-turn word rule, seats the
|
||||||
caller into that open game and starts it — and
|
caller into that open game and starts it — and
|
||||||
friend-game invitations (invite → accept, starting a 2–4 player game once every
|
friend-game invitations (invite → accept, starting a 2–4 player game once every
|
||||||
invitee accepts). A **simultaneous-game cap** (`game.MaxActiveQuickGames` = 10) limits a
|
invitee accepts). **Per-tier, per-kind active-game caps** limit a player's simultaneous
|
||||||
player's active quick games — status `active`/`open`, excluding invitation-linked friend
|
unfinished games by kind — `vs_ai`, `random` (quick auto-match), `friends` — with separate
|
||||||
games (`game.Service.CountActiveQuickGames`); the server refuses `lobby/enqueue` and
|
guest and durable-account tiers held in the single-row `backend.config` table (a `-1` means
|
||||||
`invitations` creation with **409 `game_limit_reached`** at the cap (accepting an invitation
|
unlimited), read through an in-memory cache (`internal/gamelimits`) and tuned live in the admin
|
||||||
is exempt), and the `games.list` response carries an `at_game_limit` flag for the lobby.
|
(`/_gm/limits`, no redeploy). Each game is tagged with its `games.game_kind` on creation;
|
||||||
|
`game.Service.AtGameLimit` counts the account's `active`/`open` games of a kind against the
|
||||||
|
tier's cap. The server refuses `lobby/enqueue` (random/vs_ai) with **409 `game_limit_reached`**
|
||||||
|
at the cap, and the `invitations` (friends) path enforces the durable friends cap and refuses a
|
||||||
|
**guest** outright (guests cannot use friends); accepting an invitation is exempt. The
|
||||||
|
`games.list` response carries an `at_game_limit` flag (the random-kind cap) for the lobby.
|
||||||
`internal/social` owns the friend graph (request/accept),
|
`internal/social` owns the friend graph (request/accept),
|
||||||
per-user blocks, and per-game chat with nudges folded in as a message kind; chat
|
per-user blocks, and per-game chat with nudges folded in as a message kind; chat
|
||||||
messages are length-capped, content-filtered (no links/emails/phone numbers,
|
messages are length-capped, content-filtered (no links/emails/phone numbers,
|
||||||
@@ -100,7 +105,10 @@ state, lobby enqueue, chat). The social/account/history operations under
|
|||||||
`/api/v1/user`: `friends/*` (request/respond/cancel/unfriend,
|
`/api/v1/user`: `friends/*` (request/respond/cancel/unfriend,
|
||||||
list/incoming, the one-time `code` issue/redeem), `blocks/*`, `invitations/*`
|
list/incoming, the one-time `code` issue/redeem), `blocks/*`, `invitations/*`
|
||||||
(create/accept/decline/cancel/list), `PUT profile`, `email/{request,confirm}`,
|
(create/accept/decline/cancel/list), `PUT profile`, `email/{request,confirm}`,
|
||||||
`stats`, and `games/:id/gcg` (finished-only). The `internal/notify` hub feeds a
|
`stats`, `games/:id/gcg` (finished-only), and the payments `wallet` /
|
||||||
|
`wallet/catalog` (`GET` — the context-visible chip segments + benefits, and the
|
||||||
|
storefront catalog) / `wallet/buy` (`POST` — a chip spend on a value), served by
|
||||||
|
`internal/payments` behind the store-compliance gate. The `internal/notify` hub feeds a
|
||||||
second listener — `internal/pushgrpc`, a gRPC server (`BACKEND_GRPC_ADDR`) streaming
|
second listener — `internal/pushgrpc`, a gRPC server (`BACKEND_GRPC_ADDR`) streaming
|
||||||
live events (your-turn, opponent-moved, chat, nudge, match-found, notify) to the
|
live events (your-turn, opponent-moved, chat, nudge, match-found, notify) to the
|
||||||
gateway. The gateway-only `POST /api/v1/internal/push-target` (a user's
|
gateway. The gateway-only `POST /api/v1/internal/push-target` (a user's
|
||||||
@@ -132,21 +140,38 @@ so `/internal/push-target` returns the recipient's `preferred_language` as the r
|
|||||||
language for out-of-app push; no per-bot routing remains. The console also manages the **advertising banner** (`/_gm/banners` +
|
language for out-of-app push; no per-bot routing remains. The console also manages the **advertising banner** (`/_gm/banners` +
|
||||||
`/_gm/banner-settings`, `internal/ads`): operator campaigns with a percent weight, an optional
|
`/_gm/banner-settings`, `internal/ads`): operator campaigns with a percent weight, an optional
|
||||||
window and bilingual messages, plus the global display timings. `GET /api/v1/user/profile` attaches
|
window and bilingual messages, plus the global display timings. `GET /api/v1/user/profile` attaches
|
||||||
the resolved, weighted campaign feed for an **eligible** viewer (`!paid_account && hint_balance == 0
|
the resolved, weighted campaign feed for an **eligible** viewer (no active **no-ads** benefit
|
||||||
&& !no_banner` role, the message language picked by `preferred_language`); changing those inputs
|
applicable in the current context and no **`no_banner`** role; the message language picked by
|
||||||
publishes a `notify` `banner` re-poll signal so the client shows/hides it in place. The shared wire
|
`preferred_language`); changing those inputs
|
||||||
|
publishes a `notify` `banner` re-poll signal so the client shows/hides it in place.
|
||||||
|
The same gate drives the post-move interstitial config (`Profile.ads`, `adsFor`). The user card
|
||||||
|
also carries a **finance panel** (`payments.AccountStatement`): the account's chip balances per
|
||||||
|
funding segment, benefits per origin, the recorded refund risk, and the append-only ledger history
|
||||||
|
(newest first) — read straight from the payments tables, uncached. The **catalog editor**
|
||||||
|
(`/_gm/catalog`, `handlers_admin_catalog.go`) is the source of truth for products (D32): create /
|
||||||
|
edit / archive-unarchive (the `product.active` flag) products, their atoms and per-rail prices, and
|
||||||
|
hard-delete only a **never-transacted** product (an order/ledger reference forces archive-only,
|
||||||
|
backed by the FK); a `tournament`-bearing product is composable but not sellable yet. The user card
|
||||||
|
also carries an admin **grant** panel: grant raw benefit atoms (hints / no-ads days / forever) or a
|
||||||
|
defined **value product** (a reward bundle, including an archived one), origin-picked; both write an
|
||||||
|
`admin_grant` ledger row via `payments.Grant` / `GrantProduct` and **refuse** a chips or `tournament`
|
||||||
|
atom (never grant currency; no tournament target yet). Each fund row in the panel carries a **Refund**
|
||||||
|
action (`payments.RefundOrderFull`): a full-order refund the operator records after refunding on the
|
||||||
|
rail — a `refund` ledger row + a floor-0 chip revoke, idempotent. A **ledger CSV export**
|
||||||
|
(`/_gm/ledger.csv`, `payments.LedgerExport`) dumps the whole append-only ledger for tax +
|
||||||
|
reconciliation. The shared wire
|
||||||
contracts live in the sibling [`../pkg`](../pkg) module.
|
contracts live in the sibling [`../pkg`](../pkg) module.
|
||||||
|
|
||||||
**Account linking & merge** (`/api/v1/user/link/*`). `internal/link`
|
**Account linking & merge** (`/api/v1/user/link/*`). `internal/link`
|
||||||
orchestrates it: an email confirm-code or a gateway-validated Telegram identity is
|
orchestrates it: an email confirm-code or a gateway-validated Telegram identity is
|
||||||
attached to the current account, and when the identity already has its own account
|
attached to the current account, and when the identity already has its own account
|
||||||
the two are merged in one transaction (`internal/accountmerge`) — stats and the hint
|
the two are merged in one transaction (`internal/accountmerge`) — stats summed,
|
||||||
wallet summed, `paid_account` ORed, identities/games/chat/complaints transferred,
|
identities/games/chat/complaints transferred,
|
||||||
friends/blocks de-duplicated, the secondary kept as a `merged_into` tombstone (so a
|
friends/blocks de-duplicated, the secondary kept as a `merged_into` tombstone (so a
|
||||||
shared finished game's foreign keys hold); a shared **active** game blocks the merge.
|
shared finished game's foreign keys hold); a shared **active** game blocks the merge.
|
||||||
The current account is primary, except a guest initiator whose linked identity has a
|
The current account is primary, except a guest initiator whose linked identity has a
|
||||||
durable owner — then the durable account wins and a fresh session is minted for it.
|
durable owner — then the durable account wins and a fresh session is minted for it.
|
||||||
The `accounts.paid_account`/`merged_into`/`merged_at` columns back this. This supersedes the
|
The `accounts.merged_into`/`merged_at` columns back this. This supersedes the
|
||||||
former `email.bind.*` edge surface (the `RequestCode`/`ConfirmCode` primitives stay).
|
former `email.bind.*` edge surface (the `RequestCode`/`ConfirmCode` primitives stay).
|
||||||
|
|
||||||
Rate-limit observability: the gateway posts its periodic rejection
|
Rate-limit observability: the gateway posts its periodic rejection
|
||||||
@@ -214,11 +239,13 @@ internal/banview/ # gateway active-ban mirror: the console's Active IP bans p
|
|||||||
| `BACKEND_LOBBY_ROBOT_WAIT` | `10s` | Auto-match wait before a robot is substituted for a missing human. |
|
| `BACKEND_LOBBY_ROBOT_WAIT` | `10s` | Auto-match wait before a robot is substituted for a missing human. |
|
||||||
| `BACKEND_LOBBY_REAPER_INTERVAL` | `1s` | How often the substitution reaper scans for over-waited players. |
|
| `BACKEND_LOBBY_REAPER_INTERVAL` | `1s` | How often the substitution reaper scans for over-waited players. |
|
||||||
| `BACKEND_ROBOT_DRIVE_INTERVAL` | `30s` | How often the robot driver scans for due robot turns. |
|
| `BACKEND_ROBOT_DRIVE_INTERVAL` | `30s` | How often the robot driver scans for due robot turns. |
|
||||||
| `BACKEND_SMTP_HOST` | — | Email relay host. **Empty selects the development log mailer** (the confirm-code is logged, not sent). |
|
| `BACKEND_SMTP_HOST` | — | Confirm-code relay host. **Empty selects the development log mailer** (the code is logged, not sent). |
|
||||||
| `BACKEND_SMTP_PORT` | `587` | Email relay port. |
|
| `BACKEND_SMTP_PORT` | `587` | Relay port. No client certificate is needed (the server cert is validated against the system roots). |
|
||||||
| `BACKEND_SMTP_USERNAME` | — | SMTP user; empty relays without authentication. |
|
| `BACKEND_SMTP_TLS` | — | Transport security: `ssl` (implicit TLS from connect) or `starttls`. Empty derives it from the port (implicit on `465`, STARTTLS otherwise); set it for a relay on a non-standard port (e.g. Selectel's `1127` = SSL, `1126` = STARTTLS). |
|
||||||
| `BACKEND_SMTP_PASSWORD` | — | SMTP password. |
|
| `BACKEND_SMTP_USERNAME` | — | SMTP AUTH user; empty relays without authentication. |
|
||||||
| `BACKEND_SMTP_FROM` | `no-reply@localhost` | Envelope/From address for confirm-codes. |
|
| `BACKEND_SMTP_PASSWORD` | — | SMTP AUTH password. |
|
||||||
|
| `BACKEND_SMTP_FROM` | `no-reply@localhost` | From address. A deployed contour must use the prod domain (the relay only accepts its verified sender domain). |
|
||||||
|
| `BACKEND_PUBLIC_BASE_URL` | — | Canonical public origin (scheme + host) for links in the email. **Required when `BACKEND_SMTP_HOST` is set.** Never derived from a request Host header (anti-injection). |
|
||||||
| `BACKEND_CONNECTOR_ADDR` | — | the gateway bot-link relay gRPC address for admin-console operator broadcasts. Empty disables broadcasts. |
|
| `BACKEND_CONNECTOR_ADDR` | — | the gateway bot-link relay gRPC address for admin-console operator broadcasts. Empty disables broadcasts. |
|
||||||
| `BACKEND_GUEST_REAP_INTERVAL` | `1h` | How often the abandoned-guest reaper sweeps. |
|
| `BACKEND_GUEST_REAP_INTERVAL` | `1h` | How often the abandoned-guest reaper sweeps. |
|
||||||
| `BACKEND_GUEST_RETENTION` | `720h` | Account age past which a guest with no game seat is deleted. |
|
| `BACKEND_GUEST_RETENTION` | `720h` | Account age past which a guest with no game seat is deleted. |
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ import (
|
|||||||
|
|
||||||
"scrabble/backend/internal/account"
|
"scrabble/backend/internal/account"
|
||||||
"scrabble/backend/internal/accountmerge"
|
"scrabble/backend/internal/accountmerge"
|
||||||
|
"scrabble/backend/internal/adminalert"
|
||||||
"scrabble/backend/internal/ads"
|
"scrabble/backend/internal/ads"
|
||||||
"scrabble/backend/internal/banview"
|
"scrabble/backend/internal/banview"
|
||||||
"scrabble/backend/internal/config"
|
"scrabble/backend/internal/config"
|
||||||
@@ -27,12 +28,15 @@ import (
|
|||||||
"scrabble/backend/internal/engine"
|
"scrabble/backend/internal/engine"
|
||||||
"scrabble/backend/internal/feedback"
|
"scrabble/backend/internal/feedback"
|
||||||
"scrabble/backend/internal/game"
|
"scrabble/backend/internal/game"
|
||||||
|
"scrabble/backend/internal/gamelimits"
|
||||||
"scrabble/backend/internal/link"
|
"scrabble/backend/internal/link"
|
||||||
"scrabble/backend/internal/lobby"
|
"scrabble/backend/internal/lobby"
|
||||||
"scrabble/backend/internal/notify"
|
"scrabble/backend/internal/notify"
|
||||||
|
"scrabble/backend/internal/payments"
|
||||||
"scrabble/backend/internal/postgres"
|
"scrabble/backend/internal/postgres"
|
||||||
"scrabble/backend/internal/pushgrpc"
|
"scrabble/backend/internal/pushgrpc"
|
||||||
"scrabble/backend/internal/ratewatch"
|
"scrabble/backend/internal/ratewatch"
|
||||||
|
"scrabble/backend/internal/render"
|
||||||
"scrabble/backend/internal/robot"
|
"scrabble/backend/internal/robot"
|
||||||
"scrabble/backend/internal/server"
|
"scrabble/backend/internal/server"
|
||||||
"scrabble/backend/internal/session"
|
"scrabble/backend/internal/session"
|
||||||
@@ -43,6 +47,10 @@ import (
|
|||||||
// telemetryShutdownTimeout bounds the OpenTelemetry flush during process exit.
|
// telemetryShutdownTimeout bounds the OpenTelemetry flush during process exit.
|
||||||
const telemetryShutdownTimeout = 5 * time.Second
|
const telemetryShutdownTimeout = 5 * time.Second
|
||||||
|
|
||||||
|
// adminAlertInterval is how often the operator-alert worker checks for new feedback /
|
||||||
|
// complaints; a burst within one interval coalesces into a single digest email.
|
||||||
|
const adminAlertInterval = 5 * time.Minute
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
cfg, err := config.Load()
|
cfg, err := config.Load()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -103,6 +111,12 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
}
|
}
|
||||||
logger.Info("database migrations applied")
|
logger.Info("database migrations applied")
|
||||||
|
|
||||||
|
// Deliver the build's dictionary version onto the persistent volume if a redeploy
|
||||||
|
// bumped it (add-only; old versions in-flight games pin are untouched), so the new
|
||||||
|
// dictionary is resident and can be activated below without an admin upload.
|
||||||
|
if err := engine.DeliverVersion(cfg.Game.DictDir, cfg.Game.DictSeedDir, cfg.Game.DictVersion); err != nil {
|
||||||
|
return fmt.Errorf("deliver dictionary version: %w", err)
|
||||||
|
}
|
||||||
registry, err := engine.OpenWithVersions(cfg.Game.DictDir, cfg.Game.DictVersion)
|
registry, err := engine.OpenWithVersions(cfg.Game.DictDir, cfg.Game.DictVersion)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("load dictionaries: %w", err)
|
return fmt.Errorf("load dictionaries: %w", err)
|
||||||
@@ -110,6 +124,7 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
defer func() { _ = registry.Close() }()
|
defer func() { _ = registry.Close() }()
|
||||||
logger.Info("dictionaries loaded",
|
logger.Info("dictionaries loaded",
|
||||||
zap.String("dir", cfg.Game.DictDir),
|
zap.String("dir", cfg.Game.DictDir),
|
||||||
|
zap.String("seed_dir", cfg.Game.DictSeedDir),
|
||||||
zap.String("version", cfg.Game.DictVersion))
|
zap.String("version", cfg.Game.DictVersion))
|
||||||
|
|
||||||
// Admin console: an optional backend client to the Telegram connector
|
// Admin console: an optional backend client to the Telegram connector
|
||||||
@@ -139,16 +154,27 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
accounts := account.NewStore(db)
|
accounts := account.NewStore(db)
|
||||||
accounts.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/account"))
|
accounts.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/account"))
|
||||||
games := game.NewService(game.NewStore(db), accounts, registry, cfg.Game, logger)
|
games := game.NewService(game.NewStore(db), accounts, registry, cfg.Game, logger)
|
||||||
// Reconcile the persisted active dictionary version with the registry: a
|
// Reconcile the active dictionary version with the registry: the build version
|
||||||
// version activated through the admin console (and written to the dictionary
|
// (delivered above) becomes active so a redeploy that bumped it goes live for new
|
||||||
// volume) is adopted again after a restart; otherwise the configured seed
|
// games, except a newer version installed out-of-band through the admin console,
|
||||||
// version is kept and persisted (docs/ARCHITECTURE.md §5).
|
// which is not downgraded by a restart (docs/ARCHITECTURE.md §5).
|
||||||
if err := games.InitActiveVersion(ctx); err != nil {
|
if err := games.InitActiveVersion(ctx); err != nil {
|
||||||
return fmt.Errorf("init active dictionary version: %w", err)
|
return fmt.Errorf("init active dictionary version: %w", err)
|
||||||
}
|
}
|
||||||
logger.Info("active dictionary version", zap.String("version", games.ActiveVersion()))
|
logger.Info("active dictionary version", zap.String("version", games.ActiveVersion()))
|
||||||
games.SetNotifier(hub)
|
games.SetNotifier(hub)
|
||||||
games.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/game"))
|
games.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/game"))
|
||||||
|
|
||||||
|
// Active-game limit config: the per-tier, per-kind caps in backend.config, read once into an
|
||||||
|
// in-memory cache at boot and refreshed when the admin edits them. A boot-time load fails fast if
|
||||||
|
// the single config row is missing; the game domain reads the cache on every new-game gate.
|
||||||
|
gameLimits := gamelimits.NewService(gamelimits.NewStore(db))
|
||||||
|
if err := gameLimits.Load(ctx); err != nil {
|
||||||
|
return fmt.Errorf("load game-limit config: %w", err)
|
||||||
|
}
|
||||||
|
games.SetGameLimits(gameLimits)
|
||||||
|
logger.Info("game-limit config loaded")
|
||||||
|
|
||||||
go games.RunSweeper(ctx, cfg.Game.TimeoutSweepInterval)
|
go games.RunSweeper(ctx, cfg.Game.TimeoutSweepInterval)
|
||||||
logger.Info("game turn-timeout sweeper started",
|
logger.Info("game turn-timeout sweeper started",
|
||||||
zap.Duration("interval", cfg.Game.TimeoutSweepInterval))
|
zap.Duration("interval", cfg.Game.TimeoutSweepInterval))
|
||||||
@@ -161,6 +187,15 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
zap.Duration("interval", cfg.GuestReapInterval),
|
zap.Duration("interval", cfg.GuestReapInterval),
|
||||||
zap.Duration("retention", cfg.GuestRetention))
|
zap.Duration("retention", cfg.GuestRetention))
|
||||||
|
|
||||||
|
// Purge the account-deletion legal dossier past its retention TTL: the
|
||||||
|
// retained-identities journal, and the feedback thread + dossier PII of long-deleted
|
||||||
|
// accounts (chat is kept). Checked daily; the TTL is a two-year policy constant.
|
||||||
|
retentionReaper := account.NewRetentionReaper(accounts, account.RetentionTTL, logger)
|
||||||
|
go retentionReaper.Run(ctx, 24*time.Hour)
|
||||||
|
logger.Info("retention reaper started",
|
||||||
|
zap.Duration("interval", 24*time.Hour),
|
||||||
|
zap.Duration("retention", account.RetentionTTL))
|
||||||
|
|
||||||
// Re-evaluate moderated-chat write access when a temporary block self-expires:
|
// Re-evaluate moderated-chat write access when a temporary block self-expires:
|
||||||
// no operator action fires then, so the sweeper emits the chat-access-changed
|
// no operator action fires then, so the sweeper emits the chat-access-changed
|
||||||
// event for lapsed blocks and the gateway re-pushes the chat-gate command.
|
// event for lapsed blocks and the gateway re-pushes the chat-gate command.
|
||||||
@@ -173,10 +208,14 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
// Lobby & social domains. Their REST and stream surface lives in the gateway,
|
// Lobby & social domains. Their REST and stream surface lives in the gateway,
|
||||||
// so they are handed to the server (like the route groups) for the handlers.
|
// so they are handed to the server (like the route groups) for the handlers.
|
||||||
mailer := newMailer(cfg.SMTP, logger)
|
mailer := newMailer(cfg.SMTP, logger)
|
||||||
emails := account.NewEmailService(accounts, mailer)
|
emails := account.NewEmailService(accounts, mailer, cfg.PublicBaseURL)
|
||||||
|
// Throttle confirm-code sends per recipient: at most one per minute and five per
|
||||||
|
// rolling hour, guarding against email bombing and the relay's own quota.
|
||||||
|
emails.SetSendLimiter(account.NewSendLimiter(time.Minute, 5))
|
||||||
// Account linking & merge: the orchestrator over the account, merge and
|
// Account linking & merge: the orchestrator over the account, merge and
|
||||||
// session layers. Wired to the /api/v1/user/link REST surface below.
|
// session layers. Wired to the /api/v1/user/link REST surface below.
|
||||||
links := link.NewService(emails, accounts, accountmerge.NewMerger(db), sessions)
|
merger := accountmerge.NewMerger(db)
|
||||||
|
links := link.NewService(emails, accounts, merger, sessions)
|
||||||
socialSvc := social.NewService(social.NewStore(db), accounts, games)
|
socialSvc := social.NewService(social.NewStore(db), accounts, games)
|
||||||
socialSvc.SetNotifier(hub)
|
socialSvc.SetNotifier(hub)
|
||||||
socialSvc.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/social"))
|
socialSvc.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/social"))
|
||||||
@@ -194,6 +233,16 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
feedbackSvc := feedback.NewService(feedback.NewStore(db), accounts)
|
feedbackSvc := feedback.NewService(feedback.NewStore(db), accounts)
|
||||||
feedbackSvc.SetNotifier(hub)
|
feedbackSvc.SetNotifier(hub)
|
||||||
|
|
||||||
|
// Operator alert emails on new feedback / word complaints, coalesced into one digest
|
||||||
|
// per interval. Inert unless a distinct admin sender and recipient are configured.
|
||||||
|
if cfg.SMTP.AdminFrom != "" && cfg.SMTP.AdminTo != "" {
|
||||||
|
// The alert digest carries no admin-console link on purpose — an admin URL must not
|
||||||
|
// travel in an email (a mail provider could cache or index it); see adminalert.New.
|
||||||
|
alerts := adminalert.New(mailer, feedbackSvc, games, cfg.SMTP.AdminFrom, cfg.SMTP.AdminTo, logger)
|
||||||
|
go alerts.Run(ctx, adminAlertInterval)
|
||||||
|
logger.Info("admin alert worker started", zap.Duration("interval", adminAlertInterval))
|
||||||
|
}
|
||||||
|
|
||||||
// Robot opponent: provision its durable account pool (a hard startup
|
// Robot opponent: provision its durable account pool (a hard startup
|
||||||
// dependency, like the dictionaries) and start its move driver. The matchmaker
|
// dependency, like the dictionaries) and start its move driver. The matchmaker
|
||||||
// substitutes a pooled robot for a missing human after the wait window.
|
// substitutes a pooled robot for a missing human after the wait window.
|
||||||
@@ -232,6 +281,35 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
// block and the banner admin console section.
|
// block and the banner admin console section.
|
||||||
adsSvc := ads.NewService(ads.NewStore(db))
|
adsSvc := ads.NewService(ads.NewStore(db))
|
||||||
|
|
||||||
|
// In-game currency domain (data foundation): the payments schema behind a
|
||||||
|
// narrow interface. A boot-time reachability check fails fast if the schema
|
||||||
|
// did not migrate; the wallet routes are registered when that surface lands.
|
||||||
|
paymentsSvc := payments.NewService(payments.NewStore(db))
|
||||||
|
if err := paymentsSvc.Ping(ctx); err != nil {
|
||||||
|
return fmt.Errorf("payments schema unreachable: %w", err)
|
||||||
|
}
|
||||||
|
logger.Info("payments domain ready")
|
||||||
|
|
||||||
|
// Warm the public-offer price list cache so /offer/ serves the current catalog from the first
|
||||||
|
// request; it is reprojected lazily thereafter on any catalog edit. Non-fatal — a transient
|
||||||
|
// failure here only defers the projection to the first read.
|
||||||
|
if _, err := paymentsSvc.OfferPricing(ctx); err != nil {
|
||||||
|
logger.Warn("offer pricing warm failed; will project on first request", zap.Error(err))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Wire the payments surface into the domains that consume it: the online-game hint wallet
|
||||||
|
// and the account-merge wallet fold. Done after the reachability check so a broken payments
|
||||||
|
// schema fails boot before anything depends on it.
|
||||||
|
games.SetHintWallet(paymentsSvc)
|
||||||
|
merger.SetPayments(paymentsSvc)
|
||||||
|
|
||||||
|
// The image-render sidecar client for the PNG export artifact; nil (PNG
|
||||||
|
// download answers 404) when BACKEND_RENDERER_URL is unset.
|
||||||
|
var renderer *render.Client
|
||||||
|
if cfg.RendererURL != "" {
|
||||||
|
renderer = render.New(cfg.RendererURL)
|
||||||
|
}
|
||||||
|
|
||||||
srv := server.New(cfg.HTTPAddr, server.Deps{
|
srv := server.New(cfg.HTTPAddr, server.Deps{
|
||||||
Logger: logger,
|
Logger: logger,
|
||||||
DB: db,
|
DB: db,
|
||||||
@@ -252,7 +330,12 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
RateWatch: rateWatch,
|
RateWatch: rateWatch,
|
||||||
BanView: banView,
|
BanView: banView,
|
||||||
Ads: adsSvc,
|
Ads: adsSvc,
|
||||||
|
Payments: paymentsSvc,
|
||||||
|
GameLimits: gameLimits,
|
||||||
Notifier: hub,
|
Notifier: hub,
|
||||||
|
ExportSignKey: cfg.ExportSignKey,
|
||||||
|
Renderer: renderer,
|
||||||
|
Robokassa: cfg.Robokassa,
|
||||||
})
|
})
|
||||||
pushSrv := pushgrpc.NewServer(cfg.GRPCAddr, hub, logger)
|
pushSrv := pushgrpc.NewServer(cfg.GRPCAddr, hub, logger)
|
||||||
|
|
||||||
@@ -261,6 +344,13 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
logger.Info("servers starting",
|
logger.Info("servers starting",
|
||||||
zap.String("http_addr", cfg.HTTPAddr),
|
zap.String("http_addr", cfg.HTTPAddr),
|
||||||
zap.String("grpc_addr", cfg.GRPCAddr))
|
zap.String("grpc_addr", cfg.GRPCAddr))
|
||||||
|
// Sweep expired pending payment orders on a cadence (cosmetic hygiene; a late valid callback
|
||||||
|
// still credits). Runs until ctx is cancelled.
|
||||||
|
go runOrderReaper(ctx, paymentsSvc, logger)
|
||||||
|
// Deliver pending payment_events to connected clients as an in-app wallet-refresh push (the
|
||||||
|
// credit already landed in the ledger; a return-focus poll is the client-side fallback).
|
||||||
|
go runPaymentDispatcher(ctx, paymentsSvc, hub, logger)
|
||||||
|
|
||||||
errc := make(chan error, 2)
|
errc := make(chan error, 2)
|
||||||
go func() { errc <- pushSrv.Run(ctx) }()
|
go func() { errc <- pushSrv.Run(ctx) }()
|
||||||
go func() { errc <- srv.Run(ctx) }()
|
go func() { errc <- srv.Run(ctx) }()
|
||||||
@@ -270,6 +360,52 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// runOrderReaper periodically expires pending payment orders past their configured lifetime, until
|
||||||
|
// ctx is cancelled. Expiry is cosmetic: a later valid provider callback still credits an expired
|
||||||
|
// order.
|
||||||
|
func runOrderReaper(ctx context.Context, p *payments.Service, log *zap.Logger) {
|
||||||
|
t := time.NewTicker(5 * time.Minute)
|
||||||
|
defer t.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-t.C:
|
||||||
|
if n, err := p.ExpireOrders(ctx); err != nil {
|
||||||
|
log.Warn("order reaper: sweep failed", zap.Error(err))
|
||||||
|
} else if n > 0 {
|
||||||
|
log.Info("order reaper: expired pending orders", zap.Int("count", n))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// runPaymentDispatcher delivers pending payment_events to connected clients as a wallet-refresh
|
||||||
|
// signal (KindNotification / "payment"), marking each delivered, until ctx is cancelled. The credit
|
||||||
|
// already committed to the ledger; this is only the in-app push so an open wallet updates in place.
|
||||||
|
func runPaymentDispatcher(ctx context.Context, p *payments.Service, pub notify.Publisher, log *zap.Logger) {
|
||||||
|
t := time.NewTicker(3 * time.Second)
|
||||||
|
defer t.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-t.C:
|
||||||
|
evs, err := p.UndispatchedEvents(ctx, 50)
|
||||||
|
if err != nil {
|
||||||
|
log.Warn("payment dispatcher: read failed", zap.Error(err))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
for _, e := range evs {
|
||||||
|
pub.Publish(notify.Notification(e.AccountID, notify.NotifyPayment))
|
||||||
|
if err := p.MarkEventDispatched(ctx, e.EventID); err != nil {
|
||||||
|
log.Warn("payment dispatcher: mark failed", zap.String("event", e.EventID.String()), zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// newMailer builds the confirm-code mailer: an SMTP relay when a host is
|
// newMailer builds the confirm-code mailer: an SMTP relay when a host is
|
||||||
// configured, otherwise the development log mailer (the code is logged, not sent).
|
// configured, otherwise the development log mailer (the code is logged, not sent).
|
||||||
func newMailer(cfg account.SMTPConfig, logger *zap.Logger) account.Mailer {
|
func newMailer(cfg account.SMTPConfig, logger *zap.Logger) account.Mailer {
|
||||||
|
|||||||
@@ -0,0 +1,193 @@
|
|||||||
|
// Command dictgen dumps golden parity vectors from the committed dawg
|
||||||
|
// dictionaries so the TypeScript dawg reader can be checked byte-for-byte
|
||||||
|
// against the authoritative Go dafsa reader.
|
||||||
|
//
|
||||||
|
// For each *.dawg file it writes, into the output directory:
|
||||||
|
//
|
||||||
|
// - <name>.words.bin — every stored word as alphabet-index bytes, in index
|
||||||
|
// order, framed as [1-byte length][length index bytes]. The word at stream
|
||||||
|
// position k has IndexOfB == k.
|
||||||
|
// - <name>.neg.bin — negative lookups (sequences whose IndexOfB is -1), same
|
||||||
|
// framing, to exercise the not-found path at varying depths.
|
||||||
|
// - <name>.meta.json — NumAdded/NumNodes/NumEdges plus the alphabet size, for
|
||||||
|
// a header-parse sanity cross-check on the TS side.
|
||||||
|
//
|
||||||
|
// It is a development tool (not built into any service), analogous to
|
||||||
|
// cmd/jetgen. Run it from the repository root:
|
||||||
|
//
|
||||||
|
// go run ./backend/cmd/dictgen -dawg-dir ../scrabble-solver/dawg -out <dir>
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"fmt"
|
||||||
|
"math/rand"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"sort"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
dawg "github.com/iliadenisov/dafsa"
|
||||||
|
)
|
||||||
|
|
||||||
|
// meta is the per-dictionary sanity payload cross-checked by the TS reader.
|
||||||
|
type meta struct {
|
||||||
|
NumAdded int `json:"numAdded"`
|
||||||
|
NumNodes int `json:"numNodes"`
|
||||||
|
NumEdges int `json:"numEdges"`
|
||||||
|
Alphabet int `json:"alphabet"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
dawgDir := flag.String("dawg-dir", "../scrabble-solver/dawg", "directory holding the .dawg files")
|
||||||
|
outDir := flag.String("out", "", "output directory for the golden files (required)")
|
||||||
|
negCount := flag.Int("neg", 20000, "number of negative lookups to emit per dictionary")
|
||||||
|
flag.Parse()
|
||||||
|
|
||||||
|
if *outDir == "" {
|
||||||
|
fail("-out is required")
|
||||||
|
}
|
||||||
|
if err := os.MkdirAll(*outDir, 0o755); err != nil {
|
||||||
|
fail("mkdir out: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
files, err := filepath.Glob(filepath.Join(*dawgDir, "*.dawg"))
|
||||||
|
if err != nil {
|
||||||
|
fail("glob: %v", err)
|
||||||
|
}
|
||||||
|
sort.Strings(files)
|
||||||
|
if len(files) == 0 {
|
||||||
|
fail("no .dawg files in %s", *dawgDir)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, f := range files {
|
||||||
|
if err := process(f, *outDir, *negCount); err != nil {
|
||||||
|
fail("%s: %v", filepath.Base(f), err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// process emits the golden files for a single dawg dictionary.
|
||||||
|
func process(path, outDir string, negCount int) error {
|
||||||
|
name := strings.TrimSuffix(filepath.Base(path), ".dawg")
|
||||||
|
|
||||||
|
data, err := os.ReadFile(path)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
finder, err := dawg.Read(bytes.NewReader(data), 0)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("read dawg: %w", err)
|
||||||
|
}
|
||||||
|
defer finder.Close()
|
||||||
|
|
||||||
|
// Stream every stored word in index order; keep a decimated sample and the
|
||||||
|
// maximum alphabet index for negative generation.
|
||||||
|
wf, err := os.Create(filepath.Join(outDir, name+".words.bin"))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
bw := bufio.NewWriter(wf)
|
||||||
|
|
||||||
|
var (
|
||||||
|
count int
|
||||||
|
maxIx byte
|
||||||
|
sample [][]byte
|
||||||
|
)
|
||||||
|
finder.EnumerateB(func(index int, word []byte, final bool) int {
|
||||||
|
if !final {
|
||||||
|
return 0 // Continue
|
||||||
|
}
|
||||||
|
if index != count {
|
||||||
|
panic(fmt.Sprintf("%s: enumerate index gap: got %d want %d", name, index, count))
|
||||||
|
}
|
||||||
|
writeWord(bw, word)
|
||||||
|
for _, b := range word {
|
||||||
|
if b > maxIx {
|
||||||
|
maxIx = b
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if count%4 == 0 && len(sample) < 60000 {
|
||||||
|
sample = append(sample, append([]byte(nil), word...))
|
||||||
|
}
|
||||||
|
count++
|
||||||
|
return 0 // Continue
|
||||||
|
})
|
||||||
|
if err := bw.Flush(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := wf.Close(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if count != finder.NumAdded() {
|
||||||
|
return fmt.Errorf("word count %d != NumAdded %d", count, finder.NumAdded())
|
||||||
|
}
|
||||||
|
|
||||||
|
alphabet := int(maxIx) + 1
|
||||||
|
|
||||||
|
// Negatives: mutate sampled real words and keep the ones the reader rejects.
|
||||||
|
nf, err := os.Create(filepath.Join(outDir, name+".neg.bin"))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
nbw := bufio.NewWriter(nf)
|
||||||
|
rng := rand.New(rand.NewSource(1))
|
||||||
|
neg := 0
|
||||||
|
for neg < negCount && len(sample) > 0 {
|
||||||
|
base := sample[rng.Intn(len(sample))]
|
||||||
|
cand := append([]byte(nil), base...)
|
||||||
|
switch rng.Intn(3) {
|
||||||
|
case 0: // extend by one index
|
||||||
|
cand = append(cand, byte(rng.Intn(alphabet)))
|
||||||
|
case 1: // flip one index
|
||||||
|
if len(cand) > 0 {
|
||||||
|
cand[rng.Intn(len(cand))] = byte(rng.Intn(alphabet))
|
||||||
|
}
|
||||||
|
case 2: // drop the tail and flip the new last index
|
||||||
|
if len(cand) > 1 {
|
||||||
|
cand = cand[:len(cand)-1]
|
||||||
|
cand[len(cand)-1] = byte(rng.Intn(alphabet))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if finder.IndexOfB(cand) == -1 {
|
||||||
|
writeWord(nbw, cand)
|
||||||
|
neg++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := nbw.Flush(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := nf.Close(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
m := meta{NumAdded: finder.NumAdded(), NumNodes: finder.NumNodes(), NumEdges: finder.NumEdges(), Alphabet: alphabet}
|
||||||
|
mb, err := json.MarshalIndent(m, "", " ")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := os.WriteFile(filepath.Join(outDir, name+".meta.json"), mb, 0o644); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("%-12s words=%d negatives=%d alphabet=%d nodes=%d edges=%d\n",
|
||||||
|
name, count, neg, alphabet, finder.NumNodes(), finder.NumEdges())
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// writeWord frames one index-byte word as [length][bytes].
|
||||||
|
func writeWord(w *bufio.Writer, word []byte) {
|
||||||
|
if len(word) > 255 {
|
||||||
|
panic(fmt.Sprintf("word too long to frame: %d", len(word)))
|
||||||
|
}
|
||||||
|
w.WriteByte(byte(len(word)))
|
||||||
|
w.Write(word)
|
||||||
|
}
|
||||||
|
|
||||||
|
func fail(format string, args ...any) {
|
||||||
|
fmt.Fprintf(os.Stderr, "dictgen: "+format+"\n", args...)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
@@ -9,7 +9,8 @@
|
|||||||
// 1. start a postgres:17-alpine container via testcontainers-go
|
// 1. start a postgres:17-alpine container via testcontainers-go
|
||||||
// 2. open it with search_path=backend and apply the embedded goose migrations
|
// 2. open it with search_path=backend and apply the embedded goose migrations
|
||||||
// 3. drop goose's bookkeeping table so jet does not generate a model for it
|
// 3. drop goose's bookkeeping table so jet does not generate a model for it
|
||||||
// 4. run jet's PostgreSQL generator for schema=backend into internal/postgres/jet
|
// 4. run jet's PostgreSQL generator for the backend and payments schemas into
|
||||||
|
// internal/postgres/jet (one subdirectory per schema)
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@@ -36,6 +37,7 @@ const (
|
|||||||
superuserPassword = "scrabble"
|
superuserPassword = "scrabble"
|
||||||
superuserDatabase = "scrabble_backend"
|
superuserDatabase = "scrabble_backend"
|
||||||
backendSchema = "backend"
|
backendSchema = "backend"
|
||||||
|
paymentsSchema = "payments"
|
||||||
containerStartup = 90 * time.Second
|
containerStartup = 90 * time.Second
|
||||||
jetOutputDirSuffix = "internal/postgres/jet"
|
jetOutputDirSuffix = "internal/postgres/jet"
|
||||||
)
|
)
|
||||||
@@ -105,11 +107,16 @@ func run(ctx context.Context) error {
|
|||||||
return fmt.Errorf("drop goose_db_version: %w", err)
|
return fmt.Errorf("drop goose_db_version: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := jetpostgres.GenerateDB(db, backendSchema, outputDir); err != nil {
|
// Each schema generates into its own jet/<schema>/ subdirectory (the
|
||||||
return fmt.Errorf("jet generate: %w", err)
|
// generator wipes only that subtree), so the two calls do not clobber each
|
||||||
|
// other. GenerateDB takes the schema explicitly, so the connection's
|
||||||
|
// search_path=backend does not affect the payments introspection.
|
||||||
|
for _, schema := range []string{backendSchema, paymentsSchema} {
|
||||||
|
if err := jetpostgres.GenerateDB(db, schema, outputDir); err != nil {
|
||||||
|
return fmt.Errorf("jet generate schema=%s: %w", schema, err)
|
||||||
|
}
|
||||||
|
log.Printf("jetgen: generated jet code into %s (schema=%s)", outputDir, schema)
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("jetgen: generated jet code into %s (schema=%s)", outputDir, backendSchema)
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,417 @@
|
|||||||
|
// Command movegen emits golden conformance fixtures for the client-side move
|
||||||
|
// generator port (ui/src/lib/dict). It is a dev tool, run by hand; its output is
|
||||||
|
// committed so the TypeScript parity tests run without a Go toolchain.
|
||||||
|
//
|
||||||
|
// For each small sample dictionary (English and Russian — the latter reaches
|
||||||
|
// alphabet index 32, exercising the 33-letter cross-set boundary) it writes:
|
||||||
|
//
|
||||||
|
// - sample_<tag>.dawg the serialized dictionary (the reader/cursor fixture)
|
||||||
|
// - sample_<tag>.words.json the stored words + their alphabet indexes
|
||||||
|
// - sample_<tag>.gen.json ranked move-generation results from the real solver,
|
||||||
|
// for a handful of positions, plus the ruleset the TS
|
||||||
|
// side rebuilds to score identically
|
||||||
|
//
|
||||||
|
// Positions are built with only the solver's public API: an empty board, and
|
||||||
|
// two-ply positions reached by applying the solver's own top move (so no internal
|
||||||
|
// encoding is needed). Regenerate with:
|
||||||
|
//
|
||||||
|
// go run ./backend/cmd/movegen -out ui/src/lib/dict/testdata
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/board"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rack"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rules"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/scrabble"
|
||||||
|
dawg "github.com/iliadenisov/dafsa"
|
||||||
|
)
|
||||||
|
|
||||||
|
// sampleWordsEN is the English sample dictionary, in strictly increasing
|
||||||
|
// alphabet-index order (the builder requires it). Shared prefixes (car/care/cars),
|
||||||
|
// shared suffixes (cats/dogs), internal-final nodes (do, an) and a one-letter word.
|
||||||
|
var sampleWordsEN = []string{
|
||||||
|
"a", "an", "and", "ant",
|
||||||
|
"car", "care", "cared", "cares", "cars", "cat", "cats",
|
||||||
|
"do", "doe", "does", "dog", "dogs", "done", "dot",
|
||||||
|
}
|
||||||
|
|
||||||
|
// sampleWordsRU is the Russian sample dictionary, in strictly increasing index
|
||||||
|
// order. It deliberately includes words starting with я (index 32) so the ported
|
||||||
|
// cross-set handles alphabet indexes past JS's 31-bit shift boundary.
|
||||||
|
var sampleWordsRU = []string{"ад", "ар", "оса", "я", "яд", "яр"}
|
||||||
|
|
||||||
|
// sampleFixture is the JSON committed with the .dawg so the TypeScript cursor test
|
||||||
|
// knows the exact word set (as alphabet indexes) to expect from enumeration.
|
||||||
|
type sampleFixture struct {
|
||||||
|
Alphabet string `json:"alphabet"`
|
||||||
|
NumAdded int `json:"numAdded"`
|
||||||
|
Words []string `json:"words"`
|
||||||
|
Indexes [][]int `json:"indexes"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// genFixture is the move-generation golden set for one sample dictionary.
|
||||||
|
type genFixture struct {
|
||||||
|
Ruleset genRuleset `json:"ruleset"`
|
||||||
|
Cases []genCase `json:"cases"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// genRuleset is the scoring data the TS side rebuilds so evaluate() matches the Go
|
||||||
|
// solver: letter values, premium multipliers per square, the centre, rack size and bonus.
|
||||||
|
type genRuleset struct {
|
||||||
|
Size int `json:"size"`
|
||||||
|
Cols int `json:"cols"`
|
||||||
|
Center int `json:"center"`
|
||||||
|
RackSize int `json:"rackSize"`
|
||||||
|
Bingo int `json:"bingo"`
|
||||||
|
Values []int `json:"values"`
|
||||||
|
LetterMult [][]int `json:"letterMult"`
|
||||||
|
WordMult [][]int `json:"wordMult"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// genTile is one placed tile (a board tile or a move placement).
|
||||||
|
type genTile struct {
|
||||||
|
Row int `json:"row"`
|
||||||
|
Col int `json:"col"`
|
||||||
|
Letter int `json:"letter"`
|
||||||
|
Blank bool `json:"blank"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// genRack is a rack as a multiset of letter indexes plus a blank count.
|
||||||
|
type genRack struct {
|
||||||
|
Letters []int `json:"letters"`
|
||||||
|
Blanks int `json:"blanks"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// genMove is one ranked generated play: its orientation, placed tiles and total score.
|
||||||
|
type genMove struct {
|
||||||
|
Dir int `json:"dir"`
|
||||||
|
Tiles []genTile `json:"tiles"`
|
||||||
|
Score int `json:"score"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// genCase is one generation position: the tiles already on the board (empty when
|
||||||
|
// none), the rack, the mode/rule and the ranked moves the solver returns.
|
||||||
|
type genCase struct {
|
||||||
|
Name string `json:"name"`
|
||||||
|
Placed []genTile `json:"placed"`
|
||||||
|
Rack genRack `json:"rack"`
|
||||||
|
Mode int `json:"mode"`
|
||||||
|
IgnoreCrossWords bool `json:"ignoreCrossWords"`
|
||||||
|
Moves []genMove `json:"moves"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
out := flag.String("out", "ui/src/lib/dict/testdata", "output directory for fixtures")
|
||||||
|
dawgDir := flag.String("dawg-dir", "", "when set, emit real-dictionary move-gen golden from the .dawg files in this dir (conformance mode) instead of the committed samples")
|
||||||
|
flag.Parse()
|
||||||
|
|
||||||
|
if err := os.MkdirAll(*out, 0o755); err != nil {
|
||||||
|
log.Fatalf("movegen: mkdir %s: %v", *out, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if *dawgDir != "" {
|
||||||
|
buildReal(*dawgDir, *out)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
emitRulesets()
|
||||||
|
|
||||||
|
buildSample(*out, "en", rules.English(), sampleWordsEN, []genCase{
|
||||||
|
emptyCase("empty-cared", englishRack("caredts", 0), scrabble.Both, false),
|
||||||
|
emptyCase("empty-dogs", englishRack("dogsent", 0), scrabble.Both, false),
|
||||||
|
emptyCase("empty-blank", englishRack("caret", 1), scrabble.Both, false),
|
||||||
|
emptyCase("empty-single-word", englishRack("caredts", 0), scrabble.Both, true),
|
||||||
|
})
|
||||||
|
|
||||||
|
buildSample(*out, "ru", rules.RussianScrabble(), sampleWordsRU, []genCase{
|
||||||
|
emptyCase("empty-yad", russianRack("ядрасо", 0), scrabble.Both, false),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// buildSample writes the dawg, the word fixture and the generation golden set for
|
||||||
|
// one sample dictionary. Two-ply cases are appended: the solver's own top move from
|
||||||
|
// the first non-empty result is applied, then generation runs again on the new rack.
|
||||||
|
func buildSample(out, tag string, rs *rules.Ruleset, words []string, cases []genCase) {
|
||||||
|
idx := rs.Alphabet
|
||||||
|
b := dawg.New(idx)
|
||||||
|
indexes := make([][]int, 0, len(words))
|
||||||
|
for _, w := range words {
|
||||||
|
if err := b.Add(w); err != nil {
|
||||||
|
log.Fatalf("movegen[%s]: add %q: %v", tag, w, err)
|
||||||
|
}
|
||||||
|
enc, err := idx.Encode(w)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("movegen[%s]: encode %q: %v", tag, w, err)
|
||||||
|
}
|
||||||
|
ints := make([]int, len(enc))
|
||||||
|
for i, x := range enc {
|
||||||
|
ints[i] = int(x)
|
||||||
|
}
|
||||||
|
indexes = append(indexes, ints)
|
||||||
|
}
|
||||||
|
finder := b.Finish()
|
||||||
|
|
||||||
|
writeJSON(filepath.Join(out, "sample_"+tag+".words.json"), sampleFixture{
|
||||||
|
Alphabet: tag, NumAdded: finder.NumAdded(), Words: words, Indexes: indexes,
|
||||||
|
})
|
||||||
|
dawgPath := filepath.Join(out, "sample_"+tag+".dawg")
|
||||||
|
if _, err := finder.Save(dawgPath); err != nil {
|
||||||
|
log.Fatalf("movegen[%s]: save %s: %v", tag, dawgPath, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
s := scrabble.NewSolver(rs, finder)
|
||||||
|
for i := range cases {
|
||||||
|
runCase(s, rs, &cases[i], nil)
|
||||||
|
}
|
||||||
|
// A two-ply position from the first standard case that produced a move.
|
||||||
|
if two := twoPly(s, rs, cases); two != nil {
|
||||||
|
cases = append(cases, *two)
|
||||||
|
}
|
||||||
|
|
||||||
|
writeJSON(filepath.Join(out, "sample_"+tag+".gen.json"), genFixture{
|
||||||
|
Ruleset: rulesetOf(rs), Cases: cases,
|
||||||
|
})
|
||||||
|
log.Printf("movegen[%s]: %d words, %d cases", tag, finder.NumAdded(), len(cases))
|
||||||
|
}
|
||||||
|
|
||||||
|
// realVariant maps a shipped dictionary file to the ruleset that scores it and the racks
|
||||||
|
// the conformance positions use. smallRack/blankRack keep the first-move (empty board)
|
||||||
|
// lists bounded on a dense dictionary; fullRack drives a deep 7-tile mid-game position,
|
||||||
|
// kept small by the anchors around the already-placed word.
|
||||||
|
type realVariant struct {
|
||||||
|
file, variant, smallRack, blankRack, fullRack string
|
||||||
|
rs *rules.Ruleset
|
||||||
|
}
|
||||||
|
|
||||||
|
// buildReal emits move-generation golden from the real shipped dictionaries in dawgDir —
|
||||||
|
// the full alphabets and deep graphs the tiny samples cannot reach — one
|
||||||
|
// <variant>.movegen.json per variant. Like the dictgen/validategen vectors it is
|
||||||
|
// regenerated in CI and never committed, so it pins no dictionary version into the repo.
