Compare commits
197 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 45957bdcd6 | |||
| fcedadcb5b | |||
| 2feb638329 | |||
| 4dfedd02a3 | |||
| 829e29a726 | |||
| 44117e906c | |||
| c90331b189 | |||
| 399508f2f0 | |||
| 0dfecc2af7 | |||
| 446ea2ac45 | |||
| 01a9249002 | |||
| 7dcd62fdd7 | |||
| d67e582c03 | |||
| 75fe07865a | |||
| 597e200f37 | |||
| 3ef18d33b6 | |||
| c8601c0115 | |||
| a0021d1994 | |||
| 4b4dcab9b6 | |||
| 7f85362288 | |||
| 72e9b600b0 | |||
| 0eefbfd6a4 | |||
| c680e695d3 | |||
| 2c465c01d2 | |||
| 60faa4f064 | |||
| 854c4b3005 | |||
| ec1bdfca00 | |||
| 70f0f9e36a | |||
| 55f6176538 | |||
| 8d2cd97e17 | |||
| f1a12c2f44 | |||
| 4cc37e5760 | |||
| 3faca690dd | |||
| c2a8426b74 | |||
| 251c7af3f6 | |||
| cabcd94d92 | |||
| aa2290b7b4 | |||
| fcde7d3db6 | |||
| d889edfdb9 | |||
| 52e6378f40 | |||
| 12af378b18 | |||
| 1598646021 | |||
| 710ab06333 | |||
| 61c7da271c | |||
| 029aa2d4cc | |||
| 3f4792a39b | |||
| 150660819a | |||
| 912096a0f1 | |||
| e4fc7f033d | |||
| b918217497 | |||
| a3eb4719de | |||
| 3a823ca7ef | |||
| 76e7916ff6 | |||
| 54af644429 | |||
| 356bf1a5ba | |||
| 1dca6741f1 | |||
| 77a18a3cc1 | |||
| 5804f7266e | |||
| 65f2c87a74 | |||
| 409462fc09 | |||
| 762155a55e | |||
| 25d80bc31d | |||
| d5b4bba018 | |||
| 638c147cc0 | |||
| c702f1bdac | |||
| 01d02fcef6 | |||
| 9e0f929e40 | |||
| a29e00ee13 | |||
| 2207ac6132 | |||
| 3877b23894 | |||
| d5fbaa3034 | |||
| 16a4431158 | |||
| 422e3ccc2a | |||
| 946420db93 | |||
| a0eacf3011 | |||
| 622d3965a7 | |||
| 2ab01ed8f7 | |||
| 1ed624eaf1 | |||
| f3e2a6822b | |||
| 65063621a9 | |||
| 4e169c368d | |||
| aec915d5c1 | |||
| 5f574a765d | |||
| db17287113 | |||
| c864147982 | |||
| 2e8fa83814 | |||
| 5f87b3fa43 | |||
| 5689f7f6a3 | |||
| f0399e1bbc | |||
| e6c5198caa | |||
| 84cc56198e | |||
| 5f9b4a7a38 | |||
| 4458f0e545 | |||
| 41f26da9a7 | |||
| cf1d773c18 | |||
| 88b6761e28 | |||
| f4dbb545e0 | |||
| 71c3411276 | |||
| f9acea1d9a | |||
| adf7c55695 | |||
| 6636d7c309 | |||
| 90f2427fa7 | |||
| d0f860a33e | |||
| d1ceccf033 | |||
| 373aa2aa6d | |||
| 4a6fe318be | |||
| 3a18e683ca | |||
| 00441e3657 | |||
| 3b7c7c077e | |||
| e900d592f8 | |||
| d76f1f4026 | |||
| 0ea9764a0d | |||
| 6a5ce12fab | |||
| da17c18895 | |||
| 303348ed39 | |||
| a06dfe00fc | |||
| a88678c5c6 | |||
| 500a01cf97 | |||
| d9ede77e2f | |||
| 65c194264c | |||
| 13c22734ee | |||
| 7dabcd1317 | |||
| 93d086a8a3 | |||
| b03e012011 | |||
| 2495446a47 | |||
| 35705f7d1e | |||
| 4f0cc81dfb | |||
| 2ba7cc3086 | |||
| 29b6c7e4d8 | |||
| 8de9fb1ecd | |||
| 8a5a5d6c4d | |||
| ea931c6680 | |||
| d0f60ee41d | |||
| b84bd1297e | |||
| 0fb6004a8b | |||
| 8fe1bdba6b | |||
| c1d1c1624b | |||
| 9207664fbd | |||
| a4581663f4 | |||
| 03dfc29a54 | |||
| c02262fcf7 | |||
| f8fab4a4c2 | |||
| 7923b3cc09 | |||
| 10264e10c8 | |||
| fc1715128e | |||
| bb18dc362b | |||
| 4891216749 | |||
| d86e022373 | |||
| 6a602aefae | |||
| f1b8769c89 | |||
| e6277dcd43 | |||
| 37070c3cb7 | |||
| 53d6883ffd | |||
| 93c57b3558 | |||
| 6f00c2f41d | |||
| 79766438a2 | |||
| 6aa5023b24 | |||
| b6f28a2423 | |||
| 508dc870ec | |||
| e3899d4755 | |||
| ae5090b851 | |||
| 0c5d3808d7 | |||
| e32ee9ce68 | |||
| 18db62e19d | |||
| d4e34efa80 | |||
| 12ff6dad86 | |||
| 5a80696fe8 | |||
| d6401bb76c | |||
| e0a5753f1a | |||
| dc946a1faf | |||
| ba57687430 | |||
| 6cb88b28c4 | |||
| 46d569720c | |||
| 9253b1bdca | |||
| 384bd143d0 | |||
| 9d1ca213d6 | |||
| 1f78bb274b | |||
| 81b716569f | |||
| aa330b726e | |||
| d5369a0188 | |||
| 170a6ae9ef | |||
| ef2c2d1eb9 | |||
| 004aca4e97 | |||
| b78ce42922 | |||
| 08c2c5f660 | |||
| 06cc4c1edc | |||
| 90f0424de2 | |||
| c36543e54e | |||
| c5d22fceca | |||
| be1627936f | |||
| 1ba52dd0b4 | |||
| bb0e3e17e5 | |||
| 1ef2bde395 | |||
| 62f66735a3 | |||
| 81680a1d5e | |||
| a393561d79 | |||
| e3e4cedc77 |
@@ -0,0 +1,89 @@
|
|||||||
|
---
|
||||||
|
name: deploy-check
|
||||||
|
description: "Use before any deploy-touching change to this repo — phrases like '/deploy-check', 'is this prod-safe', 'before we deploy', 'deploy safety review', 'проверь перед деплоем', 'это безопасно для прода'. Runs a pre-deploy checklist of this project's hard-won runtime constraints against the current diff, so the crash classes that have bitten live environments get caught before shipping instead of after."
|
||||||
|
---
|
||||||
|
|
||||||
|
# Pre-deploy runtime-constraint check
|
||||||
|
|
||||||
|
Triggered before shipping anything that touches the deploy contour (Dockerfiles,
|
||||||
|
`deploy/`, Caddyfile, compose, migrations, boot guards, the Telegram side-service,
|
||||||
|
edge config). The worst frictions in this repo were never logic bugs — they were
|
||||||
|
**environment mismatches that crashed a live env and forced a redesign**. Run this
|
||||||
|
list against the diff first; turn crash-and-redesign into a single pass.
|
||||||
|
|
||||||
|
This checklist is a prompt, **not** the source of truth. The canonical detail
|
||||||
|
lives in `deploy/README.md`, `docs/ARCHITECTURE.md`, `docs/EDGE_HTTP3.md`, and the
|
||||||
|
agent memory files referenced below — read them when an item is in play, and add a
|
||||||
|
new class here when a new incident teaches one.
|
||||||
|
|
||||||
|
## How to run it
|
||||||
|
|
||||||
|
1. `git diff <base>...HEAD --stat` to see what the change actually touches.
|
||||||
|
2. For every risk class below that the diff touches, perform the **Check** and
|
||||||
|
report PASS / FAIL with the exact file:line to fix. Skip classes the diff does
|
||||||
|
not touch — say which you skipped and why.
|
||||||
|
3. Remember: **deploy-job green ≠ healthy**. CI's deploy probe has historically
|
||||||
|
passed with a dead backend (it only checked static landing+gateway). Verify the
|
||||||
|
real feature live (`/readyz`, the actual flow) after deploy, not just the green.
|
||||||
|
|
||||||
|
## Risk classes
|
||||||
|
|
||||||
|
### 1. Container user — distroless nonroot UID 65532
|
||||||
|
- **Bit us:** TLS keys `chmod 600` for the host owner crash-looped gateway + bot at
|
||||||
|
boot with "permission denied" — service images run UID 65532.
|
||||||
|
- **Check:** any new/changed mounted secret, key, or config file must be readable by
|
||||||
|
UID 65532 (`0644`, not `0600`). Scan the diff for file modes, `chmod`, and new
|
||||||
|
volume mounts. (memory: `distroless-nonroot-mounted-secrets`)
|
||||||
|
|
||||||
|
### 2. Caddy header pipeline ordering
|
||||||
|
- **Bit us:** `header_up delete` after `set` nulled the value (the honeypot tag went
|
||||||
|
empty); it passed CI and only showed up live.
|
||||||
|
- **Check:** in any Caddyfile change, verify the `set` / `delete` / `header_up`
|
||||||
|
ordering for every affected route, and test the tripwire/route on the live
|
||||||
|
contour, not just CI.
|
||||||
|
|
||||||
|
### 3. Edge Alt-Svc / HTTP3
|
||||||
|
- **Bit us:** edge advertised `Alt-Svc: h3` while UDP/443 was never exposed
|
||||||
|
(docker tcp-only + ufw tcp-only); clients cached it 30 days and stalled on dead
|
||||||
|
QUIC before falling back to h2 — Mini App "hangs on load".
|
||||||
|
- **Check:** any edge/caddy change keeps `Alt-Svc: clear` (or only advertises h3 if
|
||||||
|
UDP/443 is genuinely exposed). (memory: `tg-app-load-stall-dead-http3-altsvc`,
|
||||||
|
`docs/EDGE_HTTP3.md`)
|
||||||
|
|
||||||
|
### 4. Prod caddy config recreate
|
||||||
|
- **Bit us:** prod rolling deploy did **not** recreate caddy on a config-only change
|
||||||
|
(pinned `caddy:2-alpine` + `admin off`), so a new Caddyfile deployed GREEN but
|
||||||
|
stayed inert until a manual `docker restart`.
|
||||||
|
- **Check:** a config-only edge change must `--force-recreate` caddy in
|
||||||
|
`prod-deploy.sh` `roll()`; never trust deploy-green for edge config.
|
||||||
|
(memory: `prod-deploy-caddy-config-recreate`)
|
||||||
|
|
||||||
|
### 5. DICT_VERSION / dictionary boot
|
||||||
|
- **Bit us:** an early `DICT_VERSION` refuse-boot guard was wrong and crashed the
|
||||||
|
live env when bumped on a seeded volume; it had to be redesigned to "marker-wins".
|
||||||
|
- **Check:** any change touching `DICT_VERSION`, dict load, or the boot guard must
|
||||||
|
keep marker-wins semantics and survive a seeded volume **and** an image rollback.
|
||||||
|
`DICT_VERSION` is a required build-arg (no default), single-sourced. A new dict
|
||||||
|
goes live via the admin console upload, not a redeploy. (memory:
|
||||||
|
`dict-version-deploy-verify`, `contour-schema-change-wipe`)
|
||||||
|
|
||||||
|
### 6. Migrations — expand-contract + rollback safety
|
||||||
|
- **Bit us / risk:** a non-backward-compatible migration breaks image rollback (DB
|
||||||
|
ahead of rolled-back code).
|
||||||
|
- **Check:** migrations must be **expand-contract** (backward-compatible). A schema
|
||||||
|
change adds the maintenance window + a consistent `pg_dump` in prod-deploy. On the
|
||||||
|
**test contour**, a schema/wire-label change needs `DROP SCHEMA backend CASCADE` +
|
||||||
|
backend restart (new code vs old persisted DB), else the contour breaks. (memory:
|
||||||
|
`contour-schema-change-wipe`)
|
||||||
|
|
||||||
|
### 7. Telegram permission model
|
||||||
|
- **Bit us:** permissions are an **AND-intersection** — default-allow with explicit
|
||||||
|
denies, not default-deny; inverting it broke access.
|
||||||
|
- **Check:** any change to the Telegram permission / relay logic preserves the
|
||||||
|
AND-intersection default-allow shape. (memory: `telegram-forum-relay-gotchas`)
|
||||||
|
|
||||||
|
## Output
|
||||||
|
|
||||||
|
A short PASS/FAIL table over the classes the diff touches, each FAIL with the exact
|
||||||
|
file:line and the fix. If every touched class passes, say so plainly and name the
|
||||||
|
post-deploy live check to run (not just "CI green").
|
||||||
@@ -0,0 +1,175 @@
|
|||||||
|
# VK Mini App / VK Games — integration reference
|
||||||
|
|
||||||
|
Captured research + our implementation map, so a future session does not need to re-fetch
|
||||||
|
the VK docs. Authoritative external source: <https://dev.vk.com/> (the `dev.vk.com` portal
|
||||||
|
does not render via plain HTTP fetch; the facts below were cross-checked against the VKCOM
|
||||||
|
reference repos cited at the end and verified against our own Go implementation).
|
||||||
|
|
||||||
|
A VK **game** is technically a **VK Mini App**: an HTML5 SPA VK loads in an **iframe inside
|
||||||
|
vk.com** (desktop + mobile web) and in a **WebView** inside the VK mobile apps (iOS/Android).
|
||||||
|
We serve our existing SPA under a dedicated `/vk/` path, mirroring the Telegram `/telegram/`
|
||||||
|
entry — the single-origin, path-routed model.
|
||||||
|
|
||||||
|
## 1. Embedding model
|
||||||
|
|
||||||
|
- VK loads the app at the **Web iframe URL** configured in the app settings (HTTPS + valid
|
||||||
|
cert required), appending the signed launch parameters as the **URL query string**.
|
||||||
|
- An optional separate **Mobile iframe URL** is used by the VK mobile apps (we use the same).
|
||||||
|
- No special `X-Frame-Options` / CSP `frame-ancestors` is required from us — VK frames the
|
||||||
|
configured origin. (Our edge sets **no** framing headers today, so VK works as-is; see the
|
||||||
|
clickjacking note in §Security.)
|
||||||
|
- URL must match the settings exactly (scheme, host, no stray `www`/whitespace).
|
||||||
|
|
||||||
|
## 2. Launch parameters (URL query)
|
||||||
|
|
||||||
|
VK appends these to the iframe `src`. The `vk_*` set is what the signature covers.
|
||||||
|
|
||||||
|
| Param | Meaning |
|
||||||
|
| --- | --- |
|
||||||
|
| `vk_user_id` | signed-in VK user numeric id — **the identity** |
|
||||||
|
| `vk_app_id` | our registered app id |
|
||||||
|
| `vk_is_app_user` | 0/1 — user authorized/installed the app |
|
||||||
|
| `vk_are_notifications_enabled` | 0/1 |
|
||||||
|
| `vk_language` | 2-letter UI language (`ru`, `en`, …) |
|
||||||
|
| `vk_platform` | `mobile_iphone` \| `mobile_android` \| `mobile_web` \| `desktop_web` \| … |
|
||||||
|
| `vk_ts` | unix seconds when VK generated the params |
|
||||||
|
| `vk_ref` | where the app was opened from (`catalog`, `feed`, …) |
|
||||||
|
| `vk_access_token_settings` | comma-separated granted scopes (often empty) |
|
||||||
|
| `vk_group_id`, `vk_viewer_group_role`, `vk_is_favorite`, `vk_client` | optional/contextual |
|
||||||
|
| `sign` | **the signature** (see §3) — NOT part of the signed set |
|
||||||
|
|
||||||
|
Always present: `vk_user_id`, `vk_app_id`, `vk_platform`, `vk_ts`, `sign`.
|
||||||
|
|
||||||
|
The user's **name is NOT in the launch params** (only `vk_user_id`). Read it client-side via
|
||||||
|
`VKWebAppGetUserInfo` (see §4) — unsigned, so treat it as a cosmetic display seed only.
|
||||||
|
|
||||||
|
## 3. Signature verification (`sign`) — CONFIRMED base64url, not hex
|
||||||
|
|
||||||
|
Algorithm (verified against our `gateway/internal/vkauth` + an independent Python reference):
|
||||||
|
|
||||||
|
1. Collect the query params whose key starts with `vk_` (exclude `sign`).
|
||||||
|
2. Sort by key (alphabetical).
|
||||||
|
3. Serialize as a URL-encoded query string `k=v&k=v…` (Go `url.Values.Encode()` matches VK's
|
||||||
|
reference serialization for the constrained launch-param charset).
|
||||||
|
4. `HMAC-SHA256(serialized, secret)` where `secret` = the app's **«Защищённый ключ»**
|
||||||
|
(protected / secure key, a.k.a. client_secret) from the app settings.
|
||||||
|
5. **base64url, no padding** (`+`→`-`, `/`→`_`, strip `=`).
|
||||||
|
6. Constant-time compare against `sign`.
|
||||||
|
|
||||||
|
VK launch params have **no built-in expiry** (unlike Telegram's `auth_date`). We do NOT enforce
|
||||||
|
freshness — the minted server session is the short-lived credential; a replay only
|
||||||
|
re-authenticates the same `vk_user_id`.
|
||||||
|
|
||||||
|
Verified against the official doc <https://dev.vk.com/ru/mini-apps/development/launch-params-sign>
|
||||||
|
(prose + PHP example: base64url = `strtr('+/','-_')` + `rtrim('=')`) and reproduced identically by
|
||||||
|
independent Node `crypto` + Python references. **Doc-example caveat**: that page shows secret
|
||||||
|
`wvl68m4dR1UpLrVRli` → sign `exTIBP…`, but the secret is a **placeholder** — recomputing with it does
|
||||||
|
NOT yield the shown sign (it was made with the real, unshown key). Don't chase the mismatch; our
|
||||||
|
`vkauth.Verify` is correct (`gateway/internal/vkauth/vkauth_test.go` carries cross-checked vectors,
|
||||||
|
incl. the `%2C` comma case for `vk_access_token_settings`).
|
||||||
|
|
||||||
|
## 4. VK Bridge (client SDK)
|
||||||
|
|
||||||
|
`@vkontakte/vk-bridge` (npm, v3.x; bundled — `default` export `bridge`). Methods we use / may use:
|
||||||
|
|
||||||
|
- `VKWebAppInit` — **required**: tells VK the Mini App loaded (dismisses VK's loading cover).
|
||||||
|
- `VKWebAppGetUserInfo` — `{ id, first_name, last_name, photo_200, … }`; no extra scope needed.
|
||||||
|
- `VKWebAppGetLaunchParams` — parsed `vk_*` **without** `sign` (so NOT usable for our server
|
||||||
|
verification — read `window.location.search` instead, which carries `sign`).
|
||||||
|
- `VKWebAppGetAuthToken` — OAuth access token for VK API calls (only if we ever call VK API).
|
||||||
|
- `VKWebAppShare` — native share dialog (the friend-code invite uses it; `navigator.share` is absent
|
||||||
|
in the desktop VK iframe). **Used.**
|
||||||
|
- `VKWebAppCopyText` — clipboard copy that works inside the VK iframe, where `navigator.clipboard` is
|
||||||
|
blocked. **Used** as the copy-code / copy-link path.
|
||||||
|
- `VKWebAppUpdateConfig` (subscribe) — light/dark scheme; the app follows it while the theme pref is
|
||||||
|
"auto" (the VK webview's prefers-color-scheme does not track it). **Used.**
|
||||||
|
- `VKWebAppSetViewSettings` / `VKWebAppSetSwipeSettings` — viewport / swipe-back (mobile); not used.
|
||||||
|
- `VKWebAppUpdateInsets` (+ `VKWebAppUpdateConfig`) — device safe-area insets; the app **max'es** them
|
||||||
|
with CSS `env(safe-area-inset-*)` (viewport-fit=cover) so the bottom home bar is cleared. The bridge
|
||||||
|
value is needed on Android, where the VK webview exposes no `env()` inset. **Used.**
|
||||||
|
|
||||||
|
The bridge talks to the embedding VK client over postMessage; it is NOT an external fetch, so
|
||||||
|
it has no telegram.org-style load-hang risk. The SDK reads browser globals at import — we import
|
||||||
|
it **lazily** so the pure URL helpers stay node-test-importable.
|
||||||
|
|
||||||
|
**Deep links — NOT possible on VK (confirmed on the contour).** The VK iframe receives ONLY the signed
|
||||||
|
`vk_*` launch params (+ `sign`); VK strips any custom data from the app link. The documented
|
||||||
|
`vk.com/app<id>#<payload>` form is eaten by the vk.com SPA (which owns the URL hash), and a
|
||||||
|
`vk.com/app<id>?hash=<payload>` query is dropped (the diagnostic showed `rawSearch` with only `vk_*`
|
||||||
|
and an empty `hash`). So the friend-code invite link is just `vk.com/app<id>` (`vkShareLink`, app id
|
||||||
|
from `vk_app_id`); the recipient enters the **copied code by hand** (`VKWebAppCopyText` works). The
|
||||||
|
`vkStartParam` reader + the `bootVK` routing stay as a no-op today, ready if a post-moderation VK
|
||||||
|
channel (e.g. an invite API) ever delivers a payload.
|
||||||
|
|
||||||
|
## 5. Test mode (to verify before moderation)
|
||||||
|
|
||||||
|
1. App already registered (we have the App ID).
|
||||||
|
2. In the app settings (dev.vk.com / `vk.com/editapp?act=settings&app_id=<id>`):
|
||||||
|
- Category = **Игра** (Game).
|
||||||
|
- **Web iframe URL** = our public HTTPS `/vk/` (the test-contour origin for contour testing,
|
||||||
|
prod `https://erudit-game.ru/vk/` later). Mobile iframe URL = same.
|
||||||
|
- Copy the **«Защищённый ключ»** → set as `GATEWAY_VK_APP_SECRET` (Gitea `TEST_`/`PROD_` secret).
|
||||||
|
- Add own VK id to **testers**; open in test mode.
|
||||||
|
3. Test mode = visible only to admins/testers, no payments processed.
|
||||||
|
|
||||||
|
## 6. Auth / identity (our model)
|
||||||
|
|
||||||
|
- `vk_user_id` (from verified params) → backend identity `kind='vk'`, `external_id=vk_user_id`,
|
||||||
|
auto-confirmed (a platform identity). First contact seeds language from `vk_language` and the
|
||||||
|
display name from the client-supplied `VKWebAppGetUserInfo` name (placeholder if empty).
|
||||||
|
- No VK access token / VK API call needed for the launch+login MVP.
|
||||||
|
|
||||||
|
## 7. Payments / monetization
|
||||||
|
|
||||||
|
VK Pay / «голоса» (votes) are **optional**, not required to publish a free game. Not planned.
|
||||||
|
|
||||||
|
## 8. ToS / moderation (pre-publish, analyzed — no blocker for a free «Эрудит»)
|
||||||
|
|
||||||
|
- **Trademark**: "Scrabble" is trademarked. Our public brand is **«Эрудит»** (erudit-game.ru),
|
||||||
|
a generic Russian word-game name → fine. Ensure the VK-registered app name is «Эрудит»/word-game,
|
||||||
|
NOT "Scrabble". The repo name is internal and irrelevant to moderation.
|
||||||
|
- **Pre-publish requirements**: public **Privacy Policy** + **ToS** URLs (disclose collected data:
|
||||||
|
`vk_user_id`, language; mention VK), **age rating** (likely 6+/12+), icon, description.
|
||||||
|
- **Dictionary**: standard word lists; VK may expect offensive-word filtering — likely fine for a
|
||||||
|
dictionary game, flag if moderation asks.
|
||||||
|
- **In-game chat (UGC)**: we already have a moderated chat + support relay → covered.
|
||||||
|
- Moderation reviews after submission (commonly ~24–72h); rejects on violence/hate/sexual/illegal
|
||||||
|
content or IP infringement — none apply.
|
||||||
|
|
||||||
|
## 9. Platforms
|
||||||
|
|
||||||
|
Desktop web (iframe), mobile web (iframe), VK iOS app (WKWebView), VK Android app (WebView). Bridge
|
||||||
|
methods behave per-platform; the app's own back chevron + app-shell document-pin cover navigation
|
||||||
|
without VK-specific code. Theme/viewport fine-tuning is best verified live in the real VK client
|
||||||
|
(not reproducible in Playwright — like the iOS gesture caveats).
|
||||||
|
|
||||||
|
## 10. Our implementation map (what to touch for VK)
|
||||||
|
|
||||||
|
- **Wire**: `pkg/fbs/scrabble.fbs` → `VKLoginRequest{ params, browser_tz, display_name }`
|
||||||
|
(regen: `make -C pkg fbs` + `pnpm -C ui codegen`).
|
||||||
|
- **Gateway**: `internal/vkauth/` (the §3 verify), `internal/transcode` op `auth.vk`
|
||||||
|
(registered via `WithVKAuth(secret)` option; `DomainCode` → `invalid_vk_params`),
|
||||||
|
`internal/backendclient` `VKAuth` → `POST /api/v1/internal/sessions/vk`,
|
||||||
|
config `GATEWAY_VK_APP_SECRET`, SPA mount `/vk/` in `internal/connectsrv/server.go`.
|
||||||
|
- **Backend**: `internal/account` `KindVK` + `ProvisionVK`/`vkSeed` + `confirmed` for platform
|
||||||
|
kinds; `internal/server/handlers_auth.go` `handleVKAuth` + route; migration
|
||||||
|
`00005_vk_identity.sql` (widen `identities_kind_chk` to include `'vk'`, expand-contract).
|
||||||
|
- **UI**: `src/lib/vk.ts` (`onVKPath`/`vkLaunchParams`/`insideVK`/`vkInit`/`vkUserName` plus `vkAppId`/
|
||||||
|
`vkStartParam`/`vkShare`/`vkCopyText`/`vkOnScheme`), `app.svelte.ts` `bootVK` (+ deep-link routing
|
||||||
|
and VK scheme→theme) + the `/vk/` dispatch branch + shared `retryMiniAppBoot`, `codec.ts`
|
||||||
|
`encodeVKLogin`, `transport.ts`/`client.ts`/`mock/client.ts` `authVK`, `deeplink.ts` `vkShareLink`,
|
||||||
|
`Friends.svelte` (VK share/copy), `app.css` `--tg-safe-*` defaulting to `env(safe-area-inset-*)`.
|
||||||
|
- **Edge/deploy**: `deploy/caddy/Caddyfile` `/vk` path; `GATEWAY_VK_APP_SECRET` in
|
||||||
|
`docker-compose.yml` + `.env.example` + `ci.yaml` (`TEST_…` secret) + `prod-deploy.yaml`
|
||||||
|
(`PROD_…` secret, deploy-main).
|
||||||
|
- **Deferred**: payments (VK Pay / votes), native (Capacitor) VK, account-linking a vk identity to an
|
||||||
|
existing account, VK push. (Done after the launch+auth MVP — Group B: native share + clipboard via
|
||||||
|
the bridge, the friend-code deep link, the auto-theme follow, and the home-bar safe area.)
|
||||||
|
|
||||||
|
## Sources
|
||||||
|
|
||||||
|
- VKCOM/vk-bridge — <https://github.com/VKCOM/vk-bridge>
|
||||||
|
- VKCOM/vk-apps-launch-params (canonical signature examples) — <https://github.com/VKCOM/vk-apps-launch-params>
|
||||||
|
- kravetsone/vk-launch-params — <https://github.com/kravetsone/vk-launch-params>
|
||||||
|
- SevereCloud/vksdk `vkapps.ParamsVerify` (Go reference) — <https://pkg.go.dev/github.com/SevereCloud/vksdk/v2/vkapps>
|
||||||
|
- VK Mini Apps API — <https://github.com/VKCOM/vk-mini-apps-api>
|
||||||
+176
-16
@@ -26,12 +26,12 @@ on:
|
|||||||
push:
|
push:
|
||||||
branches: [development]
|
branches: [development]
|
||||||
|
|
||||||
# The dictionary release the test suite validates against — the current
|
# The dictionary release. One Gitea variable is the single source of truth: the
|
||||||
# scrabble-dictionary release. Centralised here so a release bump is one edit; the
|
# test suite validates against it here (inherited by the unit/integration jobs) and
|
||||||
# unit/integration jobs inherit it. The deploy job overrides it per contour with
|
# both contours' deploy jobs seed a fresh volume with the same value. A release bump
|
||||||
# vars.TEST_DICT_VERSION (the seed for a fresh volume), see deploy/README.md.
|
# is one edit (the variable). See deploy/README.md.
|
||||||
env:
|
env:
|
||||||
DICT_VERSION: v1.2.1
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# changes detects which areas a PR/push touched, so the test jobs can skip when
|
# changes detects which areas a PR/push touched, so the test jobs can skip when
|
||||||
@@ -73,6 +73,9 @@ jobs:
|
|||||||
go=false; ui=false
|
go=false; ui=false
|
||||||
if echo "$files" | grep -qE '^(backend/|pkg/|gateway/|platform/|loadtest/|go\.work)'; then go=true; fi
|
if echo "$files" | grep -qE '^(backend/|pkg/|gateway/|platform/|loadtest/|go\.work)'; then go=true; fi
|
||||||
if echo "$files" | grep -qE '^ui/'; then ui=true; fi
|
if echo "$files" | grep -qE '^ui/'; then ui=true; fi
|
||||||
|
# The render sidecar bundles ui/src/lib, so its dir rides the ui lane (the
|
||||||
|
# deploy's compose build picks it up either way).
|
||||||
|
if echo "$files" | grep -qE '^renderer/'; then ui=true; fi
|
||||||
# A workflow or deploy change re-runs everything as a safety net.
|
# A workflow or deploy change re-runs everything as a safety net.
|
||||||
if echo "$files" | grep -qE '^(\.gitea/workflows/|deploy/)'; then go=true; ui=true; fi
|
if echo "$files" | grep -qE '^(\.gitea/workflows/|deploy/)'; then go=true; ui=true; fi
|
||||||
else
|
else
|
||||||
@@ -199,6 +202,14 @@ jobs:
|
|||||||
- name: Bundle-size budget
|
- name: Bundle-size budget
|
||||||
run: node scripts/bundle-size.mjs
|
run: node scripts/bundle-size.mjs
|
||||||
|
|
||||||
|
# The render sidecar executes the shared ui/src/lib/gameimage.ts on skia-canvas;
|
||||||
|
# its smoke test guards the bundling + skia seam (docs/TESTING.md).
|
||||||
|
- name: Render sidecar test
|
||||||
|
working-directory: renderer
|
||||||
|
run: |
|
||||||
|
pnpm install --frozen-lockfile
|
||||||
|
pnpm test
|
||||||
|
|
||||||
- name: Install Playwright browsers
|
- name: Install Playwright browsers
|
||||||
run: pnpm exec playwright install chromium webkit
|
run: pnpm exec playwright install chromium webkit
|
||||||
timeout-minutes: 5
|
timeout-minutes: 5
|
||||||
@@ -207,11 +218,66 @@ jobs:
|
|||||||
run: pnpm run test:e2e
|
run: pnpm run test:e2e
|
||||||
timeout-minutes: 5
|
timeout-minutes: 5
|
||||||
|
|
||||||
|
# conformance proves the client's local move preview (the ported dawg reader +
|
||||||
|
# validator, ui/src/lib/dict) byte-for-byte against the authoritative Go engine:
|
||||||
|
# a Go step generates golden parity vectors from the release dictionaries, then the
|
||||||
|
# gated Vitest suite replays them. It spans both toolchains, so it runs whenever the
|
||||||
|
# Go engine side or the UI side changed.
|
||||||
|
conformance:
|
||||||
|
needs: changes
|
||||||
|
if: ${{ needs.changes.outputs.go == 'true' || needs.changes.outputs.ui == 'true' }}
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
env:
|
||||||
|
GOPRIVATE: gitea.iliadenisov.ru/*
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Fetch dictionary DAWGs
|
||||||
|
run: |
|
||||||
|
mkdir -p "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
curl -fsSL -o /tmp/dawg.tar.gz "https://gitea.iliadenisov.ru/developer/scrabble-dictionary/releases/download/${DICT_VERSION}/scrabble-dawg-${DICT_VERSION}.tar.gz"
|
||||||
|
tar xzf /tmp/dawg.tar.gz -C "${GITHUB_WORKSPACE}/dawg"
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version-file: go.work
|
||||||
|
cache: true
|
||||||
|
|
||||||
|
- name: Generate golden parity vectors
|
||||||
|
run: |
|
||||||
|
go run ./backend/cmd/dictgen -dawg-dir "${GITHUB_WORKSPACE}/dawg" -out /tmp/dictgold
|
||||||
|
go run ./backend/cmd/validategen -dawg-dir "${GITHUB_WORKSPACE}/dawg" -out /tmp/validgold
|
||||||
|
|
||||||
|
- name: Set up Node
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: 22
|
||||||
|
|
||||||
|
- name: Install pnpm
|
||||||
|
run: npm install -g pnpm@11.0.9
|
||||||
|
|
||||||
|
- name: Install deps
|
||||||
|
working-directory: ui
|
||||||
|
run: pnpm install --frozen-lockfile
|
||||||
|
|
||||||
|
- name: Local-eval conformance (reader + validator vs the Go engine)
|
||||||
|
working-directory: ui
|
||||||
|
env:
|
||||||
|
DICT_DAWG_DIR: ${{ github.workspace }}/dawg
|
||||||
|
DICT_GOLD_DIR: /tmp/dictgold
|
||||||
|
DICT_VALID_DIR: /tmp/validgold
|
||||||
|
run: pnpm exec vitest run src/lib/dict/
|
||||||
|
|
||||||
# gate is the single branch-protection required check. It always runs and passes
|
# gate is the single branch-protection required check. It always runs and passes
|
||||||
# only when each upstream job succeeded or was skipped (a path-filtered no-op),
|
# only when each upstream job succeeded or was skipped (a path-filtered no-op),
|
||||||
# failing the merge if any actually failed or was cancelled.
|
# failing the merge if any actually failed or was cancelled.
|
||||||
gate:
|
gate:
|
||||||
needs: [unit, integration, ui]
|
needs: [unit, integration, ui, conformance]
|
||||||
if: always()
|
if: always()
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
defaults:
|
defaults:
|
||||||
@@ -221,7 +287,7 @@ jobs:
|
|||||||
- name: Aggregate required checks
|
- name: Aggregate required checks
|
||||||
run: |
|
run: |
|
||||||
fail=
|
fail=
|
||||||
for r in "unit:${{ needs.unit.result }}" "integration:${{ needs.integration.result }}" "ui:${{ needs.ui.result }}"; do
|
for r in "unit:${{ needs.unit.result }}" "integration:${{ needs.integration.result }}" "ui:${{ needs.ui.result }}" "conformance:${{ needs.conformance.result }}"; do
|
||||||
name="${r%%:*}"; res="${r#*:}"
|
name="${r%%:*}"; res="${r#*:}"
|
||||||
echo "$name = $res"
|
echo "$name = $res"
|
||||||
case "$res" in
|
case "$res" in
|
||||||
@@ -261,12 +327,47 @@ jobs:
|
|||||||
GRAFANA_ADMIN_PASSWORD: ${{ secrets.TEST_GRAFANA_ADMIN_PASSWORD }}
|
GRAFANA_ADMIN_PASSWORD: ${{ secrets.TEST_GRAFANA_ADMIN_PASSWORD }}
|
||||||
TELEGRAM_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_BOT_TOKEN }}
|
TELEGRAM_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_BOT_TOKEN }}
|
||||||
TELEGRAM_PROMO_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_PROMO_BOT_TOKEN }}
|
TELEGRAM_PROMO_BOT_TOKEN: ${{ secrets.TEST_TELEGRAM_PROMO_BOT_TOKEN }}
|
||||||
|
# VK Mini App protected key (offline HMAC for the launch-param signature); empty
|
||||||
|
# leaves the VK auth path (auth.vk) disabled until the operator sets the secret.
|
||||||
|
# One VK Mini App serves every contour -> unprefixed secret.
|
||||||
|
GATEWAY_VK_APP_SECRET: ${{ secrets.GATEWAY_VK_APP_SECRET }}
|
||||||
|
# VK ID web login (browser VK-identity linking): the VK ID "Web" app's protected key
|
||||||
|
# for the server-side confidential code exchange — a SEPARATE VK app from the Mini
|
||||||
|
# App above. One VK ID "Web" app serves every contour -> unprefixed secret.
|
||||||
|
GATEWAY_VK_ID_CLIENT_SECRET: ${{ secrets.GATEWAY_VK_ID_CLIENT_SECRET }}
|
||||||
|
# Planted honeytoken bearer: presenting it flags the caller (logs + a ban metric on
|
||||||
|
# test where the IP ban is off; a 24h IP ban on prod). Per-contour secret; empty = trap off.
|
||||||
|
GATEWAY_HONEYTOKEN: ${{ secrets.TEST_GATEWAY_HONEYTOKEN }}
|
||||||
|
# Signs the finished-game export download URLs (backend + compose interpolation).
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.TEST_EXPORT_SIGN_KEY }}
|
||||||
|
# Transactional email via the shared Selectel relay: one account for every
|
||||||
|
# contour -> unprefixed host/port/tls/user/pass. Empty host leaves the backend
|
||||||
|
# on the log mailer (email disabled) but the contour still boots.
|
||||||
|
SMTP_RELAY_USER: ${{ secrets.SMTP_RELAY_USER }}
|
||||||
|
SMTP_RELAY_PASS: ${{ secrets.SMTP_RELAY_PASS }}
|
||||||
|
SMTP_RELAY_HOST: ${{ vars.SMTP_RELAY_HOST }}
|
||||||
|
SMTP_RELAY_PORT: ${{ vars.SMTP_RELAY_PORT }}
|
||||||
|
SMTP_RELAY_TLS: ${{ vars.SMTP_RELAY_TLS }}
|
||||||
|
SMTP_RELAY_FROM: ${{ vars.TEST_SMTP_RELAY_FROM }}
|
||||||
|
# Operator alerts: backend admin emails (new feedback / complaints) + Grafana
|
||||||
|
# infra alerts. Distinct senders + recipients; Grafana uses the relay's STARTTLS
|
||||||
|
# host:port. Empty leaves the alert worker off and Grafana SMTP disabled.
|
||||||
|
SMTP_RELAY_ADMIN_FROM: ${{ vars.TEST_SMTP_RELAY_ADMIN_FROM }}
|
||||||
|
ADMIN_EMAIL: ${{ vars.TEST_ADMIN_EMAIL }}
|
||||||
|
SMTP_RELAY_SERVICE_FROM: ${{ vars.TEST_SMTP_RELAY_SERVICE_FROM }}
|
||||||
|
SERVICE_EMAIL: ${{ vars.TEST_SERVICE_EMAIL }}
|
||||||
|
GRAFANA_SMTP_PORT: ${{ vars.GRAFANA_SMTP_PORT }}
|
||||||
|
GF_SMTP_ENABLED: ${{ vars.TEST_GF_SMTP_ENABLED }}
|
||||||
|
# Canonical public origin for links in the email (this contour's URL);
|
||||||
|
# required by the backend whenever SMTP_RELAY_HOST is set.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.TEST_PUBLIC_BASE_URL }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.TEST_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.TEST_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.TEST_GRAFANA_ROOT_URL }}
|
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.TEST_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.TEST_CADDY_SITE_ADDRESS }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.TEST_TELEGRAM_MINIAPP_URL }}
|
# TELEGRAM_MINIAPP_URL, GRAFANA_ROOT_URL and VITE_VK_ID_REDIRECT_URL are derived
|
||||||
|
# from PUBLIC_BASE_URL in the run step below, not stored as their own variables.
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.TEST_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.TEST_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
TELEGRAM_CHAT_ID: ${{ vars.TEST_TELEGRAM_CHAT_ID }}
|
TELEGRAM_CHAT_ID: ${{ vars.TEST_TELEGRAM_CHAT_ID }}
|
||||||
|
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.TEST_TELEGRAM_SUPPORT_CHAT_ID }}
|
||||||
TELEGRAM_BOT_USERNAME: ${{ vars.TEST_TELEGRAM_BOT_USERNAME }}
|
TELEGRAM_BOT_USERNAME: ${{ vars.TEST_TELEGRAM_BOT_USERNAME }}
|
||||||
# The promo button reuses the UI's Mini App link variable.
|
# The promo button reuses the UI's Mini App link variable.
|
||||||
TELEGRAM_BOT_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
TELEGRAM_BOT_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
||||||
@@ -276,11 +377,16 @@ jobs:
|
|||||||
VITE_TELEGRAM_BOT_ID: ${{ vars.TEST_VITE_TELEGRAM_BOT_ID }}
|
VITE_TELEGRAM_BOT_ID: ${{ vars.TEST_VITE_TELEGRAM_BOT_ID }}
|
||||||
VITE_TELEGRAM_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
VITE_TELEGRAM_LINK: ${{ vars.TEST_VITE_TELEGRAM_LINK }}
|
||||||
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.TEST_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.TEST_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
||||||
VITE_GATEWAY_URL: ${{ vars.TEST_VITE_GATEWAY_URL }}
|
# VK Mini App landing link + VK ID "Web" app id: one value each serves every
|
||||||
# Unset vars render empty -> the compose ":-" defaults apply.
|
# contour -> unprefixed. VITE_VK_APP_ID also feeds the gateway (GATEWAY_VK_ID_APP_ID);
|
||||||
|
# the VK ID redirect URL is derived from PUBLIC_BASE_URL in the run step below.
|
||||||
|
VITE_VK_APP_LINK: ${{ vars.VITE_VK_APP_LINK }}
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
# VITE_GATEWAY_URL omitted: the SPA is served same-origin, so it stays the
|
||||||
|
# compose ":-" empty default. Other unset vars likewise fall to their defaults.
|
||||||
POSTGRES_DB: ${{ vars.TEST_POSTGRES_DB }}
|
POSTGRES_DB: ${{ vars.TEST_POSTGRES_DB }}
|
||||||
POSTGRES_USER: ${{ vars.TEST_POSTGRES_USER }}
|
POSTGRES_USER: ${{ vars.TEST_POSTGRES_USER }}
|
||||||
DICT_VERSION: ${{ vars.TEST_DICT_VERSION }}
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
LOG_LEVEL: ${{ vars.TEST_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.TEST_LOG_LEVEL }}
|
||||||
run: |
|
run: |
|
||||||
# Seed the config files to a stable host path. The runner checks out into
|
# Seed the config files to a stable host path. The runner checks out into
|
||||||
@@ -291,8 +397,34 @@ jobs:
|
|||||||
conf="$HOME/.scrabble-deploy"
|
conf="$HOME/.scrabble-deploy"
|
||||||
rm -rf "$conf"
|
rm -rf "$conf"
|
||||||
mkdir -p "$conf"
|
mkdir -p "$conf"
|
||||||
cp -r caddy otelcol prometheus tempo grafana "$conf"/
|
cp -r caddy otelcol prometheus tempo grafana blackbox "$conf"/
|
||||||
export SCRABBLE_CONFIG_DIR="$conf"
|
export SCRABBLE_CONFIG_DIR="$conf"
|
||||||
|
# Maintenance page for the redeploy window, mirroring prod-deploy.sh so the SPA
|
||||||
|
# overlay is exercised on the test contour too (not only prod). Raised just before
|
||||||
|
# the recreate and lowered once caddy is back (below); the trap clears it if the
|
||||||
|
# step fails so the contour never sticks in maintenance (and the reseed above wipes a
|
||||||
|
# stale flag anyway). The caddy-routed probes run in the NEXT step, after it is lowered.
|
||||||
|
maint_flag="$conf/caddy/on"
|
||||||
|
trap 'rm -f "$maint_flag"' EXIT
|
||||||
|
# Derive the public URLs from the one canonical origin instead of storing each as
|
||||||
|
# its own variable (paths are structural SPA routes / the Caddy /_gm sub-path).
|
||||||
|
# Exported before build so the VK ID redirect is baked into the SPA.
|
||||||
|
base="${PUBLIC_BASE_URL%/}"
|
||||||
|
export TELEGRAM_MINIAPP_URL="$base/telegram/"
|
||||||
|
export GRAFANA_ROOT_URL="$base/_gm/grafana/"
|
||||||
|
export VITE_VK_ID_REDIRECT_URL="$base/app/"
|
||||||
|
# Grafana's SMTP from_address must be a BARE address (it rejects the "Name" <addr>
|
||||||
|
# form the backend go-mail accepts) and validates it even when SMTP is disabled — a
|
||||||
|
# bad value crash-loops Grafana. Split the display-format SERVICE From into a bare
|
||||||
|
# address + name for Grafana; the backend keeps the full form.
|
||||||
|
svc_from="${SMTP_RELAY_SERVICE_FROM:-}"
|
||||||
|
case "$svc_from" in
|
||||||
|
*"<"*">"*)
|
||||||
|
export GRAFANA_SMTP_FROM_ADDRESS="$(printf '%s' "$svc_from" | sed -E 's/.*<([^>]+)>.*/\1/')"
|
||||||
|
export GRAFANA_SMTP_FROM_NAME="$(printf '%s' "$svc_from" | sed -E 's/[[:space:]]*<[^>]*>.*$//; s/^"//; s/"$//')" ;;
|
||||||
|
*)
|
||||||
|
export GRAFANA_SMTP_FROM_ADDRESS="$svc_from" ;;
|
||||||
|
esac
|
||||||
# Bot-link mTLS material for the test contour: a private CA + gateway/bot
|
# Bot-link mTLS material for the test contour: a private CA + gateway/bot
|
||||||
# leaves (CN=gateway, the service name the bot dials). Prod supplies these
|
# leaves (CN=gateway, the service name the bot dials). Prod supplies these
|
||||||
# from PROD_ secrets instead. Regenerated each deploy; both ends redeploy
|
# from PROD_ secrets instead. Regenerated each deploy; both ends redeploy
|
||||||
@@ -305,12 +437,23 @@ jobs:
|
|||||||
# bot on its own host instead (deploy/docker-compose.bot.yml), and the prod
|
# bot on its own host instead (deploy/docker-compose.bot.yml), and the prod
|
||||||
# main host omits both. Without the profile they would not start here.
|
# main host omits both. Without the profile they would not start here.
|
||||||
docker compose --ansi never --profile telegram-local build --progress plain
|
docker compose --ansi never --profile telegram-local build --progress plain
|
||||||
|
# Raise the maintenance page, THEN bring caddy onto the reseeded config mount so it
|
||||||
|
# actually carries the flag: the running caddy sits on the stale pre-reseed mount (the
|
||||||
|
# dir was rm'd + recreated — see the force-recreate note below), so a flag written to
|
||||||
|
# the new dir is invisible until caddy is recreated. With the fresh caddy up, an open
|
||||||
|
# SPA sees the 503 marker + overlay for the whole recreate window, not a bare reconnect.
|
||||||
|
: > "$maint_flag"
|
||||||
|
docker compose --ansi never up -d --force-recreate --no-deps caddy
|
||||||
docker compose --ansi never --profile telegram-local up -d --remove-orphans
|
docker compose --ansi never --profile telegram-local up -d --remove-orphans
|
||||||
# The config-only services bind-mount the reseeded config dir. A plain `up -d`
|
# The config-only services bind-mount the reseeded config dir. A plain `up -d`
|
||||||
# leaves them on the previous bind mount (the dir was rm'd + recreated), so a
|
# leaves them on the previous bind mount (the dir was rm'd + recreated), so a
|
||||||
# changed Caddyfile or Grafana dashboard is ignored — force-recreate them to
|
# changed Grafana dashboard is ignored — force-recreate them to pick up the fresh
|
||||||
# pick up the fresh config.
|
# config. (Caddy was already recreated above so it would carry the maintenance flag.)
|
||||||
docker compose --ansi never up -d --force-recreate --no-deps caddy otelcol prometheus tempo grafana
|
docker compose --ansi never up -d --force-recreate --no-deps otelcol prometheus tempo grafana
|
||||||
|
# Lower the maintenance page: services are back. An open SPA's poll now gets through
|
||||||
|
# (once the gateway finishes booting) and reloads into the fresh client; the caddy
|
||||||
|
# probes in the next step see 200. The EXIT trap is a backstop if we failed earlier.
|
||||||
|
rm -f "$maint_flag"
|
||||||
|
|
||||||
- name: Probe the landing, gateway and backend
|
- name: Probe the landing, gateway and backend
|
||||||
run: |
|
run: |
|
||||||
@@ -336,6 +479,23 @@ jobs:
|
|||||||
docker logs --tail 50 scrabble-backend || true
|
docker logs --tail 50 scrabble-backend || true
|
||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
|
- name: Probe the /dict edge route reaches the gateway
|
||||||
|
run: |
|
||||||
|
set -u
|
||||||
|
# The client fetches each game's dictionary blob at {edge}/dict/{variant}/{version}
|
||||||
|
# for the local move preview. If caddy does not route /dict to the gateway the request
|
||||||
|
# falls to the static landing and the client silently gets a non-dawg blob. Probed
|
||||||
|
# unauthenticated it must be the gateway's 401 (the route reaches the gateway), never a
|
||||||
|
# 404/200 from the landing catch-all.
|
||||||
|
out="$(docker run --rm --network edge alpine:3.20 wget -S -q -O /dev/null http://scrabble/dict/scrabble_en/v1 2>&1 || true)"
|
||||||
|
echo "$out" | grep -E "HTTP/" || true
|
||||||
|
if echo "$out" | grep -q " 401"; then
|
||||||
|
echo "ok: /dict reaches the gateway (401 unauthenticated)"
|
||||||
|
else
|
||||||
|
echo "FAIL: /dict did not reach the gateway (expected 401) — caddy route missing?"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Probe the Telegram validator and bot liveness
|
- name: Probe the Telegram validator and bot liveness
|
||||||
run: |
|
run: |
|
||||||
set -u
|
set -u
|
||||||
|
|||||||
@@ -40,11 +40,22 @@ jobs:
|
|||||||
VITE_TELEGRAM_BOT_ID: ${{ vars.PROD_VITE_TELEGRAM_BOT_ID }}
|
VITE_TELEGRAM_BOT_ID: ${{ vars.PROD_VITE_TELEGRAM_BOT_ID }}
|
||||||
VITE_TELEGRAM_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
VITE_TELEGRAM_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
||||||
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.PROD_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
VITE_TELEGRAM_GAME_CHANNEL_NAME: ${{ vars.PROD_VITE_TELEGRAM_GAME_CHANNEL_NAME }}
|
||||||
VITE_GATEWAY_URL: ${{ vars.PROD_VITE_GATEWAY_URL }}
|
# VK Mini App link + VK ID "Web" app id: one value each serves every contour.
|
||||||
|
VITE_VK_APP_LINK: ${{ vars.VITE_VK_APP_LINK }}
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
# VITE_GATEWAY_URL omitted: the SPA is served same-origin (compose ":-" default).
|
||||||
POSTGRES_PASSWORD: ${{ secrets.PROD_POSTGRES_PASSWORD }}
|
POSTGRES_PASSWORD: ${{ secrets.PROD_POSTGRES_PASSWORD }}
|
||||||
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# `docker compose build` interpolates the WHOLE compose file, so every :?-guarded
|
||||||
DICT_VERSION: ${{ vars.PROD_DICT_VERSION }}
|
# runtime var must be present at build even though it is not a build-arg — incl. the
|
||||||
|
# backend's EXPORT_SIGN_KEY (added with the finished-game export after v1.7.0, which is
|
||||||
|
# why the first v1.8.0 build tripped on it). POSTGRES_PASSWORD/GM_BASICAUTH_HASH above
|
||||||
|
# are here for the same reason; DICT_VERSION + the derived Mini App URL cover the rest.
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.PROD_EXPORT_SIGN_KEY }}
|
||||||
|
# PUBLIC_BASE_URL drives the derived VK ID redirect (baked into the SPA) and the
|
||||||
|
# Mini App URL; both are computed in the build step, not stored variables.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@@ -58,10 +69,15 @@ jobs:
|
|||||||
working-directory: deploy
|
working-directory: deploy
|
||||||
run: |
|
run: |
|
||||||
export TAG="${{ steps.ver.outputs.tag }}" APP_VERSION="${{ steps.ver.outputs.tag }}" SCRABBLE_CONFIG_DIR=.
|
export TAG="${{ steps.ver.outputs.tag }}" APP_VERSION="${{ steps.ver.outputs.tag }}" SCRABBLE_CONFIG_DIR=.
|
||||||
# The four main-stack images via compose (reuses the build args, incl. VERSION);
|
# Derive the public URLs from the one canonical origin: the VK ID redirect is a
|
||||||
|
# build-arg baked into the SPA, and the Mini App URL satisfies the (profiled-out)
|
||||||
|
# bot service's compose ":?" guard during parse. See deploy/write-prod-env.sh.
|
||||||
|
base="${PUBLIC_BASE_URL%/}"
|
||||||
|
export VITE_VK_ID_REDIRECT_URL="$base/app/" TELEGRAM_MINIAPP_URL="$base/telegram/"
|
||||||
|
# The main-stack images via compose (reuses the build args, incl. VERSION);
|
||||||
# the bot separately, since it is profiled out of the prod compose.
|
# the bot separately, since it is profiled out of the prod compose.
|
||||||
docker compose -f docker-compose.yml -f docker-compose.prod.yml build
|
docker compose -f docker-compose.yml -f docker-compose.prod.yml build
|
||||||
docker compose -f docker-compose.yml -f docker-compose.prod.yml push backend gateway landing validator
|
docker compose -f docker-compose.yml -f docker-compose.prod.yml push backend gateway landing validator renderer
|
||||||
docker build -f ../platform/telegram/Dockerfile --target bot --build-arg VERSION="$TAG" -t "$REGISTRY/scrabble-telegram-bot:$TAG" ..
|
docker build -f ../platform/telegram/Dockerfile --target bot --build-arg VERSION="$TAG" -t "$REGISTRY/scrabble-telegram-bot:$TAG" ..
|
||||||
docker push "$REGISTRY/scrabble-telegram-bot:$TAG"
|
docker push "$REGISTRY/scrabble-telegram-bot:$TAG"
|
||||||
|
|
||||||
@@ -82,17 +98,45 @@ jobs:
|
|||||||
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
GM_BASICAUTH_HASH: ${{ secrets.PROD_GM_BASICAUTH_HASH }}
|
||||||
GRAFANA_ADMIN_PASSWORD: ${{ secrets.PROD_GRAFANA_ADMIN_PASSWORD }}
|
GRAFANA_ADMIN_PASSWORD: ${{ secrets.PROD_GRAFANA_ADMIN_PASSWORD }}
|
||||||
TELEGRAM_BOT_TOKEN: ${{ secrets.PROD_TELEGRAM_BOT_TOKEN }}
|
TELEGRAM_BOT_TOKEN: ${{ secrets.PROD_TELEGRAM_BOT_TOKEN }}
|
||||||
|
GATEWAY_VK_APP_SECRET: ${{ secrets.GATEWAY_VK_APP_SECRET }}
|
||||||
|
# VK ID web login: the "Web" app id (the gateway reuses it as GATEWAY_VK_ID_APP_ID at
|
||||||
|
# runtime) + the app's protected key. Both shared across contours. The redirect URL is
|
||||||
|
# derived from PUBLIC_BASE_URL in deploy/write-prod-env.sh.
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
GATEWAY_VK_ID_CLIENT_SECRET: ${{ secrets.GATEWAY_VK_ID_CLIENT_SECRET }}
|
||||||
|
# Planted honeytoken bearer: presenting it earns a 24h IP ban + a high-severity alarm.
|
||||||
|
# Per-contour secret; empty = trap off. Rendered by deploy/write-prod-env.sh.
|
||||||
|
GATEWAY_HONEYTOKEN: ${{ secrets.PROD_GATEWAY_HONEYTOKEN }}
|
||||||
|
# Signs the finished-game export download URLs (backend BACKEND_EXPORT_SIGN_KEY).
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.PROD_EXPORT_SIGN_KEY }}
|
||||||
|
# Transactional email via the shared Selectel relay (confirm-codes): one account for
|
||||||
|
# every contour -> unprefixed host/port/tls/user/pass.
|
||||||
|
SMTP_RELAY_USER: ${{ secrets.SMTP_RELAY_USER }}
|
||||||
|
SMTP_RELAY_PASS: ${{ secrets.SMTP_RELAY_PASS }}
|
||||||
|
SMTP_RELAY_HOST: ${{ vars.SMTP_RELAY_HOST }}
|
||||||
|
SMTP_RELAY_PORT: ${{ vars.SMTP_RELAY_PORT }}
|
||||||
|
SMTP_RELAY_TLS: ${{ vars.SMTP_RELAY_TLS }}
|
||||||
|
SMTP_RELAY_FROM: ${{ vars.PROD_SMTP_RELAY_FROM }}
|
||||||
|
# Operator alerts: backend admin emails + Grafana infra alerts (distinct senders +
|
||||||
|
# recipients; Grafana uses the relay's STARTTLS host:port).
|
||||||
|
SMTP_RELAY_ADMIN_FROM: ${{ vars.PROD_SMTP_RELAY_ADMIN_FROM }}
|
||||||
|
ADMIN_EMAIL: ${{ vars.PROD_ADMIN_EMAIL }}
|
||||||
|
SMTP_RELAY_SERVICE_FROM: ${{ vars.PROD_SMTP_RELAY_SERVICE_FROM }}
|
||||||
|
SERVICE_EMAIL: ${{ vars.PROD_SERVICE_EMAIL }}
|
||||||
|
GRAFANA_SMTP_PORT: ${{ vars.GRAFANA_SMTP_PORT }}
|
||||||
|
GF_SMTP_ENABLED: ${{ vars.PROD_GF_SMTP_ENABLED }}
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
PROD_BOTLINK_CA: ${{ secrets.PROD_BOTLINK_CA }}
|
PROD_BOTLINK_CA: ${{ secrets.PROD_BOTLINK_CA }}
|
||||||
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
||||||
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.PROD_GRAFANA_ROOT_URL }}
|
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
DICT_VERSION: ${{ vars.PROD_DICT_VERSION }}
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
||||||
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# TELEGRAM_MINIAPP_URL and GRAFANA_ROOT_URL are derived from PUBLIC_BASE_URL in
|
||||||
|
# deploy/write-prod-env.sh, not stored variables.
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@@ -120,24 +164,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-main
|
mkdir -p stage/certs-main
|
||||||
cat > stage/env.sh <<EOF
|
# Shared with prod-rollback so the two paths render an identical runtime env.
|
||||||
export REGISTRY='$REGISTRY'
|
APP_VERSION="$TAG" bash deploy/write-prod-env.sh stage/env.sh
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
|
||||||
export POSTGRES_DB='${POSTGRES_DB:-scrabble}'
|
|
||||||
export POSTGRES_USER='${POSTGRES_USER:-scrabble}'
|
|
||||||
export POSTGRES_PASSWORD='$POSTGRES_PASSWORD'
|
|
||||||
export GM_BASICAUTH_USER='${GM_BASICAUTH_USER:-gm}'
|
|
||||||
export GM_BASICAUTH_HASH='$GM_BASICAUTH_HASH'
|
|
||||||
export GRAFANA_ADMIN_PASSWORD='$GRAFANA_ADMIN_PASSWORD'
|
|
||||||
export GRAFANA_ROOT_URL='$GRAFANA_ROOT_URL'
|
|
||||||
export CADDY_SITE_ADDRESS='$CADDY_SITE_ADDRESS'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
export DICT_VERSION='$DICT_VERSION'
|
|
||||||
export APP_VERSION='$TAG'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export GATEWAY_ABUSE_BAN_ENABLED='true'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
||||||
@@ -148,7 +176,7 @@ jobs:
|
|||||||
ssh_main 'mkdir -p /opt/scrabble/compose'
|
ssh_main 'mkdir -p /opt/scrabble/compose'
|
||||||
tar -C deploy -czf - docker-compose.yml docker-compose.prod.yml prod-deploy.sh \
|
tar -C deploy -czf - docker-compose.yml docker-compose.prod.yml prod-deploy.sh \
|
||||||
| ssh_main 'tar -C /opt/scrabble/compose -xzf -'
|
| ssh_main 'tar -C /opt/scrabble/compose -xzf -'
|
||||||
tar -C deploy -czf - caddy otelcol prometheus tempo grafana \
|
tar -C deploy -czf - caddy otelcol prometheus tempo grafana blackbox \
|
||||||
| ssh_main 'tar -C /opt/scrabble -xzf -'
|
| ssh_main 'tar -C /opt/scrabble -xzf -'
|
||||||
tar -C stage -czf - certs-main \
|
tar -C stage -czf - certs-main \
|
||||||
| ssh_main 'rm -rf /opt/scrabble/certs && mkdir -p /opt/scrabble/certs && tar -C /opt/scrabble/certs --strip-components=1 -xzf -'
|
| ssh_main 'rm -rf /opt/scrabble/certs && mkdir -p /opt/scrabble/certs && tar -C /opt/scrabble/certs --strip-components=1 -xzf -'
|
||||||
@@ -176,9 +204,11 @@ jobs:
|
|||||||
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
||||||
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# PUBLIC_BASE_URL drives the derived Mini App URL in deploy/write-prod-bot-env.sh.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
||||||
|
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.PROD_TELEGRAM_SUPPORT_CHAT_ID }}
|
||||||
TELEGRAM_BOT_USERNAME: ${{ vars.PROD_TELEGRAM_BOT_USERNAME }}
|
TELEGRAM_BOT_USERNAME: ${{ vars.PROD_TELEGRAM_BOT_USERNAME }}
|
||||||
TELEGRAM_BOT_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
TELEGRAM_BOT_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
||||||
steps:
|
steps:
|
||||||
@@ -192,19 +222,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-bot
|
mkdir -p stage/certs-bot
|
||||||
cat > stage/env.bot.sh <<EOF
|
# Shared with prod-rollback so the two paths render an identical bot env.
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
BOT_IMAGE="$REGISTRY/scrabble-telegram-bot:$TAG" bash deploy/write-prod-bot-env.sh stage/env.bot.sh
|
||||||
export BOT_IMAGE='$REGISTRY/scrabble-telegram-bot:$TAG'
|
|
||||||
export BOTLINK_GATEWAY_ADDR='$MAIN_HOST:9443'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export TELEGRAM_GAME_CHANNEL_ID='$TELEGRAM_GAME_CHANNEL_ID'
|
|
||||||
export TELEGRAM_CHAT_ID='$TELEGRAM_CHAT_ID'
|
|
||||||
export TELEGRAM_PROMO_BOT_TOKEN='$TELEGRAM_PROMO_BOT_TOKEN'
|
|
||||||
export TELEGRAM_BOT_USERNAME='$TELEGRAM_BOT_USERNAME'
|
|
||||||
export TELEGRAM_BOT_LINK='$TELEGRAM_BOT_LINK'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
||||||
|
|||||||
@@ -51,13 +51,32 @@ jobs:
|
|||||||
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
PROD_BOTLINK_GATEWAY_CERT: ${{ secrets.PROD_BOTLINK_GATEWAY_CERT }}
|
||||||
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
PROD_BOTLINK_GATEWAY_KEY: ${{ secrets.PROD_BOTLINK_GATEWAY_KEY }}
|
||||||
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
GM_BASICAUTH_USER: ${{ vars.PROD_GM_BASICAUTH_USER }}
|
||||||
GRAFANA_ROOT_URL: ${{ vars.PROD_GRAFANA_ROOT_URL }}
|
|
||||||
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
CADDY_SITE_ADDRESS: ${{ vars.PROD_CADDY_SITE_ADDRESS }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
DICT_VERSION: ${{ vars.PROD_DICT_VERSION }}
|
DICT_VERSION: ${{ vars.DICT_VERSION }}
|
||||||
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
POSTGRES_DB: ${{ vars.PROD_POSTGRES_DB }}
|
||||||
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
POSTGRES_USER: ${{ vars.PROD_POSTGRES_USER }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
|
# Full runtime env — parity with prod-deploy's deploy-main so a rollback re-renders
|
||||||
|
# the SAME env.sh (email / VK login / Grafana alerts survive a rollback). TELEGRAM_MINIAPP_URL
|
||||||
|
# and GRAFANA_ROOT_URL are derived from PUBLIC_BASE_URL in deploy/write-prod-env.sh.
|
||||||
|
GATEWAY_VK_APP_SECRET: ${{ secrets.GATEWAY_VK_APP_SECRET }}
|
||||||
|
VITE_VK_APP_ID: ${{ vars.VITE_VK_APP_ID }}
|
||||||
|
GATEWAY_VK_ID_CLIENT_SECRET: ${{ secrets.GATEWAY_VK_ID_CLIENT_SECRET }}
|
||||||
|
GATEWAY_HONEYTOKEN: ${{ secrets.PROD_GATEWAY_HONEYTOKEN }}
|
||||||
|
EXPORT_SIGN_KEY: ${{ secrets.PROD_EXPORT_SIGN_KEY }}
|
||||||
|
SMTP_RELAY_USER: ${{ secrets.SMTP_RELAY_USER }}
|
||||||
|
SMTP_RELAY_PASS: ${{ secrets.SMTP_RELAY_PASS }}
|
||||||
|
SMTP_RELAY_HOST: ${{ vars.SMTP_RELAY_HOST }}
|
||||||
|
SMTP_RELAY_PORT: ${{ vars.SMTP_RELAY_PORT }}
|
||||||
|
SMTP_RELAY_TLS: ${{ vars.SMTP_RELAY_TLS }}
|
||||||
|
SMTP_RELAY_FROM: ${{ vars.PROD_SMTP_RELAY_FROM }}
|
||||||
|
SMTP_RELAY_ADMIN_FROM: ${{ vars.PROD_SMTP_RELAY_ADMIN_FROM }}
|
||||||
|
ADMIN_EMAIL: ${{ vars.PROD_ADMIN_EMAIL }}
|
||||||
|
SMTP_RELAY_SERVICE_FROM: ${{ vars.PROD_SMTP_RELAY_SERVICE_FROM }}
|
||||||
|
SERVICE_EMAIL: ${{ vars.PROD_SERVICE_EMAIL }}
|
||||||
|
GRAFANA_SMTP_PORT: ${{ vars.GRAFANA_SMTP_PORT }}
|
||||||
|
GF_SMTP_ENABLED: ${{ vars.PROD_GF_SMTP_ENABLED }}
|
||||||
INPUT_TARGET: ${{ inputs.target_version }}
|
INPUT_TARGET: ${{ inputs.target_version }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@@ -89,24 +108,9 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-main
|
mkdir -p stage/certs-main
|
||||||
cat > stage/env.sh <<EOF
|
# Same writer as prod-deploy's deploy-main -> the rollback re-renders the FULL
|
||||||
export REGISTRY='$REGISTRY'
|
# runtime env (not a subset), so email / VK login / Grafana alerts survive it.
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
APP_VERSION="$TARGET" bash deploy/write-prod-env.sh stage/env.sh
|
||||||
export POSTGRES_DB='${POSTGRES_DB:-scrabble}'
|
|
||||||
export POSTGRES_USER='${POSTGRES_USER:-scrabble}'
|
|
||||||
export POSTGRES_PASSWORD='$POSTGRES_PASSWORD'
|
|
||||||
export GM_BASICAUTH_USER='${GM_BASICAUTH_USER:-gm}'
|
|
||||||
export GM_BASICAUTH_HASH='$GM_BASICAUTH_HASH'
|
|
||||||
export GRAFANA_ADMIN_PASSWORD='$GRAFANA_ADMIN_PASSWORD'
|
|
||||||
export GRAFANA_ROOT_URL='$GRAFANA_ROOT_URL'
|
|
||||||
export CADDY_SITE_ADDRESS='$CADDY_SITE_ADDRESS'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
export DICT_VERSION='$DICT_VERSION'
|
|
||||||
export APP_VERSION='$TARGET'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export GATEWAY_ABUSE_BAN_ENABLED='true'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-main/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_CERT" > stage/certs-main/gateway.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
printf '%s\n' "$PROD_BOTLINK_GATEWAY_KEY" > stage/certs-main/gateway.key
|
||||||
@@ -147,9 +151,11 @@ jobs:
|
|||||||
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
PROD_BOTLINK_BOT_CERT: ${{ secrets.PROD_BOTLINK_BOT_CERT }}
|
||||||
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
PROD_BOTLINK_BOT_KEY: ${{ secrets.PROD_BOTLINK_BOT_KEY }}
|
||||||
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
LOG_LEVEL: ${{ vars.PROD_LOG_LEVEL }}
|
||||||
TELEGRAM_MINIAPP_URL: ${{ vars.PROD_TELEGRAM_MINIAPP_URL }}
|
# PUBLIC_BASE_URL drives the derived Mini App URL; SUPPORT_CHAT_ID for parity with deploy.
|
||||||
|
PUBLIC_BASE_URL: ${{ vars.PROD_PUBLIC_BASE_URL }}
|
||||||
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
TELEGRAM_GAME_CHANNEL_ID: ${{ vars.PROD_TELEGRAM_GAME_CHANNEL_ID }}
|
||||||
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
TELEGRAM_CHAT_ID: ${{ vars.PROD_TELEGRAM_CHAT_ID }}
|
||||||
|
TELEGRAM_SUPPORT_CHAT_ID: ${{ vars.PROD_TELEGRAM_SUPPORT_CHAT_ID }}
|
||||||
TELEGRAM_BOT_USERNAME: ${{ vars.PROD_TELEGRAM_BOT_USERNAME }}
|
TELEGRAM_BOT_USERNAME: ${{ vars.PROD_TELEGRAM_BOT_USERNAME }}
|
||||||
TELEGRAM_BOT_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
TELEGRAM_BOT_LINK: ${{ vars.PROD_VITE_TELEGRAM_LINK }}
|
||||||
steps:
|
steps:
|
||||||
@@ -163,19 +169,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p stage/certs-bot
|
mkdir -p stage/certs-bot
|
||||||
cat > stage/env.bot.sh <<EOF
|
# Same writer as prod-deploy's deploy-bot (parity; includes TELEGRAM_SUPPORT_CHAT_ID).
|
||||||
export SCRABBLE_CONFIG_DIR='/opt/scrabble'
|
BOT_IMAGE="$REGISTRY/scrabble-telegram-bot:$TARGET" bash deploy/write-prod-bot-env.sh stage/env.bot.sh
|
||||||
export BOT_IMAGE='$REGISTRY/scrabble-telegram-bot:$TARGET'
|
|
||||||
export BOTLINK_GATEWAY_ADDR='$MAIN_HOST:9443'
|
|
||||||
export TELEGRAM_BOT_TOKEN='$TELEGRAM_BOT_TOKEN'
|
|
||||||
export TELEGRAM_MINIAPP_URL='$TELEGRAM_MINIAPP_URL'
|
|
||||||
export TELEGRAM_GAME_CHANNEL_ID='$TELEGRAM_GAME_CHANNEL_ID'
|
|
||||||
export TELEGRAM_CHAT_ID='$TELEGRAM_CHAT_ID'
|
|
||||||
export TELEGRAM_PROMO_BOT_TOKEN='$TELEGRAM_PROMO_BOT_TOKEN'
|
|
||||||
export TELEGRAM_BOT_USERNAME='$TELEGRAM_BOT_USERNAME'
|
|
||||||
export TELEGRAM_BOT_LINK='$TELEGRAM_BOT_LINK'
|
|
||||||
export LOG_LEVEL='${LOG_LEVEL:-info}'
|
|
||||||
EOF
|
|
||||||
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
printf '%s\n' "$PROD_BOTLINK_CA" > stage/certs-bot/ca.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
printf '%s\n' "$PROD_BOTLINK_BOT_CERT" > stage/certs-bot/bot.crt
|
||||||
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
printf '%s\n' "$PROD_BOTLINK_BOT_KEY" > stage/certs-bot/bot.key
|
||||||
|
|||||||
@@ -125,9 +125,10 @@ gateway/ # module scrabble/gateway: Connect-RPC edge, embeds
|
|||||||
ui/ # Svelte + Vite SPA + landing (Node project, not in go.work)
|
ui/ # Svelte + Vite SPA + landing (Node project, not in go.work)
|
||||||
pkg/ # shared: telemetry, version, wire/FlatBuffers, proto, mtls
|
pkg/ # shared: telemetry, version, wire/FlatBuffers, proto, mtls
|
||||||
platform/telegram/ # Telegram side-service: cmd/validator (HMAC, no VPN) + cmd/bot (Bot API; dials gateway over reverse mTLS bot-link)
|
platform/telegram/ # Telegram side-service: cmd/validator (HMAC, no VPN) + cmd/bot (Bot API; dials gateway over reverse mTLS bot-link)
|
||||||
|
renderer/ # image-render sidecar (Node + skia-canvas): runs ui/src/lib/gameimage.ts server-side for the finished-game PNG export
|
||||||
loadtest/ # module scrabble/loadtest: the load/stress harness
|
loadtest/ # module scrabble/loadtest: the load/stress harness
|
||||||
docs/ .gitea/workflows/ CLAUDE.md README.md
|
docs/ .gitea/workflows/ CLAUDE.md README.md
|
||||||
backend/Dockerfile gateway/Dockerfile platform/telegram/Dockerfile loadtest/Dockerfile # multi-stage distroless; gateway/Dockerfile has the `landing` target, platform/telegram/Dockerfile has `validator`+`bot` targets
|
backend/Dockerfile gateway/Dockerfile platform/telegram/Dockerfile loadtest/Dockerfile renderer/Dockerfile # multi-stage distroless (renderer: node:22-slim + skia-canvas + fonts); gateway/Dockerfile has the `landing` target, platform/telegram/Dockerfile has `validator`+`bot` targets
|
||||||
deploy/ # docker-compose (+ prod overlay + bot host) + ansible provisioning + caddy + landing + otelcol (OTLP + docker_stats) + prometheus/tempo/grafana + node_exporter + postgres_exporter; prod-deploy.sh
|
deploy/ # docker-compose (+ prod overlay + bot host) + ansible provisioning + caddy + landing + otelcol (OTLP + docker_stats) + prometheus/tempo/grafana + node_exporter + postgres_exporter; prod-deploy.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -143,8 +144,9 @@ go run ./backend/cmd/backend # /healthz, /readyz on :8080
|
|||||||
|
|
||||||
cd ui && pnpm install && pnpm check && pnpm test:unit && pnpm build # the UI
|
cd ui && pnpm install && pnpm check && pnpm test:unit && pnpm build # the UI
|
||||||
pnpm start # UI mock mode: lobby -> game, no backend
|
pnpm start # UI mock mode: lobby -> game, no backend
|
||||||
|
cd renderer && pnpm install && pnpm test # image-render sidecar (bundles ui/src/lib/gameimage.ts, skia smoke)
|
||||||
|
|
||||||
docker build -f backend/Dockerfile -t scrabble-backend . # images; gateway embeds the SPA
|
docker build --build-arg DICT_VERSION=v1.3.0 -f backend/Dockerfile -t scrabble-backend . # DICT_VERSION required (no default); gateway embeds the SPA
|
||||||
docker build -f gateway/Dockerfile --target gateway -t scrabble-gateway .
|
docker build -f gateway/Dockerfile --target gateway -t scrabble-gateway .
|
||||||
docker build -f gateway/Dockerfile --target landing -t scrabble-landing . # static landing
|
docker build -f gateway/Dockerfile --target landing -t scrabble-landing . # static landing
|
||||||
docker compose -f deploy/docker-compose.yml config # validate the full contour
|
docker compose -f deploy/docker-compose.yml config # validate the full contour
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ observability stack (OTel Collector → Prometheus + Tempo → Grafana) + a fron
|
|||||||
services build from multi-stage distroless `*/Dockerfile`.
|
services build from multi-stage distroless `*/Dockerfile`.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
docker build -f backend/Dockerfile -t scrabble-backend . # pulls the DAWG release artifact
|
docker build --build-arg DICT_VERSION=v1.3.0 -f backend/Dockerfile -t scrabble-backend . # DICT_VERSION required; pulls that DAWG release artifact
|
||||||
docker build -f gateway/Dockerfile -t scrabble-gateway . # node stage builds + embeds the UI
|
docker build -f gateway/Dockerfile -t scrabble-gateway . # node stage builds + embeds the UI
|
||||||
docker compose -f deploy/docker-compose.yml config # validate (needs the TEST_/PROD_ env)
|
docker compose -f deploy/docker-compose.yml config # validate (needs the TEST_/PROD_ env)
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -0,0 +1,41 @@
|
|||||||
|
# Erudit — site icons + Open Graph card
|
||||||
|
|
||||||
|
The favicon set and the `og:image` link-preview card for the public landing
|
||||||
|
(`ui/landing.html`) and the SPA shell (`ui/index.html`). Same design language as the
|
||||||
|
[VK loading-screen logo](../vk/README.md): the wooden Erudit «Э» tile (score `8`),
|
||||||
|
with the wordmark on the app's dark board green (`ui/src/app.css` tokens).
|
||||||
|
|
||||||
|
| Output (committed to `ui/public/`) | Purpose |
|
||||||
|
|------|---------|
|
||||||
|
| `favicon.svg` | Vector favicon, transparent; tile + «Э» only (the score is illegible below ~32 px). |
|
||||||
|
| `favicon.ico` | 32×32 PNG-in-ICO fallback (also answers the browsers' blind `/favicon.ico` probe). |
|
||||||
|
| `apple-touch-icon.png` | 180×180 opaque full-bleed tile; iOS masks its own corners. |
|
||||||
|
| `og-image.png` | 1200×630 card: tile + «Эрудит / Скрэббл — игра в слова». Referenced absolutely as `https://erudit-game.ru/og-image.png`. |
|
||||||
|
|
||||||
|
## How it works
|
||||||
|
|
||||||
|
`build/extract.js` extracts the needed glyph outlines (tile glyphs + every wordmark
|
||||||
|
character) from LiberationSans (Arial-metric, the game's font stack) with their
|
||||||
|
advance widths into `build/glyphs.json` (committed). `build/generate.js` composes
|
||||||
|
plain SVG from those outlines — no font is needed at generation time — writes
|
||||||
|
`favicon.svg` and rasterises the PNG/ICO outputs by screenshotting the SVGs with the
|
||||||
|
`ui` package's Playwright chromium (`@playwright/test`); the `.ico` container is
|
||||||
|
assembled in-script (a single PNG entry). Raster bytes therefore depend on the
|
||||||
|
installed chromium version; the SVG sources are deterministic.
|
||||||
|
|
||||||
|
## Regenerate
|
||||||
|
|
||||||
|
Requirements: Node ≥ 18, `ui` installed (`pnpm install`, provides Playwright).
|
||||||
|
`extract.js` additionally needs `opentype.js` (`npm i opentype.js`); **`generate.js`
|
||||||
|
needs no extra packages**.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd assets/icons
|
||||||
|
|
||||||
|
# 1. (optional) re-extract the glyphs — only if the font or the wordmark changes:
|
||||||
|
# default font: /usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf
|
||||||
|
node build/extract.js [/path/to/font.ttf] # -> build/glyphs.json
|
||||||
|
|
||||||
|
# 2. regenerate everything in ui/public/:
|
||||||
|
node build/generate.js
|
||||||
|
```
|
||||||
@@ -0,0 +1,78 @@
|
|||||||
|
'use strict';
|
||||||
|
// Extract the glyph outlines the site icons and the og-image wordmark need from a
|
||||||
|
// grotesque font (LiberationSans = Arial-metric, matching the game's system-ui/Arial
|
||||||
|
// stack) and emit cubic-bezier contours per character, baseline at y=0, y-down,
|
||||||
|
// plus the advance width so generate.js can lay out words without the font.
|
||||||
|
// Same outline conversion as ../../vk/build/extract.js, generalised to a char set.
|
||||||
|
const opentype = require('opentype.js');
|
||||||
|
const fs = require('fs');
|
||||||
|
|
||||||
|
const FONT = process.argv[2] || '/usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf';
|
||||||
|
const b = fs.readFileSync(FONT);
|
||||||
|
const font = opentype.parse(b.buffer.slice(b.byteOffset, b.byteOffset + b.byteLength));
|
||||||
|
const FS = 1000; // em scale
|
||||||
|
|
||||||
|
// The tile glyphs («Э», «8») + every character of the og-image wordmark lines
|
||||||
|
// («Эрудит», «Скрэббл — игра в слова»). The space carries only an advance.
|
||||||
|
const CHARS = [...new Set('Э8рудитСкэббл—игра в слова')];
|
||||||
|
|
||||||
|
function glyphData(ch) {
|
||||||
|
const g = font.charToGlyph(ch);
|
||||||
|
const p = g.getPath(0, 0, FS); // baseline at y=0, y-down
|
||||||
|
const contours = [];
|
||||||
|
let cur = null, prev = null;
|
||||||
|
for (const c of p.commands) {
|
||||||
|
if (c.type === 'M') {
|
||||||
|
if (cur) contours.push(cur);
|
||||||
|
cur = [{ v: [c.x, c.y], i: [c.x, c.y], o: [c.x, c.y] }];
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'L') {
|
||||||
|
cur.push({ v: [c.x, c.y], i: [c.x, c.y], o: [c.x, c.y] });
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'C') {
|
||||||
|
cur[cur.length - 1].o = [c.x1, c.y1];
|
||||||
|
cur.push({ v: [c.x, c.y], i: [c.x2, c.y2], o: [c.x, c.y] });
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'Q') {
|
||||||
|
const c1 = [prev.x + 2 / 3 * (c.x1 - prev.x), prev.y + 2 / 3 * (c.y1 - prev.y)];
|
||||||
|
const c2 = [c.x + 2 / 3 * (c.x1 - c.x), c.y + 2 / 3 * (c.y1 - c.y)];
|
||||||
|
cur[cur.length - 1].o = c1;
|
||||||
|
cur.push({ v: [c.x, c.y], i: c2, o: [c.x, c.y] });
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'Z') {
|
||||||
|
if (cur && cur.length > 1) {
|
||||||
|
const last = cur[cur.length - 1], first = cur[0];
|
||||||
|
if (Math.hypot(last.v[0] - first.v[0], last.v[1] - first.v[1]) < 1e-3) {
|
||||||
|
first.i = last.i; // fold the duplicate closing point into the first
|
||||||
|
cur.pop();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (cur) { contours.push(cur); cur = null; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (cur) contours.push(cur);
|
||||||
|
|
||||||
|
let minx = Infinity, miny = Infinity, maxx = -Infinity, maxy = -Infinity;
|
||||||
|
const out = contours.map(ct => {
|
||||||
|
const v = [], i = [], o = [];
|
||||||
|
ct.forEach(pt => {
|
||||||
|
v.push(pt.v);
|
||||||
|
i.push([pt.i[0] - pt.v[0], pt.i[1] - pt.v[1]]);
|
||||||
|
o.push([pt.o[0] - pt.v[0], pt.o[1] - pt.v[1]]);
|
||||||
|
minx = Math.min(minx, pt.v[0]); maxx = Math.max(maxx, pt.v[0]);
|
||||||
|
miny = Math.min(miny, pt.v[1]); maxy = Math.max(maxy, pt.v[1]);
|
||||||
|
});
|
||||||
|
return { i, o, v, c: true };
|
||||||
|
});
|
||||||
|
const bbox = out.length
|
||||||
|
? { x: minx, y: miny, w: maxx - minx, h: maxy - miny }
|
||||||
|
: { x: 0, y: 0, w: 0, h: 0 }; // the space has no outline
|
||||||
|
return { adv: g.advanceWidth * (FS / font.unitsPerEm), bbox, contours: out };
|
||||||
|
}
|
||||||
|
|
||||||
|
const glyphs = {};
|
||||||
|
for (const ch of CHARS) glyphs[ch] = glyphData(ch);
|
||||||
|
|
||||||
|
const out = __dirname + '/glyphs.json';
|
||||||
|
fs.writeFileSync(out, JSON.stringify({ em: FS, glyphs }));
|
||||||
|
console.log('wrote', out, fs.statSync(out).size, 'bytes;', CHARS.length, 'glyphs:', CHARS.join(''));
|
||||||
@@ -0,0 +1,128 @@
|
|||||||
|
'use strict';
|
||||||
|
// Site icons + the Open Graph card for the public landing, drawn from the same
|
||||||
|
// design as ../../vk (the wooden Erudit tile: face «Э», score «8») and the app's
|
||||||
|
// board palette (ui/src/app.css). Everything is composed as SVG from the committed
|
||||||
|
// glyph outlines (build/extract.js -> glyphs.json), so no font is needed at build
|
||||||
|
// time; the PNG/ICO rasters are screenshots taken with the ui package's Playwright
|
||||||
|
// chromium (@playwright/test re-exports the browser API). Outputs go straight to
|
||||||
|
// ui/public/:
|
||||||
|
// favicon.svg 96 viewBox, transparent, tile + «Э» (the score is illegible small)
|
||||||
|
// favicon.ico 32x32 PNG-in-ICO render of the same
|
||||||
|
// apple-touch-icon.png 180x180 opaque full-bleed tile (iOS masks its own corners)
|
||||||
|
// og-image.png 1200x630 card: tile + wordmark on the board green
|
||||||
|
const fs = require('fs');
|
||||||
|
const path = require('path');
|
||||||
|
|
||||||
|
const G = JSON.parse(fs.readFileSync(path.join(__dirname, 'glyphs.json'), 'utf8'));
|
||||||
|
const UI = path.resolve(__dirname, '../../../ui');
|
||||||
|
const OUT = path.join(UI, 'public');
|
||||||
|
|
||||||
|
// ---- palette (vk loader tile + app.css board tokens) ------------------------
|
||||||
|
const FACE = '#D9B978', BORDER = '#B49559', GLYPH = '#1A1A1A';
|
||||||
|
const BOARD_DARK = '#2a3330', TEXT = '#e7ece8', TEXT_MUTED = '#cdd6cf';
|
||||||
|
|
||||||
|
// ---- glyph outlines -> SVG path data ----------------------------------------
|
||||||
|
const r2 = n => Math.round(n * 100) / 100;
|
||||||
|
// pathD renders one glyph's contours scaled by sc and translated by (tx, ty).
|
||||||
|
function pathD(g, sc, tx, ty) {
|
||||||
|
const pt = (v, d) => `${r2(v[0] * sc + tx + d[0] * sc)} ${r2(v[1] * sc + ty + d[1] * sc)}`;
|
||||||
|
const Z = [0, 0];
|
||||||
|
return g.contours.map(ct => {
|
||||||
|
const n = ct.v.length;
|
||||||
|
let d = `M${pt(ct.v[0], Z)}`;
|
||||||
|
for (let k = 1; k <= n; k++) {
|
||||||
|
const a = k - 1, b = k % n;
|
||||||
|
d += `C${pt(ct.v[a], ct.o[a])} ${pt(ct.v[b], ct.i[b])} ${pt(ct.v[b], Z)}`;
|
||||||
|
}
|
||||||
|
return d + 'Z';
|
||||||
|
}).join('');
|
||||||
|
}
|
||||||
|
// glyphAt centres a glyph's bbox at (cx, cy) with the given pixel cap height, the
|
||||||
|
// same placement rule as the vk loader's glyph(). stroke fattens it slightly.
|
||||||
|
function glyphAt(ch, capPx, cx, cy, stroke, colour) {
|
||||||
|
const g = G.glyphs[ch], sc = capPx / g.bbox.h;
|
||||||
|
const d = pathD(g, sc, cx - (g.bbox.x + g.bbox.w / 2) * sc, cy - (g.bbox.y + g.bbox.h / 2) * sc);
|
||||||
|
return `<path d="${d}" fill="${colour}" stroke="${colour}" stroke-width="${r2(stroke)}"/>`;
|
||||||
|
}
|
||||||
|
// textLine lays out a string on a baseline from the per-glyph advances; capPx sets
|
||||||
|
// the capital height (measured on «Э»). Returns the combined path + the width.
|
||||||
|
function textLine(str, capPx, x, y, colour) {
|
||||||
|
const sc = capPx / G.glyphs['Э'].bbox.h;
|
||||||
|
let d = '', w = 0;
|
||||||
|
for (const ch of str) {
|
||||||
|
const g = G.glyphs[ch];
|
||||||
|
if (g.contours.length) d += pathD(g, sc, x + w, y);
|
||||||
|
w += g.adv * sc;
|
||||||
|
}
|
||||||
|
return { svg: `<path d="${d}" fill="${colour}"/>`, width: w };
|
||||||
|
}
|
||||||
|
// tile draws the rounded wooden tile centred at (cx, cy): size px wide/high, with
|
||||||
|
// the vk loader's corner (6/52) and rim proportions, «Э» and optionally the «8».
|
||||||
|
function tile(cx, cy, size, withScore) {
|
||||||
|
const h = size / 2, rx = size * (6 / 52), rim = size * (1.8 / 52);
|
||||||
|
let s = `<rect x="${r2(cx - h + rim / 2)}" y="${r2(cy - h + rim / 2)}" width="${r2(size - rim)}" height="${r2(size - rim)}" rx="${r2(rx)}" fill="${FACE}" stroke="${BORDER}" stroke-width="${r2(rim)}"/>`;
|
||||||
|
s += glyphAt('Э', size * (32 / 52), cx, cy - size * (1 / 52), size * (1 / 52), GLYPH);
|
||||||
|
if (withScore) s += glyphAt('8', size * (8.5 / 52), cx + size * (19.5 / 52), cy + size * (18.5 / 52), size * (0.5 / 52), GLYPH);
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
const svg = (w, h, body) => `<svg xmlns="http://www.w3.org/2000/svg" width="${w}" height="${h}" viewBox="0 0 ${w} ${h}">${body}</svg>`;
|
||||||
|
|
||||||
|
// ---- favicon.svg (the committed vector master) -------------------------------
|
||||||
|
const favicon = svg(96, 96, tile(48, 48, 88, false)) + '\n';
|
||||||
|
|
||||||
|
// ---- apple-touch-icon: opaque full bleed, iOS applies its own corner mask ----
|
||||||
|
const appleTouch = svg(180, 180,
|
||||||
|
`<rect width="180" height="180" fill="${FACE}"/>` +
|
||||||
|
`<rect x="8" y="8" width="164" height="164" rx="18" fill="none" stroke="${BORDER}" stroke-width="4"/>` +
|
||||||
|
glyphAt('Э', 100, 90, 88, 3, GLYPH) +
|
||||||
|
glyphAt('8', 26, 146, 142, 1.5, GLYPH));
|
||||||
|
|
||||||
|
// ---- og-image: tile + wordmark, centred as one group on the board green ------
|
||||||
|
function ogImage() {
|
||||||
|
const W = 1200, H = 630, tileSize = 340, gap = 84;
|
||||||
|
const l1 = textLine('Эрудит', 112, 0, 0, TEXT);
|
||||||
|
const l2 = textLine('Скрэббл — игра в слова', 44, 0, 0, TEXT_MUTED);
|
||||||
|
const textW = Math.max(l1.width, l2.width);
|
||||||
|
const left = (W - (tileSize + gap + textW)) / 2;
|
||||||
|
const tx = left + tileSize + gap;
|
||||||
|
// Two baselines around the vertical centre; the tile centre sits between them.
|
||||||
|
const b1 = 295, b2 = 408;
|
||||||
|
const body =
|
||||||
|
`<rect width="${W}" height="${H}" fill="${BOARD_DARK}"/>` +
|
||||||
|
tile(left + tileSize / 2, H / 2, tileSize, true) +
|
||||||
|
textLine('Эрудит', 112, tx, b1, TEXT).svg +
|
||||||
|
textLine('Скрэббл — игра в слова', 44, tx, b2, TEXT_MUTED).svg;
|
||||||
|
console.log(`og-image: text ${Math.round(textW)}px wide, group left ${Math.round(left)}px`);
|
||||||
|
return svg(W, H, body);
|
||||||
|
}
|
||||||
|
|
||||||
|
// ---- rasterisation (Playwright chromium from ui/node_modules) ----------------
|
||||||
|
async function shoot(page, markup, w, h, transparent) {
|
||||||
|
await page.setViewportSize({ width: w, height: h });
|
||||||
|
await page.setContent(`<body style="margin:0">${markup}</body>`);
|
||||||
|
return page.screenshot({ omitBackground: transparent });
|
||||||
|
}
|
||||||
|
// icoFromPNG wraps one PNG as a single-entry .ico (ICONDIR + ICONDIRENTRY + PNG).
|
||||||
|
function icoFromPNG(png, sizePx) {
|
||||||
|
const h = Buffer.alloc(22);
|
||||||
|
h.writeUInt16LE(0, 0); h.writeUInt16LE(1, 2); h.writeUInt16LE(1, 4); // icon, 1 image
|
||||||
|
h.writeUInt8(sizePx, 6); h.writeUInt8(sizePx, 7); // 32x32
|
||||||
|
h.writeUInt16LE(1, 10); h.writeUInt16LE(32, 12); // planes, 32bpp
|
||||||
|
h.writeUInt32LE(png.length, 14); h.writeUInt32LE(22, 18); // size, offset
|
||||||
|
return Buffer.concat([h, png]);
|
||||||
|
}
|
||||||
|
|
||||||
|
(async () => {
|
||||||
|
fs.writeFileSync(path.join(OUT, 'favicon.svg'), favicon);
|
||||||
|
const { chromium } = require(path.join(UI, 'node_modules', '@playwright/test'));
|
||||||
|
const browser = await chromium.launch();
|
||||||
|
const page = await browser.newPage();
|
||||||
|
const fav32 = await shoot(page, svg(32, 32, tile(16, 16, 29.33, false)), 32, 32, true);
|
||||||
|
fs.writeFileSync(path.join(OUT, 'favicon.ico'), icoFromPNG(fav32, 32));
|
||||||
|
fs.writeFileSync(path.join(OUT, 'apple-touch-icon.png'), await shoot(page, appleTouch, 180, 180, false));
|
||||||
|
fs.writeFileSync(path.join(OUT, 'og-image.png'), await shoot(page, ogImage(), 1200, 630, false));
|
||||||
|
await browser.close();
|
||||||
|
for (const f of ['favicon.svg', 'favicon.ico', 'apple-touch-icon.png', 'og-image.png']) {
|
||||||
|
console.log('wrote', path.join(OUT, f), fs.statSync(path.join(OUT, f)).size, 'bytes');
|
||||||
|
}
|
||||||
|
})();
|
||||||
File diff suppressed because one or more lines are too long
@@ -0,0 +1,115 @@
|
|||||||
|
# Erudit — VK loading-screen logo (Lottie)
|
||||||
|
|
||||||
|
Animated logo for the **VK app loading screen** (shown before the SPA assets load).
|
||||||
|
The Erudit «Э» tile (score `8`) **drops in under gravity, lands with a soft squash —
|
||||||
|
its left/right edges bulging into a cushion — then springs back up**, looping. A light
|
||||||
|
"glint" is caught at the moment of the bounce.
|
||||||
|
|
||||||
|
| File | Purpose |
|
||||||
|
|------|---------|
|
||||||
|
| `erudit-loader.json` | The Lottie to upload to VK. |
|
||||||
|
| `erudit-loader-preview.gif` | Looping preview. Rendered on a green "baize" background **only in the preview** — the real asset has a **transparent** background. |
|
||||||
|
| `build/` | The reproducible build pipeline (see *Regenerate*). |
|
||||||
|
|
||||||
|
**VK requirements met:** 96×96 px · vector Lottie JSON · ≤ 24 KB (~11 KB) · seamless
|
||||||
|
~1.1 s loop · transparent background.
|
||||||
|
|
||||||
|
Design reference: a photo of the physical wooden Erudit tile.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## How it works
|
||||||
|
|
||||||
|
A single flat layer holds the tile — a rounded-rect **face path**, the two glyphs, and
|
||||||
|
a thin border — and everything is driven by that layer's transform plus a few colour /
|
||||||
|
shape tracks. The anchor sits on the tile's **bottom edge**, so the squash happens
|
||||||
|
against the floor.
|
||||||
|
|
||||||
|
### Bounce (gravity)
|
||||||
|
`position.y` of the bottom edge goes apex → floor → apex with **no dwell** (the apex is
|
||||||
|
an instantaneous turn-around). The fall uses a strong **ease-in** (accelerate) and the
|
||||||
|
rise a strong **ease-out** (decelerate), so it reads as real gravity. While falling fast
|
||||||
|
the tile slightly **stretches** (tall+thin); that is the squash-and-stretch setup.
|
||||||
|
|
||||||
|
### Soft cushion (squash)
|
||||||
|
On contact the layer **squashes** (scaleY↓, scaleX↑) about the bottom anchor, with a
|
||||||
|
touch of skew. Crucially the squash/cushion is **decoupled from the fall speed** — it
|
||||||
|
eases in and out *slowly* (`ES`), so the landing feels soft even though the fall is
|
||||||
|
fast. The squash is deliberately gentle (≈ 86 % / 112 %).
|
||||||
|
|
||||||
|
### The cushion shape (the hard part)
|
||||||
|
The face is **not** a plain rounded rect — it is a path whose left/right contour bows
|
||||||
|
out into a convex cushion on impact:
|
||||||
|
- the rest rounded-rect outline is sampled (fine corner arcs + edge mids), and on impact
|
||||||
|
every point is pushed outward by a smooth **barrel** profile `f(y) = b·(1 − (y/HH)²)`
|
||||||
|
(max at the middle, fading to zero at the top/bottom);
|
||||||
|
- so the **whole side — corners included — bows out as one piece**, never just the
|
||||||
|
straight middle;
|
||||||
|
- bezier handles are computed as a **chordal spline** (handle length ∝ the adjacent
|
||||||
|
chord), which stays smooth across the uneven corner/edge point spacing. This is what
|
||||||
|
keeps the corner↔cushion junction kink-free — both at rest and fully bulged — which a
|
||||||
|
naïve uniform Catmull-Rom (or moving discrete points with fixed tangents) does not.
|
||||||
|
|
||||||
|
### Glint
|
||||||
|
At the bounce the face flashes a little lighter (`FACE_GLINT`) and the glyphs warm
|
||||||
|
toward brown-red (`BLACK_LIT`), then settle back. A cheap, warm "catch the light".
|
||||||
|
|
||||||
|
### Border & background
|
||||||
|
The tile carries a thin static **border** a touch darker than the face (`BORDER`) so it
|
||||||
|
reads on any background. The **green baize background is added only when rendering the
|
||||||
|
preview GIF** — the Lottie itself is transparent.
|
||||||
|
|
||||||
|
### Player compatibility
|
||||||
|
Only plain 2-D shapes (`ddd:0`) — no 3-D layers, expressions or effects — so every
|
||||||
|
Lottie player (lottie-web on the web, rlottie on native) renders it identically.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Glyphs
|
||||||
|
|
||||||
|
`Э` (U+042D) and `8` are **real outlines from LiberationSans-Regular** — metric-
|
||||||
|
compatible with Arial, matching the game's `--font: system-ui … Arial` stack
|
||||||
|
(see `ui/src/app.css`). `build/extract.js` pulls the contours into `build/glyphs.json`
|
||||||
|
as Lottie cubic paths; a hair of same-colour stroke adds a touch of weight.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Regenerate
|
||||||
|
|
||||||
|
Requirements: Node ≥ 18. `extract.js` additionally needs `opentype.js`
|
||||||
|
(`npm i opentype.js`); **`generate.js` has no dependencies**.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd assets/vk
|
||||||
|
|
||||||
|
# 1. (optional) re-extract the glyphs — only if you change the font:
|
||||||
|
# default font: /usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf
|
||||||
|
node build/extract.js [/path/to/font.ttf] # -> build/glyphs.json
|
||||||
|
|
||||||
|
# 2. build the animation (reads build/glyphs.json):
|
||||||
|
node build/generate.js erudit-loader.json # -> erudit-loader.json
|
||||||
|
|
||||||
|
# 3. (optional) live preview — needs lottie-web (npm i lottie-web):
|
||||||
|
node build/build-preview.js erudit-loader.json preview.html
|
||||||
|
# then open preview.html in a browser.
|
||||||
|
```
|
||||||
|
|
||||||
|
The preview GIF is assembled by rendering the Lottie frame-by-frame (lottie-web canvas,
|
||||||
|
filled with the green baize) and stitching with `ffmpeg`; the live HTML preview is the
|
||||||
|
quickest way to eyeball changes.