|
||||||
|
func buildReal(dawgDir, out string) {
|
||||||
|
reals := []realVariant{
|
||||||
|
{"en_sowpods", "scrabble_en", "aine", "ain", "aeinrst", rules.English()},
|
||||||
|
{"ru_scrabble", "scrabble_ru", "аеин", "аен", "аеиноср", rules.RussianScrabble()},
|
||||||
|
{"ru_erudit", "erudit_ru", "аеин", "аен", "аеиноср", rules.Erudit()},
|
||||||
|
}
|
||||||
|
for _, v := range reals {
|
||||||
|
data, err := os.ReadFile(filepath.Join(dawgDir, v.file+".dawg"))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("movegen[%s]: read dawg: %v", v.variant, err)
|
||||||
|
}
|
||||||
|
finder, err := dawg.Read(bytes.NewReader(data), 0)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("movegen[%s]: parse dawg: %v", v.variant, err)
|
||||||
|
}
|
||||||
|
s := scrabble.NewSolver(v.rs, finder)
|
||||||
|
|
||||||
|
cases := []genCase{
|
||||||
|
emptyCase("first-move", encRack(v.rs, v.smallRack, 0), scrabble.Both, false),
|
||||||
|
emptyCase("first-move-blank", encRack(v.rs, v.blankRack, 1), scrabble.Both, false),
|
||||||
|
}
|
||||||
|
for i := range cases {
|
||||||
|
runCase(s, v.rs, &cases[i], nil)
|
||||||
|
}
|
||||||
|
// A deep 7-tile mid-game: place the top first move, then generate again. The
|
||||||
|
// anchors around the placed word bound the list while still exercising a full rack,
|
||||||
|
// deep left/right extension and wide cross-sets over the real graph.
|
||||||
|
full := encRack(v.rs, v.fullRack, 0)
|
||||||
|
b := board.New(v.rs.Rows, v.rs.Cols)
|
||||||
|
if m1 := s.GenerateMovesOpts(b, toRack(v.rs.Size(), full), scrabble.Both, scrabble.PlayOptions{}); len(m1) > 0 {
|
||||||
|
mid := genCase{Name: "mid-game", Rack: full, Mode: int(scrabble.Both)}
|
||||||
|
runCase(s, v.rs, &mid, tilesOf(m1[0].Tiles))
|
||||||
|
cases = append(cases, mid)
|
||||||
|
}
|
||||||
|
|
||||||
|
writeJSON(filepath.Join(out, v.variant+".movegen.json"), genFixture{Ruleset: rulesetOf(v.rs), Cases: cases})
|
||||||
|
total := 0
|
||||||
|
for _, c := range cases {
|
||||||
|
total += len(c.Moves)
|
||||||
|
}
|
||||||
|
_ = finder.Close()
|
||||||
|
log.Printf("movegen[%s]: %d cases, %d golden moves", v.variant, len(cases), total)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// encRack encodes a rack given as the variant's letters (plus a blank count) into the
|
||||||
|
// index-based genRack the fixtures carry.
|
||||||
|
func encRack(rs *rules.Ruleset, letters string, blanks int) genRack {
|
||||||
|
enc, err := rs.Alphabet.Encode(letters)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("movegen: encode rack %q: %v", letters, err)
|
||||||
|
}
|
||||||
|
idx := make([]int, len(enc))
|
||||||
|
for i, b := range enc {
|
||||||
|
idx[i] = int(b)
|
||||||
|
}
|
||||||
|
return genRack{Letters: idx, Blanks: blanks}
|
||||||
|
}
|
||||||
|
|
||||||
|
// runCase fills a case's Moves by generating on a board holding the given placed
|
||||||
|
// tiles (nil = empty board).
|
||||||
|
func runCase(s *scrabble.Solver, rs *rules.Ruleset, c *genCase, placed []genTile) {
|
||||||
|
bd := board.New(rs.Rows, rs.Cols)
|
||||||
|
for _, t := range placed {
|
||||||
|
bd.Set(t.Row, t.Col, cellByte(t.Letter, t.Blank))
|
||||||
|
}
|
||||||
|
c.Placed = placed
|
||||||
|
rk := toRack(rs.Size(), c.Rack)
|
||||||
|
moves := s.GenerateMovesOpts(bd, rk, scrabble.Mode(c.Mode), scrabble.PlayOptions{IgnoreCrossWords: c.IgnoreCrossWords})
|
||||||
|
c.Moves = movesOf(moves)
|
||||||
|
}
|
||||||
|
|
||||||
|
// twoPly reaches a mid-game position by applying the top move of the first standard
|
||||||
|
// case that generated one, then generates again with a fresh rack of the same tiles.
|
||||||
|
func twoPly(s *scrabble.Solver, rs *rules.Ruleset, cases []genCase) *genCase {
|
||||||
|
for _, c := range cases {
|
||||||
|
if c.IgnoreCrossWords || len(c.Moves) == 0 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
placed := c.Moves[0].Tiles
|
||||||
|
next := genCase{Name: "two-ply", Rack: c.Rack, Mode: int(scrabble.Both)}
|
||||||
|
runCase(s, rs, &next, placed)
|
||||||
|
return &next
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// cellByte encodes a board cell the way internal/encoding.Cell does (bits 0-5 hold
|
||||||
|
// letter+1, bit 7 marks a blank). Duplicated here because that package is internal
|
||||||
|
// to the solver module and cannot be imported.
|
||||||
|
func cellByte(letter int, blank bool) byte {
|
||||||
|
v := byte(letter+1) & 0x3f
|
||||||
|
if blank {
|
||||||
|
v |= 0x80
|
||||||
|
}
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
|
func toRack(size int, r genRack) rack.Rack {
|
||||||
|
rk := rack.New(size)
|
||||||
|
for _, l := range r.Letters {
|
||||||
|
rk.Add(byte(l))
|
||||||
|
}
|
||||||
|
for i := 0; i < r.Blanks; i++ {
|
||||||
|
rk.AddBlank()
|
||||||
|
}
|
||||||
|
return rk
|
||||||
|
}
|
||||||
|
|
||||||
|
func rulesetOf(rs *rules.Ruleset) genRuleset {
|
||||||
|
lm := make([][]int, rs.Rows)
|
||||||
|
wm := make([][]int, rs.Rows)
|
||||||
|
for r := 0; r < rs.Rows; r++ {
|
||||||
|
lm[r] = make([]int, rs.Cols)
|
||||||
|
wm[r] = make([]int, rs.Cols)
|
||||||
|
for c := 0; c < rs.Cols; c++ {
|
||||||
|
p := rs.Premium(r, c)
|
||||||
|
lm[r][c] = p.LetterMult()
|
||||||
|
wm[r][c] = p.WordMult()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return genRuleset{
|
||||||
|
Size: rs.Size(), Cols: rs.Cols, Center: rs.Center, RackSize: rs.RackSize,
|
||||||
|
Bingo: rs.Bingo, Values: rs.Values, LetterMult: lm, WordMult: wm,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func movesOf(ms []scrabble.Move) []genMove {
|
||||||
|
out := make([]genMove, len(ms))
|
||||||
|
for i, m := range ms {
|
||||||
|
out[i] = genMove{Dir: int(m.Dir), Tiles: tilesOf(m.Tiles), Score: m.Score}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
func tilesOf(ps []scrabble.Placement) []genTile {
|
||||||
|
out := make([]genTile, len(ps))
|
||||||
|
for i, p := range ps {
|
||||||
|
out[i] = genTile{Row: p.Row, Col: p.Col, Letter: int(p.Letter), Blank: p.Blank}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// emptyCase builds an empty-board case (Moves filled later by runCase).
|
||||||
|
func emptyCase(name string, r genRack, mode scrabble.Mode, ignoreCross bool) genCase {
|
||||||
|
return genCase{Name: name, Rack: r, Mode: int(mode), IgnoreCrossWords: ignoreCross}
|
||||||
|
}
|
||||||
|
|
||||||
|
// englishRack builds a rack from lowercase a-z letters (index = letter-'a').
|
||||||
|
func englishRack(letters string, blanks int) genRack {
|
||||||
|
idx := make([]int, 0, len(letters))
|
||||||
|
for _, ch := range letters {
|
||||||
|
idx = append(idx, int(ch-'a'))
|
||||||
|
}
|
||||||
|
return genRack{Letters: idx, Blanks: blanks}
|
||||||
|
}
|
||||||
|
|
||||||
|
// russianRack builds a rack from the Russian sample letters used above.
|
||||||
|
func russianRack(letters string, blanks int) genRack {
|
||||||
|
m := map[rune]int{'а': 0, 'д': 4, 'о': 15, 'р': 17, 'с': 18, 'я': 32}
|
||||||
|
idx := make([]int, 0, len([]rune(letters)))
|
||||||
|
for _, ch := range letters {
|
||||||
|
i, ok := m[ch]
|
||||||
|
if !ok {
|
||||||
|
log.Fatalf("movegen: russianRack: no index for %q", string(ch))
|
||||||
|
}
|
||||||
|
idx = append(idx, i)
|
||||||
|
}
|
||||||
|
return genRack{Letters: idx, Blanks: blanks}
|
||||||
|
}
|
||||||
|
|
||||||
|
// emitRulesets writes the per-variant static ruleset data (tile values, bag counts, blanks,
|
||||||
|
// bingo, rack size) the offline engine mirrors in ui/src/lib/localgame/ruleset.ts, so a TS
|
||||||
|
// parity test can pin that hand-copied table to the Go rulesets (scrabble-solver/rules).
|
||||||
|
func emitRulesets() {
|
||||||
|
type rsFix struct {
|
||||||
|
Size int `json:"size"`
|
||||||
|
RackSize int `json:"rackSize"`
|
||||||
|
Bingo int `json:"bingo"`
|
||||||
|
Blanks int `json:"blanks"`
|
||||||
|
Values []int `json:"values"`
|
||||||
|
Counts []int `json:"counts"`
|
||||||
|
Letters []string `json:"letters"`
|
||||||
|
}
|
||||||
|
out := map[string]rsFix{}
|
||||||
|
for _, v := range []struct {
|
||||||
|
name string
|
||||||
|
rs *rules.Ruleset
|
||||||
|
}{
|
||||||
|
{"scrabble_en", rules.English()},
|
||||||
|
{"scrabble_ru", rules.RussianScrabble()},
|
||||||
|
{"erudit_ru", rules.Erudit()},
|
||||||
|
} {
|
||||||
|
letters := make([]string, v.rs.Size())
|
||||||
|
for i := range letters {
|
||||||
|
ch, err := v.rs.Alphabet.Character(byte(i))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("movegen: %s letter %d: %v", v.name, i, err)
|
||||||
|
}
|
||||||
|
letters[i] = strings.ToUpper(ch)
|
||||||
|
}
|
||||||
|
out[v.name] = rsFix{Size: v.rs.Size(), RackSize: v.rs.RackSize, Bingo: v.rs.Bingo, Blanks: v.rs.Blanks, Values: v.rs.Values, Counts: v.rs.Counts, Letters: letters}
|
||||||
|
}
|
||||||
|
dir := filepath.Join("ui", "src", "lib", "localgame", "testdata")
|
||||||
|
if err := os.MkdirAll(dir, 0o755); err != nil {
|
||||||
|
log.Fatalf("movegen: mkdir %s: %v", dir, err)
|
||||||
|
}
|
||||||
|
writeJSON(filepath.Join(dir, "rulesets.json"), out)
|
||||||
|
log.Printf("movegen: wrote %s (3 variants)", filepath.Join(dir, "rulesets.json"))
|
||||||
|
}
|
||||||
|
|
||||||
|
func writeJSON(path string, v any) {
|
||||||
|
data, err := json.MarshalIndent(v, "", " ")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("movegen: marshal %s: %v", path, err)
|
||||||
|
}
|
||||||
|
if err := os.WriteFile(path, append(data, '\n'), 0o644); err != nil {
|
||||||
|
log.Fatalf("movegen: write %s: %v", path, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,486 @@
|
|||||||
|
// Command validategen produces golden conformance fixtures for the TypeScript
|
||||||
|
// move validator (ui/src/lib/dict/validate.ts). For each variant it self-plays
|
||||||
|
// greedy games with the authoritative scrabble-solver engine to build realistic
|
||||||
|
// board positions, then records a battery of candidate plays — the engine's own
|
||||||
|
// top move, letter-mutated variants, random scatters and (on the empty board) an
|
||||||
|
// off-centre translation — each paired with the ground-truth result of
|
||||||
|
// ValidatePlayOpts (legal, score, the words formed). The TS conformance test
|
||||||
|
// replays these and must agree exactly.
|
||||||
|
//
|
||||||
|
// It is a development tool (not built into any service), analogous to
|
||||||
|
// cmd/dictgen. Run it from the repository root:
|
||||||
|
//
|
||||||
|
// go run ./backend/cmd/validategen -dawg-dir ../scrabble-solver/dawg -out <dir>
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"fmt"
|
||||||
|
"math/rand"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/board"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rack"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rules"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/scrabble"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/selfplay"
|
||||||
|
dawg "github.com/iliadenisov/dafsa"
|
||||||
|
)
|
||||||
|
|
||||||
|
// blankTile marks a blank tile in a drawn hand (matches selfplay).
|
||||||
|
const blankTile byte = 0xff
|
||||||
|
|
||||||
|
// variantSpec pairs a variant label with its ruleset and dawg file.
|
||||||
|
type variantSpec struct {
|
||||||
|
name string
|
||||||
|
rules *rules.Ruleset
|
||||||
|
dawg string
|
||||||
|
}
|
||||||
|
|
||||||
|
// cell is an occupied board square or a placement (alphabet-index letter).
|
||||||
|
type cell struct {
|
||||||
|
R, C, Letter int
|
||||||
|
Blank bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// word mirrors scrabble.Word in index space.
|
||||||
|
type word struct {
|
||||||
|
Row, Col, Dir int
|
||||||
|
Letters []int
|
||||||
|
Blanks []bool
|
||||||
|
Score int
|
||||||
|
}
|
||||||
|
|
||||||
|
// fixture is one candidate play with the engine's ground-truth verdict.
|
||||||
|
type fixture struct {
|
||||||
|
Board int `json:"board"` // index into the boards list
|
||||||
|
Dir int `json:"dir"`
|
||||||
|
IgnoreCrossWords bool `json:"ignoreCrossWords"`
|
||||||
|
Tiles []cell `json:"tiles"`
|
||||||
|
Legal bool `json:"legal"`
|
||||||
|
Score int `json:"score"`
|
||||||
|
Bonus int `json:"bonus"`
|
||||||
|
Main *word `json:"main,omitempty"`
|
||||||
|
Cross []word `json:"cross,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// alphaEntry mirrors one row of the per-variant alphabet table the server sends the
|
||||||
|
// client (index, concrete letter as the ruleset emits it, tile value), so the adapter
|
||||||
|
// cross-test can drive the letter-space client path exactly as production does.
|
||||||
|
type alphaEntry struct {
|
||||||
|
Index int `json:"index"`
|
||||||
|
Letter string `json:"letter"`
|
||||||
|
Value int `json:"value"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// variantFile is the whole conformance payload for one variant.
|
||||||
|
type variantFile struct {
|
||||||
|
Variant string `json:"variant"`
|
||||||
|
Rows int `json:"rows"`
|
||||||
|
Cols int `json:"cols"`
|
||||||
|
Center int `json:"center"`
|
||||||
|
RackSize int `json:"rackSize"`
|
||||||
|
Bingo int `json:"bingo"`
|
||||||
|
Values []int `json:"values"`
|
||||||
|
Premiums []int `json:"premiums"` // row-major rules.Premium codes
|
||||||
|
Alphabet []alphaEntry `json:"alphabet"`
|
||||||
|
Boards [][]cell `json:"boards"`
|
||||||
|
Fixtures []fixture `json:"fixtures"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
dawgDir := flag.String("dawg-dir", "../scrabble-solver/dawg", "directory holding the .dawg files")
|
||||||
|
outDir := flag.String("out", "", "output directory for the fixture files (required)")
|
||||||
|
games := flag.Int("games", 6, "self-play games per (variant, rule)")
|
||||||
|
plies := flag.Int("plies", 40, "maximum plies captured per game")
|
||||||
|
flag.Parse()
|
||||||
|
if *outDir == "" {
|
||||||
|
fail("-out is required")
|
||||||
|
}
|
||||||
|
if err := os.MkdirAll(*outDir, 0o755); err != nil {
|
||||||
|
fail("mkdir out: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
specs := []variantSpec{
|
||||||
|
{"scrabble_en", rules.English(), "en_sowpods.dawg"},
|
||||||
|
{"scrabble_ru", rules.RussianScrabble(), "ru_scrabble.dawg"},
|
||||||
|
{"erudit_ru", rules.Erudit(), "ru_erudit.dawg"},
|
||||||
|
}
|
||||||
|
for _, sp := range specs {
|
||||||
|
if err := generate(sp, *dawgDir, *outDir, *games, *plies); err != nil {
|
||||||
|
fail("%s: %v", sp.name, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func generate(sp variantSpec, dawgDir, outDir string, games, plies int) error {
|
||||||
|
data, err := os.ReadFile(filepath.Join(dawgDir, sp.dawg))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
finder, err := dawg.Read(bytes.NewReader(data), 0)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("read dawg: %w", err)
|
||||||
|
}
|
||||||
|
defer finder.Close()
|
||||||
|
|
||||||
|
rs := sp.rules
|
||||||
|
solver := scrabble.NewSolver(rs, finder)
|
||||||
|
|
||||||
|
out := variantFile{
|
||||||
|
Variant: sp.name, Rows: rs.Rows, Cols: rs.Cols, Center: rs.Center,
|
||||||
|
RackSize: rs.RackSize, Bingo: rs.Bingo, Values: rs.Values,
|
||||||
|
Premiums: premiumCodes(rs), Alphabet: alphabetOf(rs),
|
||||||
|
}
|
||||||
|
|
||||||
|
// Capture under both the standard rule and the single-word rule, building the
|
||||||
|
// board with the same rule so positions are reachable under it.
|
||||||
|
for _, ignore := range []bool{false, true} {
|
||||||
|
opts := scrabble.PlayOptions{IgnoreCrossWords: ignore}
|
||||||
|
for g := range games {
|
||||||
|
seed := int64(g*1000) + boolseed(ignore) + variantSeed(sp.name)
|
||||||
|
playAndCapture(&out, rs, solver, opts, seed, plies)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
b, err := json.Marshal(&out)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := os.WriteFile(filepath.Join(outDir, sp.name+".fixtures.json"), b, 0o644); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
fmt.Printf("%-12s boards=%d fixtures=%d\n", sp.name, len(out.Boards), len(out.Fixtures))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// playAndCapture greedily self-plays one game, recording candidate plays against
|
||||||
|
// each board position along the way.
|
||||||
|
func playAndCapture(out *variantFile, rs *rules.Ruleset, solver *scrabble.Solver, opts scrabble.PlayOptions, seed int64, plies int) {
|
||||||
|
rng := rand.New(rand.NewSource(seed))
|
||||||
|
bag := selfplay.NewBag(rs, seed)
|
||||||
|
b := board.New(rs.Rows, rs.Cols)
|
||||||
|
hands := [2][]byte{bag.Draw(rs.RackSize), bag.Draw(rs.RackSize)}
|
||||||
|
|
||||||
|
passes := 0
|
||||||
|
for turn := range plies {
|
||||||
|
p := turn % 2
|
||||||
|
rk := rackOf(hands[p], rs.Size())
|
||||||
|
moves := solver.GenerateMovesOpts(b, rk, scrabble.Both, opts)
|
||||||
|
if len(moves) == 0 {
|
||||||
|
if passes++; passes >= 4 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
passes = 0
|
||||||
|
top := moves[0]
|
||||||
|
|
||||||
|
boardIdx := len(out.Boards)
|
||||||
|
out.Boards = append(out.Boards, boardCells(b))
|
||||||
|
captureCandidates(out, rs, solver, opts, b, boardIdx, top, rng)
|
||||||
|
|
||||||
|
scrabble.Apply(b, top)
|
||||||
|
hands[p] = removeUsed(hands[p], top)
|
||||||
|
if need := rs.RackSize - len(hands[p]); need > 0 {
|
||||||
|
hands[p] = append(hands[p], bag.Draw(need)...)
|
||||||
|
}
|
||||||
|
if len(hands[p]) == 0 && bag.Len() == 0 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// captureCandidates records the engine's top move plus derived candidates for one
|
||||||
|
// board, each with its ValidatePlayOpts verdict.
|
||||||
|
func captureCandidates(out *variantFile, rs *rules.Ruleset, solver *scrabble.Solver, opts scrabble.PlayOptions, b *board.Board, boardIdx int, top scrabble.Move, rng *rand.Rand) {
|
||||||
|
size := rs.Size()
|
||||||
|
record := func(tiles []scrabble.Placement) {
|
||||||
|
if len(tiles) == 0 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
out.Fixtures = append(out.Fixtures, makeFixture(solver, opts, b, boardIdx, tiles))
|
||||||
|
}
|
||||||
|
|
||||||
|
// The engine's own top move (legal).
|
||||||
|
record(top.Tiles)
|
||||||
|
|
||||||
|
// Letter-mutated variants: usually reject on the dictionary, occasionally form
|
||||||
|
// a different legal word.
|
||||||
|
for range 3 {
|
||||||
|
mut := clonePlacements(top.Tiles)
|
||||||
|
i := rng.Intn(len(mut))
|
||||||
|
mut[i].Letter = byte((int(mut[i].Letter) + 1 + rng.Intn(size-1)) % size)
|
||||||
|
record(mut)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Random scatters: exercise geometry, dictionary and connectivity paths.
|
||||||
|
for range 3 {
|
||||||
|
record(randomScatter(b, size, 2+rng.Intn(4), rng))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Single tiles abutting the board exercise the direction inference — a single
|
||||||
|
// tile is ambiguous, its orientation resolved from which axis it extends.
|
||||||
|
for range 3 {
|
||||||
|
if t, ok := randomAdjacentSingle(b, size, rng); ok {
|
||||||
|
record([]scrabble.Placement{t})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// On the empty board, an off-centre translation of the first move exercises the
|
||||||
|
// first-move centre rule.
|
||||||
|
if b.IsEmpty() {
|
||||||
|
shifted := clonePlacements(top.Tiles)
|
||||||
|
ok := true
|
||||||
|
for i := range shifted {
|
||||||
|
shifted[i].Row++
|
||||||
|
shifted[i].Col++
|
||||||
|
if !b.InBounds(shifted[i].Row, shifted[i].Col) {
|
||||||
|
ok = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
record(shifted)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// makeFixture validates a candidate against board b and serializes it with its
|
||||||
|
// ground truth. Word breakdown is recorded only for legal plays (the TS test
|
||||||
|
// checks words only then); an illegal play records legal=false alone.
|
||||||
|
func makeFixture(solver *scrabble.Solver, opts scrabble.PlayOptions, b *board.Board, boardIdx int, tiles []scrabble.Placement) fixture {
|
||||||
|
// Infer the orientation exactly as the backend evaluate does (dir-less), so the
|
||||||
|
// fixture matches the real eval path and pins the client's ported inference.
|
||||||
|
dir := playDirectionMirror(solver, b, tiles, opts)
|
||||||
|
fx := fixture{
|
||||||
|
Board: boardIdx,
|
||||||
|
Dir: int(dir),
|
||||||
|
IgnoreCrossWords: opts.IgnoreCrossWords,
|
||||||
|
Tiles: placementCells(tiles),
|
||||||
|
}
|
||||||
|
m, err := solver.ValidatePlayOpts(b, dir, tiles, opts)
|
||||||
|
if err == nil {
|
||||||
|
fx.Legal = true
|
||||||
|
fx.Score = m.Score
|
||||||
|
fx.Bonus = m.Bonus
|
||||||
|
fx.Main = toWord(m.Main)
|
||||||
|
for _, cw := range m.Cross {
|
||||||
|
fx.Cross = append(fx.Cross, *toWord(cw))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fx
|
||||||
|
}
|
||||||
|
|
||||||
|
func placementCells(ts []scrabble.Placement) []cell {
|
||||||
|
cs := make([]cell, len(ts))
|
||||||
|
for i, t := range ts {
|
||||||
|
cs[i] = cell{R: t.Row, C: t.Col, Letter: int(t.Letter), Blank: t.Blank}
|
||||||
|
}
|
||||||
|
return cs
|
||||||
|
}
|
||||||
|
|
||||||
|
func toWord(w scrabble.Word) *word {
|
||||||
|
letters := make([]int, len(w.Letters))
|
||||||
|
for i, l := range w.Letters {
|
||||||
|
letters[i] = int(l)
|
||||||
|
}
|
||||||
|
return &word{
|
||||||
|
Row: w.Row, Col: w.Col, Dir: int(w.Dir),
|
||||||
|
Letters: letters, Blanks: append([]bool(nil), w.Blanks...), Score: w.Score,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func alphabetOf(rs *rules.Ruleset) []alphaEntry {
|
||||||
|
n := rs.Alphabet.Size()
|
||||||
|
out := make([]alphaEntry, n)
|
||||||
|
for i := range n {
|
||||||
|
ch, _ := rs.Alphabet.Character(byte(i))
|
||||||
|
out[i] = alphaEntry{Index: i, Letter: ch, Value: rs.Values[i]}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
func premiumCodes(rs *rules.Ruleset) []int {
|
||||||
|
codes := make([]int, rs.Rows*rs.Cols)
|
||||||
|
for i := range codes {
|
||||||
|
codes[i] = int(rs.PremiumAt(i))
|
||||||
|
}
|
||||||
|
return codes
|
||||||
|
}
|
||||||
|
|
||||||
|
func boardCells(b *board.Board) []cell {
|
||||||
|
var cs []cell
|
||||||
|
for r := 0; r < b.Rows(); r++ {
|
||||||
|
for c := 0; c < b.Cols(); c++ {
|
||||||
|
if b.Filled(r, c) {
|
||||||
|
v := b.At(r, c)
|
||||||
|
cs = append(cs, cell{R: r, C: c, Letter: int(v&0x3f) - 1, Blank: v&0x80 != 0})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return cs
|
||||||
|
}
|
||||||
|
|
||||||
|
func clonePlacements(ts []scrabble.Placement) []scrabble.Placement {
|
||||||
|
return append([]scrabble.Placement(nil), ts...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// randomScatter picks n distinct empty in-bounds squares with random letters.
|
||||||
|
func randomScatter(b *board.Board, size, n int, rng *rand.Rand) []scrabble.Placement {
|
||||||
|
seen := map[[2]int]bool{}
|
||||||
|
var ts []scrabble.Placement
|
||||||
|
for tries := 0; tries < n*20 && len(ts) < n; tries++ {
|
||||||
|
r := rng.Intn(b.Rows())
|
||||||
|
c := rng.Intn(b.Cols())
|
||||||
|
if seen[[2]int{r, c}] || b.Filled(r, c) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
seen[[2]int{r, c}] = true
|
||||||
|
ts = append(ts, scrabble.Placement{Row: r, Col: c, Letter: byte(rng.Intn(size)), Blank: rng.Intn(10) == 0})
|
||||||
|
}
|
||||||
|
return ts
|
||||||
|
}
|
||||||
|
|
||||||
|
// randomAdjacentSingle picks a random empty in-bounds square abutting at least one
|
||||||
|
// filled square, with a random letter — a single-tile play whose orientation the
|
||||||
|
// inference must resolve. It returns ok=false on an empty board.
|
||||||
|
func randomAdjacentSingle(b *board.Board, size int, rng *rand.Rand) (scrabble.Placement, bool) {
|
||||||
|
var cands [][2]int
|
||||||
|
for r := 0; r < b.Rows(); r++ {
|
||||||
|
for c := 0; c < b.Cols(); c++ {
|
||||||
|
if b.Filled(r, c) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if b.Filled(r-1, c) || b.Filled(r+1, c) || b.Filled(r, c-1) || b.Filled(r, c+1) {
|
||||||
|
cands = append(cands, [2]int{r, c})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(cands) == 0 {
|
||||||
|
return scrabble.Placement{}, false
|
||||||
|
}
|
||||||
|
rc := cands[rng.Intn(len(cands))]
|
||||||
|
return scrabble.Placement{Row: rc[0], Col: rc[1], Letter: byte(rng.Intn(size)), Blank: rng.Intn(10) == 0}, true
|
||||||
|
}
|
||||||
|
|
||||||
|
// playDirectionMirror mirrors engine (*Game).playDirection: the geometric
|
||||||
|
// resolution, except a single tile under the single-word rule tries both
|
||||||
|
// orientations through the solver and keeps the higher-scoring legal one (H wins
|
||||||
|
// ties). It reproduces the orientation the backend evaluate infers.
|
||||||
|
func playDirectionMirror(solver *scrabble.Solver, b *board.Board, placements []scrabble.Placement, opts scrabble.PlayOptions) scrabble.Direction {
|
||||||
|
geo := resolveDirectionMirror(b, placements)
|
||||||
|
if len(placements) != 1 || !opts.IgnoreCrossWords {
|
||||||
|
return geo
|
||||||
|
}
|
||||||
|
best, found, bestScore := geo, false, 0
|
||||||
|
for _, dir := range [...]scrabble.Direction{scrabble.Horizontal, scrabble.Vertical} {
|
||||||
|
m, err := solver.ValidatePlayOpts(b, dir, placements, opts)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if !found || m.Score > bestScore {
|
||||||
|
best, found, bestScore = dir, true, m.Score
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return best
|
||||||
|
}
|
||||||
|
|
||||||
|
// resolveDirectionMirror mirrors engine.resolveDirection.
|
||||||
|
func resolveDirectionMirror(b *board.Board, placements []scrabble.Placement) scrabble.Direction {
|
||||||
|
if len(placements) >= 2 {
|
||||||
|
row := placements[0].Row
|
||||||
|
for _, p := range placements[1:] {
|
||||||
|
if p.Row != row {
|
||||||
|
return scrabble.Vertical
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return scrabble.Horizontal
|
||||||
|
}
|
||||||
|
if len(placements) == 1 {
|
||||||
|
p := placements[0]
|
||||||
|
h := runLengthMirror(b, p.Row, p.Col, scrabble.Horizontal)
|
||||||
|
v := runLengthMirror(b, p.Row, p.Col, scrabble.Vertical)
|
||||||
|
if v >= 2 && v > h {
|
||||||
|
return scrabble.Vertical
|
||||||
|
}
|
||||||
|
if h >= 2 {
|
||||||
|
return scrabble.Horizontal
|
||||||
|
}
|
||||||
|
if v >= 2 {
|
||||||
|
return scrabble.Vertical
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return scrabble.Horizontal
|
||||||
|
}
|
||||||
|
|
||||||
|
// runLengthMirror mirrors engine.runLength.
|
||||||
|
func runLengthMirror(b *board.Board, row, col int, dir scrabble.Direction) int {
|
||||||
|
dr, dc := 0, 1
|
||||||
|
if dir == scrabble.Vertical {
|
||||||
|
dr, dc = 1, 0
|
||||||
|
}
|
||||||
|
n := 1
|
||||||
|
for r, c := row-dr, col-dc; b.Filled(r, c); r, c = r-dr, c-dc {
|
||||||
|
n++
|
||||||
|
}
|
||||||
|
for r, c := row+dr, col+dc; b.Filled(r, c); r, c = r+dr, c+dc {
|
||||||
|
n++
|
||||||
|
}
|
||||||
|
return n
|
||||||
|
}
|
||||||
|
|
||||||
|
// rackOf builds a generation rack from a hand of tiles (reimplemented from the
|
||||||
|
// unexported selfplay helper).
|
||||||
|
func rackOf(tiles []byte, size int) rack.Rack {
|
||||||
|
r := rack.New(size)
|
||||||
|
for _, t := range tiles {
|
||||||
|
if t == blankTile {
|
||||||
|
r.AddBlank()
|
||||||
|
} else {
|
||||||
|
r.Add(t)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return r
|
||||||
|
}
|
||||||
|
|
||||||
|
// removeUsed returns the hand with the tiles consumed by m removed.
|
||||||
|
func removeUsed(tiles []byte, m scrabble.Move) []byte {
|
||||||
|
out := append([]byte(nil), tiles...)
|
||||||
|
for _, p := range m.Tiles {
|
||||||
|
want := p.Letter
|
||||||
|
if p.Blank {
|
||||||
|
want = blankTile
|
||||||
|
}
|
||||||
|
for i, t := range out {
|
||||||
|
if t == want {
|
||||||
|
out = append(out[:i], out[i+1:]...)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
func boolseed(b bool) int64 {
|
||||||
|
if b {
|
||||||
|
return 500000
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
func variantSeed(name string) int64 {
|
||||||
|
var s int64
|
||||||
|
for _, r := range name {
|
||||||
|
s = s*131 + int64(r)
|
||||||
|
}
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
func fail(format string, args ...any) {
|
||||||
|
fmt.Fprintf(os.Stderr, "validategen: "+format+"\n", args...)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
@@ -13,6 +13,7 @@ require (
|
|||||||
github.com/pressly/goose/v3 v3.27.1
|
github.com/pressly/goose/v3 v3.27.1
|
||||||
github.com/testcontainers/testcontainers-go v0.42.0
|
github.com/testcontainers/testcontainers-go v0.42.0
|
||||||
github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
|
github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
|
||||||
|
github.com/wneessen/go-mail v0.7.3
|
||||||
go.opentelemetry.io/otel v1.43.0
|
go.opentelemetry.io/otel v1.43.0
|
||||||
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0
|
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0
|
||||||
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
|
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
|
||||||
@@ -109,7 +110,7 @@ require (
|
|||||||
golang.org/x/net v0.53.0 // indirect
|
golang.org/x/net v0.53.0 // indirect
|
||||||
golang.org/x/sync v0.20.0 // indirect
|
golang.org/x/sync v0.20.0 // indirect
|
||||||
golang.org/x/sys v0.43.0 // indirect
|
golang.org/x/sys v0.43.0 // indirect
|
||||||
golang.org/x/text v0.36.0 // indirect
|
golang.org/x/text v0.37.0 // indirect
|
||||||
google.golang.org/grpc v1.80.0
|
google.golang.org/grpc v1.80.0
|
||||||
google.golang.org/protobuf v1.36.11 // indirect
|
google.golang.org/protobuf v1.36.11 // indirect
|
||||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||||
|
|||||||
@@ -279,6 +279,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
|
|||||||
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
|
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
|
||||||
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
|
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
|
||||||
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
|
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
|
||||||
|
github.com/wneessen/go-mail v0.7.3 h1:g3DravXC5SMlVdboFrQA8Jx95A8sOzoBeS5F+vzNRK0=
|
||||||
|
github.com/wneessen/go-mail v0.7.3/go.mod h1:QGhBX0yNbc1J+Mkjcu7z2rpj4B4l+BmDY8gYznPC9sk=
|
||||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||||
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
|
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
|
||||||
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
|
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
|
||||||
@@ -400,6 +402,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
|||||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||||
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
|
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
|
||||||
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
|
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
|
||||||
|
golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
|
||||||
|
golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
|
||||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ import (
|
|||||||
"database/sql"
|
"database/sql"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"math/rand/v2"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -43,9 +44,7 @@ var ErrNotFound = errors.New("account: not found")
|
|||||||
// local-time window (in TimeZone) during which the player is asleep, so the
|
// local-time window (in TimeZone) during which the player is asleep, so the
|
||||||
// turn-timeout sweeper does not auto-resign them inside it. (The robot opponent's
|
// turn-timeout sweeper does not auto-resign them inside it. (The robot opponent's
|
||||||
// own sleep is anchored to its human opponent's timezone with a per-game drift,
|
// own sleep is anchored to its human opponent's timezone with a per-game drift,
|
||||||
// computed in internal/robot, not from a robot account's away window.) HintBalance
|
// computed in internal/robot, not from a robot account's away window.)
|
||||||
// is the player's wallet of purchasable hints, spent after a game's per-seat
|
|
||||||
// allowance.
|
|
||||||
type Account struct {
|
type Account struct {
|
||||||
ID uuid.UUID
|
ID uuid.UUID
|
||||||
DisplayName string
|
DisplayName string
|
||||||
@@ -53,7 +52,6 @@ type Account struct {
|
|||||||
TimeZone string
|
TimeZone string
|
||||||
AwayStart time.Time
|
AwayStart time.Time
|
||||||
AwayEnd time.Time
|
AwayEnd time.Time
|
||||||
HintBalance int
|
|
||||||
BlockChat bool
|
BlockChat bool
|
||||||
BlockFriendRequests bool
|
BlockFriendRequests bool
|
||||||
// VariantPreferences is the set of game variants (engine.Variant stable labels:
|
// VariantPreferences is the set of game variants (engine.Variant stable labels:
|
||||||
@@ -69,10 +67,6 @@ type Account struct {
|
|||||||
// true (the default): the platform side-service skips out-of-app push for the
|
// true (the default): the platform side-service skips out-of-app push for the
|
||||||
// account.
|
// account.
|
||||||
NotificationsInAppOnly bool
|
NotificationsInAppOnly bool
|
||||||
// PaidAccount marks a lifetime one-time-payment account. It is a service field
|
|
||||||
// (no purchase flow yet); an account linking & merge ORs it so a paid status is
|
|
||||||
// never lost when accounts are consolidated.
|
|
||||||
PaidAccount bool
|
|
||||||
// MergedInto is the primary account a retired (merged) secondary points at, or
|
// MergedInto is the primary account a retired (merged) secondary points at, or
|
||||||
// uuid.Nil for a live account. A tombstone keeps the row so the no-cascade
|
// uuid.Nil for a live account. A tombstone keeps the row so the no-cascade
|
||||||
// foreign keys of a shared finished game stay valid.
|
// foreign keys of a shared finished game stay valid.
|
||||||
@@ -121,13 +115,44 @@ func (s *Store) ProvisionByIdentity(ctx context.Context, kind, externalID string
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ProvisionEmail returns the account owning the email identity externalID, creating
|
// ProvisionEmail returns the account owning the email identity externalID, creating
|
||||||
// it (unconfirmed) on first contact with browserTZ — the client's detected "±HH:MM"
|
// it on first contact with browserTZ — the client's detected "±HH:MM" UTC offset —
|
||||||
// UTC offset — seeded into its time zone. Like ProvisionByIdentity it is race-safe
|
// seeded into its time zone, language seeded from the client's UI language, and its
|
||||||
// and leaves an existing account untouched, so a returning user's saved zone is never
|
// display name seeded from the email's local part (so it is not left nameless). Like
|
||||||
// overwritten. The email account is created here (the code-request step), not at the
|
// ProvisionByIdentity it is race-safe and leaves an existing account untouched, so a
|
||||||
// later login, so this is where its zone is seeded.
|
// returning user's saved zone, language and name are never overwritten. The email account is
|
||||||
func (s *Store) ProvisionEmail(ctx context.Context, externalID, browserTZ string) (Account, error) {
|
// created here (the code-request step), not at the later login, so this is where its
|
||||||
return s.provision(ctx, KindEmail, externalID, provisionSeed{timeZone: seedZone(browserTZ)})
|
// zone and language are seeded. It is created flagged is_guest with an unconfirmed
|
||||||
|
// email identity: an abandoned, never-confirmed login is then reaped like any guest,
|
||||||
|
// freeing the reserved address, and confirming the code clears the guest flag.
|
||||||
|
func (s *Store) ProvisionEmail(ctx context.Context, externalID, browserTZ, language string) (Account, error) {
|
||||||
|
return s.provision(ctx, KindEmail, externalID, provisionSeed{
|
||||||
|
displayName: emailDisplayName(externalID),
|
||||||
|
timeZone: seedZone(browserTZ),
|
||||||
|
preferredLanguage: supportedLanguage(language),
|
||||||
|
isGuest: true,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// emailDisplayName derives a display name from an email address — the local part
|
||||||
|
// before '@', trimmed and capped to the column width — so a new email account is not
|
||||||
|
// left nameless. It is only the first-contact seed; the user can rename it later.
|
||||||
|
func emailDisplayName(email string) string {
|
||||||
|
local, _, _ := strings.Cut(email, "@")
|
||||||
|
local = strings.TrimSpace(local)
|
||||||
|
if r := []rune(local); len(r) > maxDisplayName {
|
||||||
|
local = strings.TrimRight(string(r[:maxDisplayName]), " ")
|
||||||
|
}
|
||||||
|
return local
|
||||||
|
}
|
||||||
|
|
||||||
|
// supportedLanguage returns code normalised to a supported UI language ("en" or
|
||||||
|
// "ru"), or "" when it maps to neither, so a new account keeps the 'en' default. It
|
||||||
|
// accepts region-tagged codes ("ru-RU").
|
||||||
|
func supportedLanguage(code string) string {
|
||||||
|
if lang, _, _ := strings.Cut(strings.ToLower(strings.TrimSpace(code)), "-"); lang == "en" || lang == "ru" {
|
||||||
|
return lang
|
||||||
|
}
|
||||||
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// ProvisionRobot provisions (or finds) the durable account backing a robot pool
|
// ProvisionRobot provisions (or finds) the durable account backing a robot pool
|
||||||
@@ -239,6 +264,11 @@ type provisionSeed struct {
|
|||||||
preferredLanguage string
|
preferredLanguage string
|
||||||
displayName string
|
displayName string
|
||||||
timeZone string
|
timeZone string
|
||||||
|
// isGuest creates the account flagged is_guest. It is set for an email-login
|
||||||
|
// account, which stays a guest until the address is confirmed (so an abandoned,
|
||||||
|
// never-confirmed login is reaped and its address freed); confirming clears the
|
||||||
|
// flag. Platform identities (telegram/vk) are durable from creation.
|
||||||
|
isGuest bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// seedZone returns browserTZ when it is a well-formed zone to persist at account
|
// seedZone returns browserTZ when it is a well-formed zone to persist at account
|
||||||
@@ -357,6 +387,21 @@ func (s *Store) Identities(ctx context.Context, accountID uuid.UUID) ([]Identity
|
|||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HasConfirmedEmail reports whether the account owns a confirmed email identity — the direct-rail
|
||||||
|
// recovery anchor a first purchase requires (D36).
|
||||||
|
func (s *Store) HasConfirmedEmail(ctx context.Context, accountID uuid.UUID) (bool, error) {
|
||||||
|
ids, err := s.Identities(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
for _, id := range ids {
|
||||||
|
if id.Kind == "email" && id.Confirmed {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// ListAccounts returns accounts for the admin user list, newest first, paginated
|
// ListAccounts returns accounts for the admin user list, newest first, paginated
|
||||||
// by limit and offset.
|
// by limit and offset.
|
||||||
func (s *Store) ListAccounts(ctx context.Context, limit, offset int) ([]Account, error) {
|
func (s *Store) ListAccounts(ctx context.Context, limit, offset int) ([]Account, error) {
|
||||||
@@ -447,8 +492,8 @@ func (s *Store) create(ctx context.Context, kind, externalID string, seed provis
|
|||||||
tz = "UTC"
|
tz = "UTC"
|
||||||
}
|
}
|
||||||
insertAccount := table.Accounts.
|
insertAccount := table.Accounts.
|
||||||
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.PreferredLanguage, table.Accounts.TimeZone).
|
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.PreferredLanguage, table.Accounts.TimeZone, table.Accounts.IsGuest).
|
||||||
VALUES(accountID, seed.displayName, lang, tz).
|
VALUES(accountID, seed.displayName, lang, tz, seed.isGuest).
|
||||||
RETURNING(table.Accounts.AllColumns)
|
RETURNING(table.Accounts.AllColumns)
|
||||||
|
|
||||||
var row model.Accounts
|
var row model.Accounts
|
||||||
@@ -481,8 +526,13 @@ func (s *Store) create(ctx context.Context, kind, externalID string, seed provis
|
|||||||
return created, nil
|
return created, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// guestDisplayName is the display name stamped on a freshly provisioned guest.
|
// guestDisplayName mints the display name stamped on a freshly provisioned guest: "Guest" plus a
|
||||||
const guestDisplayName = "Guest"
|
// random six-digit suffix (e.g. "Guest042317"), so a guest is distinguishable to opponents — in a
|
||||||
|
// random match the other player sees a distinct name rather than every guest reading a bare
|
||||||
|
// "Guest". Not an identifier and not unique (collisions are harmless — it is a label only).
|
||||||
|
func guestDisplayName() string {
|
||||||
|
return fmt.Sprintf("Guest%06d", rand.IntN(1_000_000))
|
||||||
|
}
|
||||||
|
|
||||||
// ProvisionGuest creates a fresh ephemeral guest account: a durable row carrying
|
// ProvisionGuest creates a fresh ephemeral guest account: a durable row carrying
|
||||||
// no identity, flagged is_guest, so it can hold a session and a game seat (both
|
// no identity, flagged is_guest, so it can hold a session and a game seat (both
|
||||||
@@ -490,7 +540,7 @@ const guestDisplayName = "Guest"
|
|||||||
// and history. Guests are not reused — each bootstrap mints a new account. browserTZ
|
// and history. Guests are not reused — each bootstrap mints a new account. browserTZ
|
||||||
// (the client's detected "±HH:MM" UTC offset) seeds the guest's time zone, falling
|
// (the client's detected "±HH:MM" UTC offset) seeds the guest's time zone, falling
|
||||||
// back to the 'UTC' default when empty or malformed.
|
// back to the 'UTC' default when empty or malformed.
|
||||||
func (s *Store) ProvisionGuest(ctx context.Context, browserTZ string) (Account, error) {
|
func (s *Store) ProvisionGuest(ctx context.Context, browserTZ, language string) (Account, error) {
|
||||||
accountID, err := uuid.NewV7()
|
accountID, err := uuid.NewV7()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return Account{}, fmt.Errorf("account: new guest id: %w", err)
|
return Account{}, fmt.Errorf("account: new guest id: %w", err)
|
||||||
@@ -499,9 +549,17 @@ func (s *Store) ProvisionGuest(ctx context.Context, browserTZ string) (Account,
|
|||||||
if tz == "" {
|
if tz == "" {
|
||||||
tz = "UTC"
|
tz = "UTC"
|
||||||
}
|
}
|
||||||
|
// Seed the interface language from the client's detected locale (validated to a supported
|
||||||
|
// one), so a fresh guest's language-dependent server content — the ad banner, bot messages —
|
||||||
|
// is right from first contact rather than the 'en' column default until the client's later
|
||||||
|
// language reconcile catches up. An unsupported or absent code keeps the 'en' default.
|
||||||
|
lang := supportedLanguage(language)
|
||||||
|
if lang == "" {
|
||||||
|
lang = "en"
|
||||||
|
}
|
||||||
stmt := table.Accounts.
|
stmt := table.Accounts.
|
||||||
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.IsGuest, table.Accounts.TimeZone).
|
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.IsGuest, table.Accounts.TimeZone, table.Accounts.PreferredLanguage).
|
||||||
VALUES(accountID, guestDisplayName, true, tz).
|
VALUES(accountID, guestDisplayName(), true, tz, lang).
|
||||||
RETURNING(table.Accounts.AllColumns)
|
RETURNING(table.Accounts.AllColumns)
|
||||||
|
|
||||||
var row model.Accounts
|
var row model.Accounts
|
||||||
@@ -512,52 +570,6 @@ func (s *Store) ProvisionGuest(ctx context.Context, browserTZ string) (Account,
|
|||||||
return modelToAccount(row), nil
|
return modelToAccount(row), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SpendHint atomically decrements the account's hint wallet by one, returning
|
|
||||||
// true when a hint was spent and false when the balance was already empty. The
|
|
||||||
// guarded UPDATE keeps it safe under concurrent spends across the player's games.
|
|
||||||
func (s *Store) SpendHint(ctx context.Context, id uuid.UUID) (bool, error) {
|
|
||||||
stmt := table.Accounts.
|
|
||||||
UPDATE(table.Accounts.HintBalance, table.Accounts.UpdatedAt).
|
|
||||||
SET(table.Accounts.HintBalance.SUB(postgres.Int(1)), postgres.TimestampzT(time.Now().UTC())).
|
|
||||||
WHERE(
|
|
||||||
table.Accounts.AccountID.EQ(postgres.UUID(id)).
|
|
||||||
AND(table.Accounts.HintBalance.GT(postgres.Int(0))),
|
|
||||||
)
|
|
||||||
res, err := stmt.ExecContext(ctx, s.db)
|
|
||||||
if err != nil {
|
|
||||||
return false, fmt.Errorf("account: spend hint %s: %w", id, err)
|
|
||||||
}
|
|
||||||
n, err := res.RowsAffected()
|
|
||||||
if err != nil {
|
|
||||||
return false, fmt.Errorf("account: spend hint rows %s: %w", id, err)
|
|
||||||
}
|
|
||||||
return n > 0, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// GrantHints adds n hints to the account's wallet and returns the new balance. n must be
|
|
||||||
// positive: the additive update can only raise the balance, never lower it, so it enforces the
|
|
||||||
// admin console's raise-only rule by construction and stays correct under a concurrent SpendHint.
|
|
||||||
// It returns ErrNotFound when no account matches.
|
|
||||||
func (s *Store) GrantHints(ctx context.Context, id uuid.UUID, n int) (int, error) {
|
|
||||||
if n <= 0 {
|
|
||||||
return 0, fmt.Errorf("account: grant hints %s: n must be positive, got %d", id, n)
|
|
||||||
}
|
|
||||||
stmt := table.Accounts.
|
|
||||||
UPDATE(table.Accounts.HintBalance, table.Accounts.UpdatedAt).
|
|
||||||
SET(table.Accounts.HintBalance.ADD(postgres.Int(int64(n))), postgres.TimestampzT(time.Now().UTC())).
|
|
||||||
WHERE(table.Accounts.AccountID.EQ(postgres.UUID(id))).