|
||||||
|
|
||||||
|
## Tunables (top of `build/generate.js`)
|
||||||
|
|
||||||
|
| Symbol | Meaning |
|
||||||
|
|--------|---------|
|
||||||
|
| `OP`, `FR` | loop length (frames) / fps — overall speed |
|
||||||
|
| `T_HIT / T_PEAK / T_LIFT / T_REC` | beats: contact / squash peak / lift-off / cushion recovered |
|
||||||
|
| `EI / EO / ES` | easings: fast fall / fast rise / slow soft cushion |
|
||||||
|
| `APEX`, `FLOOR` | bottom-edge screen-y at the top of the bounce / at rest |
|
||||||
|
| `HW`, `HH`, `CR` | tile half-width / half-height / corner radius |
|
||||||
|
| `scl` squash values | the squash amount (scaleX↑ / scaleY↓) |
|
||||||
|
| `bulge` `b` | cushion depth (how far the sides bow out) |
|
||||||
|
| `FACE / FACE_GLINT` | wood face / glint flash |
|
||||||
|
| `BORDER` | tile rim colour |
|
||||||
|
| `BLACK / BLACK_LIT` | glyph / glyph-at-glint (brown-red) |
|
||||||
|
| preview bg `#3C7858` | the green-baize colour used **only** in the GIF |
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
'use strict';
|
||||||
|
const fs = require('fs');
|
||||||
|
const data = fs.readFileSync(process.argv[2] || 'erudit.json', 'utf8');
|
||||||
|
const lottiePath = __dirname + '/node_modules/lottie-web/build/player/lottie.min.js';
|
||||||
|
const html = `<!doctype html><html><head><meta charset="utf8"><style>
|
||||||
|
body{margin:0;background:#2b2b2b;font-family:sans-serif;color:#ccc}
|
||||||
|
.row{display:flex;gap:18px;padding:18px;align-items:flex-end;flex-wrap:wrap}
|
||||||
|
.cell{text-align:center}
|
||||||
|
.chk{background-image:linear-gradient(45deg,#8a8a8a 25%,transparent 25%),linear-gradient(-45deg,#8a8a8a 25%,transparent 25%),linear-gradient(45deg,transparent 75%,#8a8a8a 75%),linear-gradient(-45deg,transparent 75%,#8a8a8a 75%);background-size:16px 16px;background-position:0 0,0 8px,8px -8px,-8px 0;background-color:#b5b5b5}
|
||||||
|
.s96{width:96px;height:96px}.big{width:336px;height:336px}small{font-size:11px}
|
||||||
|
</style></head><body><div class="row" id="row"></div>
|
||||||
|
<script src="./lottie.min.js"></script>
|
||||||
|
<script>
|
||||||
|
const animationData=${data};window.AD=animationData;
|
||||||
|
const row=document.getElementById('row');window.anims=[];
|
||||||
|
function make(cls,frame,label){
|
||||||
|
const cell=document.createElement('div');cell.className='cell';
|
||||||
|
const box=document.createElement('div');box.className='chk '+cls;cell.appendChild(box);
|
||||||
|
cell.appendChild(document.createElement('br'));
|
||||||
|
const cap=document.createElement('small');cap.textContent=label;cell.appendChild(cap);
|
||||||
|
row.appendChild(cell);
|
||||||
|
const a=lottie.loadAnimation({container:box,renderer:'svg',loop:false,autoplay:false,animationData:JSON.parse(JSON.stringify(animationData))});
|
||||||
|
a.addEventListener('DOMLoaded',()=>a.goToAndStop(frame,true));
|
||||||
|
window.anims.push(a);
|
||||||
|
}
|
||||||
|
[0,22,45,68].forEach(f=>make('s96',f,'f'+f));
|
||||||
|
make('big',22,'f22 x3.5');
|
||||||
|
window.__ready=true;
|
||||||
|
</script></body></html>`;
|
||||||
|
fs.writeFileSync(process.argv[3] || 'preview.html', html);
|
||||||
|
console.log('wrote', process.argv[3] || 'preview.html');
|
||||||
@@ -0,0 +1,67 @@
|
|||||||
|
'use strict';
|
||||||
|
// Extract the Cyrillic "Э" (U+042D) and the digit "8" outlines from a grotesque
|
||||||
|
// font (LiberationSans = Arial-metric, matching the game's system-ui/Arial stack)
|
||||||
|
// and emit Lottie cubic-bezier contours, centred at the origin, y-down.
|
||||||
|
const opentype = require('opentype.js');
|
||||||
|
const fs = require('fs');
|
||||||
|
|
||||||
|
const FONT = process.argv[2] || '/usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf';
|
||||||
|
const b = fs.readFileSync(FONT);
|
||||||
|
const font = opentype.parse(b.buffer.slice(b.byteOffset, b.byteOffset + b.byteLength));
|
||||||
|
const FS = 1000; // em scale
|
||||||
|
|
||||||
|
function glyphContours(ch) {
|
||||||
|
const p = font.charToGlyph(ch).getPath(0, 0, FS); // baseline at y=0, y-down
|
||||||
|
const contours = [];
|
||||||
|
let cur = null, prev = null;
|
||||||
|
for (const c of p.commands) {
|
||||||
|
if (c.type === 'M') {
|
||||||
|
if (cur) contours.push(cur);
|
||||||
|
cur = [{ v: [c.x, c.y], i: [c.x, c.y], o: [c.x, c.y] }];
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'L') {
|
||||||
|
cur.push({ v: [c.x, c.y], i: [c.x, c.y], o: [c.x, c.y] });
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'C') {
|
||||||
|
cur[cur.length - 1].o = [c.x1, c.y1];
|
||||||
|
cur.push({ v: [c.x, c.y], i: [c.x2, c.y2], o: [c.x, c.y] });
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'Q') {
|
||||||
|
const c1 = [prev.x + 2 / 3 * (c.x1 - prev.x), prev.y + 2 / 3 * (c.y1 - prev.y)];
|
||||||
|
const c2 = [c.x + 2 / 3 * (c.x1 - c.x), c.y + 2 / 3 * (c.y1 - c.y)];
|
||||||
|
cur[cur.length - 1].o = c1;
|
||||||
|
cur.push({ v: [c.x, c.y], i: c2, o: [c.x, c.y] });
|
||||||
|
prev = { x: c.x, y: c.y };
|
||||||
|
} else if (c.type === 'Z') {
|
||||||
|
if (cur && cur.length > 1) {
|
||||||
|
const last = cur[cur.length - 1], first = cur[0];
|
||||||
|
if (Math.hypot(last.v[0] - first.v[0], last.v[1] - first.v[1]) < 1e-3) {
|
||||||
|
first.i = last.i; // fold the duplicate closing point into the first
|
||||||
|
cur.pop();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (cur) { contours.push(cur); cur = null; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (cur) contours.push(cur);
|
||||||
|
|
||||||
|
let minx = Infinity, miny = Infinity, maxx = -Infinity, maxy = -Infinity;
|
||||||
|
const out = contours.map(ct => {
|
||||||
|
const v = [], i = [], o = [];
|
||||||
|
ct.forEach(pt => {
|
||||||
|
v.push(pt.v);
|
||||||
|
i.push([pt.i[0] - pt.v[0], pt.i[1] - pt.v[1]]);
|
||||||
|
o.push([pt.o[0] - pt.v[0], pt.o[1] - pt.v[1]]);
|
||||||
|
minx = Math.min(minx, pt.v[0]); maxx = Math.max(maxx, pt.v[0]);
|
||||||
|
miny = Math.min(miny, pt.v[1]); maxy = Math.max(maxy, pt.v[1]);
|
||||||
|
});
|
||||||
|
return { i, o, v, c: true };
|
||||||
|
});
|
||||||
|
return { contours: out, bbox: { x: minx, y: miny, w: maxx - minx, h: maxy - miny } };
|
||||||
|
}
|
||||||
|
|
||||||
|
const E = glyphContours('Э');
|
||||||
|
const D8 = glyphContours('8');
|
||||||
|
fs.writeFileSync('glyphs.json', JSON.stringify({ em: FS, E, D8 }));
|
||||||
|
console.log('Э bbox', E.bbox, 'contours', E.contours.map(c => c.v.length));
|
||||||
|
console.log('8 bbox', D8.bbox, 'contours', D8.contours.map(c => c.v.length));
|
||||||
@@ -0,0 +1,153 @@
|
|||||||
|
'use strict';
|
||||||
|
// VK preloader Lottie: a flat wooden Erudit tile ("Э" + score "8") that drops in
|
||||||
|
// under gravity, squashes on impact (convex cushion bulging out the left/right edges
|
||||||
|
// + a touch of skew), and springs back up — looping. A light "glint" is caught at the
|
||||||
|
// moment of the bounce. Pure 2D shapes (ddd:0). Glyphs are real LiberationSans
|
||||||
|
// outlines (Arial-metric, = the game's font stack); see extract.js -> glyphs.json.
|
||||||
|
const fs = require('fs');
|
||||||
|
const G = JSON.parse(fs.readFileSync(__dirname + '/glyphs.json', 'utf8'));
|
||||||
|
|
||||||
|
// ---- canvas / timing -------------------------------------------------------
|
||||||
|
const W = 96, H = 96, cx = 48;
|
||||||
|
const FR = 30, OP = 34; // ~1.13 s loop (dynamic, 25% faster)
|
||||||
|
// keyframe beats (frames): fast fall -> soft squash -> lift -> fast rise -> apex (no dwell)
|
||||||
|
const T_HIT = 13, T_PEAK = 18, T_LIFT = 19, T_REC = 28;
|
||||||
|
|
||||||
|
// ---- geometry --------------------------------------------------------------
|
||||||
|
const HW = 26, HH = 26, CR = 6; // tile half-width / half-height / corner radius
|
||||||
|
const FLOOR = 90, APEX = 60; // bottom-centre screen-y at rest / at the top of the bounce
|
||||||
|
|
||||||
|
// ---- palette ---------------------------------------------------------------
|
||||||
|
const col = h => [parseInt(h.slice(1,3),16)/255, parseInt(h.slice(3,5),16)/255, parseInt(h.slice(5,7),16)/255];
|
||||||
|
const FACE = col('#D9B978'); // wood face (flat)
|
||||||
|
const FACE_GLINT = col('#E7CD95'); // face flash caught on impact (gentle, not blinding)
|
||||||
|
const BORDER = col('#B49559'); // tile rim: a touch darker than the face, reads on any bg
|
||||||
|
const BLACK = col('#1A1A1A');
|
||||||
|
const BLACK_LIT = col('#421A0B'); // glyph warms to brown-red on the glint
|
||||||
|
const lerp = (a, b, t) => a.map((v, i) => v + (b[i] - v) * t);
|
||||||
|
|
||||||
|
// ---- property / easing helpers ---------------------------------------------
|
||||||
|
const still = v => ({ a: 0, k: v });
|
||||||
|
const EI = { o: { x: [0.82], y: [0] }, i: { x: [1], y: [1] } }; // strong accelerate (gravity fall)
|
||||||
|
const EO = { o: { x: [0], y: [0] }, i: { x: [0.18], y: [1] } }; // strong decelerate (rise to apex)
|
||||||
|
const ES = { o: { x: [0.42], y: [0] }, i: { x: [0.58], y: [1] } }; // soft/slow (the cushion)
|
||||||
|
function anim(samples) { // samples: {t, v, e?} ; e = easing toward the NEXT key
|
||||||
|
return { a: 1, k: samples.map((s, idx) => {
|
||||||
|
const kf = { t: s.t, s: s.v };
|
||||||
|
if (idx < samples.length - 1) { const e = s.e || ES; kf.o = e.o; kf.i = e.i; }
|
||||||
|
return kf;
|
||||||
|
}) };
|
||||||
|
}
|
||||||
|
const animColor = s => anim(s.map(x => ({ t: x.t, v: [...x.v, 1], e: x.e })));
|
||||||
|
|
||||||
|
// ---- shape helpers ---------------------------------------------------------
|
||||||
|
const tr = () => ({ ty: 'tr', p: still([0,0]), a: still([0,0]), s: still([100,100]), r: still(0), o: still(100) });
|
||||||
|
const grp = (items, nm) => ({ ty: 'gr', it: [...items, tr()], nm });
|
||||||
|
const fill = c => ({ ty: 'fl', c, o: still(100), r: 1, bm: 0 });
|
||||||
|
const stroke = (c,w) => ({ ty: 'st', c: still(c), o: still(100), w: still(w), lc: 2, lj: 2, ml: 4, bm: 0 });
|
||||||
|
function glyph(gd, hpx, px, py, bold, colour, nm) { // font glyph -> filled+stroked group
|
||||||
|
const sc = hpx / gd.bbox.h;
|
||||||
|
const bcx = gd.bbox.x + gd.bbox.w / 2, bcy = gd.bbox.y + gd.bbox.h / 2;
|
||||||
|
const shapes = gd.contours.map(ct => ({
|
||||||
|
ty: 'sh', d: 1, ks: still({
|
||||||
|
i: ct.i.map(p => [p[0]*sc, p[1]*sc]), o: ct.o.map(p => [p[0]*sc, p[1]*sc]),
|
||||||
|
v: ct.v.map(p => [(p[0]-bcx)*sc + px, (p[1]-bcy)*sc + py]), c: true,
|
||||||
|
}),
|
||||||
|
}));
|
||||||
|
return grp([...shapes, fill(colour), stroke(BLACK, bold)], nm);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sample the rest rounded-rect outline (clockwise): fine corner arcs + one mid point
|
||||||
|
// per straight edge, so a smooth interpolant reproduces it cleanly.
|
||||||
|
function arc(ccx, ccy, a0, a1, n) {
|
||||||
|
const out = [];
|
||||||
|
for (let i = 0; i < n; i++) { const a = (a0 + (a1 - a0) * i / (n - 1)) * Math.PI / 180; out.push([ccx + CR*Math.cos(a), ccy + CR*Math.sin(a)]); }
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
const REST = (() => {
|
||||||
|
const NC = 7, yi = HH - CR, xi = HW - CR;
|
||||||
|
const C = [ arc(xi,-yi,-90,0,NC), arc(xi,yi,0,90,NC), arc(-xi,yi,90,180,NC), arc(-xi,-yi,180,270,NC) ];
|
||||||
|
const pts = [];
|
||||||
|
for (let k = 0; k < 4; k++) {
|
||||||
|
pts.push(...C[k]);
|
||||||
|
const a = C[k][NC-1], b = C[(k+1)%4][0];
|
||||||
|
pts.push([(a[0]+b[0])/2, (a[1]+b[1])/2]); // straight-edge mid point (keeps the edge straight)
|
||||||
|
}
|
||||||
|
return pts;
|
||||||
|
})();
|
||||||
|
// The whole left/right contour (corners + side) bows out by one smooth barrel profile;
|
||||||
|
// Catmull-Rom tangents (from neighbours) make every junction C1-smooth -> no kink, the
|
||||||
|
// corners follow the cushion and the cushion melts into the corners, bulged or not.
|
||||||
|
function facePath(b) {
|
||||||
|
const f = y => b * (1 - (y/HH) * (y/HH)); // 0 at top/bottom, max at the middle
|
||||||
|
const V = REST.map(([x, y]) => [x + Math.sign(x) * f(y), y]); // push the sides out, top/bottom stay
|
||||||
|
const n = V.length, I = [], O = [];
|
||||||
|
for (let k = 0; k < n; k++) {
|
||||||
|
const p0 = V[(k-1+n)%n], p1 = V[k], p2 = V[(k+1)%n];
|
||||||
|
let dx = p2[0]-p0[0], dy = p2[1]-p0[1]; // tangent direction (neighbours)
|
||||||
|
const dl = Math.hypot(dx, dy) || 1; dx /= dl; dy /= dl;
|
||||||
|
const ln = Math.hypot(p2[0]-p1[0], p2[1]-p1[1]) / 3; // handles ~ 1/3 of the adjacent chord
|
||||||
|
const lp = Math.hypot(p1[0]-p0[0], p1[1]-p0[1]) / 3; // -> chordal spline, no overshoot/facets
|
||||||
|
O.push([dx*ln, dy*ln]); I.push([-dx*lp, -dy*lp]);
|
||||||
|
}
|
||||||
|
return { i: I, o: O, v: V, c: true };
|
||||||
|
}
|
||||||
|
const facePathKeys = samples => ({ a: 1, k: samples.map((s, idx) => {
|
||||||
|
const kf = { t: s.t, s: [facePath(s.b)] };
|
||||||
|
if (idx < samples.length - 1) { const e = s.e || ES; kf.o = e.o; kf.i = e.i; }
|
||||||
|
return kf;
|
||||||
|
}) });
|
||||||
|
|
||||||
|
// ---- animation tracks ------------------------------------------------------
|
||||||
|
// bottom-centre screen-y (the tile rests/squashes on its bottom edge)
|
||||||
|
const posY = anim([
|
||||||
|
{ t: 0, v: [cx, APEX, 0], e: EI }, // apex -> immediately falls (no dwell)
|
||||||
|
{ t: T_HIT, v: [cx, FLOOR, 0], e: ES }, // FAST fall (accelerate) -> floor
|
||||||
|
{ t: T_LIFT, v: [cx, FLOOR, 0], e: EO }, // sit on the floor while the cushion absorbs
|
||||||
|
{ t: OP, v: [cx, APEX, 0] }, // FAST rise (decelerate) -> apex = loop start
|
||||||
|
]);
|
||||||
|
// scale about the bottom anchor: stretch while falling, gentle/slow cushion squash on impact
|
||||||
|
const scl = anim([
|
||||||
|
{ t: 0, v: [100, 100, 100], e: ES },
|
||||||
|
{ t: T_HIT-5, v: [95, 106, 100], e: ES }, // stretch while falling fast
|
||||||
|
{ t: T_HIT, v: [104, 95, 100], e: ES }, // touch down
|
||||||
|
{ t: T_PEAK, v: [112, 86, 100], e: ES }, // soft squash peak (gentler, less plче)
|
||||||
|
{ t: T_REC, v: [100, 100, 100], e: ES }, // slow cushion release -> soft landing
|
||||||
|
{ t: OP, v: [100, 100, 100] },
|
||||||
|
]);
|
||||||
|
// a touch of skew through the squash (organic deform), back to 0
|
||||||
|
const skw = anim([
|
||||||
|
{ t: T_HIT, v: [0], e: ES }, { t: T_PEAK, v: [4], e: ES }, { t: T_REC, v: [0] }, { t: OP, v: [0] },
|
||||||
|
]);
|
||||||
|
// left/right cushion bulge: 0 -> gentle peak -> 0 (never inward)
|
||||||
|
const bulge = facePathKeys([
|
||||||
|
{ t: T_HIT, b: 0, e: ES }, { t: T_PEAK, b: 4, e: ES }, { t: T_REC, b: 0 }, { t: OP, b: 0 },
|
||||||
|
]);
|
||||||
|
// glint: face + glyph catch the light at the bounce
|
||||||
|
const faceCol = animColor([
|
||||||
|
{ t: T_HIT-2, v: FACE, e: ES }, { t: T_PEAK, v: FACE_GLINT, e: ES }, { t: T_REC, v: FACE }, { t: OP, v: FACE },
|
||||||
|
]);
|
||||||
|
const glyphCol = animColor([
|
||||||
|
{ t: T_HIT-2, v: BLACK, e: ES }, { t: T_PEAK, v: BLACK_LIT, e: ES }, { t: T_REC, v: BLACK }, { t: OP, v: BLACK },
|
||||||
|
]);
|
||||||
|
|
||||||
|
// ---- layer (face + glyphs share the bounce/squash transform) ---------------
|
||||||
|
const faceShape = grp([ { ty: 'sh', d: 1, ks: bulge }, fill(faceCol), stroke(BORDER, 1.8) ], 'face');
|
||||||
|
const glyphE = glyph(G.E, 32, 0, -1, 1.0, glyphCol, 'E'); // centred Э
|
||||||
|
const glyph8 = glyph(G.D8, 8.5, HW-6.5, HH-7.5, 0.5, glyphCol, 'score'); // 8 in the corner
|
||||||
|
|
||||||
|
const tile = {
|
||||||
|
ddd: 0, ind: 1, ty: 4, nm: 'tile', sr: 1,
|
||||||
|
ks: { o: still(100), r: still(0), p: posY, a: still([0, HH, 0]), s: scl, sk: skw, sa: still(0) },
|
||||||
|
ao: 0, shapes: [ glyph8, glyphE, faceShape ], ip: 0, op: OP, st: 0, bm: 0,
|
||||||
|
};
|
||||||
|
|
||||||
|
const root = {
|
||||||
|
v: '5.7.4', fr: FR, ip: 0, op: OP, w: W, h: H, nm: 'erudit-vk-loader', ddd: 0,
|
||||||
|
assets: [], layers: [ tile ], markers: [],
|
||||||
|
};
|
||||||
|
|
||||||
|
const out = process.argv[2] || 'erudit.json';
|
||||||
|
const round = (k, v) => (typeof v === 'number' ? Math.round(v * 100) / 100 : v);
|
||||||
|
fs.writeFileSync(out, JSON.stringify(root, round));
|
||||||
|
console.log('wrote', out, fs.statSync(out).size, 'bytes');
|
||||||
File diff suppressed because one or more lines are too long
Binary file not shown.
|
After Width: | Height: | Size: 91 KiB |
File diff suppressed because one or more lines are too long
+6
-4
@@ -7,12 +7,14 @@
|
|||||||
# (GOPRIVATE), so the build stage needs git and network.
|
# (GOPRIVATE), so the build stage needs git and network.
|
||||||
#
|
#
|
||||||
# Build from the repository root so go.work, go.work.sum, pkg/ and backend/ are all
|
# Build from the repository root so go.work, go.work.sum, pkg/ and backend/ are all
|
||||||
# in the Docker context:
|
# in the Docker context. DICT_VERSION has no default — the caller supplies the
|
||||||
# docker build -f backend/Dockerfile -t scrabble-backend .
|
# scrabble-dictionary release tag (compose/CI pass it; see deploy/README.md
|
||||||
|
# "Bumping the dictionary version"):
|
||||||
|
# docker build --build-arg DICT_VERSION=v1.3.0 -f backend/Dockerfile -t scrabble-backend .
|
||||||
|
|
||||||
# --- dictionary artifact -----------------------------------------------------
|
# --- dictionary artifact -----------------------------------------------------
|
||||||
FROM alpine:3.20 AS dawg
|
FROM alpine:3.20 AS dawg
|
||||||
ARG DICT_VERSION=v1.2.1
|
ARG DICT_VERSION
|
||||||
RUN apk add --no-cache curl tar
|
RUN apk add --no-cache curl tar
|
||||||
RUN mkdir -p /dawg \
|
RUN mkdir -p /dawg \
|
||||||
&& curl -fsSL -o /tmp/dawg.tar.gz \
|
&& curl -fsSL -o /tmp/dawg.tar.gz \
|
||||||
@@ -42,7 +44,7 @@ FROM gcr.io/distroless/static-debian12:nonroot
|
|||||||
# Re-declare the build arg in this stage so it labels the seed dictionary. One
|
# Re-declare the build arg in this stage so it labels the seed dictionary. One
|
||||||
# DICT_VERSION drives both the artifact the dawg stage downloads and the version
|
# DICT_VERSION drives both the artifact the dawg stage downloads and the version
|
||||||
# label the binary pins, so the resident version equals the release tag.
|
# label the binary pins, so the resident version equals the release tag.
|
||||||
ARG DICT_VERSION=v1.2.1
|
ARG DICT_VERSION
|
||||||
COPY --from=build /out/backend /usr/local/bin/backend
|
COPY --from=build /out/backend /usr/local/bin/backend
|
||||||
# Own the seed dictionary as the nonroot runtime user (UID 65532): a named volume
|
# Own the seed dictionary as the nonroot runtime user (UID 65532): a named volume
|
||||||
# mounted at /opt/dawg inherits this ownership on first use, so the admin console
|
# mounted at /opt/dawg inherits this ownership on first use, so the admin console
|
||||||
|
|||||||
+12
-8
@@ -43,8 +43,10 @@ per-user blocks, and per-game chat with nudges folded in as a message kind; chat
|
|||||||
messages are length-capped, content-filtered (no links/emails/phone numbers,
|
messages are length-capped, content-filtered (no links/emails/phone numbers,
|
||||||
including obfuscated forms) and stored with the sender's IP. Each message carries an
|
including obfuscated forms) and stored with the sender's IP. Each message carries an
|
||||||
`unread_seats` read bitmask (a set bit per recipient seat still to read it); `MarkRead`
|
`unread_seats` read bitmask (a set bit per recipient seat still to read it); `MarkRead`
|
||||||
clears a reader's bit when they open the move history or chat, and a wired `NudgeClearer`
|
clears a reader's bit when they open the move history or chat, a wired `NudgeClearer`
|
||||||
clears a nudge when its recipient moves — both record the publish-to-read latency.
|
clears a nudge when its recipient moves, and a wired `NudgeExpirer` clears **all** of a game's
|
||||||
|
nudges when it finishes (any completion path) — the first two record the publish-to-read latency,
|
||||||
|
the completion expiry does not (it is not a read); chat messages stay unread on completion.
|
||||||
A friend request (or block) aimed at a **disguised pooled robot** is recorded per game+seat
|
A friend request (or block) aimed at a **disguised pooled robot** is recorded per game+seat
|
||||||
in `robot_friend_requests` / `robot_blocks`, never against the shared robot account; a
|
in `robot_friend_requests` / `robot_blocks`, never against the shared robot account; a
|
||||||
background reaper drops a robot friend request once its game has been finished for **7 days**.
|
background reaper drops a robot friend request once its game has been finished for **7 days**.
|
||||||
@@ -212,11 +214,13 @@ internal/banview/ # gateway active-ban mirror: the console's Active IP bans p
|
|||||||
| `BACKEND_LOBBY_ROBOT_WAIT` | `10s` | Auto-match wait before a robot is substituted for a missing human. |
|
| `BACKEND_LOBBY_ROBOT_WAIT` | `10s` | Auto-match wait before a robot is substituted for a missing human. |
|
||||||
| `BACKEND_LOBBY_REAPER_INTERVAL` | `1s` | How often the substitution reaper scans for over-waited players. |
|
| `BACKEND_LOBBY_REAPER_INTERVAL` | `1s` | How often the substitution reaper scans for over-waited players. |
|
||||||
| `BACKEND_ROBOT_DRIVE_INTERVAL` | `30s` | How often the robot driver scans for due robot turns. |
|
| `BACKEND_ROBOT_DRIVE_INTERVAL` | `30s` | How often the robot driver scans for due robot turns. |
|
||||||
| `BACKEND_SMTP_HOST` | — | Email relay host. **Empty selects the development log mailer** (the confirm-code is logged, not sent). |
|
| `BACKEND_SMTP_HOST` | — | Confirm-code relay host. **Empty selects the development log mailer** (the code is logged, not sent). |
|
||||||
| `BACKEND_SMTP_PORT` | `587` | Email relay port. |
|
| `BACKEND_SMTP_PORT` | `587` | Relay port. No client certificate is needed (the server cert is validated against the system roots). |
|
||||||
| `BACKEND_SMTP_USERNAME` | — | SMTP user; empty relays without authentication. |
|
| `BACKEND_SMTP_TLS` | — | Transport security: `ssl` (implicit TLS from connect) or `starttls`. Empty derives it from the port (implicit on `465`, STARTTLS otherwise); set it for a relay on a non-standard port (e.g. Selectel's `1127` = SSL, `1126` = STARTTLS). |
|
||||||
| `BACKEND_SMTP_PASSWORD` | — | SMTP password. |
|
| `BACKEND_SMTP_USERNAME` | — | SMTP AUTH user; empty relays without authentication. |
|
||||||
| `BACKEND_SMTP_FROM` | `no-reply@localhost` | Envelope/From address for confirm-codes. |
|
| `BACKEND_SMTP_PASSWORD` | — | SMTP AUTH password. |
|
||||||
|
| `BACKEND_SMTP_FROM` | `no-reply@localhost` | From address. A deployed contour must use the prod domain (the relay only accepts its verified sender domain). |
|
||||||
|
| `BACKEND_PUBLIC_BASE_URL` | — | Canonical public origin (scheme + host) for links in the email. **Required when `BACKEND_SMTP_HOST` is set.** Never derived from a request Host header (anti-injection). |
|
||||||
| `BACKEND_CONNECTOR_ADDR` | — | the gateway bot-link relay gRPC address for admin-console operator broadcasts. Empty disables broadcasts. |
|
| `BACKEND_CONNECTOR_ADDR` | — | the gateway bot-link relay gRPC address for admin-console operator broadcasts. Empty disables broadcasts. |
|
||||||
| `BACKEND_GUEST_REAP_INTERVAL` | `1h` | How often the abandoned-guest reaper sweeps. |
|
| `BACKEND_GUEST_REAP_INTERVAL` | `1h` | How often the abandoned-guest reaper sweeps. |
|
||||||
| `BACKEND_GUEST_RETENTION` | `720h` | Account age past which a guest with no game seat is deleted. |
|
| `BACKEND_GUEST_RETENTION` | `720h` | Account age past which a guest with no game seat is deleted. |
|
||||||
@@ -228,7 +232,7 @@ internal/banview/ # gateway active-ban mirror: the console's Active IP bans p
|
|||||||
```sh
|
```sh
|
||||||
docker run -d --name scrabble-pg -e POSTGRES_PASSWORD=dev -p 5432:5432 postgres:17-alpine
|
docker run -d --name scrabble-pg -e POSTGRES_PASSWORD=dev -p 5432:5432 postgres:17-alpine
|
||||||
# DAWGs: extract the dictionary release artifact (or point at a local scrabble-solver/dawg):
|
# DAWGs: extract the dictionary release artifact (or point at a local scrabble-solver/dawg):
|
||||||
mkdir -p /tmp/dawg && curl -fsSL https://gitea.iliadenisov.ru/developer/scrabble-dictionary/releases/download/v1.2.1/scrabble-dawg-v1.2.1.tar.gz | tar xz -C /tmp/dawg
|
mkdir -p /tmp/dawg && curl -fsSL https://gitea.iliadenisov.ru/developer/scrabble-dictionary/releases/download/v1.3.0/scrabble-dawg-v1.3.0.tar.gz | tar xz -C /tmp/dawg
|
||||||
BACKEND_POSTGRES_DSN='postgres://postgres:dev@localhost:5432/postgres?search_path=backend&sslmode=disable' \
|
BACKEND_POSTGRES_DSN='postgres://postgres:dev@localhost:5432/postgres?search_path=backend&sslmode=disable' \
|
||||||
BACKEND_DICT_DIR=/tmp/dawg \
|
BACKEND_DICT_DIR=/tmp/dawg \
|
||||||
GOPRIVATE='gitea.iliadenisov.ru/*' \
|
GOPRIVATE='gitea.iliadenisov.ru/*' \
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -20,6 +21,7 @@ import (
|
|||||||
|
|
||||||
"scrabble/backend/internal/account"
|
"scrabble/backend/internal/account"
|
||||||
"scrabble/backend/internal/accountmerge"
|
"scrabble/backend/internal/accountmerge"
|
||||||
|
"scrabble/backend/internal/adminalert"
|
||||||
"scrabble/backend/internal/ads"
|
"scrabble/backend/internal/ads"
|
||||||
"scrabble/backend/internal/banview"
|
"scrabble/backend/internal/banview"
|
||||||
"scrabble/backend/internal/config"
|
"scrabble/backend/internal/config"
|
||||||
@@ -33,6 +35,7 @@ import (
|
|||||||
"scrabble/backend/internal/postgres"
|
"scrabble/backend/internal/postgres"
|
||||||
"scrabble/backend/internal/pushgrpc"
|
"scrabble/backend/internal/pushgrpc"
|
||||||
"scrabble/backend/internal/ratewatch"
|
"scrabble/backend/internal/ratewatch"
|
||||||
|
"scrabble/backend/internal/render"
|
||||||
"scrabble/backend/internal/robot"
|
"scrabble/backend/internal/robot"
|
||||||
"scrabble/backend/internal/server"
|
"scrabble/backend/internal/server"
|
||||||
"scrabble/backend/internal/session"
|
"scrabble/backend/internal/session"
|
||||||
@@ -43,6 +46,10 @@ import (
|
|||||||
// telemetryShutdownTimeout bounds the OpenTelemetry flush during process exit.
|
// telemetryShutdownTimeout bounds the OpenTelemetry flush during process exit.
|
||||||
const telemetryShutdownTimeout = 5 * time.Second
|
const telemetryShutdownTimeout = 5 * time.Second
|
||||||
|
|
||||||
|
// adminAlertInterval is how often the operator-alert worker checks for new feedback /
|
||||||
|
// complaints; a burst within one interval coalesces into a single digest email.
|
||||||
|
const adminAlertInterval = 5 * time.Minute
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
cfg, err := config.Load()
|
cfg, err := config.Load()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -161,6 +168,15 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
zap.Duration("interval", cfg.GuestReapInterval),
|
zap.Duration("interval", cfg.GuestReapInterval),
|
||||||
zap.Duration("retention", cfg.GuestRetention))
|
zap.Duration("retention", cfg.GuestRetention))
|
||||||
|
|
||||||
|
// Purge the account-deletion legal dossier past its retention TTL: the
|
||||||
|
// retained-identities journal, and the feedback thread + dossier PII of long-deleted
|
||||||
|
// accounts (chat is kept). Checked daily; the TTL is a two-year policy constant.
|
||||||
|
retentionReaper := account.NewRetentionReaper(accounts, account.RetentionTTL, logger)
|
||||||
|
go retentionReaper.Run(ctx, 24*time.Hour)
|
||||||
|
logger.Info("retention reaper started",
|
||||||
|
zap.Duration("interval", 24*time.Hour),
|
||||||
|
zap.Duration("retention", account.RetentionTTL))
|
||||||
|
|
||||||
// Re-evaluate moderated-chat write access when a temporary block self-expires:
|
// Re-evaluate moderated-chat write access when a temporary block self-expires:
|
||||||
// no operator action fires then, so the sweeper emits the chat-access-changed
|
// no operator action fires then, so the sweeper emits the chat-access-changed
|
||||||
// event for lapsed blocks and the gateway re-pushes the chat-gate command.
|
// event for lapsed blocks and the gateway re-pushes the chat-gate command.
|
||||||
@@ -173,15 +189,20 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
// Lobby & social domains. Their REST and stream surface lives in the gateway,
|
// Lobby & social domains. Their REST and stream surface lives in the gateway,
|
||||||
// so they are handed to the server (like the route groups) for the handlers.
|
// so they are handed to the server (like the route groups) for the handlers.
|
||||||
mailer := newMailer(cfg.SMTP, logger)
|
mailer := newMailer(cfg.SMTP, logger)
|
||||||
emails := account.NewEmailService(accounts, mailer)
|
emails := account.NewEmailService(accounts, mailer, cfg.PublicBaseURL)
|
||||||
|
// Throttle confirm-code sends per recipient: at most one per minute and five per
|
||||||
|
// rolling hour, guarding against email bombing and the relay's own quota.
|
||||||
|
emails.SetSendLimiter(account.NewSendLimiter(time.Minute, 5))
|
||||||
// Account linking & merge: the orchestrator over the account, merge and
|
// Account linking & merge: the orchestrator over the account, merge and
|
||||||
// session layers. Wired to the /api/v1/user/link REST surface below.
|
// session layers. Wired to the /api/v1/user/link REST surface below.
|
||||||
links := link.NewService(emails, accounts, accountmerge.NewMerger(db), sessions)
|
links := link.NewService(emails, accounts, accountmerge.NewMerger(db), sessions)
|
||||||
socialSvc := social.NewService(social.NewStore(db), accounts, games)
|
socialSvc := social.NewService(social.NewStore(db), accounts, games)
|
||||||
socialSvc.SetNotifier(hub)
|
socialSvc.SetNotifier(hub)
|
||||||
socialSvc.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/social"))
|
socialSvc.SetMetrics(tel.MeterProvider().Meter("scrabble/backend/social"))
|
||||||
// A nudge the recipient answered by moving is marked read on the move path.
|
// A nudge the recipient answered by moving is marked read on the move path; every nudge in a
|
||||||
|
// game is marked read when the game finishes (a stale badge), on any completion path.
|
||||||
games.SetNudgeClearer(socialSvc.ClearNudges)
|
games.SetNudgeClearer(socialSvc.ClearNudges)
|
||||||
|
games.SetNudgeExpirer(socialSvc.ExpireNudges)
|
||||||
// Reap per-game disguised-robot friend requests once their game is long finished
|
// Reap per-game disguised-robot friend requests once their game is long finished
|
||||||
// (the robot ignores them; the row only pins the in-game "request sent" state).
|
// (the robot ignores them; the row only pins the in-game "request sent" state).
|
||||||
robotReqReaper := social.NewRobotFriendRequestReaper(socialSvc, logger)
|
robotReqReaper := social.NewRobotFriendRequestReaper(socialSvc, logger)
|
||||||
@@ -192,6 +213,18 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
feedbackSvc := feedback.NewService(feedback.NewStore(db), accounts)
|
feedbackSvc := feedback.NewService(feedback.NewStore(db), accounts)
|
||||||
feedbackSvc.SetNotifier(hub)
|
feedbackSvc.SetNotifier(hub)
|
||||||
|
|
||||||
|
// Operator alert emails on new feedback / word complaints, coalesced into one digest
|
||||||
|
// per interval. Inert unless a distinct admin sender and recipient are configured.
|
||||||
|
if cfg.SMTP.AdminFrom != "" && cfg.SMTP.AdminTo != "" {
|
||||||
|
consoleURL := ""
|
||||||
|
if cfg.PublicBaseURL != "" {
|
||||||
|
consoleURL = strings.TrimRight(cfg.PublicBaseURL, "/") + "/_gm"
|
||||||
|
}
|
||||||
|
alerts := adminalert.New(mailer, feedbackSvc, games, cfg.SMTP.AdminFrom, cfg.SMTP.AdminTo, consoleURL, logger)
|
||||||
|
go alerts.Run(ctx, adminAlertInterval)
|
||||||
|
logger.Info("admin alert worker started", zap.Duration("interval", adminAlertInterval))
|
||||||
|
}
|
||||||
|
|
||||||
// Robot opponent: provision its durable account pool (a hard startup
|
// Robot opponent: provision its durable account pool (a hard startup
|
||||||
// dependency, like the dictionaries) and start its move driver. The matchmaker
|
// dependency, like the dictionaries) and start its move driver. The matchmaker
|
||||||
// substitutes a pooled robot for a missing human after the wait window.
|
// substitutes a pooled robot for a missing human after the wait window.
|
||||||
@@ -230,6 +263,13 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
// block and the banner admin console section.
|
// block and the banner admin console section.
|
||||||
adsSvc := ads.NewService(ads.NewStore(db))
|
adsSvc := ads.NewService(ads.NewStore(db))
|
||||||
|
|
||||||
|
// The image-render sidecar client for the PNG export artifact; nil (PNG
|
||||||
|
// download answers 404) when BACKEND_RENDERER_URL is unset.
|
||||||
|
var renderer *render.Client
|
||||||
|
if cfg.RendererURL != "" {
|
||||||
|
renderer = render.New(cfg.RendererURL)
|
||||||
|
}
|
||||||
|
|
||||||
srv := server.New(cfg.HTTPAddr, server.Deps{
|
srv := server.New(cfg.HTTPAddr, server.Deps{
|
||||||
Logger: logger,
|
Logger: logger,
|
||||||
DB: db,
|
DB: db,
|
||||||
@@ -251,6 +291,8 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
|||||||
BanView: banView,
|
BanView: banView,
|
||||||
Ads: adsSvc,
|
Ads: adsSvc,
|
||||||
Notifier: hub,
|
Notifier: hub,
|
||||||
|
ExportSignKey: cfg.ExportSignKey,
|
||||||
|
Renderer: renderer,
|
||||||
})
|
})
|
||||||
pushSrv := pushgrpc.NewServer(cfg.GRPCAddr, hub, logger)
|
pushSrv := pushgrpc.NewServer(cfg.GRPCAddr, hub, logger)
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,193 @@
|
|||||||
|
// Command dictgen dumps golden parity vectors from the committed dawg
|
||||||
|
// dictionaries so the TypeScript dawg reader can be checked byte-for-byte
|
||||||
|
// against the authoritative Go dafsa reader.
|
||||||
|
//
|
||||||
|
// For each *.dawg file it writes, into the output directory:
|
||||||
|
//
|
||||||
|
// - <name>.words.bin — every stored word as alphabet-index bytes, in index
|
||||||
|
// order, framed as [1-byte length][length index bytes]. The word at stream
|
||||||
|
// position k has IndexOfB == k.
|
||||||
|
// - <name>.neg.bin — negative lookups (sequences whose IndexOfB is -1), same
|
||||||
|
// framing, to exercise the not-found path at varying depths.
|
||||||
|
// - <name>.meta.json — NumAdded/NumNodes/NumEdges plus the alphabet size, for
|
||||||
|
// a header-parse sanity cross-check on the TS side.
|
||||||
|
//
|
||||||
|
// It is a development tool (not built into any service), analogous to
|
||||||
|
// cmd/jetgen. Run it from the repository root:
|
||||||
|
//
|
||||||
|
// go run ./backend/cmd/dictgen -dawg-dir ../scrabble-solver/dawg -out <dir>
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"fmt"
|
||||||
|
"math/rand"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"sort"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
dawg "github.com/iliadenisov/dafsa"
|
||||||
|
)
|
||||||
|
|
||||||
|
// meta is the per-dictionary sanity payload cross-checked by the TS reader.
|
||||||
|
type meta struct {
|
||||||
|
NumAdded int `json:"numAdded"`
|
||||||
|
NumNodes int `json:"numNodes"`
|
||||||
|
NumEdges int `json:"numEdges"`
|
||||||
|
Alphabet int `json:"alphabet"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
dawgDir := flag.String("dawg-dir", "../scrabble-solver/dawg", "directory holding the .dawg files")
|
||||||
|
outDir := flag.String("out", "", "output directory for the golden files (required)")
|
||||||
|
negCount := flag.Int("neg", 20000, "number of negative lookups to emit per dictionary")
|
||||||
|
flag.Parse()
|
||||||
|
|
||||||
|
if *outDir == "" {
|
||||||
|
fail("-out is required")
|
||||||
|
}
|
||||||
|
if err := os.MkdirAll(*outDir, 0o755); err != nil {
|
||||||
|
fail("mkdir out: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
files, err := filepath.Glob(filepath.Join(*dawgDir, "*.dawg"))
|
||||||
|
if err != nil {
|
||||||
|
fail("glob: %v", err)
|
||||||
|
}
|
||||||
|
sort.Strings(files)
|
||||||
|
if len(files) == 0 {
|
||||||
|
fail("no .dawg files in %s", *dawgDir)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, f := range files {
|
||||||
|
if err := process(f, *outDir, *negCount); err != nil {
|
||||||
|
fail("%s: %v", filepath.Base(f), err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// process emits the golden files for a single dawg dictionary.
|
||||||
|
func process(path, outDir string, negCount int) error {
|
||||||
|
name := strings.TrimSuffix(filepath.Base(path), ".dawg")
|
||||||
|
|
||||||
|
data, err := os.ReadFile(path)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
finder, err := dawg.Read(bytes.NewReader(data), 0)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("read dawg: %w", err)
|
||||||
|
}
|
||||||
|
defer finder.Close()
|
||||||
|
|
||||||
|
// Stream every stored word in index order; keep a decimated sample and the
|
||||||
|
// maximum alphabet index for negative generation.
|
||||||
|
wf, err := os.Create(filepath.Join(outDir, name+".words.bin"))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
bw := bufio.NewWriter(wf)
|
||||||
|
|
||||||
|
var (
|
||||||
|
count int
|
||||||
|
maxIx byte
|
||||||
|
sample [][]byte
|
||||||
|
)
|
||||||
|
finder.EnumerateB(func(index int, word []byte, final bool) int {
|
||||||
|
if !final {
|
||||||
|
return 0 // Continue
|
||||||
|
}
|
||||||
|
if index != count {
|
||||||
|
panic(fmt.Sprintf("%s: enumerate index gap: got %d want %d", name, index, count))
|
||||||
|
}
|
||||||
|
writeWord(bw, word)
|
||||||
|
for _, b := range word {
|
||||||
|
if b > maxIx {
|
||||||
|
maxIx = b
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if count%4 == 0 && len(sample) < 60000 {
|
||||||
|
sample = append(sample, append([]byte(nil), word...))
|
||||||
|
}
|
||||||
|
count++
|
||||||
|
return 0 // Continue
|
||||||
|
})
|
||||||
|
if err := bw.Flush(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := wf.Close(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if count != finder.NumAdded() {
|
||||||
|
return fmt.Errorf("word count %d != NumAdded %d", count, finder.NumAdded())
|
||||||
|
}
|
||||||
|
|
||||||
|
alphabet := int(maxIx) + 1
|
||||||
|
|
||||||
|
// Negatives: mutate sampled real words and keep the ones the reader rejects.
|
||||||
|
nf, err := os.Create(filepath.Join(outDir, name+".neg.bin"))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
nbw := bufio.NewWriter(nf)
|
||||||
|
rng := rand.New(rand.NewSource(1))
|
||||||
|
neg := 0
|
||||||
|
for neg < negCount && len(sample) > 0 {
|
||||||
|
base := sample[rng.Intn(len(sample))]
|
||||||
|
cand := append([]byte(nil), base...)
|
||||||
|
switch rng.Intn(3) {
|
||||||
|
case 0: // extend by one index
|
||||||
|
cand = append(cand, byte(rng.Intn(alphabet)))
|
||||||
|
case 1: // flip one index
|
||||||
|
if len(cand) > 0 {
|
||||||
|
cand[rng.Intn(len(cand))] = byte(rng.Intn(alphabet))
|
||||||
|
}
|
||||||
|
case 2: // drop the tail and flip the new last index
|
||||||
|
if len(cand) > 1 {
|
||||||
|
cand = cand[:len(cand)-1]
|
||||||
|
cand[len(cand)-1] = byte(rng.Intn(alphabet))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if finder.IndexOfB(cand) == -1 {
|
||||||
|
writeWord(nbw, cand)
|
||||||
|
neg++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := nbw.Flush(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := nf.Close(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
m := meta{NumAdded: finder.NumAdded(), NumNodes: finder.NumNodes(), NumEdges: finder.NumEdges(), Alphabet: alphabet}
|
||||||
|
mb, err := json.MarshalIndent(m, "", " ")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := os.WriteFile(filepath.Join(outDir, name+".meta.json"), mb, 0o644); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("%-12s words=%d negatives=%d alphabet=%d nodes=%d edges=%d\n",
|
||||||
|
name, count, neg, alphabet, finder.NumNodes(), finder.NumEdges())
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// writeWord frames one index-byte word as [length][bytes].
|
||||||
|
func writeWord(w *bufio.Writer, word []byte) {
|
||||||
|
if len(word) > 255 {
|
||||||
|
panic(fmt.Sprintf("word too long to frame: %d", len(word)))
|
||||||
|
}
|
||||||
|
w.WriteByte(byte(len(word)))
|
||||||
|
w.Write(word)
|
||||||
|
}
|
||||||
|
|
||||||
|
func fail(format string, args ...any) {
|
||||||
|
fmt.Fprintf(os.Stderr, "dictgen: "+format+"\n", args...)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
@@ -0,0 +1,486 @@
|
|||||||
|
// Command validategen produces golden conformance fixtures for the TypeScript
|
||||||
|
// move validator (ui/src/lib/dict/validate.ts). For each variant it self-plays
|
||||||
|
// greedy games with the authoritative scrabble-solver engine to build realistic
|
||||||
|
// board positions, then records a battery of candidate plays — the engine's own
|
||||||
|
// top move, letter-mutated variants, random scatters and (on the empty board) an
|
||||||
|
// off-centre translation — each paired with the ground-truth result of
|
||||||
|
// ValidatePlayOpts (legal, score, the words formed). The TS conformance test
|
||||||
|
// replays these and must agree exactly.
|
||||||
|
//
|
||||||
|
// It is a development tool (not built into any service), analogous to
|
||||||
|
// cmd/dictgen. Run it from the repository root:
|
||||||
|
//
|
||||||
|
// go run ./backend/cmd/validategen -dawg-dir ../scrabble-solver/dawg -out <dir>
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"fmt"
|
||||||
|
"math/rand"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/board"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rack"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/rules"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/scrabble"
|
||||||
|
"gitea.iliadenisov.ru/developer/scrabble-solver/selfplay"
|
||||||
|
dawg "github.com/iliadenisov/dafsa"
|
||||||
|
)
|
||||||
|
|
||||||
|
// blankTile marks a blank tile in a drawn hand (matches selfplay).
|
||||||
|
const blankTile byte = 0xff
|
||||||
|
|
||||||
|
// variantSpec pairs a variant label with its ruleset and dawg file.
|
||||||
|
type variantSpec struct {
|
||||||
|
name string
|
||||||
|
rules *rules.Ruleset
|
||||||
|
dawg string
|
||||||
|
}
|
||||||
|
|
||||||
|
// cell is an occupied board square or a placement (alphabet-index letter).
|
||||||
|
type cell struct {
|
||||||
|
R, C, Letter int
|
||||||
|
Blank bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// word mirrors scrabble.Word in index space.
|
||||||
|
type word struct {
|
||||||
|
Row, Col, Dir int
|
||||||
|
Letters []int
|
||||||
|
Blanks []bool
|
||||||
|
Score int
|
||||||
|
}
|
||||||
|
|
||||||
|
// fixture is one candidate play with the engine's ground-truth verdict.
|
||||||
|
type fixture struct {
|
||||||
|
Board int `json:"board"` // index into the boards list
|
||||||
|
Dir int `json:"dir"`
|
||||||
|
IgnoreCrossWords bool `json:"ignoreCrossWords"`
|
||||||
|
Tiles []cell `json:"tiles"`
|
||||||
|
Legal bool `json:"legal"`
|
||||||
|
Score int `json:"score"`
|
||||||
|
Bonus int `json:"bonus"`
|
||||||
|
Main *word `json:"main,omitempty"`
|
||||||
|
Cross []word `json:"cross,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// alphaEntry mirrors one row of the per-variant alphabet table the server sends the
|
||||||
|
// client (index, concrete letter as the ruleset emits it, tile value), so the adapter
|
||||||
|
// cross-test can drive the letter-space client path exactly as production does.
|
||||||
|
type alphaEntry struct {
|
||||||
|
Index int `json:"index"`
|
||||||
|
Letter string `json:"letter"`
|
||||||
|
Value int `json:"value"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// variantFile is the whole conformance payload for one variant.
|
||||||
|
type variantFile struct {
|
||||||
|
Variant string `json:"variant"`
|
||||||
|
Rows int `json:"rows"`
|
||||||
|
Cols int `json:"cols"`
|
||||||
|
Center int `json:"center"`
|
||||||
|
RackSize int `json:"rackSize"`
|
||||||
|
Bingo int `json:"bingo"`
|
||||||
|
Values []int `json:"values"`
|
||||||
|
Premiums []int `json:"premiums"` // row-major rules.Premium codes
|
||||||
|
Alphabet []alphaEntry `json:"alphabet"`
|
||||||
|
Boards [][]cell `json:"boards"`
|
||||||
|
Fixtures []fixture `json:"fixtures"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
dawgDir := flag.String("dawg-dir", "../scrabble-solver/dawg", "directory holding the .dawg files")
|
||||||
|
outDir := flag.String("out", "", "output directory for the fixture files (required)")
|
||||||
|
games := flag.Int("games", 6, "self-play games per (variant, rule)")
|
||||||
|
plies := flag.Int("plies", 40, "maximum plies captured per game")
|
||||||
|
flag.Parse()
|
||||||
|
if *outDir == "" {
|
||||||
|
fail("-out is required")
|
||||||
|
}
|
||||||
|
if err := os.MkdirAll(*outDir, 0o755); err != nil {
|
||||||
|
fail("mkdir out: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
specs := []variantSpec{
|
||||||
|
{"scrabble_en", rules.English(), "en_sowpods.dawg"},
|
||||||
|
{"scrabble_ru", rules.RussianScrabble(), "ru_scrabble.dawg"},
|
||||||
|
{"erudit_ru", rules.Erudit(), "ru_erudit.dawg"},
|
||||||
|
}
|
||||||
|
for _, sp := range specs {
|
||||||
|
if err := generate(sp, *dawgDir, *outDir, *games, *plies); err != nil {
|
||||||
|
fail("%s: %v", sp.name, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func generate(sp variantSpec, dawgDir, outDir string, games, plies int) error {
|
||||||
|
data, err := os.ReadFile(filepath.Join(dawgDir, sp.dawg))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
finder, err := dawg.Read(bytes.NewReader(data), 0)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("read dawg: %w", err)
|
||||||
|
}
|
||||||
|
defer finder.Close()
|
||||||
|
|
||||||
|
rs := sp.rules
|
||||||
|
solver := scrabble.NewSolver(rs, finder)
|
||||||
|
|
||||||
|
out := variantFile{
|
||||||
|
Variant: sp.name, Rows: rs.Rows, Cols: rs.Cols, Center: rs.Center,
|
||||||
|
RackSize: rs.RackSize, Bingo: rs.Bingo, Values: rs.Values,
|
||||||
|
Premiums: premiumCodes(rs), Alphabet: alphabetOf(rs),
|
||||||
|
}
|
||||||
|
|
||||||
|
// Capture under both the standard rule and the single-word rule, building the
|
||||||
|
// board with the same rule so positions are reachable under it.
|
||||||
|
for _, ignore := range []bool{false, true} {
|
||||||
|
opts := scrabble.PlayOptions{IgnoreCrossWords: ignore}
|
||||||
|
for g := range games {
|
||||||
|
seed := int64(g*1000) + boolseed(ignore) + variantSeed(sp.name)
|
||||||
|
playAndCapture(&out, rs, solver, opts, seed, plies)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
b, err := json.Marshal(&out)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := os.WriteFile(filepath.Join(outDir, sp.name+".fixtures.json"), b, 0o644); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
fmt.Printf("%-12s boards=%d fixtures=%d\n", sp.name, len(out.Boards), len(out.Fixtures))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// playAndCapture greedily self-plays one game, recording candidate plays against
|
||||||
|
// each board position along the way.
|
||||||
|
func playAndCapture(out *variantFile, rs *rules.Ruleset, solver *scrabble.Solver, opts scrabble.PlayOptions, seed int64, plies int) {
|
||||||
|
rng := rand.New(rand.NewSource(seed))
|
||||||
|
bag := selfplay.NewBag(rs, seed)
|
||||||
|
b := board.New(rs.Rows, rs.Cols)
|
||||||
|
hands := [2][]byte{bag.Draw(rs.RackSize), bag.Draw(rs.RackSize)}
|
||||||
|
|
||||||
|
passes := 0
|
||||||
|
for turn := range plies {
|
||||||
|
p := turn % 2
|
||||||
|
rk := rackOf(hands[p], rs.Size())
|
||||||
|
moves := solver.GenerateMovesOpts(b, rk, scrabble.Both, opts)
|
||||||
|
if len(moves) == 0 {
|
||||||
|
if passes++; passes >= 4 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
passes = 0
|
||||||
|
top := moves[0]
|
||||||
|
|
||||||
|
boardIdx := len(out.Boards)
|
||||||
|
out.Boards = append(out.Boards, boardCells(b))
|
||||||
|
captureCandidates(out, rs, solver, opts, b, boardIdx, top, rng)
|
||||||
|
|
||||||
|
scrabble.Apply(b, top)
|
||||||
|
hands[p] = removeUsed(hands[p], top)
|
||||||
|
if need := rs.RackSize - len(hands[p]); need > 0 {
|
||||||
|
hands[p] = append(hands[p], bag.Draw(need)...)
|
||||||
|
}
|
||||||
|
if len(hands[p]) == 0 && bag.Len() == 0 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// captureCandidates records the engine's top move plus derived candidates for one
|
||||||
|
// board, each with its ValidatePlayOpts verdict.
|
||||||
|
func captureCandidates(out *variantFile, rs *rules.Ruleset, solver *scrabble.Solver, opts scrabble.PlayOptions, b *board.Board, boardIdx int, top scrabble.Move, rng *rand.Rand) {
|
||||||
|
size := rs.Size()
|
||||||
|
record := func(tiles []scrabble.Placement) {
|
||||||
|
if len(tiles) == 0 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
out.Fixtures = append(out.Fixtures, makeFixture(solver, opts, b, boardIdx, tiles))
|
||||||
|
}
|
||||||
|
|
||||||
|
// The engine's own top move (legal).
|
||||||
|
record(top.Tiles)
|
||||||
|
|
||||||
|
// Letter-mutated variants: usually reject on the dictionary, occasionally form
|
||||||
|
// a different legal word.
|
||||||
|
for range 3 {
|
||||||
|
mut := clonePlacements(top.Tiles)
|
||||||
|
i := rng.Intn(len(mut))
|
||||||
|
mut[i].Letter = byte((int(mut[i].Letter) + 1 + rng.Intn(size-1)) % size)
|
||||||
|
record(mut)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Random scatters: exercise geometry, dictionary and connectivity paths.
|
||||||
|
for range 3 {
|
||||||
|
record(randomScatter(b, size, 2+rng.Intn(4), rng))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Single tiles abutting the board exercise the direction inference — a single
|
||||||
|
// tile is ambiguous, its orientation resolved from which axis it extends.
|
||||||
|
for range 3 {
|
||||||
|
if t, ok := randomAdjacentSingle(b, size, rng); ok {
|
||||||
|
record([]scrabble.Placement{t})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// On the empty board, an off-centre translation of the first move exercises the
|
||||||
|
// first-move centre rule.
|
||||||
|
if b.IsEmpty() {
|
||||||
|
shifted := clonePlacements(top.Tiles)
|
||||||
|
ok := true
|
||||||
|
for i := range shifted {
|
||||||
|
shifted[i].Row++
|
||||||
|
shifted[i].Col++
|
||||||
|
if !b.InBounds(shifted[i].Row, shifted[i].Col) {
|
||||||
|
ok = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
record(shifted)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// makeFixture validates a candidate against board b and serializes it with its
|
||||||
|
// ground truth. Word breakdown is recorded only for legal plays (the TS test
|
||||||
|
// checks words only then); an illegal play records legal=false alone.
|
||||||
|
func makeFixture(solver *scrabble.Solver, opts scrabble.PlayOptions, b *board.Board, boardIdx int, tiles []scrabble.Placement) fixture {
|
||||||
|
// Infer the orientation exactly as the backend evaluate does (dir-less), so the
|
||||||
|
// fixture matches the real eval path and pins the client's ported inference.
|
||||||
|
dir := playDirectionMirror(solver, b, tiles, opts)
|
||||||
|
fx := fixture{
|
||||||
|
Board: boardIdx,
|
||||||
|
Dir: int(dir),
|
||||||
|
IgnoreCrossWords: opts.IgnoreCrossWords,
|
||||||
|
Tiles: placementCells(tiles),
|
||||||
|
}
|
||||||
|
m, err := solver.ValidatePlayOpts(b, dir, tiles, opts)
|
||||||
|
if err == nil {
|
||||||
|
fx.Legal = true
|
||||||
|
fx.Score = m.Score
|
||||||
|
fx.Bonus = m.Bonus
|
||||||
|
fx.Main = toWord(m.Main)
|
||||||
|
for _, cw := range m.Cross {
|
||||||
|
fx.Cross = append(fx.Cross, *toWord(cw))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fx
|
||||||
|
}
|
||||||
|
|
||||||
|
func placementCells(ts []scrabble.Placement) []cell {
|
||||||
|
cs := make([]cell, len(ts))
|
||||||
|
for i, t := range ts {
|
||||||
|
cs[i] = cell{R: t.Row, C: t.Col, Letter: int(t.Letter), Blank: t.Blank}
|
||||||
|
}
|
||||||
|
return cs
|
||||||
|
}
|
||||||
|
|
||||||
|
func toWord(w scrabble.Word) *word {
|
||||||
|
letters := make([]int, len(w.Letters))
|
||||||
|
for i, l := range w.Letters {
|
||||||
|
letters[i] = int(l)
|
||||||
|
}
|
||||||
|
return &word{
|
||||||
|
Row: w.Row, Col: w.Col, Dir: int(w.Dir),
|
||||||
|
Letters: letters, Blanks: append([]bool(nil), w.Blanks...), Score: w.Score,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func alphabetOf(rs *rules.Ruleset) []alphaEntry {
|
||||||
|
n := rs.Alphabet.Size()
|
||||||
|
out := make([]alphaEntry, n)
|
||||||
|
for i := range n {
|
||||||
|
ch, _ := rs.Alphabet.Character(byte(i))
|
||||||
|
out[i] = alphaEntry{Index: i, Letter: ch, Value: rs.Values[i]}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
func premiumCodes(rs *rules.Ruleset) []int {
|
||||||
|
codes := make([]int, rs.Rows*rs.Cols)
|
||||||
|
for i := range codes {
|
||||||
|
codes[i] = int(rs.PremiumAt(i))
|
||||||
|
}
|
||||||
|
return codes
|
||||||
|
}
|
||||||
|
|
||||||
|
func boardCells(b *board.Board) []cell {
|
||||||
|
var cs []cell
|
||||||
|
for r := 0; r < b.Rows(); r++ {
|
||||||
|
for c := 0; c < b.Cols(); c++ {
|
||||||
|
if b.Filled(r, c) {
|
||||||
|
v := b.At(r, c)
|
||||||
|
cs = append(cs, cell{R: r, C: c, Letter: int(v&0x3f) - 1, Blank: v&0x80 != 0})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return cs
|
||||||
|
}
|
||||||
|
|
||||||
|
func clonePlacements(ts []scrabble.Placement) []scrabble.Placement {
|
||||||
|
return append([]scrabble.Placement(nil), ts...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// randomScatter picks n distinct empty in-bounds squares with random letters.
|
||||||
|
func randomScatter(b *board.Board, size, n int, rng *rand.Rand) []scrabble.Placement {
|
||||||
|
seen := map[[2]int]bool{}
|
||||||
|
var ts []scrabble.Placement
|
||||||
|
for tries := 0; tries < n*20 && len(ts) < n; tries++ {
|
||||||
|
r := rng.Intn(b.Rows())
|
||||||
|
c := rng.Intn(b.Cols())
|
||||||
|
if seen[[2]int{r, c}] || b.Filled(r, c) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
seen[[2]int{r, c}] = true
|
||||||
|
ts = append(ts, scrabble.Placement{Row: r, Col: c, Letter: byte(rng.Intn(size)), Blank: rng.Intn(10) == 0})
|
||||||
|
}
|
||||||
|
return ts
|
||||||
|
}
|
||||||
|
|
||||||
|
// randomAdjacentSingle picks a random empty in-bounds square abutting at least one
|
||||||
|
// filled square, with a random letter — a single-tile play whose orientation the
|
||||||
|
// inference must resolve. It returns ok=false on an empty board.
|
||||||
|
func randomAdjacentSingle(b *board.Board, size int, rng *rand.Rand) (scrabble.Placement, bool) {
|
||||||
|
var cands [][2]int
|
||||||
|
for r := 0; r < b.Rows(); r++ {
|
||||||
|
for c := 0; c < b.Cols(); c++ {
|
||||||
|
if b.Filled(r, c) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if b.Filled(r-1, c) || b.Filled(r+1, c) || b.Filled(r, c-1) || b.Filled(r, c+1) {
|
||||||
|
cands = append(cands, [2]int{r, c})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(cands) == 0 {
|
||||||
|
return scrabble.Placement{}, false
|
||||||
|
}
|
||||||
|
rc := cands[rng.Intn(len(cands))]
|
||||||
|
return scrabble.Placement{Row: rc[0], Col: rc[1], Letter: byte(rng.Intn(size)), Blank: rng.Intn(10) == 0}, true
|
||||||
|
}
|
||||||
|
|
||||||
|
// playDirectionMirror mirrors engine (*Game).playDirection: the geometric
|
||||||
|
// resolution, except a single tile under the single-word rule tries both
|
||||||
|
// orientations through the solver and keeps the higher-scoring legal one (H wins
|
||||||
|
// ties). It reproduces the orientation the backend evaluate infers.
|
||||||
|
func playDirectionMirror(solver *scrabble.Solver, b *board.Board, placements []scrabble.Placement, opts scrabble.PlayOptions) scrabble.Direction {
|
||||||
|
geo := resolveDirectionMirror(b, placements)
|
||||||
|
if len(placements) != 1 || !opts.IgnoreCrossWords {
|
||||||
|
return geo
|
||||||
|
}
|
||||||
|
best, found, bestScore := geo, false, 0
|
||||||
|
for _, dir := range [...]scrabble.Direction{scrabble.Horizontal, scrabble.Vertical} {
|
||||||
|
m, err := solver.ValidatePlayOpts(b, dir, placements, opts)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if !found || m.Score > bestScore {
|
||||||
|
best, found, bestScore = dir, true, m.Score
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return best
|
||||||
|
}
|
||||||
|
|
||||||
|
// resolveDirectionMirror mirrors engine.resolveDirection.
|
||||||
|
func resolveDirectionMirror(b *board.Board, placements []scrabble.Placement) scrabble.Direction {
|
||||||
|
if len(placements) >= 2 {
|
||||||
|
row := placements[0].Row
|
||||||
|
for _, p := range placements[1:] {
|
||||||
|
if p.Row != row {
|
||||||
|
return scrabble.Vertical
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return scrabble.Horizontal
|
||||||
|
}
|
||||||
|
if len(placements) == 1 {
|
||||||
|
p := placements[0]
|
||||||
|
h := runLengthMirror(b, p.Row, p.Col, scrabble.Horizontal)
|
||||||
|
v := runLengthMirror(b, p.Row, p.Col, scrabble.Vertical)
|
||||||
|
if v >= 2 && v > h {
|
||||||
|
return scrabble.Vertical
|
||||||
|
}
|
||||||
|
if h >= 2 {
|
||||||
|
return scrabble.Horizontal
|
||||||
|
}
|
||||||
|
if v >= 2 {
|
||||||
|
return scrabble.Vertical
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return scrabble.Horizontal
|
||||||
|
}
|
||||||
|
|
||||||
|
// runLengthMirror mirrors engine.runLength.
|
||||||
|
func runLengthMirror(b *board.Board, row, col int, dir scrabble.Direction) int {
|
||||||
|
dr, dc := 0, 1
|
||||||
|
if dir == scrabble.Vertical {
|
||||||
|
dr, dc = 1, 0
|
||||||
|
}
|
||||||
|
n := 1
|
||||||
|
for r, c := row-dr, col-dc; b.Filled(r, c); r, c = r-dr, c-dc {
|
||||||
|
n++
|
||||||
|
}
|
||||||
|
for r, c := row+dr, col+dc; b.Filled(r, c); r, c = r+dr, c+dc {
|
||||||
|
n++
|
||||||
|
}
|
||||||
|
return n
|
||||||
|
}
|
||||||
|
|
||||||
|
// rackOf builds a generation rack from a hand of tiles (reimplemented from the
|
||||||
|
// unexported selfplay helper).
|
||||||
|
func rackOf(tiles []byte, size int) rack.Rack {
|
||||||
|
r := rack.New(size)
|
||||||
|
for _, t := range tiles {
|
||||||
|
if t == blankTile {
|
||||||
|
r.AddBlank()
|
||||||
|
} else {
|
||||||
|
r.Add(t)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return r
|
||||||
|
}
|
||||||
|
|
||||||
|
// removeUsed returns the hand with the tiles consumed by m removed.
|
||||||
|
func removeUsed(tiles []byte, m scrabble.Move) []byte {
|
||||||
|
out := append([]byte(nil), tiles...)
|
||||||
|
for _, p := range m.Tiles {
|
||||||
|
want := p.Letter
|
||||||
|
if p.Blank {
|
||||||
|
want = blankTile
|
||||||
|
}
|
||||||
|
for i, t := range out {
|
||||||
|
if t == want {
|
||||||
|
out = append(out[:i], out[i+1:]...)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
func boolseed(b bool) int64 {
|
||||||
|
if b {
|
||||||
|
return 500000
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
func variantSeed(name string) int64 {
|
||||||
|
var s int64
|
||||||
|
for _, r := range name {
|
||||||
|
s = s*131 + int64(r)
|
||||||
|
}
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
func fail(format string, args ...any) {
|
||||||
|
fmt.Fprintf(os.Stderr, "validategen: "+format+"\n", args...)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
+2
-1
@@ -13,6 +13,7 @@ require (
|
|||||||
github.com/pressly/goose/v3 v3.27.1
|
github.com/pressly/goose/v3 v3.27.1
|
||||||
github.com/testcontainers/testcontainers-go v0.42.0
|
github.com/testcontainers/testcontainers-go v0.42.0
|
||||||
github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
|
github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
|
||||||
|
github.com/wneessen/go-mail v0.7.3
|
||||||
go.opentelemetry.io/otel v1.43.0
|
go.opentelemetry.io/otel v1.43.0
|
||||||
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0
|
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0
|
||||||
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
|
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
|
||||||
@@ -109,7 +110,7 @@ require (
|
|||||||
golang.org/x/net v0.53.0 // indirect
|
golang.org/x/net v0.53.0 // indirect
|
||||||
golang.org/x/sync v0.20.0 // indirect
|
golang.org/x/sync v0.20.0 // indirect
|
||||||
golang.org/x/sys v0.43.0 // indirect
|
golang.org/x/sys v0.43.0 // indirect
|
||||||
golang.org/x/text v0.36.0 // indirect
|
golang.org/x/text v0.37.0 // indirect
|
||||||
google.golang.org/grpc v1.80.0
|
google.golang.org/grpc v1.80.0
|
||||||
google.golang.org/protobuf v1.36.11 // indirect
|
google.golang.org/protobuf v1.36.11 // indirect
|
||||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||||
|
|||||||
@@ -279,6 +279,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
|
|||||||
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
|
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
|
||||||
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
|
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
|
||||||
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
|
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
|
||||||
|
github.com/wneessen/go-mail v0.7.3 h1:g3DravXC5SMlVdboFrQA8Jx95A8sOzoBeS5F+vzNRK0=
|
||||||
|
github.com/wneessen/go-mail v0.7.3/go.mod h1:QGhBX0yNbc1J+Mkjcu7z2rpj4B4l+BmDY8gYznPC9sk=
|
||||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||||
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
|
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
|
||||||
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
|
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
|
||||||
@@ -400,6 +402,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
|||||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||||
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
|
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
|
||||||
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
|
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
|
||||||
|
golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
|
||||||
|
golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
|
||||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||||
|
|||||||
@@ -22,12 +22,13 @@ import (
|
|||||||
"scrabble/backend/internal/postgres/jet/backend/table"
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Identity kinds recognised by the backend. Email is modelled as an identity
|
// Identity kinds recognised by the backend. Telegram and VK are platform identities,
|
||||||
// alongside platform identities; its confirmed flag is driven by the email
|
// auto-confirmed on first contact. Email is modelled as an identity alongside them; its
|
||||||
// confirm-code flow. Robot is a synthetic kind: each pooled
|
// confirmed flag is driven by the email confirm-code flow. Robot is a synthetic kind:
|
||||||
// robot opponent is a durable account bound to one robot identity.
|
// each pooled robot opponent is a durable account bound to one robot identity.
|
||||||
const (
|
const (
|
||||||
KindTelegram = "telegram"
|
KindTelegram = "telegram"
|
||||||
|
KindVK = "vk"
|
||||||
KindEmail = "email"
|
KindEmail = "email"
|
||||||
KindRobot = "robot"
|
KindRobot = "robot"
|
||||||
)
|
)
|
||||||
@@ -119,6 +120,47 @@ func (s *Store) ProvisionByIdentity(ctx context.Context, kind, externalID string
|
|||||||
return s.provision(ctx, kind, externalID, provisionSeed{})
|
return s.provision(ctx, kind, externalID, provisionSeed{})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ProvisionEmail returns the account owning the email identity externalID, creating
|
||||||
|
// it on first contact with browserTZ — the client's detected "±HH:MM" UTC offset —
|
||||||
|
// seeded into its time zone, language seeded from the client's UI language, and its
|
||||||
|
// display name seeded from the email's local part (so it is not left nameless). Like
|
||||||
|
// ProvisionByIdentity it is race-safe and leaves an existing account untouched, so a
|
||||||
|
// returning user's saved zone, language and name are never overwritten. The email account is
|
||||||
|
// created here (the code-request step), not at the later login, so this is where its
|
||||||
|
// zone and language are seeded. It is created flagged is_guest with an unconfirmed
|
||||||
|
// email identity: an abandoned, never-confirmed login is then reaped like any guest,
|
||||||
|
// freeing the reserved address, and confirming the code clears the guest flag.
|
||||||
|
func (s *Store) ProvisionEmail(ctx context.Context, externalID, browserTZ, language string) (Account, error) {
|
||||||
|
return s.provision(ctx, KindEmail, externalID, provisionSeed{
|
||||||
|
displayName: emailDisplayName(externalID),
|
||||||
|
timeZone: seedZone(browserTZ),
|
||||||
|
preferredLanguage: supportedLanguage(language),
|
||||||
|
isGuest: true,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// emailDisplayName derives a display name from an email address — the local part
|
||||||
|
// before '@', trimmed and capped to the column width — so a new email account is not
|
||||||
|
// left nameless. It is only the first-contact seed; the user can rename it later.
|
||||||
|
func emailDisplayName(email string) string {
|
||||||
|
local, _, _ := strings.Cut(email, "@")
|
||||||
|
local = strings.TrimSpace(local)
|
||||||
|
if r := []rune(local); len(r) > maxDisplayName {
|
||||||
|
local = strings.TrimRight(string(r[:maxDisplayName]), " ")
|
||||||
|
}
|
||||||
|
return local
|
||||||
|
}
|
||||||
|
|
||||||
|
// supportedLanguage returns code normalised to a supported UI language ("en" or
|
||||||
|
// "ru"), or "" when it maps to neither, so a new account keeps the 'en' default. It
|
||||||
|
// accepts region-tagged codes ("ru-RU").
|
||||||
|
func supportedLanguage(code string) string {
|
||||||
|
if lang, _, _ := strings.Cut(strings.ToLower(strings.TrimSpace(code)), "-"); lang == "en" || lang == "ru" {
|
||||||
|
return lang
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
// ProvisionRobot provisions (or finds) the durable account backing a robot pool
|
// ProvisionRobot provisions (or finds) the durable account backing a robot pool
|
||||||
// member: a KindRobot identity carrying displayName, with chat blocked but friend
|
// member: a KindRobot identity carrying displayName, with chat blocked but friend
|
||||||
// requests NOT blocked — a request to a robot is accepted as pending and, since the
|
// requests NOT blocked — a request to a robot is accepted as pending and, since the
|
||||||
@@ -160,7 +202,7 @@ func (s *Store) ProvisionRobot(ctx context.Context, externalID, displayName stri
|
|||||||
// is never overwritten. The created flag lets the auth handler re-evaluate moderated-
|
// is never overwritten. The created flag lets the auth handler re-evaluate moderated-
|
||||||
// chat write access on first registration — the path of a user who joined the chat
|
// chat write access on first registration — the path of a user who joined the chat
|
||||||
// before registering, whom no chat_member event covers.
|
// before registering, whom no chat_member event covers.
|
||||||
func (s *Store) ProvisionTelegram(ctx context.Context, externalID, languageCode, username, firstName string) (Account, bool, error) {
|
func (s *Store) ProvisionTelegram(ctx context.Context, externalID, languageCode, username, firstName, browserTZ string) (Account, bool, error) {
|
||||||
// Pre-check whether the identity already exists so the caller can act on first
|
// Pre-check whether the identity already exists so the caller can act on first
|
||||||
// contact. A race with a concurrent create only over- or under-reports created for
|
// contact. A race with a concurrent create only over- or under-reports created for
|
||||||
// that one call, which the idempotent chat-access re-evaluation tolerates.
|
// that one call, which the idempotent chat-access re-evaluation tolerates.
|
||||||
@@ -169,7 +211,31 @@ func (s *Store) ProvisionTelegram(ctx context.Context, externalID, languageCode,
|
|||||||
if err != nil && !created {
|
if err != nil && !created {
|
||||||
return Account{}, false, err
|
return Account{}, false, err
|
||||||
}
|
}
|
||||||
acc, err := s.provision(ctx, KindTelegram, externalID, telegramSeed(languageCode, username, firstName))
|
seed := telegramSeed(languageCode, username, firstName)
|
||||||
|
seed.timeZone = seedZone(browserTZ)
|
||||||
|
acc, err := s.provision(ctx, KindTelegram, externalID, seed)
|
||||||
|
return acc, created, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProvisionVK provisions (or finds) the account bound to a VK identity, reporting
|
||||||
|
// whether this call created it (first contact). On first contact only, it seeds the new
|
||||||
|
// account's preferred language from the VK languageCode (vk_language, when it maps to a
|
||||||
|
// supported language) and its display name sanitized from displayName — the name read
|
||||||
|
// client-side via VKWebAppGetUserInfo, since VK omits it from the signed launch params —
|
||||||
|
// falling back to a generated placeholder when it yields no letters; an already-existing
|
||||||
|
// account is returned unchanged, so a later profile edit is never overwritten.
|
||||||
|
func (s *Store) ProvisionVK(ctx context.Context, externalID, languageCode, displayName, browserTZ string) (Account, bool, error) {
|
||||||
|
// Pre-check whether the identity already exists so the caller can act on first
|
||||||
|
// contact (mirrors ProvisionTelegram); a create race only mis-reports created for
|
||||||
|
// that one call.
|
||||||
|
_, err := s.findByIdentity(ctx, KindVK, externalID)
|
||||||
|
created := errors.Is(err, ErrNotFound)
|
||||||
|
if err != nil && !created {
|
||||||
|
return Account{}, false, err
|
||||||
|
}
|
||||||
|
seed := vkSeed(languageCode, displayName)
|
||||||
|
seed.timeZone = seedZone(browserTZ)
|
||||||
|
acc, err := s.provision(ctx, KindVK, externalID, seed)
|
||||||
return acc, created, err
|
return acc, created, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -197,12 +263,29 @@ func (s *Store) provision(ctx context.Context, kind, externalID string, seed pro
|
|||||||
}
|
}
|
||||||
|
|
||||||
// provisionSeed carries the optional create-time profile seed for a brand-new
|
// provisionSeed carries the optional create-time profile seed for a brand-new
|
||||||
// account (Telegram first contact). Empty fields fall back to the accounts table
|
// account (first contact). Empty fields fall back to the accounts table defaults,
|
||||||
// defaults, so an unknown language keeps the 'en' default and an empty name keeps
|
// so an unknown language keeps the 'en' default, an empty name keeps the ” default
|
||||||
// the ” default.
|
// and an empty time zone keeps the 'UTC' default.
|
||||||
type provisionSeed struct {
|
type provisionSeed struct {
|
||||||
preferredLanguage string
|
preferredLanguage string
|
||||||
displayName string
|
displayName string
|
||||||
|
timeZone string
|
||||||
|
// isGuest creates the account flagged is_guest. It is set for an email-login
|
||||||
|
// account, which stays a guest until the address is confirmed (so an abandoned,
|
||||||
|
// never-confirmed login is reaped and its address freed); confirming clears the
|
||||||
|
// flag. Platform identities (telegram/vk) are durable from creation.
|
||||||
|
isGuest bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// seedZone returns browserTZ when it is a well-formed zone to persist at account
|
||||||
|
// creation (a "±HH:MM" offset or a loadable IANA name), else "" so the new account
|
||||||
|
// falls back to the accounts table's 'UTC' default. The client reports the device's
|
||||||
|
// detected offset deterministically; a bad value is dropped rather than guessed at.
|
||||||
|
func seedZone(browserTZ string) string {
|
||||||
|
if validZone(browserTZ) {
|
||||||
|
return browserTZ
|
||||||
|
}
|
||||||
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// telegramSeed derives the create-time seed from Telegram launch fields: a
|
// telegramSeed derives the create-time seed from Telegram launch fields: a
|
||||||
@@ -234,6 +317,24 @@ func telegramSeed(languageCode, username, firstName string) provisionSeed {
|
|||||||
return seed
|
return seed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// vkSeed derives the create-time seed from VK launch fields: a supported preferred
|
||||||
|
// language from languageCode (vk_language, normally a 2-letter code) and a display name
|
||||||
|
// from displayName (sanitized to the editable format), falling back to a generated
|
||||||
|
// placeholder in the seeded language when the name yields no usable letters. Unlike
|
||||||
|
// telegramSeed there is no @username fallback — VK provides only the name.
|
||||||
|
func vkSeed(languageCode, displayName string) provisionSeed {
|
||||||
|
var seed provisionSeed
|
||||||
|
if lang, _, _ := strings.Cut(strings.ToLower(strings.TrimSpace(languageCode)), "-"); lang == "en" || lang == "ru" {
|
||||||
|
seed.preferredLanguage = lang
|
||||||
|
}
|
||||||
|
name := sanitizeDisplayName(displayName)
|
||||||
|
if name == "" {
|
||||||
|
name = placeholderDisplayName(seed.preferredLanguage)
|
||||||
|
}
|
||||||
|
seed.displayName = name
|
||||||
|
return seed
|
||||||
|
}
|
||||||
|
|
||||||
// GetByID loads the account identified by id, or ErrNotFound when it is absent.
|
// GetByID loads the account identified by id, or ErrNotFound when it is absent.
|
||||||
func (s *Store) GetByID(ctx context.Context, id uuid.UUID) (Account, error) {
|
func (s *Store) GetByID(ctx context.Context, id uuid.UUID) (Account, error) {
|
||||||
stmt := postgres.SELECT(table.Accounts.AllColumns).
|
stmt := postgres.SELECT(table.Accounts.AllColumns).
|
||||||
@@ -368,16 +469,22 @@ func (s *Store) create(ctx context.Context, kind, externalID string, seed provis
|
|||||||
|
|
||||||
var created Account
|
var created Account
|
||||||
err = withTx(ctx, s.db, func(tx *sql.Tx) error {
|
err = withTx(ctx, s.db, func(tx *sql.Tx) error {
|
||||||
// Seed the new row's display name and language (Telegram first contact); an
|
// Seed the new row's display name, language and time zone (first contact); an
|
||||||
// empty seed reproduces the table defaults ('' and 'en') the other callers
|
// empty seed reproduces the table defaults ('', 'en' and 'UTC') the other callers
|
||||||
// relied on, so their behaviour is unchanged.
|
// relied on, so their behaviour is unchanged. time_zone is written explicitly (the
|
||||||
|
// detected offset, or 'UTC' equal to the column default) so a seeded zone lands at
|
||||||
|
// creation while an unseeded one stays UTC.
|
||||||
lang := seed.preferredLanguage
|
lang := seed.preferredLanguage
|
||||||
if lang == "" {
|
if lang == "" {
|
||||||
lang = "en"
|
lang = "en"
|
||||||
}
|
}
|
||||||
|
tz := seed.timeZone
|
||||||
|
if tz == "" {
|
||||||
|
tz = "UTC"
|
||||||
|
}
|
||||||
insertAccount := table.Accounts.
|
insertAccount := table.Accounts.
|
||||||
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.PreferredLanguage).
|
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.PreferredLanguage, table.Accounts.TimeZone, table.Accounts.IsGuest).
|
||||||
VALUES(accountID, seed.displayName, lang).
|
VALUES(accountID, seed.displayName, lang, tz, seed.isGuest).
|
||||||
RETURNING(table.Accounts.AllColumns)
|
RETURNING(table.Accounts.AllColumns)
|
||||||
|
|
||||||
var row model.Accounts
|
var row model.Accounts
|
||||||
@@ -391,7 +498,7 @@ func (s *Store) create(ctx context.Context, kind, externalID string, seed provis
|
|||||||
table.Identities.Kind,
|
table.Identities.Kind,
|
||||||
table.Identities.ExternalID,
|
table.Identities.ExternalID,
|
||||||
table.Identities.Confirmed,
|
table.Identities.Confirmed,
|
||||||
).VALUES(identityID, accountID, kind, externalID, kind == KindTelegram)
|
).VALUES(identityID, accountID, kind, externalID, kind == KindTelegram || kind == KindVK)
|
||||||
if _, err := insertIdentity.ExecContext(ctx, tx); err != nil {
|
if _, err := insertIdentity.ExecContext(ctx, tx); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -416,15 +523,21 @@ const guestDisplayName = "Guest"
|
|||||||
// ProvisionGuest creates a fresh ephemeral guest account: a durable row carrying
|
// ProvisionGuest creates a fresh ephemeral guest account: a durable row carrying
|
||||||
// no identity, flagged is_guest, so it can hold a session and a game seat (both
|
// no identity, flagged is_guest, so it can hold a session and a game seat (both
|
||||||
// foreign-key the accounts table) while being excluded from statistics, friends
|
// foreign-key the accounts table) while being excluded from statistics, friends
|
||||||
// and history. Guests are not reused — each bootstrap mints a new account.
|
// and history. Guests are not reused — each bootstrap mints a new account. browserTZ
|
||||||
func (s *Store) ProvisionGuest(ctx context.Context) (Account, error) {
|
// (the client's detected "±HH:MM" UTC offset) seeds the guest's time zone, falling
|
||||||
|
// back to the 'UTC' default when empty or malformed.
|
||||||
|
func (s *Store) ProvisionGuest(ctx context.Context, browserTZ string) (Account, error) {
|
||||||
accountID, err := uuid.NewV7()
|
accountID, err := uuid.NewV7()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return Account{}, fmt.Errorf("account: new guest id: %w", err)
|
return Account{}, fmt.Errorf("account: new guest id: %w", err)
|
||||||
}
|
}
|
||||||
|
tz := seedZone(browserTZ)
|
||||||
|
if tz == "" {
|
||||||
|
tz = "UTC"
|
||||||
|
}
|
||||||
stmt := table.Accounts.
|
stmt := table.Accounts.
|
||||||
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.IsGuest).
|
INSERT(table.Accounts.AccountID, table.Accounts.DisplayName, table.Accounts.IsGuest, table.Accounts.TimeZone).
|
||||||
VALUES(accountID, guestDisplayName, true).
|
VALUES(accountID, guestDisplayName, true, tz).
|
||||||
RETURNING(table.Accounts.AllColumns)
|
RETURNING(table.Accounts.AllColumns)
|
||||||
|
|
||||||
var row model.Accounts
|
var row model.Accounts
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
crand "crypto/rand"
|
crand "crypto/rand"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"encoding/base64"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
@@ -26,6 +27,22 @@ const (
|
|||||||
emailCodeTTL = 15 * time.Minute
|
emailCodeTTL = 15 * time.Minute
|
||||||
// emailCodeMaxAttempts caps wrong-code submissions before a code is dead.
|
// emailCodeMaxAttempts caps wrong-code submissions before a code is dead.
|
||||||
emailCodeMaxAttempts = 5
|
emailCodeMaxAttempts = 5
|
||||||
|
// linkTokenBytes is the entropy of a confirm deeplink token: 256 bits.
|
||||||
|
linkTokenBytes = 32
|
||||||
|
// emailConfirmPath is the SPA route the one-tap confirm deeplink opens (the token
|
||||||
|
// is appended). The SPA is served under /app/ behind a hash router.
|
||||||
|
emailConfirmPath = "/app/#/confirm/"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Confirmation purposes recorded on a pending confirm-code row. They select what
|
||||||
|
// verifying the code or the deeplink token does: sign in (login), link/confirm the
|
||||||
|
// address on the current account (link), or replace the account's confirmed email with
|
||||||
|
// a new address (change). Account deletion adds a further purpose in a later stage.
|
||||||
|
const (
|
||||||
|
purposeLogin = "login"
|
||||||
|
purposeLink = "link"
|
||||||
|
purposeChange = "change"
|
||||||
|
purposeDelete = "delete"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Errors returned by the email confirm-code flow.
|
// Errors returned by the email confirm-code flow.
|
||||||
@@ -46,6 +63,12 @@ var (
|
|||||||
ErrTooManyAttempts = errors.New("account: too many confirmation attempts")
|
ErrTooManyAttempts = errors.New("account: too many confirmation attempts")
|
||||||
// ErrCodeMismatch is returned when the submitted code does not match.
|
// ErrCodeMismatch is returned when the submitted code does not match.
|
||||||
ErrCodeMismatch = errors.New("account: confirmation code does not match")
|
ErrCodeMismatch = errors.New("account: confirmation code does not match")
|
||||||
|
// ErrTooManyRequests is returned when confirm-code sends to an address are being
|
||||||
|
// requested too frequently (the resend cooldown or the rolling-hour cap).
|
||||||
|
ErrTooManyRequests = errors.New("account: too many code requests")
|
||||||
|
// ErrNoEmail is returned when an email-code step-up is requested for an account that
|
||||||
|
// holds no confirmed email (the caller must use the typed-phrase path instead).
|
||||||
|
ErrNoEmail = errors.New("account: no confirmed email")
|
||||||
)
|
)
|
||||||
|
|
||||||
// EmailService runs the email confirm-code flow: it issues a 6-digit code over a
|
// EmailService runs the email confirm-code flow: it issues a 6-digit code over a
|
||||||
@@ -57,12 +80,78 @@ var (
|
|||||||
type EmailService struct {
|
type EmailService struct {
|
||||||
store *Store
|
store *Store
|
||||||
mailer Mailer
|
mailer Mailer
|
||||||
|
baseURL string
|
||||||
|
limiter *SendLimiter
|
||||||
now func() time.Time
|
now func() time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewEmailService constructs an EmailService over store, sending via mailer.
|
// NewEmailService constructs an EmailService over store, sending via mailer. baseURL
|
||||||
func NewEmailService(store *Store, mailer Mailer) *EmailService {
|
// is the canonical public origin (scheme + host) used to build the one-tap confirm
|
||||||
return &EmailService{store: store, mailer: mailer, now: func() time.Time { return time.Now().UTC() }}
|
// deeplink and the email footer landing link; an empty baseURL omits the deeplink
|
||||||
|
// (development / log mailer).
|
||||||
|
func NewEmailService(store *Store, mailer Mailer, baseURL string) *EmailService {
|
||||||
|
return &EmailService{store: store, mailer: mailer, baseURL: baseURL, now: func() time.Time { return time.Now().UTC() }}
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetSendLimiter installs a per-recipient send throttle. When unset (nil), sends are
|
||||||
|
// not throttled — production wires a limiter; tests leave it off.
|
||||||
|
func (s *EmailService) SetSendLimiter(l *SendLimiter) { s.limiter = l }
|
||||||
|
|
||||||
|
// allowSend reports whether a confirm-code send to email is permitted now, recording
|
||||||
|
// it when so. A nil limiter permits every send.
|
||||||
|
func (s *EmailService) allowSend(email string) bool {
|
||||||
|
return s.limiter == nil || s.limiter.Allow(email)
|
||||||
|
}
|
||||||
|
|
||||||
|
// issueCode generates a fresh confirm-code and one-tap deeplink token for (accountID,
|
||||||
|
// email), replaces any prior pending confirmation, and mails the branded code in
|
||||||
|
// locale; purpose selects the email wording and what verifying does. Only the SHA-256
|
||||||
|
// hashes of the code and token are stored.
|
||||||
|
func (s *EmailService) issueCode(ctx context.Context, accountID uuid.UUID, email, purpose, locale string) error {
|
||||||
|
code, codeHash, err := generateCode()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
token, tokenHash, err := generateLinkToken()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := s.store.replacePendingConfirmation(ctx, accountID, email, codeHash, tokenHash, purpose, s.now().Add(emailCodeTTL)); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// Account deletion is never a one-tap link (a prefetch or a stray click must not delete
|
||||||
|
// an account): the delete code is entered in the app only, so the email omits the
|
||||||
|
// deeplink and ConfirmByToken refuses a delete token.
|
||||||
|
deeplink := s.confirmURL(token, locale)
|
||||||
|
if purpose == purposeDelete {
|
||||||
|
deeplink = ""
|
||||||
|
}
|
||||||
|
msg, err := renderConfirmationEmail(purpose, code, deeplink, s.baseURL, locale)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
msg.To = email
|
||||||
|
return s.mailer.Send(ctx, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmURL builds the absolute one-tap confirm deeplink for token in locale, or ""
|
||||||
|
// when no public base URL is configured. The locale rides the fragment as ?lang so the
|
||||||
|
// confirm screen (opened in a browser with no session) renders in the email's language.
|
||||||
|
func (s *EmailService) confirmURL(token, locale string) string {
|
||||||
|
if s.baseURL == "" {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return strings.TrimRight(s.baseURL, "/") + emailConfirmPath + token + "?lang=" + normalizeLocale(locale)
|
||||||
|
}
|
||||||
|
|
||||||
|
// accountLocale returns the account's preferred UI language for localising email,
|
||||||
|
// defaulting to "en" when the account cannot be loaded.
|
||||||
|
func (s *EmailService) accountLocale(ctx context.Context, accountID uuid.UUID) string {
|
||||||
|
acc, err := s.store.GetByID(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return "en"
|
||||||
|
}
|
||||||
|
return acc.PreferredLanguage
|
||||||
}
|
}
|
||||||
|
|
||||||
// RequestCode issues a fresh confirm-code for email to accountID and mails it,
|
// RequestCode issues a fresh confirm-code for email to accountID and mails it,
|
||||||
@@ -73,6 +162,9 @@ func (s *EmailService) RequestCode(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if !s.allowSend(addr) {
|
||||||
|
return ErrTooManyRequests
|
||||||
|
}
|
||||||
owner, ok, err := s.store.confirmedEmailAccount(ctx, addr)
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, addr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -83,16 +175,7 @@ func (s *EmailService) RequestCode(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
}
|
}
|
||||||
return ErrEmailTaken
|
return ErrEmailTaken
|
||||||
}
|
}
|
||||||
code, hash, err := generateCode()
|
return s.issueCode(ctx, accountID, addr, purposeLink, s.accountLocale(ctx, accountID))
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.store.replacePendingConfirmation(ctx, accountID, addr, hash, s.now().Add(emailCodeTTL)); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
subject := "Your Scrabble confirmation code"
|
|
||||||
body := fmt.Sprintf("Your confirmation code is %s. It expires in %d minutes.", code, int(emailCodeTTL/time.Minute))
|
|
||||||
return s.mailer.Send(ctx, addr, subject, body)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfirmCode verifies code for accountID and email. On success it attaches a
|
// ConfirmCode verifies code for accountID and email. On success it attaches a
|
||||||
@@ -123,34 +206,35 @@ func (s *EmailService) ConfirmCode(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
if err := s.store.confirmEmailIdentity(ctx, conf.id, accountID, addr, s.now()); err != nil {
|
if err := s.store.confirmEmailIdentity(ctx, conf.id, accountID, addr, s.now()); err != nil {
|
||||||
return Account{}, err
|
return Account{}, err
|
||||||
}
|
}
|
||||||
|
// Binding the first confirmed email promotes a guest to a durable account, matching the
|
||||||
|
// link and deeplink flows (defence-in-depth: no confirmed-email path leaves is_guest set).
|
||||||
|
if err := s.store.ClearGuest(ctx, accountID); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
return s.store.GetByID(ctx, accountID)
|
return s.store.GetByID(ctx, accountID)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RequestLoginCode issues a login confirm-code to the account that owns email,
|
// RequestLoginCode issues a login confirm-code to the account that owns email,
|
||||||
// provisioning a fresh (unconfirmed) durable account when the email is new. It is
|
// provisioning a fresh (unconfirmed) guest account when the email is new — it becomes
|
||||||
// the unauthenticated email-login entry point and, unlike RequestCode,
|
// durable once the code is confirmed. It is the unauthenticated email-login entry
|
||||||
// does not refuse an already-confirmed email — that is the ordinary returning-user
|
// point and, unlike RequestCode, does not refuse an already-confirmed email — that is
|
||||||
// login. The code is mailed to the address, so only its real owner can complete
|
// the ordinary returning-user login. The code is mailed to the address, so only its
|
||||||
// the login. It returns the target account id for the subsequent LoginWithCode.
|
// real owner can complete the login. On first contact browserTZ (the client's
|
||||||
func (s *EmailService) RequestLoginCode(ctx context.Context, email string) (uuid.UUID, error) {
|
// detected "±HH:MM" UTC offset) seeds the new account's time zone and language its UI
|
||||||
|
// language. It returns the target account id for the subsequent LoginWithCode.
|
||||||
|
func (s *EmailService) RequestLoginCode(ctx context.Context, email, browserTZ, language string) (uuid.UUID, error) {
|
||||||
addr, err := normalizeEmail(email)
|
addr, err := normalizeEmail(email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return uuid.UUID{}, err
|
return uuid.UUID{}, err
|
||||||
}
|
}
|
||||||
acc, err := s.store.ProvisionByIdentity(ctx, KindEmail, addr)
|
if !s.allowSend(addr) {
|
||||||
|
return uuid.UUID{}, ErrTooManyRequests
|
||||||
|
}
|
||||||
|
acc, err := s.store.ProvisionEmail(ctx, addr, browserTZ, language)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return uuid.UUID{}, err
|
return uuid.UUID{}, err
|
||||||
}
|
}
|
||||||
code, hash, err := generateCode()
|
if err := s.issueCode(ctx, acc.ID, addr, purposeLogin, language); err != nil {
|
||||||
if err != nil {
|
|
||||||
return uuid.UUID{}, err
|
|
||||||
}
|
|
||||||
if err := s.store.replacePendingConfirmation(ctx, acc.ID, addr, hash, s.now().Add(emailCodeTTL)); err != nil {
|
|
||||||
return uuid.UUID{}, err
|
|
||||||
}
|
|
||||||
subject := "Your Scrabble login code"
|
|
||||||
body := fmt.Sprintf("Your login code is %s. It expires in %d minutes.", code, int(emailCodeTTL/time.Minute))
|
|
||||||
if err := s.mailer.Send(ctx, addr, subject, body); err != nil {
|
|
||||||
return uuid.UUID{}, err
|
return uuid.UUID{}, err
|
||||||
}
|
}
|
||||||
return acc.ID, nil
|
return acc.ID, nil
|
||||||
@@ -189,9 +273,104 @@ func (s *EmailService) LoginWithCode(ctx context.Context, email, code string) (A
|
|||||||
if err := s.store.confirmEmailLogin(ctx, conf.id, acc.ID, addr, s.now()); err != nil {
|
if err := s.store.confirmEmailLogin(ctx, conf.id, acc.ID, addr, s.now()); err != nil {
|
||||||
return Account{}, err
|
return Account{}, err
|
||||||
}
|
}
|
||||||
|
if err := s.store.ClearGuest(ctx, acc.ID); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
return s.store.GetByID(ctx, acc.ID)
|
return s.store.GetByID(ctx, acc.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LinkConfirmation is the outcome of confirming a one-tap deeplink token: what the
|
||||||
|
// transport layer must finish. Purpose is the pending row's purpose. For a login,
|
||||||
|
// Account is the account to sign in. For a link, Account is the account the email was
|
||||||
|
// (or would be) attached to; NeedsMerge is set when another account (MergeOwner)
|
||||||
|
// already owns the address, so the caller drives the interactive merge instead of a
|
||||||
|
// plain link — the token is left unconsumed for that merge step.
|
||||||
|
type LinkConfirmation struct {
|
||||||
|
Purpose string
|
||||||
|
Account uuid.UUID
|
||||||
|
NeedsMerge bool
|
||||||
|
MergeOwner uuid.UUID
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsLogin reports whether the confirmation is a login (the caller mints a session)
|
||||||
|
// rather than a link (attach the identity, or drive a merge).
|
||||||
|
func (r LinkConfirmation) IsLogin() bool { return r.Purpose == purposeLogin }
|
||||||
|
|
||||||
|
// ConfirmByToken verifies a one-tap deeplink token and performs its purpose. A login
|
||||||
|
// confirms the email identity, clears the guest flag and returns the account to sign
|
||||||
|
// in. A link attaches the confirmed email to the pending account when the address is
|
||||||
|
// free, or reports NeedsMerge when another account already owns it (leaving the token
|
||||||
|
// live so the caller's merge step can re-verify). It returns ErrNoPendingCode when the
|
||||||
|
// token matches no live confirmation and ErrCodeExpired when it has lapsed. The token
|
||||||
|
// is high-entropy, so there is no wrong-attempt counter.
|
||||||
|
func (s *EmailService) ConfirmByToken(ctx context.Context, token string) (LinkConfirmation, error) {
|
||||||
|
pend, err := s.store.pendingByTokenHash(ctx, hashCode(token))
|
||||||
|
if err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if s.now().After(pend.expiresAt) {
|
||||||
|
return LinkConfirmation{}, ErrCodeExpired
|
||||||
|
}
|
||||||
|
switch pend.purpose {
|
||||||
|
case purposeLogin:
|
||||||
|
if err := s.store.confirmEmailLogin(ctx, pend.id, pend.accountID, pend.email, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if err := s.store.ClearGuest(ctx, pend.accountID); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLogin, Account: pend.accountID}, nil
|
||||||
|
case purposeLink:
|
||||||
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, pend.email)
|
||||||
|
if err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
if owner == pend.accountID {
|
||||||
|
if err := s.store.consumeConfirmation(ctx, pend.id, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLink, Account: pend.accountID}, nil
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLink, Account: pend.accountID, NeedsMerge: true, MergeOwner: owner}, nil
|
||||||
|
}
|
||||||
|
if err := s.store.confirmEmailIdentity(ctx, pend.id, pend.accountID, pend.email, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
// Binding the first email promotes a guest to a durable account, matching the
|
||||||
|
// code-based link flow (which clears the guest flag in the link service).
|
||||||
|
if err := s.store.ClearGuest(ctx, pend.accountID); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeLink, Account: pend.accountID}, nil
|
||||||
|
case purposeChange:
|
||||||
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, pend.email)
|
||||||
|
if err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
if ok && owner != pend.accountID {
|
||||||
|
// The new address is confirmed by a different account: refuse without
|
||||||
|
// disclosing it (anti-enumeration). Unlike a link, a change never merges.
|
||||||
|
return LinkConfirmation{}, ErrEmailTaken
|
||||||
|
}
|
||||||
|
if ok && owner == pend.accountID {
|
||||||
|
if err := s.store.consumeConfirmation(ctx, pend.id, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeChange, Account: pend.accountID}, nil
|
||||||
|
}
|
||||||
|
if err := s.store.replaceEmailIdentity(ctx, pend.id, pend.accountID, pend.email, s.now()); err != nil {
|
||||||
|
return LinkConfirmation{}, err
|
||||||
|
}
|
||||||
|
return LinkConfirmation{Purpose: purposeChange, Account: pend.accountID}, nil
|
||||||
|
case purposeDelete:
|
||||||
|
// Deletion is confirmed in the app with the code, never via a one-tap link.
|
||||||
|
return LinkConfirmation{}, fmt.Errorf("account: deletion cannot be confirmed by link")
|
||||||
|
default:
|
||||||
|
return LinkConfirmation{}, fmt.Errorf("account: unsupported confirmation purpose %q", pend.purpose)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// emailConfirmation is a pending confirm-code row in domain form.