|
|
||||||
RETURNING(table.Accounts.HintBalance)
|
|
||||||
|
|
||||||
var row model.Accounts
|
|
||||||
if err := stmt.QueryContext(ctx, s.db, &row); err != nil {
|
|
||||||
if errors.Is(err, qrm.ErrNoRows) {
|
|
||||||
return 0, ErrNotFound
|
|
||||||
}
|
|
||||||
return 0, fmt.Errorf("account: grant hints %s: %w", id, err)
|
|
||||||
}
|
|
||||||
return int(row.HintBalance), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// FlagHighRate stamps the soft "suspected high-rate" marker with at, only when
|
// FlagHighRate stamps the soft "suspected high-rate" marker with at, only when
|
||||||
// the account is not already flagged — the first sustained episode wins, and a
|
// the account is not already flagged — the first sustained episode wins, and a
|
||||||
// re-flag after an operator clear starts a fresh timestamp. An infra marker, not
|
// re-flag after an operator clear starts a fresh timestamp. An infra marker, not
|
||||||
@@ -613,12 +625,10 @@ func modelToAccount(row model.Accounts) Account {
|
|||||||
TimeZone: row.TimeZone,
|
TimeZone: row.TimeZone,
|
||||||
AwayStart: row.AwayStart,
|
AwayStart: row.AwayStart,
|
||||||
AwayEnd: row.AwayEnd,
|
AwayEnd: row.AwayEnd,
|
||||||
HintBalance: int(row.HintBalance),
|
|
||||||
BlockChat: row.BlockChat,
|
BlockChat: row.BlockChat,
|
||||||
BlockFriendRequests: row.BlockFriendRequests,
|
BlockFriendRequests: row.BlockFriendRequests,
|
||||||
IsGuest: row.IsGuest,
|
IsGuest: row.IsGuest,
|
||||||
NotificationsInAppOnly: row.NotificationsInAppOnly,
|
NotificationsInAppOnly: row.NotificationsInAppOnly,
|
||||||
PaidAccount: row.PaidAccount,
|
|
||||||
MergedInto: mergedInto,
|
MergedInto: mergedInto,
|
||||||
FlaggedHighRateAt: flaggedHighRateAt,
|
FlaggedHighRateAt: flaggedHighRateAt,
|
||||||
CreatedAt: row.CreatedAt,
|
CreatedAt: row.CreatedAt,
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
crand "crypto/rand"
|
crand "crypto/rand"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"encoding/base64"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
@@ -26,6 +27,22 @@ const (
|
|||||||
emailCodeTTL = 15 * time.Minute
|
emailCodeTTL = 15 * time.Minute
|
||||||
// emailCodeMaxAttempts caps wrong-code submissions before a code is dead.
|
// emailCodeMaxAttempts caps wrong-code submissions before a code is dead.
|
||||||
emailCodeMaxAttempts = 5
|
emailCodeMaxAttempts = 5
|
||||||
|
// linkTokenBytes is the entropy of a confirm deeplink token: 256 bits.
|
||||||
|
linkTokenBytes = 32
|
||||||
|
// emailConfirmPath is the SPA route the one-tap confirm deeplink opens (the token
|
||||||
|
// is appended). The SPA is served under /app/ behind a hash router.
|
||||||
|
emailConfirmPath = "/app/#/confirm/"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Confirmation purposes recorded on a pending confirm-code row. They select what
|
||||||
|
// verifying the code or the deeplink token does: sign in (login), link/confirm the
|
||||||
|
// address on the current account (link), or replace the account's confirmed email with
|
||||||
|
// a new address (change). Account deletion adds a further purpose in a later stage.
|
||||||
|
const (
|
||||||
|
purposeLogin = "login"
|
||||||
|
purposeLink = "link"
|
||||||
|
purposeChange = "change"
|
||||||
|
purposeDelete = "delete"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Errors returned by the email confirm-code flow.
|
// Errors returned by the email confirm-code flow.
|
||||||
@@ -46,6 +63,12 @@ var (
|
|||||||
ErrTooManyAttempts = errors.New("account: too many confirmation attempts")
|
ErrTooManyAttempts = errors.New("account: too many confirmation attempts")
|
||||||
// ErrCodeMismatch is returned when the submitted code does not match.
|
// ErrCodeMismatch is returned when the submitted code does not match.
|
||||||
ErrCodeMismatch = errors.New("account: confirmation code does not match")
|
ErrCodeMismatch = errors.New("account: confirmation code does not match")
|
||||||
|
// ErrTooManyRequests is returned when confirm-code sends to an address are being
|
||||||
|
// requested too frequently (the resend cooldown or the rolling-hour cap).
|
||||||
|
ErrTooManyRequests = errors.New("account: too many code requests")
|
||||||
|
// ErrNoEmail is returned when an email-code step-up is requested for an account that
|
||||||
|
// holds no confirmed email (the caller must use the typed-phrase path instead).
|
||||||
|
ErrNoEmail = errors.New("account: no confirmed email")
|
||||||
)
|
)
|
||||||
|
|
||||||
// EmailService runs the email confirm-code flow: it issues a 6-digit code over a
|
// EmailService runs the email confirm-code flow: it issues a 6-digit code over a
|
||||||
@@ -55,14 +78,82 @@ var (
|
|||||||
// account is refused (ErrEmailTaken) — merging two accounts is the link/merge flow —
|
// account is refused (ErrEmailTaken) — merging two accounts is the link/merge flow —
|
||||||
// and using an email as a login reuses this mechanism.
|
// and using an email as a login reuses this mechanism.
|
||||||
type EmailService struct {
|
type EmailService struct {
|
||||||
store *Store
|
store *Store
|
||||||
mailer Mailer
|
mailer Mailer
|
||||||
now func() time.Time
|
baseURL string
|
||||||
|
limiter *SendLimiter
|
||||||
|
now func() time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewEmailService constructs an EmailService over store, sending via mailer.
|
// NewEmailService constructs an EmailService over store, sending via mailer. baseURL
|
||||||
func NewEmailService(store *Store, mailer Mailer) *EmailService {
|
// is the canonical public origin (scheme + host) used to build the one-tap confirm
|
||||||
return &EmailService{store: store, mailer: mailer, now: func() time.Time { return time.Now().UTC() }}
|
// deeplink and the email footer landing link; an empty baseURL omits the deeplink
|
||||||
|
// (development / log mailer).
|
||||||
|
func NewEmailService(store *Store, mailer Mailer, baseURL string) *EmailService {
|
||||||
|
return &EmailService{store: store, mailer: mailer, baseURL: baseURL, now: func() time.Time { return time.Now().UTC() }}
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetSendLimiter installs a per-recipient send throttle. When unset (nil), sends are
|
||||||
|
// not throttled — production wires a limiter; tests leave it off.
|
||||||
|
func (s *EmailService) SetSendLimiter(l *SendLimiter) { s.limiter = l }
|
||||||
|
|
||||||
|
// allowSend reports whether a confirm-code send to email is permitted now, recording
|
||||||
|
// it when so. A nil limiter permits every send.
|
||||||
|
func (s *EmailService) allowSend(email string) bool {
|
||||||
|
return s.limiter == nil || s.limiter.Allow(email)
|
||||||
|
}
|
||||||
|
|
||||||
|
// issueCode generates a fresh confirm-code and one-tap deeplink token for (accountID,
|
||||||
|
// email), replaces any prior pending confirmation, and mails the branded code in
|
||||||
|
// locale; purpose selects the email wording and what verifying does. omitLink drops the
|
||||||
|
// one-tap deeplink from the email (account deletion, or a login requested from an installed
|
||||||
|
// PWA). Only the SHA-256 hashes of the code and token are stored.
|
||||||
|
func (s *EmailService) issueCode(ctx context.Context, accountID uuid.UUID, email, purpose, locale string, omitLink bool) error {
|
||||||
|
code, codeHash, err := generateCode()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
token, tokenHash, err := generateLinkToken()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := s.store.replacePendingConfirmation(ctx, accountID, email, codeHash, tokenHash, purpose, s.now().Add(emailCodeTTL)); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// Omit the one-tap deeplink when asked: for a login from an installed PWA (the link would
|
||||||
|
// open in a separate browser whose minted session cannot reach the PWA), or for account
|
||||||
|
// deletion (a prefetch or stray click must not delete an account — the delete code is entered
|
||||||
|
// in the app only, and ConfirmByToken refuses a delete token).
|
||||||
|
deeplink := s.confirmURL(token, locale)
|
||||||
|
if purpose == purposeDelete || omitLink {
|
||||||
|
deeplink = ""
|
||||||
|
}
|
||||||
|
msg, err := renderConfirmationEmail(purpose, code, deeplink, s.baseURL, locale)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
msg.To = email
|
||||||
|
return s.mailer.Send(ctx, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmURL builds the absolute one-tap confirm deeplink for token in locale, or ""
|
||||||
|
// when no public base URL is configured. The locale rides the fragment as ?lang so the
|
||||||
|
// confirm screen (opened in a browser with no session) renders in the email's language.
|
||||||
|
func (s *EmailService) confirmURL(token, locale string) string {
|
||||||
|
if s.baseURL == "" {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return strings.TrimRight(s.baseURL, "/") + emailConfirmPath + token + "?lang=" + normalizeLocale(locale)
|
||||||
|
}
|
||||||
|
|
||||||
|
// accountLocale returns the account's preferred UI language for localising email,
|
||||||
|
// defaulting to "en" when the account cannot be loaded.
|
||||||
|
func (s *EmailService) accountLocale(ctx context.Context, accountID uuid.UUID) string {
|
||||||
|
acc, err := s.store.GetByID(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return "en"
|
||||||
|
}
|
||||||
|
return acc.PreferredLanguage
|
||||||
}
|
}
|
||||||
|
|
||||||
// RequestCode issues a fresh confirm-code for email to accountID and mails it,
|
// RequestCode issues a fresh confirm-code for email to accountID and mails it,
|
||||||
@@ -73,6 +164,9 @@ func (s *EmailService) RequestCode(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if !s.allowSend(addr) {
|
||||||
|
return ErrTooManyRequests
|
||||||
|
}
|
||||||
owner, ok, err := s.store.confirmedEmailAccount(ctx, addr)
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, addr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -83,16 +177,7 @@ func (s *EmailService) RequestCode(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
}
|
}
|
||||||
return ErrEmailTaken
|
return ErrEmailTaken
|
||||||
}
|
}
|
||||||
code, hash, err := generateCode()
|
return s.issueCode(ctx, accountID, addr, purposeLink, s.accountLocale(ctx, accountID), false)
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.store.replacePendingConfirmation(ctx, accountID, addr, hash, s.now().Add(emailCodeTTL)); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
subject := "Your Scrabble confirmation code"
|
|
||||||
body := fmt.Sprintf("Your confirmation code is %s. It expires in %d minutes.", code, int(emailCodeTTL/time.Minute))
|
|
||||||
return s.mailer.Send(ctx, addr, subject, body)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfirmCode verifies code for accountID and email. On success it attaches a
|
// ConfirmCode verifies code for accountID and email. On success it attaches a
|
||||||
@@ -123,36 +208,38 @@ func (s *EmailService) ConfirmCode(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
if err := s.store.confirmEmailIdentity(ctx, conf.id, accountID, addr, s.now()); err != nil {
|
if err := s.store.confirmEmailIdentity(ctx, conf.id, accountID, addr, s.now()); err != nil {
|
||||||
return Account{}, err
|
return Account{}, err
|
||||||
}
|
}
|
||||||
|
// Binding the first confirmed email promotes a guest to a durable account, matching the
|
||||||
|
// link and deeplink flows (defence-in-depth: no confirmed-email path leaves is_guest set).
|
||||||
|
if err := s.store.ClearGuest(ctx, accountID); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
return s.store.GetByID(ctx, accountID)
|
return s.store.GetByID(ctx, accountID)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RequestLoginCode issues a login confirm-code to the account that owns email,
|
// RequestLoginCode issues a login confirm-code to the account that owns email,
|
||||||
// provisioning a fresh (unconfirmed) durable account when the email is new. It is
|
// provisioning a fresh (unconfirmed) guest account when the email is new — it becomes
|
||||||
// the unauthenticated email-login entry point and, unlike RequestCode,
|
// durable once the code is confirmed. It is the unauthenticated email-login entry
|
||||||
// does not refuse an already-confirmed email — that is the ordinary returning-user
|
// point and, unlike RequestCode, does not refuse an already-confirmed email — that is
|
||||||
// login. The code is mailed to the address, so only its real owner can complete
|
// the ordinary returning-user login. The code is mailed to the address, so only its
|
||||||
// the login. On first contact browserTZ (the client's detected "±HH:MM" UTC offset)
|
// real owner can complete the login. On first contact browserTZ (the client's
|
||||||
// seeds the new account's time zone. It returns the target account id for the
|
// detected "±HH:MM" UTC offset) seeds the new account's time zone and language its UI
|
||||||
// subsequent LoginWithCode.
|
// language. When pwa is set (the request came from an installed PWA) the login email omits the
|
||||||
func (s *EmailService) RequestLoginCode(ctx context.Context, email, browserTZ string) (uuid.UUID, error) {
|
// one-tap confirm link — it would open in a separate browser, out of the PWA's reach — so the
|
||||||
|
// code is entered in the same window. It returns the target account id for the subsequent
|
||||||
|
// LoginWithCode.
|
||||||
|
func (s *EmailService) RequestLoginCode(ctx context.Context, email, browserTZ, language string, pwa bool) (uuid.UUID, error) {
|
||||||
addr, err := normalizeEmail(email)
|
addr, err := normalizeEmail(email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return uuid.UUID{}, err
|
return uuid.UUID{}, err
|
||||||
}
|
}
|
||||||
acc, err := s.store.ProvisionEmail(ctx, addr, browserTZ)
|
if !s.allowSend(addr) {
|
||||||
|
return uuid.UUID{}, ErrTooManyRequests
|
||||||
|
}
|
||||||
|
acc, err := s.store.ProvisionEmail(ctx, addr, browserTZ, language)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return uuid.UUID{}, err
|
return uuid.UUID{}, err
|
||||||
}
|
}
|
||||||
code, hash, err := generateCode()
|
if err := s.issueCode(ctx, acc.ID, addr, purposeLogin, language, pwa); err != nil {
|
||||||
if err != nil {
|
|
||||||
return uuid.UUID{}, err
|
|
||||||
}
|
|
||||||
if err := s.store.replacePendingConfirmation(ctx, acc.ID, addr, hash, s.now().Add(emailCodeTTL)); err != nil {
|
|
||||||
return uuid.UUID{}, err
|
|
||||||
}
|
|
||||||
subject := "Your Scrabble login code"
|
|
||||||
body := fmt.Sprintf("Your login code is %s. It expires in %d minutes.", code, int(emailCodeTTL/time.Minute))
|
|
||||||
if err := s.mailer.Send(ctx, addr, subject, body); err != nil {
|
|
||||||
return uuid.UUID{}, err
|
return uuid.UUID{}, err
|
||||||
}
|
}
|
||||||
return acc.ID, nil
|
return acc.ID, nil
|
||||||
@@ -191,9 +278,104 @@ func (s *EmailService) LoginWithCode(ctx context.Context, email, code string) (A
|
|||||||
if err := s.store.confirmEmailLogin(ctx, conf.id, acc.ID, addr, s.now()); err != nil {
|
if err := s.store.confirmEmailLogin(ctx, conf.id, acc.ID, addr, s.now()); err != nil {
|
||||||
return Account{}, err
|
return Account{}, err
|
||||||
}
|
}
|
||||||
|
if err := s.store.ClearGuest(ctx, acc.ID); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
return s.store.GetByID(ctx, acc.ID)
|
return s.store.GetByID(ctx, acc.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LinkConfirmation is the outcome of confirming a one-tap deeplink token: what the
|
||||||
|
// transport layer must finish. Purpose is the pending row's purpose. For a login,
|
||||||
|
// Account is the account to sign in. For a link, Account is the account the email was
|
||||||
|
// (or would be) attached to; NeedsMerge is set when another account (MergeOwner)
|
||||||
|
// already owns the address, so the caller drives the interactive merge instead of a
|
||||||
|
// plain link — the token is left unconsumed for that merge step.
|
||||||
|
type LinkConfirmation struct {
|
||||||
|
Purpose string
|
||||||
|
Account uuid.UUID
|
||||||
|
NeedsMerge bool
|
||||||
|
MergeOwner uuid.UUID
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsLogin reports whether the confirmation is a login (the caller mints a session)
|
||||||
|
// rather than a link (attach the identity, or drive a merge).
|
||||||
|
func (r LinkConfirmation) IsLogin() bool { return r.Purpose == purposeLogin }
|
||||||
|
|
||||||
|
// ConfirmByToken verifies a one-tap deeplink token and performs its purpose. A login
|
||||||
|
// confirms the email identity, clears the guest flag and returns the account to sign
|
||||||
|
// in. A link attaches the confirmed email to the pending account when the address is
|
||||||
|
// free, or reports NeedsMerge when another account already owns it (leaving the token
|
||||||
|
// live so the caller's merge step can re-verify). It returns ErrNoPendingCode when the
|
||||||
|
// token matches no live confirmation and ErrCodeExpired when it has lapsed. The token
|
||||||
|
// is high-entropy, so there is no wrong-attempt counter.
|
||||||
|
func (s *EmailService) ConfirmByToken(ctx context.Context, token string) (LinkConfirmation, error) {
|
||||||
|
pend, err := s.store.pendingByTokenHash(ctx, hashCode(token))
|
||||||
|
if err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if s.now().After(pend.expiresAt) {
|
||||||
|
return LinkConfirmation{}, ErrCodeExpired
|
||||||
|
}
|
||||||
|
switch pend.purpose {
|
||||||
|
case purposeLogin:
|
||||||
|
if err := s.store.confirmEmailLogin(ctx, pend.id, pend.accountID, pend.email, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if err := s.store.ClearGuest(ctx, pend.accountID); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLogin, Account: pend.accountID}, nil
|
||||||
|
case purposeLink:
|
||||||
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, pend.email)
|
||||||
|
if err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
if owner == pend.accountID {
|
||||||
|
if err := s.store.consumeConfirmation(ctx, pend.id, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLink, Account: pend.accountID}, nil
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLink, Account: pend.accountID, NeedsMerge: true, MergeOwner: owner}, nil
|
||||||
|
}
|
||||||
|
if err := s.store.confirmEmailIdentity(ctx, pend.id, pend.accountID, pend.email, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
// Binding the first email promotes a guest to a durable account, matching the
|
||||||
|
// code-based link flow (which clears the guest flag in the link service).
|
||||||
|
if err := s.store.ClearGuest(ctx, pend.accountID); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLink, Account: pend.accountID}, nil
|
||||||
|
case purposeChange:
|
||||||
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, pend.email)
|
||||||
|
if err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if ok && owner != pend.accountID {
|
||||||
|
// The new address is confirmed by a different account: refuse without
|
||||||
|
// disclosing it (anti-enumeration). Unlike a link, a change never merges.
|
||||||
|
return LinkConfirmation{}, ErrEmailTaken
|
||||||
|
}
|
||||||
|
if ok && owner == pend.accountID {
|
||||||
|
if err := s.store.consumeConfirmation(ctx, pend.id, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeChange, Account: pend.accountID}, nil
|
||||||
|
}
|
||||||
|
if err := s.store.replaceEmailIdentity(ctx, pend.id, pend.accountID, pend.email, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeChange, Account: pend.accountID}, nil
|
||||||
|
case purposeDelete:
|
||||||
|
// Deletion is confirmed in the app with the code, never via a one-tap link.
|
||||||
|
return LinkConfirmation{}, fmt.Errorf("account: deletion cannot be confirmed by link")
|
||||||
|
default:
|
||||||
|
return LinkConfirmation{}, fmt.Errorf("account: unsupported confirmation purpose %q", pend.purpose)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// emailConfirmation is a pending confirm-code row in domain form.
|
// emailConfirmation is a pending confirm-code row in domain form.
|
||||||
type emailConfirmation struct {
|
type emailConfirmation struct {
|
||||||
id uuid.UUID
|
id uuid.UUID
|
||||||
@@ -222,9 +404,30 @@ func (s *Store) confirmedEmailAccount(ctx context.Context, email string) (uuid.U
|
|||||||
return row.AccountID, true, nil
|
return row.AccountID, true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// confirmedEmailOf returns the account's confirmed email address and true, or ("", false)
|
||||||
|
// when it holds none. It backs the deletion step-up, which mails a code to the account's
|
||||||
|
// own address.
|
||||||
|
func (s *Store) confirmedEmailOf(ctx context.Context, accountID uuid.UUID) (string, bool, error) {
|
||||||
|
stmt := postgres.SELECT(table.Identities.ExternalID).
|
||||||
|
FROM(table.Identities).
|
||||||
|
WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(KindEmail))).
|
||||||
|
AND(table.Identities.Confirmed.EQ(postgres.Bool(true))),
|
||||||
|
).LIMIT(1)
|
||||||
|
var row model.Identities
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &row); err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return "", false, nil
|
||||||
|
}
|
||||||
|
return "", false, fmt.Errorf("account: confirmed email of %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
return row.ExternalID, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
// replacePendingConfirmation clears any pending code for (accountID, email) and
|
// replacePendingConfirmation clears any pending code for (accountID, email) and
|
||||||
// inserts a fresh one, inside one transaction.
|
// inserts a fresh one, inside one transaction.
|
||||||
func (s *Store) replacePendingConfirmation(ctx context.Context, accountID uuid.UUID, email, codeHash string, expiresAt time.Time) error {
|
func (s *Store) replacePendingConfirmation(ctx context.Context, accountID uuid.UUID, email, codeHash, linkTokenHash, purpose string, expiresAt time.Time) error {
|
||||||
id, err := uuid.NewV7()
|
id, err := uuid.NewV7()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("account: new confirmation id: %w", err)
|
return fmt.Errorf("account: new confirmation id: %w", err)
|
||||||
@@ -241,7 +444,8 @@ func (s *Store) replacePendingConfirmation(ctx context.Context, accountID uuid.U
|
|||||||
ins := table.EmailConfirmations.INSERT(
|
ins := table.EmailConfirmations.INSERT(
|
||||||
table.EmailConfirmations.ConfirmationID, table.EmailConfirmations.AccountID,
|
table.EmailConfirmations.ConfirmationID, table.EmailConfirmations.AccountID,
|
||||||
table.EmailConfirmations.Email, table.EmailConfirmations.CodeHash, table.EmailConfirmations.ExpiresAt,
|
table.EmailConfirmations.Email, table.EmailConfirmations.CodeHash, table.EmailConfirmations.ExpiresAt,
|
||||||
).VALUES(id, accountID, email, codeHash, expiresAt)
|
table.EmailConfirmations.LinkTokenHash, table.EmailConfirmations.Purpose,
|
||||||
|
).VALUES(id, accountID, email, codeHash, expiresAt, linkTokenHash, purpose)
|
||||||
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
return fmt.Errorf("insert confirmation: %w", err)
|
return fmt.Errorf("insert confirmation: %w", err)
|
||||||
}
|
}
|
||||||
@@ -274,6 +478,54 @@ func (s *Store) latestPendingConfirmation(ctx context.Context, accountID uuid.UU
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// pendingConfirmation is a pending confirm-code row loaded by its deeplink token, in
|
||||||
|
// domain form.
|
||||||
|
type pendingConfirmation struct {
|
||||||
|
id uuid.UUID
|
||||||
|
accountID uuid.UUID
|
||||||
|
email string
|
||||||
|
purpose string
|
||||||
|
expiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// pendingByTokenHash loads the unconsumed confirmation whose deeplink token hashes to
|
||||||
|
// tokenHash, or ErrNoPendingCode. The high-entropy token needs no attempt counter, so
|
||||||
|
// a partial-unique index guarantees at most one match.
|
||||||
|
func (s *Store) pendingByTokenHash(ctx context.Context, tokenHash string) (pendingConfirmation, error) {
|
||||||
|
stmt := postgres.SELECT(table.EmailConfirmations.AllColumns).
|
||||||
|
FROM(table.EmailConfirmations).
|
||||||
|
WHERE(
|
||||||
|
table.EmailConfirmations.LinkTokenHash.EQ(postgres.String(tokenHash)).
|
||||||
|
AND(table.EmailConfirmations.ConsumedAt.IS_NULL()),
|
||||||
|
).LIMIT(1)
|
||||||
|
var row model.EmailConfirmations
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &row); err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return pendingConfirmation{}, ErrNoPendingCode
|
||||||
|
}
|
||||||
|
return pendingConfirmation{}, fmt.Errorf("account: load confirmation by token: %w", err)
|
||||||
|
}
|
||||||
|
return pendingConfirmation{
|
||||||
|
id: row.ConfirmationID,
|
||||||
|
accountID: row.AccountID,
|
||||||
|
email: row.Email,
|
||||||
|
purpose: row.Purpose,
|
||||||
|
expiresAt: row.ExpiresAt,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// consumeConfirmation marks a confirmation consumed without writing an identity, used
|
||||||
|
// for the idempotent already-linked deeplink path.
|
||||||
|
func (s *Store) consumeConfirmation(ctx context.Context, id uuid.UUID, now time.Time) error {
|
||||||
|
upd := table.EmailConfirmations.UPDATE(table.EmailConfirmations.ConsumedAt).
|
||||||
|
SET(postgres.TimestampzT(now)).
|
||||||
|
WHERE(table.EmailConfirmations.ConfirmationID.EQ(postgres.UUID(id)))
|
||||||
|
if _, err := upd.ExecContext(ctx, s.db); err != nil {
|
||||||
|
return fmt.Errorf("account: consume confirmation: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// bumpConfirmationAttempts increments a code's wrong-attempt counter by one.
|
// bumpConfirmationAttempts increments a code's wrong-attempt counter by one.
|
||||||
func (s *Store) bumpConfirmationAttempts(ctx context.Context, id uuid.UUID) error {
|
func (s *Store) bumpConfirmationAttempts(ctx context.Context, id uuid.UUID) error {
|
||||||
stmt := table.EmailConfirmations.
|
stmt := table.EmailConfirmations.
|
||||||
@@ -320,6 +572,69 @@ func (s *Store) confirmEmailIdentity(ctx context.Context, confirmationID, accoun
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// replaceEmailIdentity consumes the confirmation, deletes the account's existing email
|
||||||
|
// identity (freeing the old address) and inserts newEmail as its confirmed email, inside
|
||||||
|
// one transaction. It backs the change-email flow. A unique-constraint violation — the
|
||||||
|
// new address was confirmed elsewhere in the meantime — surfaces as ErrEmailTaken. When
|
||||||
|
// the account holds no email identity yet the delete is a no-op, so this doubles as an
|
||||||
|
// attach.
|
||||||
|
func (s *Store) replaceEmailIdentity(ctx context.Context, confirmationID, accountID uuid.UUID, newEmail string, now time.Time) error {
|
||||||
|
identityID, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: new identity id: %w", err)
|
||||||
|
}
|
||||||
|
err = withTx(ctx, s.db, func(tx *sql.Tx) error {
|
||||||
|
upd := table.EmailConfirmations.
|
||||||
|
UPDATE(table.EmailConfirmations.ConsumedAt).
|
||||||
|
SET(postgres.TimestampzT(now)).
|
||||||
|
WHERE(table.EmailConfirmations.ConfirmationID.EQ(postgres.UUID(confirmationID)))
|
||||||
|
if _, err := upd.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("consume confirmation: %w", err)
|
||||||
|
}
|
||||||
|
// Journal the outgoing email before replacing it, so the legal dossier keeps the
|
||||||
|
// address the account used to hold (see retention.go).
|
||||||
|
var old model.Identities
|
||||||
|
sel := postgres.SELECT(
|
||||||
|
table.Identities.ExternalID, table.Identities.Confirmed, table.Identities.CreatedAt,
|
||||||
|
).FROM(table.Identities).WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(KindEmail))),
|
||||||
|
).LIMIT(1)
|
||||||
|
switch err := sel.QueryContext(ctx, tx, &old); {
|
||||||
|
case err == nil:
|
||||||
|
if err := retainIdentityTx(ctx, tx, accountID, KindEmail, old.ExternalID, old.Confirmed, old.CreatedAt, retainChange); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
case errors.Is(err, qrm.ErrNoRows):
|
||||||
|
// No prior email (this doubles as an attach); nothing to retain.
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("load outgoing email identity: %w", err)
|
||||||
|
}
|
||||||
|
del := table.Identities.DELETE().WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(KindEmail))),
|
||||||
|
)
|
||||||
|
if _, err := del.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("delete old email identity: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.Identities.INSERT(
|
||||||
|
table.Identities.IdentityID, table.Identities.AccountID, table.Identities.Kind,
|
||||||
|
table.Identities.ExternalID, table.Identities.Confirmed,
|
||||||
|
).VALUES(identityID, accountID, KindEmail, newEmail, true)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
if isUniqueViolation(err) {
|
||||||
|
return ErrEmailTaken
|
||||||
|
}
|
||||||
|
return fmt.Errorf("account: replace email identity: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// confirmEmailLogin consumes the login code and marks the existing email
|
// confirmEmailLogin consumes the login code and marks the existing email
|
||||||
// identity confirmed, inside one transaction. The identity already exists (a
|
// identity confirmed, inside one transaction. The identity already exists (a
|
||||||
// login provisioned it), so this updates rather than inserts and is idempotent
|
// login provisioned it), so this updates rather than inserts and is idempotent
|
||||||
@@ -367,6 +682,18 @@ func generateCode() (code, hash string, err error) {
|
|||||||
return code, hashCode(code), nil
|
return code, hashCode(code), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generateLinkToken returns a fresh opaque one-tap confirm deeplink token (URL-safe
|
||||||
|
// base64, 256-bit) and its hex SHA-256 hash. Only the hash is stored; the token
|
||||||
|
// travels only in the emailed link, mirroring the session-token model.
|
||||||
|
func generateLinkToken() (token, hash string, err error) {
|
||||||
|
buf := make([]byte, linkTokenBytes)
|
||||||
|
if _, err := crand.Read(buf); err != nil {
|
||||||
|
return "", "", fmt.Errorf("account: generate link token: %w", err)
|
||||||
|
}
|
||||||
|
token = base64.RawURLEncoding.EncodeToString(buf)
|
||||||
|
return token, hashCode(token), nil
|
||||||
|
}
|
||||||
|
|
||||||
// hashCode returns the hex-encoded SHA-256 of a confirm-code.
|
// hashCode returns the hex-encoded SHA-256 of a confirm-code.
|
||||||
func hashCode(code string) string {
|
func hashCode(code string) string {
|
||||||
sum := sha256.Sum256([]byte(code))
|
sum := sha256.Sum256([]byte(code))
|
||||||
|
|||||||
@@ -0,0 +1,239 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"html/template"
|
||||||
|
"strings"
|
||||||
|
tmpltext "text/template"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// emailBrandColor is the single accent used in the confirmation email — a calm
|
||||||
|
// tile green, matching the "no riot of colours" brief.
|
||||||
|
const emailBrandColor = "#2f7d4f"
|
||||||
|
|
||||||
|
// confirmEmailView is the fully-localised data the confirmation email templates
|
||||||
|
// render. Every string is resolved before rendering, so the templates carry no
|
||||||
|
// localisation logic.
|
||||||
|
type confirmEmailView struct {
|
||||||
|
Brand string
|
||||||
|
Heading string
|
||||||
|
Intro string
|
||||||
|
Code string
|
||||||
|
Expiry string
|
||||||
|
CTALabel string
|
||||||
|
DeeplinkURL string
|
||||||
|
FooterIgnore string
|
||||||
|
LandingURL string
|
||||||
|
LandingLabel string
|
||||||
|
Preheader string
|
||||||
|
Locale string
|
||||||
|
Accent string
|
||||||
|
}
|
||||||
|
|
||||||
|
// emailCopy is the purpose- and locale-specific wording of a confirmation email.
|
||||||
|
type emailCopy struct {
|
||||||
|
Subject string
|
||||||
|
Preheader string
|
||||||
|
Heading string
|
||||||
|
Intro string
|
||||||
|
CTALabel string
|
||||||
|
FooterIgnore string
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmEmailCopy holds the wording per (purpose, locale). Unknown purposes fall
|
||||||
|
// back to the neutral link wording and unknown locales fall back to English.
|
||||||
|
var confirmEmailCopy = map[string]map[string]emailCopy{
|
||||||
|
purposeLogin: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Your Erudit sign-in code",
|
||||||
|
Preheader: "Your sign-in code",
|
||||||
|
Heading: "Sign in to Erudit",
|
||||||
|
Intro: "Enter this code to sign in:",
|
||||||
|
CTALabel: "Sign in with one tap",
|
||||||
|
FooterIgnore: "If you didn't request this email, you can safely ignore it.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Код для входа в Эрудит",
|
||||||
|
Preheader: "Ваш код для входа",
|
||||||
|
Heading: "Вход в Эрудит",
|
||||||
|
Intro: "Введите этот код, чтобы войти в игру:",
|
||||||
|
CTALabel: "Войти одним нажатием",
|
||||||
|
FooterIgnore: "Если вы не запрашивали это письмо, просто проигнорируйте его.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
purposeLink: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Your Erudit confirmation code",
|
||||||
|
Preheader: "Your confirmation code",
|
||||||
|
Heading: "Confirm your e-mail",
|
||||||
|
Intro: "Enter this code to confirm your address:",
|
||||||
|
CTALabel: "Confirm with one tap",
|
||||||
|
FooterIgnore: "If you didn't request this email, you can safely ignore it.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Код подтверждения Эрудит",
|
||||||
|
Preheader: "Ваш код подтверждения",
|
||||||
|
Heading: "Подтверждение e-mail",
|
||||||
|
Intro: "Введите этот код, чтобы подтвердить адрес:",
|
||||||
|
CTALabel: "Подтвердить одним нажатием",
|
||||||
|
FooterIgnore: "Если вы не запрашивали это письмо, просто проигнорируйте его.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
purposeChange: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Confirm your new Erudit e-mail",
|
||||||
|
Preheader: "Confirm your new address",
|
||||||
|
Heading: "Confirm your new e-mail",
|
||||||
|
Intro: "Enter this code to switch your account to this address:",
|
||||||
|
CTALabel: "Confirm with one tap",
|
||||||
|
FooterIgnore: "If you didn't request this change, you can safely ignore it — your address stays the same.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Подтвердите новый e-mail в Эрудит",
|
||||||
|
Preheader: "Подтвердите новый адрес",
|
||||||
|
Heading: "Смена e-mail",
|
||||||
|
Intro: "Введите этот код, чтобы привязать аккаунт к новому адресу:",
|
||||||
|
CTALabel: "Подтвердить одним нажатием",
|
||||||
|
FooterIgnore: "Если вы не запрашивали смену, просто проигнорируйте письмо — адрес останется прежним.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
purposeDelete: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Confirm your Erudit account deletion",
|
||||||
|
Preheader: "Confirm account deletion",
|
||||||
|
Heading: "Delete your account",
|
||||||
|
Intro: "Enter this code in the app to permanently delete your account:",
|
||||||
|
CTALabel: "",
|
||||||
|
FooterIgnore: "If you didn't request this, ignore it — your account stays as it is.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Подтвердите удаление аккаунта Эрудит",
|
||||||
|
Preheader: "Подтверждение удаления аккаунта",
|
||||||
|
Heading: "Удаление аккаунта",
|
||||||
|
Intro: "Введите этот код в приложении, чтобы удалить аккаунт без восстановления:",
|
||||||
|
CTALabel: "",
|
||||||
|
FooterIgnore: "Если вы не запрашивали удаление, проигнорируйте письмо — аккаунт останется.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
// emailBrand is the brand wordmark per locale.
|
||||||
|
var emailBrand = map[string]string{"en": "Erudit", "ru": "Эрудит"}
|
||||||
|
|
||||||
|
// emailExpiry formats the code-lifetime line per locale (abbreviated minutes to
|
||||||
|
// avoid plural agreement).
|
||||||
|
func emailExpiry(locale string, d time.Duration) string {
|
||||||
|
min := int(d / time.Minute)
|
||||||
|
if locale == "ru" {
|
||||||
|
return fmt.Sprintf("Код действует %d мин.", min)
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("The code is valid for %d minutes.", min)
|
||||||
|
}
|
||||||
|
|
||||||
|
// normalizeLocale maps an account language to a supported email locale, defaulting
|
||||||
|
// to English.
|
||||||
|
func normalizeLocale(locale string) string {
|
||||||
|
if locale == "ru" {
|
||||||
|
return "ru"
|
||||||
|
}
|
||||||
|
return "en"
|
||||||
|
}
|
||||||
|
|
||||||
|
// renderConfirmationEmail builds the branded confirmation email for purpose in
|
||||||
|
// locale: a large readable code plus a one-tap deeplink button, with an
|
||||||
|
// ignore-notice footer and a landing link. Both a plain-text body and an HTML
|
||||||
|
// alternative are produced. deeplinkURL is the absolute /confirm link and
|
||||||
|
// landingURL the public landing origin.
|
||||||
|
func renderConfirmationEmail(purpose, code, deeplinkURL, landingURL, locale string) (Message, error) {
|
||||||
|
loc := normalizeLocale(locale)
|
||||||
|
byLocale, ok := confirmEmailCopy[purpose]
|
||||||
|
if !ok {
|
||||||
|
byLocale = confirmEmailCopy[purposeLink]
|
||||||
|
}
|
||||||
|
cp := byLocale[loc]
|
||||||
|
view := confirmEmailView{
|
||||||
|
Brand: emailBrand[loc],
|
||||||
|
Heading: cp.Heading,
|
||||||
|
Intro: cp.Intro,
|
||||||
|
Code: code,
|
||||||
|
Expiry: emailExpiry(loc, emailCodeTTL),
|
||||||
|
CTALabel: cp.CTALabel,
|
||||||
|
DeeplinkURL: deeplinkURL,
|
||||||
|
FooterIgnore: cp.FooterIgnore,
|
||||||
|
LandingURL: landingURL,
|
||||||
|
LandingLabel: emailBrand[loc],
|
||||||
|
Preheader: cp.Preheader,
|
||||||
|
Locale: loc,
|
||||||
|
Accent: emailBrandColor,
|
||||||
|
}
|
||||||
|
var html strings.Builder
|
||||||
|
if err := confirmEmailHTML.Execute(&html, view); err != nil {
|
||||||
|
return Message{}, fmt.Errorf("account: render confirmation email (html): %w", err)
|
||||||
|
}
|
||||||
|
var text strings.Builder
|
||||||
|
if err := confirmEmailText.Execute(&text, view); err != nil {
|
||||||
|
return Message{}, fmt.Errorf("account: render confirmation email (text): %w", err)
|
||||||
|
}
|
||||||
|
return Message{Subject: cp.Subject, Text: text.String(), HTML: html.String()}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmEmailHTML is a compact, image-free, mobile-friendly HTML email. Layout is
|
||||||
|
// table-based for broad mail-client compatibility and all styling is inlined
|
||||||
|
// because clients strip <style> blocks.
|
||||||
|
var confirmEmailHTML = template.Must(template.New("confirmEmailHTML").Parse(`<!DOCTYPE html>
|
||||||
|
<html lang="{{.Locale}}">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>{{.Brand}}</title>
|
||||||
|
</head>
|
||||||
|
<body style="margin:0;padding:0;background:#f4f5f7;">
|
||||||
|
<span style="display:none;max-height:0;overflow:hidden;opacity:0;">{{.Preheader}}</span>
|
||||||
|
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background:#f4f5f7;padding:24px 12px;">
|
||||||
|
<tr><td align="center">
|
||||||
|
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width:460px;background:#ffffff;border:1px solid #e5e7eb;border-radius:14px;overflow:hidden;font-family:-apple-system,'Segoe UI',Roboto,Helvetica,Arial,sans-serif;">
|
||||||
|
<tr><td style="padding:28px 32px 4px;">
|
||||||
|
<div style="font-size:15px;font-weight:700;letter-spacing:.04em;color:{{.Accent}};">{{.Brand}}</div>
|
||||||
|
</td></tr>
|
||||||
|
<tr><td style="padding:8px 32px 0;">
|
||||||
|
<h1 style="margin:0;font-size:20px;line-height:1.3;color:#111827;font-weight:600;">{{.Heading}}</h1>
|
||||||
|
<p style="margin:12px 0 0;font-size:15px;line-height:1.5;color:#374151;">{{.Intro}}</p>
|
||||||
|
</td></tr>
|
||||||
|
<tr><td style="padding:18px 32px 0;">
|
||||||
|
<div style="font-size:34px;font-weight:700;letter-spacing:8px;text-align:center;color:#111827;background:#f3f4f6;border-radius:10px;padding:18px 0;font-family:'SFMono-Regular',Consolas,Menlo,monospace;">{{.Code}}</div>
|
||||||
|
<p style="margin:10px 0 0;font-size:13px;line-height:1.5;color:#6b7280;text-align:center;">{{.Expiry}}</p>
|
||||||
|
</td></tr>
|
||||||
|
{{if .DeeplinkURL}}<tr><td style="padding:22px 32px 0;" align="center">
|
||||||
|
<a href="{{.DeeplinkURL}}" style="display:inline-block;background:{{.Accent}};color:#ffffff;text-decoration:none;font-size:15px;font-weight:600;padding:12px 26px;border-radius:9px;">{{.CTALabel}}</a>
|
||||||
|
</td></tr>
|
||||||
|
{{end}}<tr><td style="padding:26px 32px 28px;">
|
||||||
|
<hr style="border:none;border-top:1px solid #eceef1;margin:0 0 16px;">
|
||||||
|
<p style="margin:0;font-size:12px;line-height:1.6;color:#9ca3af;">{{.FooterIgnore}}</p>
|
||||||
|
<p style="margin:10px 0 0;font-size:12px;color:#9ca3af;"><a href="{{.LandingURL}}" style="color:#6b7280;text-decoration:none;">{{.LandingLabel}}</a></p>
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
`))
|
||||||
|
|
||||||
|
// confirmEmailText is the plain-text alternative (and multipart fallback).
|
||||||
|
var confirmEmailText = tmpltext.Must(tmpltext.New("confirmEmailText").Parse(`{{.Brand}}
|
||||||
|
|
||||||
|
{{.Heading}}
|
||||||
|
|
||||||
|
{{.Intro}}
|
||||||
|
|
||||||
|
{{.Code}}
|
||||||
|
|
||||||
|
{{.Expiry}}
|
||||||
|
|
||||||
|
{{if .DeeplinkURL}}{{.CTALabel}}:
|
||||||
|
{{.DeeplinkURL}}
|
||||||
|
|
||||||
|
{{end}}—
|
||||||
|
{{.FooterIgnore}}
|
||||||
|
{{.LandingLabel}} — {{.LandingURL}}
|
||||||
|
`))
|
||||||
@@ -0,0 +1,54 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestRenderConfirmationEmail checks that each (purpose, locale) renders a localised
|
||||||
|
// subject, embeds the code and the one-tap deeplink in both bodies, and produces HTML.
|
||||||
|
func TestRenderConfirmationEmail(t *testing.T) {
|
||||||
|
const deeplink = "https://erudit-game.ru/app/#/confirm/tok123"
|
||||||
|
cases := []struct {
|
||||||
|
name, purpose, locale, subjectSub string
|
||||||
|
}{
|
||||||
|
{"login ru", purposeLogin, "ru", "вход"},
|
||||||
|
{"login en", purposeLogin, "en", "sign-in"},
|
||||||
|
{"link ru", purposeLink, "ru", "подтвержд"},
|
||||||
|
{"link en", purposeLink, "en", "confirmation"},
|
||||||
|
{"change ru", purposeChange, "ru", "новый"},
|
||||||
|
{"change en", purposeChange, "en", "new"},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
t.Run(c.name, func(t *testing.T) {
|
||||||
|
msg, err := renderConfirmationEmail(c.purpose, "123456", deeplink, "https://erudit-game.ru", c.locale)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("render: %v", err)
|
||||||
|
}
|
||||||
|
if !strings.Contains(strings.ToLower(msg.Subject), c.subjectSub) {
|
||||||
|
t.Errorf("subject %q does not contain %q", msg.Subject, c.subjectSub)
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Text, "123456") || !strings.Contains(msg.HTML, "123456") {
|
||||||
|
t.Error("code missing from a body")
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Text, deeplink) || !strings.Contains(msg.HTML, "confirm/tok123") {
|
||||||
|
t.Error("deeplink missing from a body")
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.HTML, "<html") {
|
||||||
|
t.Error("HTML body is not HTML")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestRenderConfirmationEmailUnknownLocaleDefaultsEnglish falls back to English for an
|
||||||
|
// unsupported locale rather than erroring or emitting an empty subject.
|
||||||
|
func TestRenderConfirmationEmailUnknownLocaleDefaultsEnglish(t *testing.T) {
|
||||||
|
msg, err := renderConfirmationEmail(purposeLogin, "000000", "", "https://erudit-game.ru", "de")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("render: %v", err)
|
||||||
|
}
|
||||||
|
if !strings.Contains(strings.ToLower(msg.Subject), "sign-in") {
|
||||||
|
t.Errorf("unknown locale should default to English, got subject %q", msg.Subject)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -2,6 +2,7 @@ package account
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"database/sql"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
@@ -16,6 +17,68 @@ import (
|
|||||||
// belongs to another account; the caller turns it into a merge.
|
// belongs to another account; the caller turns it into a merge.
|
||||||
var ErrIdentityTaken = errors.New("account: identity already linked to another account")
|
var ErrIdentityTaken = errors.New("account: identity already linked to another account")
|
||||||
|
|
||||||
|
// ErrLastIdentity is returned when removing an identity would leave the account with
|
||||||
|
// none, making it unreachable after logout. The admin email-erase refuses it.
|
||||||
|
var ErrLastIdentity = errors.New("account: cannot remove the last identity")
|
||||||
|
|
||||||
|
// RemoveIdentity deletes the account's identity of the given kind (and, for an email,
|
||||||
|
// any pending confirmations for it), freeing it for reuse. It refuses when that is the
|
||||||
|
// account's only identity (ErrLastIdentity) — which would leave the account
|
||||||
|
// unreachable — and returns ErrNotFound when the account has no identity of that kind.
|
||||||
|
// It backs the profile Unlink control and the admin "erase email" action.
|
||||||
|
func (s *Store) RemoveIdentity(ctx context.Context, accountID uuid.UUID, kind string) error {
|
||||||
|
ids, err := s.Identities(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
var toRetain []Identity
|
||||||
|
others := 0
|
||||||
|
for _, id := range ids {
|
||||||
|
if id.Kind == kind {
|
||||||
|
toRetain = append(toRetain, id)
|
||||||
|
} else {
|
||||||
|
others++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(toRetain) == 0 {
|
||||||
|
return ErrNotFound
|
||||||
|
}
|
||||||
|
if others == 0 {
|
||||||
|
return ErrLastIdentity
|
||||||
|
}
|
||||||
|
return withTx(ctx, s.db, func(tx *sql.Tx) error {
|
||||||
|
// Journal the detached credential before removing it, so the legal dossier
|
||||||
|
// survives while the identity frees for reuse (see retention.go).
|
||||||
|
for _, id := range toRetain {
|
||||||
|
if err := retainIdentityTx(ctx, tx, accountID, id.Kind, id.ExternalID, id.Confirmed, id.CreatedAt, retainUnlink); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
delID := table.Identities.DELETE().WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(kind))),
|
||||||
|
)
|
||||||
|
if _, err := delID.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("account: delete %s identity %s: %w", kind, accountID, err)
|
||||||
|
}
|
||||||
|
if kind == KindEmail {
|
||||||
|
delConf := table.EmailConfirmations.DELETE().WHERE(
|
||||||
|
table.EmailConfirmations.AccountID.EQ(postgres.UUID(accountID)),
|
||||||
|
)
|
||||||
|
if _, err := delConf.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("account: delete email confirmations %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// RemoveEmailIdentity erases the account's email identity. It backs the admin console's
|
||||||
|
// "erase email" action; the user-facing profile never unlinks email (it is changed).
|
||||||
|
func (s *Store) RemoveEmailIdentity(ctx context.Context, accountID uuid.UUID) error {
|
||||||
|
return s.RemoveIdentity(ctx, accountID, KindEmail)
|
||||||
|
}
|
||||||
|
|
||||||
// RequestLinkCode issues and mails a confirm-code for email to accountID,
|
// RequestLinkCode issues and mails a confirm-code for email to accountID,
|
||||||
// replacing any prior pending code. Unlike RequestCode it never refuses up front
|
// replacing any prior pending code. Unlike RequestCode it never refuses up front
|
||||||
// (taken or already-confirmed): possession of the address is the authorization for
|
// (taken or already-confirmed): possession of the address is the authorization for
|
||||||
@@ -26,16 +89,10 @@ func (s *EmailService) RequestLinkCode(ctx context.Context, accountID uuid.UUID,
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
code, hash, err := generateCode()
|
if !s.allowSend(addr) {
|
||||||
if err != nil {
|
return ErrTooManyRequests
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
if err := s.store.replacePendingConfirmation(ctx, accountID, addr, hash, s.now().Add(emailCodeTTL)); err != nil {
|
return s.issueCode(ctx, accountID, addr, purposeLink, s.accountLocale(ctx, accountID), false)
|
||||||
return err
|
|
||||||
}
|
|
||||||
subject := "Your Scrabble confirmation code"
|
|
||||||
body := fmt.Sprintf("Your confirmation code is %s. It expires in %d minutes.", code, int(emailCodeTTL/time.Minute))
|
|
||||||
return s.mailer.Send(ctx, addr, subject, body)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfirmLink verifies code for (accountID, email) and reports the address's
|
// ConfirmLink verifies code for (accountID, email) and reports the address's
|
||||||
@@ -70,6 +127,100 @@ func (s *EmailService) ConfirmLink(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
return accountID, true, nil
|
return accountID, true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RequestChangeCode issues and mails a confirm-code to newEmail for an authenticated
|
||||||
|
// email change on accountID, replacing any prior pending code. Like RequestLinkCode it
|
||||||
|
// never refuses up front on "taken" (anti-enumeration): possession of newEmail is the
|
||||||
|
// authorization, and a conflict with another account is revealed only at confirm — as a
|
||||||
|
// non-disclosing refusal, never a merge.
|
||||||
|
func (s *EmailService) RequestChangeCode(ctx context.Context, accountID uuid.UUID, newEmail string) error {
|
||||||
|
addr, err := normalizeEmail(newEmail)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !s.allowSend(addr) {
|
||||||
|
return ErrTooManyRequests
|
||||||
|
}
|
||||||
|
return s.issueCode(ctx, accountID, addr, purposeChange, s.accountLocale(ctx, accountID), false)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ConfirmChange verifies code for (accountID, newEmail) and atomically replaces the
|
||||||
|
// account's confirmed email with newEmail, freeing the old address. When newEmail is
|
||||||
|
// already confirmed by another account it refuses with ErrEmailTaken (surfaced to the
|
||||||
|
// user as a non-disclosing "check the address or contact support"), never merging; when
|
||||||
|
// the account already owns newEmail it is an idempotent no-op. It returns the usual
|
||||||
|
// confirm-code errors (ErrNoPendingCode, ErrCodeExpired, ErrTooManyAttempts,
|
||||||
|
// ErrCodeMismatch) and the updated account on success.
|
||||||
|
func (s *EmailService) ConfirmChange(ctx context.Context, accountID uuid.UUID, newEmail, code string) (Account, error) {
|
||||||
|
addr, err := normalizeEmail(newEmail)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
conf, err := s.verifyPendingCode(ctx, accountID, addr, code)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, addr)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
if ok && owner != accountID {
|
||||||
|
return Account{}, ErrEmailTaken
|
||||||
|
}
|
||||||
|
if ok && owner == accountID {
|
||||||
|
if err := s.store.consumeConfirmation(ctx, conf.id, s.now()); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
return s.store.GetByID(ctx, accountID)
|
||||||
|
}
|
||||||
|
if err := s.store.replaceEmailIdentity(ctx, conf.id, accountID, addr, s.now()); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
return s.store.GetByID(ctx, accountID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// HasEmail reports whether accountID owns a confirmed email. The account-deletion step-up
|
||||||
|
// mails a confirm-code when it does, and falls back to a typed phrase otherwise.
|
||||||
|
func (s *EmailService) HasEmail(ctx context.Context, accountID uuid.UUID) (bool, error) {
|
||||||
|
_, ok, err := s.store.confirmedEmailOf(ctx, accountID)
|
||||||
|
return ok, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// RequestDeleteCode mails an account-deletion confirm-code to the account's own confirmed
|
||||||
|
// email (no deeplink — deletion is confirmed in the app). It returns ErrNoEmail when the
|
||||||
|
// account holds no email, ErrTooManyRequests when throttled.
|
||||||
|
func (s *EmailService) RequestDeleteCode(ctx context.Context, accountID uuid.UUID) error {
|
||||||
|
addr, ok, err := s.store.confirmedEmailOf(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
return ErrNoEmail
|
||||||
|
}
|
||||||
|
if !s.allowSend(addr) {
|
||||||
|
return ErrTooManyRequests
|
||||||
|
}
|
||||||
|
return s.issueCode(ctx, accountID, addr, purposeDelete, s.accountLocale(ctx, accountID), false)
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyDeleteCode verifies the account-deletion code against the account's own email and
|
||||||
|
// consumes it on success. It returns ErrNoEmail (no email), the usual confirm-code errors
|
||||||
|
// (ErrNoPendingCode, ErrCodeExpired, ErrTooManyAttempts, ErrCodeMismatch), or nil when the
|
||||||
|
// code is valid — the caller then performs the deletion.
|
||||||
|
func (s *EmailService) VerifyDeleteCode(ctx context.Context, accountID uuid.UUID, code string) error {
|
||||||
|
addr, ok, err := s.store.confirmedEmailOf(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
return ErrNoEmail
|
||||||
|
}
|
||||||
|
conf, err := s.verifyPendingCode(ctx, accountID, addr, code)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return s.store.consumeConfirmation(ctx, conf.id, s.now())
|
||||||
|
}
|
||||||
|
|
||||||
// verifyPendingCode loads and checks the pending confirm-code for (accountID,
|
// verifyPendingCode loads and checks the pending confirm-code for (accountID,
|
||||||
// addr), counting a wrong attempt. It returns the confirmation on success.
|
// addr), counting a wrong attempt. It returns the confirmation on success.
|
||||||
func (s *EmailService) verifyPendingCode(ctx context.Context, accountID uuid.UUID, addr, code string) (emailConfirmation, error) {
|
func (s *EmailService) verifyPendingCode(ctx context.Context, accountID uuid.UUID, addr, code string) (emailConfirmation, error) {
|
||||||
|
|||||||
@@ -3,33 +3,99 @@ package account
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"strconv"
|
||||||
"net/smtp"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/wneessen/go-mail"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Message is a transactional email to send through a Mailer. Text is the
|
||||||
|
// required plain-text body and doubles as the multipart/alternative fallback;
|
||||||
|
// HTML, when non-empty, is the preferred body a capable client renders instead.
|
||||||
|
type Message struct {
|
||||||
|
// To is the recipient address, or several comma-separated (all get the one message).
|
||||||
|
To string
|
||||||
|
// From, when non-empty, overrides the configured sender for this message — the admin
|
||||||
|
// alert path uses a distinct From from the user-facing confirm-code sender.
|
||||||
|
From string
|
||||||
|
Subject string
|
||||||
|
Text string
|
||||||
|
HTML string
|
||||||
|
}
|
||||||
|
|
||||||
// Mailer delivers a transactional email. It is the seam behind which the email
|
// Mailer delivers a transactional email. It is the seam behind which the email
|
||||||
// confirm-code flow sends codes, so the relay is swappable and unit tests use a
|
// confirm-code flow sends codes, so the relay is swappable and unit tests use a
|
||||||
// fixture (see docs/TESTING.md: no real network in tests). The context is offered
|
// fixture (see docs/TESTING.md: no real network in tests). The context bounds the
|
||||||
// for cancellation; the standard-library SMTP implementation sends synchronously
|
// delivery and is honoured by the SMTP implementation.
|
||||||
// and ignores it.
|
|
||||||
type Mailer interface {
|
type Mailer interface {
|
||||||
Send(ctx context.Context, to, subject, body string) error
|
Send(ctx context.Context, msg Message) error
|
||||||
|
}
|
||||||
|
|
||||||
|
// splitAddrs splits a comma-separated recipient list into trimmed, non-empty addresses.
|
||||||
|
func splitAddrs(list string) []string {
|
||||||
|
parts := strings.Split(list, ",")
|
||||||
|
out := make([]string, 0, len(parts))
|
||||||
|
for _, p := range parts {
|
||||||
|
if a := strings.TrimSpace(p); a != "" {
|
||||||
|
out = append(out, a)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// SMTPConfig configures the SMTP relay. An empty Host selects the LogMailer
|
// SMTPConfig configures the SMTP relay. An empty Host selects the LogMailer
|
||||||
// instead, so a deployment without a relay still runs (the code lands in the log).
|
// instead, so a deployment without a relay still runs (the code lands in the log).
|
||||||
|
// TLS is always used and no client certificate is required — only the server
|
||||||
|
// certificate is validated against the system roots.
|
||||||
type SMTPConfig struct {
|
type SMTPConfig struct {
|
||||||
Host string
|
Host string
|
||||||
Port string
|
Port string
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
From string
|
From string
|
||||||
|
// TLS selects the transport security: "ssl" for implicit TLS from connect, or
|
||||||
|
// "starttls" to upgrade a plaintext connection. Empty derives the mode from the
|
||||||
|
// port (implicit TLS on 465, STARTTLS otherwise); set it explicitly for a relay on
|
||||||
|
// a non-standard port (e.g. Selectel's 1127 = SSL, 1126 = STARTTLS).
|
||||||
|
TLS string
|
||||||
|
// AdminFrom / AdminTo drive the operator alert emails (new feedback / word complaints),
|
||||||
|
// distinct from the user-facing confirm-code sender. AdminTo may be several
|
||||||
|
// comma-separated addresses. Both empty disables the alert worker.
|
||||||
|
AdminFrom string
|
||||||
|
AdminTo string
|
||||||
}
|
}
|
||||||
|
|
||||||
// SMTPMailer sends mail through an SMTP relay using the standard library. When a
|
const (
|
||||||
// username is set it authenticates with PLAIN; otherwise it relays unauthenticated.
|
// SMTP transport-security modes for SMTPConfig.TLS.
|
||||||
|
smtpTLSImplicit = "ssl"
|
||||||
|
smtpTLSSTARTTLS = "starttls"
|
||||||
|
// smtpDialTimeout bounds a single relay connect-and-send. The confirm-code send
|
||||||
|
// is synchronous on the request path, so an unreachable relay must fail fast
|
||||||
|
// rather than hold the request open.
|
||||||
|
smtpDialTimeout = 15 * time.Second
|
||||||
|
)
|
||||||
|
|
||||||
|
// tlsMode resolves the transport-security mode for the relay: the explicitly
|
||||||
|
// configured SMTPConfig.TLS, or — when unset — implicit TLS on the conventional SSL
|
||||||
|
// port 465 and STARTTLS on any other port.
|
||||||
|
func (cfg SMTPConfig) tlsMode(port int) string {
|
||||||
|
switch strings.ToLower(strings.TrimSpace(cfg.TLS)) {
|
||||||
|
case smtpTLSImplicit, "tls":
|
||||||
|
return smtpTLSImplicit
|
||||||
|
case smtpTLSSTARTTLS:
|
||||||
|
return smtpTLSSTARTTLS
|
||||||
|
}
|
||||||
|
if port == 465 {
|
||||||
|
return smtpTLSImplicit
|
||||||
|
}
|
||||||
|
return smtpTLSSTARTTLS
|
||||||
|
}
|
||||||
|
|
||||||
|
// SMTPMailer sends mail through an SMTP relay using go-mail. When a username is
|
||||||
|
// set it authenticates, auto-discovering the strongest mechanism the relay
|
||||||
|
// advertises; otherwise it relays unauthenticated.
|
||||||
type SMTPMailer struct {
|
type SMTPMailer struct {
|
||||||
cfg SMTPConfig
|
cfg SMTPConfig
|
||||||
}
|
}
|
||||||
@@ -39,29 +105,55 @@ func NewSMTPMailer(cfg SMTPConfig) SMTPMailer {
|
|||||||
return SMTPMailer{cfg: cfg}
|
return SMTPMailer{cfg: cfg}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send delivers a plain-text UTF-8 message to to via the configured relay.
|
// Send delivers a UTF-8 message to msg.To via the configured relay. When msg.HTML
|
||||||
func (m SMTPMailer) Send(_ context.Context, to, subject, body string) error {
|
// is set the message is multipart/alternative (plain text plus HTML); otherwise
|
||||||
addr := net.JoinHostPort(m.cfg.Host, m.cfg.Port)
|
// it is plain text only.
|
||||||
var auth smtp.Auth
|
func (m SMTPMailer) Send(ctx context.Context, msg Message) error {
|
||||||
if m.cfg.Username != "" {
|
port, err := strconv.Atoi(m.cfg.Port)
|
||||||
auth = smtp.PlainAuth("", m.cfg.Username, m.cfg.Password, m.cfg.Host)
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: invalid SMTP port %q: %w", m.cfg.Port, err)
|
||||||
}
|
}
|
||||||
if err := smtp.SendMail(addr, auth, m.cfg.From, []string{to}, message(m.cfg.From, to, subject, body)); err != nil {
|
opts := []mail.Option{mail.WithPort(port), mail.WithTimeout(smtpDialTimeout)}
|
||||||
return fmt.Errorf("account: send mail to %s: %w", to, err)
|
if m.cfg.tlsMode(port) == smtpTLSImplicit {
|
||||||
|
opts = append(opts, mail.WithSSL())
|
||||||
|
} else {
|
||||||
|
opts = append(opts, mail.WithTLSPortPolicy(mail.TLSMandatory))
|
||||||
|
}
|
||||||
|
if m.cfg.Username != "" {
|
||||||
|
opts = append(opts,
|
||||||
|
mail.WithSMTPAuth(mail.SMTPAuthAutoDiscover),
|
||||||
|
mail.WithUsername(m.cfg.Username),
|
||||||
|
mail.WithPassword(m.cfg.Password),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
client, err := mail.NewClient(m.cfg.Host, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: build mail client: %w", err)
|
||||||
|
}
|
||||||
|
out := mail.NewMsg()
|
||||||
|
from := m.cfg.From
|
||||||
|
if msg.From != "" {
|
||||||
|
from = msg.From
|
||||||
|
}
|
||||||
|
if err := out.From(from); err != nil {
|
||||||
|
return fmt.Errorf("account: set From %q: %w", from, err)
|
||||||
|
}
|
||||||
|
// To may carry several comma-separated recipients; go-mail wants them as separate
|
||||||
|
// arguments (a single joined string parses as one malformed address).
|
||||||
|
if err := out.To(splitAddrs(msg.To)...); err != nil {
|
||||||
|
return fmt.Errorf("account: set To %q: %w", msg.To, err)
|
||||||
|
}
|
||||||
|
out.Subject(msg.Subject)
|
||||||
|
out.SetBodyString(mail.TypeTextPlain, msg.Text)
|
||||||
|
if msg.HTML != "" {
|
||||||
|
out.AddAlternativeString(mail.TypeTextHTML, msg.HTML)
|
||||||
|
}
|
||||||
|
if err := client.DialAndSendWithContext(ctx, out); err != nil {
|
||||||
|
return fmt.Errorf("account: send mail to %s: %w", msg.To, err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// message renders a minimal RFC 5322 plain-text email.
|
|
||||||
func message(from, to, subject, body string) []byte {
|
|
||||||
return []byte("From: " + from + "\r\n" +
|
|
||||||
"To: " + to + "\r\n" +
|
|
||||||
"Subject: " + subject + "\r\n" +
|
|
||||||
"MIME-Version: 1.0\r\n" +
|
|
||||||
"Content-Type: text/plain; charset=UTF-8\r\n" +
|
|
||||||
"\r\n" + body + "\r\n")
|
|
||||||
}
|
|
||||||
|
|
||||||
// LogMailer logs the message instead of sending it. It is the default when no
|
// LogMailer logs the message instead of sending it. It is the default when no
|
||||||
// SMTP relay is configured and is intended for development only: it logs the body,
|
// SMTP relay is configured and is intended for development only: it logs the body,
|
||||||
// which carries the confirm-code, so it must not be used in production.
|
// which carries the confirm-code, so it must not be used in production.
|
||||||
@@ -74,11 +166,12 @@ func NewLogMailer(log *zap.Logger) LogMailer {
|
|||||||
return LogMailer{log: log}
|
return LogMailer{log: log}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send logs the message at info level and reports success.
|
// Send logs the message at info level and reports success. It logs the plain-text
|
||||||
func (m LogMailer) Send(_ context.Context, to, subject, body string) error {
|
// body only (which carries the confirm-code); the HTML alternative is omitted.
|
||||||
|
func (m LogMailer) Send(_ context.Context, msg Message) error {
|
||||||
if m.log != nil {
|
if m.log != nil {
|
||||||
m.log.Info("email not sent (log mailer)",
|
m.log.Info("email not sent (log mailer)",
|
||||||
zap.String("to", to), zap.String("subject", subject), zap.String("body", body))
|
zap.String("to", msg.To), zap.String("subject", msg.Subject), zap.String("body", msg.Text))
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,51 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"slices"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestSplitAddrs covers the comma-separated recipient parsing used for the admin alert
|
||||||
|
// To (several operator mailboxes in one message), including trimming and empty entries.
|
||||||
|
func TestSplitAddrs(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
in string
|
||||||
|
want []string
|
||||||
|
}{
|
||||||
|
{"a@x.ru", []string{"a@x.ru"}},
|
||||||
|
{"a@x.ru, b@y.ru", []string{"a@x.ru", "b@y.ru"}},
|
||||||
|
{" a@x.ru ,, b@y.ru ,", []string{"a@x.ru", "b@y.ru"}},
|
||||||
|
{"", nil},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
if got := splitAddrs(c.in); !slices.Equal(got, c.want) {
|
||||||
|
t.Errorf("splitAddrs(%q) = %v, want %v", c.in, got, c.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestSMTPTLSMode covers the explicit TLS mode and the port-based fallback, including
|
||||||
|
// the non-standard Selectel ports (1127 = SSL, 1126 = STARTTLS) that the 465 heuristic
|
||||||
|
// alone cannot classify.
|
||||||
|
func TestSMTPTLSMode(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
name string
|
||||||
|
tls string
|
||||||
|
port int
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{"explicit ssl on a custom port (Selectel 1127)", "ssl", 1127, smtpTLSImplicit},
|
||||||
|
{"explicit starttls on a custom port (Selectel 1126)", "starttls", 1126, smtpTLSSTARTTLS},
|
||||||
|
{"tls is an alias for ssl", "TLS", 2525, smtpTLSImplicit},
|
||||||
|
{"empty derives implicit TLS on 465", "", 465, smtpTLSImplicit},
|
||||||
|
{"empty derives STARTTLS on 587", "", 587, smtpTLSSTARTTLS},
|
||||||
|
{"an unknown value falls back to the port heuristic", "bogus", 465, smtpTLSImplicit},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
t.Run(c.name, func(t *testing.T) {
|
||||||
|
if got := (SMTPConfig{TLS: c.tls}).tlsMode(c.port); got != c.want {
|
||||||
|
t.Errorf("tlsMode(TLS=%q, port=%d) = %q, want %q", c.tls, c.port, got, c.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,66 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// SendLimiter throttles confirm-code sends per recipient address: it enforces a
|
||||||
|
// minimum cooldown between two sends and a cap over a rolling hour. It guards against
|
||||||
|
// email bombing and protects the relay's own quota. State is in-memory (per process,
|
||||||
|
// reset on restart) and keyed by the normalised recipient address, which is adequate
|
||||||
|
// for the single-instance backend. Safe for concurrent use.
|
||||||
|
type SendLimiter struct {
|
||||||
|
mu sync.Mutex
|
||||||
|
cooldown time.Duration
|
||||||
|
perHour int
|
||||||
|
now func() time.Time
|
||||||
|
sends map[string][]time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSendLimiter returns a SendLimiter allowing at most one send per cooldown and at
|
||||||
|
// most perHour sends over any rolling hour, to the same recipient.
|
||||||
|
func NewSendLimiter(cooldown time.Duration, perHour int) *SendLimiter {
|
||||||
|
return &SendLimiter{
|
||||||
|
cooldown: cooldown,
|
||||||
|
perHour: perHour,
|
||||||
|
now: func() time.Time { return time.Now() },
|
||||||
|
sends: make(map[string][]time.Time),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allow reports whether a send to key is permitted now, recording the send when it is.
|
||||||
|
// It is denied when the last send was within the cooldown or the rolling-hour cap is
|
||||||
|
// already reached.
|
||||||
|
func (l *SendLimiter) Allow(key string) bool {
|
||||||
|
l.mu.Lock()
|
||||||
|
defer l.mu.Unlock()
|
||||||
|
now := l.now()
|
||||||
|
cutoff := now.Add(-time.Hour)
|
||||||
|
kept := l.sends[key][:0]
|
||||||
|
for _, t := range l.sends[key] {
|
||||||
|
if t.After(cutoff) {
|
||||||
|
kept = append(kept, t)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if n := len(kept); n > 0 && now.Sub(kept[n-1]) < l.cooldown {
|
||||||
|
l.set(key, kept)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if len(kept) >= l.perHour {
|
||||||
|
l.set(key, kept)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
l.set(key, append(kept, now))
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// set stores the retained send times for key, dropping the entry entirely once empty
|
||||||
|
// so the map stays bounded to recipients active within the last hour.
|
||||||
|
func (l *SendLimiter) set(key string, times []time.Time) {
|
||||||
|
if len(times) == 0 {
|
||||||
|
delete(l.sends, key)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
l.sends[key] = times
|
||||||
|
}
|
||||||
@@ -0,0 +1,43 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestSendLimiter checks the per-recipient cooldown and the rolling-hour cap, and
|
||||||
|
// that recipients are throttled independently.
|
||||||
|
func TestSendLimiter(t *testing.T) {
|
||||||
|
base := time.Now()
|
||||||
|
now := base
|
||||||
|
l := NewSendLimiter(time.Minute, 3)
|
||||||
|
l.now = func() time.Time { return now }
|
||||||
|
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("send 1 should be allowed")
|
||||||
|
}
|
||||||
|
if l.Allow("a") {
|
||||||
|
t.Fatal("immediate resend must be blocked by the cooldown")
|
||||||
|
}
|
||||||
|
if !l.Allow("b") {
|
||||||
|
t.Fatal("a different recipient is independent")
|
||||||
|
}
|
||||||
|
|
||||||
|
now = base.Add(time.Minute)
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("send 2 after the cooldown should be allowed")
|
||||||
|
}
|
||||||
|
now = base.Add(2 * time.Minute)
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("send 3 should be allowed")
|
||||||
|
}
|
||||||
|
now = base.Add(3 * time.Minute)
|
||||||
|
if l.Allow("a") {
|
||||||
|
t.Fatal("send 4 within the hour must be blocked by the cap")
|
||||||
|
}
|
||||||
|
|
||||||
|
now = base.Add(time.Hour + time.Minute)
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("after the rolling hour the cap resets")
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,224 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/go-jet/jet/v2/postgres"
|
||||||
|
"github.com/go-jet/jet/v2/qrm"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/model"
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
|
)
|
||||||
|
|
||||||
|
// RetentionTTL bounds how long the account-deletion legal dossier is kept before the
|
||||||
|
// reaper purges it: two years from the detach/deletion event (owner policy, 2026-07-03).
|
||||||
|
const RetentionTTL = 2 * 365 * 24 * time.Hour
|
||||||
|
|
||||||
|
// Reasons recorded on a retained_identities row: what detached the credential from its
|
||||||
|
// account (unlink / email change / account deletion here; an account merge that drops a
|
||||||
|
// same-kind colliding identity writes reason "merge" from the accountmerge package). The
|
||||||
|
// row is written just before the live identities row is removed, preserving the legal
|
||||||
|
// dossier (which email/vk/tg was linked, and when) even as the identity frees for reuse.
|
||||||
|
// See docs/ARCHITECTURE.md §9.1.
|
||||||
|
const (
|
||||||
|
retainUnlink = "unlink"
|
||||||
|
retainChange = "change"
|
||||||
|
retainDelete = "delete"
|
||||||
|
)
|
||||||
|
|
||||||
|
// retainIdentityTx appends a retention-journal row for one identity being detached, inside
|
||||||
|
// tx. linkedAt is the identity's original creation time; detached_at defaults to now(). It
|
||||||
|
// must run in the same transaction as the identity removal, so the dossier and the live
|
||||||
|
// state can never diverge.
|
||||||
|
func retainIdentityTx(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, kind, externalID string, confirmed bool, linkedAt time.Time, reason string) error {
|
||||||
|
id, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: new retained id: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.RetainedIdentities.INSERT(
|
||||||
|
table.RetainedIdentities.RetainedID, table.RetainedIdentities.AccountID,
|
||||||
|
table.RetainedIdentities.Kind, table.RetainedIdentities.ExternalID,
|
||||||
|
table.RetainedIdentities.Confirmed, table.RetainedIdentities.LinkedAt,
|
||||||
|
table.RetainedIdentities.Reason,
|
||||||
|
).VALUES(id, accountID, kind, externalID, confirmed, linkedAt, reason)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("account: retain identity (%s, %s): %w", kind, externalID, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// StampLastLogin records the account's last cold-load time and client IP, but only when
|
||||||
|
// the stored value is missing or older than an hour — so it costs at most one write per
|
||||||
|
// account per hour (its caller, the profile fetch, runs once per cold app-load). It is a
|
||||||
|
// best-effort audit signal that feeds the account-deletion dossier.
|
||||||
|
func (s *Store) StampLastLogin(ctx context.Context, accountID uuid.UUID, ip string) error {
|
||||||
|
now := time.Now().UTC()
|
||||||
|
upd := table.Accounts.UPDATE(table.Accounts.LastLoginAt, table.Accounts.LastLoginIP).
|
||||||
|
SET(postgres.TimestampzT(now), postgres.String(ip)).
|
||||||
|
WHERE(
|
||||||
|
table.Accounts.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(
|
||||||
|
table.Accounts.LastLoginAt.IS_NULL().
|
||||||
|
OR(table.Accounts.LastLoginAt.LT(postgres.TimestampzT(now.Add(-time.Hour)))),
|
||||||
|
),
|
||||||
|
)
|
||||||
|
if _, err := upd.ExecContext(ctx, s.db); err != nil {
|
||||||
|
return fmt.Errorf("account: stamp last login %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReapExpiredRetention purges retention data whose event is older than cutoff: every
|
||||||
|
// retained_identities row by its detached_at (covering unlink/change on live accounts as
|
||||||
|
// well as deleted ones), plus — for accounts tombstoned before cutoff — the retained
|
||||||
|
// feedback thread and the dossier PII (deleted_display_name, last_login_ip). Chat is kept
|
||||||
|
// (a shared game artifact), and the tombstone account row itself stays (its no-cascade
|
||||||
|
// foreign keys). It returns how many journal rows and feedback messages were removed.
|
||||||
|
func (s *Store) ReapExpiredRetention(ctx context.Context, cutoff time.Time) (identities, feedback int64, err error) {
|
||||||
|
cut := postgres.TimestampzT(cutoff)
|
||||||
|
delJournal := table.RetainedIdentities.DELETE().
|
||||||
|
WHERE(table.RetainedIdentities.DetachedAt.LT(cut))
|
||||||
|
res, err := delJournal.ExecContext(ctx, s.db)
|
||||||
|
if err != nil {
|
||||||
|
return 0, 0, fmt.Errorf("account: reap retained identities: %w", err)
|
||||||
|
}
|
||||||
|
identities, _ = res.RowsAffected()
|
||||||
|
|
||||||
|
expired := postgres.SELECT(table.Accounts.AccountID).
|
||||||
|
FROM(table.Accounts).
|
||||||
|
WHERE(table.Accounts.DeletedAt.IS_NOT_NULL().AND(table.Accounts.DeletedAt.LT(cut)))
|
||||||
|
delFeedback := table.FeedbackMessages.DELETE().
|
||||||
|
WHERE(table.FeedbackMessages.AccountID.IN(expired))
|
||||||
|
fbRes, err := delFeedback.ExecContext(ctx, s.db)
|
||||||
|
if err != nil {
|
||||||
|
return identities, 0, fmt.Errorf("account: reap deleted feedback: %w", err)
|
||||||
|
}
|
||||||
|
feedback, _ = fbRes.RowsAffected()
|
||||||
|
|
||||||
|
clearPII := table.Accounts.UPDATE(table.Accounts.DeletedDisplayName, table.Accounts.LastLoginIP).
|
||||||
|
SET(postgres.NULL, postgres.NULL).
|
||||||
|
WHERE(
|
||||||
|
table.Accounts.DeletedAt.IS_NOT_NULL().
|
||||||
|
AND(table.Accounts.DeletedAt.LT(cut)).
|
||||||
|
AND(table.Accounts.DeletedDisplayName.IS_NOT_NULL().
|
||||||
|
OR(table.Accounts.LastLoginIP.IS_NOT_NULL())),
|
||||||
|
)
|
||||||
|
if _, err := clearPII.ExecContext(ctx, s.db); err != nil {
|
||||||
|
return identities, feedback, fmt.Errorf("account: clear expired dossier PII: %w", err)
|
||||||
|
}
|
||||||
|
return identities, feedback, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetainedIdentity is one row of the retention journal, for the admin dossier.
|
||||||
|
type RetainedIdentity struct {
|
||||||
|
Kind string
|
||||||
|
ExternalID string
|
||||||
|
Reason string
|
||||||
|
Confirmed bool
|
||||||
|
LinkedAt time.Time
|
||||||
|
DetachedAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetainedIdentities returns the account's retention-journal rows (the legal dossier of
|
||||||
|
// detached credentials), newest detach first, for the admin console.
|
||||||
|
func (s *Store) RetainedIdentities(ctx context.Context, accountID uuid.UUID) ([]RetainedIdentity, error) {
|
||||||
|
var rows []model.RetainedIdentities
|
||||||
|
err := postgres.SELECT(table.RetainedIdentities.AllColumns).
|
||||||
|
FROM(table.RetainedIdentities).
|
||||||
|
WHERE(table.RetainedIdentities.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
ORDER_BY(table.RetainedIdentities.DetachedAt.DESC()).
|
||||||
|
QueryContext(ctx, s.db, &rows)
|
||||||
|
if err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return nil, fmt.Errorf("account: retained identities %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
out := make([]RetainedIdentity, 0, len(rows))
|
||||||
|
for _, r := range rows {
|
||||||
|
out = append(out, RetainedIdentity{
|
||||||
|
Kind: r.Kind, ExternalID: r.ExternalID, Reason: r.Reason,
|
||||||
|
Confirmed: r.Confirmed, LinkedAt: r.LinkedAt, DetachedAt: r.DetachedAt,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
return out, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeletionInfo is a tombstoned account's dossier header, for the admin console.
|
||||||
|
type DeletionInfo struct {
|
||||||
|
DeletedAt *time.Time
|
||||||
|
DeletedDisplayName string
|
||||||
|
LastLoginAt *time.Time
|
||||||
|
LastLoginIP string
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeletionInfo reads the account's deletion tombstone + last-login dossier fields.
|
||||||
|
func (s *Store) DeletionInfo(ctx context.Context, accountID uuid.UUID) (DeletionInfo, error) {
|
||||||
|
var row model.Accounts
|
||||||
|
err := postgres.SELECT(
|
||||||
|
table.Accounts.DeletedAt, table.Accounts.DeletedDisplayName,
|
||||||
|
table.Accounts.LastLoginAt, table.Accounts.LastLoginIP,
|
||||||
|
).FROM(table.Accounts).
|
||||||
|
WHERE(table.Accounts.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
QueryContext(ctx, s.db, &row)
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return DeletionInfo{}, ErrNotFound
|
||||||
|
}
|
||||||
|
return DeletionInfo{}, fmt.Errorf("account: deletion info %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
info := DeletionInfo{DeletedAt: row.DeletedAt, LastLoginAt: row.LastLoginAt}
|
||||||
|
if row.DeletedDisplayName != nil {
|
||||||
|
info.DeletedDisplayName = *row.DeletedDisplayName
|
||||||
|
}
|
||||||
|
if row.LastLoginIP != nil {
|
||||||
|
info.LastLoginIP = *row.LastLoginIP
|
||||||
|
}
|
||||||
|
return info, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetentionReaper periodically purges expired account-deletion retention data via
|
||||||
|
// Store.ReapExpiredRetention, mirroring GuestReaper: one background goroutine started once
|
||||||
|
// from main.
|
||||||
|
type RetentionReaper struct {
|
||||||
|
store *Store
|
||||||
|
ttl time.Duration
|
||||||
|
clock func() time.Time
|
||||||
|
log *zap.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewRetentionReaper constructs a reaper purging retention data older than ttl. log may be
|
||||||
|
// nil.
|
||||||
|
func NewRetentionReaper(store *Store, ttl time.Duration, log *zap.Logger) *RetentionReaper {
|
||||||
|
if log == nil {
|
||||||
|
log = zap.NewNop()
|
||||||
|
}
|
||||||
|
return &RetentionReaper{
|
||||||
|
store: store,
|
||||||
|
ttl: ttl,
|
||||||
|
clock: func() time.Time { return time.Now().UTC() },
|
||||||
|
log: log,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run purges expired retention data on each tick until ctx is cancelled.
|
||||||
|
func (r *RetentionReaper) Run(ctx context.Context, interval time.Duration) {
|
||||||
|
ticker := time.NewTicker(interval)
|
||||||
|
defer ticker.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-ticker.C:
|
||||||
|
idn, fb, err := r.store.ReapExpiredRetention(ctx, r.clock().Add(-r.ttl))
|
||||||
|
if err != nil {
|
||||||
|
r.log.Warn("retention reap failed", zap.Error(err))
|
||||||
|
} else if idn > 0 || fb > 0 {
|
||||||
|
r.log.Info("reaped expired retention", zap.Int64("identities", idn), zap.Int64("feedback", fb))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -19,6 +19,9 @@ type UserListItem struct {
|
|||||||
PreferredLanguage string
|
PreferredLanguage string
|
||||||
IsGuest bool
|
IsGuest bool
|
||||||
IsRobot bool
|
IsRobot bool
|
||||||
|
// IsDeleted marks a tombstoned account (deleted_at set), shown as a badge — a search
|
||||||
|
// spans both lists, so a result can be either live or deleted.
|
||||||
|
IsDeleted bool
|
||||||
// FlaggedHighRateAt is the soft high-rate marker (zero when unflagged), shown
|
// FlaggedHighRateAt is the soft high-rate marker (zero when unflagged), shown
|
||||||
// as a badge in the console list.
|
// as a badge in the console list.
|
||||||
FlaggedHighRateAt time.Time
|
FlaggedHighRateAt time.Time
|
||||||
@@ -26,13 +29,17 @@ type UserListItem struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// UserFilter narrows the admin user list: Robots selects robot accounts (otherwise the
|
// UserFilter narrows the admin user list: Robots selects robot accounts (otherwise the
|
||||||
// non-robot "people"); NameMask and ExternalIDMask are glob masks ('*' = any run, '?' =
|
// non-robot "people"); Deleted selects tombstoned accounts (every other scope hides them);
|
||||||
// one char) matched case-insensitively against the display name / any identity's external
|
// NameMask and ExternalIDMask are glob masks ('*' = any run, '?' = one char) matched
|
||||||
// id. An empty mask means no filter on that field.
|
// case-insensitively against the display name / any identity's external id; EmailExact is a
|
||||||
|
// strict (exact) match against an account's email identity. An empty value means no filter
|
||||||
|
// on that field.
|
||||||
type UserFilter struct {
|
type UserFilter struct {
|
||||||
Robots bool
|
Robots bool
|
||||||
|
Deleted bool
|
||||||
NameMask string
|
NameMask string
|
||||||
ExternalIDMask string
|
ExternalIDMask string
|
||||||
|
EmailExact string
|
||||||
}
|
}
|
||||||
|
|
||||||
// robotExists is the correlated subquery testing whether account a is a robot.
|
// robotExists is the correlated subquery testing whether account a is a robot.
|
||||||
@@ -51,17 +58,42 @@ func (s *Store) IsRobot(ctx context.Context, accountID uuid.UUID) (bool, error)
|
|||||||
return ok, nil
|
return ok, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// userListWhere builds the shared WHERE clause and its positional args (from $1).
|
// userListWhere builds the shared WHERE clause and its positional args (from $1). On the
|
||||||
|
// Robots tab it lists/searches robots only. Otherwise a search (any of the name /
|
||||||
|
// external-id / email filters) spans live and deleted people alike — never robots — so the
|
||||||
|
// operator finds a match from one query regardless of the People / Deleted tab; the search
|
||||||
|
// also looks in the retention journal, so a deleted account is still found by the email /
|
||||||
|
// external id it held (those rows moved from identities to retained_identities on deletion)
|
||||||
|
// and by its retained real name. With no search, the People / Deleted tab scope applies.
|
||||||
func userListWhere(f UserFilter) (string, []any) {
|
func userListWhere(f UserFilter) (string, []any) {
|
||||||
args := []any{f.Robots}
|
name := LikePattern(f.NameMask)
|
||||||
where := robotExists + ` = $1`
|
ext := LikePattern(f.ExternalIDMask)
|
||||||
if name := LikePattern(f.NameMask); name != "" {
|
email := strings.ToLower(strings.TrimSpace(f.EmailExact))
|
||||||
args = append(args, name)
|
searching := name != "" || ext != "" || email != ""
|
||||||
where += fmt.Sprintf(` AND a.display_name ILIKE $%d ESCAPE '\'`, len(args))
|
|
||||||
|
var args []any
|
||||||
|
var where string
|
||||||
|
switch {
|
||||||
|
case f.Robots:
|
||||||
|
where = robotExists + ` = true`
|
||||||
|
case searching:
|
||||||
|
where = robotExists + ` = false`
|
||||||
|
case f.Deleted:
|
||||||
|
where = robotExists + ` = false AND a.deleted_at IS NOT NULL`
|
||||||
|
default:
|
||||||
|
where = robotExists + ` = false AND a.deleted_at IS NULL`
|
||||||
}
|
}
|
||||||
if ext := LikePattern(f.ExternalIDMask); ext != "" {
|
if name != "" {
|
||||||
|
args = append(args, name)
|
||||||
|
where += fmt.Sprintf(` AND (a.display_name ILIKE $%d ESCAPE '\' OR a.deleted_display_name ILIKE $%d ESCAPE '\')`, len(args), len(args))
|
||||||
|
}
|
||||||
|
if ext != "" {
|
||||||
args = append(args, ext)
|
args = append(args, ext)
|
||||||
where += fmt.Sprintf(` AND EXISTS (SELECT 1 FROM backend.identities i WHERE i.account_id = a.account_id AND i.external_id ILIKE $%d ESCAPE '\')`, len(args))
|
where += fmt.Sprintf(` AND (EXISTS (SELECT 1 FROM backend.identities i WHERE i.account_id = a.account_id AND i.external_id ILIKE $%d ESCAPE '\') OR EXISTS (SELECT 1 FROM backend.retained_identities r WHERE r.account_id = a.account_id AND r.external_id ILIKE $%d ESCAPE '\'))`, len(args), len(args))
|
||||||
|
}
|
||||||
|
if email != "" {
|
||||||
|
args = append(args, email)
|
||||||
|
where += fmt.Sprintf(` AND (EXISTS (SELECT 1 FROM backend.identities i WHERE i.account_id = a.account_id AND i.kind = 'email' AND i.external_id = $%d) OR EXISTS (SELECT 1 FROM backend.retained_identities r WHERE r.account_id = a.account_id AND r.kind = 'email' AND r.external_id = $%d))`, len(args), len(args))
|
||||||
}
|
}
|
||||||
return where, args
|
return where, args
|
||||||
}
|
}
|
||||||
@@ -69,7 +101,7 @@ func userListWhere(f UserFilter) (string, []any) {
|
|||||||
// ListUsers returns the filtered admin user list, newest first, paginated.
|
// ListUsers returns the filtered admin user list, newest first, paginated.
|
||||||
func (s *Store) ListUsers(ctx context.Context, f UserFilter, limit, offset int) ([]UserListItem, error) {
|
func (s *Store) ListUsers(ctx context.Context, f UserFilter, limit, offset int) ([]UserListItem, error) {
|
||||||
where, args := userListWhere(f)
|
where, args := userListWhere(f)
|
||||||
q := `SELECT a.account_id, a.display_name, a.preferred_language, a.is_guest, a.flagged_high_rate_at, a.created_at, ` + robotExists + ` AS is_robot
|
q := `SELECT a.account_id, a.display_name, a.preferred_language, a.is_guest, a.flagged_high_rate_at, a.created_at, ` + robotExists + ` AS is_robot, (a.deleted_at IS NOT NULL) AS is_deleted
|
||||||
FROM backend.accounts a WHERE ` + where +
|
FROM backend.accounts a WHERE ` + where +
|
||||||
fmt.Sprintf(` ORDER BY a.created_at DESC LIMIT $%d OFFSET $%d`, len(args)+1, len(args)+2)
|
fmt.Sprintf(` ORDER BY a.created_at DESC LIMIT $%d OFFSET $%d`, len(args)+1, len(args)+2)
|
||||||
args = append(args, limit, offset)
|
args = append(args, limit, offset)
|
||||||
@@ -82,7 +114,7 @@ FROM backend.accounts a WHERE ` + where +
|
|||||||
for rows.Next() {
|
for rows.Next() {
|
||||||
var it UserListItem
|
var it UserListItem
|
||||||
var flagged sql.NullTime
|
var flagged sql.NullTime
|
||||||
if err := rows.Scan(&it.ID, &it.DisplayName, &it.PreferredLanguage, &it.IsGuest, &flagged, &it.CreatedAt, &it.IsRobot); err != nil {
|
if err := rows.Scan(&it.ID, &it.DisplayName, &it.PreferredLanguage, &it.IsGuest, &flagged, &it.CreatedAt, &it.IsRobot, &it.IsDeleted); err != nil {
|
||||||
return nil, fmt.Errorf("account: scan user: %w", err)
|
return nil, fmt.Errorf("account: scan user: %w", err)
|
||||||
}
|
}
|
||||||
if flagged.Valid {
|
if flagged.Valid {
|
||||||
|
|||||||
@@ -0,0 +1,223 @@
|
|||||||
|
// Package accountdelete deactivates an account as legal retention, not erasure: it keeps
|
||||||
|
// the account row as a tombstone (its chat/complaint foreign keys have no cascade, so a
|
||||||
|
// hard delete is impossible) while journalling and freeing the account's credentials,
|
||||||
|
// anonymising the live surfaces, and dropping the account's own social/ephemeral rows.
|
||||||
|
// The retained_identities journal plus the tombstone (deleted_at, deleted_display_name,
|
||||||
|
// last_login_at/ip) form the admin/legal dossier; messages are deliberately kept. Session
|
||||||
|
// revocation and active-game forfeit are orchestrated one layer up (they need the session
|
||||||
|
// cache and the game service). See docs/ARCHITECTURE.md §9.1 and the retention TTL reaper.
|
||||||
|
package accountdelete
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/go-jet/jet/v2/postgres"
|
||||||
|
"github.com/go-jet/jet/v2/qrm"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/model"
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
|
)
|
||||||
|
|
||||||
|
// AnonymizedName is the label a deleted account shows to opponents. Display names are
|
||||||
|
// stored strings resolved identically for every viewer (no per-viewer localisation in this
|
||||||
|
// codebase), so a single canonical label is used. The brackets are deliberate: the
|
||||||
|
// editable-name rule (account.displayNameRe) forbids them, so a live player can never set a
|
||||||
|
// name that impersonates a deleted account.
|
||||||
|
const AnonymizedName = "[Deleted]"
|
||||||
|
|
||||||
|
// retainDelete is the retained_identities reason written when a credential is journalled
|
||||||
|
// because its account is being deleted.
|
||||||
|
const retainDelete = "delete"
|
||||||
|
|
||||||
|
// Deleter performs the SQL-atomic part of account deletion over a Postgres handle.
|
||||||
|
type Deleter struct {
|
||||||
|
db *sql.DB
|
||||||
|
now func() time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDeleter constructs a Deleter over db.
|
||||||
|
func NewDeleter(db *sql.DB) *Deleter {
|
||||||
|
return &Deleter{db: db, now: func() time.Time { return time.Now().UTC() }}
|
||||||
|
}
|
||||||
|
|
||||||
|
// AnonymizeAndTombstone retires accountID atomically: it journals every live identity into
|
||||||
|
// retained_identities (reason=delete) then removes them so the credentials free for reuse,
|
||||||
|
// snapshots the real display name into deleted_display_name and scrubs the live one to
|
||||||
|
// AnonymizedName, sets deleted_at, anonymises the account's game-seat snapshots, and drops
|
||||||
|
// its friendships, blocks, invitations, friend codes, drafts and pending codes. Chat,
|
||||||
|
// feedback and complaints are kept (the surviving tombstone keeps their no-cascade foreign
|
||||||
|
// keys valid). It is idempotent-safe on an already-tombstoned account (re-journalling
|
||||||
|
// nothing, since the identities are already gone).
|
||||||
|
func (d *Deleter) AnonymizeAndTombstone(ctx context.Context, accountID uuid.UUID) error {
|
||||||
|
now := d.now()
|
||||||
|
return withTx(ctx, d.db, func(tx *sql.Tx) error {
|
||||||
|
if err := journalAndDropIdentities(ctx, tx, accountID, now); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := tombstone(ctx, tx, accountID, now); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if _, err := table.GamePlayers.UPDATE(table.GamePlayers.DisplayName).
|
||||||
|
SET(postgres.String(AnonymizedName)).
|
||||||
|
WHERE(table.GamePlayers.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: anonymise seats: %w", err)
|
||||||
|
}
|
||||||
|
return dropSocialAndEphemerals(ctx, tx, accountID)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// dropAllRobotGamesSQL deletes every game in which the account plays and no other seat is a
|
||||||
|
// human — a robot seat is one whose account holds a 'robot' identity, so this covers both
|
||||||
|
// honest vs-AI games and disguised auto-match substitutes. The game rows are deleted; their
|
||||||
|
// moves/chat/players/complaints fall away through ON DELETE CASCADE.
|
||||||
|
const dropAllRobotGamesSQL = `
|
||||||
|
DELETE FROM games g
|
||||||
|
WHERE EXISTS (
|
||||||
|
SELECT 1 FROM game_players p WHERE p.game_id = g.game_id AND p.account_id = $1
|
||||||
|
) AND NOT EXISTS (
|
||||||
|
SELECT 1 FROM game_players o
|
||||||
|
WHERE o.game_id = g.game_id AND o.account_id <> $1
|
||||||
|
AND NOT EXISTS (
|
||||||
|
SELECT 1 FROM identities i WHERE i.account_id = o.account_id AND i.kind = 'robot'
|
||||||
|
)
|
||||||
|
)`
|
||||||
|
|
||||||
|
// DropAllRobotGames deletes the account's games that have no human opponent (solo vs-AI or
|
||||||
|
// auto-match-robot games), returning how many were removed. Games with any human seat are
|
||||||
|
// kept — their seat is anonymised by AnonymizeAndTombstone instead. Run it after the
|
||||||
|
// account's active games are resigned, so no live game is removed under the robot driver.
|
||||||
|
func (d *Deleter) DropAllRobotGames(ctx context.Context, accountID uuid.UUID) (int64, error) {
|
||||||
|
res, err := d.db.ExecContext(ctx, dropAllRobotGamesSQL, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("accountdelete: drop all-robot games: %w", err)
|
||||||
|
}
|
||||||
|
n, err := res.RowsAffected()
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("accountdelete: dropped games count: %w", err)
|
||||||
|
}
|
||||||
|
return n, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// journalAndDropIdentities copies the account's live identities into the retention journal
|
||||||
|
// (reason=delete) and then removes them, freeing each (kind, external_id) for reuse.
|
||||||
|
func journalAndDropIdentities(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, now time.Time) error {
|
||||||
|
var ids []model.Identities
|
||||||
|
err := postgres.SELECT(table.Identities.AllColumns).
|
||||||
|
FROM(table.Identities).
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
QueryContext(ctx, tx, &ids)
|
||||||
|
if err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return fmt.Errorf("accountdelete: load identities: %w", err)
|
||||||
|
}
|
||||||
|
for _, id := range ids {
|
||||||
|
rid, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: new retained id: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.RetainedIdentities.INSERT(
|
||||||
|
table.RetainedIdentities.RetainedID, table.RetainedIdentities.AccountID,
|
||||||
|
table.RetainedIdentities.Kind, table.RetainedIdentities.ExternalID,
|
||||||
|
table.RetainedIdentities.Confirmed, table.RetainedIdentities.LinkedAt,
|
||||||
|
table.RetainedIdentities.DetachedAt, table.RetainedIdentities.Reason,
|
||||||
|
).VALUES(rid, accountID, id.Kind, id.ExternalID, id.Confirmed, id.CreatedAt, now, retainDelete)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: retain identity %s: %w", id.Kind, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if _, err := table.Identities.DELETE().