|
// emailConfirmation is a pending confirm-code row in domain form.
|
||||||
type emailConfirmation struct {
|
type emailConfirmation struct {
|
||||||
id uuid.UUID
|
id uuid.UUID
|
||||||
@@ -220,9 +399,30 @@ func (s *Store) confirmedEmailAccount(ctx context.Context, email string) (uuid.U
|
|||||||
return row.AccountID, true, nil
|
return row.AccountID, true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// confirmedEmailOf returns the account's confirmed email address and true, or ("", false)
|
||||||
|
// when it holds none. It backs the deletion step-up, which mails a code to the account's
|
||||||
|
// own address.
|
||||||
|
func (s *Store) confirmedEmailOf(ctx context.Context, accountID uuid.UUID) (string, bool, error) {
|
||||||
|
stmt := postgres.SELECT(table.Identities.ExternalID).
|
||||||
|
FROM(table.Identities).
|
||||||
|
WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(KindEmail))).
|
||||||
|
AND(table.Identities.Confirmed.EQ(postgres.Bool(true))),
|
||||||
|
).LIMIT(1)
|
||||||
|
var row model.Identities
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &row); err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return "", false, nil
|
||||||
|
}
|
||||||
|
return "", false, fmt.Errorf("account: confirmed email of %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
return row.ExternalID, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
// replacePendingConfirmation clears any pending code for (accountID, email) and
|
// replacePendingConfirmation clears any pending code for (accountID, email) and
|
||||||
// inserts a fresh one, inside one transaction.
|
// inserts a fresh one, inside one transaction.
|
||||||
func (s *Store) replacePendingConfirmation(ctx context.Context, accountID uuid.UUID, email, codeHash string, expiresAt time.Time) error {
|
func (s *Store) replacePendingConfirmation(ctx context.Context, accountID uuid.UUID, email, codeHash, linkTokenHash, purpose string, expiresAt time.Time) error {
|
||||||
id, err := uuid.NewV7()
|
id, err := uuid.NewV7()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("account: new confirmation id: %w", err)
|
return fmt.Errorf("account: new confirmation id: %w", err)
|
||||||
@@ -239,7 +439,8 @@ func (s *Store) replacePendingConfirmation(ctx context.Context, accountID uuid.U
|
|||||||
ins := table.EmailConfirmations.INSERT(
|
ins := table.EmailConfirmations.INSERT(
|
||||||
table.EmailConfirmations.ConfirmationID, table.EmailConfirmations.AccountID,
|
table.EmailConfirmations.ConfirmationID, table.EmailConfirmations.AccountID,
|
||||||
table.EmailConfirmations.Email, table.EmailConfirmations.CodeHash, table.EmailConfirmations.ExpiresAt,
|
table.EmailConfirmations.Email, table.EmailConfirmations.CodeHash, table.EmailConfirmations.ExpiresAt,
|
||||||
).VALUES(id, accountID, email, codeHash, expiresAt)
|
table.EmailConfirmations.LinkTokenHash, table.EmailConfirmations.Purpose,
|
||||||
|
).VALUES(id, accountID, email, codeHash, expiresAt, linkTokenHash, purpose)
|
||||||
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
return fmt.Errorf("insert confirmation: %w", err)
|
return fmt.Errorf("insert confirmation: %w", err)
|
||||||
}
|
}
|
||||||
@@ -272,6 +473,54 @@ func (s *Store) latestPendingConfirmation(ctx context.Context, accountID uuid.UU
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// pendingConfirmation is a pending confirm-code row loaded by its deeplink token, in
|
||||||
|
// domain form.
|
||||||
|
type pendingConfirmation struct {
|
||||||
|
id uuid.UUID
|
||||||
|
accountID uuid.UUID
|
||||||
|
email string
|
||||||
|
purpose string
|
||||||
|
expiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// pendingByTokenHash loads the unconsumed confirmation whose deeplink token hashes to
|
||||||
|
// tokenHash, or ErrNoPendingCode. The high-entropy token needs no attempt counter, so
|
||||||
|
// a partial-unique index guarantees at most one match.
|
||||||
|
func (s *Store) pendingByTokenHash(ctx context.Context, tokenHash string) (pendingConfirmation, error) {
|
||||||
|
stmt := postgres.SELECT(table.EmailConfirmations.AllColumns).
|
||||||
|
FROM(table.EmailConfirmations).
|
||||||
|
WHERE(
|
||||||
|
table.EmailConfirmations.LinkTokenHash.EQ(postgres.String(tokenHash)).
|
||||||
|
AND(table.EmailConfirmations.ConsumedAt.IS_NULL()),
|
||||||
|
).LIMIT(1)
|
||||||
|
var row model.EmailConfirmations
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &row); err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return pendingConfirmation{}, ErrNoPendingCode
|
||||||
|
}
|
||||||
|
return pendingConfirmation{}, fmt.Errorf("account: load confirmation by token: %w", err)
|
||||||
|
}
|
||||||
|
return pendingConfirmation{
|
||||||
|
id: row.ConfirmationID,
|
||||||
|
accountID: row.AccountID,
|
||||||
|
email: row.Email,
|
||||||
|
purpose: row.Purpose,
|
||||||
|
expiresAt: row.ExpiresAt,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// consumeConfirmation marks a confirmation consumed without writing an identity, used
|
||||||
|
// for the idempotent already-linked deeplink path.
|
||||||
|
func (s *Store) consumeConfirmation(ctx context.Context, id uuid.UUID, now time.Time) error {
|
||||||
|
upd := table.EmailConfirmations.UPDATE(table.EmailConfirmations.ConsumedAt).
|
||||||
|
SET(postgres.TimestampzT(now)).
|
||||||
|
WHERE(table.EmailConfirmations.ConfirmationID.EQ(postgres.UUID(id)))
|
||||||
|
if _, err := upd.ExecContext(ctx, s.db); err != nil {
|
||||||
|
return fmt.Errorf("account: consume confirmation: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// bumpConfirmationAttempts increments a code's wrong-attempt counter by one.
|
// bumpConfirmationAttempts increments a code's wrong-attempt counter by one.
|
||||||
func (s *Store) bumpConfirmationAttempts(ctx context.Context, id uuid.UUID) error {
|
func (s *Store) bumpConfirmationAttempts(ctx context.Context, id uuid.UUID) error {
|
||||||
stmt := table.EmailConfirmations.
|
stmt := table.EmailConfirmations.
|
||||||
@@ -318,6 +567,69 @@ func (s *Store) confirmEmailIdentity(ctx context.Context, confirmationID, accoun
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// replaceEmailIdentity consumes the confirmation, deletes the account's existing email
|
||||||
|
// identity (freeing the old address) and inserts newEmail as its confirmed email, inside
|
||||||
|
// one transaction. It backs the change-email flow. A unique-constraint violation — the
|
||||||
|
// new address was confirmed elsewhere in the meantime — surfaces as ErrEmailTaken. When
|
||||||
|
// the account holds no email identity yet the delete is a no-op, so this doubles as an
|
||||||
|
// attach.
|
||||||
|
func (s *Store) replaceEmailIdentity(ctx context.Context, confirmationID, accountID uuid.UUID, newEmail string, now time.Time) error {
|
||||||
|
identityID, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: new identity id: %w", err)
|
||||||
|
}
|
||||||
|
err = withTx(ctx, s.db, func(tx *sql.Tx) error {
|
||||||
|
upd := table.EmailConfirmations.
|
||||||
|
UPDATE(table.EmailConfirmations.ConsumedAt).
|
||||||
|
SET(postgres.TimestampzT(now)).
|
||||||
|
WHERE(table.EmailConfirmations.ConfirmationID.EQ(postgres.UUID(confirmationID)))
|
||||||
|
if _, err := upd.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("consume confirmation: %w", err)
|
||||||
|
}
|
||||||
|
// Journal the outgoing email before replacing it, so the legal dossier keeps the
|
||||||
|
// address the account used to hold (see retention.go).
|
||||||
|
var old model.Identities
|
||||||
|
sel := postgres.SELECT(
|
||||||
|
table.Identities.ExternalID, table.Identities.Confirmed, table.Identities.CreatedAt,
|
||||||
|
).FROM(table.Identities).WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(KindEmail))),
|
||||||
|
).LIMIT(1)
|
||||||
|
switch err := sel.QueryContext(ctx, tx, &old); {
|
||||||
|
case err == nil:
|
||||||
|
if err := retainIdentityTx(ctx, tx, accountID, KindEmail, old.ExternalID, old.Confirmed, old.CreatedAt, retainChange); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
case errors.Is(err, qrm.ErrNoRows):
|
||||||
|
// No prior email (this doubles as an attach); nothing to retain.
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("load outgoing email identity: %w", err)
|
||||||
|
}
|
||||||
|
del := table.Identities.DELETE().WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(KindEmail))),
|
||||||
|
)
|
||||||
|
if _, err := del.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("delete old email identity: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.Identities.INSERT(
|
||||||
|
table.Identities.IdentityID, table.Identities.AccountID, table.Identities.Kind,
|
||||||
|
table.Identities.ExternalID, table.Identities.Confirmed,
|
||||||
|
).VALUES(identityID, accountID, KindEmail, newEmail, true)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
if isUniqueViolation(err) {
|
||||||
|
return ErrEmailTaken
|
||||||
|
}
|
||||||
|
return fmt.Errorf("account: replace email identity: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// confirmEmailLogin consumes the login code and marks the existing email
|
// confirmEmailLogin consumes the login code and marks the existing email
|
||||||
// identity confirmed, inside one transaction. The identity already exists (a
|
// identity confirmed, inside one transaction. The identity already exists (a
|
||||||
// login provisioned it), so this updates rather than inserts and is idempotent
|
// login provisioned it), so this updates rather than inserts and is idempotent
|
||||||
@@ -365,6 +677,18 @@ func generateCode() (code, hash string, err error) {
|
|||||||
return code, hashCode(code), nil
|
return code, hashCode(code), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generateLinkToken returns a fresh opaque one-tap confirm deeplink token (URL-safe
|
||||||
|
// base64, 256-bit) and its hex SHA-256 hash. Only the hash is stored; the token
|
||||||
|
// travels only in the emailed link, mirroring the session-token model.
|
||||||
|
func generateLinkToken() (token, hash string, err error) {
|
||||||
|
buf := make([]byte, linkTokenBytes)
|
||||||
|
if _, err := crand.Read(buf); err != nil {
|
||||||
|
return "", "", fmt.Errorf("account: generate link token: %w", err)
|
||||||
|
}
|
||||||
|
token = base64.RawURLEncoding.EncodeToString(buf)
|
||||||
|
return token, hashCode(token), nil
|
||||||
|
}
|
||||||
|
|
||||||
// hashCode returns the hex-encoded SHA-256 of a confirm-code.
|
// hashCode returns the hex-encoded SHA-256 of a confirm-code.
|
||||||
func hashCode(code string) string {
|
func hashCode(code string) string {
|
||||||
sum := sha256.Sum256([]byte(code))
|
sum := sha256.Sum256([]byte(code))
|
||||||
|
|||||||
@@ -0,0 +1,239 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"html/template"
|
||||||
|
"strings"
|
||||||
|
tmpltext "text/template"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// emailBrandColor is the single accent used in the confirmation email — a calm
|
||||||
|
// tile green, matching the "no riot of colours" brief.
|
||||||
|
const emailBrandColor = "#2f7d4f"
|
||||||
|
|
||||||
|
// confirmEmailView is the fully-localised data the confirmation email templates
|
||||||
|
// render. Every string is resolved before rendering, so the templates carry no
|
||||||
|
// localisation logic.
|
||||||
|
type confirmEmailView struct {
|
||||||
|
Brand string
|
||||||
|
Heading string
|
||||||
|
Intro string
|
||||||
|
Code string
|
||||||
|
Expiry string
|
||||||
|
CTALabel string
|
||||||
|
DeeplinkURL string
|
||||||
|
FooterIgnore string
|
||||||
|
LandingURL string
|
||||||
|
LandingLabel string
|
||||||
|
Preheader string
|
||||||
|
Locale string
|
||||||
|
Accent string
|
||||||
|
}
|
||||||
|
|
||||||
|
// emailCopy is the purpose- and locale-specific wording of a confirmation email.
|
||||||
|
type emailCopy struct {
|
||||||
|
Subject string
|
||||||
|
Preheader string
|
||||||
|
Heading string
|
||||||
|
Intro string
|
||||||
|
CTALabel string
|
||||||
|
FooterIgnore string
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmEmailCopy holds the wording per (purpose, locale). Unknown purposes fall
|
||||||
|
// back to the neutral link wording and unknown locales fall back to English.
|
||||||
|
var confirmEmailCopy = map[string]map[string]emailCopy{
|
||||||
|
purposeLogin: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Your Erudit sign-in code",
|
||||||
|
Preheader: "Your sign-in code",
|
||||||
|
Heading: "Sign in to Erudit",
|
||||||
|
Intro: "Enter this code to sign in:",
|
||||||
|
CTALabel: "Sign in with one tap",
|
||||||
|
FooterIgnore: "If you didn't request this email, you can safely ignore it.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Код для входа в Эрудит",
|
||||||
|
Preheader: "Ваш код для входа",
|
||||||
|
Heading: "Вход в Эрудит",
|
||||||
|
Intro: "Введите этот код, чтобы войти в игру:",
|
||||||
|
CTALabel: "Войти одним нажатием",
|
||||||
|
FooterIgnore: "Если вы не запрашивали это письмо, просто проигнорируйте его.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
purposeLink: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Your Erudit confirmation code",
|
||||||
|
Preheader: "Your confirmation code",
|
||||||
|
Heading: "Confirm your e-mail",
|
||||||
|
Intro: "Enter this code to confirm your address:",
|
||||||
|
CTALabel: "Confirm with one tap",
|
||||||
|
FooterIgnore: "If you didn't request this email, you can safely ignore it.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Код подтверждения Эрудит",
|
||||||
|
Preheader: "Ваш код подтверждения",
|
||||||
|
Heading: "Подтверждение e-mail",
|
||||||
|
Intro: "Введите этот код, чтобы подтвердить адрес:",
|
||||||
|
CTALabel: "Подтвердить одним нажатием",
|
||||||
|
FooterIgnore: "Если вы не запрашивали это письмо, просто проигнорируйте его.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
purposeChange: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Confirm your new Erudit e-mail",
|
||||||
|
Preheader: "Confirm your new address",
|
||||||
|
Heading: "Confirm your new e-mail",
|
||||||
|
Intro: "Enter this code to switch your account to this address:",
|
||||||
|
CTALabel: "Confirm with one tap",
|
||||||
|
FooterIgnore: "If you didn't request this change, you can safely ignore it — your address stays the same.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Подтвердите новый e-mail в Эрудит",
|
||||||
|
Preheader: "Подтвердите новый адрес",
|
||||||
|
Heading: "Смена e-mail",
|
||||||
|
Intro: "Введите этот код, чтобы привязать аккаунт к новому адресу:",
|
||||||
|
CTALabel: "Подтвердить одним нажатием",
|
||||||
|
FooterIgnore: "Если вы не запрашивали смену, просто проигнорируйте письмо — адрес останется прежним.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
purposeDelete: {
|
||||||
|
"en": {
|
||||||
|
Subject: "Confirm your Erudit account deletion",
|
||||||
|
Preheader: "Confirm account deletion",
|
||||||
|
Heading: "Delete your account",
|
||||||
|
Intro: "Enter this code in the app to permanently delete your account:",
|
||||||
|
CTALabel: "",
|
||||||
|
FooterIgnore: "If you didn't request this, ignore it — your account stays as it is.",
|
||||||
|
},
|
||||||
|
"ru": {
|
||||||
|
Subject: "Подтвердите удаление аккаунта Эрудит",
|
||||||
|
Preheader: "Подтверждение удаления аккаунта",
|
||||||
|
Heading: "Удаление аккаунта",
|
||||||
|
Intro: "Введите этот код в приложении, чтобы удалить аккаунт без восстановления:",
|
||||||
|
CTALabel: "",
|
||||||
|
FooterIgnore: "Если вы не запрашивали удаление, проигнорируйте письмо — аккаунт останется.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
// emailBrand is the brand wordmark per locale.
|
||||||
|
var emailBrand = map[string]string{"en": "Erudit", "ru": "Эрудит"}
|
||||||
|
|
||||||
|
// emailExpiry formats the code-lifetime line per locale (abbreviated minutes to
|
||||||
|
// avoid plural agreement).
|
||||||
|
func emailExpiry(locale string, d time.Duration) string {
|
||||||
|
min := int(d / time.Minute)
|
||||||
|
if locale == "ru" {
|
||||||
|
return fmt.Sprintf("Код действует %d мин.", min)
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("The code is valid for %d minutes.", min)
|
||||||
|
}
|
||||||
|
|
||||||
|
// normalizeLocale maps an account language to a supported email locale, defaulting
|
||||||
|
// to English.
|
||||||
|
func normalizeLocale(locale string) string {
|
||||||
|
if locale == "ru" {
|
||||||
|
return "ru"
|
||||||
|
}
|
||||||
|
return "en"
|
||||||
|
}
|
||||||
|
|
||||||
|
// renderConfirmationEmail builds the branded confirmation email for purpose in
|
||||||
|
// locale: a large readable code plus a one-tap deeplink button, with an
|
||||||
|
// ignore-notice footer and a landing link. Both a plain-text body and an HTML
|
||||||
|
// alternative are produced. deeplinkURL is the absolute /confirm link and
|
||||||
|
// landingURL the public landing origin.
|
||||||
|
func renderConfirmationEmail(purpose, code, deeplinkURL, landingURL, locale string) (Message, error) {
|
||||||
|
loc := normalizeLocale(locale)
|
||||||
|
byLocale, ok := confirmEmailCopy[purpose]
|
||||||
|
if !ok {
|
||||||
|
byLocale = confirmEmailCopy[purposeLink]
|
||||||
|
}
|
||||||
|
cp := byLocale[loc]
|
||||||
|
view := confirmEmailView{
|
||||||
|
Brand: emailBrand[loc],
|
||||||
|
Heading: cp.Heading,
|
||||||
|
Intro: cp.Intro,
|
||||||
|
Code: code,
|
||||||
|
Expiry: emailExpiry(loc, emailCodeTTL),
|
||||||
|
CTALabel: cp.CTALabel,
|
||||||
|
DeeplinkURL: deeplinkURL,
|
||||||
|
FooterIgnore: cp.FooterIgnore,
|
||||||
|
LandingURL: landingURL,
|
||||||
|
LandingLabel: emailBrand[loc],
|
||||||
|
Preheader: cp.Preheader,
|
||||||
|
Locale: loc,
|
||||||
|
Accent: emailBrandColor,
|
||||||
|
}
|
||||||
|
var html strings.Builder
|
||||||
|
if err := confirmEmailHTML.Execute(&html, view); err != nil {
|
||||||
|
return Message{}, fmt.Errorf("account: render confirmation email (html): %w", err)
|
||||||
|
}
|
||||||
|
var text strings.Builder
|
||||||
|
if err := confirmEmailText.Execute(&text, view); err != nil {
|
||||||
|
return Message{}, fmt.Errorf("account: render confirmation email (text): %w", err)
|
||||||
|
}
|
||||||
|
return Message{Subject: cp.Subject, Text: text.String(), HTML: html.String()}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmEmailHTML is a compact, image-free, mobile-friendly HTML email. Layout is
|
||||||
|
// table-based for broad mail-client compatibility and all styling is inlined
|
||||||
|
// because clients strip <style> blocks.
|
||||||
|
var confirmEmailHTML = template.Must(template.New("confirmEmailHTML").Parse(`<!DOCTYPE html>
|
||||||
|
<html lang="{{.Locale}}">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>{{.Brand}}</title>
|
||||||
|
</head>
|
||||||
|
<body style="margin:0;padding:0;background:#f4f5f7;">
|
||||||
|
<span style="display:none;max-height:0;overflow:hidden;opacity:0;">{{.Preheader}}</span>
|
||||||
|
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background:#f4f5f7;padding:24px 12px;">
|
||||||
|
<tr><td align="center">
|
||||||
|
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width:460px;background:#ffffff;border:1px solid #e5e7eb;border-radius:14px;overflow:hidden;font-family:-apple-system,'Segoe UI',Roboto,Helvetica,Arial,sans-serif;">
|
||||||
|
<tr><td style="padding:28px 32px 4px;">
|
||||||
|
<div style="font-size:15px;font-weight:700;letter-spacing:.04em;color:{{.Accent}};">{{.Brand}}</div>
|
||||||
|
</td></tr>
|
||||||
|
<tr><td style="padding:8px 32px 0;">
|
||||||
|
<h1 style="margin:0;font-size:20px;line-height:1.3;color:#111827;font-weight:600;">{{.Heading}}</h1>
|
||||||
|
<p style="margin:12px 0 0;font-size:15px;line-height:1.5;color:#374151;">{{.Intro}}</p>
|
||||||
|
</td></tr>
|
||||||
|
<tr><td style="padding:18px 32px 0;">
|
||||||
|
<div style="font-size:34px;font-weight:700;letter-spacing:8px;text-align:center;color:#111827;background:#f3f4f6;border-radius:10px;padding:18px 0;font-family:'SFMono-Regular',Consolas,Menlo,monospace;">{{.Code}}</div>
|
||||||
|
<p style="margin:10px 0 0;font-size:13px;line-height:1.5;color:#6b7280;text-align:center;">{{.Expiry}}</p>
|
||||||
|
</td></tr>
|
||||||
|
{{if .DeeplinkURL}}<tr><td style="padding:22px 32px 0;" align="center">
|
||||||
|
<a href="{{.DeeplinkURL}}" style="display:inline-block;background:{{.Accent}};color:#ffffff;text-decoration:none;font-size:15px;font-weight:600;padding:12px 26px;border-radius:9px;">{{.CTALabel}}</a>
|
||||||
|
</td></tr>
|
||||||
|
{{end}}<tr><td style="padding:26px 32px 28px;">
|
||||||
|
<hr style="border:none;border-top:1px solid #eceef1;margin:0 0 16px;">
|
||||||
|
<p style="margin:0;font-size:12px;line-height:1.6;color:#9ca3af;">{{.FooterIgnore}}</p>
|
||||||
|
<p style="margin:10px 0 0;font-size:12px;color:#9ca3af;"><a href="{{.LandingURL}}" style="color:#6b7280;text-decoration:none;">{{.LandingLabel}}</a></p>
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
`))
|
||||||
|
|
||||||
|
// confirmEmailText is the plain-text alternative (and multipart fallback).
|
||||||
|
var confirmEmailText = tmpltext.Must(tmpltext.New("confirmEmailText").Parse(`{{.Brand}}
|
||||||
|
|
||||||
|
{{.Heading}}
|
||||||
|
|
||||||
|
{{.Intro}}
|
||||||
|
|
||||||
|
{{.Code}}
|
||||||
|
|
||||||
|
{{.Expiry}}
|
||||||
|
|
||||||
|
{{if .DeeplinkURL}}{{.CTALabel}}:
|
||||||
|
{{.DeeplinkURL}}
|
||||||
|
|
||||||
|
{{end}}—
|
||||||
|
{{.FooterIgnore}}
|
||||||
|
{{.LandingLabel}} — {{.LandingURL}}
|
||||||
|
`))
|
||||||
@@ -0,0 +1,54 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestRenderConfirmationEmail checks that each (purpose, locale) renders a localised
|
||||||
|
// subject, embeds the code and the one-tap deeplink in both bodies, and produces HTML.
|
||||||
|
func TestRenderConfirmationEmail(t *testing.T) {
|
||||||
|
const deeplink = "https://erudit-game.ru/app/#/confirm/tok123"
|
||||||
|
cases := []struct {
|
||||||
|
name, purpose, locale, subjectSub string
|
||||||
|
}{
|
||||||
|
{"login ru", purposeLogin, "ru", "вход"},
|
||||||
|
{"login en", purposeLogin, "en", "sign-in"},
|
||||||
|
{"link ru", purposeLink, "ru", "подтвержд"},
|
||||||
|
{"link en", purposeLink, "en", "confirmation"},
|
||||||
|
{"change ru", purposeChange, "ru", "новый"},
|
||||||
|
{"change en", purposeChange, "en", "new"},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
t.Run(c.name, func(t *testing.T) {
|
||||||
|
msg, err := renderConfirmationEmail(c.purpose, "123456", deeplink, "https://erudit-game.ru", c.locale)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("render: %v", err)
|
||||||
|
}
|
||||||
|
if !strings.Contains(strings.ToLower(msg.Subject), c.subjectSub) {
|
||||||
|
t.Errorf("subject %q does not contain %q", msg.Subject, c.subjectSub)
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Text, "123456") || !strings.Contains(msg.HTML, "123456") {
|
||||||
|
t.Error("code missing from a body")
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Text, deeplink) || !strings.Contains(msg.HTML, "confirm/tok123") {
|
||||||
|
t.Error("deeplink missing from a body")
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.HTML, "<html") {
|
||||||
|
t.Error("HTML body is not HTML")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestRenderConfirmationEmailUnknownLocaleDefaultsEnglish falls back to English for an
|
||||||
|
// unsupported locale rather than erroring or emitting an empty subject.
|
||||||
|
func TestRenderConfirmationEmailUnknownLocaleDefaultsEnglish(t *testing.T) {
|
||||||
|
msg, err := renderConfirmationEmail(purposeLogin, "000000", "", "https://erudit-game.ru", "de")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("render: %v", err)
|
||||||
|
}
|
||||||
|
if !strings.Contains(strings.ToLower(msg.Subject), "sign-in") {
|
||||||
|
t.Errorf("unknown locale should default to English, got subject %q", msg.Subject)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -2,6 +2,7 @@ package account
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"database/sql"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
@@ -16,6 +17,68 @@ import (
|
|||||||
// belongs to another account; the caller turns it into a merge.
|
// belongs to another account; the caller turns it into a merge.
|
||||||
var ErrIdentityTaken = errors.New("account: identity already linked to another account")
|
var ErrIdentityTaken = errors.New("account: identity already linked to another account")
|
||||||
|
|
||||||
|
// ErrLastIdentity is returned when removing an identity would leave the account with
|
||||||
|
// none, making it unreachable after logout. The admin email-erase refuses it.
|
||||||
|
var ErrLastIdentity = errors.New("account: cannot remove the last identity")
|
||||||
|
|
||||||
|
// RemoveIdentity deletes the account's identity of the given kind (and, for an email,
|
||||||
|
// any pending confirmations for it), freeing it for reuse. It refuses when that is the
|
||||||
|
// account's only identity (ErrLastIdentity) — which would leave the account
|
||||||
|
// unreachable — and returns ErrNotFound when the account has no identity of that kind.
|
||||||
|
// It backs the profile Unlink control and the admin "erase email" action.
|
||||||
|
func (s *Store) RemoveIdentity(ctx context.Context, accountID uuid.UUID, kind string) error {
|
||||||
|
ids, err := s.Identities(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
var toRetain []Identity
|
||||||
|
others := 0
|
||||||
|
for _, id := range ids {
|
||||||
|
if id.Kind == kind {
|
||||||
|
toRetain = append(toRetain, id)
|
||||||
|
} else {
|
||||||
|
others++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(toRetain) == 0 {
|
||||||
|
return ErrNotFound
|
||||||
|
}
|
||||||
|
if others == 0 {
|
||||||
|
return ErrLastIdentity
|
||||||
|
}
|
||||||
|
return withTx(ctx, s.db, func(tx *sql.Tx) error {
|
||||||
|
// Journal the detached credential before removing it, so the legal dossier
|
||||||
|
// survives while the identity frees for reuse (see retention.go).
|
||||||
|
for _, id := range toRetain {
|
||||||
|
if err := retainIdentityTx(ctx, tx, accountID, id.Kind, id.ExternalID, id.Confirmed, id.CreatedAt, retainUnlink); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
delID := table.Identities.DELETE().WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(kind))),
|
||||||
|
)
|
||||||
|
if _, err := delID.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("account: delete %s identity %s: %w", kind, accountID, err)
|
||||||
|
}
|
||||||
|
if kind == KindEmail {
|
||||||
|
delConf := table.EmailConfirmations.DELETE().WHERE(
|
||||||
|
table.EmailConfirmations.AccountID.EQ(postgres.UUID(accountID)),
|
||||||
|
)
|
||||||
|
if _, err := delConf.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("account: delete email confirmations %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// RemoveEmailIdentity erases the account's email identity. It backs the admin console's
|
||||||
|
// "erase email" action; the user-facing profile never unlinks email (it is changed).
|
||||||
|
func (s *Store) RemoveEmailIdentity(ctx context.Context, accountID uuid.UUID) error {
|
||||||
|
return s.RemoveIdentity(ctx, accountID, KindEmail)
|
||||||
|
}
|
||||||
|
|
||||||
// RequestLinkCode issues and mails a confirm-code for email to accountID,
|
// RequestLinkCode issues and mails a confirm-code for email to accountID,
|
||||||
// replacing any prior pending code. Unlike RequestCode it never refuses up front
|
// replacing any prior pending code. Unlike RequestCode it never refuses up front
|
||||||
// (taken or already-confirmed): possession of the address is the authorization for
|
// (taken or already-confirmed): possession of the address is the authorization for
|
||||||
@@ -26,16 +89,10 @@ func (s *EmailService) RequestLinkCode(ctx context.Context, accountID uuid.UUID,
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
code, hash, err := generateCode()
|
if !s.allowSend(addr) {
|
||||||
if err != nil {
|
return ErrTooManyRequests
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
if err := s.store.replacePendingConfirmation(ctx, accountID, addr, hash, s.now().Add(emailCodeTTL)); err != nil {
|
return s.issueCode(ctx, accountID, addr, purposeLink, s.accountLocale(ctx, accountID))
|
||||||
return err
|
|
||||||
}
|
|
||||||
subject := "Your Scrabble confirmation code"
|
|
||||||
body := fmt.Sprintf("Your confirmation code is %s. It expires in %d minutes.", code, int(emailCodeTTL/time.Minute))
|
|
||||||
return s.mailer.Send(ctx, addr, subject, body)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfirmLink verifies code for (accountID, email) and reports the address's
|
// ConfirmLink verifies code for (accountID, email) and reports the address's
|
||||||
@@ -70,6 +127,100 @@ func (s *EmailService) ConfirmLink(ctx context.Context, accountID uuid.UUID, ema
|
|||||||
return accountID, true, nil
|
return accountID, true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RequestChangeCode issues and mails a confirm-code to newEmail for an authenticated
|
||||||
|
// email change on accountID, replacing any prior pending code. Like RequestLinkCode it
|
||||||
|
// never refuses up front on "taken" (anti-enumeration): possession of newEmail is the
|
||||||
|
// authorization, and a conflict with another account is revealed only at confirm — as a
|
||||||
|
// non-disclosing refusal, never a merge.
|
||||||
|
func (s *EmailService) RequestChangeCode(ctx context.Context, accountID uuid.UUID, newEmail string) error {
|
||||||
|
addr, err := normalizeEmail(newEmail)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !s.allowSend(addr) {
|
||||||
|
return ErrTooManyRequests
|
||||||
|
}
|
||||||
|
return s.issueCode(ctx, accountID, addr, purposeChange, s.accountLocale(ctx, accountID))
|
||||||
|
}
|
||||||
|
|
||||||
|
// ConfirmChange verifies code for (accountID, newEmail) and atomically replaces the
|
||||||
|
// account's confirmed email with newEmail, freeing the old address. When newEmail is
|
||||||
|
// already confirmed by another account it refuses with ErrEmailTaken (surfaced to the
|
||||||
|
// user as a non-disclosing "check the address or contact support"), never merging; when
|
||||||
|
// the account already owns newEmail it is an idempotent no-op. It returns the usual
|
||||||
|
// confirm-code errors (ErrNoPendingCode, ErrCodeExpired, ErrTooManyAttempts,
|
||||||
|
// ErrCodeMismatch) and the updated account on success.
|
||||||
|
func (s *EmailService) ConfirmChange(ctx context.Context, accountID uuid.UUID, newEmail, code string) (Account, error) {
|
||||||
|
addr, err := normalizeEmail(newEmail)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
conf, err := s.verifyPendingCode(ctx, accountID, addr, code)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
owner, ok, err := s.store.confirmedEmailAccount(ctx, addr)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
if ok && owner != accountID {
|
||||||
|
return Account{}, ErrEmailTaken
|
||||||
|
}
|
||||||
|
if ok && owner == accountID {
|
||||||
|
if err := s.store.consumeConfirmation(ctx, conf.id, s.now()); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
return s.store.GetByID(ctx, accountID)
|
||||||
|
}
|
||||||
|
if err := s.store.replaceEmailIdentity(ctx, conf.id, accountID, addr, s.now()); err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
return s.store.GetByID(ctx, accountID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// HasEmail reports whether accountID owns a confirmed email. The account-deletion step-up
|
||||||
|
// mails a confirm-code when it does, and falls back to a typed phrase otherwise.
|
||||||
|
func (s *EmailService) HasEmail(ctx context.Context, accountID uuid.UUID) (bool, error) {
|
||||||
|
_, ok, err := s.store.confirmedEmailOf(ctx, accountID)
|
||||||
|
return ok, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// RequestDeleteCode mails an account-deletion confirm-code to the account's own confirmed
|
||||||
|
// email (no deeplink — deletion is confirmed in the app). It returns ErrNoEmail when the
|
||||||
|
// account holds no email, ErrTooManyRequests when throttled.
|
||||||
|
func (s *EmailService) RequestDeleteCode(ctx context.Context, accountID uuid.UUID) error {
|
||||||
|
addr, ok, err := s.store.confirmedEmailOf(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
return ErrNoEmail
|
||||||
|
}
|
||||||
|
if !s.allowSend(addr) {
|
||||||
|
return ErrTooManyRequests
|
||||||
|
}
|
||||||
|
return s.issueCode(ctx, accountID, addr, purposeDelete, s.accountLocale(ctx, accountID))
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyDeleteCode verifies the account-deletion code against the account's own email and
|
||||||
|
// consumes it on success. It returns ErrNoEmail (no email), the usual confirm-code errors
|
||||||
|
// (ErrNoPendingCode, ErrCodeExpired, ErrTooManyAttempts, ErrCodeMismatch), or nil when the
|
||||||
|
// code is valid — the caller then performs the deletion.
|
||||||
|
func (s *EmailService) VerifyDeleteCode(ctx context.Context, accountID uuid.UUID, code string) error {
|
||||||
|
addr, ok, err := s.store.confirmedEmailOf(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
return ErrNoEmail
|
||||||
|
}
|
||||||
|
conf, err := s.verifyPendingCode(ctx, accountID, addr, code)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return s.store.consumeConfirmation(ctx, conf.id, s.now())
|
||||||
|
}
|
||||||
|
|
||||||
// verifyPendingCode loads and checks the pending confirm-code for (accountID,
|
// verifyPendingCode loads and checks the pending confirm-code for (accountID,
|
||||||
// addr), counting a wrong attempt. It returns the confirmation on success.
|
// addr), counting a wrong attempt. It returns the confirmation on success.
|
||||||
func (s *EmailService) verifyPendingCode(ctx context.Context, accountID uuid.UUID, addr, code string) (emailConfirmation, error) {
|
func (s *EmailService) verifyPendingCode(ctx context.Context, accountID uuid.UUID, addr, code string) (emailConfirmation, error) {
|
||||||
|
|||||||
@@ -3,33 +3,99 @@ package account
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"strconv"
|
||||||
"net/smtp"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/wneessen/go-mail"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Message is a transactional email to send through a Mailer. Text is the
|
||||||
|
// required plain-text body and doubles as the multipart/alternative fallback;
|
||||||
|
// HTML, when non-empty, is the preferred body a capable client renders instead.
|
||||||
|
type Message struct {
|
||||||
|
// To is the recipient address, or several comma-separated (all get the one message).
|
||||||
|
To string
|
||||||
|
// From, when non-empty, overrides the configured sender for this message — the admin
|
||||||
|
// alert path uses a distinct From from the user-facing confirm-code sender.
|
||||||
|
From string
|
||||||
|
Subject string
|
||||||
|
Text string
|
||||||
|
HTML string
|
||||||
|
}
|
||||||
|
|
||||||
// Mailer delivers a transactional email. It is the seam behind which the email
|
// Mailer delivers a transactional email. It is the seam behind which the email
|
||||||
// confirm-code flow sends codes, so the relay is swappable and unit tests use a
|
// confirm-code flow sends codes, so the relay is swappable and unit tests use a
|
||||||
// fixture (see docs/TESTING.md: no real network in tests). The context is offered
|
// fixture (see docs/TESTING.md: no real network in tests). The context bounds the
|
||||||
// for cancellation; the standard-library SMTP implementation sends synchronously
|
// delivery and is honoured by the SMTP implementation.
|
||||||
// and ignores it.
|
|
||||||
type Mailer interface {
|
type Mailer interface {
|
||||||
Send(ctx context.Context, to, subject, body string) error
|
Send(ctx context.Context, msg Message) error
|
||||||
|
}
|
||||||
|
|
||||||
|
// splitAddrs splits a comma-separated recipient list into trimmed, non-empty addresses.
|
||||||
|
func splitAddrs(list string) []string {
|
||||||
|
parts := strings.Split(list, ",")
|
||||||
|
out := make([]string, 0, len(parts))
|
||||||
|
for _, p := range parts {
|
||||||
|
if a := strings.TrimSpace(p); a != "" {
|
||||||
|
out = append(out, a)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// SMTPConfig configures the SMTP relay. An empty Host selects the LogMailer
|
// SMTPConfig configures the SMTP relay. An empty Host selects the LogMailer
|
||||||
// instead, so a deployment without a relay still runs (the code lands in the log).
|
// instead, so a deployment without a relay still runs (the code lands in the log).
|
||||||
|
// TLS is always used and no client certificate is required — only the server
|
||||||
|
// certificate is validated against the system roots.
|
||||||
type SMTPConfig struct {
|
type SMTPConfig struct {
|
||||||
Host string
|
Host string
|
||||||
Port string
|
Port string
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
From string
|
From string
|
||||||
|
// TLS selects the transport security: "ssl" for implicit TLS from connect, or
|
||||||
|
// "starttls" to upgrade a plaintext connection. Empty derives the mode from the
|
||||||
|
// port (implicit TLS on 465, STARTTLS otherwise); set it explicitly for a relay on
|
||||||
|
// a non-standard port (e.g. Selectel's 1127 = SSL, 1126 = STARTTLS).
|
||||||
|
TLS string
|
||||||
|
// AdminFrom / AdminTo drive the operator alert emails (new feedback / word complaints),
|
||||||
|
// distinct from the user-facing confirm-code sender. AdminTo may be several
|
||||||
|
// comma-separated addresses. Both empty disables the alert worker.
|
||||||
|
AdminFrom string
|
||||||
|
AdminTo string
|
||||||
}
|
}
|
||||||
|
|
||||||
// SMTPMailer sends mail through an SMTP relay using the standard library. When a
|
const (
|
||||||
// username is set it authenticates with PLAIN; otherwise it relays unauthenticated.
|
// SMTP transport-security modes for SMTPConfig.TLS.
|
||||||
|
smtpTLSImplicit = "ssl"
|
||||||
|
smtpTLSSTARTTLS = "starttls"
|
||||||
|
// smtpDialTimeout bounds a single relay connect-and-send. The confirm-code send
|
||||||
|
// is synchronous on the request path, so an unreachable relay must fail fast
|
||||||
|
// rather than hold the request open.
|
||||||
|
smtpDialTimeout = 15 * time.Second
|
||||||
|
)
|
||||||
|
|
||||||
|
// tlsMode resolves the transport-security mode for the relay: the explicitly
|
||||||
|
// configured SMTPConfig.TLS, or — when unset — implicit TLS on the conventional SSL
|
||||||
|
// port 465 and STARTTLS on any other port.
|
||||||
|
func (cfg SMTPConfig) tlsMode(port int) string {
|
||||||
|
switch strings.ToLower(strings.TrimSpace(cfg.TLS)) {
|
||||||
|
case smtpTLSImplicit, "tls":
|
||||||
|
return smtpTLSImplicit
|
||||||
|
case smtpTLSSTARTTLS:
|
||||||
|
return smtpTLSSTARTTLS
|
||||||
|
}
|
||||||
|
if port == 465 {
|
||||||
|
return smtpTLSImplicit
|
||||||
|
}
|
||||||
|
return smtpTLSSTARTTLS
|
||||||
|
}
|
||||||
|
|
||||||
|
// SMTPMailer sends mail through an SMTP relay using go-mail. When a username is
|
||||||
|
// set it authenticates, auto-discovering the strongest mechanism the relay
|
||||||
|
// advertises; otherwise it relays unauthenticated.
|
||||||
type SMTPMailer struct {
|
type SMTPMailer struct {
|
||||||
cfg SMTPConfig
|
cfg SMTPConfig
|
||||||
}
|
}
|
||||||
@@ -39,29 +105,55 @@ func NewSMTPMailer(cfg SMTPConfig) SMTPMailer {
|
|||||||
return SMTPMailer{cfg: cfg}
|
return SMTPMailer{cfg: cfg}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send delivers a plain-text UTF-8 message to to via the configured relay.
|
// Send delivers a UTF-8 message to msg.To via the configured relay. When msg.HTML
|
||||||
func (m SMTPMailer) Send(_ context.Context, to, subject, body string) error {
|
// is set the message is multipart/alternative (plain text plus HTML); otherwise
|
||||||
addr := net.JoinHostPort(m.cfg.Host, m.cfg.Port)
|
// it is plain text only.
|
||||||
var auth smtp.Auth
|
func (m SMTPMailer) Send(ctx context.Context, msg Message) error {
|
||||||
if m.cfg.Username != "" {
|
port, err := strconv.Atoi(m.cfg.Port)
|
||||||
auth = smtp.PlainAuth("", m.cfg.Username, m.cfg.Password, m.cfg.Host)
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: invalid SMTP port %q: %w", m.cfg.Port, err)
|
||||||
}
|
}
|
||||||
if err := smtp.SendMail(addr, auth, m.cfg.From, []string{to}, message(m.cfg.From, to, subject, body)); err != nil {
|
opts := []mail.Option{mail.WithPort(port), mail.WithTimeout(smtpDialTimeout)}
|
||||||
return fmt.Errorf("account: send mail to %s: %w", to, err)
|
if m.cfg.tlsMode(port) == smtpTLSImplicit {
|
||||||
|
opts = append(opts, mail.WithSSL())
|
||||||
|
} else {
|
||||||
|
opts = append(opts, mail.WithTLSPortPolicy(mail.TLSMandatory))
|
||||||
|
}
|
||||||
|
if m.cfg.Username != "" {
|
||||||
|
opts = append(opts,
|
||||||
|
mail.WithSMTPAuth(mail.SMTPAuthAutoDiscover),
|
||||||
|
mail.WithUsername(m.cfg.Username),
|
||||||
|
mail.WithPassword(m.cfg.Password),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
client, err := mail.NewClient(m.cfg.Host, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: build mail client: %w", err)
|
||||||
|
}
|
||||||
|
out := mail.NewMsg()
|
||||||
|
from := m.cfg.From
|
||||||
|
if msg.From != "" {
|
||||||
|
from = msg.From
|
||||||
|
}
|
||||||
|
if err := out.From(from); err != nil {
|
||||||
|
return fmt.Errorf("account: set From %q: %w", from, err)
|
||||||
|
}
|
||||||
|
// To may carry several comma-separated recipients; go-mail wants them as separate
|
||||||
|
// arguments (a single joined string parses as one malformed address).
|
||||||
|
if err := out.To(splitAddrs(msg.To)...); err != nil {
|
||||||
|
return fmt.Errorf("account: set To %q: %w", msg.To, err)
|
||||||
|
}
|
||||||
|
out.Subject(msg.Subject)
|
||||||
|
out.SetBodyString(mail.TypeTextPlain, msg.Text)
|
||||||
|
if msg.HTML != "" {
|
||||||
|
out.AddAlternativeString(mail.TypeTextHTML, msg.HTML)
|
||||||
|
}
|
||||||
|
if err := client.DialAndSendWithContext(ctx, out); err != nil {
|
||||||
|
return fmt.Errorf("account: send mail to %s: %w", msg.To, err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// message renders a minimal RFC 5322 plain-text email.
|
|
||||||
func message(from, to, subject, body string) []byte {
|
|
||||||
return []byte("From: " + from + "\r\n" +
|
|
||||||
"To: " + to + "\r\n" +
|
|
||||||
"Subject: " + subject + "\r\n" +
|
|
||||||
"MIME-Version: 1.0\r\n" +
|
|
||||||
"Content-Type: text/plain; charset=UTF-8\r\n" +
|
|
||||||
"\r\n" + body + "\r\n")
|
|
||||||
}
|
|
||||||
|
|
||||||
// LogMailer logs the message instead of sending it. It is the default when no
|
// LogMailer logs the message instead of sending it. It is the default when no
|
||||||
// SMTP relay is configured and is intended for development only: it logs the body,
|
// SMTP relay is configured and is intended for development only: it logs the body,
|
||||||
// which carries the confirm-code, so it must not be used in production.
|
// which carries the confirm-code, so it must not be used in production.
|
||||||
@@ -74,11 +166,12 @@ func NewLogMailer(log *zap.Logger) LogMailer {
|
|||||||
return LogMailer{log: log}
|
return LogMailer{log: log}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send logs the message at info level and reports success.
|
// Send logs the message at info level and reports success. It logs the plain-text
|
||||||
func (m LogMailer) Send(_ context.Context, to, subject, body string) error {
|
// body only (which carries the confirm-code); the HTML alternative is omitted.
|
||||||
|
func (m LogMailer) Send(_ context.Context, msg Message) error {
|
||||||
if m.log != nil {
|
if m.log != nil {
|
||||||
m.log.Info("email not sent (log mailer)",
|
m.log.Info("email not sent (log mailer)",
|
||||||
zap.String("to", to), zap.String("subject", subject), zap.String("body", body))
|
zap.String("to", msg.To), zap.String("subject", msg.Subject), zap.String("body", msg.Text))
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,51 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"slices"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestSplitAddrs covers the comma-separated recipient parsing used for the admin alert
|
||||||
|
// To (several operator mailboxes in one message), including trimming and empty entries.
|
||||||
|
func TestSplitAddrs(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
in string
|
||||||
|
want []string
|
||||||
|
}{
|
||||||
|
{"a@x.ru", []string{"a@x.ru"}},
|
||||||
|
{"a@x.ru, b@y.ru", []string{"a@x.ru", "b@y.ru"}},
|
||||||
|
{" a@x.ru ,, b@y.ru ,", []string{"a@x.ru", "b@y.ru"}},
|
||||||
|
{"", nil},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
if got := splitAddrs(c.in); !slices.Equal(got, c.want) {
|
||||||
|
t.Errorf("splitAddrs(%q) = %v, want %v", c.in, got, c.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestSMTPTLSMode covers the explicit TLS mode and the port-based fallback, including
|
||||||
|
// the non-standard Selectel ports (1127 = SSL, 1126 = STARTTLS) that the 465 heuristic
|
||||||
|
// alone cannot classify.
|
||||||
|
func TestSMTPTLSMode(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
name string
|
||||||
|
tls string
|
||||||
|
port int
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{"explicit ssl on a custom port (Selectel 1127)", "ssl", 1127, smtpTLSImplicit},
|
||||||
|
{"explicit starttls on a custom port (Selectel 1126)", "starttls", 1126, smtpTLSSTARTTLS},
|
||||||
|
{"tls is an alias for ssl", "TLS", 2525, smtpTLSImplicit},
|
||||||
|
{"empty derives implicit TLS on 465", "", 465, smtpTLSImplicit},
|
||||||
|
{"empty derives STARTTLS on 587", "", 587, smtpTLSSTARTTLS},
|
||||||
|
{"an unknown value falls back to the port heuristic", "bogus", 465, smtpTLSImplicit},
|
||||||
|
}
|
||||||
|
for _, c := range cases {
|
||||||
|
t.Run(c.name, func(t *testing.T) {
|
||||||
|
if got := (SMTPConfig{TLS: c.tls}).tlsMode(c.port); got != c.want {
|
||||||
|
t.Errorf("tlsMode(TLS=%q, port=%d) = %q, want %q", c.tls, c.port, got, c.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -101,6 +101,66 @@ func validateVariantPreferences(prefs []string) ([]string, error) {
|
|||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// variantSeedPrefix marks a Telegram start-param payload that seeds a brand-new
|
||||||
|
// account's variant preferences (e.g. "verudit_ru-scrabble_en"): the prefix, then the
|
||||||
|
// canonical variant labels joined by "-". It is deliberately distinct from the routing
|
||||||
|
// deep links (g/i/f; see platform/telegram .../deeplink) so the client's start-param
|
||||||
|
// router falls through to the lobby for it.
|
||||||
|
const variantSeedPrefix = "v"
|
||||||
|
|
||||||
|
// SeedVariantsFromStartParam decodes a promo deep-link start-param into the variant
|
||||||
|
// preference set to seed onto a brand-new account: the variantSeedPrefix followed by
|
||||||
|
// the canonical variant labels joined by "-" (e.g. "verudit_ru-scrabble_en"). It
|
||||||
|
// returns nil for any payload that is not a variant-seed link or that fails validation
|
||||||
|
// against the known variants, so a malformed, empty or unrelated start-param simply
|
||||||
|
// leaves the account on its default preferences rather than failing the login.
|
||||||
|
func SeedVariantsFromStartParam(startParam string) []string {
|
||||||
|
if !strings.HasPrefix(startParam, variantSeedPrefix) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
body := strings.TrimPrefix(startParam, variantSeedPrefix)
|
||||||
|
if body == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
prefs, err := validateVariantPreferences(strings.Split(body, "-"))
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return prefs
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetVariantPreferences overwrites only the variant-preference set of the account,
|
||||||
|
// cleaning it to a deduplicated, canonically ordered subset of the known variants
|
||||||
|
// (rejecting an empty or unknown set with ErrInvalidProfile) and bumping updated_at; it
|
||||||
|
// reports ErrNotFound when no account matches id. It is the narrow counterpart to
|
||||||
|
// UpdateProfile used to seed a promo-onboarded account's variants at first contact
|
||||||
|
// without disturbing its other profile fields.
|
||||||
|
func (s *Store) SetVariantPreferences(ctx context.Context, id uuid.UUID, prefs []string) (Account, error) {
|
||||||
|
clean, err := validateVariantPreferences(prefs)
|
||||||
|
if err != nil {
|
||||||
|
return Account{}, err
|
||||||
|
}
|
||||||
|
stmt := table.Accounts.UPDATE(
|
||||||
|
table.Accounts.VariantPreferences, table.Accounts.UpdatedAt,
|
||||||
|
).SET(
|
||||||
|
// clean is validated against the closed knownVariants set; bind as a text[]
|
||||||
|
// parameter (lib/pq encodes the array, the cast pins the column type), mirroring
|
||||||
|
// UpdateProfile.