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete identities: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// tombstone marks the account deleted, snapshotting the real display name into
|
||||||
|
// deleted_display_name (evaluated from the old row) before scrubbing the live one.
|
||||||
|
func tombstone(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, now time.Time) error {
|
||||||
|
upd := table.Accounts.UPDATE(
|
||||||
|
table.Accounts.DeletedAt, table.Accounts.DeletedDisplayName,
|
||||||
|
table.Accounts.DisplayName, table.Accounts.UpdatedAt,
|
||||||
|
).SET(
|
||||||
|
postgres.TimestampzT(now), table.Accounts.DisplayName,
|
||||||
|
postgres.String(AnonymizedName), postgres.TimestampzT(now),
|
||||||
|
).WHERE(table.Accounts.AccountID.EQ(postgres.UUID(accountID)))
|
||||||
|
if _, err := upd.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: tombstone account: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// dropSocialAndEphemerals removes the account's own friendships, blocks, invitations
|
||||||
|
// (as inviter and as invitee), friend codes, drafts and pending confirm-codes. These are
|
||||||
|
// the deleting user's private data with no dossier value; chat and feedback are kept.
|
||||||
|
func dropSocialAndEphemerals(ctx context.Context, tx *sql.Tx, accountID uuid.UUID) error {
|
||||||
|
id := postgres.UUID(accountID)
|
||||||
|
// Friendships and blocks are two-account edges keyed on either endpoint.
|
||||||
|
if _, err := table.Friendships.DELETE().
|
||||||
|
WHERE(table.Friendships.RequesterID.EQ(id).OR(table.Friendships.AddresseeID.EQ(id))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete friendships: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.Blocks.DELETE().
|
||||||
|
WHERE(table.Blocks.BlockerID.EQ(id).OR(table.Blocks.BlockedID.EQ(id))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete blocks: %w", err)
|
||||||
|
}
|
||||||
|
// Invitations: drop the account's invitee rows, then its own invitations' invitees and
|
||||||
|
// the invitations themselves (children first, to respect the foreign key).
|
||||||
|
if _, err := table.GameInvitationInvitees.DELETE().
|
||||||
|
WHERE(table.GameInvitationInvitees.AccountID.EQ(id)).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete invitee rows: %w", err)
|
||||||
|
}
|
||||||
|
ownInvitations := postgres.SELECT(table.GameInvitations.InvitationID).
|
||||||
|
FROM(table.GameInvitations).
|
||||||
|
WHERE(table.GameInvitations.InviterID.EQ(id))
|
||||||
|
if _, err := table.GameInvitationInvitees.DELETE().
|
||||||
|
WHERE(table.GameInvitationInvitees.InvitationID.IN(ownInvitations)).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete own invitation invitees: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.GameInvitations.DELETE().
|
||||||
|
WHERE(table.GameInvitations.InviterID.EQ(id)).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete invitations: %w", err)
|
||||||
|
}
|
||||||
|
// Ephemerals: friend codes, move drafts, pending confirm-codes.
|
||||||
|
if _, err := table.FriendCodes.DELETE().
|
||||||
|
WHERE(table.FriendCodes.AccountID.EQ(id)).ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete friend codes: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.GameDrafts.DELETE().
|
||||||
|
WHERE(table.GameDrafts.AccountID.EQ(id)).ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete drafts: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.EmailConfirmations.DELETE().
|
||||||
|
WHERE(table.EmailConfirmations.AccountID.EQ(id)).ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete confirmations: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// withTx runs fn inside a transaction, committing on success and rolling back on error.
|
||||||
|
func withTx(ctx context.Context, db *sql.DB, fn func(tx *sql.Tx) error) error {
|
||||||
|
tx, err := db.BeginTx(ctx, nil)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: begin tx: %w", err)
|
||||||
|
}
|
||||||
|
if err := fn(tx); err != nil {
|
||||||
|
_ = tx.Rollback()
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := tx.Commit(); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: commit tx: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -27,6 +27,11 @@ import (
|
|||||||
// without taking a dependency on the game package.
|
// without taking a dependency on the game package.
|
||||||
const statusActive = "active"
|
const statusActive = "active"
|
||||||
|
|
||||||
|
// retainReasonMerge is the retained_identities.reason for a credential dropped by a merge
|
||||||
|
// collision (both accounts held the same kind). It mirrors the account package's retain
|
||||||
|
// reasons, kept local to avoid importing that package's unexported constants.
|
||||||
|
const retainReasonMerge = "merge"
|
||||||
|
|
||||||
// Friendship statuses, highest precedence first, mirroring internal/social.
|
// Friendship statuses, highest precedence first, mirroring internal/social.
|
||||||
const (
|
const (
|
||||||
friendAccepted = "accepted"
|
friendAccepted = "accepted"
|
||||||
@@ -46,8 +51,24 @@ var ErrSameAccount = errors.New("accountmerge: primary and secondary are the sam
|
|||||||
type Merger struct {
|
type Merger struct {
|
||||||
db *sql.DB
|
db *sql.DB
|
||||||
now func() time.Time
|
now func() time.Time
|
||||||
|
// payments, when set, merges the two accounts' chip segments and benefits by origin inside
|
||||||
|
// the merge transaction (SetPayments). Nil leaves payments untouched (tests that do not
|
||||||
|
// exercise the wallet).
|
||||||
|
payments PaymentsMerger
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PaymentsMerger is the payments surface the account merge enlists: fold the secondary's
|
||||||
|
// segments and benefits into the primary within the merge transaction, then invalidate the
|
||||||
|
// affected read caches after the commit. *payments.Service satisfies it.
|
||||||
|
type PaymentsMerger interface {
|
||||||
|
MergeTx(ctx context.Context, tx *sql.Tx, primary, secondary uuid.UUID) error
|
||||||
|
Invalidate(ids ...uuid.UUID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetPayments installs the payments merge hook. It must be called during startup wiring; the
|
||||||
|
// default (nil) merges no wallet state.
|
||||||
|
func (m *Merger) SetPayments(p PaymentsMerger) { m.payments = p }
|
||||||
|
|
||||||
// NewMerger constructs a Merger over db.
|
// NewMerger constructs a Merger over db.
|
||||||
func NewMerger(db *sql.DB) *Merger {
|
func NewMerger(db *sql.DB) *Merger {
|
||||||
return &Merger{db: db, now: func() time.Time { return time.Now().UTC() }}
|
return &Merger{db: db, now: func() time.Time { return time.Now().UTC() }}
|
||||||
@@ -62,7 +83,7 @@ func (m *Merger) Merge(ctx context.Context, primary, secondary uuid.UUID) error
|
|||||||
return ErrSameAccount
|
return ErrSameAccount
|
||||||
}
|
}
|
||||||
now := m.now()
|
now := m.now()
|
||||||
return withTx(ctx, m.db, func(tx *sql.Tx) error {
|
if err := withTx(ctx, m.db, func(tx *sql.Tx) error {
|
||||||
if err := guardActiveSharedGame(ctx, tx, primary, secondary); err != nil {
|
if err := guardActiveSharedGame(ctx, tx, primary, secondary); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -75,6 +96,9 @@ func (m *Merger) Merge(ctx context.Context, primary, secondary uuid.UUID) error
|
|||||||
if err := mergeAccountFields(ctx, tx, primary, secondary, now); err != nil {
|
if err := mergeAccountFields(ctx, tx, primary, secondary, now); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := dedupeIdentities(ctx, tx, primary, secondary); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err := reassignColumn(ctx, tx, table.Identities, table.Identities.AccountID, primary, secondary); err != nil {
|
if err := reassignColumn(ctx, tx, table.Identities, table.Identities.AccountID, primary, secondary); err != nil {
|
||||||
return fmt.Errorf("accountmerge: identities: %w", err)
|
return fmt.Errorf("accountmerge: identities: %w", err)
|
||||||
}
|
}
|
||||||
@@ -99,8 +123,21 @@ func (m *Merger) Merge(ctx context.Context, primary, secondary uuid.UUID) error
|
|||||||
if err := deleteEphemerals(ctx, tx, secondary); err != nil {
|
if err := deleteEphemerals(ctx, tx, secondary); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if m.payments != nil {
|
||||||
|
if err := m.payments.MergeTx(ctx, tx, primary, secondary); err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: payments: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
return tombstone(ctx, tx, primary, secondary, now)
|
return tombstone(ctx, tx, primary, secondary, now)
|
||||||
})
|
}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// The payments read cache is invalidated only after the merge commits, so a read racing the
|
||||||
|
// transaction cannot re-cache pre-merge state (both accounts' rows are moved or dropped).
|
||||||
|
if m.payments != nil {
|
||||||
|
m.payments.Invalidate(primary, secondary)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// guardActiveSharedGame returns ErrActiveGameConflict when primary and secondary
|
// guardActiveSharedGame returns ErrActiveGameConflict when primary and secondary
|
||||||
@@ -240,25 +277,16 @@ func mergeBestMoves(ctx context.Context, tx *sql.Tx, primary, secondary uuid.UUI
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// mergeAccountFields adds secondary's hint wallet to primary and ORs the paid flag;
|
// mergeAccountFields bumps the primary account's updated_at to reflect the merge. The former
|
||||||
// all other profile fields stay the primary's.
|
// hint-wallet and paid-flag merge moved to the payments domain, where segments and benefits
|
||||||
func mergeAccountFields(ctx context.Context, tx *sql.Tx, primary, secondary uuid.UUID, now time.Time) error {
|
// merge by origin (see the payments MergeTx step and docs/PAYMENTS.md §6); the legacy
|
||||||
var sec model.Accounts
|
// accounts.hint_balance / paid_account columns are deprecated and no longer read or written.
|
||||||
if err := postgres.SELECT(table.Accounts.AllColumns).
|
func mergeAccountFields(ctx context.Context, tx *sql.Tx, primary, _ uuid.UUID, now time.Time) error {
|
||||||
FROM(table.Accounts).
|
upd := table.Accounts.UPDATE(table.Accounts.UpdatedAt).
|
||||||
WHERE(table.Accounts.AccountID.EQ(postgres.UUID(secondary))).
|
SET(postgres.TimestampzT(now)).
|
||||||
QueryContext(ctx, tx, &sec); err != nil {
|
WHERE(table.Accounts.AccountID.EQ(postgres.UUID(primary)))
|
||||||
return fmt.Errorf("accountmerge: load secondary account: %w", err)
|
|
||||||
}
|
|
||||||
upd := table.Accounts.UPDATE(
|
|
||||||
table.Accounts.HintBalance, table.Accounts.PaidAccount, table.Accounts.UpdatedAt,
|
|
||||||
).SET(
|
|
||||||
table.Accounts.HintBalance.ADD(postgres.Int(int64(sec.HintBalance))),
|
|
||||||
table.Accounts.PaidAccount.OR(postgres.Bool(sec.PaidAccount)),
|
|
||||||
postgres.TimestampzT(now),
|
|
||||||
).WHERE(table.Accounts.AccountID.EQ(postgres.UUID(primary)))
|
|
||||||
if _, err := upd.ExecContext(ctx, tx); err != nil {
|
if _, err := upd.ExecContext(ctx, tx); err != nil {
|
||||||
return fmt.Errorf("accountmerge: update primary account: %w", err)
|
return fmt.Errorf("accountmerge: touch primary account: %w", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@@ -300,6 +328,77 @@ func reassignColumn(ctx context.Context, tx *sql.Tx, tbl postgres.Table, col pos
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// dedupeIdentities resolves a same-kind identity collision before the blanket identity
|
||||||
|
// reassign: when both accounts already hold an identity of the same kind (e.g. each has a
|
||||||
|
// confirmed email — reachable when two email-bearing accounts merge), the primary keeps
|
||||||
|
// its own and the secondary's is journaled to retained_identities (reason=merge) and
|
||||||
|
// removed. Without this the blanket reassign would leave the survivor with two identities
|
||||||
|
// of one kind (there is no per-account-kind unique on identities), which the profile and
|
||||||
|
// the retention dossier both treat as singular. Non-colliding identities are untouched and
|
||||||
|
// move with the blanket reassign.
|
||||||
|
func dedupeIdentities(ctx context.Context, tx *sql.Tx, primary, secondary uuid.UUID) error {
|
||||||
|
var prows []model.Identities
|
||||||
|
if err := postgres.SELECT(table.Identities.Kind).
|
||||||
|
FROM(table.Identities).
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(primary))).
|
||||||
|
QueryContext(ctx, tx, &prows); err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return fmt.Errorf("accountmerge: primary identity kinds: %w", err)
|
||||||
|
}
|
||||||
|
occupied := make(map[string]struct{}, len(prows))
|
||||||
|
for _, r := range prows {
|
||||||
|
occupied[r.Kind] = struct{}{}
|
||||||
|
}
|
||||||
|
if len(occupied) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
var srows []model.Identities
|
||||||
|
if err := postgres.SELECT(
|
||||||
|
table.Identities.Kind, table.Identities.ExternalID,
|
||||||
|
table.Identities.Confirmed, table.Identities.CreatedAt,
|
||||||
|
).FROM(table.Identities).
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(secondary))).
|
||||||
|
QueryContext(ctx, tx, &srows); err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return fmt.Errorf("accountmerge: secondary identities: %w", err)
|
||||||
|
}
|
||||||
|
for _, s := range srows {
|
||||||
|
if _, dup := occupied[s.Kind]; !dup {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if err := retainMergedIdentity(ctx, tx, secondary, s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
del := table.Identities.DELETE().WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(secondary)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(s.Kind))).
|
||||||
|
AND(table.Identities.ExternalID.EQ(postgres.String(s.ExternalID))),
|
||||||
|
)
|
||||||
|
if _, err := del.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: drop colliding %s identity: %w", s.Kind, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// retainMergedIdentity appends a retained_identities row for a secondary identity dropped
|
||||||
|
// by a merge collision (reason=merge), preserving it in the legal dossier. It mirrors
|
||||||
|
// account.retainIdentityTx, which is unexported; detached_at falls to the column default.
|
||||||
|
func retainMergedIdentity(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, id model.Identities) error {
|
||||||
|
rid, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: new retained id: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.RetainedIdentities.INSERT(
|
||||||
|
table.RetainedIdentities.RetainedID, table.RetainedIdentities.AccountID,
|
||||||
|
table.RetainedIdentities.Kind, table.RetainedIdentities.ExternalID,
|
||||||
|
table.RetainedIdentities.Confirmed, table.RetainedIdentities.LinkedAt,
|
||||||
|
table.RetainedIdentities.Reason,
|
||||||
|
).VALUES(rid, accountID, id.Kind, id.ExternalID, id.Confirmed, id.CreatedAt, retainReasonMerge)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: retain merged %s identity: %w", id.Kind, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// friendRank ranks a friendship status for dedupe precedence (higher wins).
|
// friendRank ranks a friendship status for dedupe precedence (higher wins).
|
||||||
func friendRank(status string) int {
|
func friendRank(status string) int {
|
||||||
switch status {
|
switch status {
|
||||||
|
|||||||
@@ -0,0 +1,115 @@
|
|||||||
|
// Package adminalert emails the operator when new player feedback or word complaints
|
||||||
|
// arrive, coalescing a burst into a single digest per interval so a flood is one email,
|
||||||
|
// not N. It is inert unless an admin sender and recipient are configured. The sender is
|
||||||
|
// distinct from the user-facing confirm-code From, and the recipient may be several
|
||||||
|
// comma-separated addresses (the mailer splits them).
|
||||||
|
package adminalert
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
)
|
||||||
|
|
||||||
|
// FeedbackCounter counts feedback created since a time (satisfied by feedback.Service).
|
||||||
|
type FeedbackCounter interface {
|
||||||
|
CountSince(ctx context.Context, since time.Time) (int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ComplaintCounter counts word complaints filed since a time (satisfied by game.Service).
|
||||||
|
type ComplaintCounter interface {
|
||||||
|
CountComplaintsSince(ctx context.Context, since time.Time) (int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Notifier polls for new feedback and complaints and emails the operator a digest.
|
||||||
|
type Notifier struct {
|
||||||
|
mailer account.Mailer
|
||||||
|
feedback FeedbackCounter
|
||||||
|
complaints ComplaintCounter
|
||||||
|
from string
|
||||||
|
to string
|
||||||
|
clock func() time.Time
|
||||||
|
log *zap.Logger
|
||||||
|
last time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// New constructs a Notifier. from and to are the alert sender and recipient(s); log may be
|
||||||
|
// nil. The watermark starts at "now", so only items arriving after start-up are reported. The
|
||||||
|
// digest deliberately carries no admin-console link — an admin URL must never travel in an
|
||||||
|
// email, where a mail provider could cache or index it.
|
||||||
|
func New(mailer account.Mailer, fb FeedbackCounter, cp ComplaintCounter, from, to string, log *zap.Logger) *Notifier {
|
||||||
|
if log == nil {
|
||||||
|
log = zap.NewNop()
|
||||||
|
}
|
||||||
|
return &Notifier{
|
||||||
|
mailer: mailer, feedback: fb, complaints: cp, from: from, to: to,
|
||||||
|
clock: func() time.Time { return time.Now().UTC() }, log: log, last: time.Now().UTC(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run polls on each tick until ctx is cancelled.
|
||||||
|
func (n *Notifier) Run(ctx context.Context, interval time.Duration) {
|
||||||
|
ticker := time.NewTicker(interval)
|
||||||
|
defer ticker.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-ticker.C:
|
||||||
|
n.tick(ctx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// tick counts what arrived since the last watermark and, if anything did, emails one
|
||||||
|
// digest. The watermark only advances after a successful send (or a quiet tick), so a
|
||||||
|
// transient send failure is retried on the next tick — the counts simply grow.
|
||||||
|
func (n *Notifier) tick(ctx context.Context) {
|
||||||
|
now := n.clock()
|
||||||
|
fb, err := n.feedback.CountSince(ctx, n.last)
|
||||||
|
if err != nil {
|
||||||
|
n.log.Warn("admin alert: count feedback failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
cp, err := n.complaints.CountComplaintsSince(ctx, n.last)
|
||||||
|
if err != nil {
|
||||||
|
n.log.Warn("admin alert: count complaints failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if fb == 0 && cp == 0 {
|
||||||
|
n.last = now
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := n.mailer.Send(ctx, n.digest(fb, cp)); err != nil {
|
||||||
|
n.log.Warn("admin alert: send failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
n.log.Info("admin alert sent", zap.Int("feedback", fb), zap.Int("complaints", cp))
|
||||||
|
n.last = now
|
||||||
|
}
|
||||||
|
|
||||||
|
// digest builds the operator alert email for fb new feedback and cp new complaints.
|
||||||
|
func (n *Notifier) digest(fb, cp int) account.Message {
|
||||||
|
var parts []string
|
||||||
|
if fb > 0 {
|
||||||
|
parts = append(parts, fmt.Sprintf("%d new feedback message(s)", fb))
|
||||||
|
}
|
||||||
|
if cp > 0 {
|
||||||
|
parts = append(parts, fmt.Sprintf("%d new word complaint(s)", cp))
|
||||||
|
}
|
||||||
|
summary := strings.Join(parts, ", ")
|
||||||
|
// No admin-console link in the body: an admin URL must never travel in an email (a mail
|
||||||
|
// provider could cache or index it). The operator opens the console directly.
|
||||||
|
text := summary + "."
|
||||||
|
return account.Message{
|
||||||
|
From: n.from,
|
||||||
|
To: n.to,
|
||||||
|
Subject: "Erudit — " + summary,
|
||||||
|
Text: text,
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,57 @@
|
|||||||
|
package adminalert
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
)
|
||||||
|
|
||||||
|
// The fakes ignore the watermark and return a fixed count, which is all the digest logic
|
||||||
|
// needs.
|
||||||
|
type fbCounter struct{ n int }
|
||||||
|
|
||||||
|
func (f fbCounter) CountSince(context.Context, time.Time) (int, error) { return f.n, nil }
|
||||||
|
|
||||||
|
type cpCounter struct{ n int }
|
||||||
|
|
||||||
|
func (c cpCounter) CountComplaintsSince(context.Context, time.Time) (int, error) { return c.n, nil }
|
||||||
|
|
||||||
|
type recordingMailer struct{ sent []account.Message }
|
||||||
|
|
||||||
|
func (m *recordingMailer) Send(_ context.Context, msg account.Message) error {
|
||||||
|
m.sent = append(m.sent, msg)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNotifierSkipsWhenNothingNew(t *testing.T) {
|
||||||
|
mailer := &recordingMailer{}
|
||||||
|
n := New(mailer, fbCounter{0}, cpCounter{0}, "alerts@erudit-game.ru", "op@x.ru", nil)
|
||||||
|
n.tick(context.Background())
|
||||||
|
if len(mailer.sent) != 0 {
|
||||||
|
t.Fatalf("sent %d emails, want 0 when nothing is new", len(mailer.sent))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNotifierDigestsNewItems(t *testing.T) {
|
||||||
|
mailer := &recordingMailer{}
|
||||||
|
n := New(mailer, fbCounter{2}, cpCounter{1}, "alerts@erudit-game.ru", "op@x.ru, two@x.ru", nil)
|
||||||
|
n.tick(context.Background())
|
||||||
|
if len(mailer.sent) != 1 {
|
||||||
|
t.Fatalf("sent %d emails, want 1 digest", len(mailer.sent))
|
||||||
|
}
|
||||||
|
msg := mailer.sent[0]
|
||||||
|
if msg.From != "alerts@erudit-game.ru" || msg.To != "op@x.ru, two@x.ru" {
|
||||||
|
t.Errorf("digest addressing = From %q To %q", msg.From, msg.To)
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Subject, "2 new feedback") || !strings.Contains(msg.Subject, "1 new word complaint") {
|
||||||
|
t.Errorf("digest subject = %q, want the feedback + complaint counts", msg.Subject)
|
||||||
|
}
|
||||||
|
// The digest must never carry an admin-console link — an admin URL in an email is a leak
|
||||||
|
// (mail providers cache/index it).
|
||||||
|
if strings.Contains(msg.Text, "/_gm") || strings.Contains(strings.ToLower(msg.Text), "admin console") {
|
||||||
|
t.Errorf("digest body = %q, must not carry an admin-console link", msg.Text)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -193,3 +193,24 @@ code { background: var(--bg); padding: 0.05rem 0.3rem; border-radius: 4px; }
|
|||||||
.replay-log { margin: 0.4rem 0 0; padding-left: 1.4rem; max-height: 14rem; overflow: auto; font-size: 0.85rem; }
|
.replay-log { margin: 0.4rem 0 0; padding-left: 1.4rem; max-height: 14rem; overflow: auto; font-size: 0.85rem; }
|
||||||
.replay-log li { color: var(--ink-dim); padding: 0.1rem 0; }
|
.replay-log li { color: var(--ink-dim); padding: 0.1rem 0; }
|
||||||
.replay-log li.cur { color: var(--ink); font-weight: 600; }
|
.replay-log li.cur { color: var(--ink); font-weight: 600; }
|
||||||
|
|
||||||
|
/* Banner colour override editor + live preview (banner_detail). The override
|
||||||
|
fieldsets group the enable toggle with the native colour swatches; the preview
|
||||||
|
renders a sample strip on both themes from those inputs (see the inline script). */
|
||||||
|
.ovr { border: 1px solid var(--line); border-radius: 6px; padding: 0.3rem 0.8rem 0.7rem; margin: 0.2rem 0; }
|
||||||
|
.ovr legend { padding: 0 0.3rem; font-size: 0.85rem; color: var(--ink); }
|
||||||
|
.ovr legend label { flex-direction: row; align-items: center; gap: 0.4rem; color: var(--ink); }
|
||||||
|
.ovr .note { margin: 0.2rem 0 0.4rem; }
|
||||||
|
.ovr .swatches { display: flex; flex-wrap: wrap; gap: 1rem; }
|
||||||
|
.ovr .swatches label { flex-direction: column; gap: 0.25rem; align-items: flex-start; }
|
||||||
|
.ovr input[type=color] { width: 3rem; height: 1.8rem; padding: 0; border: 1px solid var(--line); border-radius: 4px; background: var(--bg); cursor: pointer; }
|
||||||
|
.ovr input[type=color]:disabled { opacity: 0.4; cursor: default; }
|
||||||
|
.ovr .hex { font-size: 0.72rem; color: var(--ink-dim); font-variant-numeric: tabular-nums; }
|
||||||
|
.banner-preview { display: flex; flex-wrap: wrap; gap: 0.8rem; margin: 0.7rem 0 0.2rem; }
|
||||||
|
.banner-preview .bp { flex: 1 1 18rem; }
|
||||||
|
.banner-preview .bp-label { display: block; font-size: 0.75rem; color: var(--ink-dim); margin-bottom: 0.25rem; }
|
||||||
|
.ad-frame { padding: 0.7rem; border-radius: 6px; border: 1px solid var(--line); }
|
||||||
|
.ad-frame.light { background: #f4f6f9; }
|
||||||
|
.ad-frame.dark { background: #0f1420; }
|
||||||
|
.ad-sample { padding: 0.35rem 0.7rem; font-size: 0.85rem; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
|
||||||
|
.ad-sample .ad-link { text-decoration: underline; }
|
||||||
|
|||||||
@@ -15,12 +15,14 @@
|
|||||||
<a href="/_gm/"{{if eq .ActiveNav "dashboard"}} class="active"{{end}}>Dashboard</a>
|
<a href="/_gm/"{{if eq .ActiveNav "dashboard"}} class="active"{{end}}>Dashboard</a>
|
||||||
<a href="/_gm/users"{{if eq .ActiveNav "users"}} class="active"{{end}}>Users</a>
|
<a href="/_gm/users"{{if eq .ActiveNav "users"}} class="active"{{end}}>Users</a>
|
||||||
<a href="/_gm/games"{{if eq .ActiveNav "games"}} class="active"{{end}}>Games</a>
|
<a href="/_gm/games"{{if eq .ActiveNav "games"}} class="active"{{end}}>Games</a>
|
||||||
|
<a href="/_gm/limits"{{if eq .ActiveNav "limits"}} class="active"{{end}}>Limits</a>
|
||||||
<a href="/_gm/complaints"{{if eq .ActiveNav "complaints"}} class="active"{{end}}>Complaints</a>
|
<a href="/_gm/complaints"{{if eq .ActiveNav "complaints"}} class="active"{{end}}>Complaints</a>
|
||||||
<a href="/_gm/feedback"{{if eq .ActiveNav "feedback"}} class="active"{{end}}>Feedback</a>
|
<a href="/_gm/feedback"{{if eq .ActiveNav "feedback"}} class="active"{{end}}>Feedback</a>
|
||||||
<a href="/_gm/messages"{{if eq .ActiveNav "messages"}} class="active"{{end}}>Messages</a>
|
<a href="/_gm/messages"{{if eq .ActiveNav "messages"}} class="active"{{end}}>Messages</a>
|
||||||
<a href="/_gm/throttled"{{if eq .ActiveNav "throttled"}} class="active"{{end}}>Throttled</a>
|
<a href="/_gm/throttled"{{if eq .ActiveNav "throttled"}} class="active"{{end}}>Throttled</a>
|
||||||
<a href="/_gm/reasons"{{if eq .ActiveNav "reasons"}} class="active"{{end}}>Reasons</a>
|
<a href="/_gm/reasons"{{if eq .ActiveNav "reasons"}} class="active"{{end}}>Reasons</a>
|
||||||
<a href="/_gm/banners"{{if eq .ActiveNav "banners"}} class="active"{{end}}>Banners</a>
|
<a href="/_gm/banners"{{if eq .ActiveNav "banners"}} class="active"{{end}}>Banners</a>
|
||||||
|
<a href="/_gm/catalog"{{if eq .ActiveNav "catalog"}} class="active"{{end}}>Catalog</a>
|
||||||
<a href="/_gm/dictionary"{{if eq .ActiveNav "dictionary"}} class="active"{{end}}>Dictionary</a>
|
<a href="/_gm/dictionary"{{if eq .ActiveNav "dictionary"}} class="active"{{end}}>Dictionary</a>
|
||||||
<a href="/_gm/broadcast"{{if eq .ActiveNav "broadcast"}} class="active"{{end}}>Broadcast</a>
|
<a href="/_gm/broadcast"{{if eq .ActiveNav "broadcast"}} class="active"{{end}}>Broadcast</a>
|
||||||
<a href="/_gm/grafana/">Grafana ↗</a>
|
<a href="/_gm/grafana/">Grafana ↗</a>
|
||||||
|
|||||||
@@ -11,10 +11,72 @@
|
|||||||
<label>Starts (UTC) <input type="datetime-local" name="starts_at" value="{{.StartsAt}}"></label>
|
<label>Starts (UTC) <input type="datetime-local" name="starts_at" value="{{.StartsAt}}"></label>
|
||||||
<label>Ends (UTC) <input type="datetime-local" name="ends_at" value="{{.EndsAt}}"></label>
|
<label>Ends (UTC) <input type="datetime-local" name="ends_at" value="{{.EndsAt}}"></label>
|
||||||
<label><input type="checkbox" name="enabled"{{if .Enabled}} checked{{end}}> Enabled</label>
|
<label><input type="checkbox" name="enabled"{{if .Enabled}} checked{{end}}> Enabled</label>
|
||||||
|
<fieldset class="ovr">
|
||||||
|
<legend><label><input type="checkbox" name="urgent"{{if .Urgent}} checked{{end}}> Urgent</label></legend>
|
||||||
|
<p class="note">Shows to <em>everyone</em>, always — bypassing paid accounts, hint wallets and the no-banner role. While any urgent campaign is live it is the only thing the strip shows (other campaigns and the default are suppressed). For system alerts.</p>
|
||||||
|
</fieldset>
|
||||||
|
<fieldset class="ovr" data-ovr-group>
|
||||||
|
<legend><label><input type="checkbox" name="override_all_on" data-ovr="all"{{if .OverrideAllOn}} checked{{end}}> Colour override — all themes</label></legend>
|
||||||
|
<div class="swatches">
|
||||||
|
<label>Background <input type="color" name="override_bg" value="{{.AllBg}}" data-ovr-color{{if not .OverrideAllOn}} disabled{{end}}><span class="hex"></span></label>
|
||||||
|
<label>Text <input type="color" name="override_fg" value="{{.AllFg}}" data-ovr-color{{if not .OverrideAllOn}} disabled{{end}}><span class="hex"></span></label>
|
||||||
|
<label>Link <input type="color" name="override_link" value="{{.AllLink}}" data-ovr-color{{if not .OverrideAllOn}} disabled{{end}}><span class="hex"></span></label>
|
||||||
|
</div>
|
||||||
|
</fieldset>
|
||||||
|
<fieldset class="ovr" data-ovr-group>
|
||||||
|
<legend><label><input type="checkbox" name="override_dark_on" data-ovr="dark"{{if .OverrideDarkOn}} checked{{end}}> Colour override — dark theme only</label></legend>
|
||||||
|
<div class="swatches">
|
||||||
|
<label>Background <input type="color" name="override_bg_dark" value="{{.DarkBg}}" data-ovr-color{{if not .OverrideDarkOn}} disabled{{end}}><span class="hex"></span></label>
|
||||||
|
<label>Text <input type="color" name="override_fg_dark" value="{{.DarkFg}}" data-ovr-color{{if not .OverrideDarkOn}} disabled{{end}}><span class="hex"></span></label>
|
||||||
|
<label>Link <input type="color" name="override_link_dark" value="{{.DarkLink}}" data-ovr-color{{if not .OverrideDarkOn}} disabled{{end}}><span class="hex"></span></label>
|
||||||
|
</div>
|
||||||
|
</fieldset>
|
||||||
{{end}}
|
{{end}}
|
||||||
<div><button type="submit">Save</button></div>
|
<div><button type="submit">Save</button></div>
|
||||||
</form>
|
</form>
|
||||||
{{if not .IsDefault}}
|
{{if not .IsDefault}}
|
||||||
|
<div class="banner-preview">
|
||||||
|
<div class="bp"><span class="bp-label">Light theme</span><div class="ad-frame light"><div class="ad-sample" id="prev-light"><span>Sample banner text — <span class="ad-link">a link</span></span></div></div></div>
|
||||||
|
<div class="bp"><span class="bp-label">Dark theme</span><div class="ad-frame dark"><div class="ad-sample" id="prev-dark"><span>Sample banner text — <span class="ad-link">a link</span></span></div></div></div>
|
||||||
|
</div>
|
||||||
|
<p class="note">Live preview of the strip on both themes. An empty override falls back to the neutral theme colours; the top/bottom border is derived from the background.</p>
|
||||||
|
<script>
|
||||||
|
(function(){
|
||||||
|
// Neutral fallbacks — mirror ui/src/app.css (--ad-bg / --text-muted / --accent).
|
||||||
|
var TOK={light:{bg:'#e3e7ee',fg:'#6b7280',link:'#2f6df6'},dark:{bg:'#272f3c',fg:'#9aa3b2',link:'#5b8cff'}};
|
||||||
|
function byName(n){return document.querySelector('[name="'+n+'"]');}
|
||||||
|
var allOn=byName('override_all_on'), darkOn=byName('override_dark_on');
|
||||||
|
if(!allOn||!darkOn){return;}
|
||||||
|
var f={ab:byName('override_bg'),af:byName('override_fg'),al:byName('override_link'),db:byName('override_bg_dark'),df:byName('override_fg_dark'),dl:byName('override_link_dark')};
|
||||||
|
var lightEl=document.getElementById('prev-light'), darkEl=document.getElementById('prev-dark');
|
||||||
|
function hexToRgb(h){h=h.replace('#','');return [parseInt(h.slice(0,2),16),parseInt(h.slice(2,4),16),parseInt(h.slice(4,6),16)];}
|
||||||
|
function pad(x){x=Math.max(0,Math.min(255,Math.round(x))).toString(16);return x.length<2?'0'+x:x;}
|
||||||
|
function rgbToHex(r){return '#'+pad(r[0])+pad(r[1])+pad(r[2]);}
|
||||||
|
function mix(a,b,t){return [a[0]+(b[0]-a[0])*t,a[1]+(b[1]-a[1])*t,a[2]+(b[2]-a[2])*t];}
|
||||||
|
function lum(r){return (0.2126*r[0]+0.7152*r[1]+0.0722*r[2])/255;}
|
||||||
|
// Derived border: nudge the background 14% toward black on a light bg, toward white on a dark bg.
|
||||||
|
function border(bg){var r=hexToRgb(bg);return rgbToHex(mix(r, lum(r)>0.5?[0,0,0]:[255,255,255], 0.14));}
|
||||||
|
function paint(el,c){
|
||||||
|
el.style.background=c.bg; el.style.color=c.fg;
|
||||||
|
el.style.borderTop='1px solid '+border(c.bg); el.style.borderBottom='1px solid '+border(c.bg);
|
||||||
|
var a=el.querySelector('.ad-link'); if(a){a.style.color=c.link;}
|
||||||
|
}
|
||||||
|
function resolve(){
|
||||||
|
var light=allOn.checked?{bg:f.ab.value,fg:f.af.value,link:f.al.value}:TOK.light;
|
||||||
|
var dark=darkOn.checked?{bg:f.db.value,fg:f.df.value,link:f.dl.value}
|
||||||
|
:(allOn.checked?{bg:f.ab.value,fg:f.af.value,link:f.al.value}:TOK.dark);
|
||||||
|
paint(lightEl,light); paint(darkEl,dark);
|
||||||
|
document.querySelectorAll('.ovr .swatches label').forEach(function(lab){
|
||||||
|
var inp=lab.querySelector('input[type=color]'), hx=lab.querySelector('.hex');
|
||||||
|
if(inp&&hx){hx.textContent=inp.value;}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
function toggleGroup(chk){chk.closest('fieldset').querySelectorAll('[data-ovr-color]').forEach(function(inp){inp.disabled=!chk.checked;});}
|
||||||
|
[allOn,darkOn].forEach(function(chk){chk.addEventListener('change',function(){toggleGroup(chk);resolve();});});
|
||||||
|
Object.keys(f).forEach(function(k){f[k].addEventListener('input',resolve);});
|
||||||
|
resolve();
|
||||||
|
})();
|
||||||
|
</script>
|
||||||
<form class="form" method="post" action="/_gm/banners/{{.ID}}/delete" onsubmit="return confirm('Delete this campaign and its messages?')">
|
<form class="form" method="post" action="/_gm/banners/{{.ID}}/delete" onsubmit="return confirm('Delete this campaign and its messages?')">
|
||||||
<button type="submit" class="danger">Delete campaign</button>
|
<button type="submit" class="danger">Delete campaign</button>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@@ -0,0 +1,66 @@
|
|||||||
|
{{define "content" -}}
|
||||||
|
<h1>Product catalog</h1>
|
||||||
|
{{with .Data}}
|
||||||
|
<p class="note">A <strong>pack</strong> funds chips (a money price per rail — RUB via direct, VOTE via vk, XTR via telegram); a <strong>value</strong> buys benefits with chips (a CHIP price). Archived products are hidden from players but still credit an in-flight payment and can be granted. A product with transactions can only be archived, not deleted. Amounts are in minor units (RUB kopecks; VOTE/XTR/CHIP whole). The <code>tournament</code> atom is not sellable yet — keep such a product archived.</p>
|
||||||
|
<section class="panel"><h2>Add product</h2>
|
||||||
|
<form class="form col" method="post" action="/_gm/catalog">
|
||||||
|
<label>Title <input type="text" name="title" maxlength="120" required></label>
|
||||||
|
<fieldset><legend>Atoms (quantity; blank = none)</legend>
|
||||||
|
<label>Chips <input type="number" name="chips" min="0"></label>
|
||||||
|
<label>Hints <input type="number" name="hints" min="0"></label>
|
||||||
|
<label>No-ads days <input type="number" name="noads" min="0"></label>
|
||||||
|
<label>Tournament <input type="number" name="tournament" min="0"></label>
|
||||||
|
</fieldset>
|
||||||
|
<fieldset><legend>Prices (minor units; blank = none)</legend>
|
||||||
|
<label>RUB — direct (kopecks) <input type="number" name="price_rub" min="0"></label>
|
||||||
|
<label>VOTE — vk <input type="number" name="price_vote" min="0"></label>
|
||||||
|
<label>XTR — telegram <input type="number" name="price_star" min="0"></label>
|
||||||
|
<label>CHIP — value <input type="number" name="price_chip" min="0"></label>
|
||||||
|
</fieldset>
|
||||||
|
<label><input type="checkbox" name="active" value="true"> Active (on sale)</label>
|
||||||
|
<div><button type="submit">Add</button></div>
|
||||||
|
</form>
|
||||||
|
</section>
|
||||||
|
<section class="panel"><h2>Rewarded ads (watch for chips)</h2>
|
||||||
|
<p class="note">The chips a player earns per rewarded-video view (VK only), plus the per-day and per-hour caps that bound free chips — <strong>0 payout turns rewarded off</strong>. This is the shared reward config, not a product.</p>
|
||||||
|
<form class="form col" method="post" action="/_gm/catalog/reward">
|
||||||
|
<label>Chips per view <input type="number" name="reward_payout" min="0" value="{{.RewardPayout}}"></label>
|
||||||
|
<label>Daily cap <input type="number" name="reward_daily" min="0" value="{{.RewardDailyCap}}"></label>
|
||||||
|
<label>Hourly cap <input type="number" name="reward_hourly" min="0" value="{{.RewardHourlyCap}}"></label>
|
||||||
|
<div><button type="submit">Save</button></div>
|
||||||
|
</form>
|
||||||
|
</section>
|
||||||
|
<section class="panel"><h2>Payment availability (kill switch)</h2>
|
||||||
|
<p class="note">Turn purchases off on a rail/channel and show the user a localized reason on their next attempt. Unchecked = off; an empty message shows a built-in “temporarily unavailable”. Fail-open: a rail you never touch stays on. A per-user “allow” override (on a user card) bypasses this switch.</p>
|
||||||
|
{{range .Rails}}
|
||||||
|
<form class="form col" method="post" action="/_gm/catalog/rail-status">
|
||||||
|
<input type="hidden" name="rail" value="{{.Rail}}">
|
||||||
|
<label><input type="checkbox" name="enabled" {{if .Enabled}}checked{{end}}> <code>{{.Rail}}</code> — purchases enabled</label>
|
||||||
|
<label>Message RU <input type="text" name="message_ru" maxlength="200" value="{{.MessageRU}}"></label>
|
||||||
|
<label>Message EN <input type="text" name="message_en" maxlength="200" value="{{.MessageEN}}"></label>
|
||||||
|
<div><button type="submit">Save</button></div>
|
||||||
|
</form>
|
||||||
|
{{end}}
|
||||||
|
</section>
|
||||||
|
<section class="panel"><h2>Products</h2>
|
||||||
|
<p class="note">Showing {{if .ShowAll}}<strong>all</strong> products (active + archived) — <a href="/_gm/catalog">active only</a>{{else}}<strong>active</strong> products — <a href="/_gm/catalog?all=1">show all (incl. archived)</a>{{end}}.</p>
|
||||||
|
<table class="list">
|
||||||
|
<thead><tr><th>Title</th><th>Status</th><th>Atoms</th><th>Prices</th><th></th></tr></thead>
|
||||||
|
<tbody>
|
||||||
|
{{range .Products}}
|
||||||
|
<tr>
|
||||||
|
<td><a href="/_gm/catalog/{{.ID}}">{{.Title}}</a></td>
|
||||||
|
<td>{{if .Active}}<span class="ok">active</span>{{else}}<span class="warn">archived</span>{{end}}{{if .Transacted}} <span class="pill">transacted</span>{{end}}</td>
|
||||||
|
<td>{{range .Atoms}}<code>{{.Atom}}×{{.Quantity}}</code> {{end}}</td>
|
||||||
|
<td>{{range .Prices}}<code>{{.Currency}}{{if .Method}}/{{.Method}}{{end}} {{.Amount}}</code> {{end}}</td>
|
||||||
|
<td class="row-actions">
|
||||||
|
<form class="form" method="post" action="/_gm/catalog/{{.ID}}/archive"><input type="hidden" name="active" value="{{if .Active}}false{{else}}true{{end}}"><button type="submit">{{if .Active}}Archive{{else}}Unarchive{{end}}</button></form>
|
||||||
|
{{if not .Transacted}}<form class="form" method="post" action="/_gm/catalog/{{.ID}}/delete" onsubmit="return confirm('Delete this product? It has never been transacted, so this is safe and permanent.')"><button type="submit">Delete</button></form>{{end}}
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{{else}}<tr><td colspan="5"><span class="note">no products</span></td></tr>{{end}}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</section>
|
||||||
|
{{end}}
|
||||||
|
{{- end}}
|
||||||
@@ -8,6 +8,7 @@
|
|||||||
<li><b>Dictionary</b> {{.DictVersion}}</li>
|
<li><b>Dictionary</b> {{.DictVersion}}</li>
|
||||||
<li><b>Status</b> {{.Status}}{{if .EndReason}} ({{.EndReason}}){{end}}</li>
|
<li><b>Status</b> {{.Status}}{{if .EndReason}} ({{.EndReason}}){{end}}</li>
|
||||||
<li><b>AI game</b> {{if .VsAI}}🤖 yes{{else}}no{{end}}</li>
|
<li><b>AI game</b> {{if .VsAI}}🤖 yes{{else}}no{{end}}</li>
|
||||||
|
<li><b>Word rule</b> {{if .MultipleWordsPerTurn}}multiple words per turn{{else}}single word per turn{{end}}</li>
|
||||||
<li><b>Players</b> {{.Players}}</li>
|
<li><b>Players</b> {{.Players}}</li>
|
||||||
<li><b>To move</b> seat {{.ToMove}}</li>
|
<li><b>To move</b> seat {{.ToMove}}</li>
|
||||||
<li><b>Moves</b> {{.MoveCount}}</li>
|
<li><b>Moves</b> {{.MoveCount}}</li>
|
||||||
|
|||||||
@@ -8,11 +8,11 @@
|
|||||||
<a href="/_gm/games?status=finished"{{if eq .Status "finished"}} class="active"{{end}}>finished</a>
|
<a href="/_gm/games?status=finished"{{if eq .Status "finished"}} class="active"{{end}}>finished</a>
|
||||||
</nav>
|
</nav>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
<thead><tr><th>Game</th><th>Variant</th><th>Status</th><th>🤖</th><th class="num">Players</th><th>Updated</th></tr></thead>
|
<thead><tr><th>Game</th><th>Variant</th><th>Kind</th><th>Status</th><th>🤖</th><th class="num">Players</th><th>Updated</th></tr></thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
{{range .Items}}
|
{{range .Items}}
|
||||||
<tr><td><a href="/_gm/games/{{.ID}}">{{.ID}}</a></td><td>{{.Variant}}</td><td>{{.Status}}</td><td>{{if .VsAI}}🤖{{end}}</td><td class="num">{{.Players}}</td><td>{{.UpdatedAt}}</td></tr>
|
<tr><td><a href="/_gm/games/{{.ID}}">{{.ID}}</a></td><td>{{.Variant}}</td><td>{{.Kind}}</td><td>{{.Status}}</td><td>{{if .VsAI}}🤖{{end}}</td><td class="num">{{.Players}}</td><td>{{.UpdatedAt}}</td></tr>
|
||||||
{{else}}<tr><td colspan="6"><span class="note">no games</span></td></tr>{{end}}
|
{{else}}<tr><td colspan="7"><span class="note">no games</span></td></tr>{{end}}
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<nav class="pager">
|
<nav class="pager">
|
||||||
|
|||||||
@@ -0,0 +1,19 @@
|
|||||||
|
{{define "content" -}}
|
||||||
|
<h1>Active-game limits</h1>
|
||||||
|
{{with .Data}}
|
||||||
|
<p class="note">Per-tier, per-kind caps on a player's simultaneous unfinished games. <strong>-1</strong> = unlimited, <strong>0</strong> = the kind is blocked, a positive number caps concurrent games of that kind. Guests are additionally blocked from friend games outright. Changes apply immediately (no redeploy); games already in progress are never affected.</p>
|
||||||
|
<section class="panel">
|
||||||
|
<form class="form col" method="post" action="/_gm/limits">
|
||||||
|
<h2>Guest</h2>
|
||||||
|
<label>vs AI <input type="number" name="guest_vs_ai" min="-1" value="{{.GuestVsAI}}" required></label>
|
||||||
|
<label>Random <input type="number" name="guest_random" min="-1" value="{{.GuestRandom}}" required></label>
|
||||||
|
<label>Friends <input type="number" name="guest_friends" min="-1" value="{{.GuestFriends}}" required></label>
|
||||||
|
<h2>Durable account</h2>
|
||||||
|
<label>vs AI <input type="number" name="durable_vs_ai" min="-1" value="{{.DurableVsAI}}" required></label>
|
||||||
|
<label>Random <input type="number" name="durable_random" min="-1" value="{{.DurableRandom}}" required></label>
|
||||||
|
<label>Friends <input type="number" name="durable_friends" min="-1" value="{{.DurableFriends}}" required></label>
|
||||||
|
<div><button type="submit">Save</button></div>
|
||||||
|
</form>
|
||||||
|
</section>
|
||||||
|
{{end}}
|
||||||
|
{{- end}}
|
||||||
@@ -0,0 +1,25 @@
|
|||||||
|
{{define "content" -}}
|
||||||
|
{{with .Data}}
|
||||||
|
<p class="note"><a href="/_gm/catalog">← all products</a></p>
|
||||||
|
<h1>{{.Title}} {{if .Active}}<span class="ok">active</span>{{else}}<span class="warn">archived</span>{{end}}{{if .Transacted}} <span class="pill">transacted</span>{{end}}</h1>
|
||||||
|
<section class="panel"><h2>Edit</h2>
|
||||||
|
<p class="note">A zero quantity / blank price removes that atom / price. Amounts are in minor units. Saving revalidates the sellable shape when the product is active. Archive / unarchive from the <a href="/_gm/catalog">catalog list</a>.</p>
|
||||||
|
<form class="form col" method="post" action="/_gm/catalog/{{.ID}}">
|
||||||
|
<label>Title <input type="text" name="title" value="{{.Title}}" maxlength="120" required></label>
|
||||||
|
<fieldset><legend>Atoms (quantity; 0 = none)</legend>
|
||||||
|
<label>Chips <input type="number" name="chips" min="0" value="{{.Chips}}"></label>
|
||||||
|
<label>Hints <input type="number" name="hints" min="0" value="{{.Hints}}"></label>
|
||||||
|
<label>No-ads days <input type="number" name="noads" min="0" value="{{.NoAds}}"></label>
|
||||||
|
<label>Tournament <input type="number" name="tournament" min="0" value="{{.Tournament}}"></label>
|
||||||
|
</fieldset>
|
||||||
|
<fieldset><legend>Prices (minor units; 0 = none)</legend>
|
||||||
|
<label>RUB — direct (kopecks) <input type="number" name="price_rub" min="0" value="{{.PriceRUB}}"></label>
|
||||||
|
<label>VOTE — vk <input type="number" name="price_vote" min="0" value="{{.PriceVote}}"></label>
|
||||||
|
<label>XTR — telegram <input type="number" name="price_star" min="0" value="{{.PriceStar}}"></label>
|
||||||
|
<label>CHIP — value <input type="number" name="price_chip" min="0" value="{{.PriceChip}}"></label>
|
||||||
|
</fieldset>
|
||||||
|
<div><button type="submit">Save</button></div>
|
||||||
|
</form>
|
||||||
|
</section>
|
||||||
|
{{end}}
|
||||||
|
{{- end}}
|
||||||
@@ -10,8 +10,6 @@
|
|||||||
<li><b>Timezone</b> {{.TimeZone}}</li>
|
<li><b>Timezone</b> {{.TimeZone}}</li>
|
||||||
<li><b>Guest</b> {{if .Guest}}yes{{else}}no{{end}}</li>
|
<li><b>Guest</b> {{if .Guest}}yes{{else}}no{{end}}</li>
|
||||||
<li><b>Push</b> {{if .NotificationsInAppOnly}}in-app only{{else}}out-of-app{{end}}</li>
|
<li><b>Push</b> {{if .NotificationsInAppOnly}}in-app only{{else}}out-of-app{{end}}</li>
|
||||||
<li><b>Paid</b> {{if .PaidAccount}}yes{{else}}no{{end}}</li>
|
|
||||||
<li><b>Hint wallet</b> {{.HintBalance}}</li>
|
|
||||||
{{if .MergedInto}}<li><b>Merged into</b> {{.MergedInto}}</li>{{end}}
|
{{if .MergedInto}}<li><b>Merged into</b> {{.MergedInto}}</li>{{end}}
|
||||||
{{if .FlaggedHighRateAt}}<li><b>High-rate flag</b> <span class="warn">{{.FlaggedHighRateAt}}</span></li>{{end}}
|
{{if .FlaggedHighRateAt}}<li><b>High-rate flag</b> <span class="warn">{{.FlaggedHighRateAt}}</span></li>{{end}}
|
||||||
<li><b>Created</b> {{.CreatedAt}}</li>
|
<li><b>Created</b> {{.CreatedAt}}</li>
|
||||||
@@ -21,10 +19,6 @@
|
|||||||
<button type="submit">Clear high-rate flag</button>
|
<button type="submit">Clear high-rate flag</button>
|
||||||
</form>
|
</form>
|
||||||
{{end}}
|
{{end}}
|
||||||
<form class="form" method="post" action="/_gm/users/{{.ID}}/grant-hints">
|
|
||||||
<label>Add hints <input type="number" name="amount" min="1" max="{{.HintGrantMax}}" value="1"></label>
|
|
||||||
<button type="submit">Grant</button>
|
|
||||||
</form>
|
|
||||||
</section>
|
</section>
|
||||||
<section class="panel"><h2>Statistics</h2>
|
<section class="panel"><h2>Statistics</h2>
|
||||||
{{if .HasStats}}
|
{{if .HasStats}}
|
||||||
@@ -69,6 +63,61 @@
|
|||||||
<div><button type="submit">{{if .Suspension.Blocked}}Re-block{{else}}Block{{end}}</button></div>
|
<div><button type="submit">{{if .Suspension.Blocked}}Re-block{{else}}Block{{end}}</button></div>
|
||||||
</form>
|
</form>
|
||||||
</section>
|
</section>
|
||||||
|
<section class="panel"><h2>Finance</h2>
|
||||||
|
{{if .Finance.Present}}
|
||||||
|
{{if or .Finance.Segments .Finance.Benefits .Finance.Abuse .Finance.Loss}}
|
||||||
|
<ul class="kv">
|
||||||
|
{{range .Finance.Segments}}<li><b>Chips ({{.Source}})</b> {{.Chips}}</li>{{end}}
|
||||||
|
{{range .Finance.Benefits}}<li><b>Benefits ({{.Origin}})</b> {{.Hints}} hints{{if .Forever}} · no-ads forever{{else if .AdsUntil}} · no-ads until {{.AdsUntil}} (UTC){{end}}</li>{{end}}
|
||||||
|
{{if or .Finance.Abuse .Finance.Loss}}<li><b>Refund risk</b> <span class="warn">{{if .Finance.Abuse}}abuse-flagged{{end}}{{if .Finance.Loss}} · loss {{.Finance.Loss}} chips{{end}}</span></li>{{end}}
|
||||||
|
</ul>
|
||||||
|
{{else}}<p class="note">no balances or benefits</p>{{end}}
|
||||||
|
<h3>Payment override</h3>
|
||||||
|
<form class="form" method="post" action="/_gm/users/{{.ID}}/purchase-override">
|
||||||
|
<label>Purchases for this account
|
||||||
|
<select name="override">
|
||||||
|
<option value="default" {{if eq .PurchaseOverride "default"}}selected{{end}}>Default (follow the rail switch)</option>
|
||||||
|
<option value="allow" {{if eq .PurchaseOverride "allow"}}selected{{end}}>Always allow (bypasses the rail switch only, not security)</option>
|
||||||
|
<option value="deny" {{if eq .PurchaseOverride "deny"}}selected{{end}}>Always deny</option>
|
||||||
|
</select></label>
|
||||||
|
<div><button type="submit">Save</button></div>
|
||||||
|
</form>
|
||||||
|
<h3>Ledger</h3>
|
||||||
|
{{$uid := .ID}}
|
||||||
|
{{if .Finance.Ledger}}
|
||||||
|
<table class="list">
|
||||||
|
<thead><tr><th>Time</th><th>Kind</th><th>Source</th><th>Origin</th><th>Chips</th><th>Order</th><th>Provider</th><th>Shop</th><th>Detail</th><th></th></tr></thead>
|
||||||
|
<tbody>
|
||||||
|
{{range .Finance.Ledger}}
|
||||||
|
<tr><td>{{.At}}</td><td>{{.Kind}}</td><td>{{.Source}}</td><td>{{.Origin}}</td><td>{{.ChipsDelta}}</td><td>{{if .Order}}<code>{{.Order}}</code>{{end}}</td><td>{{.Provider}}</td><td>{{.Shop}}</td><td>{{if .Snapshot}}<code>{{.Snapshot}}</code>{{end}}</td>
|
||||||
|
<td>{{if and (eq .Kind "fund") .Order}}<form class="form" method="post" action="/_gm/users/{{$uid}}/refund" onsubmit="return confirm('Refund this order in full? Record the money refund on the rail first; this revokes the chips (floored at 0).')"><input type="hidden" name="order_id" value="{{.Order}}"><button type="submit">Refund</button></form>{{end}}</td></tr>
|
||||||
|
{{end}}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<p class="note"><a href="/_gm/ledger.csv">Export the full ledger (CSV)</a> — all accounts, for tax + reconciliation.</p>
|
||||||
|
{{else}}<p class="note">no ledger entries</p>{{end}}
|
||||||
|
{{else}}<p class="note">payments not enabled</p>{{end}}
|
||||||
|
</section>
|
||||||
|
<section class="panel"><h2>Grant benefits</h2>
|
||||||
|
{{if .Grant.Present}}
|
||||||
|
<p class="note">A zero-price admin sale of a value — <strong>never chips</strong>. The origin is your compliance choice. The by-product grant applies a defined bundle, including an archived reward product.</p>
|
||||||
|
<form class="form col" method="post" action="/_gm/users/{{.ID}}/grant">
|
||||||
|
<label>Origin <select name="origin">{{range .Grant.Origins}}<option value="{{.}}">{{.}}</option>{{end}}</select></label>
|
||||||
|
<label>Hints <input type="number" name="hints" min="0" value="0"></label>
|
||||||
|
<label>No-ads days <input type="number" name="noads" min="0" value="0"></label>
|
||||||
|
<label><input type="checkbox" name="forever" value="true"> No-ads forever</label>
|
||||||
|
<div><button type="submit">Grant</button></div>
|
||||||
|
</form>
|
||||||
|
{{if .Grant.Products}}
|
||||||
|
<h3>Grant a product</h3>
|
||||||
|
<form class="form col" method="post" action="/_gm/users/{{.ID}}/grant-product">
|
||||||
|
<label>Origin <select name="origin">{{range .Grant.Origins}}<option value="{{.}}">{{.}}</option>{{end}}</select></label>
|
||||||
|
<label>Product <select name="product_id">{{range .Grant.Products}}<option value="{{.ID}}">{{.Title}} ({{.Summary}}){{if .Archived}} — archived{{end}}</option>{{end}}</select></label>
|
||||||
|
<div><button type="submit">Grant product</button></div>
|
||||||
|
</form>
|
||||||
|
{{else}}<p class="note">no grantable products — create a value product in the <a href="/_gm/catalog">catalog</a></p>{{end}}
|
||||||
|
{{else}}<p class="note">payments not enabled</p>{{end}}
|
||||||
|
</section>
|
||||||
<section class="panel"><h2>Roles</h2>
|
<section class="panel"><h2>Roles</h2>
|
||||||
{{$id := .ID}}
|
{{$id := .ID}}
|
||||||
{{if .Roles}}
|
{{if .Roles}}
|
||||||
@@ -101,6 +150,29 @@
|
|||||||
{{else}}<tr><td colspan="4"><span class="note">no identities (guest)</span></td></tr>{{end}}
|
{{else}}<tr><td colspan="4"><span class="note">no identities (guest)</span></td></tr>{{end}}
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
{{if .HasEmail}}
|
||||||
|
<form class="form" method="post" action="/_gm/users/{{.ID}}/remove-email" onsubmit="return confirm('Erase the email identity from this account? The address will be freed.')">
|
||||||
|
<button type="submit">Erase email</button>
|
||||||
|
</form>
|
||||||
|
{{end}}
|
||||||
|
</section>
|
||||||
|
<section class="panel"><h2>Deletion & retention</h2>
|
||||||
|
{{if .LastLoginAt}}<p class="note">Last login: {{.LastLoginAt}}{{if .LastLoginIP}} — <code>{{.LastLoginIP}}</code>{{end}}</p>{{end}}
|
||||||
|
{{if .Deleted}}<p><span class="warn">Deleted</span> at {{.DeletedAt}}{{if .DeletedName}} — was <code>{{.DeletedName}}</code>{{end}}</p>{{end}}
|
||||||
|
{{if .Retained}}
|
||||||
|
<h3>Retention journal (legal dossier of detached credentials)</h3>
|
||||||
|
<table class="list">
|
||||||
|
<thead><tr><th>Kind</th><th>Credential</th><th>Reason</th><th>Detached</th></tr></thead>
|
||||||
|
<tbody>
|
||||||
|
{{range .Retained}}<tr><td>{{.Kind}}</td><td><code>{{.ExternalID}}</code></td><td>{{.Reason}}</td><td>{{.DetachedAt}}</td></tr>{{end}}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
{{end}}
|
||||||
|
{{if not .Deleted}}
|
||||||
|
<form class="form" method="post" action="/_gm/users/{{.ID}}/delete" onsubmit="return confirm('Delete this account? Its credentials are journalled and freed, its data anonymised, and its sessions revoked. This cannot be undone.')">
|
||||||
|
<button type="submit">Delete user</button>
|
||||||
|
</form>
|
||||||
|
{{end}}
|
||||||
</section>
|
</section>
|
||||||
<section class="panel"><h2>Friends</h2>
|
<section class="panel"><h2>Friends</h2>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
@@ -149,11 +221,11 @@
|
|||||||
{{end}}
|
{{end}}
|
||||||
<section class="panel"><h2>Games</h2>
|
<section class="panel"><h2>Games</h2>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
<thead><tr><th>Game</th><th>Variant</th><th>Status</th><th class="num">Players</th><th>Updated</th></tr></thead>
|
<thead><tr><th>Game</th><th>Variant</th><th>Kind</th><th>Status</th><th class="num">Players</th><th>Updated</th></tr></thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
{{range .Games}}
|
{{range .Games}}
|
||||||
<tr><td><a href="/_gm/games/{{.ID}}">{{.ID}}</a></td><td>{{.Variant}}</td><td>{{.Status}}</td><td class="num">{{.Players}}</td><td>{{.UpdatedAt}}</td></tr>
|
<tr><td><a href="/_gm/games/{{.ID}}">{{.ID}}</a></td><td>{{.Variant}}</td><td>{{.Kind}}</td><td>{{.Status}}</td><td class="num">{{.Players}}</td><td>{{.UpdatedAt}}</td></tr>
|
||||||
{{else}}<tr><td colspan="5"><span class="note">no games</span></td></tr>{{end}}
|
{{else}}<tr><td colspan="6"><span class="note">no games</span></td></tr>{{end}}
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
@@ -2,13 +2,15 @@
|
|||||||
<h1>Users</h1>
|
<h1>Users</h1>
|
||||||
{{with .Data}}
|
{{with .Data}}
|
||||||
<nav class="subnav">
|
<nav class="subnav">
|
||||||
<a href="/_gm/users"{{if not .Robots}} class="active"{{end}}>People</a> ·
|
<a href="/_gm/users"{{if and (not .Robots) (not .Deleted)}} class="active"{{end}}>People</a> ·
|
||||||
|
<a href="/_gm/users?kind=deleted"{{if .Deleted}} class="active"{{end}}>Deleted</a> ·
|
||||||
<a href="/_gm/users?kind=robots"{{if .Robots}} class="active"{{end}}>Robots</a>
|
<a href="/_gm/users?kind=robots"{{if .Robots}} class="active"{{end}}>Robots</a>
|
||||||
</nav>
|
</nav>
|
||||||
<form class="form" method="get" action="/_gm/users">
|
<form class="form" method="get" action="/_gm/users">
|
||||||
{{if .Robots}}<input type="hidden" name="kind" value="robots">{{end}}
|
{{if .Robots}}<input type="hidden" name="kind" value="robots">{{end}}{{if .Deleted}}<input type="hidden" name="kind" value="deleted">{{end}}
|
||||||
<input name="name" value="{{.NameMask}}" placeholder="display name mask (* ?)">
|
<input name="name" value="{{.NameMask}}" placeholder="display name mask (* ?)">
|
||||||
<input name="ext" value="{{.ExternalIDMask}}" placeholder="external id mask (* ?)">
|
<input name="ext" value="{{.ExternalIDMask}}" placeholder="external id mask (* ?)">
|
||||||
|
<input name="email" value="{{.EmailExact}}" placeholder="email (exact)" type="search">
|
||||||
<button type="submit">Filter</button>
|
<button type="submit">Filter</button>
|
||||||
</form>
|
</form>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
@@ -17,7 +19,7 @@
|
|||||||
{{range .Items}}
|
{{range .Items}}
|
||||||
<tr>
|
<tr>
|
||||||
<td><a href="/_gm/users/{{.ID}}">{{.ID}}</a></td>
|
<td><a href="/_gm/users/{{.ID}}">{{.ID}}</a></td>
|
||||||
<td>{{.DisplayName}}{{if .Guest}} <span class="pill">guest</span>{{end}}{{if .FlaggedHighRate}} <span class="pill">high-rate</span>{{end}}</td>
|
<td>{{.DisplayName}}{{if .Deleted}} <span class="pill">deleted</span>{{end}}{{if .Guest}} <span class="pill">guest</span>{{end}}{{if .FlaggedHighRate}} <span class="pill">high-rate</span>{{end}}</td>
|
||||||
<td>{{.Kind}}</td>
|
<td>{{.Kind}}</td>
|
||||||
<td>{{.Language}}</td>
|
<td>{{.Language}}</td>
|
||||||
<td>{{.CreatedAt}}</td>
|
<td>{{.CreatedAt}}</td>
|
||||||
|
|||||||
@@ -60,8 +60,10 @@ type UsersView struct {
|
|||||||
// be emitted verbatim — interpolated as a plain string it would have its "=" and "&"
|
// be emitted verbatim — interpolated as a plain string it would have its "=" and "&"
|
||||||
// percent-encoded again by the contextual escaper.
|
// percent-encoded again by the contextual escaper.
|
||||||
Robots bool
|
Robots bool
|
||||||
|
Deleted bool
|
||||||
NameMask string
|
NameMask string
|
||||||
ExternalIDMask string
|
ExternalIDMask string
|
||||||
|
EmailExact string
|
||||||
FilterQuery template.URL
|
FilterQuery template.URL
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -74,6 +76,7 @@ type UserRow struct {
|
|||||||
Kind string
|
Kind string
|
||||||
Language string
|
Language string
|
||||||
Guest bool
|
Guest bool
|
||||||
|
Deleted bool
|
||||||
FlaggedHighRate bool
|
FlaggedHighRate bool
|
||||||
CreatedAt string
|
CreatedAt string
|
||||||
HasMoveStats bool
|
HasMoveStats bool
|
||||||
@@ -146,22 +149,28 @@ type UserDetailView struct {
|
|||||||
TimeZone string
|
TimeZone string
|
||||||
Guest bool
|
Guest bool
|
||||||
NotificationsInAppOnly bool
|
NotificationsInAppOnly bool
|
||||||
PaidAccount bool
|
|
||||||
// MergedInto is the primary account id when this account has been retired by a
|
// MergedInto is the primary account id when this account has been retired by a
|
||||||
// merge, or empty for a live account.
|
// merge, or empty for a live account.
|
||||||
MergedInto string
|
MergedInto string
|
||||||
|
// The account-deletion dossier. Deleted marks a tombstoned account; DeletedAt and
|
||||||
|
// DeletedName are its deletion time and retained real name; LastLoginAt/IP are the
|
||||||
|
// last cold-load stamp (shown for any account); Retained is the credential journal.
|
||||||
|
Deleted bool
|
||||||
|
DeletedAt string
|
||||||
|
DeletedName string
|
||||||
|
LastLoginAt string
|
||||||
|
LastLoginIP string
|
||||||
|
Retained []RetainedRow
|
||||||
// FlaggedHighRateAt is the pre-formatted soft high-rate marker timestamp,
|
// FlaggedHighRateAt is the pre-formatted soft high-rate marker timestamp,
|
||||||
// empty for an unflagged account; the card shows it with the Clear action.
|
// empty for an unflagged account; the card shows it with the Clear action.
|
||||||
FlaggedHighRateAt string
|
FlaggedHighRateAt string
|
||||||
HintBalance int
|
CreatedAt string
|
||||||
// HintGrantMax is the per-grant cap the operator's "add hints" form enforces (it mirrors the
|
HasStats bool
|
||||||
// server's maxHintGrant), passed through so the policy value lives in one place.
|
Stats StatsRow
|
||||||
HintGrantMax int
|
Identities []IdentityRow
|
||||||
CreatedAt string
|
// HasEmail gates the "Erase email" action; set when the account carries an email identity.
|
||||||
HasStats bool
|
HasEmail bool
|
||||||
Stats StatsRow
|
Games []GameRow
|
||||||
Identities []IdentityRow
|
|
||||||
Games []GameRow
|
|
||||||
// TelegramID and VKID are the account's platform external ids (empty when absent).
|
// TelegramID and VKID are the account's platform external ids (empty when absent).
|
||||||
// TelegramID gates the "Send Telegram message" operator action; VKID surfaces the VK
|
// TelegramID gates the "Send Telegram message" operator action; VKID surfaces the VK
|
||||||
// user id with a link to the VK profile (there is no VK messaging to drive).
|
// user id with a link to the VK profile (there is no VK messaging to drive).
|
||||||
@@ -186,6 +195,59 @@ type UserDetailView struct {
|
|||||||
Blocks []RelationRow
|
Blocks []RelationRow
|
||||||
BlockedBy []RelationRow
|
BlockedBy []RelationRow
|
||||||
Friends []RelationRow
|
Friends []RelationRow
|
||||||
|
// Finance is the account's payments picture (balances, benefits, refund risk, ledger). Present
|
||||||
|
// is false when the payments domain is unwired.
|
||||||
|
Finance FinanceView
|
||||||
|
// PurchaseOverride is the account's per-account purchase override ("default"/"allow"/"deny"),
|
||||||
|
// shown in and edited from the user card's payment-override control.
|
||||||
|
PurchaseOverride string
|
||||||
|
// Grant is the admin-grant panel (origin picker + grantable products). Present is false when the
|
||||||
|
// payments domain is unwired.
|
||||||
|
Grant GrantFormView
|
||||||
|
}
|
||||||
|
|
||||||
|
// FinanceView is the account's payments picture on the user card: chip balances per funding
|
||||||
|
// segment, benefits per origin, the recorded refund risk, and the append-only ledger history
|
||||||
|
// (newest first). Present is false when the payments domain is unwired.
|
||||||
|
type FinanceView struct {
|
||||||
|
Present bool
|
||||||
|
Segments []SegmentRow
|
||||||
|
Benefits []BenefitRow
|
||||||
|
// Abuse is the refund abuse flag; Loss is the unrecoverable chip loss from floor-0 refunds.
|
||||||
|
Abuse bool
|
||||||
|
Loss int
|
||||||
|
Ledger []LedgerRow
|
||||||
|
}
|
||||||
|
|
||||||
|
// SegmentRow is one funding segment's chip balance.
|
||||||
|
type SegmentRow struct {
|
||||||
|
Source string
|
||||||
|
Chips int
|
||||||
|
}
|
||||||
|
|
||||||
|
// BenefitRow is one origin's benefit: the hint wallet, the ad-free expiry (pre-formatted, empty
|
||||||
|
// when none) and the lifetime ad-free flag.
|
||||||
|
type BenefitRow struct {
|
||||||
|
Origin string
|
||||||
|
Hints int
|
||||||
|
AdsUntil string
|
||||||
|
Forever bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// LedgerRow is one append-only ledger entry: its kind, funding source / benefit origin, signed chip
|
||||||
|
// delta, the product / order / provider / direct-rail shop it references (empty when none), the raw
|
||||||
|
// snapshot JSON and the pre-formatted time.
|
||||||
|
type LedgerRow struct {
|
||||||
|
Kind string
|
||||||
|
Source string
|
||||||
|
Origin string
|
||||||
|
ChipsDelta int
|
||||||
|
Product string
|
||||||
|
Order string
|
||||||
|
Provider string
|
||||||
|
Shop string
|
||||||
|
Snapshot string
|
||||||
|
At string
|
||||||
}
|
}
|
||||||
|
|
||||||
// RelationRow is one cross-linked account in the user card's blocks / blocked-by / friends
|
// RelationRow is one cross-linked account in the user card's blocks / blocked-by / friends
|
||||||
@@ -234,6 +296,17 @@ type IdentityRow struct {
|
|||||||
CreatedAt string
|
CreatedAt string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RetainedRow is one credential in the account-deletion retention journal (the legal
|
||||||
|
// dossier of detached credentials): what was detached, when, and why.
|
||||||
|
type RetainedRow struct {
|
||||||
|
Kind string
|
||||||
|
ExternalID string
|
||||||
|
Reason string
|
||||||
|
Confirmed bool
|
||||||
|
LinkedAt string
|
||||||
|
DetachedAt string
|
||||||
|
}
|
||||||
|
|
||||||
// GameRow is one game row in a list.
|
// GameRow is one game row in a list.
|
||||||
type GameRow struct {
|
type GameRow struct {
|
||||||
ID string
|
ID string
|
||||||
@@ -243,6 +316,8 @@ type GameRow struct {
|
|||||||
UpdatedAt string
|
UpdatedAt string
|
||||||
// VsAI marks an honest-AI game (rendered as 🤖 in the list's AI column).
|
// VsAI marks an honest-AI game (rendered as 🤖 in the list's AI column).
|
||||||
VsAI bool
|
VsAI bool
|
||||||
|
// Kind is the game's origin tag label: vs_ai / random / friends / unknown.
|
||||||
|
Kind string
|
||||||
}
|
}
|
||||||
|
|
||||||
// GamesView is the paginated games list, optionally filtered by status.
|
// GamesView is the paginated games list, optionally filtered by status.
|
||||||
@@ -252,6 +327,17 @@ type GamesView struct {
|
|||||||
Pager Pager
|
Pager Pager
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GameLimitsView is the per-tier, per-kind active-game limit form: each field is a cap where -1
|
||||||
|
// is unlimited, 0 blocks the kind, and a positive value caps concurrent games of that kind.
|
||||||
|
type GameLimitsView struct {
|
||||||
|
GuestVsAI int
|
||||||
|
GuestRandom int
|
||||||
|
GuestFriends int
|
||||||
|
DurableVsAI int
|
||||||
|
DurableRandom int
|
||||||
|
DurableFriends int
|
||||||
|
}
|
||||||
|
|
||||||
// GameDetailView is one game with its seats.
|
// GameDetailView is one game with its seats.
|
||||||
type GameDetailView struct {
|
type GameDetailView struct {
|
||||||
ID string
|
ID string
|
||||||
@@ -266,8 +352,12 @@ type GameDetailView struct {
|
|||||||
UpdatedAt string
|
UpdatedAt string
|
||||||
FinishedAt string
|
FinishedAt string
|
||||||
// VsAI marks an honest-AI game (shown as a 🤖 flag in the summary).
|
// VsAI marks an honest-AI game (shown as a 🤖 flag in the summary).
|
||||||
VsAI bool
|
VsAI bool
|
||||||
Seats []SeatRow
|
// MultipleWordsPerTurn is the game's cross-word rule: true = standard Scrabble (every cross-word
|
||||||
|
// is validated and scored), false = the single-word rule (only the main word along the play
|
||||||
|
// direction counts). Shown in the summary so an operator can tell the rule at a glance.
|
||||||
|
MultipleWordsPerTurn bool
|
||||||
|
Seats []SeatRow
|
||||||
// HasRobot is true when any seat is a robot, gating the robot-target caption;
|
// HasRobot is true when any seat is a robot, gating the robot-target caption;
|
||||||
// RobotTargetPct is the configured global play-to-win rate, in percent.
|
// RobotTargetPct is the configured global play-to-win rate, in percent.
|
||||||
HasRobot bool
|
HasRobot bool
|
||||||
@@ -473,15 +563,30 @@ type BannerCampaignRow struct {
|
|||||||
|
|
||||||
// BannerDetailView is the campaign detail/edit page. StartsAt/EndsAt are the
|
// BannerDetailView is the campaign detail/edit page. StartsAt/EndsAt are the
|
||||||
// "YYYY-MM-DDTHH:MM" (UTC) values for the datetime-local inputs, empty when open.
|
// "YYYY-MM-DDTHH:MM" (UTC) values for the datetime-local inputs, empty when open.
|
||||||
|
//
|
||||||
|
// The colour-override and urgent fields drive the non-default campaign's editor:
|
||||||
|
// OverrideAllOn/OverrideDarkOn report whether each colour set is active, and the
|
||||||
|
// six *Bg/*Fg/*Link values seed the native colour inputs — the stored override
|
||||||
|
// when a set is on, otherwise the neutral theme token so the picker starts from a
|
||||||
|
// sensible colour and the live preview shows the real fallback.
|
||||||
type BannerDetailView struct {
|
type BannerDetailView struct {
|
||||||
ID string
|
ID string
|
||||||
Name string
|
Name string
|
||||||
Weight int
|
Weight int
|
||||||
IsDefault bool
|
IsDefault bool
|
||||||
Enabled bool
|
Enabled bool
|
||||||
StartsAt string
|
StartsAt string
|
||||||
EndsAt string
|
EndsAt string
|
||||||
Messages []BannerMessageRow
|
Urgent bool
|
||||||
|
OverrideAllOn bool
|
||||||
|
AllBg string
|
||||||
|
AllFg string
|
||||||
|
AllLink string
|
||||||
|
OverrideDarkOn bool
|
||||||
|
DarkBg string
|
||||||
|
DarkFg string
|
||||||
|
DarkLink string
|
||||||
|
Messages []BannerMessageRow
|
||||||
}
|
}
|
||||||
|
|
||||||
// BannerMessageRow is one bilingual message of a campaign. First/Last drive the
|
// BannerMessageRow is one bilingual message of a campaign. First/Last drive the
|
||||||
@@ -572,3 +677,90 @@ type FeedbackDetailView struct {
|
|||||||
UserTZ string
|
UserTZ string
|
||||||
Banned bool
|
Banned bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CatalogView is the product-catalog list page.
|
||||||
|
type CatalogView struct {
|
||||||
|
Products []ProductRow
|
||||||
|
// ShowAll reports whether archived products are listed alongside active ones (the active/all
|
||||||
|
// toggle); it drives the toggle link and the list heading.
|
||||||
|
ShowAll bool
|
||||||
|
// RewardPayout / RewardDailyCap / RewardHourlyCap are the rewarded-video config (chips earned per
|
||||||
|
// view and the per-day / per-hour anti-abuse caps), shown in and edited from the page's
|
||||||
|
// rewarded-ads form. A 0 payout means rewarded is inert.
|
||||||
|
RewardPayout int
|
||||||
|
RewardDailyCap int
|
||||||
|
RewardHourlyCap int
|
||||||
|
// Rails is the per-rail operational kill-switch state (enabled + per-language off-message), shown
|
||||||
|
// in and edited from the page's payment-availability form.
|
||||||
|
Rails []RailStatusRow
|
||||||
|
}
|
||||||
|
|
||||||
|
// RailStatusRow is one payment rail's operational availability in the kill-switch editor: the rail
|
||||||
|
// key, whether purchases are enabled, and the operator's per-language off-message shown to the user.
|
||||||
|
type RailStatusRow struct {
|
||||||
|
Rail string
|
||||||
|
Enabled bool
|
||||||
|
MessageRU string
|
||||||
|
MessageEN string
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProductRow is one product in the catalog list: its composition, prices, the archived flag
|
||||||
|
// (Active) and the transacted flag (which forbids a hard delete).
|
||||||
|
type ProductRow struct {
|
||||||
|
ID string
|
||||||
|
Title string
|
||||||
|
Active bool
|
||||||
|
Atoms []AtomRow
|
||||||
|
Prices []PriceRow
|
||||||
|
Transacted bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// AtomRow is one atom line of a product row.
|
||||||
|
type AtomRow struct {
|
||||||
|
Atom string
|
||||||
|
Quantity int
|
||||||
|
}
|
||||||
|
|
||||||
|
// PriceRow is one price of a product: the method ("" for a value's CHIP price), the currency, and
|
||||||
|
// the amount in that currency's minor units.
|
||||||
|
type PriceRow struct {
|
||||||
|
Method string
|
||||||
|
Currency string
|
||||||
|
Amount int64
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProductFormView is the product edit form, pre-filled from the current composition. Atom quantities
|
||||||
|
// and prices are flattened to the fixed fields the form offers (0 = absent); Transacted disables the
|
||||||
|
// delete action.
|
||||||
|
type ProductFormView struct {
|
||||||
|
ID string
|
||||||
|
Title string
|
||||||
|
Active bool
|
||||||
|
Chips int
|
||||||
|
Hints int
|
||||||
|
NoAds int
|
||||||
|
Tournament int
|
||||||
|
PriceRUB int64
|
||||||
|
PriceVote int64
|
||||||
|
PriceStar int64
|
||||||
|
PriceChip int64
|
||||||
|
Transacted bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// GrantFormView is the admin-grant panel on the user card: the origin picker and the grantable
|
||||||
|
// products (value bundles — hints / no-ads days — including archived ones; chips and tournament
|
||||||
|
// products are excluded). Present is false when the payments domain is unwired.
|
||||||
|
type GrantFormView struct {
|
||||||
|
Present bool
|
||||||
|
Origins []string
|
||||||
|
Products []GrantProductOption
|
||||||
|
}
|
||||||
|
|
||||||
|
// GrantProductOption is one grantable product in the by-product picker: its id, title, an atom
|
||||||
|
// summary, and whether it is archived (the common case for a non-public reward bundle).
|
||||||
|
type GrantProductOption struct {
|
||||||
|
ID string
|
||||||
|
Title string
|
||||||
|
Summary string
|
||||||
|
Archived bool
|
||||||
|
}
|
||||||
|
|||||||
@@ -30,6 +30,15 @@ var ErrDefaultImmutable = errors.New("ads: the default campaign cannot be modifi
|
|||||||
// window or message body).
|
// window or message body).
|
||||||
var ErrValidation = errors.New("ads: validation")
|
var ErrValidation = errors.New("ads: validation")
|
||||||
|
|
||||||
|
// ColorSet is an optional per-campaign colour override for the banner strip:
|
||||||
|
// background, foreground (text) and link, each a "#rrggbb" hex string. The three
|
||||||
|
// are set together or the whole set is absent (a nil *ColorSet).
|
||||||
|
type ColorSet struct {
|
||||||
|
Bg string
|
||||||
|
Fg string
|
||||||
|
Link string
|
||||||
|
}
|
||||||
|
|
||||||
// Campaign is one advertising placement order with its messages.
|
// Campaign is one advertising placement order with its messages.
|
||||||
type Campaign struct {
|
type Campaign struct {
|
||||||
ID uuid.UUID // uuid.Nil on create
|
ID uuid.UUID // uuid.Nil on create
|
||||||
@@ -40,6 +49,16 @@ type Campaign struct {
|
|||||||
StartsAt *time.Time // nil = open-ended start; always nil for the default
|
StartsAt *time.Time // nil = open-ended start; always nil for the default
|
||||||
EndsAt *time.Time // nil = open-ended end; always nil for the default
|
EndsAt *time.Time // nil = open-ended end; always nil for the default
|
||||||
Messages []Message
|
Messages []Message
|
||||||
|
// OverrideAll paints the strip on every theme; OverrideDark, when set, further
|
||||||
|
// overrides the dark theme (the client resolves dark ← dark ?? all ?? token,
|
||||||
|
// light ← all ?? token). Both are nil for the default campaign and for a
|
||||||
|
// campaign that keeps the neutral theme tokens. Non-default only.
|
||||||
|
OverrideAll *ColorSet
|
||||||
|
OverrideDark *ColorSet
|
||||||
|
// Urgent forces the banner on every viewer (bypassing eligibility) and, while
|
||||||
|
// any urgent campaign is active, suppresses every non-urgent campaign and the
|
||||||
|
// default remainder. Non-default only; always false for the default campaign.
|
||||||
|
Urgent bool
|
||||||
CreatedAt time.Time
|
CreatedAt time.Time
|
||||||
UpdatedAt time.Time
|
UpdatedAt time.Time
|
||||||
}
|
}
|
||||||
@@ -70,29 +89,32 @@ type Timings struct {
|
|||||||
|
|
||||||
// ActiveCampaign is one campaign in the resolved rotation feed sent to a client:
|
// ActiveCampaign is one campaign in the resolved rotation feed sent to a client:
|
||||||
// its GCD-reduced show weight and its messages, already resolved to the viewer's
|
// its GCD-reduced show weight and its messages, already resolved to the viewer's
|
||||||
// language and in display (round-robin) order.
|
// language and in display (round-robin) order, plus the optional colour overrides
|
||||||
|
// the client applies to the strip (nil = the neutral theme tokens). Urgency is not
|
||||||
|
// carried here: it is resolved server-side into the set's membership and the
|
||||||
|
// eligibility bypass, so the client only ever renders what it is sent.
|
||||||
type ActiveCampaign struct {
|
type ActiveCampaign struct {
|
||||||
Weight int
|
Weight int
|
||||||
Messages []string
|
Messages []string
|
||||||
}
|
OverrideAll *ColorSet
|
||||||
|
OverrideDark *ColorSet
|
||||||
// Eligible reports whether an account should be shown the advertising banner: a
|
|
||||||
// free account (not paid) with an empty hint wallet and without the no_banner
|
|
||||||
// role. The no_banner role suppresses the banner unconditionally; buying a paid
|
|
||||||
// account or any hints also removes it.
|
|
||||||
func Eligible(paidAccount bool, hintBalance int, hasNoBanner bool) bool {
|
|
||||||
return !paidAccount && hintBalance <= 0 && !hasNoBanner
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// computeActiveSet builds the resolved rotation feed from the enabled campaigns
|
// computeActiveSet builds the resolved rotation feed from the enabled campaigns
|
||||||
// at time now, in language lang. Campaigns outside their validity window, and
|
// at time now, in language lang, and reports whether the feed is an urgent one.
|
||||||
// campaigns with no messages, are dropped. The default campaign's effective
|
// Campaigns outside their validity window, and campaigns with no messages, are
|
||||||
// weight is the remainder up to 100% — max(0, 100 - sum of active timed
|
// dropped.
|
||||||
// weights) — so it fills unsold inventory and is dropped entirely when timed
|
//
|
||||||
// campaigns already reach 100%. Weights are then reduced by their GCD so the
|
// While any active campaign is urgent, the feed is the urgent campaigns alone —
|
||||||
// fair rotation cycle stays short. The input is expected to be the enabled
|
// every non-urgent timed campaign and the default remainder are suppressed for
|
||||||
// campaigns (ActiveCampaigns); disabled ones must already be excluded.
|
// the duration (and the caller shows the feed to every viewer, bypassing
|
||||||
func computeActiveSet(campaigns []Campaign, now time.Time, lang string) []ActiveCampaign {
|
// eligibility). Otherwise the default campaign's effective weight is the
|
||||||
|
// remainder up to 100% — max(0, 100 - sum of active timed weights) — so it fills
|
||||||
|
// unsold inventory and is dropped entirely when timed campaigns already reach
|
||||||
|
// 100%. Weights are then reduced by their GCD so the fair rotation cycle stays
|
||||||
|
// short. The input is expected to be the enabled campaigns (ActiveCampaigns);
|
||||||
|
// disabled ones must already be excluded.
|
||||||
|
func computeActiveSet(campaigns []Campaign, now time.Time, lang string) ([]ActiveCampaign, bool) {
|
||||||
var timed []Campaign
|
var timed []Campaign
|
||||||
var def *Campaign
|
var def *Campaign
|
||||||
for i := range campaigns {
|
for i := range campaigns {
|
||||||
@@ -108,20 +130,54 @@ func computeActiveSet(campaigns []Campaign, now time.Time, lang string) []Active
|
|||||||
timed = append(timed, c)
|
timed = append(timed, c)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if urgent := filterUrgent(timed); len(urgent) > 0 {
|
||||||
|
out := make([]ActiveCampaign, 0, len(urgent))
|
||||||
|
for _, c := range urgent {
|
||||||
|
out = append(out, activeFrom(c, lang))
|
||||||
|
}
|
||||||
|
reduceByGCD(out)
|
||||||
|
return out, true
|
||||||
|
}
|
||||||
sumTimed := 0
|
sumTimed := 0
|
||||||
for _, c := range timed {
|
for _, c := range timed {
|
||||||
sumTimed += c.Weight
|
sumTimed += c.Weight
|
||||||
}
|
}
|
||||||
out := make([]ActiveCampaign, 0, len(timed)+1)
|
out := make([]ActiveCampaign, 0, len(timed)+1)
|
||||||
for _, c := range timed {
|
for _, c := range timed {
|
||||||
out = append(out, ActiveCampaign{Weight: c.Weight, Messages: resolveBodies(c.Messages, lang)})
|
out = append(out, activeFrom(c, lang))
|
||||||
}
|
}
|
||||||
if def != nil {
|
if def != nil {
|
||||||
if dw := 100 - sumTimed; dw > 0 {
|
if dw := 100 - sumTimed; dw > 0 {
|
||||||
out = append(out, ActiveCampaign{Weight: dw, Messages: resolveBodies(def.Messages, lang)})
|
a := activeFrom(*def, lang)
|
||||||
|
a.Weight = dw // the default's stored weight is nominal; it fills the remainder
|
||||||
|
out = append(out, a)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
reduceByGCD(out)
|
reduceByGCD(out)
|
||||||
|
return out, false
|
||||||
|
}
|
||||||
|
|
||||||
|
// activeFrom projects a campaign to its rotation-feed entry: its show weight, its
|
||||||
|
// language-resolved messages and its colour overrides (carried through by
|
||||||
|
// reference, they are read-only).
|
||||||
|
func activeFrom(c Campaign, lang string) ActiveCampaign {
|
||||||
|
return ActiveCampaign{
|
||||||
|
Weight: c.Weight,
|
||||||
|
Messages: resolveBodies(c.Messages, lang),
|
||||||
|
OverrideAll: c.OverrideAll,
|
||||||
|
OverrideDark: c.OverrideDark,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// filterUrgent returns the urgent campaigns among cs, preserving order. It is the
|
||||||
|
// preempt selector: a non-empty result makes the whole feed urgent.
|
||||||
|
func filterUrgent(cs []Campaign) []Campaign {
|
||||||
|
var out []Campaign
|
||||||
|
for _, c := range cs {
|
||||||
|
if c.Urgent {
|
||||||
|
out = append(out, c)
|
||||||
|
}
|
||||||
|
}
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,30 +6,6 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestEligible(t *testing.T) {
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
paidAccount bool
|
|
||||||
hintBalance int
|
|
||||||
hasNoBanner bool
|
|
||||||
want bool
|
|
||||||
}{
|
|
||||||
{name: "free, empty wallet, no role", want: true},
|
|
||||||
{name: "paid", paidAccount: true, want: false},
|
|
||||||
{name: "has hints", hintBalance: 3, want: false},
|
|
||||||
{name: "no_banner role", hasNoBanner: true, want: false},
|
|
||||||
{name: "paid and has hints", paidAccount: true, hintBalance: 5, want: false},
|
|
||||||
{name: "no_banner overrides everything", hasNoBanner: true, want: false},
|
|
||||||
}
|
|
||||||
for _, tt := range tests {
|
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
|
||||||
if got := Eligible(tt.paidAccount, tt.hintBalance, tt.hasNoBanner); got != tt.want {
|
|
||||||
t.Errorf("Eligible(%v,%d,%v) = %v, want %v", tt.paidAccount, tt.hintBalance, tt.hasNoBanner, got, tt.want)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestComputeActiveSet(t *testing.T) {
|
func TestComputeActiveSet(t *testing.T) {
|
||||||
now := time.Date(2026, 6, 15, 12, 0, 0, 0, time.UTC)
|
now := time.Date(2026, 6, 15, 12, 0, 0, 0, time.UTC)
|
||||||
past := now.Add(-24 * time.Hour)
|
past := now.Add(-24 * time.Hour)
|
||||||
@@ -46,12 +22,19 @@ func TestComputeActiveSet(t *testing.T) {
|
|||||||
timed := func(name string, weight int, starts, ends *time.Time, msgs []Message) Campaign {
|
timed := func(name string, weight int, starts, ends *time.Time, msgs []Message) Campaign {
|
||||||
return Campaign{Name: name, Weight: weight, Enabled: true, StartsAt: starts, EndsAt: ends, Messages: msgs}
|
return Campaign{Name: name, Weight: weight, Enabled: true, StartsAt: starts, EndsAt: ends, Messages: msgs}
|
||||||
}
|
}
|
||||||
|
urgent := func(name string, weight int, msgs []Message) Campaign {
|
||||||
|
c := timed(name, weight, nil, nil, msgs)
|
||||||
|
c.Urgent = true
|
||||||
|
return c
|
||||||
|
}
|
||||||
|
red := &ColorSet{Bg: "#aa0000", Fg: "#ffffff", Link: "#ffdd00"}
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
campaigns []Campaign
|
campaigns []Campaign
|
||||||
lang string
|
lang string
|
||||||
want []ActiveCampaign
|
want []ActiveCampaign
|
||||||
|
wantUrgent bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "default only reduces to weight 1",
|
name: "default only reduces to weight 1",
|
||||||
@@ -152,22 +135,71 @@ func TestComputeActiveSet(t *testing.T) {
|
|||||||
lang: "en",
|
lang: "en",
|
||||||
want: []ActiveCampaign{{Weight: 1, Messages: []string{"one-en", "two-en"}}},
|
want: []ActiveCampaign{{Weight: 1, Messages: []string{"one-en", "two-en"}}},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "urgent preempts default and normal timed",
|
||||||
|
campaigns: []Campaign{
|
||||||
|
def(msg("house")),
|
||||||
|
timed("promo", 40, nil, nil, msg("promo")),
|
||||||
|
urgent("alert", 50, msg("alert")),
|
||||||
|
},
|
||||||
|
lang: "en",
|
||||||
|
// only the urgent campaign survives; a lone weight reduces to 1.
|
||||||
|
want: []ActiveCampaign{{Weight: 1, Messages: []string{"alert-en"}}},
|
||||||
|
wantUrgent: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "multiple urgent share the feed by gcd",
|
||||||
|
campaigns: []Campaign{
|
||||||
|
def(msg("house")),
|
||||||
|
urgent("a", 60, msg("a")),
|
||||||
|
urgent("b", 40, msg("b")),
|
||||||
|
},
|
||||||
|
lang: "en",
|
||||||
|
// default and any non-urgent dropped; gcd(60,40)=20 -> 3 and 2.
|
||||||
|
want: []ActiveCampaign{
|
||||||
|
{Weight: 3, Messages: []string{"a-en"}},
|
||||||
|
{Weight: 2, Messages: []string{"b-en"}},
|
||||||
|
},
|
||||||
|
wantUrgent: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "out-of-window urgent does not preempt",
|
||||||
|
campaigns: []Campaign{
|
||||||
|
def(msg("house")),
|
||||||
|
func() Campaign { c := urgent("future", 50, msg("future")); c.StartsAt = &future; return c }(),
|
||||||
|
},
|
||||||
|
lang: "en",
|
||||||
|
// the urgent campaign is not yet live, so the normal default feed stands.
|
||||||
|
want: []ActiveCampaign{{Weight: 1, Messages: []string{"house-en"}}},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "colour overrides ride the active campaign",
|
||||||
|
campaigns: []Campaign{
|
||||||
|
def(msg("house")),
|
||||||
|
func() Campaign { c := timed("promo", 100, nil, nil, msg("promo")); c.OverrideAll = red; return c }(),
|
||||||
|
},
|
||||||
|
lang: "en",
|
||||||
|
want: []ActiveCampaign{{Weight: 1, Messages: []string{"promo-en"}, OverrideAll: red}},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
got := computeActiveSet(tt.campaigns, now, tt.lang)
|
got, gotUrgent := computeActiveSet(tt.campaigns, now, tt.lang)
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, tt.want) {
|
||||||
t.Errorf("computeActiveSet() =\n %#v\nwant\n %#v", got, tt.want)
|
t.Errorf("computeActiveSet() =\n %#v\nwant\n %#v", got, tt.want)
|
||||||
}
|
}
|
||||||
|
if gotUrgent != tt.wantUrgent {
|
||||||
|
t.Errorf("computeActiveSet() urgent = %v, want %v", gotUrgent, tt.wantUrgent)
|
||||||
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestComputeActiveSetEmpty(t *testing.T) {
|
func TestComputeActiveSetEmpty(t *testing.T) {
|
||||||
// No campaigns at all yields an empty (non-nil-or-nil) feed without panicking.
|
// No campaigns at all yields an empty (non-nil-or-nil) feed without panicking.
|
||||||
if got := computeActiveSet(nil, time.Now(), "en"); len(got) != 0 {
|
if got, urgent := computeActiveSet(nil, time.Now(), "en"); len(got) != 0 || urgent {
|
||||||
t.Errorf("computeActiveSet(nil) = %#v, want empty", got)
|
t.Errorf("computeActiveSet(nil) = %#v urgent=%v, want empty non-urgent", got, urgent)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package ads
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -40,17 +41,20 @@ func NewService(store *Store) *Service { return &Service{store: store} }
|
|||||||
// ActiveSet returns the resolved rotation feed for a viewer in language lang
|
// ActiveSet returns the resolved rotation feed for a viewer in language lang
|
||||||
// (en/ru) together with the global display timings: the currently-active
|
// (en/ru) together with the global display timings: the currently-active
|
||||||
// campaigns, each with its GCD-reduced show weight and its messages resolved to
|
// campaigns, each with its GCD-reduced show weight and its messages resolved to
|
||||||
// lang, ready for the client's weighted round-robin.
|
// lang, ready for the client's weighted round-robin. The bool result reports
|
||||||
func (s *Service) ActiveSet(ctx context.Context, lang string) ([]ActiveCampaign, Timings, error) {
|
// whether the feed is urgent — an urgent feed is shown to every viewer
|
||||||
|
// regardless of eligibility (the caller skips the eligibility gate for it).
|
||||||
|
func (s *Service) ActiveSet(ctx context.Context, lang string) ([]ActiveCampaign, Timings, bool, error) {
|
||||||
campaigns, err := s.store.ActiveCampaigns(ctx)
|
campaigns, err := s.store.ActiveCampaigns(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, Timings{}, err
|
return nil, Timings{}, false, err
|
||||||
}
|
}
|
||||||
timings, err := s.store.Settings(ctx)
|
timings, err := s.store.Settings(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, Timings{}, err
|
return nil, Timings{}, false, err
|
||||||
}
|
}
|
||||||
return computeActiveSet(campaigns, time.Now().UTC(), lang), timings, nil
|
set, urgent := computeActiveSet(campaigns, time.Now().UTC(), lang)
|
||||||
|
return set, timings, urgent, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListCampaigns returns every campaign with its messages, for the admin console.
|
// ListCampaigns returns every campaign with its messages, for the admin console.
|
||||||
@@ -76,8 +80,13 @@ func (s *Service) CreateCampaign(ctx context.Context, c Campaign) (uuid.UUID, er
|
|||||||
if err := validWindow(c.StartsAt, c.EndsAt); err != nil {
|
if err := validWindow(c.StartsAt, c.EndsAt); err != nil {
|
||||||
return uuid.Nil, err
|
return uuid.Nil, err
|
||||||
}
|
}
|
||||||
|
all, dark, err := validOverrides(c.OverrideAll, c.OverrideDark)
|
||||||
|
if err != nil {
|
||||||
|
return uuid.Nil, err
|
||||||
|
}
|
||||||
return s.store.CreateCampaign(ctx, Campaign{
|
return s.store.CreateCampaign(ctx, Campaign{
|
||||||
Name: name, Weight: c.Weight, Enabled: c.Enabled, StartsAt: c.StartsAt, EndsAt: c.EndsAt,
|
Name: name, Weight: c.Weight, Enabled: c.Enabled, StartsAt: c.StartsAt, EndsAt: c.EndsAt,
|
||||||
|
OverrideAll: all, OverrideDark: dark, Urgent: c.Urgent,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -99,6 +108,7 @@ func (s *Service) UpdateCampaign(ctx context.Context, c Campaign) error {
|
|||||||
upd.Enabled = true
|
upd.Enabled = true
|
||||||
upd.StartsAt = nil
|
upd.StartsAt = nil
|
||||||
upd.EndsAt = nil
|
upd.EndsAt = nil
|
||||||
|
// The default (house) campaign stays plain: no colour overrides, never urgent.
|
||||||
} else {
|
} else {
|
||||||
if err := validWeight(c.Weight); err != nil {
|
if err := validWeight(c.Weight); err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -106,10 +116,17 @@ func (s *Service) UpdateCampaign(ctx context.Context, c Campaign) error {
|
|||||||
if err := validWindow(c.StartsAt, c.EndsAt); err != nil {
|
if err := validWindow(c.StartsAt, c.EndsAt); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
all, dark, err := validOverrides(c.OverrideAll, c.OverrideDark)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
upd.Weight = c.Weight
|
upd.Weight = c.Weight
|
||||||
upd.Enabled = c.Enabled
|
upd.Enabled = c.Enabled
|
||||||
upd.StartsAt = c.StartsAt
|
upd.StartsAt = c.StartsAt
|
||||||
upd.EndsAt = c.EndsAt
|
upd.EndsAt = c.EndsAt
|
||||||
|
upd.OverrideAll = all
|
||||||
|
upd.OverrideDark = dark
|
||||||
|
upd.Urgent = c.Urgent
|
||||||
}
|
}
|
||||||
return s.store.UpdateCampaign(ctx, upd)
|
return s.store.UpdateCampaign(ctx, upd)
|
||||||
}
|
}
|
||||||
@@ -254,6 +271,46 @@ func validWindow(starts, ends *time.Time) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// hexColor matches a "#rrggbb" colour — the format the console's native colour
|
||||||
|
// input emits and the wire carries.
|
||||||
|
var hexColor = regexp.MustCompile(`^#[0-9a-fA-F]{6}$`)
|
||||||
|
|
||||||
|
// validOverrides validates the two optional colour sets together and returns
|
||||||
|
// their normalised copies (nil when a set is absent), so a caller can store them
|
||||||
|
// directly.
|
||||||
|
func validOverrides(all, dark *ColorSet) (*ColorSet, *ColorSet, error) {
|
||||||
|
va, err := validColorSet(all)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, err
|
||||||
|
}
|
||||||
|
vd, err := validColorSet(dark)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, err
|
||||||
|
}
|
||||||
|
return va, vd, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// validColorSet validates one optional colour override: a nil set passes (no
|
||||||
|
// override); otherwise all three colours must be present and "#rrggbb". It
|
||||||
|
// returns a trimmed, lower-cased copy.
|
||||||
|
func validColorSet(cs *ColorSet) (*ColorSet, error) {
|
||||||
|
if cs == nil {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
bg := strings.TrimSpace(cs.Bg)
|
||||||
|
fg := strings.TrimSpace(cs.Fg)
|
||||||
|
link := strings.TrimSpace(cs.Link)
|
||||||
|
if bg == "" || fg == "" || link == "" {
|
||||||
|
return nil, fmt.Errorf("%w: a colour override needs all of background, text and link", ErrValidation)
|
||||||
|
}
|
||||||
|
for _, h := range []string{bg, fg, link} {
|
||||||
|
if !hexColor.MatchString(h) {
|
||||||
|
return nil, fmt.Errorf("%w: colours must be #rrggbb hex", ErrValidation)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return &ColorSet{Bg: strings.ToLower(bg), Fg: strings.ToLower(fg), Link: strings.ToLower(link)}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// validBodies trims and bounds both mandatory language bodies of a message.
|
// validBodies trims and bounds both mandatory language bodies of a message.
|
||||||
func validBodies(bodyEn, bodyRu string) (string, string, error) {
|
func validBodies(bodyEn, bodyRu string) (string, string, error) {
|
||||||
en := strings.TrimSpace(bodyEn)
|
en := strings.TrimSpace(bodyEn)
|
||||||
|
|||||||
@@ -90,15 +90,23 @@ func (s *Store) Campaign(ctx context.Context, id uuid.UUID) (Campaign, error) {
|
|||||||
func (s *Store) CreateCampaign(ctx context.Context, c Campaign) (uuid.UUID, error) {
|
func (s *Store) CreateCampaign(ctx context.Context, c Campaign) (uuid.UUID, error) {
|
||||||
id := uuid.New()
|
id := uuid.New()
|
||||||
now := time.Now().UTC()
|
now := time.Now().UTC()
|
||||||
|
abg, afg, alink := colorCols(c.OverrideAll)
|
||||||
|
dbg, dfg, dlink := colorCols(c.OverrideDark)
|
||||||
stmt := table.AdCampaigns.INSERT(
|
stmt := table.AdCampaigns.INSERT(
|
||||||
table.AdCampaigns.CampaignID, table.AdCampaigns.Name, table.AdCampaigns.Weight,
|
table.AdCampaigns.CampaignID, table.AdCampaigns.Name, table.AdCampaigns.Weight,
|
||||||
table.AdCampaigns.IsDefault, table.AdCampaigns.Enabled,
|
table.AdCampaigns.IsDefault, table.AdCampaigns.Enabled,
|
||||||
table.AdCampaigns.StartsAt, table.AdCampaigns.EndsAt,
|
table.AdCampaigns.StartsAt, table.AdCampaigns.EndsAt,
|
||||||
|
table.AdCampaigns.OverrideBg, table.AdCampaigns.OverrideFg, table.AdCampaigns.OverrideLink,
|
||||||
|
table.AdCampaigns.OverrideBgDark, table.AdCampaigns.OverrideFgDark, table.AdCampaigns.OverrideLinkDark,
|
||||||
|
table.AdCampaigns.Urgent,
|
||||||
table.AdCampaigns.CreatedAt, table.AdCampaigns.UpdatedAt,
|
table.AdCampaigns.CreatedAt, table.AdCampaigns.UpdatedAt,
|
||||||
).VALUES(
|
).VALUES(
|
||||||
postgres.UUID(id), postgres.String(c.Name), postgres.Int(int64(c.Weight)),
|
postgres.UUID(id), postgres.String(c.Name), postgres.Int(int64(c.Weight)),
|
||||||
postgres.Bool(false), postgres.Bool(c.Enabled),
|
postgres.Bool(false), postgres.Bool(c.Enabled),
|
||||||
tsOrNull(c.StartsAt), tsOrNull(c.EndsAt),
|
tsOrNull(c.StartsAt), tsOrNull(c.EndsAt),
|
||||||
|
abg, afg, alink,
|
||||||
|
dbg, dfg, dlink,
|
||||||
|
postgres.Bool(c.Urgent),
|
||||||
postgres.TimestampzT(now), postgres.TimestampzT(now),
|
postgres.TimestampzT(now), postgres.TimestampzT(now),
|
||||||
)
|
)
|
||||||
if _, err := stmt.ExecContext(ctx, s.db); err != nil {
|
if _, err := stmt.ExecContext(ctx, s.db); err != nil {
|
||||||
@@ -111,12 +119,20 @@ func (s *Store) CreateCampaign(ctx context.Context, c Campaign) (uuid.UUID, erro
|
|||||||
// window. The default flag is never touched here. Returns ErrNotFound when no
|
// window. The default flag is never touched here. Returns ErrNotFound when no
|
||||||
// campaign matches.
|
// campaign matches.