|
||||||
|
postgres.Raw("#variant_prefs::text[]", map[string]interface{}{"#variant_prefs": pq.StringArray(clean)}),
|
||||||
|
postgres.TimestampzT(time.Now().UTC()),
|
||||||
|
).WHERE(table.Accounts.AccountID.EQ(postgres.UUID(id))).
|
||||||
|
RETURNING(table.Accounts.AllColumns)
|
||||||
|
|
||||||
|
var row model.Accounts
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &row); err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return Account{}, ErrNotFound
|
||||||
|
}
|
||||||
|
return Account{}, fmt.Errorf("account: set variant preferences %s: %w", id, err)
|
||||||
|
}
|
||||||
|
return modelToAccount(row), nil
|
||||||
|
}
|
||||||
|
|
||||||
// UpdateProfile validates and overwrites the editable fields of the account, then
|
// UpdateProfile validates and overwrites the editable fields of the account, then
|
||||||
// returns the stored row. It reports ErrInvalidProfile for a bad language,
|
// returns the stored row. It reports ErrInvalidProfile for a bad language,
|
||||||
// timezone or display name and ErrNotFound when no account matches id.
|
// timezone or display name and ErrNotFound when no account matches id.
|
||||||
|
|||||||
@@ -75,3 +75,55 @@ func TestTelegramSeedTruncatesLongName(t *testing.T) {
|
|||||||
t.Errorf("display name rune count = %d, want %d", n, maxDisplayName)
|
t.Errorf("display name rune count = %d, want %d", n, maxDisplayName)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestVKSeed covers the pure mapping from VK launch fields to the create-time account
|
||||||
|
// seed: supported-language detection from vk_language (bare and region-tagged) and the
|
||||||
|
// display name sanitized from the client-supplied name. Unlike Telegram there is no
|
||||||
|
// @username fallback — VK provides only the name.
|
||||||
|
func TestVKSeed(t *testing.T) {
|
||||||
|
cases := map[string]struct {
|
||||||
|
languageCode, displayName string
|
||||||
|
wantLang, wantName string
|
||||||
|
}{
|
||||||
|
"ru bare": {"ru", "Иван", "ru", "Иван"},
|
||||||
|
"en region-tagged": {"en-US", "John", "en", "John"},
|
||||||
|
"full name kept": {"ru", "Иван Петров", "ru", "Иван Петров"},
|
||||||
|
"unknown language": {"uk", "Тарас", "", "Тарас"},
|
||||||
|
"empty language": {"", "Neo", "", "Neo"},
|
||||||
|
"trimmed": {" RU ", " Anna ", "ru", "Anna"},
|
||||||
|
"emoji stripped": {"en", "🎮Kaya🎮", "en", "Kaya"},
|
||||||
|
}
|
||||||
|
for name, tc := range cases {
|
||||||
|
t.Run(name, func(t *testing.T) {
|
||||||
|
got := vkSeed(tc.languageCode, tc.displayName)
|
||||||
|
if got.preferredLanguage != tc.wantLang {
|
||||||
|
t.Errorf("preferredLanguage = %q, want %q", got.preferredLanguage, tc.wantLang)
|
||||||
|
}
|
||||||
|
if got.displayName != tc.wantName {
|
||||||
|
t.Errorf("displayName = %q, want %q", got.displayName, tc.wantName)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestVKSeedPlaceholder checks a VK name with no usable letters falls back to a
|
||||||
|
// generated placeholder in the seeded language ("Player-NNNNN" / "Игрок-NNNNN").
|
||||||
|
func TestVKSeedPlaceholder(t *testing.T) {
|
||||||
|
cases := map[string]struct {
|
||||||
|
languageCode, displayName string
|
||||||
|
wantRe string
|
||||||
|
}{
|
||||||
|
"en empty": {"en", "", `^Player-\d{5}$`},
|
||||||
|
"ru empty": {"ru", "", `^Игрок-\d{5}$`},
|
||||||
|
"default en": {"uk", "", `^Player-\d{5}$`},
|
||||||
|
"name garbage": {"ru", "123!@#", `^Игрок-\d{5}$`},
|
||||||
|
}
|
||||||
|
for name, tc := range cases {
|
||||||
|
t.Run(name, func(t *testing.T) {
|
||||||
|
got := vkSeed(tc.languageCode, tc.displayName).displayName
|
||||||
|
if !regexp.MustCompile(tc.wantRe).MatchString(got) {
|
||||||
|
t.Errorf("displayName = %q, want match %s", got, tc.wantRe)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,66 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// SendLimiter throttles confirm-code sends per recipient address: it enforces a
|
||||||
|
// minimum cooldown between two sends and a cap over a rolling hour. It guards against
|
||||||
|
// email bombing and protects the relay's own quota. State is in-memory (per process,
|
||||||
|
// reset on restart) and keyed by the normalised recipient address, which is adequate
|
||||||
|
// for the single-instance backend. Safe for concurrent use.
|
||||||
|
type SendLimiter struct {
|
||||||
|
mu sync.Mutex
|
||||||
|
cooldown time.Duration
|
||||||
|
perHour int
|
||||||
|
now func() time.Time
|
||||||
|
sends map[string][]time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSendLimiter returns a SendLimiter allowing at most one send per cooldown and at
|
||||||
|
// most perHour sends over any rolling hour, to the same recipient.
|
||||||
|
func NewSendLimiter(cooldown time.Duration, perHour int) *SendLimiter {
|
||||||
|
return &SendLimiter{
|
||||||
|
cooldown: cooldown,
|
||||||
|
perHour: perHour,
|
||||||
|
now: func() time.Time { return time.Now() },
|
||||||
|
sends: make(map[string][]time.Time),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allow reports whether a send to key is permitted now, recording the send when it is.
|
||||||
|
// It is denied when the last send was within the cooldown or the rolling-hour cap is
|
||||||
|
// already reached.
|
||||||
|
func (l *SendLimiter) Allow(key string) bool {
|
||||||
|
l.mu.Lock()
|
||||||
|
defer l.mu.Unlock()
|
||||||
|
now := l.now()
|
||||||
|
cutoff := now.Add(-time.Hour)
|
||||||
|
kept := l.sends[key][:0]
|
||||||
|
for _, t := range l.sends[key] {
|
||||||
|
if t.After(cutoff) {
|
||||||
|
kept = append(kept, t)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if n := len(kept); n > 0 && now.Sub(kept[n-1]) < l.cooldown {
|
||||||
|
l.set(key, kept)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if len(kept) >= l.perHour {
|
||||||
|
l.set(key, kept)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
l.set(key, append(kept, now))
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// set stores the retained send times for key, dropping the entry entirely once empty
|
||||||
|
// so the map stays bounded to recipients active within the last hour.
|
||||||
|
func (l *SendLimiter) set(key string, times []time.Time) {
|
||||||
|
if len(times) == 0 {
|
||||||
|
delete(l.sends, key)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
l.sends[key] = times
|
||||||
|
}
|
||||||
@@ -0,0 +1,43 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestSendLimiter checks the per-recipient cooldown and the rolling-hour cap, and
|
||||||
|
// that recipients are throttled independently.
|
||||||
|
func TestSendLimiter(t *testing.T) {
|
||||||
|
base := time.Now()
|
||||||
|
now := base
|
||||||
|
l := NewSendLimiter(time.Minute, 3)
|
||||||
|
l.now = func() time.Time { return now }
|
||||||
|
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("send 1 should be allowed")
|
||||||
|
}
|
||||||
|
if l.Allow("a") {
|
||||||
|
t.Fatal("immediate resend must be blocked by the cooldown")
|
||||||
|
}
|
||||||
|
if !l.Allow("b") {
|
||||||
|
t.Fatal("a different recipient is independent")
|
||||||
|
}
|
||||||
|
|
||||||
|
now = base.Add(time.Minute)
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("send 2 after the cooldown should be allowed")
|
||||||
|
}
|
||||||
|
now = base.Add(2 * time.Minute)
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("send 3 should be allowed")
|
||||||
|
}
|
||||||
|
now = base.Add(3 * time.Minute)
|
||||||
|
if l.Allow("a") {
|
||||||
|
t.Fatal("send 4 within the hour must be blocked by the cap")
|
||||||
|
}
|
||||||
|
|
||||||
|
now = base.Add(time.Hour + time.Minute)
|
||||||
|
if !l.Allow("a") {
|
||||||
|
t.Fatal("after the rolling hour the cap resets")
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,224 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/go-jet/jet/v2/postgres"
|
||||||
|
"github.com/go-jet/jet/v2/qrm"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/model"
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
|
)
|
||||||
|
|
||||||
|
// RetentionTTL bounds how long the account-deletion legal dossier is kept before the
|
||||||
|
// reaper purges it: two years from the detach/deletion event (owner policy, 2026-07-03).
|
||||||
|
const RetentionTTL = 2 * 365 * 24 * time.Hour
|
||||||
|
|
||||||
|
// Reasons recorded on a retained_identities row: what detached the credential from its
|
||||||
|
// account (unlink / email change / account deletion here; an account merge that drops a
|
||||||
|
// same-kind colliding identity writes reason "merge" from the accountmerge package). The
|
||||||
|
// row is written just before the live identities row is removed, preserving the legal
|
||||||
|
// dossier (which email/vk/tg was linked, and when) even as the identity frees for reuse.
|
||||||
|
// See docs/ARCHITECTURE.md §9.1.
|
||||||
|
const (
|
||||||
|
retainUnlink = "unlink"
|
||||||
|
retainChange = "change"
|
||||||
|
retainDelete = "delete"
|
||||||
|
)
|
||||||
|
|
||||||
|
// retainIdentityTx appends a retention-journal row for one identity being detached, inside
|
||||||
|
// tx. linkedAt is the identity's original creation time; detached_at defaults to now(). It
|
||||||
|
// must run in the same transaction as the identity removal, so the dossier and the live
|
||||||
|
// state can never diverge.
|
||||||
|
func retainIdentityTx(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, kind, externalID string, confirmed bool, linkedAt time.Time, reason string) error {
|
||||||
|
id, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("account: new retained id: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.RetainedIdentities.INSERT(
|
||||||
|
table.RetainedIdentities.RetainedID, table.RetainedIdentities.AccountID,
|
||||||
|
table.RetainedIdentities.Kind, table.RetainedIdentities.ExternalID,
|
||||||
|
table.RetainedIdentities.Confirmed, table.RetainedIdentities.LinkedAt,
|
||||||
|
table.RetainedIdentities.Reason,
|
||||||
|
).VALUES(id, accountID, kind, externalID, confirmed, linkedAt, reason)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("account: retain identity (%s, %s): %w", kind, externalID, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// StampLastLogin records the account's last cold-load time and client IP, but only when
|
||||||
|
// the stored value is missing or older than an hour — so it costs at most one write per
|
||||||
|
// account per hour (its caller, the profile fetch, runs once per cold app-load). It is a
|
||||||
|
// best-effort audit signal that feeds the account-deletion dossier.
|
||||||
|
func (s *Store) StampLastLogin(ctx context.Context, accountID uuid.UUID, ip string) error {
|
||||||
|
now := time.Now().UTC()
|
||||||
|
upd := table.Accounts.UPDATE(table.Accounts.LastLoginAt, table.Accounts.LastLoginIP).
|
||||||
|
SET(postgres.TimestampzT(now), postgres.String(ip)).
|
||||||
|
WHERE(
|
||||||
|
table.Accounts.AccountID.EQ(postgres.UUID(accountID)).
|
||||||
|
AND(
|
||||||
|
table.Accounts.LastLoginAt.IS_NULL().
|
||||||
|
OR(table.Accounts.LastLoginAt.LT(postgres.TimestampzT(now.Add(-time.Hour)))),
|
||||||
|
),
|
||||||
|
)
|
||||||
|
if _, err := upd.ExecContext(ctx, s.db); err != nil {
|
||||||
|
return fmt.Errorf("account: stamp last login %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReapExpiredRetention purges retention data whose event is older than cutoff: every
|
||||||
|
// retained_identities row by its detached_at (covering unlink/change on live accounts as
|
||||||
|
// well as deleted ones), plus — for accounts tombstoned before cutoff — the retained
|
||||||
|
// feedback thread and the dossier PII (deleted_display_name, last_login_ip). Chat is kept
|
||||||
|
// (a shared game artifact), and the tombstone account row itself stays (its no-cascade
|
||||||
|
// foreign keys). It returns how many journal rows and feedback messages were removed.
|
||||||
|
func (s *Store) ReapExpiredRetention(ctx context.Context, cutoff time.Time) (identities, feedback int64, err error) {
|
||||||
|
cut := postgres.TimestampzT(cutoff)
|
||||||
|
delJournal := table.RetainedIdentities.DELETE().
|
||||||
|
WHERE(table.RetainedIdentities.DetachedAt.LT(cut))
|
||||||
|
res, err := delJournal.ExecContext(ctx, s.db)
|
||||||
|
if err != nil {
|
||||||
|
return 0, 0, fmt.Errorf("account: reap retained identities: %w", err)
|
||||||
|
}
|
||||||
|
identities, _ = res.RowsAffected()
|
||||||
|
|
||||||
|
expired := postgres.SELECT(table.Accounts.AccountID).
|
||||||
|
FROM(table.Accounts).
|
||||||
|
WHERE(table.Accounts.DeletedAt.IS_NOT_NULL().AND(table.Accounts.DeletedAt.LT(cut)))
|
||||||
|
delFeedback := table.FeedbackMessages.DELETE().
|
||||||
|
WHERE(table.FeedbackMessages.AccountID.IN(expired))
|
||||||
|
fbRes, err := delFeedback.ExecContext(ctx, s.db)
|
||||||
|
if err != nil {
|
||||||
|
return identities, 0, fmt.Errorf("account: reap deleted feedback: %w", err)
|
||||||
|
}
|
||||||
|
feedback, _ = fbRes.RowsAffected()
|
||||||
|
|
||||||
|
clearPII := table.Accounts.UPDATE(table.Accounts.DeletedDisplayName, table.Accounts.LastLoginIP).
|
||||||
|
SET(postgres.NULL, postgres.NULL).
|
||||||
|
WHERE(
|
||||||
|
table.Accounts.DeletedAt.IS_NOT_NULL().
|
||||||
|
AND(table.Accounts.DeletedAt.LT(cut)).
|
||||||
|
AND(table.Accounts.DeletedDisplayName.IS_NOT_NULL().
|
||||||
|
OR(table.Accounts.LastLoginIP.IS_NOT_NULL())),
|
||||||
|
)
|
||||||
|
if _, err := clearPII.ExecContext(ctx, s.db); err != nil {
|
||||||
|
return identities, feedback, fmt.Errorf("account: clear expired dossier PII: %w", err)
|
||||||
|
}
|
||||||
|
return identities, feedback, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetainedIdentity is one row of the retention journal, for the admin dossier.
|
||||||
|
type RetainedIdentity struct {
|
||||||
|
Kind string
|
||||||
|
ExternalID string
|
||||||
|
Reason string
|
||||||
|
Confirmed bool
|
||||||
|
LinkedAt time.Time
|
||||||
|
DetachedAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetainedIdentities returns the account's retention-journal rows (the legal dossier of
|
||||||
|
// detached credentials), newest detach first, for the admin console.
|
||||||
|
func (s *Store) RetainedIdentities(ctx context.Context, accountID uuid.UUID) ([]RetainedIdentity, error) {
|
||||||
|
var rows []model.RetainedIdentities
|
||||||
|
err := postgres.SELECT(table.RetainedIdentities.AllColumns).
|
||||||
|
FROM(table.RetainedIdentities).
|
||||||
|
WHERE(table.RetainedIdentities.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
ORDER_BY(table.RetainedIdentities.DetachedAt.DESC()).
|
||||||
|
QueryContext(ctx, s.db, &rows)
|
||||||
|
if err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return nil, fmt.Errorf("account: retained identities %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
out := make([]RetainedIdentity, 0, len(rows))
|
||||||
|
for _, r := range rows {
|
||||||
|
out = append(out, RetainedIdentity{
|
||||||
|
Kind: r.Kind, ExternalID: r.ExternalID, Reason: r.Reason,
|
||||||
|
Confirmed: r.Confirmed, LinkedAt: r.LinkedAt, DetachedAt: r.DetachedAt,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
return out, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeletionInfo is a tombstoned account's dossier header, for the admin console.
|
||||||
|
type DeletionInfo struct {
|
||||||
|
DeletedAt *time.Time
|
||||||
|
DeletedDisplayName string
|
||||||
|
LastLoginAt *time.Time
|
||||||
|
LastLoginIP string
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeletionInfo reads the account's deletion tombstone + last-login dossier fields.
|
||||||
|
func (s *Store) DeletionInfo(ctx context.Context, accountID uuid.UUID) (DeletionInfo, error) {
|
||||||
|
var row model.Accounts
|
||||||
|
err := postgres.SELECT(
|
||||||
|
table.Accounts.DeletedAt, table.Accounts.DeletedDisplayName,
|
||||||
|
table.Accounts.LastLoginAt, table.Accounts.LastLoginIP,
|
||||||
|
).FROM(table.Accounts).
|
||||||
|
WHERE(table.Accounts.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
QueryContext(ctx, s.db, &row)
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return DeletionInfo{}, ErrNotFound
|
||||||
|
}
|
||||||
|
return DeletionInfo{}, fmt.Errorf("account: deletion info %s: %w", accountID, err)
|
||||||
|
}
|
||||||
|
info := DeletionInfo{DeletedAt: row.DeletedAt, LastLoginAt: row.LastLoginAt}
|
||||||
|
if row.DeletedDisplayName != nil {
|
||||||
|
info.DeletedDisplayName = *row.DeletedDisplayName
|
||||||
|
}
|
||||||
|
if row.LastLoginIP != nil {
|
||||||
|
info.LastLoginIP = *row.LastLoginIP
|
||||||
|
}
|
||||||
|
return info, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetentionReaper periodically purges expired account-deletion retention data via
|
||||||
|
// Store.ReapExpiredRetention, mirroring GuestReaper: one background goroutine started once
|
||||||
|
// from main.
|
||||||
|
type RetentionReaper struct {
|
||||||
|
store *Store
|
||||||
|
ttl time.Duration
|
||||||
|
clock func() time.Time
|
||||||
|
log *zap.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewRetentionReaper constructs a reaper purging retention data older than ttl. log may be
|
||||||
|
// nil.
|
||||||
|
func NewRetentionReaper(store *Store, ttl time.Duration, log *zap.Logger) *RetentionReaper {
|
||||||
|
if log == nil {
|
||||||
|
log = zap.NewNop()
|
||||||
|
}
|
||||||
|
return &RetentionReaper{
|
||||||
|
store: store,
|
||||||
|
ttl: ttl,
|
||||||
|
clock: func() time.Time { return time.Now().UTC() },
|
||||||
|
log: log,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run purges expired retention data on each tick until ctx is cancelled.
|
||||||
|
func (r *RetentionReaper) Run(ctx context.Context, interval time.Duration) {
|
||||||
|
ticker := time.NewTicker(interval)
|
||||||
|
defer ticker.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-ticker.C:
|
||||||
|
idn, fb, err := r.store.ReapExpiredRetention(ctx, r.clock().Add(-r.ttl))
|
||||||
|
if err != nil {
|
||||||
|
r.log.Warn("retention reap failed", zap.Error(err))
|
||||||
|
} else if idn > 0 || fb > 0 {
|
||||||
|
r.log.Info("reaped expired retention", zap.Int64("identities", idn), zap.Int64("feedback", fb))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -19,6 +19,9 @@ type UserListItem struct {
|
|||||||
PreferredLanguage string
|
PreferredLanguage string
|
||||||
IsGuest bool
|
IsGuest bool
|
||||||
IsRobot bool
|
IsRobot bool
|
||||||
|
// IsDeleted marks a tombstoned account (deleted_at set), shown as a badge — a search
|
||||||
|
// spans both lists, so a result can be either live or deleted.
|
||||||
|
IsDeleted bool
|
||||||
// FlaggedHighRateAt is the soft high-rate marker (zero when unflagged), shown
|
// FlaggedHighRateAt is the soft high-rate marker (zero when unflagged), shown
|
||||||
// as a badge in the console list.
|
// as a badge in the console list.
|
||||||
FlaggedHighRateAt time.Time
|
FlaggedHighRateAt time.Time
|
||||||
@@ -26,13 +29,17 @@ type UserListItem struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// UserFilter narrows the admin user list: Robots selects robot accounts (otherwise the
|
// UserFilter narrows the admin user list: Robots selects robot accounts (otherwise the
|
||||||
// non-robot "people"); NameMask and ExternalIDMask are glob masks ('*' = any run, '?' =
|
// non-robot "people"); Deleted selects tombstoned accounts (every other scope hides them);
|
||||||
// one char) matched case-insensitively against the display name / any identity's external
|
// NameMask and ExternalIDMask are glob masks ('*' = any run, '?' = one char) matched
|
||||||
// id. An empty mask means no filter on that field.
|
// case-insensitively against the display name / any identity's external id; EmailExact is a
|
||||||
|
// strict (exact) match against an account's email identity. An empty value means no filter
|
||||||
|
// on that field.
|
||||||
type UserFilter struct {
|
type UserFilter struct {
|
||||||
Robots bool
|
Robots bool
|
||||||
|
Deleted bool
|
||||||
NameMask string
|
NameMask string
|
||||||
ExternalIDMask string
|
ExternalIDMask string
|
||||||
|
EmailExact string
|
||||||
}
|
}
|
||||||
|
|
||||||
// robotExists is the correlated subquery testing whether account a is a robot.
|
// robotExists is the correlated subquery testing whether account a is a robot.
|
||||||
@@ -51,17 +58,42 @@ func (s *Store) IsRobot(ctx context.Context, accountID uuid.UUID) (bool, error)
|
|||||||
return ok, nil
|
return ok, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// userListWhere builds the shared WHERE clause and its positional args (from $1).
|
// userListWhere builds the shared WHERE clause and its positional args (from $1). On the
|
||||||
|
// Robots tab it lists/searches robots only. Otherwise a search (any of the name /
|
||||||
|
// external-id / email filters) spans live and deleted people alike — never robots — so the
|
||||||
|
// operator finds a match from one query regardless of the People / Deleted tab; the search
|
||||||
|
// also looks in the retention journal, so a deleted account is still found by the email /
|
||||||
|
// external id it held (those rows moved from identities to retained_identities on deletion)
|
||||||
|
// and by its retained real name. With no search, the People / Deleted tab scope applies.
|
||||||
func userListWhere(f UserFilter) (string, []any) {
|
func userListWhere(f UserFilter) (string, []any) {
|
||||||
args := []any{f.Robots}
|
name := LikePattern(f.NameMask)
|
||||||
where := robotExists + ` = $1`
|
ext := LikePattern(f.ExternalIDMask)
|
||||||
if name := LikePattern(f.NameMask); name != "" {
|
email := strings.ToLower(strings.TrimSpace(f.EmailExact))
|
||||||
args = append(args, name)
|
searching := name != "" || ext != "" || email != ""
|
||||||
where += fmt.Sprintf(` AND a.display_name ILIKE $%d ESCAPE '\'`, len(args))
|
|
||||||
|
var args []any
|
||||||
|
var where string
|
||||||
|
switch {
|
||||||
|
case f.Robots:
|
||||||
|
where = robotExists + ` = true`
|
||||||
|
case searching:
|
||||||
|
where = robotExists + ` = false`
|
||||||
|
case f.Deleted:
|
||||||
|
where = robotExists + ` = false AND a.deleted_at IS NOT NULL`
|
||||||
|
default:
|
||||||
|
where = robotExists + ` = false AND a.deleted_at IS NULL`
|
||||||
}
|
}
|
||||||
if ext := LikePattern(f.ExternalIDMask); ext != "" {
|
if name != "" {
|
||||||
|
args = append(args, name)
|
||||||
|
where += fmt.Sprintf(` AND (a.display_name ILIKE $%d ESCAPE '\' OR a.deleted_display_name ILIKE $%d ESCAPE '\')`, len(args), len(args))
|
||||||
|
}
|
||||||
|
if ext != "" {
|
||||||
args = append(args, ext)
|
args = append(args, ext)
|
||||||
where += fmt.Sprintf(` AND EXISTS (SELECT 1 FROM backend.identities i WHERE i.account_id = a.account_id AND i.external_id ILIKE $%d ESCAPE '\')`, len(args))
|
where += fmt.Sprintf(` AND (EXISTS (SELECT 1 FROM backend.identities i WHERE i.account_id = a.account_id AND i.external_id ILIKE $%d ESCAPE '\') OR EXISTS (SELECT 1 FROM backend.retained_identities r WHERE r.account_id = a.account_id AND r.external_id ILIKE $%d ESCAPE '\'))`, len(args), len(args))
|
||||||
|
}
|
||||||
|
if email != "" {
|
||||||
|
args = append(args, email)
|
||||||
|
where += fmt.Sprintf(` AND (EXISTS (SELECT 1 FROM backend.identities i WHERE i.account_id = a.account_id AND i.kind = 'email' AND i.external_id = $%d) OR EXISTS (SELECT 1 FROM backend.retained_identities r WHERE r.account_id = a.account_id AND r.kind = 'email' AND r.external_id = $%d))`, len(args), len(args))
|
||||||
}
|
}
|
||||||
return where, args
|
return where, args
|
||||||
}
|
}
|
||||||
@@ -69,7 +101,7 @@ func userListWhere(f UserFilter) (string, []any) {
|
|||||||
// ListUsers returns the filtered admin user list, newest first, paginated.
|
// ListUsers returns the filtered admin user list, newest first, paginated.
|
||||||
func (s *Store) ListUsers(ctx context.Context, f UserFilter, limit, offset int) ([]UserListItem, error) {
|
func (s *Store) ListUsers(ctx context.Context, f UserFilter, limit, offset int) ([]UserListItem, error) {
|
||||||
where, args := userListWhere(f)
|
where, args := userListWhere(f)
|
||||||
q := `SELECT a.account_id, a.display_name, a.preferred_language, a.is_guest, a.flagged_high_rate_at, a.created_at, ` + robotExists + ` AS is_robot
|
q := `SELECT a.account_id, a.display_name, a.preferred_language, a.is_guest, a.flagged_high_rate_at, a.created_at, ` + robotExists + ` AS is_robot, (a.deleted_at IS NOT NULL) AS is_deleted
|
||||||
FROM backend.accounts a WHERE ` + where +
|
FROM backend.accounts a WHERE ` + where +
|
||||||
fmt.Sprintf(` ORDER BY a.created_at DESC LIMIT $%d OFFSET $%d`, len(args)+1, len(args)+2)
|
fmt.Sprintf(` ORDER BY a.created_at DESC LIMIT $%d OFFSET $%d`, len(args)+1, len(args)+2)
|
||||||
args = append(args, limit, offset)
|
args = append(args, limit, offset)
|
||||||
@@ -82,7 +114,7 @@ FROM backend.accounts a WHERE ` + where +
|
|||||||
for rows.Next() {
|
for rows.Next() {
|
||||||
var it UserListItem
|
var it UserListItem
|
||||||
var flagged sql.NullTime
|
var flagged sql.NullTime
|
||||||
if err := rows.Scan(&it.ID, &it.DisplayName, &it.PreferredLanguage, &it.IsGuest, &flagged, &it.CreatedAt, &it.IsRobot); err != nil {
|
if err := rows.Scan(&it.ID, &it.DisplayName, &it.PreferredLanguage, &it.IsGuest, &flagged, &it.CreatedAt, &it.IsRobot, &it.IsDeleted); err != nil {
|
||||||
return nil, fmt.Errorf("account: scan user: %w", err)
|
return nil, fmt.Errorf("account: scan user: %w", err)
|
||||||
}
|
}
|
||||||
if flagged.Valid {
|
if flagged.Valid {
|
||||||
|
|||||||
@@ -0,0 +1,37 @@
|
|||||||
|
package account
|
||||||
|
|
||||||
|
import (
|
||||||
|
"slices"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestSeedVariantsFromStartParam covers decoding a promo deep-link start-param into the
|
||||||
|
// variant-preference set to seed: a valid "v"-prefixed, "-"-joined label list is cleaned
|
||||||
|
// to the canonical order and deduplicated, while anything that is not a variant-seed link
|
||||||
|
// or that names an unknown variant yields nil (leaving the account on its defaults).
|
||||||
|
func TestSeedVariantsFromStartParam(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
param string
|
||||||
|
want []string
|
||||||
|
}{
|
||||||
|
{"english promo", "verudit_ru-scrabble_en", []string{"erudit_ru", "scrabble_en"}},
|
||||||
|
{"single variant", "vscrabble_en", []string{"scrabble_en"}},
|
||||||
|
{"canonical order regardless of payload order", "vscrabble_en-erudit_ru", []string{"erudit_ru", "scrabble_en"}},
|
||||||
|
{"deduplicated", "verudit_ru-erudit_ru", []string{"erudit_ru"}},
|
||||||
|
{"empty", "", nil},
|
||||||
|
{"prefix only", "v", nil},
|
||||||
|
{"routing game link is not a seed", "g0190abcd", nil},
|
||||||
|
{"friend code link is not a seed", "f123456", nil},
|
||||||
|
{"unknown variant rejected", "vscrabble_de", nil},
|
||||||
|
{"one unknown label rejects the whole set", "verudit_ru-scrabble_de", nil},
|
||||||
|
}
|
||||||
|
for _, tc := range tests {
|
||||||
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
|
got := SeedVariantsFromStartParam(tc.param)
|
||||||
|
if !slices.Equal(got, tc.want) {
|
||||||
|
t.Errorf("SeedVariantsFromStartParam(%q) = %v, want %v", tc.param, got, tc.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,223 @@
|
|||||||
|
// Package accountdelete deactivates an account as legal retention, not erasure: it keeps
|
||||||
|
// the account row as a tombstone (its chat/complaint foreign keys have no cascade, so a
|
||||||
|
// hard delete is impossible) while journalling and freeing the account's credentials,
|
||||||
|
// anonymising the live surfaces, and dropping the account's own social/ephemeral rows.
|
||||||
|
// The retained_identities journal plus the tombstone (deleted_at, deleted_display_name,
|
||||||
|
// last_login_at/ip) form the admin/legal dossier; messages are deliberately kept. Session
|
||||||
|
// revocation and active-game forfeit are orchestrated one layer up (they need the session
|
||||||
|
// cache and the game service). See docs/ARCHITECTURE.md §9.1 and the retention TTL reaper.
|
||||||
|
package accountdelete
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/go-jet/jet/v2/postgres"
|
||||||
|
"github.com/go-jet/jet/v2/qrm"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/model"
|
||||||
|
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||||
|
)
|
||||||
|
|
||||||
|
// AnonymizedName is the label a deleted account shows to opponents. Display names are
|
||||||
|
// stored strings resolved identically for every viewer (no per-viewer localisation in this
|
||||||
|
// codebase), so a single canonical label is used. The brackets are deliberate: the
|
||||||
|
// editable-name rule (account.displayNameRe) forbids them, so a live player can never set a
|
||||||
|
// name that impersonates a deleted account.
|
||||||
|
const AnonymizedName = "[Deleted]"
|
||||||
|
|
||||||
|
// retainDelete is the retained_identities reason written when a credential is journalled
|
||||||
|
// because its account is being deleted.
|
||||||
|
const retainDelete = "delete"
|
||||||
|
|
||||||
|
// Deleter performs the SQL-atomic part of account deletion over a Postgres handle.
|
||||||
|
type Deleter struct {
|
||||||
|
db *sql.DB
|
||||||
|
now func() time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDeleter constructs a Deleter over db.
|
||||||
|
func NewDeleter(db *sql.DB) *Deleter {
|
||||||
|
return &Deleter{db: db, now: func() time.Time { return time.Now().UTC() }}
|
||||||
|
}
|
||||||
|
|
||||||
|
// AnonymizeAndTombstone retires accountID atomically: it journals every live identity into
|
||||||
|
// retained_identities (reason=delete) then removes them so the credentials free for reuse,
|
||||||
|
// snapshots the real display name into deleted_display_name and scrubs the live one to
|
||||||
|
// AnonymizedName, sets deleted_at, anonymises the account's game-seat snapshots, and drops
|
||||||
|
// its friendships, blocks, invitations, friend codes, drafts and pending codes. Chat,
|
||||||
|
// feedback and complaints are kept (the surviving tombstone keeps their no-cascade foreign
|
||||||
|
// keys valid). It is idempotent-safe on an already-tombstoned account (re-journalling
|
||||||
|
// nothing, since the identities are already gone).
|
||||||
|
func (d *Deleter) AnonymizeAndTombstone(ctx context.Context, accountID uuid.UUID) error {
|
||||||
|
now := d.now()
|
||||||
|
return withTx(ctx, d.db, func(tx *sql.Tx) error {
|
||||||
|
if err := journalAndDropIdentities(ctx, tx, accountID, now); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := tombstone(ctx, tx, accountID, now); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if _, err := table.GamePlayers.UPDATE(table.GamePlayers.DisplayName).
|
||||||
|
SET(postgres.String(AnonymizedName)).
|
||||||
|
WHERE(table.GamePlayers.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: anonymise seats: %w", err)
|
||||||
|
}
|
||||||
|
return dropSocialAndEphemerals(ctx, tx, accountID)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// dropAllRobotGamesSQL deletes every game in which the account plays and no other seat is a
|
||||||
|
// human — a robot seat is one whose account holds a 'robot' identity, so this covers both
|
||||||
|
// honest vs-AI games and disguised auto-match substitutes. The game rows are deleted; their
|
||||||
|
// moves/chat/players/complaints fall away through ON DELETE CASCADE.
|
||||||
|
const dropAllRobotGamesSQL = `
|
||||||
|
DELETE FROM games g
|
||||||
|
WHERE EXISTS (
|
||||||
|
SELECT 1 FROM game_players p WHERE p.game_id = g.game_id AND p.account_id = $1
|
||||||
|
) AND NOT EXISTS (
|
||||||
|
SELECT 1 FROM game_players o
|
||||||
|
WHERE o.game_id = g.game_id AND o.account_id <> $1
|
||||||
|
AND NOT EXISTS (
|
||||||
|
SELECT 1 FROM identities i WHERE i.account_id = o.account_id AND i.kind = 'robot'
|
||||||
|
)
|
||||||
|
)`
|
||||||
|
|
||||||
|
// DropAllRobotGames deletes the account's games that have no human opponent (solo vs-AI or
|
||||||
|
// auto-match-robot games), returning how many were removed. Games with any human seat are
|
||||||
|
// kept — their seat is anonymised by AnonymizeAndTombstone instead. Run it after the
|
||||||
|
// account's active games are resigned, so no live game is removed under the robot driver.
|
||||||
|
func (d *Deleter) DropAllRobotGames(ctx context.Context, accountID uuid.UUID) (int64, error) {
|
||||||
|
res, err := d.db.ExecContext(ctx, dropAllRobotGamesSQL, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("accountdelete: drop all-robot games: %w", err)
|
||||||
|
}
|
||||||
|
n, err := res.RowsAffected()
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("accountdelete: dropped games count: %w", err)
|
||||||
|
}
|
||||||
|
return n, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// journalAndDropIdentities copies the account's live identities into the retention journal
|
||||||
|
// (reason=delete) and then removes them, freeing each (kind, external_id) for reuse.
|
||||||
|
func journalAndDropIdentities(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, now time.Time) error {
|
||||||
|
var ids []model.Identities
|
||||||
|
err := postgres.SELECT(table.Identities.AllColumns).
|
||||||
|
FROM(table.Identities).
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
QueryContext(ctx, tx, &ids)
|
||||||
|
if err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return fmt.Errorf("accountdelete: load identities: %w", err)
|
||||||
|
}
|
||||||
|
for _, id := range ids {
|
||||||
|
rid, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: new retained id: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.RetainedIdentities.INSERT(
|
||||||
|
table.RetainedIdentities.RetainedID, table.RetainedIdentities.AccountID,
|
||||||
|
table.RetainedIdentities.Kind, table.RetainedIdentities.ExternalID,
|
||||||
|
table.RetainedIdentities.Confirmed, table.RetainedIdentities.LinkedAt,
|
||||||
|
table.RetainedIdentities.DetachedAt, table.RetainedIdentities.Reason,
|
||||||
|
).VALUES(rid, accountID, id.Kind, id.ExternalID, id.Confirmed, id.CreatedAt, now, retainDelete)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: retain identity %s: %w", id.Kind, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if _, err := table.Identities.DELETE().
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(accountID))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete identities: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// tombstone marks the account deleted, snapshotting the real display name into
|
||||||
|
// deleted_display_name (evaluated from the old row) before scrubbing the live one.
|
||||||
|
func tombstone(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, now time.Time) error {
|
||||||
|
upd := table.Accounts.UPDATE(
|
||||||
|
table.Accounts.DeletedAt, table.Accounts.DeletedDisplayName,
|
||||||
|
table.Accounts.DisplayName, table.Accounts.UpdatedAt,
|
||||||
|
).SET(
|
||||||
|
postgres.TimestampzT(now), table.Accounts.DisplayName,
|
||||||
|
postgres.String(AnonymizedName), postgres.TimestampzT(now),
|
||||||
|
).WHERE(table.Accounts.AccountID.EQ(postgres.UUID(accountID)))
|
||||||
|
if _, err := upd.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: tombstone account: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// dropSocialAndEphemerals removes the account's own friendships, blocks, invitations
|
||||||
|
// (as inviter and as invitee), friend codes, drafts and pending confirm-codes. These are
|
||||||
|
// the deleting user's private data with no dossier value; chat and feedback are kept.
|
||||||
|
func dropSocialAndEphemerals(ctx context.Context, tx *sql.Tx, accountID uuid.UUID) error {
|
||||||
|
id := postgres.UUID(accountID)
|
||||||
|
// Friendships and blocks are two-account edges keyed on either endpoint.
|
||||||
|
if _, err := table.Friendships.DELETE().
|
||||||
|
WHERE(table.Friendships.RequesterID.EQ(id).OR(table.Friendships.AddresseeID.EQ(id))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete friendships: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.Blocks.DELETE().
|
||||||
|
WHERE(table.Blocks.BlockerID.EQ(id).OR(table.Blocks.BlockedID.EQ(id))).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete blocks: %w", err)
|
||||||
|
}
|
||||||
|
// Invitations: drop the account's invitee rows, then its own invitations' invitees and
|
||||||
|
// the invitations themselves (children first, to respect the foreign key).
|
||||||
|
if _, err := table.GameInvitationInvitees.DELETE().
|
||||||
|
WHERE(table.GameInvitationInvitees.AccountID.EQ(id)).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete invitee rows: %w", err)
|
||||||
|
}
|
||||||
|
ownInvitations := postgres.SELECT(table.GameInvitations.InvitationID).
|
||||||
|
FROM(table.GameInvitations).
|
||||||
|
WHERE(table.GameInvitations.InviterID.EQ(id))
|
||||||
|
if _, err := table.GameInvitationInvitees.DELETE().
|
||||||
|
WHERE(table.GameInvitationInvitees.InvitationID.IN(ownInvitations)).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete own invitation invitees: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.GameInvitations.DELETE().
|
||||||
|
WHERE(table.GameInvitations.InviterID.EQ(id)).
|
||||||
|
ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete invitations: %w", err)
|
||||||
|
}
|
||||||
|
// Ephemerals: friend codes, move drafts, pending confirm-codes.
|
||||||
|
if _, err := table.FriendCodes.DELETE().
|
||||||
|
WHERE(table.FriendCodes.AccountID.EQ(id)).ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete friend codes: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.GameDrafts.DELETE().
|
||||||
|
WHERE(table.GameDrafts.AccountID.EQ(id)).ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete drafts: %w", err)
|
||||||
|
}
|
||||||
|
if _, err := table.EmailConfirmations.DELETE().
|
||||||
|
WHERE(table.EmailConfirmations.AccountID.EQ(id)).ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: delete confirmations: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// withTx runs fn inside a transaction, committing on success and rolling back on error.
|
||||||
|
func withTx(ctx context.Context, db *sql.DB, fn func(tx *sql.Tx) error) error {
|
||||||
|
tx, err := db.BeginTx(ctx, nil)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: begin tx: %w", err)
|
||||||
|
}
|
||||||
|
if err := fn(tx); err != nil {
|
||||||
|
_ = tx.Rollback()
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := tx.Commit(); err != nil {
|
||||||
|
return fmt.Errorf("accountdelete: commit tx: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -27,6 +27,11 @@ import (
|
|||||||
// without taking a dependency on the game package.
|
// without taking a dependency on the game package.
|
||||||
const statusActive = "active"
|
const statusActive = "active"
|
||||||
|
|
||||||
|
// retainReasonMerge is the retained_identities.reason for a credential dropped by a merge
|
||||||
|
// collision (both accounts held the same kind). It mirrors the account package's retain
|
||||||
|
// reasons, kept local to avoid importing that package's unexported constants.
|
||||||
|
const retainReasonMerge = "merge"
|
||||||
|
|
||||||
// Friendship statuses, highest precedence first, mirroring internal/social.
|
// Friendship statuses, highest precedence first, mirroring internal/social.
|
||||||
const (
|
const (
|
||||||
friendAccepted = "accepted"
|
friendAccepted = "accepted"
|
||||||
@@ -75,6 +80,9 @@ func (m *Merger) Merge(ctx context.Context, primary, secondary uuid.UUID) error
|
|||||||
if err := mergeAccountFields(ctx, tx, primary, secondary, now); err != nil {
|
if err := mergeAccountFields(ctx, tx, primary, secondary, now); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := dedupeIdentities(ctx, tx, primary, secondary); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err := reassignColumn(ctx, tx, table.Identities, table.Identities.AccountID, primary, secondary); err != nil {
|
if err := reassignColumn(ctx, tx, table.Identities, table.Identities.AccountID, primary, secondary); err != nil {
|
||||||
return fmt.Errorf("accountmerge: identities: %w", err)
|
return fmt.Errorf("accountmerge: identities: %w", err)
|
||||||
}
|
}
|
||||||
@@ -300,6 +308,77 @@ func reassignColumn(ctx context.Context, tx *sql.Tx, tbl postgres.Table, col pos
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// dedupeIdentities resolves a same-kind identity collision before the blanket identity
|
||||||
|
// reassign: when both accounts already hold an identity of the same kind (e.g. each has a
|
||||||
|
// confirmed email — reachable when two email-bearing accounts merge), the primary keeps
|
||||||
|
// its own and the secondary's is journaled to retained_identities (reason=merge) and
|
||||||
|
// removed. Without this the blanket reassign would leave the survivor with two identities
|
||||||
|
// of one kind (there is no per-account-kind unique on identities), which the profile and
|
||||||
|
// the retention dossier both treat as singular. Non-colliding identities are untouched and
|
||||||
|
// move with the blanket reassign.
|
||||||
|
func dedupeIdentities(ctx context.Context, tx *sql.Tx, primary, secondary uuid.UUID) error {
|
||||||
|
var prows []model.Identities
|
||||||
|
if err := postgres.SELECT(table.Identities.Kind).
|
||||||
|
FROM(table.Identities).
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(primary))).
|
||||||
|
QueryContext(ctx, tx, &prows); err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return fmt.Errorf("accountmerge: primary identity kinds: %w", err)
|
||||||
|
}
|
||||||
|
occupied := make(map[string]struct{}, len(prows))
|
||||||
|
for _, r := range prows {
|
||||||
|
occupied[r.Kind] = struct{}{}
|
||||||
|
}
|
||||||
|
if len(occupied) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
var srows []model.Identities
|
||||||
|
if err := postgres.SELECT(
|
||||||
|
table.Identities.Kind, table.Identities.ExternalID,
|
||||||
|
table.Identities.Confirmed, table.Identities.CreatedAt,
|
||||||
|
).FROM(table.Identities).
|
||||||
|
WHERE(table.Identities.AccountID.EQ(postgres.UUID(secondary))).
|
||||||
|
QueryContext(ctx, tx, &srows); err != nil && !errors.Is(err, qrm.ErrNoRows) {
|
||||||
|
return fmt.Errorf("accountmerge: secondary identities: %w", err)
|
||||||
|
}
|
||||||
|
for _, s := range srows {
|
||||||
|
if _, dup := occupied[s.Kind]; !dup {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if err := retainMergedIdentity(ctx, tx, secondary, s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
del := table.Identities.DELETE().WHERE(
|
||||||
|
table.Identities.AccountID.EQ(postgres.UUID(secondary)).
|
||||||
|
AND(table.Identities.Kind.EQ(postgres.String(s.Kind))).
|
||||||
|
AND(table.Identities.ExternalID.EQ(postgres.String(s.ExternalID))),
|
||||||
|
)
|
||||||
|
if _, err := del.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: drop colliding %s identity: %w", s.Kind, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// retainMergedIdentity appends a retained_identities row for a secondary identity dropped
|
||||||
|
// by a merge collision (reason=merge), preserving it in the legal dossier. It mirrors
|
||||||
|
// account.retainIdentityTx, which is unexported; detached_at falls to the column default.
|
||||||
|
func retainMergedIdentity(ctx context.Context, tx *sql.Tx, accountID uuid.UUID, id model.Identities) error {
|
||||||
|
rid, err := uuid.NewV7()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: new retained id: %w", err)
|
||||||
|
}
|
||||||
|
ins := table.RetainedIdentities.INSERT(
|
||||||
|
table.RetainedIdentities.RetainedID, table.RetainedIdentities.AccountID,
|
||||||
|
table.RetainedIdentities.Kind, table.RetainedIdentities.ExternalID,
|
||||||
|
table.RetainedIdentities.Confirmed, table.RetainedIdentities.LinkedAt,
|
||||||
|
table.RetainedIdentities.Reason,
|
||||||
|
).VALUES(rid, accountID, id.Kind, id.ExternalID, id.Confirmed, id.CreatedAt, retainReasonMerge)
|
||||||
|
if _, err := ins.ExecContext(ctx, tx); err != nil {
|
||||||
|
return fmt.Errorf("accountmerge: retain merged %s identity: %w", id.Kind, err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// friendRank ranks a friendship status for dedupe precedence (higher wins).
|
// friendRank ranks a friendship status for dedupe precedence (higher wins).
|
||||||
func friendRank(status string) int {
|
func friendRank(status string) int {
|
||||||
switch status {
|
switch status {
|
||||||
|
|||||||
@@ -0,0 +1,116 @@
|
|||||||
|
// Package adminalert emails the operator when new player feedback or word complaints
|
||||||
|
// arrive, coalescing a burst into a single digest per interval so a flood is one email,
|
||||||
|
// not N. It is inert unless an admin sender and recipient are configured. The sender is
|
||||||
|
// distinct from the user-facing confirm-code From, and the recipient may be several
|
||||||
|
// comma-separated addresses (the mailer splits them).
|
||||||
|
package adminalert
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
)
|
||||||
|
|
||||||
|
// FeedbackCounter counts feedback created since a time (satisfied by feedback.Service).
|
||||||
|
type FeedbackCounter interface {
|
||||||
|
CountSince(ctx context.Context, since time.Time) (int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ComplaintCounter counts word complaints filed since a time (satisfied by game.Service).
|
||||||
|
type ComplaintCounter interface {
|
||||||
|
CountComplaintsSince(ctx context.Context, since time.Time) (int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Notifier polls for new feedback and complaints and emails the operator a digest.
|
||||||
|
type Notifier struct {
|
||||||
|
mailer account.Mailer
|
||||||
|
feedback FeedbackCounter
|
||||||
|
complaints ComplaintCounter
|
||||||
|
from string
|
||||||
|
to string
|
||||||
|
consoleURL string
|
||||||
|
clock func() time.Time
|
||||||
|
log *zap.Logger
|
||||||
|
last time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// New constructs a Notifier. from and to are the alert sender and recipient(s); consoleURL,
|
||||||
|
// when non-empty, is the admin-console link included in the email. log may be nil. The
|
||||||
|
// watermark starts at "now", so only items arriving after start-up are reported.
|
||||||
|
func New(mailer account.Mailer, fb FeedbackCounter, cp ComplaintCounter, from, to, consoleURL string, log *zap.Logger) *Notifier {
|
||||||
|
if log == nil {
|
||||||
|
log = zap.NewNop()
|
||||||
|
}
|
||||||
|
return &Notifier{
|
||||||
|
mailer: mailer, feedback: fb, complaints: cp, from: from, to: to, consoleURL: consoleURL,
|
||||||
|
clock: func() time.Time { return time.Now().UTC() }, log: log, last: time.Now().UTC(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run polls on each tick until ctx is cancelled.
|
||||||
|
func (n *Notifier) Run(ctx context.Context, interval time.Duration) {
|
||||||
|
ticker := time.NewTicker(interval)
|
||||||
|
defer ticker.Stop()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case <-ticker.C:
|
||||||
|
n.tick(ctx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// tick counts what arrived since the last watermark and, if anything did, emails one
|
||||||
|
// digest. The watermark only advances after a successful send (or a quiet tick), so a
|
||||||
|
// transient send failure is retried on the next tick — the counts simply grow.
|
||||||
|
func (n *Notifier) tick(ctx context.Context) {
|
||||||
|
now := n.clock()
|
||||||
|
fb, err := n.feedback.CountSince(ctx, n.last)
|
||||||
|
if err != nil {
|
||||||
|
n.log.Warn("admin alert: count feedback failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
cp, err := n.complaints.CountComplaintsSince(ctx, n.last)
|
||||||
|
if err != nil {
|
||||||
|
n.log.Warn("admin alert: count complaints failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if fb == 0 && cp == 0 {
|
||||||
|
n.last = now
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := n.mailer.Send(ctx, n.digest(fb, cp)); err != nil {
|
||||||
|
n.log.Warn("admin alert: send failed", zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
n.log.Info("admin alert sent", zap.Int("feedback", fb), zap.Int("complaints", cp))
|
||||||
|
n.last = now
|
||||||
|
}
|
||||||
|
|
||||||
|
// digest builds the operator alert email for fb new feedback and cp new complaints.
|
||||||
|
func (n *Notifier) digest(fb, cp int) account.Message {
|
||||||
|
var parts []string
|
||||||
|
if fb > 0 {
|
||||||
|
parts = append(parts, fmt.Sprintf("%d new feedback message(s)", fb))
|
||||||
|
}
|
||||||
|
if cp > 0 {
|
||||||
|
parts = append(parts, fmt.Sprintf("%d new word complaint(s)", cp))
|
||||||
|
}
|
||||||
|
summary := strings.Join(parts, ", ")
|
||||||
|
text := summary + "."
|
||||||
|
if n.consoleURL != "" {
|
||||||
|
text += "\n\nOpen the admin console: " + n.consoleURL
|
||||||
|
}
|
||||||
|
return account.Message{
|
||||||
|
From: n.from,
|
||||||
|
To: n.to,
|
||||||
|
Subject: "Erudit — " + summary,
|
||||||
|
Text: text,
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,55 @@
|
|||||||
|
package adminalert
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
)
|
||||||
|
|
||||||
|
// The fakes ignore the watermark and return a fixed count, which is all the digest logic
|
||||||
|
// needs.