|
||||||
func (s *Store) UpdateCampaign(ctx context.Context, c Campaign) error {
|
func (s *Store) UpdateCampaign(ctx context.Context, c Campaign) error {
|
||||||
|
abg, afg, alink := colorCols(c.OverrideAll)
|
||||||
|
dbg, dfg, dlink := colorCols(c.OverrideDark)
|
||||||
stmt := table.AdCampaigns.UPDATE(
|
stmt := table.AdCampaigns.UPDATE(
|
||||||
table.AdCampaigns.Name, table.AdCampaigns.Weight, table.AdCampaigns.Enabled,
|
table.AdCampaigns.Name, table.AdCampaigns.Weight, table.AdCampaigns.Enabled,
|
||||||
table.AdCampaigns.StartsAt, table.AdCampaigns.EndsAt, table.AdCampaigns.UpdatedAt,
|
table.AdCampaigns.StartsAt, table.AdCampaigns.EndsAt,
|
||||||
|
table.AdCampaigns.OverrideBg, table.AdCampaigns.OverrideFg, table.AdCampaigns.OverrideLink,
|
||||||
|
table.AdCampaigns.OverrideBgDark, table.AdCampaigns.OverrideFgDark, table.AdCampaigns.OverrideLinkDark,
|
||||||
|
table.AdCampaigns.Urgent, table.AdCampaigns.UpdatedAt,
|
||||||
).SET(
|
).SET(
|
||||||
postgres.String(c.Name), postgres.Int(int64(c.Weight)), postgres.Bool(c.Enabled),
|
postgres.String(c.Name), postgres.Int(int64(c.Weight)), postgres.Bool(c.Enabled),
|
||||||
tsOrNull(c.StartsAt), tsOrNull(c.EndsAt), postgres.TimestampzT(time.Now().UTC()),
|
tsOrNull(c.StartsAt), tsOrNull(c.EndsAt),
|
||||||
|
abg, afg, alink,
|
||||||
|
dbg, dfg, dlink,
|
||||||
|
postgres.Bool(c.Urgent), postgres.TimestampzT(time.Now().UTC()),
|
||||||
).WHERE(table.AdCampaigns.CampaignID.EQ(postgres.UUID(c.ID)))
|
).WHERE(table.AdCampaigns.CampaignID.EQ(postgres.UUID(c.ID)))
|
||||||
return execOne(ctx, s.db, stmt, "update campaign")
|
return execOne(ctx, s.db, stmt, "update campaign")
|
||||||
}
|
}
|
||||||
@@ -257,18 +273,40 @@ func execOne(ctx context.Context, db qrm.Executable, stmt postgres.Statement, wh
|
|||||||
|
|
||||||
func modelToCampaign(r model.AdCampaigns) Campaign {
|
func modelToCampaign(r model.AdCampaigns) Campaign {
|
||||||
return Campaign{
|
return Campaign{
|
||||||
ID: r.CampaignID,
|
ID: r.CampaignID,
|
||||||
Name: r.Name,
|
Name: r.Name,
|
||||||
Weight: int(r.Weight),
|
Weight: int(r.Weight),
|
||||||
IsDefault: r.IsDefault,
|
IsDefault: r.IsDefault,
|
||||||
Enabled: r.Enabled,
|
Enabled: r.Enabled,
|
||||||
StartsAt: r.StartsAt,
|
StartsAt: r.StartsAt,
|
||||||
EndsAt: r.EndsAt,
|
EndsAt: r.EndsAt,
|
||||||
CreatedAt: r.CreatedAt,
|
OverrideAll: colorSetFrom(r.OverrideBg, r.OverrideFg, r.OverrideLink),
|
||||||
UpdatedAt: r.UpdatedAt,
|
OverrideDark: colorSetFrom(r.OverrideBgDark, r.OverrideFgDark, r.OverrideLinkDark),
|
||||||
|
Urgent: r.Urgent,
|
||||||
|
CreatedAt: r.CreatedAt,
|
||||||
|
UpdatedAt: r.UpdatedAt,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// colorSetFrom rebuilds an optional ColorSet from three nullable colour columns.
|
||||||
|
// The all-or-nothing CHECK keeps the trio consistent, so a nil in any one means
|
||||||
|
// the set is absent.
|
||||||
|
func colorSetFrom(bg, fg, link *string) *ColorSet {
|
||||||
|
if bg == nil || fg == nil || link == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return &ColorSet{Bg: *bg, Fg: *fg, Link: *link}
|
||||||
|
}
|
||||||
|
|
||||||
|
// colorCols renders a *ColorSet as its three column value-expressions in
|
||||||
|
// bg, fg, link order — NULL for each when the set is absent.
|
||||||
|
func colorCols(cs *ColorSet) (bg, fg, link postgres.Expression) {
|
||||||
|
if cs == nil {
|
||||||
|
return postgres.NULL, postgres.NULL, postgres.NULL
|
||||||
|
}
|
||||||
|
return postgres.String(cs.Bg), postgres.String(cs.Fg), postgres.String(cs.Link)
|
||||||
|
}
|
||||||
|
|
||||||
func modelToMessage(r model.AdMessages) Message {
|
func modelToMessage(r model.AdMessages) Message {
|
||||||
return Message{
|
return Message{
|
||||||
ID: r.MessageID,
|
ID: r.MessageID,
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ package config
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
@@ -13,6 +14,7 @@ import (
|
|||||||
"scrabble/backend/internal/lobby"
|
"scrabble/backend/internal/lobby"
|
||||||
"scrabble/backend/internal/postgres"
|
"scrabble/backend/internal/postgres"
|
||||||
"scrabble/backend/internal/ratewatch"
|
"scrabble/backend/internal/ratewatch"
|
||||||
|
"scrabble/backend/internal/robokassa"
|
||||||
"scrabble/backend/internal/robot"
|
"scrabble/backend/internal/robot"
|
||||||
"scrabble/backend/internal/telemetry"
|
"scrabble/backend/internal/telemetry"
|
||||||
)
|
)
|
||||||
@@ -42,6 +44,12 @@ type Config struct {
|
|||||||
// SMTP configures the email relay used for confirm-codes. An empty Host
|
// SMTP configures the email relay used for confirm-codes. An empty Host
|
||||||
// selects the development log mailer (the code is logged, not sent).
|
// selects the development log mailer (the code is logged, not sent).
|
||||||
SMTP account.SMTPConfig
|
SMTP account.SMTPConfig
|
||||||
|
// PublicBaseURL is the canonical public origin (scheme + host, e.g.
|
||||||
|
// https://erudit-game.ru) used to build absolute links in outgoing email — the
|
||||||
|
// confirm deeplink and the footer landing link. It is deliberately not derived
|
||||||
|
// from a request Host header, which would let an attacker inject a phishing link
|
||||||
|
// into the email. Required whenever an SMTP relay is configured.
|
||||||
|
PublicBaseURL string
|
||||||
// ConnectorAddr is the gRPC address of the Telegram platform connector
|
// ConnectorAddr is the gRPC address of the Telegram platform connector
|
||||||
// side-service, used by the admin console to send operator broadcasts. Empty
|
// side-service, used by the admin console to send operator broadcasts. Empty
|
||||||
// disables broadcasts (the admin broadcast actions report "not configured").
|
// disables broadcasts (the admin broadcast actions report "not configured").
|
||||||
@@ -51,6 +59,15 @@ type Config struct {
|
|||||||
// GuestRetention is the account age past which an unused guest (no game seat)
|
// GuestRetention is the account age past which an unused guest (no game seat)
|
||||||
// is eligible for deletion by the reaper.
|
// is eligible for deletion by the reaper.
|
||||||
GuestRetention time.Duration
|
GuestRetention time.Duration
|
||||||
|
// ExportSignKey signs the finished-game export download URLs. Empty leaves
|
||||||
|
// the export-URL endpoints disabled (503 on mint, 404 on download).
|
||||||
|
ExportSignKey string
|
||||||
|
// RendererURL is the base URL of the internal image-render sidecar (e.g.
|
||||||
|
// http://renderer:8090). Empty disables the PNG export artifact.
|
||||||
|
RendererURL string
|
||||||
|
// Robokassa configures the direct-rail (RUB) payment provider — one merchant shop per channel
|
||||||
|
// (D42). An empty set leaves the direct order and Result-callback endpoints unregistered.
|
||||||
|
Robokassa robokassa.Shops
|
||||||
}
|
}
|
||||||
|
|
||||||
// Defaults applied when the corresponding environment variable is unset.
|
// Defaults applied when the corresponding environment variable is unset.
|
||||||
@@ -89,6 +106,7 @@ func Load() (Config, error) {
|
|||||||
gm := game.DefaultConfig()
|
gm := game.DefaultConfig()
|
||||||
gm.DictDir = envOr("BACKEND_DICT_DIR", gm.DictDir)
|
gm.DictDir = envOr("BACKEND_DICT_DIR", gm.DictDir)
|
||||||
gm.DictVersion = envOr("BACKEND_DICT_VERSION", gm.DictVersion)
|
gm.DictVersion = envOr("BACKEND_DICT_VERSION", gm.DictVersion)
|
||||||
|
gm.DictSeedDir = envOr("BACKEND_DICT_SEED_DIR", gm.DictSeedDir)
|
||||||
if gm.TimeoutSweepInterval, err = envDuration("BACKEND_GAME_TIMEOUT_SWEEP_INTERVAL", gm.TimeoutSweepInterval); err != nil {
|
if gm.TimeoutSweepInterval, err = envDuration("BACKEND_GAME_TIMEOUT_SWEEP_INTERVAL", gm.TimeoutSweepInterval); err != nil {
|
||||||
return Config{}, err
|
return Config{}, err
|
||||||
}
|
}
|
||||||
@@ -130,11 +148,29 @@ func Load() (Config, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
smtp := account.SMTPConfig{
|
smtp := account.SMTPConfig{
|
||||||
Host: os.Getenv("BACKEND_SMTP_HOST"),
|
Host: os.Getenv("BACKEND_SMTP_HOST"),
|
||||||
Port: envOr("BACKEND_SMTP_PORT", "587"),
|
Port: envOr("BACKEND_SMTP_PORT", "587"),
|
||||||
Username: os.Getenv("BACKEND_SMTP_USERNAME"),
|
Username: os.Getenv("BACKEND_SMTP_USERNAME"),
|
||||||
Password: os.Getenv("BACKEND_SMTP_PASSWORD"),
|
Password: os.Getenv("BACKEND_SMTP_PASSWORD"),
|
||||||
From: envOr("BACKEND_SMTP_FROM", "no-reply@localhost"),
|
From: envOr("BACKEND_SMTP_FROM", "no-reply@localhost"),
|
||||||
|
TLS: os.Getenv("BACKEND_SMTP_TLS"),
|
||||||
|
AdminFrom: os.Getenv("BACKEND_SMTP_ADMIN_FROM"),
|
||||||
|
AdminTo: os.Getenv("BACKEND_ADMIN_EMAIL"),
|
||||||
|
}
|
||||||
|
|
||||||
|
// Robokassa direct rail: one merchant shop per channel (D42). The legacy single-shop vars seed
|
||||||
|
// the web channel so existing deploys keep working; the per-channel vars add the rest. A shop
|
||||||
|
// with no MerchantLogin is dropped (the rail stays dormant when none is configured).
|
||||||
|
shops := robokassa.Shops{}
|
||||||
|
web := robokassaShop("BACKEND_ROBOKASSA_WEB")
|
||||||
|
if web.MerchantLogin == "" {
|
||||||
|
web = robokassaShop("BACKEND_ROBOKASSA") // legacy single-shop credentials seed the web channel
|
||||||
|
}
|
||||||
|
if web.MerchantLogin != "" {
|
||||||
|
shops[robokassa.ChannelWeb] = web
|
||||||
|
}
|
||||||
|
if android := robokassaShop("BACKEND_ROBOKASSA_ANDROID"); android.MerchantLogin != "" {
|
||||||
|
shops[robokassa.ChannelAndroid] = android
|
||||||
}
|
}
|
||||||
|
|
||||||
c := Config{
|
c := Config{
|
||||||
@@ -148,9 +184,13 @@ func Load() (Config, error) {
|
|||||||
Robot: rb,
|
Robot: rb,
|
||||||
RateWatch: rw,
|
RateWatch: rw,
|
||||||
SMTP: smtp,
|
SMTP: smtp,
|
||||||
|
PublicBaseURL: os.Getenv("BACKEND_PUBLIC_BASE_URL"),
|
||||||
ConnectorAddr: os.Getenv("BACKEND_CONNECTOR_ADDR"),
|
ConnectorAddr: os.Getenv("BACKEND_CONNECTOR_ADDR"),
|
||||||
GuestReapInterval: guestReapInterval,
|
GuestReapInterval: guestReapInterval,
|
||||||
GuestRetention: guestRetention,
|
GuestRetention: guestRetention,
|
||||||
|
ExportSignKey: os.Getenv("BACKEND_EXPORT_SIGN_KEY"),
|
||||||
|
RendererURL: os.Getenv("BACKEND_RENDERER_URL"),
|
||||||
|
Robokassa: shops,
|
||||||
}
|
}
|
||||||
if err := c.validate(); err != nil {
|
if err := c.validate(); err != nil {
|
||||||
return Config{}, err
|
return Config{}, err
|
||||||
@@ -195,6 +235,19 @@ func (c Config) validate() error {
|
|||||||
if c.GuestRetention <= 0 {
|
if c.GuestRetention <= 0 {
|
||||||
return fmt.Errorf("config: BACKEND_GUEST_RETENTION must be positive")
|
return fmt.Errorf("config: BACKEND_GUEST_RETENTION must be positive")
|
||||||
}
|
}
|
||||||
|
if c.SMTP.Host != "" {
|
||||||
|
if c.PublicBaseURL == "" {
|
||||||
|
return fmt.Errorf("config: BACKEND_PUBLIC_BASE_URL must be set when BACKEND_SMTP_HOST is configured")
|
||||||
|
}
|
||||||
|
if u, err := url.Parse(c.PublicBaseURL); err != nil || u.Scheme == "" || u.Host == "" {
|
||||||
|
return fmt.Errorf("config: BACKEND_PUBLIC_BASE_URL %q must be an absolute URL (scheme://host)", c.PublicBaseURL)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for channel, shop := range c.Robokassa {
|
||||||
|
if shop.Password1 == "" || shop.Password2 == "" {
|
||||||
|
return fmt.Errorf("config: robokassa shop %q: password1 and password2 must be set when its merchant login is", channel)
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -234,3 +287,15 @@ func envDuration(key string, fallback time.Duration) (time.Duration, error) {
|
|||||||
}
|
}
|
||||||
return d, nil
|
return d, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// robokassaShop reads a Robokassa shop's four credentials from the environment under prefix (e.g.
|
||||||
|
// "BACKEND_ROBOKASSA_WEB" → _MERCHANT_LOGIN / _PASSWORD1 / _PASSWORD2 / _TEST). A missing
|
||||||
|
// MerchantLogin yields a zero Config the caller drops.
|
||||||
|
func robokassaShop(prefix string) robokassa.Config {
|
||||||
|
return robokassa.Config{
|
||||||
|
MerchantLogin: os.Getenv(prefix + "_MERCHANT_LOGIN"),
|
||||||
|
Password1: os.Getenv(prefix + "_PASSWORD1"),
|
||||||
|
Password2: os.Getenv(prefix + "_PASSWORD2"),
|
||||||
|
IsTest: os.Getenv(prefix+"_TEST") == "1",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,92 @@
|
|||||||
|
package engine
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
)
|
||||||
|
|
||||||
|
// DeliverVersion makes the build's dictionary version resident on the persistent
|
||||||
|
// dictionary volume without disturbing the versions in-flight games already pin.
|
||||||
|
//
|
||||||
|
// The volume is seeded from the image once and never re-seeded, and the image's
|
||||||
|
// /opt/dawg is shadowed by that volume mount, so a redeploy that bumped
|
||||||
|
// BACKEND_DICT_VERSION cannot otherwise make the new DAWGs reachable at runtime.
|
||||||
|
// The image therefore keeps an unshadowed read-only copy at seedDir, and this
|
||||||
|
// copies it into dictDir/<version>/ when the version is not already present —
|
||||||
|
// neither the flat seed's own recorded label nor an existing version
|
||||||
|
// subdirectory. It is add-only and idempotent: the flat seed and any prior admin
|
||||||
|
// uploads are never touched, so old games keep the version they pin while the new
|
||||||
|
// one becomes resident and activatable (see game.Service.InitActiveVersion). A
|
||||||
|
// blank seedDir disables delivery (the pre-existing seed-only behaviour).
|
||||||
|
func DeliverVersion(dictDir, seedDir, version string) error {
|
||||||
|
if seedDir == "" || version == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
target := filepath.Join(dictDir, version)
|
||||||
|
if _, err := os.Stat(target); err == nil {
|
||||||
|
return nil // already delivered on a prior boot
|
||||||
|
} else if !errors.Is(err, os.ErrNotExist) {
|
||||||
|
return fmt.Errorf("engine: stat delivered dictionary %s: %w", target, err)
|
||||||
|
}
|
||||||
|
// A fresh volume is populated from the image and recorded as this version by the
|
||||||
|
// marker: it is the flat dir, so there is nothing to deliver. resolveSeedVersion
|
||||||
|
// records the label on first use, matching OpenWithVersions.
|
||||||
|
seed, err := resolveSeedVersion(dictDir, version)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if seed == version {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
// Stage into a dot-prefixed directory (skipped by OpenWithVersions' version scan)
|
||||||
|
// then rename, so a crash mid-copy never leaves a half-populated version subdir.
|
||||||
|
staging := filepath.Join(dictDir, ".staging-deliver-"+version)
|
||||||
|
if err := os.RemoveAll(staging); err != nil {
|
||||||
|
return fmt.Errorf("engine: clear deliver staging %s: %w", staging, err)
|
||||||
|
}
|
||||||
|
if err := os.MkdirAll(staging, 0o755); err != nil {
|
||||||
|
return fmt.Errorf("engine: create deliver staging %s: %w", staging, err)
|
||||||
|
}
|
||||||
|
for _, file := range dictFiles {
|
||||||
|
src := filepath.Join(seedDir, file)
|
||||||
|
if _, err := os.Stat(src); errors.Is(err, os.ErrNotExist) {
|
||||||
|
continue // a variant absent from the seed is simply absent under this version
|
||||||
|
} else if err != nil {
|
||||||
|
_ = os.RemoveAll(staging)
|
||||||
|
return fmt.Errorf("engine: stat seed dawg %s: %w", src, err)
|
||||||
|
}
|
||||||
|
if err := copyFile(src, filepath.Join(staging, file)); err != nil {
|
||||||
|
_ = os.RemoveAll(staging)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := os.Rename(staging, target); err != nil {
|
||||||
|
_ = os.RemoveAll(staging)
|
||||||
|
return fmt.Errorf("engine: publish delivered dictionary %s: %w", target, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// copyFile copies a single file, truncating the destination.
|
||||||
|
func copyFile(src, dst string) error {
|
||||||
|
in, err := os.Open(src)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("engine: open %s: %w", src, err)
|
||||||
|
}
|
||||||
|
defer func() { _ = in.Close() }()
|
||||||
|
out, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o644)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("engine: create %s: %w", dst, err)
|
||||||
|
}
|
||||||
|
if _, err := io.Copy(out, in); err != nil {
|
||||||
|
_ = out.Close()
|
||||||
|
return fmt.Errorf("engine: copy %s -> %s: %w", src, dst, err)
|
||||||
|
}
|
||||||
|
if err := out.Close(); err != nil {
|
||||||
|
return fmt.Errorf("engine: finalise %s: %w", dst, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -0,0 +1,68 @@
|
|||||||
|
package engine
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestDeliverVersion(t *testing.T) {
|
||||||
|
// A blank seed directory disables delivery (the pre-existing seed-only behaviour).
|
||||||
|
if err := DeliverVersion(t.TempDir(), "", "v1.3.1"); err != nil {
|
||||||
|
t.Fatalf("blank seedDir: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// An existing volume flat-seeded as v1.3.0 gets v1.3.1 delivered as a subdirectory,
|
||||||
|
// add-only: the flat seed's marker is left intact and the new version's DAWGs land.
|
||||||
|
dict := t.TempDir()
|
||||||
|
seed := t.TempDir()
|
||||||
|
if err := os.WriteFile(filepath.Join(dict, seedMarkerFile), []byte("v1.3.0\n"), 0o644); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
for _, f := range dictFiles {
|
||||||
|
if err := os.WriteFile(filepath.Join(seed, f), []byte("dawg:"+f), 0o644); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := DeliverVersion(dict, seed, "v1.3.1"); err != nil {
|
||||||
|
t.Fatalf("deliver v1.3.1: %v", err)
|
||||||
|
}
|
||||||
|
for _, f := range dictFiles {
|
||||||
|
got, err := os.ReadFile(filepath.Join(dict, "v1.3.1", f))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("delivered %s: %v", f, err)
|
||||||
|
}
|
||||||
|
if string(got) != "dawg:"+f {
|
||||||
|
t.Errorf("delivered %s = %q, want the seed bytes", f, got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if m, _ := os.ReadFile(filepath.Join(dict, seedMarkerFile)); string(m) != "v1.3.0\n" {
|
||||||
|
t.Errorf("flat seed marker relabelled to %q (delivery must be add-only)", m)
|
||||||
|
}
|
||||||
|
// Idempotent: a second call is a no-op and leaves no staging directory behind.
|
||||||
|
if err := DeliverVersion(dict, seed, "v1.3.1"); err != nil {
|
||||||
|
t.Fatalf("re-deliver v1.3.1: %v", err)
|
||||||
|
}
|
||||||
|
if entries, _ := os.ReadDir(dict); hasStaging(entries) {
|
||||||
|
t.Errorf("a staging directory survived delivery")
|
||||||
|
}
|
||||||
|
|
||||||
|
// On a fresh directory the build version becomes the flat seed, so nothing is delivered
|
||||||
|
// as a redundant subdirectory.
|
||||||
|
fresh := t.TempDir()
|
||||||
|
if err := DeliverVersion(fresh, seed, "v1.3.1"); err != nil {
|
||||||
|
t.Fatalf("fresh deliver: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := os.Stat(filepath.Join(fresh, "v1.3.1")); !os.IsNotExist(err) {
|
||||||
|
t.Errorf("fresh volume got a redundant v1.3.1 subdir; it should be the flat seed")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func hasStaging(entries []os.DirEntry) bool {
|
||||||
|
for _, e := range entries {
|
||||||
|
if len(e.Name()) >= len(".staging") && e.Name()[:len(".staging")] == ".staging" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
@@ -0,0 +1,123 @@
|
|||||||
|
package engine
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rules"
|
||||||
|
)
|
||||||
|
|
||||||
|
// The offline engine (ui/src/lib/localgame) reproduces the end-of-game rack settlement and the
|
||||||
|
// winner rule so a local game finishes with the same scores as the server. These golden fixtures
|
||||||
|
// pin the ported pure functions (applyEndAdjustment / winner / rackValue) to the real Go engine.
|
||||||
|
// Being in-package, this emitter constructs Game values directly and drives the unexported
|
||||||
|
// end-game math on chosen positions.
|
||||||
|
|
||||||
|
type endCaseIn struct {
|
||||||
|
Name string `json:"name"`
|
||||||
|
Variant string `json:"variant"`
|
||||||
|
Reason string `json:"reason"`
|
||||||
|
Hands [][]int `json:"hands"`
|
||||||
|
Scores []int `json:"scores"`
|
||||||
|
Resigned []bool `json:"resigned"`
|
||||||
|
ToMove int `json:"toMove"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type endCaseOut struct {
|
||||||
|
endCaseIn
|
||||||
|
ScoresAfter []int `json:"scoresAfter"`
|
||||||
|
Winner int `json:"winner"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func rulesetFor(variant string) *rules.Ruleset {
|
||||||
|
switch variant {
|
||||||
|
case "scrabble_ru":
|
||||||
|
return rules.RussianScrabble()
|
||||||
|
case "erudit_ru":
|
||||||
|
return rules.Erudit()
|
||||||
|
default:
|
||||||
|
return rules.English()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func reasonFor(s string) EndReason {
|
||||||
|
switch s {
|
||||||
|
case "out_of_tiles":
|
||||||
|
return EndOutOfTiles
|
||||||
|
case "scoreless":
|
||||||
|
return EndScoreless
|
||||||
|
case "resign":
|
||||||
|
return EndResign
|
||||||
|
case "aborted":
|
||||||
|
return EndAborted
|
||||||
|
}
|
||||||
|
return EndNotOver
|
||||||
|
}
|
||||||
|
|
||||||
|
func handsBytes(hands [][]int) [][]byte {
|
||||||
|
out := make([][]byte, len(hands))
|
||||||
|
for i, h := range hands {
|
||||||
|
b := make([]byte, len(h))
|
||||||
|
for j, x := range h {
|
||||||
|
b[j] = byte(x)
|
||||||
|
}
|
||||||
|
out[i] = b
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestEmitEndgameFixtures regenerates ui/src/lib/localgame/testdata/endgame.json. Gated by
|
||||||
|
// EMIT_ENGINE_FIXTURES. Regenerate with:
|
||||||
|
//
|
||||||
|
// EMIT_ENGINE_FIXTURES=1 go test ./backend/internal/engine -run TestEmitEndgameFixtures
|
||||||
|
func TestEmitEndgameFixtures(t *testing.T) {
|
||||||
|
if os.Getenv("EMIT_ENGINE_FIXTURES") == "" {
|
||||||
|
t.Skip("set EMIT_ENGINE_FIXTURES=1 to regenerate ui/src/lib/localgame/testdata/endgame.json")
|
||||||
|
}
|
||||||
|
|
||||||
|
cases := []endCaseIn{
|
||||||
|
{"out-basic", "scrabble_en", "out_of_tiles", [][]int{{}, {0, 1, 2}}, []int{50, 40}, []bool{false, false}, 0},
|
||||||
|
{"out-blank", "scrabble_en", "out_of_tiles", [][]int{{}, {255, 0}}, []int{30, 30}, []bool{false, false}, 0},
|
||||||
|
{"out-erudit-yo", "erudit_ru", "out_of_tiles", [][]int{{}, {6, 32}}, []int{10, 10}, []bool{false, false}, 0},
|
||||||
|
{"out-tie", "scrabble_en", "out_of_tiles", [][]int{{}, {}}, []int{30, 30}, []bool{false, false}, 0},
|
||||||
|
{"out-3p", "scrabble_ru", "out_of_tiles", [][]int{{}, {0, 1}, {2}}, []int{10, 10, 10}, []bool{false, false, false}, 0},
|
||||||
|
{"scoreless", "scrabble_en", "scoreless", [][]int{{0, 1}, {2, 3}}, []int{20, 20}, []bool{false, false}, 0},
|
||||||
|
{"resign-2p", "scrabble_en", "resign", [][]int{{}, {0}}, []int{100, 10}, []bool{true, false}, 1},
|
||||||
|
{"resign-3p", "scrabble_en", "resign", [][]int{{}, {}, {}}, []int{50, 60, 40}, []bool{false, true, false}, 0},
|
||||||
|
{"aborted", "scrabble_en", "aborted", [][]int{{0}, {1}}, []int{40, 30}, []bool{false, false}, 0},
|
||||||
|
}
|
||||||
|
|
||||||
|
out := make([]endCaseOut, 0, len(cases))
|
||||||
|
for _, c := range cases {
|
||||||
|
rs := rulesetFor(c.Variant)
|
||||||
|
scores := append([]int(nil), c.Scores...)
|
||||||
|
g := &Game{
|
||||||
|
rules: rs,
|
||||||
|
hands: handsBytes(c.Hands),
|
||||||
|
scores: scores,
|
||||||
|
resigned: c.Resigned,
|
||||||
|
toMove: c.ToMove,
|
||||||
|
}
|
||||||
|
reason := reasonFor(c.Reason)
|
||||||
|
g.over = true
|
||||||
|
g.reason = reason
|
||||||
|
g.applyEndAdjustment(reason)
|
||||||
|
out = append(out, endCaseOut{endCaseIn: c, ScoresAfter: g.scores, Winner: g.winner()})
|
||||||
|
}
|
||||||
|
|
||||||
|
dir := filepath.Join("..", "..", "..", "ui", "src", "lib", "localgame", "testdata")
|
||||||
|
if err := os.MkdirAll(dir, 0o755); err != nil {
|
||||||
|
t.Fatalf("mkdir %s: %v", dir, err)
|
||||||
|
}
|
||||||
|
data, err := json.MarshalIndent(map[string]any{"cases": out}, "", " ")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("marshal: %v", err)
|
||||||
|
}
|
||||||
|
path := filepath.Join(dir, "endgame.json")
|
||||||
|
if err := os.WriteFile(path, append(data, '\n'), 0o644); err != nil {
|
||||||
|
t.Fatalf("write %s: %v", path, err)
|
||||||
|
}
|
||||||
|
t.Logf("wrote %s (%d cases)", path, len(out))
|
||||||
|
}
|
||||||
@@ -21,11 +21,13 @@ var dictFiles = map[Variant]string{
|
|||||||
VariantErudit: "ru_erudit.dawg",
|
VariantErudit: "ru_erudit.dawg",
|
||||||
}
|
}
|
||||||
|
|
||||||
// entry is one resident dictionary: the loaded finder and the solver built over
|
// entry is one resident dictionary: the loaded finder, the solver built over it
|
||||||
// it. The finder is retained so Close can release it.
|
// and the file it was loaded from. The finder is retained so Close can release
|
||||||
|
// it; path is retained so the raw bytes can be re-read for the client download.
|
||||||
type entry struct {
|
type entry struct {
|
||||||
finder dawg.Finder
|
finder dawg.Finder
|
||||||
solver *scrabble.Solver
|
solver *scrabble.Solver
|
||||||
|
path string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Registry holds the dictionaries resident in memory, addressed by variant and
|
// Registry holds the dictionaries resident in memory, addressed by variant and
|
||||||
@@ -130,7 +132,7 @@ func (r *Registry) Load(v Variant, version, dir string) error {
|
|||||||
if old, ok := r.entries[v][version]; ok {
|
if old, ok := r.entries[v][version]; ok {
|
||||||
_ = old.finder.Close()
|
_ = old.finder.Close()
|
||||||
}
|
}
|
||||||
r.entries[v][version] = entry{finder: finder, solver: scrabble.NewSolver(rs, finder)}
|
r.entries[v][version] = entry{finder: finder, solver: scrabble.NewSolver(rs, finder), path: path}
|
||||||
r.latest[v] = version
|
r.latest[v] = version
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@@ -202,6 +204,30 @@ func (r *Registry) Versions(v Variant) []string {
|
|||||||
return versions
|
return versions
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DictBytes returns the raw serialized DAWG for the (variant, version) pair,
|
||||||
|
// re-read from the file it was loaded from — the same immutable bytes the solver
|
||||||
|
// holds. It backs the client-side dictionary download for the local move
|
||||||
|
// preview. It returns ErrUnknownVariant or ErrUnknownVersion when that dictionary
|
||||||
|
// is not resident, and wraps any read error. The file is read outside the lock.
|
||||||
|
func (r *Registry) DictBytes(v Variant, version string) ([]byte, error) {
|
||||||
|
r.mu.RLock()
|
||||||
|
versions, ok := r.entries[v]
|
||||||
|
if !ok {
|
||||||
|
r.mu.RUnlock()
|
||||||
|
return nil, fmt.Errorf("%w: %s", ErrUnknownVariant, v)
|
||||||
|
}
|
||||||
|
e, ok := versions[version]
|
||||||
|
r.mu.RUnlock()
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf("%w: %s/%s", ErrUnknownVersion, v, version)
|
||||||
|
}
|
||||||
|
data, err := os.ReadFile(e.path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("engine: read %s/%s dictionary bytes from %s: %w", v, version, e.path, err)
|
||||||
|
}
|
||||||
|
return data, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Lookup reports whether word is present in the (variant, version) dictionary,
|
// Lookup reports whether word is present in the (variant, version) dictionary,
|
||||||
// backing the unlimited word-check tool. It returns ErrUnknownVariant or
|
// backing the unlimited word-check tool. It returns ErrUnknownVariant or
|
||||||
// ErrUnknownVersion when that dictionary is not resident, and an error when word
|
// ErrUnknownVersion when that dictionary is not resident, and an error when word
|
||||||
|
|||||||
@@ -25,11 +25,11 @@ const seedMarkerFile = ".seed_version"
|
|||||||
// BACKEND_DICT_VERSION) and return it — the seed of a fresh volume;
|
// BACKEND_DICT_VERSION) and return it — the seed of a fresh volume;
|
||||||
// - already-seeded directory: return the recorded marker and ignore bootVersion.
|
// - already-seeded directory: return the recorded marker and ignore bootVersion.
|
||||||
//
|
//
|
||||||
// So bumping the build seed on a live volume is a harmless no-op (it only takes
|
// So a later build seed never relabels the already-seeded flat bytes — which would void
|
||||||
// effect on a future fresh volume) instead of relabelling the already-seeded bytes —
|
// games pinned to the prior label and mis-serve new ones. The new build version is instead
|
||||||
// which would void games pinned to the prior label and mis-serve new ones. New games
|
// delivered as a NEW subdirectory (DeliverVersion) and made active (Service.InitActiveVersion),
|
||||||
// still pin the active version (DB-persisted, set by the admin console), which is the
|
// so a redeploy still moves new games to it while old games keep the flat label. New games
|
||||||
// real way a running contour moves to a new release.
|
// pin the active version (DB-persisted); a console upload can also set it out-of-band.
|
||||||
//
|
//
|
||||||
// A directory that cannot be written makes the first record fail; that also breaks
|
// A directory that cannot be written makes the first record fail; that also breaks
|
||||||
// the admin console (which writes version subdirectories here), so the error is
|
// the admin console (which writes version subdirectories here), so the error is
|
||||||
|
|||||||
@@ -195,6 +195,11 @@ func (svc *Service) CountUnread(ctx context.Context) (int, error) {
|
|||||||
return svc.store.CountUnread(ctx)
|
return svc.store.CountUnread(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountSince counts feedback created after since, for the operator alert worker.
|
||||||
|
func (svc *Service) CountSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
return svc.store.CountSince(ctx, since)
|
||||||
|
}
|
||||||
|
|
||||||
// Attachment returns a message's file name and bytes, reporting false when absent.
|
// Attachment returns a message's file name and bytes, reporting false when absent.
|
||||||
func (svc *Service) Attachment(ctx context.Context, id uuid.UUID) (string, []byte, bool, error) {
|
func (svc *Service) Attachment(ctx context.Context, id uuid.UUID) (string, []byte, bool, error) {
|
||||||
return svc.store.Attachment(ctx, id)
|
return svc.store.Attachment(ctx, id)
|
||||||
|
|||||||
@@ -386,3 +386,15 @@ func (s *Store) CountUnread(ctx context.Context) (int, error) {
|
|||||||
}
|
}
|
||||||
return n, nil
|
return n, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountSince counts feedback messages created strictly after since — the operator alert
|
||||||
|
// worker's "new since the last check" signal.
|
||||||
|
func (s *Store) CountSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
var n int
|
||||||
|
if err := s.db.QueryRowContext(ctx,
|
||||||
|
`SELECT COUNT(*) FROM backend.feedback_messages WHERE created_at > $1`, since,
|
||||||
|
).Scan(&n); err != nil {
|
||||||
|
return 0, fmt.Errorf("feedback: count since: %w", err)
|
||||||
|
}
|
||||||
|
return n, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -18,6 +18,13 @@ type Config struct {
|
|||||||
// DictVersion labels the dictionary version new games pin. Sourced from
|
// DictVersion labels the dictionary version new games pin. Sourced from
|
||||||
// BACKEND_DICT_VERSION.
|
// BACKEND_DICT_VERSION.
|
||||||
DictVersion string
|
DictVersion string
|
||||||
|
// DictSeedDir holds the image's read-only copy of the build's DictVersion DAWGs,
|
||||||
|
// on a path the persistent DictDir volume does NOT shadow. On boot the backend
|
||||||
|
// delivers this version into DictDir/<DictVersion>/ if absent (add-only), so a
|
||||||
|
// redeploy that bumped DICT_VERSION makes the new dictionary resident and activatable
|
||||||
|
// without disturbing the versions in-flight games already pin. Sourced from
|
||||||
|
// BACKEND_DICT_SEED_DIR; empty disables delivery (the pre-existing seed-only behaviour).
|
||||||
|
DictSeedDir string
|
||||||
// TimeoutSweepInterval is how often the sweeper scans for overdue turns.
|
// TimeoutSweepInterval is how often the sweeper scans for overdue turns.
|
||||||
// Sourced from BACKEND_GAME_TIMEOUT_SWEEP_INTERVAL.
|
// Sourced from BACKEND_GAME_TIMEOUT_SWEEP_INTERVAL.
|
||||||
TimeoutSweepInterval time.Duration
|
TimeoutSweepInterval time.Duration
|
||||||
|
|||||||
@@ -52,6 +52,7 @@ func gameSummary(g Game, names []string) notify.GameSummary {
|
|||||||
TurnTimeoutSecs: int(g.TurnTimeout.Seconds()),
|
TurnTimeoutSecs: int(g.TurnTimeout.Seconds()),
|
||||||
MultipleWordsPerTurn: g.MultipleWordsPerTurn,
|
MultipleWordsPerTurn: g.MultipleWordsPerTurn,
|
||||||
VsAI: g.VsAI,
|
VsAI: g.VsAI,
|
||||||
|
Kind: int(g.Kind),
|
||||||
MoveCount: g.MoveCount,
|
MoveCount: g.MoveCount,
|
||||||
EndReason: g.EndReason,
|
EndReason: g.EndReason,
|
||||||
Seats: seats,
|
Seats: seats,
|
||||||
@@ -74,7 +75,6 @@ func playerState(v StateView, names []string, includeAlphabet bool) (notify.Play
|
|||||||
Rack: rack,
|
Rack: rack,
|
||||||
BagLen: v.BagLen,
|
BagLen: v.BagLen,
|
||||||
HintsRemaining: v.HintsRemaining,
|
HintsRemaining: v.HintsRemaining,
|
||||||
WalletBalance: v.WalletBalance,
|
|
||||||
}
|
}
|
||||||
if includeAlphabet {
|
if includeAlphabet {
|
||||||
tab, err := engine.AlphabetTable(v.Game.Variant)
|
tab, err := engine.AlphabetTable(v.Game.Variant)
|
||||||
|
|||||||
@@ -55,16 +55,39 @@ func TestPayloadExchangeRoundTrip(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestHintsRemaining(t *testing.T) {
|
func TestHintsRemaining(t *testing.T) {
|
||||||
cases := []struct{ allowance, used, wallet, want int }{
|
cases := []struct{ allowance, used, want int }{
|
||||||
{1, 0, 3, 4},
|
{1, 0, 1},
|
||||||
{1, 1, 3, 3},
|
{1, 1, 0},
|
||||||
{1, 2, 3, 3}, // used past allowance clamps to 0
|
{1, 2, 0}, // used past allowance clamps to 0
|
||||||
{0, 0, 5, 5},
|
{3, 1, 2},
|
||||||
{2, 1, 0, 1},
|
{0, 0, 0},
|
||||||
}
|
}
|
||||||
for _, c := range cases {
|
for _, c := range cases {
|
||||||
if got := hintsRemaining(c.allowance, c.used, c.wallet); got != c.want {
|
if got := hintsRemaining(c.allowance, c.used); got != c.want {
|
||||||
t.Errorf("hintsRemaining(%d,%d,%d) = %d, want %d", c.allowance, c.used, c.wallet, got, c.want)
|
t.Errorf("hintsRemaining(%d,%d) = %d, want %d", c.allowance, c.used, got, c.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHintUnlockLeftSeconds(t *testing.T) {
|
||||||
|
now := time.Now()
|
||||||
|
// A gated vs_ai game on the caller's turn, the robot having moved 10 min ago (turn started then).
|
||||||
|
gated := Game{VsAI: true, ToMove: 0, MoveCount: 2, TurnStartedAt: now.Add(-10 * time.Minute)}
|
||||||
|
cases := []struct {
|
||||||
|
name string
|
||||||
|
g Game
|
||||||
|
seat int
|
||||||
|
want int
|
||||||
|
}{
|
||||||
|
{"non-vs_ai is open", Game{VsAI: false, ToMove: 0, MoveCount: 2, TurnStartedAt: now.Add(-10 * time.Minute)}, 0, 0},
|
||||||
|
{"not the caller's turn is open", gated, 1, 0},
|
||||||
|
{"human first move (no robot move) is open", Game{VsAI: true, ToMove: 0, MoveCount: 0, TurnStartedAt: now}, 0, 0},
|
||||||
|
{"robot moved 10 min ago leaves 20 min", gated, 0, 20 * 60},
|
||||||
|
{"robot moved past the window is open", Game{VsAI: true, ToMove: 0, MoveCount: 2, TurnStartedAt: now.Add(-40 * time.Minute)}, 0, 0},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
if got := hintUnlockLeftSeconds(c.g, c.seat, now); got != c.want {
|
||||||
|
t.Errorf("%s: hintUnlockLeftSeconds = %d, want %d", c.name, got, c.want)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,7 +17,10 @@ import (
|
|||||||
|
|
||||||
"scrabble/backend/internal/account"
|
"scrabble/backend/internal/account"
|
||||||
"scrabble/backend/internal/engine"
|
"scrabble/backend/internal/engine"
|
||||||
|
"scrabble/backend/internal/gamelimits"
|
||||||
"scrabble/backend/internal/notify"
|
"scrabble/backend/internal/notify"
|
||||||
|
"scrabble/backend/internal/payments"
|
||||||
|
"scrabble/backend/internal/session"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Service is the game domain: it drives the engine over a single match, persists
|
// Service is the game domain: it drives the engine over a single match, persists
|
||||||
@@ -50,6 +53,14 @@ type Service struct {
|
|||||||
// its asynchronous TriggerMove); nil disables the fast path (the scan still covers
|
// its asynchronous TriggerMove); nil disables the fast path (the scan still covers
|
||||||
// these games). Kept as a func so the game package never imports the robot package.
|
// these games). Kept as a func so the game package never imports the robot package.
|
||||||
aiTrigger func(gameID uuid.UUID)
|
aiTrigger func(gameID uuid.UUID)
|
||||||
|
// hintWallet is the payments surface the online-game hint path spends against (the
|
||||||
|
// segmented, context-aware hint balance). It is set by SetHintWallet during wiring; when
|
||||||
|
// nil, only the free per-game allowance is served (no purchased hints). vs_ai hints are
|
||||||
|
// wallet-free and never touch it.
|
||||||
|
hintWallet HintWallet
|
||||||
|
// limits is the per-tier active-game cap config (cached). Set by SetGameLimits during wiring;
|
||||||
|
// when nil, no active-game limit is enforced (a game is always creatable).
|
||||||
|
limits *gamelimits.Service
|
||||||
// clearNudges, when set, marks the actor's pending nudges in a game read once they
|
// clearNudges, when set, marks the actor's pending nudges in a game read once they
|
||||||
// have committed a move (a nudge answered by moving stops counting as unread). It is
|
// have committed a move (a nudge answered by moving stops counting as unread). It is
|
||||||
// best-effort and kept as a func so the game package never imports the social package.
|
// best-effort and kept as a func so the game package never imports the social package.
|
||||||
@@ -105,6 +116,70 @@ func (svc *Service) SetAITrigger(trigger func(gameID uuid.UUID)) {
|
|||||||
svc.aiTrigger = trigger
|
svc.aiTrigger = trigger
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HintWallet is the payments surface the online-game hint path uses: the context-aware hint
|
||||||
|
// balance (HintsAvailable) and a one-hint spend (SpendHint), both keyed by the trusted execution
|
||||||
|
// context and the account's present identity sources. *payments.Service satisfies it.
|
||||||
|
type HintWallet interface {
|
||||||
|
HintsAvailable(ctx context.Context, accountID uuid.UUID, cxt payments.Context, present []payments.Source) (int, error)
|
||||||
|
SpendHint(ctx context.Context, accountID uuid.UUID, cxt payments.Context, present []payments.Source) (bool, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetHintWallet installs the payments hint wallet the online-game hint path spends against. It
|
||||||
|
// must be called during startup wiring; the default (nil) serves only the free per-game allowance.
|
||||||
|
func (svc *Service) SetHintWallet(w HintWallet) {
|
||||||
|
svc.hintWallet = w
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetGameLimits installs the active-game limit config (cached), enabling the per-tier caps. When
|
||||||
|
// unset (nil), a game is always creatable.
|
||||||
|
func (svc *Service) SetGameLimits(l *gamelimits.Service) {
|
||||||
|
svc.limits = l
|
||||||
|
}
|
||||||
|
|
||||||
|
// AtGameLimit reports whether accountID has reached its tier's active-game cap for kind — the
|
||||||
|
// per-tier, per-kind limits held in backend.config, read from the in-memory cache. It resolves
|
||||||
|
// the caller's tier (guest vs durable) from the account, then counts its open+active games of that
|
||||||
|
// kind. It reports false (not at the limit) when the limits config is not wired, the account is nil,
|
||||||
|
// or the resolved cap is gamelimits.Unlimited. It backs the new-game gate (the handler aborts 409
|
||||||
|
// game_limit_reached) and the lobby's at-limit flag.
|
||||||
|
func (svc *Service) AtGameLimit(ctx context.Context, accountID uuid.UUID, kind gamelimits.Kind) (bool, error) {
|
||||||
|
if svc.limits == nil || accountID == uuid.Nil {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
acc, err := svc.accounts.GetByID(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
limit := svc.limits.LimitsFor(acc.IsGuest).Cap(kind)
|
||||||
|
if limit == gamelimits.Unlimited {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
n, err := svc.store.CountActiveByKind(ctx, accountID, kind)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
return n >= limit, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// walletContext resolves the payments gate inputs for an account on the current request: the
|
||||||
|
// trusted execution context (from the session platform carried on ctx; absent ⇒ untrusted) and
|
||||||
|
// the account's present identity sources (which chip/benefit segments are awake, §6).
|
||||||
|
func (svc *Service) walletContext(ctx context.Context, accountID uuid.UUID) (payments.Context, []payments.Source, error) {
|
||||||
|
var cxt payments.Context
|
||||||
|
if p, ok := session.PlatformFromContext(ctx); ok {
|
||||||
|
cxt = payments.NewContext(p.Kind, p.Subtype)
|
||||||
|
}
|
||||||
|
ids, err := svc.accounts.Identities(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return payments.Context{}, nil, err
|
||||||
|
}
|
||||||
|
kinds := make([]string, len(ids))
|
||||||
|
for i, id := range ids {
|
||||||
|
kinds[i] = id.Kind
|
||||||
|
}
|
||||||
|
return cxt, payments.PresentSources(kinds), nil
|
||||||
|
}
|
||||||
|
|
||||||
// SetNudgeClearer installs the hook that marks a mover's pending nudges read after
|
// SetNudgeClearer installs the hook that marks a mover's pending nudges read after
|
||||||
// their move commits. It must be called during startup wiring; the default (nil)
|
// their move commits. It must be called during startup wiring; the default (nil)
|
||||||
// leaves nudges to be cleared only when the recipient opens the move history or chat.
|
// leaves nudges to be cleared only when the recipient opens the move history or chat.
|
||||||
@@ -157,21 +232,31 @@ func (svc *Service) ActiveVersion() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// InitActiveVersion reconciles the persisted active dictionary version with the
|
// InitActiveVersion reconciles the persisted active dictionary version with the
|
||||||
// registry at startup. If a version was persisted and is resident, it becomes the
|
// registry at startup and makes the build's version (BACKEND_DICT_VERSION, delivered
|
||||||
// active version; otherwise the configured seed version is kept and persisted as
|
// resident by engine.DeliverVersion) authoritative: a redeploy that bumped the build
|
||||||
// the initial active version. Call once during wiring, before serving traffic.
|
// version thus activates it for new games without any admin step, while old games keep
|
||||||
|
// the version they pin. The one exception is a version installed out-of-band through
|
||||||
|
// the admin console that is NEWER than the build version and still resident — it is
|
||||||
|
// kept, so a restart on an older image never downgrades a hotfix. A build version that
|
||||||
|
// is not resident (delivery disabled or a partial state) falls back to a resident
|
||||||
|
// persisted version. The chosen version is persisted so the admin console reflects it.
|
||||||
|
// Call once during wiring, before serving traffic.
|
||||||
func (svc *Service) InitActiveVersion(ctx context.Context) error {
|
func (svc *Service) InitActiveVersion(ctx context.Context) error {
|
||||||
persisted, ok, err := svc.store.GetActiveDictVersion(ctx)
|
persisted, ok, err := svc.store.GetActiveDictVersion(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if ok && svc.versionResident(persisted) {
|
target := svc.activeVersion() // the build seed version (config.DictVersion)
|
||||||
svc.verMu.Lock()
|
if ok && svc.versionResident(persisted) && compareDictVersions(persisted, target) > 0 {
|
||||||
svc.version = persisted
|
target = persisted // a newer out-of-band install wins over the build version
|
||||||
svc.verMu.Unlock()
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
return svc.store.SetActiveDictVersion(ctx, svc.activeVersion())
|
if !svc.versionResident(target) && ok && svc.versionResident(persisted) {
|
||||||
|
target = persisted // the build version is unloadable — keep a resident one
|
||||||
|
}
|
||||||
|
svc.verMu.Lock()
|
||||||
|
svc.version = target
|
||||||
|
svc.verMu.Unlock()
|
||||||
|
return svc.store.SetActiveDictVersion(ctx, target)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetActiveVersion records version as the active dictionary version, persisting it
|
// SetActiveVersion records version as the active dictionary version, persisting it
|
||||||
@@ -298,6 +383,7 @@ func (svc *Service) Create(ctx context.Context, params CreateParams) (Game, erro
|
|||||||
dropoutTiles: params.DropoutTiles.String(),
|
dropoutTiles: params.DropoutTiles.String(),
|
||||||
multipleWordsPerTurn: params.MultipleWordsPerTurn,
|
multipleWordsPerTurn: params.MultipleWordsPerTurn,
|
||||||
vsAI: params.VsAI,
|
vsAI: params.VsAI,
|
||||||
|
kind: params.Kind,
|
||||||
}
|
}
|
||||||
if err := svc.store.CreateGame(ctx, ins, seats, seeding.draws); err != nil {
|
if err := svc.store.CreateGame(ctx, ins, seats, seeding.draws); err != nil {
|
||||||
return Game{}, err
|
return Game{}, err
|
||||||
@@ -361,6 +447,7 @@ func (svc *Service) OpenOrJoin(ctx context.Context, accountID uuid.UUID, params
|
|||||||
multipleWordsPerTurn: params.MultipleWordsPerTurn,
|
multipleWordsPerTurn: params.MultipleWordsPerTurn,
|
||||||
status: StatusOpen,
|
status: StatusOpen,
|
||||||
openDeadline: &deadline,
|
openDeadline: &deadline,
|
||||||
|
kind: gamelimits.KindRandom,
|
||||||
}
|
}
|
||||||
// Decide the first move now by the official draw, with the not-yet-arrived opponent as a
|
// Decide the first move now by the official draw, with the not-yet-arrived opponent as a
|
||||||
// synthetic placeholder (uuid.Nil): the draw fixes who sits at seat 0 — and so moves
|
// synthetic placeholder (uuid.Nil): the draw fixes who sits at seat 0 — and so moves
|
||||||
@@ -1008,6 +1095,12 @@ func (svc *Service) CountComplaints(ctx context.Context, status string) (int, er
|
|||||||
return svc.store.CountComplaints(ctx, status)
|
return svc.store.CountComplaints(ctx, status)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountComplaintsSince counts word complaints filed after since, for the operator alert
|
||||||
|
// worker.