|
||||||
|
type fbCounter struct{ n int }
|
||||||
|
|
||||||
|
func (f fbCounter) CountSince(context.Context, time.Time) (int, error) { return f.n, nil }
|
||||||
|
|
||||||
|
type cpCounter struct{ n int }
|
||||||
|
|
||||||
|
func (c cpCounter) CountComplaintsSince(context.Context, time.Time) (int, error) { return c.n, nil }
|
||||||
|
|
||||||
|
type recordingMailer struct{ sent []account.Message }
|
||||||
|
|
||||||
|
func (m *recordingMailer) Send(_ context.Context, msg account.Message) error {
|
||||||
|
m.sent = append(m.sent, msg)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNotifierSkipsWhenNothingNew(t *testing.T) {
|
||||||
|
mailer := &recordingMailer{}
|
||||||
|
n := New(mailer, fbCounter{0}, cpCounter{0}, "alerts@erudit-game.ru", "op@x.ru", "", nil)
|
||||||
|
n.tick(context.Background())
|
||||||
|
if len(mailer.sent) != 0 {
|
||||||
|
t.Fatalf("sent %d emails, want 0 when nothing is new", len(mailer.sent))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNotifierDigestsNewItems(t *testing.T) {
|
||||||
|
mailer := &recordingMailer{}
|
||||||
|
n := New(mailer, fbCounter{2}, cpCounter{1}, "alerts@erudit-game.ru", "op@x.ru, two@x.ru", "https://erudit-game.ru/_gm", nil)
|
||||||
|
n.tick(context.Background())
|
||||||
|
if len(mailer.sent) != 1 {
|
||||||
|
t.Fatalf("sent %d emails, want 1 digest", len(mailer.sent))
|
||||||
|
}
|
||||||
|
msg := mailer.sent[0]
|
||||||
|
if msg.From != "alerts@erudit-game.ru" || msg.To != "op@x.ru, two@x.ru" {
|
||||||
|
t.Errorf("digest addressing = From %q To %q", msg.From, msg.To)
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Subject, "2 new feedback") || !strings.Contains(msg.Subject, "1 new word complaint") {
|
||||||
|
t.Errorf("digest subject = %q, want the feedback + complaint counts", msg.Subject)
|
||||||
|
}
|
||||||
|
if !strings.Contains(msg.Text, "/_gm") {
|
||||||
|
t.Errorf("digest body = %q, want the console link", msg.Text)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -24,6 +24,7 @@ func TestRendererRendersEveryPage(t *testing.T) {
|
|||||||
{"dashboard", DashboardView{Accounts: 3, Variants: []VariantVersions{{Variant: "scrabble_en", Latest: "v1", Versions: []string{"v1"}}}}, "Dashboard"},
|
{"dashboard", DashboardView{Accounts: 3, Variants: []VariantVersions{{Variant: "scrabble_en", Latest: "v1", Versions: []string{"v1"}}}}, "Dashboard"},
|
||||||
{"users", UsersView{Items: []UserRow{{ID: "a1", DisplayName: "Kaya", FlaggedHighRate: true}}, Pager: NewPager(1, 50, 1)}, "high-rate"},
|
{"users", UsersView{Items: []UserRow{{ID: "a1", DisplayName: "Kaya", FlaggedHighRate: true}}, Pager: NewPager(1, 50, 1)}, "high-rate"},
|
||||||
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", HasStats: true, Stats: StatsRow{Wins: 2}, TelegramID: "123", ConnectorEnabled: true}, "Send Telegram message"},
|
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", HasStats: true, Stats: StatsRow{Wins: 2}, TelegramID: "123", ConnectorEnabled: true}, "Send Telegram message"},
|
||||||
|
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", VKID: "494075"}, "vk.com/id494075"},
|
||||||
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", FlaggedHighRateAt: "2026-06-10 12:00"}, "Clear high-rate flag"},
|
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", FlaggedHighRateAt: "2026-06-10 12:00"}, "Clear high-rate flag"},
|
||||||
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", Roles: []string{"feedback_banned"}, KnownRoles: []string{"feedback_banned"}}, "feedback_banned"},
|
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya", Roles: []string{"feedback_banned"}, KnownRoles: []string{"feedback_banned"}}, "feedback_banned"},
|
||||||
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya",
|
{"user_detail", UserDetailView{ID: "a1", DisplayName: "Kaya",
|
||||||
|
|||||||
@@ -7,8 +7,9 @@
|
|||||||
<li><b>From</b> <a href="/_gm/users/{{.AccountID}}">{{.SenderName}}</a> ({{.Source}})</li>
|
<li><b>From</b> <a href="/_gm/users/{{.AccountID}}">{{.SenderName}}</a> ({{.Source}})</li>
|
||||||
<li><b>Channel</b> {{.Channel}}</li>
|
<li><b>Channel</b> {{.Channel}}</li>
|
||||||
<li><b>Interface language</b> {{.InterfaceLanguage}}</li>
|
<li><b>Interface language</b> {{.InterfaceLanguage}}</li>
|
||||||
|
<li><b>App version</b> {{if .Version}}<code>{{.Version}}</code>{{else}}<span class="note">unknown</span>{{end}}</li>
|
||||||
<li><b>IP</b> {{if .IP}}<code>{{.IP}}</code>{{else}}<span class="note">none</span>{{end}}</li>
|
<li><b>IP</b> {{if .IP}}<code>{{.IP}}</code>{{else}}<span class="note">none</span>{{end}}</li>
|
||||||
<li><b>Filed</b> {{.CreatedAt}}</li>
|
<li><b>Filed</b> {{.CreatedAt}} UTC · browser {{if .CreatedAtBrowser}}{{.CreatedAtBrowser}} ({{.BrowserTZ}}){{else}}<span class="note">N/A</span>{{end}} · user {{if .CreatedAtUser}}{{.CreatedAtUser}} ({{.UserTZ}}){{else}}<span class="note">N/A</span>{{end}}</li>
|
||||||
<li><b>State</b> {{if .Archived}}archived{{else if .Read}}read{{else}}<span class="warn">unread</span>{{end}}</li>
|
<li><b>State</b> {{if .Archived}}archived{{else if .Read}}read{{else}}<span class="warn">unread</span>{{end}}</li>
|
||||||
{{if .Banned}}<li><b>Feedback</b> <span class="warn">sender is banned from feedback</span></li>{{end}}
|
{{if .Banned}}<li><b>Feedback</b> <span class="warn">sender is banned from feedback</span></li>{{end}}
|
||||||
</ul>
|
</ul>
|
||||||
|
|||||||
@@ -101,6 +101,29 @@
|
|||||||
{{else}}<tr><td colspan="4"><span class="note">no identities (guest)</span></td></tr>{{end}}
|
{{else}}<tr><td colspan="4"><span class="note">no identities (guest)</span></td></tr>{{end}}
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
{{if .HasEmail}}
|
||||||
|
<form class="form" method="post" action="/_gm/users/{{.ID}}/remove-email" onsubmit="return confirm('Erase the email identity from this account? The address will be freed.')">
|
||||||
|
<button type="submit">Erase email</button>
|
||||||
|
</form>
|
||||||
|
{{end}}
|
||||||
|
</section>
|
||||||
|
<section class="panel"><h2>Deletion & retention</h2>
|
||||||
|
{{if .LastLoginAt}}<p class="note">Last login: {{.LastLoginAt}}{{if .LastLoginIP}} — <code>{{.LastLoginIP}}</code>{{end}}</p>{{end}}
|
||||||
|
{{if .Deleted}}<p><span class="warn">Deleted</span> at {{.DeletedAt}}{{if .DeletedName}} — was <code>{{.DeletedName}}</code>{{end}}</p>{{end}}
|
||||||
|
{{if .Retained}}
|
||||||
|
<h3>Retention journal (legal dossier of detached credentials)</h3>
|
||||||
|
<table class="list">
|
||||||
|
<thead><tr><th>Kind</th><th>Credential</th><th>Reason</th><th>Detached</th></tr></thead>
|
||||||
|
<tbody>
|
||||||
|
{{range .Retained}}<tr><td>{{.Kind}}</td><td><code>{{.ExternalID}}</code></td><td>{{.Reason}}</td><td>{{.DetachedAt}}</td></tr>{{end}}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
{{end}}
|
||||||
|
{{if not .Deleted}}
|
||||||
|
<form class="form" method="post" action="/_gm/users/{{.ID}}/delete" onsubmit="return confirm('Delete this account? Its credentials are journalled and freed, its data anonymised, and its sessions revoked. This cannot be undone.')">
|
||||||
|
<button type="submit">Delete user</button>
|
||||||
|
</form>
|
||||||
|
{{end}}
|
||||||
</section>
|
</section>
|
||||||
<section class="panel"><h2>Friends</h2>
|
<section class="panel"><h2>Friends</h2>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
@@ -142,6 +165,11 @@
|
|||||||
{{else}}<p class="note">connector not configured (set BACKEND_CONNECTOR_ADDR)</p>{{end}}
|
{{else}}<p class="note">connector not configured (set BACKEND_CONNECTOR_ADDR)</p>{{end}}
|
||||||
</section>
|
</section>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
{{if .VKID}}
|
||||||
|
<section class="panel"><h2>VK</h2>
|
||||||
|
<p>VK ID: <code>{{.VKID}}</code> · <a href="https://vk.com/id{{.VKID}}" target="_blank" rel="noopener">open profile</a></p>
|
||||||
|
</section>
|
||||||
|
{{end}}
|
||||||
<section class="panel"><h2>Games</h2>
|
<section class="panel"><h2>Games</h2>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
<thead><tr><th>Game</th><th>Variant</th><th>Status</th><th class="num">Players</th><th>Updated</th></tr></thead>
|
<thead><tr><th>Game</th><th>Variant</th><th>Status</th><th class="num">Players</th><th>Updated</th></tr></thead>
|
||||||
|
|||||||
@@ -2,13 +2,15 @@
|
|||||||
<h1>Users</h1>
|
<h1>Users</h1>
|
||||||
{{with .Data}}
|
{{with .Data}}
|
||||||
<nav class="subnav">
|
<nav class="subnav">
|
||||||
<a href="/_gm/users"{{if not .Robots}} class="active"{{end}}>People</a> ·
|
<a href="/_gm/users"{{if and (not .Robots) (not .Deleted)}} class="active"{{end}}>People</a> ·
|
||||||
|
<a href="/_gm/users?kind=deleted"{{if .Deleted}} class="active"{{end}}>Deleted</a> ·
|
||||||
<a href="/_gm/users?kind=robots"{{if .Robots}} class="active"{{end}}>Robots</a>
|
<a href="/_gm/users?kind=robots"{{if .Robots}} class="active"{{end}}>Robots</a>
|
||||||
</nav>
|
</nav>
|
||||||
<form class="form" method="get" action="/_gm/users">
|
<form class="form" method="get" action="/_gm/users">
|
||||||
{{if .Robots}}<input type="hidden" name="kind" value="robots">{{end}}
|
{{if .Robots}}<input type="hidden" name="kind" value="robots">{{end}}{{if .Deleted}}<input type="hidden" name="kind" value="deleted">{{end}}
|
||||||
<input name="name" value="{{.NameMask}}" placeholder="display name mask (* ?)">
|
<input name="name" value="{{.NameMask}}" placeholder="display name mask (* ?)">
|
||||||
<input name="ext" value="{{.ExternalIDMask}}" placeholder="external id mask (* ?)">
|
<input name="ext" value="{{.ExternalIDMask}}" placeholder="external id mask (* ?)">
|
||||||
|
<input name="email" value="{{.EmailExact}}" placeholder="email (exact)" type="search">
|
||||||
<button type="submit">Filter</button>
|
<button type="submit">Filter</button>
|
||||||
</form>
|
</form>
|
||||||
<table class="list">
|
<table class="list">
|
||||||
@@ -17,7 +19,7 @@
|
|||||||
{{range .Items}}
|
{{range .Items}}
|
||||||
<tr>
|
<tr>
|
||||||
<td><a href="/_gm/users/{{.ID}}">{{.ID}}</a></td>
|
<td><a href="/_gm/users/{{.ID}}">{{.ID}}</a></td>
|
||||||
<td>{{.DisplayName}}{{if .Guest}} <span class="pill">guest</span>{{end}}{{if .FlaggedHighRate}} <span class="pill">high-rate</span>{{end}}</td>
|
<td>{{.DisplayName}}{{if .Deleted}} <span class="pill">deleted</span>{{end}}{{if .Guest}} <span class="pill">guest</span>{{end}}{{if .FlaggedHighRate}} <span class="pill">high-rate</span>{{end}}</td>
|
||||||
<td>{{.Kind}}</td>
|
<td>{{.Kind}}</td>
|
||||||
<td>{{.Language}}</td>
|
<td>{{.Language}}</td>
|
||||||
<td>{{.CreatedAt}}</td>
|
<td>{{.CreatedAt}}</td>
|
||||||
|
|||||||
@@ -60,8 +60,10 @@ type UsersView struct {
|
|||||||
// be emitted verbatim — interpolated as a plain string it would have its "=" and "&"
|
// be emitted verbatim — interpolated as a plain string it would have its "=" and "&"
|
||||||
// percent-encoded again by the contextual escaper.
|
// percent-encoded again by the contextual escaper.
|
||||||
Robots bool
|
Robots bool
|
||||||
|
Deleted bool
|
||||||
NameMask string
|
NameMask string
|
||||||
ExternalIDMask string
|
ExternalIDMask string
|
||||||
|
EmailExact string
|
||||||
FilterQuery template.URL
|
FilterQuery template.URL
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -74,6 +76,7 @@ type UserRow struct {
|
|||||||
Kind string
|
Kind string
|
||||||
Language string
|
Language string
|
||||||
Guest bool
|
Guest bool
|
||||||
|
Deleted bool
|
||||||
FlaggedHighRate bool
|
FlaggedHighRate bool
|
||||||
CreatedAt string
|
CreatedAt string
|
||||||
HasMoveStats bool
|
HasMoveStats bool
|
||||||
@@ -150,6 +153,15 @@ type UserDetailView struct {
|
|||||||
// MergedInto is the primary account id when this account has been retired by a
|
// MergedInto is the primary account id when this account has been retired by a
|
||||||
// merge, or empty for a live account.
|
// merge, or empty for a live account.
|
||||||
MergedInto string
|
MergedInto string
|
||||||
|
// The account-deletion dossier. Deleted marks a tombstoned account; DeletedAt and
|
||||||
|
// DeletedName are its deletion time and retained real name; LastLoginAt/IP are the
|
||||||
|
// last cold-load stamp (shown for any account); Retained is the credential journal.
|
||||||
|
Deleted bool
|
||||||
|
DeletedAt string
|
||||||
|
DeletedName string
|
||||||
|
LastLoginAt string
|
||||||
|
LastLoginIP string
|
||||||
|
Retained []RetainedRow
|
||||||
// FlaggedHighRateAt is the pre-formatted soft high-rate marker timestamp,
|
// FlaggedHighRateAt is the pre-formatted soft high-rate marker timestamp,
|
||||||
// empty for an unflagged account; the card shows it with the Clear action.
|
// empty for an unflagged account; the card shows it with the Clear action.
|
||||||
FlaggedHighRateAt string
|
FlaggedHighRateAt string
|
||||||
@@ -161,8 +173,14 @@ type UserDetailView struct {
|
|||||||
HasStats bool
|
HasStats bool
|
||||||
Stats StatsRow
|
Stats StatsRow
|
||||||
Identities []IdentityRow
|
Identities []IdentityRow
|
||||||
|
// HasEmail gates the "Erase email" action; set when the account carries an email identity.
|
||||||
|
HasEmail bool
|
||||||
Games []GameRow
|
Games []GameRow
|
||||||
|
// TelegramID and VKID are the account's platform external ids (empty when absent).
|
||||||
|
// TelegramID gates the "Send Telegram message" operator action; VKID surfaces the VK
|
||||||
|
// user id with a link to the VK profile (there is no VK messaging to drive).
|
||||||
TelegramID string
|
TelegramID string
|
||||||
|
VKID string
|
||||||
ConnectorEnabled bool
|
ConnectorEnabled bool
|
||||||
// MoveChart is the pre-rendered inline SVG of the account's per-move-number think
|
// MoveChart is the pre-rendered inline SVG of the account's per-move-number think
|
||||||
// time (min/mean/max), empty when the account has no timed move.
|
// time (min/mean/max), empty when the account has no timed move.
|
||||||
@@ -230,6 +248,17 @@ type IdentityRow struct {
|
|||||||
CreatedAt string
|
CreatedAt string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RetainedRow is one credential in the account-deletion retention journal (the legal
|
||||||
|
// dossier of detached credentials): what was detached, when, and why.
|
||||||
|
type RetainedRow struct {
|
||||||
|
Kind string
|
||||||
|
ExternalID string
|
||||||
|
Reason string
|
||||||
|
Confirmed bool
|
||||||
|
LinkedAt string
|
||||||
|
DetachedAt string
|
||||||
|
}
|
||||||
|
|
||||||
// GameRow is one game row in a list.
|
// GameRow is one game row in a list.
|
||||||
type GameRow struct {
|
type GameRow struct {
|
||||||
ID string
|
ID string
|
||||||
@@ -554,5 +583,17 @@ type FeedbackDetailView struct {
|
|||||||
ReplyBody string
|
ReplyBody string
|
||||||
RepliedAt string
|
RepliedAt string
|
||||||
CreatedAt string
|
CreatedAt string
|
||||||
|
// Version is the client app build the report was sent from (empty for rows that predate it).
|
||||||
|
Version string
|
||||||
|
// The Filed time is shown in three zones so the operator can tell what is certainly known from
|
||||||
|
// what is merely defaulted. CreatedAt is the authoritative UTC time. CreatedAtBrowser is that
|
||||||
|
// instant in the client's UTC offset detected at submit (BrowserTZ its "±HH:MM" label), empty
|
||||||
|
// when the client reported none (an older build). CreatedAtUser is that instant in the sender's
|
||||||
|
// saved profile zone (UserTZ its label), empty when the account has no zone beyond the UTC
|
||||||
|
// default — the template then shows "N/A" so the missing datum is explicit.
|
||||||
|
CreatedAtBrowser string
|
||||||
|
BrowserTZ string
|
||||||
|
CreatedAtUser string
|
||||||
|
UserTZ string
|
||||||
Banned bool
|
Banned bool
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ package config
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
@@ -42,6 +43,12 @@ type Config struct {
|
|||||||
// SMTP configures the email relay used for confirm-codes. An empty Host
|
// SMTP configures the email relay used for confirm-codes. An empty Host
|
||||||
// selects the development log mailer (the code is logged, not sent).
|
// selects the development log mailer (the code is logged, not sent).
|
||||||
SMTP account.SMTPConfig
|
SMTP account.SMTPConfig
|
||||||
|
// PublicBaseURL is the canonical public origin (scheme + host, e.g.
|
||||||
|
// https://erudit-game.ru) used to build absolute links in outgoing email — the
|
||||||
|
// confirm deeplink and the footer landing link. It is deliberately not derived
|
||||||
|
// from a request Host header, which would let an attacker inject a phishing link
|
||||||
|
// into the email. Required whenever an SMTP relay is configured.
|
||||||
|
PublicBaseURL string
|
||||||
// ConnectorAddr is the gRPC address of the Telegram platform connector
|
// ConnectorAddr is the gRPC address of the Telegram platform connector
|
||||||
// side-service, used by the admin console to send operator broadcasts. Empty
|
// side-service, used by the admin console to send operator broadcasts. Empty
|
||||||
// disables broadcasts (the admin broadcast actions report "not configured").
|
// disables broadcasts (the admin broadcast actions report "not configured").
|
||||||
@@ -51,6 +58,12 @@ type Config struct {
|
|||||||
// GuestRetention is the account age past which an unused guest (no game seat)
|
// GuestRetention is the account age past which an unused guest (no game seat)
|
||||||
// is eligible for deletion by the reaper.
|
// is eligible for deletion by the reaper.
|
||||||
GuestRetention time.Duration
|
GuestRetention time.Duration
|
||||||
|
// ExportSignKey signs the finished-game export download URLs. Empty leaves
|
||||||
|
// the export-URL endpoints disabled (503 on mint, 404 on download).
|
||||||
|
ExportSignKey string
|
||||||
|
// RendererURL is the base URL of the internal image-render sidecar (e.g.
|
||||||
|
// http://renderer:8090). Empty disables the PNG export artifact.
|
||||||
|
RendererURL string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Defaults applied when the corresponding environment variable is unset.
|
// Defaults applied when the corresponding environment variable is unset.
|
||||||
@@ -135,6 +148,9 @@ func Load() (Config, error) {
|
|||||||
Username: os.Getenv("BACKEND_SMTP_USERNAME"),
|
Username: os.Getenv("BACKEND_SMTP_USERNAME"),
|
||||||
Password: os.Getenv("BACKEND_SMTP_PASSWORD"),
|
Password: os.Getenv("BACKEND_SMTP_PASSWORD"),
|
||||||
From: envOr("BACKEND_SMTP_FROM", "no-reply@localhost"),
|
From: envOr("BACKEND_SMTP_FROM", "no-reply@localhost"),
|
||||||
|
TLS: os.Getenv("BACKEND_SMTP_TLS"),
|
||||||
|
AdminFrom: os.Getenv("BACKEND_SMTP_ADMIN_FROM"),
|
||||||
|
AdminTo: os.Getenv("BACKEND_ADMIN_EMAIL"),
|
||||||
}
|
}
|
||||||
|
|
||||||
c := Config{
|
c := Config{
|
||||||
@@ -148,9 +164,12 @@ func Load() (Config, error) {
|
|||||||
Robot: rb,
|
Robot: rb,
|
||||||
RateWatch: rw,
|
RateWatch: rw,
|
||||||
SMTP: smtp,
|
SMTP: smtp,
|
||||||
|
PublicBaseURL: os.Getenv("BACKEND_PUBLIC_BASE_URL"),
|
||||||
ConnectorAddr: os.Getenv("BACKEND_CONNECTOR_ADDR"),
|
ConnectorAddr: os.Getenv("BACKEND_CONNECTOR_ADDR"),
|
||||||
GuestReapInterval: guestReapInterval,
|
GuestReapInterval: guestReapInterval,
|
||||||
GuestRetention: guestRetention,
|
GuestRetention: guestRetention,
|
||||||
|
ExportSignKey: os.Getenv("BACKEND_EXPORT_SIGN_KEY"),
|
||||||
|
RendererURL: os.Getenv("BACKEND_RENDERER_URL"),
|
||||||
}
|
}
|
||||||
if err := c.validate(); err != nil {
|
if err := c.validate(); err != nil {
|
||||||
return Config{}, err
|
return Config{}, err
|
||||||
@@ -195,6 +214,14 @@ func (c Config) validate() error {
|
|||||||
if c.GuestRetention <= 0 {
|
if c.GuestRetention <= 0 {
|
||||||
return fmt.Errorf("config: BACKEND_GUEST_RETENTION must be positive")
|
return fmt.Errorf("config: BACKEND_GUEST_RETENTION must be positive")
|
||||||
}
|
}
|
||||||
|
if c.SMTP.Host != "" {
|
||||||
|
if c.PublicBaseURL == "" {
|
||||||
|
return fmt.Errorf("config: BACKEND_PUBLIC_BASE_URL must be set when BACKEND_SMTP_HOST is configured")
|
||||||
|
}
|
||||||
|
if u, err := url.Parse(c.PublicBaseURL); err != nil || u.Scheme == "" || u.Host == "" {
|
||||||
|
return fmt.Errorf("config: BACKEND_PUBLIC_BASE_URL %q must be an absolute URL (scheme://host)", c.PublicBaseURL)
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -21,11 +21,13 @@ var dictFiles = map[Variant]string{
|
|||||||
VariantErudit: "ru_erudit.dawg",
|
VariantErudit: "ru_erudit.dawg",
|
||||||
}
|
}
|
||||||
|
|
||||||
// entry is one resident dictionary: the loaded finder and the solver built over
|
// entry is one resident dictionary: the loaded finder, the solver built over it
|
||||||
// it. The finder is retained so Close can release it.
|
// and the file it was loaded from. The finder is retained so Close can release
|
||||||
|
// it; path is retained so the raw bytes can be re-read for the client download.
|
||||||
type entry struct {
|
type entry struct {
|
||||||
finder dawg.Finder
|
finder dawg.Finder
|
||||||
solver *scrabble.Solver
|
solver *scrabble.Solver
|
||||||
|
path string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Registry holds the dictionaries resident in memory, addressed by variant and
|
// Registry holds the dictionaries resident in memory, addressed by variant and
|
||||||
@@ -130,7 +132,7 @@ func (r *Registry) Load(v Variant, version, dir string) error {
|
|||||||
if old, ok := r.entries[v][version]; ok {
|
if old, ok := r.entries[v][version]; ok {
|
||||||
_ = old.finder.Close()
|
_ = old.finder.Close()
|
||||||
}
|
}
|
||||||
r.entries[v][version] = entry{finder: finder, solver: scrabble.NewSolver(rs, finder)}
|
r.entries[v][version] = entry{finder: finder, solver: scrabble.NewSolver(rs, finder), path: path}
|
||||||
r.latest[v] = version
|
r.latest[v] = version
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@@ -202,6 +204,30 @@ func (r *Registry) Versions(v Variant) []string {
|
|||||||
return versions
|
return versions
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DictBytes returns the raw serialized DAWG for the (variant, version) pair,
|
||||||
|
// re-read from the file it was loaded from — the same immutable bytes the solver
|
||||||
|
// holds. It backs the client-side dictionary download for the local move
|
||||||
|
// preview. It returns ErrUnknownVariant or ErrUnknownVersion when that dictionary
|
||||||
|
// is not resident, and wraps any read error. The file is read outside the lock.
|
||||||
|
func (r *Registry) DictBytes(v Variant, version string) ([]byte, error) {
|
||||||
|
r.mu.RLock()
|
||||||
|
versions, ok := r.entries[v]
|
||||||
|
if !ok {
|
||||||
|
r.mu.RUnlock()
|
||||||
|
return nil, fmt.Errorf("%w: %s", ErrUnknownVariant, v)
|
||||||
|
}
|
||||||
|
e, ok := versions[version]
|
||||||
|
r.mu.RUnlock()
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf("%w: %s/%s", ErrUnknownVersion, v, version)
|
||||||
|
}
|
||||||
|
data, err := os.ReadFile(e.path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("engine: read %s/%s dictionary bytes from %s: %w", v, version, e.path, err)
|
||||||
|
}
|
||||||
|
return data, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Lookup reports whether word is present in the (variant, version) dictionary,
|
// Lookup reports whether word is present in the (variant, version) dictionary,
|
||||||
// backing the unlimited word-check tool. It returns ErrUnknownVariant or
|
// backing the unlimited word-check tool. It returns ErrUnknownVariant or
|
||||||
// ErrUnknownVersion when that dictionary is not resident, and an error when word
|
// ErrUnknownVersion when that dictionary is not resident, and an error when word
|
||||||
|
|||||||
@@ -72,7 +72,7 @@ func (svc *Service) SetNotifier(p notify.Publisher) {
|
|||||||
// validates the body (non-empty, within the rune limit) and the optional
|
// validates the body (non-empty, within the rune limit) and the optional
|
||||||
// attachment (size and extension allow-list). senderIP is the gateway-forwarded
|
// attachment (size and extension allow-list). senderIP is the gateway-forwarded
|
||||||
// client IP (validated); channel is the submitting platform.
|
// client IP (validated); channel is the submitting platform.
|
||||||
func (svc *Service) Submit(ctx context.Context, accountID uuid.UUID, body string, attachment []byte, attachmentName, channel, senderIP string) error {
|
func (svc *Service) Submit(ctx context.Context, accountID uuid.UUID, body string, attachment []byte, attachmentName, channel, version, browserTZ, senderIP string) error {
|
||||||
acc, err := svc.accounts.GetByID(ctx, accountID)
|
acc, err := svc.accounts.GetByID(ctx, accountID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -112,9 +112,10 @@ func (svc *Service) Submit(ctx context.Context, accountID uuid.UUID, body string
|
|||||||
attachmentName = "" // a name without bytes carries no attachment
|
attachmentName = "" // a name without bytes carries no attachment
|
||||||
}
|
}
|
||||||
ch := normalizeChannel(channel)
|
ch := normalizeChannel(channel)
|
||||||
// Snapshot the sender's interface language at submit time (acc is already loaded
|
// Snapshot the sender's interface language, the client app version and the client's
|
||||||
// for the guest check) so the operator later sees the state as it was.
|
// detected UTC offset at submit time (acc is already loaded for the guest check) so the
|
||||||
_, err = svc.store.Insert(ctx, accountID, body, attachment, attachmentName, ch, acc.PreferredLanguage, parseIP(senderIP))
|
// operator later sees the state as it was.
|
||||||
|
_, err = svc.store.Insert(ctx, accountID, body, attachment, attachmentName, ch, acc.PreferredLanguage, version, browserTZ, parseIP(senderIP))
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -194,6 +195,11 @@ func (svc *Service) CountUnread(ctx context.Context) (int, error) {
|
|||||||
return svc.store.CountUnread(ctx)
|
return svc.store.CountUnread(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountSince counts feedback created after since, for the operator alert worker.
|
||||||
|
func (svc *Service) CountSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
return svc.store.CountSince(ctx, since)
|
||||||
|
}
|
||||||
|
|
||||||
// Attachment returns a message's file name and bytes, reporting false when absent.
|
// Attachment returns a message's file name and bytes, reporting false when absent.
|
||||||
func (svc *Service) Attachment(ctx context.Context, id uuid.UUID) (string, []byte, bool, error) {
|
func (svc *Service) Attachment(ctx context.Context, id uuid.UUID) (string, []byte, bool, error) {
|
||||||
return svc.store.Attachment(ctx, id)
|
return svc.store.Attachment(ctx, id)
|
||||||
|
|||||||
@@ -34,10 +34,10 @@ func NewStore(db *sql.DB) *Store {
|
|||||||
|
|
||||||
// Insert stores one feedback message from accountID and returns its id. attachment
|
// Insert stores one feedback message from accountID and returns its id. attachment
|
||||||
// is the raw file bytes (nil for none); attachmentName, ip and a non-default
|
// is the raw file bytes (nil for none); attachmentName, ip and a non-default
|
||||||
// channel are stored as given. lang (the sender's interface language) is a snapshot
|
// channel are stored as given. lang (interface language), version (client app build) and
|
||||||
// taken now, so the operator later sees the state at submit time. created_at defaults
|
// browserTZ (the client's detected "±HH:MM" UTC offset) are snapshots taken now, so the operator
|
||||||
// to now() in the database.
|
// later sees the state at submit time. created_at defaults to now() in the database.
|
||||||
func (s *Store) Insert(ctx context.Context, accountID uuid.UUID, body string, attachment []byte, attachmentName, channel, lang string, ip *string) (uuid.UUID, error) {
|
func (s *Store) Insert(ctx context.Context, accountID uuid.UUID, body string, attachment []byte, attachmentName, channel, lang, version, browserTZ string, ip *string) (uuid.UUID, error) {
|
||||||
id, err := uuid.NewV7()
|
id, err := uuid.NewV7()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return uuid.Nil, fmt.Errorf("feedback: new message id: %w", err)
|
return uuid.Nil, fmt.Errorf("feedback: new message id: %w", err)
|
||||||
@@ -48,9 +48,9 @@ func (s *Store) Insert(ctx context.Context, accountID uuid.UUID, body string, at
|
|||||||
}
|
}
|
||||||
if _, err := s.db.ExecContext(ctx,
|
if _, err := s.db.ExecContext(ctx,
|
||||||
`INSERT INTO backend.feedback_messages
|
`INSERT INTO backend.feedback_messages
|
||||||
(message_id, account_id, body, attachment, attachment_name, channel, lang, sender_ip)
|
(message_id, account_id, body, attachment, attachment_name, channel, lang, app_version, browser_tz, sender_ip)
|
||||||
VALUES ($1, $2, $3, $4, $5, $6, $7, $8)`,
|
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`,
|
||||||
id, accountID, body, att, nullStr(attachmentName), channel, nullStr(lang), ip); err != nil {
|
id, accountID, body, att, nullStr(attachmentName), channel, nullStr(lang), nullStr(version), nullStr(browserTZ), ip); err != nil {
|
||||||
return uuid.Nil, fmt.Errorf("feedback: insert: %w", err)
|
return uuid.Nil, fmt.Errorf("feedback: insert: %w", err)
|
||||||
}
|
}
|
||||||
return id, nil
|
return id, nil
|
||||||
@@ -229,6 +229,14 @@ type AdminMessage struct {
|
|||||||
Channel string
|
Channel string
|
||||||
// Lang is the sender's interface language, snapshotted at submit time.
|
// Lang is the sender's interface language, snapshotted at submit time.
|
||||||
Lang string
|
Lang string
|
||||||
|
// Version is the client app build the report was sent from, snapshotted at submit time.
|
||||||
|
Version string
|
||||||
|
// BrowserTZ is the client's detected "±HH:MM" UTC offset at submit time, snapshotted so the
|
||||||
|
// filed time can be shown in the sender's browser-local zone even before they save a profile.
|
||||||
|
BrowserTZ string
|
||||||
|
// TimeZone is the sender account's stored zone ("±HH:MM" offset, IANA name, or ""), for
|
||||||
|
// rendering CreatedAt in the sender's own configured time alongside UTC.
|
||||||
|
TimeZone string
|
||||||
SenderIP string
|
SenderIP string
|
||||||
HasAttachment bool
|
HasAttachment bool
|
||||||
AttachmentName string
|
AttachmentName string
|
||||||
@@ -343,7 +351,7 @@ func (s *Store) AdminGet(ctx context.Context, id uuid.UUID) (AdminMessage, error
|
|||||||
var m AdminMessage
|
var m AdminMessage
|
||||||
var repliedAt sql.NullTime
|
var repliedAt sql.NullTime
|
||||||
q := `SELECT m.message_id, m.account_id, a.display_name, ` + feedbackSource + ` AS source, m.body, m.channel,
|
q := `SELECT m.message_id, m.account_id, a.display_name, ` + feedbackSource + ` AS source, m.body, m.channel,
|
||||||
COALESCE(m.lang, ''),
|
COALESCE(m.lang, ''), COALESCE(m.app_version, ''), COALESCE(m.browser_tz, ''), a.time_zone,
|
||||||
COALESCE(m.sender_ip, ''), (m.attachment IS NOT NULL), COALESCE(m.attachment_name, ''),
|
COALESCE(m.sender_ip, ''), (m.attachment IS NOT NULL), COALESCE(m.attachment_name, ''),
|
||||||
(m.read_at IS NOT NULL), (m.archived_at IS NOT NULL), (m.reply_body IS NOT NULL),
|
(m.read_at IS NOT NULL), (m.archived_at IS NOT NULL), (m.reply_body IS NOT NULL),
|
||||||
COALESCE(m.reply_body, ''), m.replied_at, m.created_at
|
COALESCE(m.reply_body, ''), m.replied_at, m.created_at
|
||||||
@@ -352,7 +360,7 @@ func (s *Store) AdminGet(ctx context.Context, id uuid.UUID) (AdminMessage, error
|
|||||||
WHERE m.message_id = $1`
|
WHERE m.message_id = $1`
|
||||||
err := s.db.QueryRowContext(ctx, q, id).Scan(
|
err := s.db.QueryRowContext(ctx, q, id).Scan(
|
||||||
&m.ID, &m.AccountID, &m.SenderName, &m.Source, &m.Body, &m.Channel,
|
&m.ID, &m.AccountID, &m.SenderName, &m.Source, &m.Body, &m.Channel,
|
||||||
&m.Lang,
|
&m.Lang, &m.Version, &m.BrowserTZ, &m.TimeZone,
|
||||||
&m.SenderIP, &m.HasAttachment, &m.AttachmentName,
|
&m.SenderIP, &m.HasAttachment, &m.AttachmentName,
|
||||||
&m.Read, &m.Archived, &m.Replied, &m.ReplyBody, &repliedAt, &m.CreatedAt)
|
&m.Read, &m.Archived, &m.Replied, &m.ReplyBody, &repliedAt, &m.CreatedAt)
|
||||||
if errors.Is(err, sql.ErrNoRows) {
|
if errors.Is(err, sql.ErrNoRows) {
|
||||||
@@ -378,3 +386,15 @@ func (s *Store) CountUnread(ctx context.Context) (int, error) {
|
|||||||
}
|
}
|
||||||
return n, nil
|
return n, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountSince counts feedback messages created strictly after since — the operator alert
|
||||||
|
// worker's "new since the last check" signal.
|
||||||
|
func (s *Store) CountSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
var n int
|
||||||
|
if err := s.db.QueryRowContext(ctx,
|
||||||
|
`SELECT COUNT(*) FROM backend.feedback_messages WHERE created_at > $1`, since,
|
||||||
|
).Scan(&n); err != nil {
|
||||||
|
return 0, fmt.Errorf("feedback: count since: %w", err)
|
||||||
|
}
|
||||||
|
return n, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -54,6 +54,12 @@ type Service struct {
|
|||||||
// have committed a move (a nudge answered by moving stops counting as unread). It is
|
// have committed a move (a nudge answered by moving stops counting as unread). It is
|
||||||
// best-effort and kept as a func so the game package never imports the social package.
|
// best-effort and kept as a func so the game package never imports the social package.
|
||||||
clearNudges func(ctx context.Context, gameID, accountID uuid.UUID) error
|
clearNudges func(ctx context.Context, gameID, accountID uuid.UUID) error
|
||||||
|
// expireNudges, when set, marks every pending nudge in a game read once the game
|
||||||
|
// finishes (the nudge badge is stale on a completed game). Unlike clearNudges it is
|
||||||
|
// keyed by game alone — it clears all seats' nudges, not one mover's — and runs on
|
||||||
|
// every completion path through commit. Best-effort; a func so the game package never
|
||||||
|
// imports the social package.
|
||||||
|
expireNudges func(ctx context.Context, gameID uuid.UUID) error
|
||||||
metrics *gameMetrics
|
metrics *gameMetrics
|
||||||
log *zap.Logger
|
log *zap.Logger
|
||||||
}
|
}
|
||||||
@@ -107,6 +113,15 @@ func (svc *Service) SetNudgeClearer(fn func(ctx context.Context, gameID, account
|
|||||||
svc.clearNudges = fn
|
svc.clearNudges = fn
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetNudgeExpirer installs the hook that marks every pending nudge in a game read once the
|
||||||
|
// game finishes, on any completion path (a closing move, a resignation, a turn-timeout or a
|
||||||
|
// forfeit). It must be called during startup wiring; the default (nil) leaves a finished
|
||||||
|
// game's nudges to expire only when a recipient opens the move history or chat. The social
|
||||||
|
// package wires its ExpireNudges here. Chat messages are deliberately left unread.
|
||||||
|
func (svc *Service) SetNudgeExpirer(fn func(ctx context.Context, gameID uuid.UUID) error) {
|
||||||
|
svc.expireNudges = fn
|
||||||
|
}
|
||||||
|
|
||||||
// SetFirstMoveEntropy overrides the entropy source for the first-move draw
|
// SetFirstMoveEntropy overrides the entropy source for the first-move draw
|
||||||
// (docs/ARCHITECTURE.md §6). It must be called during wiring or test setup before any
|
// (docs/ARCHITECTURE.md §6). It must be called during wiring or test setup before any
|
||||||
// game is created; the production default is crypto/rand and is never overridden.
|
// game is created; the production default is crypto/rand and is never overridden.
|
||||||
@@ -699,6 +714,16 @@ func (svc *Service) commit(ctx context.Context, gameID uuid.UUID, g *engine.Game
|
|||||||
}
|
}
|
||||||
if c.finished {
|
if c.finished {
|
||||||
svc.cache.remove(gameID)
|
svc.cache.remove(gameID)
|
||||||
|
// A finished game's nudges are stale, so clear them all here — every completion path
|
||||||
|
// funnels through commit (a closing move, a resignation, a forfeit or a turn-timeout),
|
||||||
|
// and only the move path also clears the mover's nudge on its own. Best-effort like
|
||||||
|
// clearNudges: the finish has committed, so a cleanup failure is logged, not surfaced.
|
||||||
|
// ExpireNudges leaves chat messages unread.
|
||||||
|
if svc.expireNudges != nil {
|
||||||
|
if err := svc.expireNudges(ctx, gameID); err != nil {
|
||||||
|
svc.log.Warn("expire nudges on game finish", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
post, err := svc.store.GetGame(ctx, gameID)
|
post, err := svc.store.GetGame(ctx, gameID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -983,6 +1008,12 @@ func (svc *Service) CountComplaints(ctx context.Context, status string) (int, er
|
|||||||
return svc.store.CountComplaints(ctx, status)
|
return svc.store.CountComplaints(ctx, status)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountComplaintsSince counts word complaints filed after since, for the operator alert
|
||||||
|
// worker.
|
||||||
|
func (svc *Service) CountComplaintsSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
return svc.store.CountComplaintsSince(ctx, since)
|
||||||
|
}
|
||||||
|
|
||||||
// ResolveComplaint closes a complaint with an operator disposition (reject /
|
// ResolveComplaint closes a complaint with an operator disposition (reject /
|
||||||
// accept_add / accept_remove) and an optional note. An accepted complaint then
|
// accept_add / accept_remove) and an optional note. An accepted complaint then
|
||||||
// appears in DictionaryChanges until a rebuilt dictionary is loaded and the
|
// appears in DictionaryChanges until a rebuilt dictionary is loaded and the
|
||||||
@@ -1338,30 +1369,53 @@ func (svc *Service) SetupDraws(ctx context.Context, gameID uuid.UUID) ([]SetupDr
|
|||||||
return svc.store.SetupDraws(ctx, gameID)
|
return svc.store.SetupDraws(ctx, gameID)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ExportGCG renders a game as GCG text from the journal alone (no dictionary). It
|
// ExportView returns a finished game with its journal and per-seat display names —
|
||||||
// is allowed only on a finished game: exporting an in-progress game would leak the
|
// the material every export artifact (the GCG text, the PNG render payload) is built
|
||||||
// full move journal mid-play, so an active game yields ErrGameActive.
|
// from. It is allowed only on a finished game: exporting an in-progress game would
|
||||||
func (svc *Service) ExportGCG(ctx context.Context, gameID uuid.UUID) (string, error) {
|
// leak the full move journal mid-play, so an active game yields ErrGameActive. In an
|
||||||
|
// honest-AI game the robot seat is labelled "AI", not its pool name.
|
||||||
|
func (svc *Service) ExportView(ctx context.Context, gameID uuid.UUID) (Game, []HistoryMove, []string, error) {
|
||||||
g, err := svc.store.GetGame(ctx, gameID)
|
g, err := svc.store.GetGame(ctx, gameID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return Game{}, nil, nil, err
|
||||||
}
|
}
|
||||||
if g.Status != StatusFinished {
|
if g.Status != StatusFinished {
|
||||||
return "", ErrGameActive
|
return Game{}, nil, nil, ErrGameActive
|
||||||
}
|
}
|
||||||
moves, err := svc.store.GetJournal(ctx, gameID)
|
moves, err := svc.store.GetJournal(ctx, gameID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return Game{}, nil, nil, err
|
||||||
}
|
}
|
||||||
names := svc.seatNames(ctx, g)
|
names := svc.seatNames(ctx, g)
|
||||||
if g.VsAI {
|
if g.VsAI {
|
||||||
// Label the robot seat "AI" in an honest-AI game's export, not its pool name.
|
|
||||||
for _, s := range g.Seats {
|
for _, s := range g.Seats {
|
||||||
if robot, err := svc.accounts.IsRobot(ctx, s.AccountID); err == nil && robot {
|
if robot, err := svc.accounts.IsRobot(ctx, s.AccountID); err == nil && robot {
|
||||||
names[s.Seat] = aiPlayerName
|
names[s.Seat] = aiPlayerName
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return g, moves, names, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// EnsureExportable reports whether a game may be exported (it exists and is
|
||||||
|
// finished) without loading the journal — the export-URL mint check.
|
||||||
|
func (svc *Service) EnsureExportable(ctx context.Context, gameID uuid.UUID) error {
|
||||||
|
g, err := svc.store.GetGame(ctx, gameID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if g.Status != StatusFinished {
|
||||||
|
return ErrGameActive
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExportGCG renders a game as GCG text from the journal alone (no dictionary).
|
||||||
|
func (svc *Service) ExportGCG(ctx context.Context, gameID uuid.UUID) (string, error) {
|
||||||
|
g, moves, names, err := svc.ExportView(ctx, gameID)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
return writeGCG(g, names, moves), nil
|
return writeGCG(g, names, moves), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1440,13 +1494,24 @@ func (svc *Service) voidGame(ctx context.Context, pre Game, g *engine.Game) erro
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return svc.store.VoidGame(ctx, voidCommit{
|
if err := svc.store.VoidGame(ctx, voidCommit{
|
||||||
gameID: pre.ID,
|
gameID: pre.ID,
|
||||||
endReason: g.Reason().String(),
|
endReason: g.Reason().String(),
|
||||||
scores: scores,
|
scores: scores,
|
||||||
now: svc.clock(),
|
now: svc.clock(),
|
||||||
stats: buildStats(g, statSeats),
|
stats: buildStats(g, statSeats),
|
||||||
})
|
}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// A voided game is finished (as a draw) but bypasses commit, so clear its now-stale nudges
|
||||||
|
// here too. Best-effort, like the commit path: the void has persisted, so a cleanup failure
|
||||||
|
// is logged, not surfaced.
|
||||||
|
if svc.expireNudges != nil {
|
||||||
|
if err := svc.expireNudges(ctx, pre.ID); err != nil {
|
||||||
|
svc.log.Warn("expire nudges on voided game", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// replayMove re-applies one journalled move to g through the decoded engine API.
|
// replayMove re-applies one journalled move to g through the decoded engine API.
|
||||||
@@ -1613,6 +1678,14 @@ func (svc *Service) lookupWord(variant engine.Variant, version, word string) (bo
|
|||||||
return present, nil
|
return present, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DictBytes returns the raw serialized dictionary for the (variant, version) pair
|
||||||
|
// from the registry, backing the client-side dictionary download used by the
|
||||||
|
// local move preview. It surfaces engine.ErrUnknownVariant /
|
||||||
|
// engine.ErrUnknownVersion when that dictionary is not resident.
|
||||||
|
func (svc *Service) DictBytes(variant engine.Variant, version string) ([]byte, error) {
|
||||||
|
return svc.registry.DictBytes(variant, version)
|
||||||
|
}
|
||||||
|
|
||||||
// hintsRemaining is a player's remaining hint budget: the unspent per-game
|
// hintsRemaining is a player's remaining hint budget: the unspent per-game
|
||||||
// allowance plus the profile wallet.
|
// allowance plus the profile wallet.
|
||||||
func hintsRemaining(allowance, used, wallet int) int {
|
func hintsRemaining(allowance, used, wallet int) int {
|
||||||
|
|||||||
@@ -1040,6 +1040,19 @@ func (s *Store) CountComplaints(ctx context.Context, status string) (int, error)
|
|||||||
return int(dest.Count), nil
|
return int(dest.Count), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CountComplaintsSince counts word complaints filed strictly after since — the operator
|
||||||
|
// alert worker's "new since the last check" signal.
|
||||||
|
func (s *Store) CountComplaintsSince(ctx context.Context, since time.Time) (int, error) {
|
||||||
|
stmt := postgres.SELECT(postgres.COUNT(table.Complaints.ComplaintID).AS("count")).
|
||||||
|
FROM(table.Complaints).
|
||||||
|
WHERE(table.Complaints.CreatedAt.GT(postgres.TimestampzT(since)))
|
||||||
|
var dest struct{ Count int64 }
|
||||||
|
if err := stmt.QueryContext(ctx, s.db, &dest); err != nil {
|
||||||
|
return 0, fmt.Errorf("game: count complaints since: %w", err)
|
||||||
|
}
|
||||||
|
return int(dest.Count), nil
|
||||||
|
}
|
||||||
|
|
||||||
// ActiveGames returns the turn clocks of every in-progress game; the sweeper
|
// ActiveGames returns the turn clocks of every in-progress game; the sweeper
|
||||||
// filters them against the per-move deadline and the player's away window.
|
// filters them against the per-move deadline and the player's away window.
|
||||||
func (s *Store) ActiveGames(ctx context.Context) ([]activeGame, error) {
|
func (s *Store) ActiveGames(ctx context.Context) ([]activeGame, error) {
|
||||||
|
|||||||
@@ -110,15 +110,15 @@ func identityConfirmed(t *testing.T, kind, externalID string) bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TestProvisionTelegramSeedsNewAccountOnly checks that Telegram first contact
|
// TestProvisionTelegramSeedsNewAccountOnly checks that Telegram first contact
|
||||||
// seeds the new account's language and display name from the launch fields,
|
// seeds the new account's language, display name and time zone from the launch
|
||||||
// defaults the in-app-only flag on, and never overwrites an existing account on a
|
// fields / detected offset, defaults the in-app-only flag on, and never overwrites
|
||||||
// later login (language seeding).
|
// an existing account on a later login (language and zone seeding).
|
||||||
func TestProvisionTelegramSeedsNewAccountOnly(t *testing.T) {
|
func TestProvisionTelegramSeedsNewAccountOnly(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
ext := "tg-" + uuid.NewString()
|
ext := "tg-" + uuid.NewString()
|
||||||
|
|
||||||
acc, created, err := store.ProvisionTelegram(ctx, ext, "ru-RU", "thehandle", "Иван")
|
acc, created, err := store.ProvisionTelegram(ctx, ext, "ru-RU", "thehandle", "Иван", "+03:00")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision telegram: %v", err)
|
t.Fatalf("provision telegram: %v", err)
|
||||||
}
|
}
|
||||||
@@ -131,12 +131,15 @@ func TestProvisionTelegramSeedsNewAccountOnly(t *testing.T) {
|
|||||||
if acc.DisplayName != "Иван" {
|
if acc.DisplayName != "Иван" {
|
||||||
t.Errorf("DisplayName = %q, want Иван", acc.DisplayName)
|
t.Errorf("DisplayName = %q, want Иван", acc.DisplayName)
|
||||||
}
|
}
|
||||||
|
if acc.TimeZone != "+03:00" {
|
||||||
|
t.Errorf("TimeZone = %q, want the seeded +03:00", acc.TimeZone)
|
||||||
|
}
|
||||||
if !acc.NotificationsInAppOnly {
|
if !acc.NotificationsInAppOnly {
|
||||||
t.Error("NotificationsInAppOnly should default to true")
|
t.Error("NotificationsInAppOnly should default to true")
|
||||||
}
|
}
|
||||||
|
|
||||||
// A later login with different fields returns the same account, unchanged.
|
// A later login with different fields returns the same account, unchanged.