|
||||||
|
func (svc *Service) CountComplaintsSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
return svc.store.CountComplaintsSince(ctx, since)
|
||||||
|
}
|
||||||
|
|
||||||
// ResolveComplaint closes a complaint with an operator disposition (reject /
|
// ResolveComplaint closes a complaint with an operator disposition (reject /
|
||||||
// accept_add / accept_remove) and an optional note. An accepted complaint then
|
// accept_add / accept_remove) and an optional note. An accepted complaint then
|
||||||
// appears in DictionaryChanges until a rebuilt dictionary is loaded and the
|
// appears in DictionaryChanges until a rebuilt dictionary is loaded and the
|
||||||
@@ -1052,10 +1145,31 @@ func (svc *Service) MarkChangesApplied(ctx context.Context, variant engine.Varia
|
|||||||
return svc.store.MarkChangesApplied(ctx, variant.String(), version)
|
return svc.store.MarkChangesApplied(ctx, variant.String(), version)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hint reveals the top-scoring legal play for the requesting player on their
|
// hintIdleWindow is how long a vs_ai player must be stuck on a turn (since the robot's last move)
|
||||||
// turn, spending one hint from their per-game allowance and then their profile
|
// before the idle hint unlocks. Mirrors the offline client (lib/hints HINT_GATE_MS = 30 min).
|
||||||
// wallet. It returns ErrHintsDisabled, ErrNoHintsLeft or ErrNoHintAvailable as
|
const hintIdleWindow = 30 * time.Minute
|
||||||
// appropriate.
|
|
||||||
|
// hintUnlockLeftSeconds is the seconds until g's vs_ai idle hint unlocks for seat, measured from now:
|
||||||
|
// the robot's last move (the current turn's start, on the human's turn) plus the window, floored at
|
||||||
|
// 0 and ceiled to whole seconds. It is 0 for a non-vs_ai game, when it is not seat's turn, or on the
|
||||||
|
// human's first move (MoveCount 0, no robot move yet) — the gate is an anti-frustration aid, not a
|
||||||
|
// first-move tax. The client anchors a monotonic countdown to it, so a client clock cannot skew it.
|
||||||
|
func hintUnlockLeftSeconds(g Game, seat int, now time.Time) int {
|
||||||
|
if !g.VsAI || g.ToMove != seat || g.MoveCount < 1 {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
left := g.TurnStartedAt.Add(hintIdleWindow).Sub(now)
|
||||||
|
if left <= 0 {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
return int((left + time.Second - 1) / time.Second) // ceil to whole seconds (no math import)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hint reveals the top-scoring legal play for the requesting player on their turn. For a human game
|
||||||
|
// it spends one hint from the per-game allowance then the profile wallet (ErrHintsDisabled /
|
||||||
|
// ErrNoHintsLeft / ErrNoHintAvailable). For a vs_ai game the hint is unlimited and wallet-free but
|
||||||
|
// idle-gated from the server clock (ErrHintLocked until the window elapses) and counts toward no
|
||||||
|
// hint statistic.
|
||||||
func (svc *Service) Hint(ctx context.Context, gameID, accountID uuid.UUID) (HintResult, error) {
|
func (svc *Service) Hint(ctx context.Context, gameID, accountID uuid.UUID) (HintResult, error) {
|
||||||
pre, err := svc.store.GetGame(ctx, gameID)
|
pre, err := svc.store.GetGame(ctx, gameID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -1074,13 +1188,40 @@ func (svc *Service) Hint(ctx context.Context, gameID, accountID uuid.UUID) (Hint
|
|||||||
if !pre.HintsAllowed {
|
if !pre.HintsAllowed {
|
||||||
return HintResult{}, ErrHintsDisabled
|
return HintResult{}, ErrHintsDisabled
|
||||||
}
|
}
|
||||||
acc, err := svc.accounts.GetByID(ctx, accountID)
|
if pre.VsAI {
|
||||||
|
// vs_ai: unlimited and wallet-free, but idle-gated from the server clock — and counted toward
|
||||||
|
// no hint statistic. Enforce the gate (the client normally pre-gates from the view's
|
||||||
|
// HintUnlockLeftSeconds; this is the authoritative backstop), then serve the top move without
|
||||||
|
// touching the allowance, the wallet or hints_used.
|
||||||
|
if hintUnlockLeftSeconds(pre, seat, svc.clock()) > 0 {
|
||||||
|
return HintResult{}, ErrHintLocked
|
||||||
|
}
|
||||||
|
unlock := svc.locks.lock(gameID)
|
||||||
|
defer unlock()
|
||||||
|
g, err := svc.liveGame(ctx, pre)
|
||||||
|
if err != nil {
|
||||||
|
return HintResult{}, err
|
||||||
|
}
|
||||||
|
move, ok := g.HintView()
|
||||||
|
if !ok {
|
||||||
|
return HintResult{}, ErrNoHintAvailable
|
||||||
|
}
|
||||||
|
return HintResult{Move: move}, nil
|
||||||
|
}
|
||||||
|
cxt, present, err := svc.walletContext(ctx, accountID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return HintResult{}, err
|
return HintResult{}, err
|
||||||
}
|
}
|
||||||
|
wallet := 0
|
||||||
|
if svc.hintWallet != nil {
|
||||||
|
wallet, err = svc.hintWallet.HintsAvailable(ctx, accountID, cxt, present)
|
||||||
|
if err != nil {
|
||||||
|
return HintResult{}, err
|
||||||
|
}
|
||||||
|
}
|
||||||
used := pre.Seats[seat].HintsUsed
|
used := pre.Seats[seat].HintsUsed
|
||||||
fromAllowance := used < pre.HintsPerPlayer
|
fromAllowance := used < pre.HintsPerPlayer
|
||||||
if !fromAllowance && acc.HintBalance <= 0 {
|
if !fromAllowance && wallet <= 0 {
|
||||||
return HintResult{}, ErrNoHintsLeft
|
return HintResult{}, ErrNoHintsLeft
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1095,9 +1236,9 @@ func (svc *Service) Hint(ctx context.Context, gameID, accountID uuid.UUID) (Hint
|
|||||||
return HintResult{}, ErrNoHintAvailable
|
return HintResult{}, ErrNoHintAvailable
|
||||||
}
|
}
|
||||||
|
|
||||||
walletAfter := acc.HintBalance
|
walletAfter := wallet
|
||||||
if !fromAllowance {
|
if !fromAllowance {
|
||||||
spent, err := svc.accounts.SpendHint(ctx, accountID)
|
spent, err := svc.hintWallet.SpendHint(ctx, accountID, cxt, present)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return HintResult{}, err
|
return HintResult{}, err
|
||||||
}
|
}
|
||||||
@@ -1113,7 +1254,7 @@ func (svc *Service) Hint(ctx context.Context, gameID, accountID uuid.UUID) (Hint
|
|||||||
return HintResult{}, err
|
return HintResult{}, err
|
||||||
}
|
}
|
||||||
used++
|
used++
|
||||||
return HintResult{Move: move, HintsRemaining: hintsRemaining(pre.HintsPerPlayer, used, walletAfter), WalletBalance: walletAfter}, nil
|
return HintResult{Move: move, HintsRemaining: hintsRemaining(pre.HintsPerPlayer, used), WalletBalance: walletAfter}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Candidates returns the to-move player's legal plays for a seated player on
|
// Candidates returns the to-move player's legal plays for a seated player on
|
||||||
@@ -1178,10 +1319,6 @@ func (svc *Service) GameState(ctx context.Context, gameID, accountID uuid.UUID)
|
|||||||
if !ok {
|
if !ok {
|
||||||
return StateView{}, ErrNotAPlayer
|
return StateView{}, ErrNotAPlayer
|
||||||
}
|
}
|
||||||
acc, err := svc.accounts.GetByID(ctx, accountID)
|
|
||||||
if err != nil {
|
|
||||||
return StateView{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
unlock := svc.locks.lock(gameID)
|
unlock := svc.locks.lock(gameID)
|
||||||
defer unlock()
|
defer unlock()
|
||||||
@@ -1196,12 +1333,15 @@ func (svc *Service) GameState(ctx context.Context, gameID, accountID uuid.UUID)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
return StateView{
|
return StateView{
|
||||||
Game: pre,
|
Game: pre,
|
||||||
Seat: seat,
|
Seat: seat,
|
||||||
Rack: g.Hand(seat),
|
Rack: g.Hand(seat),
|
||||||
BagLen: g.BagLen(),
|
BagLen: g.BagLen(),
|
||||||
HintsRemaining: hintsRemaining(pre.HintsPerPlayer, pre.Seats[seat].HintsUsed, acc.HintBalance),
|
// HintsRemaining is the per-seat allowance only; the purchasable wallet lives on the profile
|
||||||
WalletBalance: acc.HintBalance,
|
// (payments) and the client adds it (lib/hints.hintsLeft).
|
||||||
|
HintsRemaining: hintsRemaining(pre.HintsPerPlayer, pre.Seats[seat].HintsUsed),
|
||||||
|
// vs_ai idle-hint gate (seconds left; 0 for a human game / first move / not your turn).
|
||||||
|
HintUnlockLeftSeconds: hintUnlockLeftSeconds(pre, seat, svc.clock()),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1293,14 +1433,6 @@ func (svc *Service) ListForLobby(ctx context.Context, accountID uuid.UUID) ([]Ga
|
|||||||
return kept, nil
|
return kept, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CountActiveQuickGames reports how many in-progress quick games the account holds —
|
|
||||||
// the count the simultaneous-game limit (MaxActiveQuickGames) is checked against. It
|
|
||||||
// counts active and still-open quick games (including honest-AI ones) and excludes
|
|
||||||
// friend games created by invitation and finished games. See Store.CountActiveQuickGames.
|
|
||||||
func (svc *Service) CountActiveQuickGames(ctx context.Context, accountID uuid.UUID) (int, error) {
|
|
||||||
return svc.store.CountActiveQuickGames(ctx, accountID)
|
|
||||||
}
|
|
||||||
|
|
||||||
// HideGame hides a finished game from accountID's own lobby (it stays visible to the other
|
// HideGame hides a finished game from accountID's own lobby (it stays visible to the other
|
||||||
// players); it is irreversible by design. Only a player of a finished game may hide it
|
// players); it is irreversible by design. Only a player of a finished game may hide it
|
||||||
// (ErrNotAPlayer / ErrGameActive otherwise); hiding an already-hidden game is a no-op.
|
// (ErrNotAPlayer / ErrGameActive otherwise); hiding an already-hidden game is a no-op.
|
||||||
@@ -1363,30 +1495,53 @@ func (svc *Service) SetupDraws(ctx context.Context, gameID uuid.UUID) ([]SetupDr
|
|||||||
return svc.store.SetupDraws(ctx, gameID)
|
return svc.store.SetupDraws(ctx, gameID)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ExportGCG renders a game as GCG text from the journal alone (no dictionary). It
|
// ExportView returns a finished game with its journal and per-seat display names —
|
||||||
// is allowed only on a finished game: exporting an in-progress game would leak the
|
// the material every export artifact (the GCG text, the PNG render payload) is built
|
||||||
// full move journal mid-play, so an active game yields ErrGameActive.
|
// from. It is allowed only on a finished game: exporting an in-progress game would
|
||||||
func (svc *Service) ExportGCG(ctx context.Context, gameID uuid.UUID) (string, error) {
|
// leak the full move journal mid-play, so an active game yields ErrGameActive. In an
|
||||||
|
// honest-AI game the robot seat is labelled "AI", not its pool name.
|
||||||
|
func (svc *Service) ExportView(ctx context.Context, gameID uuid.UUID) (Game, []HistoryMove, []string, error) {
|
||||||
g, err := svc.store.GetGame(ctx, gameID)
|
g, err := svc.store.GetGame(ctx, gameID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return Game{}, nil, nil, err
|
||||||
}
|
}
|
||||||
if g.Status != StatusFinished {
|
if g.Status != StatusFinished {
|
||||||
return "", ErrGameActive
|
return Game{}, nil, nil, ErrGameActive
|
||||||
}
|
}
|
||||||
moves, err := svc.store.GetJournal(ctx, gameID)
|
moves, err := svc.store.GetJournal(ctx, gameID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return Game{}, nil, nil, err
|
||||||
}
|
}
|
||||||
names := svc.seatNames(ctx, g)
|
names := svc.seatNames(ctx, g)
|
||||||
if g.VsAI {
|
if g.VsAI {
|
||||||
// Label the robot seat "AI" in an honest-AI game's export, not its pool name.
|
|
||||||
for _, s := range g.Seats {
|
for _, s := range g.Seats {
|
||||||
if robot, err := svc.accounts.IsRobot(ctx, s.AccountID); err == nil && robot {
|
if robot, err := svc.accounts.IsRobot(ctx, s.AccountID); err == nil && robot {
|
||||||
names[s.Seat] = aiPlayerName
|
names[s.Seat] = aiPlayerName
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return g, moves, names, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// EnsureExportable reports whether a game may be exported (it exists and is
|
||||||
|
// finished) without loading the journal — the export-URL mint check.
|
||||||
|
func (svc *Service) EnsureExportable(ctx context.Context, gameID uuid.UUID) error {
|
||||||
|
g, err := svc.store.GetGame(ctx, gameID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if g.Status != StatusFinished {
|
||||||
|
return ErrGameActive
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExportGCG renders a game as GCG text from the journal alone (no dictionary).
|
||||||
|
func (svc *Service) ExportGCG(ctx context.Context, gameID uuid.UUID) (string, error) {
|
||||||
|
g, moves, names, err := svc.ExportView(ctx, gameID)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
return writeGCG(g, names, moves), nil
|
return writeGCG(g, names, moves), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1649,10 +1804,18 @@ func (svc *Service) lookupWord(variant engine.Variant, version, word string) (bo
|
|||||||
return present, nil
|
return present, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// hintsRemaining is a player's remaining hint budget: the unspent per-game
|
// DictBytes returns the raw serialized dictionary for the (variant, version) pair
|
||||||
// allowance plus the profile wallet.
|
// from the registry, backing the client-side dictionary download used by the
|
||||||
func hintsRemaining(allowance, used, wallet int) int {
|
// local move preview. It surfaces engine.ErrUnknownVariant /
|
||||||
return max(0, allowance-used) + wallet
|
// engine.ErrUnknownVersion when that dictionary is not resident.
|
||||||
|
func (svc *Service) DictBytes(variant engine.Variant, version string) ([]byte, error) {
|
||||||
|
return svc.registry.DictBytes(variant, version)
|
||||||
|
}
|
||||||
|
|
||||||
|
// hintsRemaining is the unspent per-game hint allowance. The purchasable wallet is separate,
|
||||||
|
// carried on the profile (payments), and the client adds it (lib/hints.hintsLeft).
|
||||||
|
func hintsRemaining(allowance, used int) int {
|
||||||
|
return max(0, allowance-used)
|
||||||
}
|
}
|
||||||
|
|
||||||
// allowedTimeout reports whether d is one of the offered move clocks.
|
// allowedTimeout reports whether d is one of the offered move clocks.
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ import (
|
|||||||
|
|
||||||
"scrabble/backend/internal/account"
|
"scrabble/backend/internal/account"
|
||||||
"scrabble/backend/internal/engine"
|
"scrabble/backend/internal/engine"
|
||||||
|
"scrabble/backend/internal/gamelimits"
|
||||||
"scrabble/backend/internal/postgres/jet/backend/model"
|
"scrabble/backend/internal/postgres/jet/backend/model"
|
||||||
"scrabble/backend/internal/postgres/jet/backend/table"
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
)
|
)
|
||||||
@@ -45,6 +46,8 @@ type gameInsert struct {
|
|||||||
multipleWordsPerTurn bool
|
multipleWordsPerTurn bool
|
||||||
// vsAI marks an honest-AI game (games.vs_ai).
|
// vsAI marks an honest-AI game (games.vs_ai).
|
||||||
vsAI bool
|
vsAI bool
|
||||||
|
// kind tags the game's origin (games.game_kind) for the active-game limits.
|
||||||
|
kind gamelimits.Kind
|
||||||
// status is the lifecycle state to create the game in: StatusActive for a normal
|
// status is the lifecycle state to create the game in: StatusActive for a normal
|
||||||
// seated game, StatusOpen for an auto-match game still awaiting an opponent. An
|
// seated game, StatusOpen for an auto-match game still awaiting an opponent. An
|
||||||
// empty string defaults to StatusActive.
|
// empty string defaults to StatusActive.
|
||||||
@@ -138,6 +141,20 @@ func (s *Store) CreateGame(ctx context.Context, ins gameInsert, seats []seatInse
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountActiveByKind counts the account's active (open or in-progress) games of the given kind — the
|
||||||
|
// per-tier active-game limit is checked against it before a new game of that kind is created.
|
||||||
|
func (s *Store) CountActiveByKind(ctx context.Context, accountID uuid.UUID, kind gamelimits.Kind) (int, error) {
|
||||||
|
var n int
|
||||||
|
if err := s.db.QueryRowContext(ctx,
|
||||||
|
`SELECT count(*) FROM backend.games g
|
||||||
|
JOIN backend.game_players p ON p.game_id = g.game_id
|
||||||
|
WHERE p.account_id = $1 AND g.game_kind = $2 AND g.status IN ('open', 'active')`,
|
||||||
|
accountID, int16(kind)).Scan(&n); err != nil {
|
||||||
|
return 0, fmt.Errorf("game: count active by kind %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
return n, nil
|
||||||
|
}
|
||||||
|
|
||||||
// insertGameTx inserts the games row and one game_players row per seat (seat 0
|
// insertGameTx inserts the games row and one game_players row per seat (seat 0
|
||||||
// first) on tx, stamping each seat's display-name snapshot. A seat whose account id is
|
// first) on tx, stamping each seat's display-name snapshot. A seat whose account id is
|
||||||
// uuid.Nil is written with a NULL account_id (and an empty snapshot) — the still-empty
|
// uuid.Nil is written with a NULL account_id (and an empty snapshot) — the still-empty
|
||||||
@@ -155,9 +172,9 @@ func insertGameTx(ctx context.Context, tx *sql.Tx, ins gameInsert, seats []seatI
|
|||||||
table.Games.GameID, table.Games.Variant, table.Games.DictVersion, table.Games.Seed,
|
table.Games.GameID, table.Games.Variant, table.Games.DictVersion, table.Games.Seed,
|
||||||
table.Games.Status, table.Games.Players, table.Games.TurnTimeoutSecs,
|
table.Games.Status, table.Games.Players, table.Games.TurnTimeoutSecs,
|
||||||
table.Games.HintsAllowed, table.Games.HintsPerPlayer, table.Games.OpenDeadlineAt,
|
table.Games.HintsAllowed, table.Games.HintsPerPlayer, table.Games.OpenDeadlineAt,
|
||||||
table.Games.DropoutTiles, table.Games.MultipleWordsPerTurn, table.Games.VsAi,
|
table.Games.DropoutTiles, table.Games.MultipleWordsPerTurn, table.Games.VsAi, table.Games.GameKind,
|
||||||
).VALUES(ins.id, ins.variant, ins.dictVersion, ins.seed, status, ins.players,
|
).VALUES(ins.id, ins.variant, ins.dictVersion, ins.seed, status, ins.players,
|
||||||
ins.turnTimeoutSecs, ins.hintsAllowed, ins.hintsPerPlayer, deadline, ins.dropoutTiles, ins.multipleWordsPerTurn, ins.vsAI)
|
ins.turnTimeoutSecs, ins.hintsAllowed, ins.hintsPerPlayer, deadline, ins.dropoutTiles, ins.multipleWordsPerTurn, ins.vsAI, int16(ins.kind))
|
||||||
if _, err := gi.ExecContext(ctx, tx); err != nil {
|
if _, err := gi.ExecContext(ctx, tx); err != nil {
|
||||||
return fmt.Errorf("insert game: %w", err)
|
return fmt.Errorf("insert game: %w", err)
|
||||||
}
|
}
|
||||||
@@ -501,28 +518,6 @@ func (s *Store) ListGamesForAccount(ctx context.Context, accountID uuid.UUID) ([
|
|||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CountActiveQuickGames counts the account's in-progress quick games — the ones the
|
|
||||||
// simultaneous-game limit (MaxActiveQuickGames) is checked against. It includes both
|
|
||||||
// active and still-open (awaiting-opponent) games, the honest-AI ones among them, and
|
|
||||||
// excludes friend games (those linked to a game_invitations row) and finished games.
|
|
||||||
// A hidden game still occupies a slot, so this is a dedicated count rather than a
|
|
||||||
// filter over ListGamesForAccount (which drops hidden games). Joining on the account's
|
|
||||||
// own seat counts each game once (an open game's empty opponent seat has no account).
|
|
||||||
func (s *Store) CountActiveQuickGames(ctx context.Context, accountID uuid.UUID) (int, error) {
|
|
||||||
// The status literals are game.StatusActive / game.StatusOpen, matching the
|
|
||||||
// games.status CHECK in the baseline migration.
|
|
||||||
const q = `
|
|
||||||
SELECT COUNT(*) FROM backend.games g
|
|
||||||
JOIN backend.game_players gp ON gp.game_id = g.game_id
|
|
||||||
LEFT JOIN backend.game_invitations gi ON gi.game_id = g.game_id
|
|
||||||
WHERE gp.account_id = $1 AND g.status IN ('active', 'open') AND gi.game_id IS NULL`
|
|
||||||
var n int
|
|
||||||
if err := s.db.QueryRowContext(ctx, q, accountID).Scan(&n); err != nil {
|
|
||||||
return 0, fmt.Errorf("game: count active quick games: %w", err)
|
|
||||||
}
|
|
||||||
return n, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// HideGame hides a game from the account's own lobby list (idempotent). The caller validates the
|
// HideGame hides a game from the account's own lobby list (idempotent). The caller validates the
|
||||||
// game is finished and the account is a player.
|
// game is finished and the account is a player.
|
||||||
func (s *Store) HideGame(ctx context.Context, accountID, gameID uuid.UUID) error {
|
func (s *Store) HideGame(ctx context.Context, accountID, gameID uuid.UUID) error {
|
||||||
@@ -1040,6 +1035,19 @@ func (s *Store) CountComplaints(ctx context.Context, status string) (int, error)
|
|||||||
return int(dest.Count), nil
|
return int(dest.Count), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountComplaintsSince counts word complaints filed strictly after since — the operator
|
||||||
|
// alert worker's "new since the last check" signal.
|
||||||
|
func (s *Store) CountComplaintsSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
stmt := postgres.SELECT(postgres.COUNT(table.Complaints.ComplaintID).AS("count")).
|
||||||
|
FROM(table.Complaints).
|
||||||
|
WHERE(table.Complaints.CreatedAt.GT(postgres.TimestampzT(since)))
|
||||||
|
var dest struct{ Count int64 }
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &dest); err != nil {
|
||||||
|
return 0, fmt.Errorf("game: count complaints since: %w", err)
|
||||||
|
}
|
||||||
|
return int(dest.Count), nil
|
||||||
|
}
|
||||||
|
|
||||||
// ActiveGames returns the turn clocks of every in-progress game; the sweeper
|
// ActiveGames returns the turn clocks of every in-progress game; the sweeper
|
||||||
// filters them against the per-move deadline and the player's away window.
|
// filters them against the per-move deadline and the player's away window.
|
||||||
func (s *Store) ActiveGames(ctx context.Context) ([]activeGame, error) {
|
func (s *Store) ActiveGames(ctx context.Context) ([]activeGame, error) {
|
||||||
@@ -1348,6 +1356,7 @@ func projectGame(g model.Games, seats []model.GamePlayers) (Game, error) {
|
|||||||
}
|
}
|
||||||
out.MultipleWordsPerTurn = g.MultipleWordsPerTurn
|
out.MultipleWordsPerTurn = g.MultipleWordsPerTurn
|
||||||
out.VsAI = g.VsAi
|
out.VsAI = g.VsAi
|
||||||
|
out.Kind = gamelimits.Kind(g.GameKind)
|
||||||
if g.EndReason != nil {
|
if g.EndReason != nil {
|
||||||
out.EndReason = *g.EndReason
|
out.EndReason = *g.EndReason
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ import (
|
|||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
|
||||||
"scrabble/backend/internal/engine"
|
"scrabble/backend/internal/engine"
|
||||||
|
"scrabble/backend/internal/gamelimits"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Status values persisted in the games.status column.
|
// Status values persisted in the games.status column.
|
||||||
@@ -65,6 +66,10 @@ var (
|
|||||||
ErrNoHintsLeft = errors.New("game: no hints remaining")
|
ErrNoHintsLeft = errors.New("game: no hints remaining")
|
||||||
// ErrNoHintAvailable is returned when the player has no legal play to reveal.
|
// ErrNoHintAvailable is returned when the player has no legal play to reveal.
|
||||||
ErrNoHintAvailable = errors.New("game: no legal move to suggest")
|
ErrNoHintAvailable = errors.New("game: no legal move to suggest")
|
||||||
|
// ErrHintLocked is returned when a vs_ai game's idle hint is still gated (the player has not yet
|
||||||
|
// been stuck the idle window since the robot's last move). The client normally pre-gates from
|
||||||
|
// StateView.HintUnlockLeftSeconds, so this is the authoritative server-clock backstop.
|
||||||
|
ErrHintLocked = errors.New("game: hint is not available yet")
|
||||||
// ErrGameLimitReached is returned when an account already holds MaxActiveQuickGames
|
// ErrGameLimitReached is returned when an account already holds MaxActiveQuickGames
|
||||||
// simultaneous quick games and tries to create another game (quick or by invitation).
|
// simultaneous quick games and tries to create another game (quick or by invitation).
|
||||||
ErrGameLimitReached = errors.New("game: simultaneous game limit reached")
|
ErrGameLimitReached = errors.New("game: simultaneous game limit reached")
|
||||||
@@ -90,15 +95,6 @@ const DefaultTurnTimeout = 24 * time.Hour
|
|||||||
// one of AllowedTurnTimeouts (never offered in the creation UI).
|
// one of AllowedTurnTimeouts (never offered in the creation UI).
|
||||||
const AIInactivityTimeout = 7 * 24 * time.Hour
|
const AIInactivityTimeout = 7 * 24 * time.Hour
|
||||||
|
|
||||||
// MaxActiveQuickGames is the cap on a player's simultaneous quick games (human
|
|
||||||
// auto-match and honest-AI), counting both in-progress (StatusActive) and
|
|
||||||
// still-open, awaiting-opponent (StatusOpen) games. Friend games created by
|
|
||||||
// invitation are not counted. At the cap the backend refuses to create a new game
|
|
||||||
// of any kind — quick or by invitation — and the lobby disables "New Game";
|
|
||||||
// accepting an incoming invitation is always allowed. See
|
|
||||||
// Store.CountActiveQuickGames.
|
|
||||||
const MaxActiveQuickGames = 10
|
|
||||||
|
|
||||||
// aiPlayerName labels the robot seat in an honest-AI game's GCG export, so a downloaded
|
// aiPlayerName labels the robot seat in an honest-AI game's GCG export, so a downloaded
|
||||||
// game file shows a clean "AI" rather than the robot's human-like pool name (the in-app
|
// game file shows a clean "AI" rather than the robot's human-like pool name (the in-app
|
||||||
// UI shows 🤖 from the game's vs_ai flag).
|
// UI shows 🤖 from the game's vs_ai flag).
|
||||||
@@ -121,6 +117,10 @@ type CreateParams struct {
|
|||||||
// robot is seated at once, the move clock is AIInactivityTimeout, and chat/nudge
|
// robot is seated at once, the move clock is AIInactivityTimeout, and chat/nudge
|
||||||
// and finish-time statistics are suppressed. Set by the lobby's AI-match path.
|
// and finish-time statistics are suppressed. Set by the lobby's AI-match path.
|
||||||
VsAI bool
|
VsAI bool
|
||||||
|
// Kind tags the game's origin (games.game_kind) for the active-game limits: vs_ai / random /
|
||||||
|
// friends. The lobby sets it; a zero (unknown) kind is never gated. The active-game limit itself
|
||||||
|
// is enforced at the new-game handler (Server.ensureUnderGameLimit), not here.
|
||||||
|
Kind gamelimits.Kind
|
||||||
}
|
}
|
||||||
|
|
||||||
// Game is the persisted state of a match: the games row joined with its seats.
|
// Game is the persisted state of a match: the games row joined with its seats.
|
||||||
@@ -147,6 +147,9 @@ type Game struct {
|
|||||||
// VsAI is true for an honest-AI game (games.vs_ai): the opponent is a robot the
|
// VsAI is true for an honest-AI game (games.vs_ai): the opponent is a robot the
|
||||||
// player knowingly chose, shown as 🤖, with chat/nudge disabled and no statistics.
|
// player knowingly chose, shown as 🤖, with chat/nudge disabled and no statistics.
|
||||||
VsAI bool
|
VsAI bool
|
||||||
|
// Kind is the game's origin tag (games.game_kind) for the active-game limits: vs_ai / random /
|
||||||
|
// friends, or unknown for an untagged game. Read-only projection; set once on creation.
|
||||||
|
Kind gamelimits.Kind
|
||||||
}
|
}
|
||||||
|
|
||||||
// Seat is one player's standing in a game.
|
// Seat is one player's standing in a game.
|
||||||
@@ -207,10 +210,9 @@ type MoveResult struct {
|
|||||||
BagLen int
|
BagLen int
|
||||||
}
|
}
|
||||||
|
|
||||||
// HintResult is a revealed hint and the requesting player's remaining hint
|
// HintResult is a revealed hint with the per-seat allowance remaining (HintsRemaining) and the
|
||||||
// budget (per-seat allowance plus profile wallet) after spending one. WalletBalance is
|
// purchasable hint wallet after spending one (WalletBalance, from payments). The client adopts
|
||||||
// the global wallet alone, so the client can keep its live wallet authoritative and
|
// WalletBalance into the profile so the badge stays live across games (lib/hints).
|
||||||
// re-derive the per-game allowance (HintsRemaining - WalletBalance).
|
|
||||||
type HintResult struct {
|
type HintResult struct {
|
||||||
Move engine.MoveRecord
|
Move engine.MoveRecord
|
||||||
HintsRemaining int
|
HintsRemaining int
|
||||||
@@ -237,9 +239,11 @@ type StateView struct {
|
|||||||
Rack []string
|
Rack []string
|
||||||
BagLen int
|
BagLen int
|
||||||
HintsRemaining int
|
HintsRemaining int
|
||||||
// WalletBalance is the player's global hint-wallet balance alone (HintsRemaining folds
|
// HintUnlockLeftSeconds is, for a vs_ai game on the requesting player's turn, the seconds left
|
||||||
// it in with the per-game allowance), so the client keeps the wallet live across games.
|
// until the idle hint unlocks (the robot's last move plus the idle window, from the server clock);
|
||||||
WalletBalance int
|
// 0 for the human's first move, when it is not their turn, or a non-vs_ai game. The vs_ai hint is
|
||||||
|
// unlimited and wallet-free; this idle gate replaces the allowance/wallet for it.
|
||||||
|
HintUnlockLeftSeconds int
|
||||||
}
|
}
|
||||||
|
|
||||||
// HistoryMove is one decoded journal row, independent of any dictionary.
|
// HistoryMove is one decoded journal row, independent of any dictionary.
|
||||||
|
|||||||
@@ -0,0 +1,45 @@
|
|||||||
|
package game
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// compareDictVersions orders two dictionary version labels of the shape "vMAJOR.MINOR.PATCH"
|
||||||
|
// numerically, returning -1, 0 or +1 as a is less than, equal to or greater than b. Labels
|
||||||
|
// that do not parse fall back to a byte comparison, so the ordering is always total (a mixed
|
||||||
|
// or malformed pair never crashes the boot-time active-version reconcile).
|
||||||
|
func compareDictVersions(a, b string) int {
|
||||||
|
pa, oka := parseDictVersion(a)
|
||||||
|
pb, okb := parseDictVersion(b)
|
||||||
|
if !oka || !okb {
|
||||||
|
return strings.Compare(a, b)
|
||||||
|
}
|
||||||
|
for i := range pa {
|
||||||
|
if pa[i] != pb[i] {
|
||||||
|
if pa[i] < pb[i] {
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
// parseDictVersion parses a "vMAJOR.MINOR.PATCH" label into its three numeric parts, reporting
|
||||||
|
// whether it matched that shape.
|
||||||
|
func parseDictVersion(v string) ([3]int, bool) {
|
||||||
|
parts := strings.Split(strings.TrimPrefix(v, "v"), ".")
|
||||||
|
if len(parts) != 3 {
|
||||||
|
return [3]int{}, false
|
||||||
|
}
|
||||||
|
var out [3]int
|
||||||
|
for i, p := range parts {
|
||||||
|
n, err := strconv.Atoi(p)
|
||||||
|
if err != nil {
|
||||||
|
return [3]int{}, false
|
||||||
|
}
|
||||||
|
out[i] = n
|
||||||
|
}
|
||||||
|
return out, true
|
||||||
|
}
|
||||||
@@ -0,0 +1,37 @@
|
|||||||
|
package game
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
func TestCompareDictVersions(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
a, b string
|
||||||
|
want int
|
||||||
|
}{
|
||||||
|
{"v1.3.0", "v1.3.1", -1},
|
||||||
|
{"v1.3.1", "v1.3.0", 1},
|
||||||
|
{"v1.3.1", "v1.3.1", 0},
|
||||||
|
{"v1.3.9", "v1.3.10", -1}, // numeric, not lexical
|
||||||
|
{"v1.10.0", "v1.9.0", 1},
|
||||||
|
{"v2.0.0", "v1.9.9", 1},
|
||||||
|
{"1.3.1", "v1.3.1", 0}, // the leading v is optional
|
||||||
|
// Non-semver falls back to a byte comparison, keeping the ordering total.
|
||||||
|
{"weird", "weird", 0},
|
||||||
|
{"a", "b", -1},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
if got := compareDictVersions(c.a, c.b); sign(got) != c.want {
|
||||||
|
t.Errorf("compareDictVersions(%q, %q) = %d, want sign %d", c.a, c.b, got, c.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func sign(n int) int {
|
||||||
|
switch {
|
||||||
|
case n < 0:
|
||||||
|
return -1
|
||||||
|
case n > 0:
|
||||||
|
return 1
|
||||||
|
default:
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,149 @@
|
|||||||
|
// Package gamelimits holds the per-tier, per-kind active-game caps (a guest funnel) with a hot
|
||||||
|
// in-memory cache over the single-row backend.config, so a login or a game-create never queries it.
|
||||||
|
package gamelimits
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"fmt"
|
||||||
|
"sync"
|
||||||
|
|
||||||
|
"github.com/go-jet/jet/v2/postgres"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/model"
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Kind is a game's kind, mirroring backend.games.game_kind. 0 (unknown) is an untagged game, never gated.
|
||||||
|
type Kind int16
|
||||||
|
|
||||||
|
const (
|
||||||
|
KindUnknown Kind = 0
|
||||||
|
KindVsAI Kind = 1
|
||||||
|
KindRandom Kind = 2
|
||||||
|
KindFriends Kind = 3
|
||||||
|
)
|
||||||
|
|
||||||
|
// String returns the kind's label for admin game lists and logs.
|
||||||
|
func (k Kind) String() string {
|
||||||
|
switch k {
|
||||||
|
case KindVsAI:
|
||||||
|
return "vs_ai"
|
||||||
|
case KindRandom:
|
||||||
|
return "random"
|
||||||
|
case KindFriends:
|
||||||
|
return "friends"
|
||||||
|
default:
|
||||||
|
return "unknown"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Unlimited is the limit sentinel meaning no cap.
|
||||||
|
const Unlimited = -1
|
||||||
|
|
||||||
|
// Limits is a tier's active-game caps per kind (-1 = unlimited).
|
||||||
|
type Limits struct {
|
||||||
|
VsAI int
|
||||||
|
Random int
|
||||||
|
Friends int
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cap returns the limit for kind; the unknown kind is never capped.
|
||||||
|
func (l Limits) Cap(kind Kind) int {
|
||||||
|
switch kind {
|
||||||
|
case KindVsAI:
|
||||||
|
return l.VsAI
|
||||||
|
case KindRandom:
|
||||||
|
return l.Random
|
||||||
|
case KindFriends:
|
||||||
|
return l.Friends
|
||||||
|
default:
|
||||||
|
return Unlimited
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Config is the per-tier limit config (the single backend.config row).
|
||||||
|
type Config struct {
|
||||||
|
Guest Limits
|
||||||
|
Durable Limits
|
||||||
|
}
|
||||||
|
|
||||||
|
// Store reads and writes the single-row backend.config.
|
||||||
|
type Store struct{ db *sql.DB }
|
||||||
|
|
||||||
|
// NewStore constructs a Store over db.
|
||||||
|
func NewStore(db *sql.DB) *Store { return &Store{db: db} }
|
||||||
|
|
||||||
|
func (s *Store) load(ctx context.Context) (Config, error) {
|
||||||
|
var c model.Config
|
||||||
|
if err := postgres.SELECT(table.Config.AllColumns).FROM(table.Config).LIMIT(1).
|
||||||
|
QueryContext(ctx, s.db, &c); err != nil {
|
||||||
|
return Config{}, fmt.Errorf("gamelimits: load config: %w", err)
|
||||||
|
}
|
||||||
|
return Config{
|
||||||
|
Guest: Limits{VsAI: int(c.GuestVsAiLimit), Random: int(c.GuestRandomLimit), Friends: int(c.GuestFriendsLimit)},
|
||||||
|
Durable: Limits{VsAI: int(c.DurableVsAiLimit), Random: int(c.DurableRandomLimit), Friends: int(c.DurableFriendsLimit)},
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Store) save(ctx context.Context, c Config) error {
|
||||||
|
if _, err := s.db.ExecContext(ctx,
|
||||||
|
`UPDATE backend.config SET guest_vs_ai_limit=$1, guest_random_limit=$2, guest_friends_limit=$3,
|
||||||
|
durable_vs_ai_limit=$4, durable_random_limit=$5, durable_friends_limit=$6 WHERE only_row`,
|
||||||
|
c.Guest.VsAI, c.Guest.Random, c.Guest.Friends, c.Durable.VsAI, c.Durable.Random, c.Durable.Friends); err != nil {
|
||||||
|
return fmt.Errorf("gamelimits: save config: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Service fronts the config with an in-memory cache (single-instance, matching the deploy). Load
|
||||||
|
// once at startup; Update after an admin edit refreshes it in place.
|
||||||
|
type Service struct {
|
||||||
|
store *Store
|
||||||
|
mu sync.RWMutex
|
||||||
|
cfg Config
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewService constructs a Service over store. Call Load before serving.
|
||||||
|
func NewService(store *Store) *Service { return &Service{store: store} }
|
||||||
|
|
||||||
|
// Load reads the config into the cache. Call once at startup.
|
||||||
|
func (s *Service) Load(ctx context.Context) error {
|
||||||
|
c, err := s.store.load(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
s.set(c)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Service) set(c Config) {
|
||||||
|
s.mu.Lock()
|
||||||
|
s.cfg = c
|
||||||
|
s.mu.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get returns the cached config.
|
||||||
|
func (s *Service) Get() Config {
|
||||||
|
s.mu.RLock()
|
||||||
|
defer s.mu.RUnlock()
|
||||||
|
return s.cfg
|
||||||
|
}
|
||||||
|
|
||||||
|
// LimitsFor returns the cached limits for the account tier (guest or durable).
|
||||||
|
func (s *Service) LimitsFor(isGuest bool) Limits {
|
||||||
|
c := s.Get()
|
||||||
|
if isGuest {
|
||||||
|
return c.Guest
|
||||||
|
}
|
||||||
|
return c.Durable
|
||||||
|
}
|
||||||
|
|
||||||
|
// Update saves the config and refreshes the cache in place (the admin edit).
|
||||||
|
func (s *Service) Update(ctx context.Context, c Config) error {
|
||||||
|
if err := s.store.save(ctx, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
s.set(c)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -0,0 +1,44 @@
|
|||||||
|
package gamelimits
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
// TestLimitsCap checks Cap maps each kind to its field and leaves the unknown kind uncapped, so a
|
||||||
|
// untagged game (game_kind 0) is never gated.
|
||||||
|
func TestLimitsCap(t *testing.T) {
|
||||||
|
l := Limits{VsAI: 1, Random: 2, Friends: 3}
|
||||||
|
for _, tc := range []struct {
|
||||||
|
kind Kind
|
||||||
|
want int
|
||||||
|
}{
|
||||||
|
{KindVsAI, 1},
|
||||||
|
{KindRandom, 2},
|
||||||
|
{KindFriends, 3},
|
||||||
|
{KindUnknown, Unlimited},
|
||||||
|
{Kind(99), Unlimited},
|
||||||
|
} {
|
||||||
|
if got := l.Cap(tc.kind); got != tc.want {
|
||||||
|
t.Errorf("Cap(%d) = %d, want %d", tc.kind, got, tc.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestServiceLimitsForTier checks LimitsFor selects the guest or durable tier from the cached config.
|
||||||
|
func TestServiceLimitsForTier(t *testing.T) {
|
||||||
|
svc := NewService(nil)
|
||||||
|
svc.set(Config{
|
||||||
|
Guest: Limits{VsAI: 1, Random: 1, Friends: 0},
|
||||||
|
Durable: Limits{VsAI: 10, Random: 10, Friends: 10},
|
||||||
|
})
|
||||||
|
|
||||||
|
if got := svc.LimitsFor(true); got != (Limits{VsAI: 1, Random: 1, Friends: 0}) {
|
||||||
|
t.Errorf("guest limits = %+v, want {1 1 0}", got)
|
||||||
|
}
|
||||||
|
if got := svc.LimitsFor(false); got != (Limits{VsAI: 10, Random: 10, Friends: 10}) {
|
||||||
|
t.Errorf("durable limits = %+v, want {10 10 10}", got)
|
||||||
|
}
|
||||||
|
// The unlimited sentinel resolves through the tier too.
|
||||||
|
svc.set(Config{Durable: Limits{VsAI: Unlimited, Random: Unlimited, Friends: Unlimited}})
|
||||||
|
if got := svc.LimitsFor(false).Cap(KindVsAI); got != Unlimited {
|
||||||
|
t.Errorf("durable vs_ai cap = %d, want unlimited (-1)", got)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -5,6 +5,7 @@ package inttest
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
|
"regexp"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -229,21 +230,40 @@ func TestProvisionSeedsTimeZone(t *testing.T) {
|
|||||||
t.Errorf("TimeZone = %q, want UTC fallback for a malformed offset", bad.TimeZone)
|
t.Errorf("TimeZone = %q, want UTC fallback for a malformed offset", bad.TimeZone)
|
||||||
}
|
}
|
||||||
|
|
||||||
// A guest is seeded its detected offset; an empty one keeps the UTC default.
|
// A guest is seeded its detected offset and interface language; an empty offset keeps the
|
||||||
guest, err := store.ProvisionGuest(ctx, "-05:30")
|
// UTC default and an empty/unsupported language keeps the 'en' default.
|
||||||
|
guest, err := store.ProvisionGuest(ctx, "-05:30", "ru")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision guest: %v", err)
|
t.Fatalf("provision guest: %v", err)
|
||||||
}
|
}
|
||||||
if guest.TimeZone != "-05:30" {
|
if guest.TimeZone != "-05:30" {
|
||||||
t.Errorf("guest TimeZone = %q, want the seeded -05:30", guest.TimeZone)
|
t.Errorf("guest TimeZone = %q, want the seeded -05:30", guest.TimeZone)
|
||||||
}
|
}
|
||||||
plainGuest, err := store.ProvisionGuest(ctx, "")
|
if guest.PreferredLanguage != "ru" {
|
||||||
|
t.Errorf("guest PreferredLanguage = %q, want the seeded ru", guest.PreferredLanguage)
|
||||||
|
}
|
||||||
|
// A guest's display name is "Guest" + a random six-digit suffix (distinct to opponents).
|
||||||
|
if m, _ := regexp.MatchString(`^Guest\d{6}$`, guest.DisplayName); !m {
|
||||||
|
t.Errorf("guest DisplayName = %q, want Guest + 6 digits", guest.DisplayName)
|
||||||
|
}
|
||||||
|
plainGuest, err := store.ProvisionGuest(ctx, "", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision plain guest: %v", err)
|
t.Fatalf("provision plain guest: %v", err)
|
||||||
}
|
}
|
||||||
if plainGuest.TimeZone != "UTC" {
|
if plainGuest.TimeZone != "UTC" {
|
||||||
t.Errorf("plain guest TimeZone = %q, want UTC default", plainGuest.TimeZone)
|
t.Errorf("plain guest TimeZone = %q, want UTC default", plainGuest.TimeZone)
|
||||||
}
|
}
|
||||||
|
if plainGuest.PreferredLanguage != "en" {
|
||||||
|
t.Errorf("plain guest PreferredLanguage = %q, want en default", plainGuest.PreferredLanguage)
|
||||||
|
}
|
||||||
|
// An unsupported locale falls back to the 'en' default rather than persisting a junk value.
|
||||||
|
frGuest, err := store.ProvisionGuest(ctx, "", "fr-FR")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision fr guest: %v", err)
|
||||||
|
}
|
||||||
|
if frGuest.PreferredLanguage != "en" {
|
||||||
|
t.Errorf("unsupported-locale guest PreferredLanguage = %q, want en default", frGuest.PreferredLanguage)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestProvisionTelegramUnknownLanguageDefaults checks an unsupported Telegram
|
// TestProvisionTelegramUnknownLanguageDefaults checks an unsupported Telegram
|
||||||
|
|||||||
@@ -0,0 +1,79 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/payments"
|
||||||
|
)
|
||||||
|
|
||||||
|
// benefitFor returns the account's benefit on the given origin from its statement.
|
||||||
|
func benefitFor(t *testing.T, pay *payments.Service, id uuid.UUID, origin payments.Source) payments.OriginBenefit {
|
||||||
|
t.Helper()
|
||||||
|
stmt, err := pay.AccountStatement(context.Background(), id)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("statement: %v", err)
|
||||||
|
}
|
||||||
|
for _, b := range stmt.Benefits {
|
||||||
|
if b.Origin == origin {
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return payments.OriginBenefit{}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestConsoleAdminGrant drives the admin grant: a raw benefit grant, a by-product grant of a reward
|
||||||
|
// bundle, and a refusal to grant a chips pack; the create is CSRF-guarded.
|
||||||
|
func TestConsoleAdminGrant(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
srv, _, pay := bannerServer(t)
|
||||||
|
h := srv.Handler()
|
||||||
|
id := provisionAccount(t)
|
||||||
|
const origin = "http://admin.test"
|
||||||
|
base := "http://admin.test/_gm/users/" + id.String()
|
||||||
|
|
||||||
|
// CSRF: a grant without the origin header is refused.
|
||||||
|
if code, _ := consoleDo(h, http.MethodPost, base+"/grant", "origin=direct&hints=1", ""); code != http.StatusForbidden {
|
||||||
|
t.Fatalf("grant without origin = %d, want 403", code)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Raw grant: 5 hints + 30 no-ads days to the direct origin.
|
||||||
|
if code, body := consoleDo(h, http.MethodPost, base+"/grant", "origin=direct&hints=5&noads=30", origin); code != http.StatusOK || !strings.Contains(body, "Granted") {
|
||||||
|
t.Fatalf("raw grant = %d, has 'Granted' = %v", code, strings.Contains(body, "Granted"))
|
||||||
|
}
|
||||||
|
if b := benefitFor(t, pay, id, payments.SourceDirect); b.Hints != 5 || b.AdsPaidUntil.IsZero() {
|
||||||
|
t.Fatalf("after raw grant: hints=%d adsUntil-zero=%v, want 5 hints + a no-ads term", b.Hints, b.AdsPaidUntil.IsZero())
|
||||||
|
}
|
||||||
|
|
||||||
|
// By-product grant: an archived reward bundle (3 hints) to vk.
|
||||||
|
reward, err := pay.CreateProduct(ctx, payments.ProductInput{
|
||||||
|
Title: "reward-3-hints", Atoms: []payments.AtomLine{{Atom: "hints", Quantity: 3}},
|
||||||
|
}, false)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("create reward: %v", err)
|
||||||
|
}
|
||||||
|
if code, body := consoleDo(h, http.MethodPost, base+"/grant-product", "origin=vk&product_id="+reward.String(), origin); code != http.StatusOK || !strings.Contains(body, "Granted") {
|
||||||
|
t.Fatalf("product grant = %d, has 'Granted' = %v", code, strings.Contains(body, "Granted"))
|
||||||
|
}
|
||||||
|
if b := benefitFor(t, pay, id, payments.SourceVK); b.Hints != 3 {
|
||||||
|
t.Fatalf("after product grant: vk hints=%d, want 3", b.Hints)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A chips pack cannot be granted.
|
||||||
|
pack, err := pay.CreateProduct(ctx, payments.ProductInput{
|
||||||
|
Title: "grant-pack", Atoms: []payments.AtomLine{{Atom: "chips", Quantity: 100}},
|
||||||
|
Prices: []payments.PriceLine{{Method: "direct", Currency: payments.CurrencyRUB, Amount: 14900}},
|
||||||
|
}, true)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("create pack: %v", err)
|
||||||
|
}
|
||||||
|
if code, body := consoleDo(h, http.MethodPost, base+"/grant-product", "origin=direct&product_id="+pack.String(), origin); code != http.StatusOK || !strings.Contains(body, "cannot grant chips") {
|
||||||
|
t.Fatalf("chips grant = %d, has 'cannot grant chips' = %v", code, strings.Contains(body, "cannot grant chips"))
|
||||||
|
}
|
||||||
|
}
|
||||||