|
||||||
again, created, err := store.ProvisionTelegram(ctx, ext, "en", "other", "Other")
|
again, created, err := store.ProvisionTelegram(ctx, ext, "en", "other", "Other", "+09:00")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("re-provision telegram: %v", err)
|
t.Fatalf("re-provision telegram: %v", err)
|
||||||
}
|
}
|
||||||
@@ -146,8 +149,100 @@ func TestProvisionTelegramSeedsNewAccountOnly(t *testing.T) {
|
|||||||
if again.ID != acc.ID {
|
if again.ID != acc.ID {
|
||||||
t.Errorf("re-provision id = %s, want %s", again.ID, acc.ID)
|
t.Errorf("re-provision id = %s, want %s", again.ID, acc.ID)
|
||||||
}
|
}
|
||||||
if again.PreferredLanguage != "ru" || again.DisplayName != "Иван" {
|
if again.PreferredLanguage != "ru" || again.DisplayName != "Иван" || again.TimeZone != "+03:00" {
|
||||||
t.Errorf("existing account overwritten: lang=%q name=%q", again.PreferredLanguage, again.DisplayName)
|
t.Errorf("existing account overwritten: lang=%q name=%q tz=%q", again.PreferredLanguage, again.DisplayName, again.TimeZone)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestProvisionVKSeedsNewAccountOnly checks VK first contact seeds the new account's
|
||||||
|
// language, display name and time zone from the launch fields / detected offset, records
|
||||||
|
// the vk identity as confirmed (a platform identity), and never overwrites an existing
|
||||||
|
// account on a later launch. It also exercises the widened identities.kind CHECK — a
|
||||||
|
// 'vk' row must insert.
|
||||||
|
func TestProvisionVKSeedsNewAccountOnly(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
ext := "vk-" + uuid.NewString()
|
||||||
|
|
||||||
|
acc, created, err := store.ProvisionVK(ctx, ext, "ru", "Иван Петров", "+03:00")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision vk: %v", err)
|
||||||
|
}
|
||||||
|
if !created {
|
||||||
|
t.Error("created = false on first contact, want true")
|
||||||
|
}
|
||||||
|
if acc.PreferredLanguage != "ru" {
|
||||||
|
t.Errorf("PreferredLanguage = %q, want ru", acc.PreferredLanguage)
|
||||||
|
}
|
||||||
|
if acc.DisplayName != "Иван Петров" {
|
||||||
|
t.Errorf("DisplayName = %q, want Иван Петров", acc.DisplayName)
|
||||||
|
}
|
||||||
|
if acc.TimeZone != "+03:00" {
|
||||||
|
t.Errorf("TimeZone = %q, want the seeded +03:00", acc.TimeZone)
|
||||||
|
}
|
||||||
|
// A VK identity is a platform identity: confirmed on insert.
|
||||||
|
if !identityConfirmed(t, account.KindVK, ext) {
|
||||||
|
t.Error("vk identity must be confirmed")
|
||||||
|
}
|
||||||
|
|
||||||
|
// A later launch with different fields returns the same account, unchanged.
|
||||||
|
again, created, err := store.ProvisionVK(ctx, ext, "en", "Other Name", "+09:00")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("re-provision vk: %v", err)
|
||||||
|
}
|
||||||
|
if created {
|
||||||
|
t.Error("created = true on a repeat launch, want false")
|
||||||
|
}
|
||||||
|
if again.ID != acc.ID {
|
||||||
|
t.Errorf("re-provision id = %s, want %s", again.ID, acc.ID)
|
||||||
|
}
|
||||||
|
if again.PreferredLanguage != "ru" || again.DisplayName != "Иван Петров" || again.TimeZone != "+03:00" {
|
||||||
|
t.Errorf("existing account overwritten: lang=%q name=%q tz=%q", again.PreferredLanguage, again.DisplayName, again.TimeZone)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestProvisionSeedsTimeZone checks the create-time time-zone seed across paths: a
|
||||||
|
// valid detected offset is stored verbatim (even "+00:00", which is deliberately
|
||||||
|
// distinct from the unset "UTC" default), a guest is seeded the same way, and a
|
||||||
|
// missing or malformed offset falls back to the "UTC" column default rather than
|
||||||
|
// being guessed at.
|
||||||
|
func TestProvisionSeedsTimeZone(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
|
||||||
|
// A detected zero offset is written as "+00:00" — we record that the zone was
|
||||||
|
// detected (and equals UTC), distinct from the "UTC" default meaning "unknown".
|
||||||
|
utcDetected, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Zero", "+00:00")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision telegram +00:00: %v", err)
|
||||||
|
}
|
||||||
|
if utcDetected.TimeZone != "+00:00" {
|
||||||
|
t.Errorf("TimeZone = %q, want the seeded +00:00", utcDetected.TimeZone)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A malformed offset is dropped: the account keeps the UTC default.
|
||||||
|
bad, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Bad", "not-a-zone")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision telegram bad tz: %v", err)
|
||||||
|
}
|
||||||
|
if bad.TimeZone != "UTC" {
|
||||||
|
t.Errorf("TimeZone = %q, want UTC fallback for a malformed offset", bad.TimeZone)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A guest is seeded its detected offset; an empty one keeps the UTC default.
|
||||||
|
guest, err := store.ProvisionGuest(ctx, "-05:30")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision guest: %v", err)
|
||||||
|
}
|
||||||
|
if guest.TimeZone != "-05:30" {
|
||||||
|
t.Errorf("guest TimeZone = %q, want the seeded -05:30", guest.TimeZone)
|
||||||
|
}
|
||||||
|
plainGuest, err := store.ProvisionGuest(ctx, "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision plain guest: %v", err)
|
||||||
|
}
|
||||||
|
if plainGuest.TimeZone != "UTC" {
|
||||||
|
t.Errorf("plain guest TimeZone = %q, want UTC default", plainGuest.TimeZone)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -156,7 +251,7 @@ func TestProvisionTelegramSeedsNewAccountOnly(t *testing.T) {
|
|||||||
// language CHECK.
|
// language CHECK.
|
||||||
func TestProvisionTelegramUnknownLanguageDefaults(t *testing.T) {
|
func TestProvisionTelegramUnknownLanguageDefaults(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
acc, _, err := account.NewStore(testDB).ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "fr", "", "")
|
acc, _, err := account.NewStore(testDB).ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "fr", "", "", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision telegram: %v", err)
|
t.Fatalf("provision telegram: %v", err)
|
||||||
}
|
}
|
||||||
@@ -172,7 +267,7 @@ func TestProvisionTelegramUnknownLanguageDefaults(t *testing.T) {
|
|||||||
func TestHighRateFlagRoundTrip(t *testing.T) {
|
func TestHighRateFlagRoundTrip(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
acc, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Player")
|
acc, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Player", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision telegram: %v", err)
|
t.Fatalf("provision telegram: %v", err)
|
||||||
}
|
}
|
||||||
@@ -228,7 +323,7 @@ func TestIdentityExternalID(t *testing.T) {
|
|||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
ext := "tg-" + uuid.NewString()
|
ext := "tg-" + uuid.NewString()
|
||||||
acc, _, err := store.ProvisionTelegram(ctx, ext, "en", "", "Tg User")
|
acc, _, err := store.ProvisionTelegram(ctx, ext, "en", "", "Tg User", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision telegram: %v", err)
|
t.Fatalf("provision telegram: %v", err)
|
||||||
}
|
}
|
||||||
@@ -253,7 +348,7 @@ func TestIdentityExternalID(t *testing.T) {
|
|||||||
func TestNotificationsInAppOnlyRoundTrip(t *testing.T) {
|
func TestNotificationsInAppOnlyRoundTrip(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
acc, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Player")
|
acc, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Player", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision telegram: %v", err)
|
t.Fatalf("provision telegram: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -222,7 +222,7 @@ func TestConsoleGameDetailRobotSchedule(t *testing.T) {
|
|||||||
func TestConsoleThrottledViewAndFlagClear(t *testing.T) {
|
func TestConsoleThrottledViewAndFlagClear(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
accounts := account.NewStore(testDB)
|
accounts := account.NewStore(testDB)
|
||||||
acc, _, err := accounts.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Throttled Player")
|
acc, _, err := accounts.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Throttled Player", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision: %v", err)
|
t.Fatalf("provision: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,83 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestRemoveEmailIdentity erases an account's email identity but refuses when the
|
||||||
|
// email is the account's only identity (which would leave it unreachable).
|
||||||
|
func TestRemoveEmailIdentity(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
|
||||||
|
// Email is the only identity → refuse.
|
||||||
|
solo, err := store.ProvisionEmail(ctx, "solo-"+uuid.NewString()+"@example.com", "", "en")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision email: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.RemoveEmailIdentity(ctx, solo.ID); !errors.Is(err, account.ErrLastIdentity) {
|
||||||
|
t.Fatalf("remove last identity = %v, want ErrLastIdentity", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Telegram + email → erase the email, keep Telegram.
|
||||||
|
tg, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision telegram: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, tg.ID, account.KindEmail, "dual-"+uuid.NewString()+"@example.com", true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.RemoveEmailIdentity(ctx, tg.ID); err != nil {
|
||||||
|
t.Fatalf("remove email: %v", err)
|
||||||
|
}
|
||||||
|
ids, err := store.Identities(ctx, tg.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("identities: %v", err)
|
||||||
|
}
|
||||||
|
if len(ids) != 1 || ids[0].Kind != account.KindTelegram {
|
||||||
|
t.Errorf("identities after erase = %+v, want only telegram", ids)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestListUsersEmailExact matches accounts strictly (exactly) by their email identity.
|
||||||
|
func TestListUsersEmailExact(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
email := "find-" + uuid.NewString() + "@example.com"
|
||||||
|
acc, err := store.ProvisionEmail(ctx, email, "", "en")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
items, err := store.ListUsers(ctx, account.UserFilter{EmailExact: email}, 50, 0)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("list: %v", err)
|
||||||
|
}
|
||||||
|
found := false
|
||||||
|
for _, it := range items {
|
||||||
|
if it.ID == acc.ID {
|
||||||
|
found = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !found {
|
||||||
|
t.Error("the exact email filter did not find the account")
|
||||||
|
}
|
||||||
|
|
||||||
|
other, err := store.ListUsers(ctx, account.UserFilter{EmailExact: "nope-" + uuid.NewString() + "@example.com"}, 50, 0)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("list (no match): %v", err)
|
||||||
|
}
|
||||||
|
for _, it := range other {
|
||||||
|
if it.ID == acc.ID {
|
||||||
|
t.Error("a non-matching email filter must not return the account")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -55,7 +55,7 @@ func TestChatAccessResolver(t *testing.T) {
|
|||||||
srv := server.New(":0", server.Deps{Logger: zaptest.NewLogger(t), DB: testDB, Accounts: accounts})
|
srv := server.New(":0", server.Deps{Logger: zaptest.NewLogger(t), DB: testDB, Accounts: accounts})
|
||||||
|
|
||||||
ext := "tg-" + uuid.NewString()
|
ext := "tg-" + uuid.NewString()
|
||||||
acc, _, err := accounts.ProvisionTelegram(ctx, ext, "en", "", "Chatter")
|
acc, _, err := accounts.ProvisionTelegram(ctx, ext, "en", "", "Chatter", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision: %v", err)
|
t.Fatalf("provision: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -138,6 +138,65 @@ func TestNudgeClearedByMove(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestGameCompletionExpiresNudgesKeepsChat checks that finishing a game by turn-timeout marks every
|
||||||
|
// pending nudge in it read — the lobby's nudge badge is stale once the game is over — while leaving
|
||||||
|
// real chat messages unread. It reproduces the reported bug: the timeout path commits the finish
|
||||||
|
// directly, bypassing the move path's per-mover nudge clear, so without a completion-driven expiry
|
||||||
|
// the awaited seat's nudge lingered as a badge on the finished game.
|
||||||
|
func TestGameCompletionExpiresNudgesKeepsChat(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
gameSvc := newGameService()
|
||||||
|
socialSvc := newSocialService()
|
||||||
|
gameSvc.SetNudgeExpirer(socialSvc.ExpireNudges)
|
||||||
|
|
||||||
|
seats := []uuid.UUID{provisionAccount(t), provisionAccount(t)}
|
||||||
|
g, err := gameSvc.Create(ctx, game.CreateParams{
|
||||||
|
Variant: engine.VariantEnglish, Seats: seats, TurnTimeout: time.Hour, Seed: openingSeed(t),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("create: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Seat 1 nudges the to-move seat 0 (the awaited player), and seat 0 posts a real chat message,
|
||||||
|
// which seat 1 then holds unread. So before the timeout each side has exactly one unread entry:
|
||||||
|
// seat 0 a nudge, seat 1 a message — letting HasUnread isolate each kind.
|
||||||
|
if _, err := socialSvc.Nudge(ctx, g.ID, seats[1]); err != nil {
|
||||||
|
t.Fatalf("nudge: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := socialSvc.PostMessage(ctx, g.ID, seats[0], "good luck", ""); err != nil {
|
||||||
|
t.Fatalf("post message: %v", err)
|
||||||
|
}
|
||||||
|
if unread, _ := socialSvc.HasUnread(ctx, g.ID, seats[0]); !unread {
|
||||||
|
t.Fatal("seat 0 should hold the nudge unread before the timeout")
|
||||||
|
}
|
||||||
|
if unread, _ := socialSvc.HasUnread(ctx, g.ID, seats[1]); !unread {
|
||||||
|
t.Fatal("seat 1 should hold the message unread before the timeout")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Age the turn past its deadline and time seat 0 out; an empty away window keeps this
|
||||||
|
// deterministic regardless of the wall clock. The sweep finishes the game through the direct
|
||||||
|
// commit path, never the move path.
|
||||||
|
backdate(t, g.ID, time.Now().UTC().Add(-2*time.Hour))
|
||||||
|
setAway(t, seats[0], "UTC", "00:00", "00:00")
|
||||||
|
if n, err := gameSvc.SweepTimeouts(ctx, time.Now().UTC()); err != nil || n < 1 {
|
||||||
|
t.Fatalf("sweep swept %d (err %v), want >= 1", n, err)
|
||||||
|
}
|
||||||
|
if status, reason := gameStatus(t, gameSvc, g.ID); status != game.StatusFinished || reason != "timeout" {
|
||||||
|
t.Fatalf("game not timed out: status %q reason %q", status, reason)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The nudge is stale on a finished game and must be cleared; the chat message must survive.
|
||||||
|
if unread, _ := socialSvc.HasUnread(ctx, g.ID, seats[0]); unread {
|
||||||
|
t.Error("the nudge should be expired once the game has finished")
|
||||||
|
}
|
||||||
|
if unread, _ := socialSvc.HasUnread(ctx, g.ID, seats[1]); !unread {
|
||||||
|
t.Error("a real chat message must stay unread after the game finishes")
|
||||||
|
}
|
||||||
|
if msg, _ := socialSvc.HasUnreadMessage(ctx, g.ID, seats[1]); !msg {
|
||||||
|
t.Error("the chat message must remain flagged as an unread message after completion")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TestChatToRobotIsBornRead checks a text message to a disguised robot opponent (a pooled
|
// TestChatToRobotIsBornRead checks a text message to a disguised robot opponent (a pooled
|
||||||
// robot substituted into an ordinary, non-AI game) is born read: the robot never opens the
|
// robot substituted into an ordinary, non-AI game) is born read: the robot never opens the
|
||||||
// chat, so the message must not linger unread (skewing the count and the read metric).
|
// chat, so the message must not linger unread (skewing the count and the read metric).
|
||||||
|
|||||||
@@ -0,0 +1,322 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"errors"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/accountdelete"
|
||||||
|
"scrabble/backend/internal/engine"
|
||||||
|
"scrabble/backend/internal/game"
|
||||||
|
)
|
||||||
|
|
||||||
|
// deletedFields reads a tombstoned account's retained real name and its deleted_at.
|
||||||
|
func deletedFields(t *testing.T, accountID uuid.UUID) (name string, deletedAt sql.NullTime) {
|
||||||
|
t.Helper()
|
||||||
|
var dn sql.NullString
|
||||||
|
err := testDB.QueryRowContext(context.Background(),
|
||||||
|
"SELECT deleted_display_name, deleted_at FROM accounts WHERE account_id = $1", accountID).
|
||||||
|
Scan(&dn, &deletedAt)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("read deleted fields %s: %v", accountID, err)
|
||||||
|
}
|
||||||
|
return dn.String, deletedAt
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestAnonymizeAndTombstone: deletion journals + frees the credentials, tombstones the
|
||||||
|
// account, scrubs the live name while retaining the real one, and frees the creds for a
|
||||||
|
// new account to reuse.
|
||||||
|
func TestAnonymizeAndTombstone(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
deleter := accountdelete.NewDeleter(testDB)
|
||||||
|
|
||||||
|
acc, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "ru", "handle", "Иван", "+03:00")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
email := "del-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, email, true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
before, err := store.GetByID(ctx, acc.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("load before: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := deleter.AnonymizeAndTombstone(ctx, acc.ID); err != nil {
|
||||||
|
t.Fatalf("delete: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The live identities are gone.
|
||||||
|
if ids, err := store.Identities(ctx, acc.ID); err != nil || len(ids) != 0 {
|
||||||
|
t.Fatalf("identities after delete = %+v (err %v), want none", ids, err)
|
||||||
|
}
|
||||||
|
// Both credentials are journalled with reason=delete.
|
||||||
|
got := retainedRows(t, acc.ID)
|
||||||
|
if len(got) != 2 {
|
||||||
|
t.Fatalf("retained rows = %+v, want 2", got)
|
||||||
|
}
|
||||||
|
for _, r := range got {
|
||||||
|
if r.reason != "delete" {
|
||||||
|
t.Errorf("retained reason = %q, want delete", r.reason)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// The live name is scrubbed; the real one is retained; deleted_at is set.
|
||||||
|
after, err := store.GetByID(ctx, acc.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("load after: %v", err)
|
||||||
|
}
|
||||||
|
if after.DisplayName != accountdelete.AnonymizedName {
|
||||||
|
t.Errorf("live display name = %q, want %q", after.DisplayName, accountdelete.AnonymizedName)
|
||||||
|
}
|
||||||
|
name, deletedAt := deletedFields(t, acc.ID)
|
||||||
|
if name != before.DisplayName {
|
||||||
|
t.Errorf("retained name = %q, want %q", name, before.DisplayName)
|
||||||
|
}
|
||||||
|
if !deletedAt.Valid || time.Since(deletedAt.Time) > time.Minute {
|
||||||
|
t.Errorf("deleted_at = %+v, want a recent timestamp", deletedAt)
|
||||||
|
}
|
||||||
|
// The credentials are free: a new account can claim the same email.
|
||||||
|
other, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Other", "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision other: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, other.ID, account.KindEmail, email, true); err != nil {
|
||||||
|
t.Fatalf("email should be free after deletion, got: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestDeletionDossierReaders: after deletion the admin readers expose the credential
|
||||||
|
// journal and the tombstone dossier.
|
||||||
|
func TestDeletionDossierReaders(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
deleter := accountdelete.NewDeleter(testDB)
|
||||||
|
|
||||||
|
acc, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "ru", "handle", "Иван", "+03:00")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, "dos-"+uuid.NewString()+"@example.com", true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
if err := deleter.AnonymizeAndTombstone(ctx, acc.ID); err != nil {
|
||||||
|
t.Fatalf("delete: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
rets, err := store.RetainedIdentities(ctx, acc.ID)
|
||||||
|
if err != nil || len(rets) != 2 {
|
||||||
|
t.Fatalf("RetainedIdentities = (%+v, %v), want 2 rows", rets, err)
|
||||||
|
}
|
||||||
|
for _, r := range rets {
|
||||||
|
if r.Reason != "delete" {
|
||||||
|
t.Errorf("retained reason = %q, want delete", r.Reason)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
info, err := store.DeletionInfo(ctx, acc.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("DeletionInfo: %v", err)
|
||||||
|
}
|
||||||
|
if info.DeletedAt == nil {
|
||||||
|
t.Error("DeletionInfo.DeletedAt should be set")
|
||||||
|
}
|
||||||
|
if info.DeletedDisplayName != "Иван" {
|
||||||
|
t.Errorf("DeletionInfo.DeletedDisplayName = %q, want Иван", info.DeletedDisplayName)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// listHasID reports whether the user list contains accountID.
|
||||||
|
func listHasID(items []account.UserListItem, id uuid.UUID) bool {
|
||||||
|
for _, it := range items {
|
||||||
|
if it.ID == id {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestUserListDeletedFilter: a tombstoned account is hidden from the default People list and
|
||||||
|
// shown only under the Deleted scope.
|
||||||
|
func TestUserListDeletedFilter(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
deleter := accountdelete.NewDeleter(testDB)
|
||||||
|
|
||||||
|
live, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "en", "", "Live", "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision live: %v", err)
|
||||||
|
}
|
||||||
|
goneTg := "tg-" + uuid.NewString()
|
||||||
|
gone, _, err := store.ProvisionTelegram(ctx, goneTg, "en", "", "Gone", "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision gone: %v", err)
|
||||||
|
}
|
||||||
|
goneEmail := "gone-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, gone.ID, account.KindEmail, goneEmail, true); err != nil {
|
||||||
|
t.Fatalf("attach gone email: %v", err)
|
||||||
|
}
|
||||||
|
if err := deleter.AnonymizeAndTombstone(ctx, gone.ID); err != nil {
|
||||||
|
t.Fatalf("delete: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
people, err := store.ListUsers(ctx, account.UserFilter{}, 5000, 0)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("list people: %v", err)
|
||||||
|
}
|
||||||
|
if listHasID(people, gone.ID) {
|
||||||
|
t.Error("a deleted account must not appear in the default People list")
|
||||||
|
}
|
||||||
|
if !listHasID(people, live.ID) {
|
||||||
|
t.Error("a live account must appear in the default People list")
|
||||||
|
}
|
||||||
|
deleted, err := store.ListUsers(ctx, account.UserFilter{Deleted: true}, 5000, 0)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("list deleted: %v", err)
|
||||||
|
}
|
||||||
|
if !listHasID(deleted, gone.ID) {
|
||||||
|
t.Error("a deleted account must appear in the Deleted list")
|
||||||
|
}
|
||||||
|
if listHasID(deleted, live.ID) {
|
||||||
|
t.Error("a live account must not appear in the Deleted list")
|
||||||
|
}
|
||||||
|
|
||||||
|
// A search spans both lists and reaches the retention journal: a deleted account is
|
||||||
|
// still found by the email and external id it held (both moved to retained_identities
|
||||||
|
// on deletion, out of the live identities table).
|
||||||
|
byEmail, err := store.ListUsers(ctx, account.UserFilter{EmailExact: goneEmail}, 5000, 0)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("search by email: %v", err)
|
||||||
|
}
|
||||||
|
if !listHasID(byEmail, gone.ID) {
|
||||||
|
t.Error("a deleted account must be found by the email it held (retention journal)")
|
||||||
|
}
|
||||||
|
byExt, err := store.ListUsers(ctx, account.UserFilter{ExternalIDMask: goneTg}, 5000, 0)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("search by external id: %v", err)
|
||||||
|
}
|
||||||
|
if !listHasID(byExt, gone.ID) {
|
||||||
|
t.Error("a deleted account must be found by the external id it held (retention journal)")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestConfirmCodeClearsGuest: confirming an email on a guest via ConfirmCode promotes it to
|
||||||
|
// a durable account (defence-in-depth — no confirmed-email path leaves is_guest set).
|
||||||
|
func TestConfirmCodeClearsGuest(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
|
guest, err := store.ProvisionGuest(ctx, "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision guest: %v", err)
|
||||||
|
}
|
||||||
|
email := "cc-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := svc.RequestCode(ctx, guest.ID, email); err != nil {
|
||||||
|
t.Fatalf("request code: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := svc.ConfirmCode(ctx, guest.ID, email, sixDigit.FindString(mailer.lastBody)); err != nil {
|
||||||
|
t.Fatalf("confirm code: %v", err)
|
||||||
|
}
|
||||||
|
after, err := store.GetByID(ctx, guest.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("load: %v", err)
|
||||||
|
}
|
||||||
|
if after.IsGuest {
|
||||||
|
t.Error("confirming an email must clear the guest flag")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestDropAllRobotGames drops the deletee's solo vs-AI game but keeps a game with a human
|
||||||
|
// opponent.
|
||||||
|
func TestDropAllRobotGames(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
gsvc := newGameService()
|
||||||
|
robots := newRobotService(t, gsvc)
|
||||||
|
if err := robots.EnsurePool(ctx); err != nil {
|
||||||
|
t.Fatalf("ensure pool: %v", err)
|
||||||
|
}
|
||||||
|
mm := newMatchmaker(t, robots, time.Minute, 0)
|
||||||
|
deleter := accountdelete.NewDeleter(testDB)
|
||||||
|
|
||||||
|
user := provisionAccount(t)
|
||||||
|
other := provisionAccount(t)
|
||||||
|
|
||||||
|
aiRes, err := mm.StartVsAI(ctx, user, engine.VariantEnglish, true)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("start vs AI: %v", err)
|
||||||
|
}
|
||||||
|
humanGame, err := gsvc.Create(ctx, game.CreateParams{
|
||||||
|
Variant: engine.VariantEnglish, Seats: []uuid.UUID{user, other}, TurnTimeout: time.Hour, Seed: 1,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("create human game: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
n, err := deleter.DropAllRobotGames(ctx, user)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("drop: %v", err)
|
||||||
|
}
|
||||||
|
if n != 1 {
|
||||||
|
t.Fatalf("dropped %d games, want 1 (the vs-AI game)", n)
|
||||||
|
}
|
||||||
|
if _, err := gsvc.GameByID(ctx, aiRes.Game.ID); err == nil {
|
||||||
|
t.Error("the vs-AI game should be dropped")
|
||||||
|
}
|
||||||
|
if _, err := gsvc.GameByID(ctx, humanGame.ID); err != nil {
|
||||||
|
t.Errorf("the human game should be kept, got: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestDeleteStepUpEmail: an email account's delete code verifies (wrong code rejected, no
|
||||||
|
// deeplink in the mail); a platform-only account has no email and cannot request a code.
|
||||||
|
func TestDeleteStepUpEmail(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, "del-"+uuid.NewString()+"@example.com", true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
if has, err := svc.HasEmail(ctx, acc.ID); err != nil || !has {
|
||||||
|
t.Fatalf("HasEmail = (%v, %v), want true", has, err)
|
||||||
|
}
|
||||||
|
if err := svc.RequestDeleteCode(ctx, acc.ID); err != nil {
|
||||||
|
t.Fatalf("request delete code: %v", err)
|
||||||
|
}
|
||||||
|
if strings.Contains(mailer.lastBody, "/confirm/") {
|
||||||
|
t.Error("a delete email must not carry a one-tap deeplink")
|
||||||
|
}
|
||||||
|
code := sixDigit.FindString(mailer.lastBody)
|
||||||
|
if err := svc.VerifyDeleteCode(ctx, acc.ID, "000000"); err == nil {
|
||||||
|
t.Error("a wrong delete code must be rejected")
|
||||||
|
}
|
||||||
|
if err := svc.VerifyDeleteCode(ctx, acc.ID, code); err != nil {
|
||||||
|
t.Fatalf("verify correct delete code: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
noEmail, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision no-email: %v", err)
|
||||||
|
}
|
||||||
|
if has, _ := svc.HasEmail(ctx, noEmail.ID); has {
|
||||||
|
t.Error("HasEmail must be false for a platform-only account")
|
||||||
|
}
|
||||||
|
if err := svc.RequestDeleteCode(ctx, noEmail.ID); !errors.Is(err, account.ErrNoEmail) {
|
||||||
|
t.Errorf("request delete for no-email account = %v, want ErrNoEmail", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -19,8 +19,8 @@ import (
|
|||||||
// recover the confirm-code from the body.
|
// recover the confirm-code from the body.
|
||||||
type capturingMailer struct{ lastBody string }
|
type capturingMailer struct{ lastBody string }
|
||||||
|
|
||||||
func (m *capturingMailer) Send(_ context.Context, _, _, body string) error {
|
func (m *capturingMailer) Send(_ context.Context, msg account.Message) error {
|
||||||
m.lastBody = body
|
m.lastBody = msg.Text
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -32,7 +32,7 @@ func TestEmailConfirmFlow(t *testing.T) {
|
|||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
mailer := &capturingMailer{}
|
mailer := &capturingMailer{}
|
||||||
svc := account.NewEmailService(store, mailer)
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
email := "user-" + uuid.NewString() + "@example.com"
|
email := "user-" + uuid.NewString() + "@example.com"
|
||||||
@@ -67,7 +67,7 @@ func TestEmailAlreadyTakenByAnotherAccount(t *testing.T) {
|
|||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
mailer := &capturingMailer{}
|
mailer := &capturingMailer{}
|
||||||
svc := account.NewEmailService(store, mailer)
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
owner := provisionAccount(t)
|
owner := provisionAccount(t)
|
||||||
email := "taken-" + uuid.NewString() + "@example.com"
|
email := "taken-" + uuid.NewString() + "@example.com"
|
||||||
@@ -89,7 +89,7 @@ func TestEmailCodeExpires(t *testing.T) {
|
|||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
mailer := &capturingMailer{}
|
mailer := &capturingMailer{}
|
||||||
svc := account.NewEmailService(store, mailer)
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
email := "expire-" + uuid.NewString() + "@example.com"
|
email := "expire-" + uuid.NewString() + "@example.com"
|
||||||
@@ -111,7 +111,7 @@ func TestEmailTooManyAttempts(t *testing.T) {
|
|||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
mailer := &capturingMailer{}
|
mailer := &capturingMailer{}
|
||||||
svc := account.NewEmailService(store, mailer)
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
email := "lock-" + uuid.NewString() + "@example.com"
|
email := "lock-" + uuid.NewString() + "@example.com"
|
||||||
@@ -203,10 +203,10 @@ func TestUpdateProfileOffsetTimezone(t *testing.T) {
|
|||||||
func TestEmailLoginFlow(t *testing.T) {
|
func TestEmailLoginFlow(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
mailer := &capturingMailer{}
|
mailer := &capturingMailer{}
|
||||||
svc := account.NewEmailService(account.NewStore(testDB), mailer)
|
svc := account.NewEmailService(account.NewStore(testDB), mailer, "https://erudit-game.ru")
|
||||||
email := "login-" + uuid.NewString() + "@example.com"
|
email := "login-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
accountID, err := svc.RequestLoginCode(ctx, email)
|
accountID, err := svc.RequestLoginCode(ctx, email, "+02:00", "en")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("request login code: %v", err)
|
t.Fatalf("request login code: %v", err)
|
||||||
}
|
}
|
||||||
@@ -225,12 +225,15 @@ func TestEmailLoginFlow(t *testing.T) {
|
|||||||
if acc.IsGuest {
|
if acc.IsGuest {
|
||||||
t.Error("an email account must be durable, not a guest")
|
t.Error("an email account must be durable, not a guest")
|
||||||
}
|
}
|
||||||
|
if acc.TimeZone != "+02:00" {
|
||||||
|
t.Errorf("TimeZone = %q, want the +02:00 seeded at the request step", acc.TimeZone)
|
||||||
|
}
|
||||||
if !identityConfirmed(t, account.KindEmail, email) {
|
if !identityConfirmed(t, account.KindEmail, email) {
|
||||||
t.Error("the email identity must be confirmed after login")
|
t.Error("the email identity must be confirmed after login")
|
||||||
}
|
}
|
||||||
|
|
||||||
// A second login for the same email is the returning user: same account.
|
// A second login for the same email is the returning user: same account.
|
||||||
if _, err := svc.RequestLoginCode(ctx, email); err != nil {
|
if _, err := svc.RequestLoginCode(ctx, email, "", "ru"); err != nil {
|
||||||
t.Fatalf("second request: %v", err)
|
t.Fatalf("second request: %v", err)
|
||||||
}
|
}
|
||||||
acc2, err := svc.LoginWithCode(ctx, email, sixDigit.FindString(mailer.lastBody))
|
acc2, err := svc.LoginWithCode(ctx, email, sixDigit.FindString(mailer.lastBody))
|
||||||
@@ -241,3 +244,182 @@ func TestEmailLoginFlow(t *testing.T) {
|
|||||||
t.Errorf("returning login account = %s, want %s", acc2.ID, accountID)
|
t.Errorf("returning login account = %s, want %s", acc2.ID, accountID)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestEmailLoginProvisionsGuestUntilConfirmed covers the squat fix: an email-login
|
||||||
|
// account is a guest (reapable, so an abandoned never-confirmed login frees its
|
||||||
|
// address) until the code is confirmed, which promotes it to a durable account.
|
||||||
|
func TestEmailLoginProvisionsGuestUntilConfirmed(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
email := "squat-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
|
id, err := svc.RequestLoginCode(ctx, email, "", "en")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("request login code: %v", err)
|
||||||
|
}
|
||||||
|
before, err := store.GetByID(ctx, id)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("get before confirm: %v", err)
|
||||||
|
}
|
||||||
|
if !before.IsGuest {
|
||||||
|
t.Error("an unconfirmed email-login account must be a guest so it is reapable")
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := svc.LoginWithCode(ctx, email, sixDigit.FindString(mailer.lastBody)); err != nil {
|
||||||
|
t.Fatalf("login: %v", err)
|
||||||
|
}
|
||||||
|
after, err := store.GetByID(ctx, id)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("get after confirm: %v", err)
|
||||||
|
}
|
||||||
|
if after.IsGuest {
|
||||||
|
t.Error("confirming the login must clear the guest flag (promote to durable)")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// confirmToken extracts the one-tap deeplink token from the /app/#/confirm/<token> link
|
||||||
|
// the branded email carries.
|
||||||
|
var confirmToken = regexp.MustCompile(`/confirm/([A-Za-z0-9_-]+)`)
|
||||||
|
|
||||||
|
func tokenFromMail(t *testing.T, body string) string {
|
||||||
|
t.Helper()
|
||||||
|
m := confirmToken.FindStringSubmatch(body)
|
||||||
|
if m == nil {
|
||||||
|
t.Fatalf("no confirm token in mail body %q", body)
|
||||||
|
}
|
||||||
|
return m[1]
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestConfirmByTokenLogin: the one-tap deeplink token completes an email login,
|
||||||
|
// clearing the guest flag.
|
||||||
|
func TestConfirmByTokenLogin(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
email := "tok-login-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
|
id, err := svc.RequestLoginCode(ctx, email, "", "en")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("request login: %v", err)
|
||||||
|
}
|
||||||
|
res, err := svc.ConfirmByToken(ctx, tokenFromMail(t, mailer.lastBody))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("confirm by token: %v", err)
|
||||||
|
}
|
||||||
|
if !res.IsLogin() || res.Account != id {
|
||||||
|
t.Fatalf("login result = %+v, want login for %s", res, id)
|
||||||
|
}
|
||||||
|
if !identityConfirmed(t, account.KindEmail, email) {
|
||||||
|
t.Error("email identity must be confirmed after the token login")
|
||||||
|
}
|
||||||
|
if acc, _ := store.GetByID(ctx, id); acc.IsGuest {
|
||||||
|
t.Error("the token login must clear the guest flag")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestConfirmByTokenLink: the token attaches a free email to the requesting account.
|
||||||
|
func TestConfirmByTokenLink(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
acc := provisionAccount(t)
|
||||||
|
email := "tok-link-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
|
if err := svc.RequestLinkCode(ctx, acc, email); err != nil {
|
||||||
|
t.Fatalf("request link: %v", err)
|
||||||
|
}
|
||||||
|
res, err := svc.ConfirmByToken(ctx, tokenFromMail(t, mailer.lastBody))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("confirm by token: %v", err)
|
||||||
|
}
|
||||||
|
if res.IsLogin() || res.NeedsMerge || res.Account != acc {
|
||||||
|
t.Fatalf("link result = %+v, want a plain link for %s", res, acc)
|
||||||
|
}
|
||||||
|
if !identityConfirmed(t, account.KindEmail, email) {
|
||||||
|
t.Error("email identity must be confirmed after the token link")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestConfirmByTokenLinkMerge: a token for an address owned by another account signals
|
||||||
|
// a merge (leaving the token unconsumed for the interactive step).
|
||||||
|
func TestConfirmByTokenLinkMerge(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
email := "tok-merge-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
|
owner := provisionAccount(t)
|
||||||
|
if err := svc.RequestCode(ctx, owner, email); err != nil {
|
||||||
|
t.Fatalf("owner request: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := svc.ConfirmCode(ctx, owner, email, sixDigit.FindString(mailer.lastBody)); err != nil {
|
||||||
|
t.Fatalf("owner confirm: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
other := provisionAccount(t)
|
||||||
|
if err := svc.RequestLinkCode(ctx, other, email); err != nil {
|
||||||
|
t.Fatalf("link request: %v", err)
|
||||||
|
}
|
||||||
|
res, err := svc.ConfirmByToken(ctx, tokenFromMail(t, mailer.lastBody))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("confirm by token: %v", err)
|
||||||
|
}
|
||||||
|
if !res.NeedsMerge || res.MergeOwner != owner {
|
||||||
|
t.Fatalf("merge result = %+v, want NeedsMerge with owner=%s", res, owner)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestEmailAccountSeedsDisplayName seeds a new email account's display name from the
|
||||||
|
// email's local part, so an email login is not left nameless.
|
||||||
|
func TestEmailAccountSeedsDisplayName(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
svc := account.NewEmailService(store, &capturingMailer{}, "https://erudit-game.ru")
|
||||||
|
local := "kaya-" + uuid.NewString()[:8]
|
||||||
|
|
||||||
|
id, err := svc.RequestLoginCode(ctx, local+"@example.com", "", "en")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("request login: %v", err)
|
||||||
|
}
|
||||||
|
acc, err := store.GetByID(ctx, id)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("get: %v", err)
|
||||||
|
}
|
||||||
|
if acc.DisplayName != local {
|
||||||
|
t.Errorf("display name = %q, want the email local part %q", acc.DisplayName, local)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestConfirmByTokenLinkClearsGuest: binding an email to a guest via the deeplink
|
||||||
|
// promotes the guest to a durable account (the deeplink path must match the
|
||||||
|
// code-based link flow, which clears the guest flag).
|
||||||
|
func TestConfirmByTokenLinkClearsGuest(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
guest, err := store.ProvisionGuest(ctx, "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision guest: %v", err)
|
||||||
|
}
|
||||||
|
email := "guest-link-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
|
if err := svc.RequestLinkCode(ctx, guest.ID, email); err != nil {
|
||||||
|
t.Fatalf("request link: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := svc.ConfirmByToken(ctx, tokenFromMail(t, mailer.lastBody)); err != nil {
|
||||||
|
t.Fatalf("confirm by token: %v", err)
|
||||||
|
}
|
||||||
|
acc, err := store.GetByID(ctx, guest.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("get: %v", err)
|
||||||
|
}
|
||||||
|
if acc.IsGuest {
|
||||||
|
t.Error("linking an email via the deeplink must promote the guest to durable")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ func latestFeedbackID(t *testing.T, svc *feedback.Service, acc uuid.UUID) uuid.U
|
|||||||
func TestFeedbackGuestRejected(t *testing.T) {
|
func TestFeedbackGuestRejected(t *testing.T) {
|
||||||
svc := newFeedbackService()
|
svc := newFeedbackService()
|
||||||
guest := provisionGuest(t)
|
guest := provisionGuest(t)
|
||||||
if err := svc.Submit(context.Background(), guest, "hi", nil, "", "web", "1.2.3.4"); !errors.Is(err, feedback.ErrGuestForbidden) {
|
if err := svc.Submit(context.Background(), guest, "hi", nil, "", "web", "v1", "+05:00", "1.2.3.4"); !errors.Is(err, feedback.ErrGuestForbidden) {
|
||||||
t.Fatalf("guest submit err = %v, want ErrGuestForbidden", err)
|
t.Fatalf("guest submit err = %v, want ErrGuestForbidden", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -48,11 +48,11 @@ func TestFeedbackSubmitGateAndReplyLifecycle(t *testing.T) {
|
|||||||
svc := newFeedbackService()
|
svc := newFeedbackService()
|
||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
|
|
||||||
if err := svc.Submit(ctx, acc, " please fix the board ", []byte("PNGDATA"), "shot.png", "ios", "9.9.9.9"); err != nil {
|
if err := svc.Submit(ctx, acc, " please fix the board ", []byte("PNGDATA"), "shot.png", "ios", "v1.2.0", "+03:00", "9.9.9.9"); err != nil {
|
||||||
t.Fatalf("submit: %v", err)
|
t.Fatalf("submit: %v", err)
|
||||||
}
|
}
|
||||||
// Anti-spam gate: a second message is refused while the first is unreviewed.
|
// Anti-spam gate: a second message is refused while the first is unreviewed.
|
||||||
if err := svc.Submit(ctx, acc, "again", nil, "", "web", ""); !errors.Is(err, feedback.ErrPendingReview) {
|
if err := svc.Submit(ctx, acc, "again", nil, "", "web", "", "", ""); !errors.Is(err, feedback.ErrPendingReview) {
|
||||||
t.Fatalf("second submit err = %v, want ErrPendingReview", err)
|
t.Fatalf("second submit err = %v, want ErrPendingReview", err)
|
||||||
}
|
}
|
||||||
if st, err := svc.State(ctx, acc); err != nil {
|
if st, err := svc.State(ctx, acc); err != nil {
|
||||||
@@ -69,7 +69,7 @@ func TestFeedbackSubmitGateAndReplyLifecycle(t *testing.T) {
|
|||||||
if m.Body != "please fix the board" { // trimmed
|
if m.Body != "please fix the board" { // trimmed
|
||||||
t.Fatalf("body = %q, want trimmed", m.Body)
|
t.Fatalf("body = %q, want trimmed", m.Body)
|
||||||
}
|
}
|
||||||
if !m.HasAttachment || m.AttachmentName != "shot.png" || m.Channel != "ios" || m.SenderIP != "9.9.9.9" {
|
if !m.HasAttachment || m.AttachmentName != "shot.png" || m.Channel != "ios" || m.SenderIP != "9.9.9.9" || m.Version != "v1.2.0" || m.BrowserTZ != "+03:00" {
|
||||||
t.Fatalf("admin message = %+v", m)
|
t.Fatalf("admin message = %+v", m)
|
||||||
}
|
}
|
||||||
if name, data, ok, err := svc.Attachment(ctx, id); err != nil || !ok || name != "shot.png" || string(data) != "PNGDATA" {
|
if name, data, ok, err := svc.Attachment(ctx, id); err != nil || !ok || name != "shot.png" || string(data) != "PNGDATA" {
|
||||||
@@ -116,7 +116,7 @@ func TestFeedbackReplyHiddenAfterNewMessage(t *testing.T) {
|
|||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
|
|
||||||
// msg1, replied → the player can send again and currently sees the reply.
|
// msg1, replied → the player can send again and currently sees the reply.
|
||||||
if err := svc.Submit(ctx, acc, "first", nil, "", "web", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "first", nil, "", "web", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit msg1: %v", err)
|
t.Fatalf("submit msg1: %v", err)
|
||||||
}
|
}
|
||||||
if err := svc.Reply(ctx, latestFeedbackID(t, svc, acc), "the answer"); err != nil {
|
if err := svc.Reply(ctx, latestFeedbackID(t, svc, acc), "the answer"); err != nil {
|
||||||
@@ -130,7 +130,7 @@ func TestFeedbackReplyHiddenAfterNewMessage(t *testing.T) {
|
|||||||
|
|
||||||
// Sending a new message immediately drops the previous reply (it now belongs to an
|
// Sending a new message immediately drops the previous reply (it now belongs to an
|
||||||
// older message), even though it is well within the one-week window.
|
// older message), even though it is well within the one-week window.
|
||||||
if err := svc.Submit(ctx, acc, "second", nil, "", "web", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "second", nil, "", "web", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit msg2: %v", err)
|
t.Fatalf("submit msg2: %v", err)
|
||||||
}
|
}
|
||||||
st, err := svc.State(ctx, acc)
|
st, err := svc.State(ctx, acc)
|
||||||
@@ -154,7 +154,7 @@ func TestFeedbackSnapshotsLanguage(t *testing.T) {
|
|||||||
t.Fatalf("set language: %v", err)
|
t.Fatalf("set language: %v", err)
|
||||||
}
|
}
|
||||||
// A message snapshots the sender's interface language at submit time.
|
// A message snapshots the sender's interface language at submit time.
|
||||||
if err := svc.Submit(ctx, acc, "from telegram", nil, "", "telegram", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "from telegram", nil, "", "telegram", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit: %v", err)
|
t.Fatalf("submit: %v", err)
|
||||||
}
|
}
|
||||||
id := latestFeedbackID(t, svc, acc)
|
id := latestFeedbackID(t, svc, acc)
|
||||||
@@ -184,7 +184,7 @@ func TestFeedbackBanRole(t *testing.T) {
|
|||||||
if err := accounts.GrantRole(ctx, acc, account.RoleFeedbackBanned); err != nil {
|
if err := accounts.GrantRole(ctx, acc, account.RoleFeedbackBanned); err != nil {
|
||||||
t.Fatalf("grant role: %v", err)
|
t.Fatalf("grant role: %v", err)
|
||||||
}
|
}
|
||||||
if err := svc.Submit(ctx, acc, "hi", nil, "", "web", ""); !errors.Is(err, feedback.ErrBanned) {
|
if err := svc.Submit(ctx, acc, "hi", nil, "", "web", "", "", ""); !errors.Is(err, feedback.ErrBanned) {
|
||||||
t.Fatalf("banned submit err = %v, want ErrBanned", err)
|
t.Fatalf("banned submit err = %v, want ErrBanned", err)
|
||||||
}
|
}
|
||||||
if st, err := svc.State(ctx, acc); err != nil {
|
if st, err := svc.State(ctx, acc); err != nil {
|
||||||
@@ -196,7 +196,7 @@ func TestFeedbackBanRole(t *testing.T) {
|
|||||||
if err := accounts.RevokeRole(ctx, acc, account.RoleFeedbackBanned); err != nil {
|
if err := accounts.RevokeRole(ctx, acc, account.RoleFeedbackBanned); err != nil {
|
||||||
t.Fatalf("revoke role: %v", err)
|
t.Fatalf("revoke role: %v", err)
|
||||||
}
|
}
|
||||||
if err := svc.Submit(ctx, acc, "hi again", nil, "", "web", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "hi again", nil, "", "web", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit after unban: %v", err)
|
t.Fatalf("submit after unban: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -219,7 +219,7 @@ func TestFeedbackValidation(t *testing.T) {
|
|||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
acc := provisionAccount(t) // fresh account so the pending gate never fires first
|
acc := provisionAccount(t) // fresh account so the pending gate never fires first
|
||||||
if err := svc.Submit(ctx, acc, tt.body, tt.attachment, tt.attachmentName, "web", ""); !errors.Is(err, tt.want) {
|
if err := svc.Submit(ctx, acc, tt.body, tt.attachment, tt.attachmentName, "web", "", "", ""); !errors.Is(err, tt.want) {
|
||||||
t.Fatalf("submit err = %v, want %v", err, tt.want)
|
t.Fatalf("submit err = %v, want %v", err, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
@@ -231,7 +231,7 @@ func TestFeedbackAdminLifecycle(t *testing.T) {
|
|||||||
svc := newFeedbackService()
|
svc := newFeedbackService()
|
||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
|
|
||||||
if err := svc.Submit(ctx, acc, "first report", nil, "", "web", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "first report", nil, "", "web", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit: %v", err)
|
t.Fatalf("submit: %v", err)
|
||||||
}
|
}
|
||||||
id := latestFeedbackID(t, svc, acc)
|
id := latestFeedbackID(t, svc, acc)
|
||||||
@@ -276,7 +276,7 @@ func TestFeedbackDeleteAllByAccount(t *testing.T) {
|
|||||||
svc := newFeedbackService()
|
svc := newFeedbackService()
|
||||||
acc := provisionAccount(t)
|
acc := provisionAccount(t)
|
||||||
|
|
||||||
if err := svc.Submit(ctx, acc, "one", nil, "", "web", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "one", nil, "", "web", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit: %v", err)
|
t.Fatalf("submit: %v", err)
|
||||||
}
|
}
|
||||||
if err := svc.DeleteAllByAccount(ctx, acc); err != nil {
|
if err := svc.DeleteAllByAccount(ctx, acc); err != nil {
|
||||||
@@ -286,7 +286,7 @@ func TestFeedbackDeleteAllByAccount(t *testing.T) {
|
|||||||
if has, err := svc.ReplyUnread(ctx, acc); err != nil || has {
|
if has, err := svc.ReplyUnread(ctx, acc); err != nil || has {
|
||||||
t.Fatalf("reply unread after delete-all = %v (err %v)", has, err)
|
t.Fatalf("reply unread after delete-all = %v (err %v)", has, err)
|
||||||
}
|
}
|
||||||
if err := svc.Submit(ctx, acc, "fresh", nil, "", "web", ""); err != nil {
|
if err := svc.Submit(ctx, acc, "fresh", nil, "", "web", "", "", ""); err != nil {
|
||||||
t.Fatalf("submit after delete-all: %v", err)
|
t.Fatalf("submit after delete-all: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -120,7 +120,7 @@ func provisionAccount(t *testing.T) uuid.UUID {
|
|||||||
// provisionGuest creates a fresh ephemeral guest account and returns its id.
|
// provisionGuest creates a fresh ephemeral guest account and returns its id.
|
||||||
func provisionGuest(t *testing.T) uuid.UUID {
|
func provisionGuest(t *testing.T) uuid.UUID {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
acc, err := account.NewStore(testDB).ProvisionGuest(context.Background())
|
acc, err := account.NewStore(testDB).ProvisionGuest(context.Background(), "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision guest: %v", err)
|
t.Fatalf("provision guest: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,174 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
)
|
||||||
|
|
||||||
|
// emailOf returns the external id of the account's email identity, or "" when it has none.
|
||||||
|
func emailOf(t *testing.T, store *account.Store, id uuid.UUID) string {
|
||||||
|
t.Helper()
|
||||||
|
ids, err := store.Identities(context.Background(), id)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("identities %s: %v", id, err)
|
||||||
|
}
|
||||||
|
for _, i := range ids {
|
||||||
|
if i.Kind == account.KindEmail {
|
||||||
|
return i.ExternalID
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestUnlinkProviderKeepsOthers detaches one provider from a multi-identity account and
|
||||||
|
// refuses to remove the last remaining identity.
|
||||||
|
func TestUnlinkProviderKeepsOthers(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision telegram: %v", err)
|
||||||
|
}
|
||||||
|
email := "unlink-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, email, true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Removing a kind the account does not hold reports not-found.
|
||||||
|
if err := store.RemoveIdentity(ctx, acc.ID, account.KindVK); !errors.Is(err, account.ErrNotFound) {
|
||||||
|
t.Fatalf("remove absent vk = %v, want ErrNotFound", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Detach Telegram: the email identity remains.
|
||||||
|
if err := store.RemoveIdentity(ctx, acc.ID, account.KindTelegram); err != nil {
|
||||||
|
t.Fatalf("remove telegram: %v", err)
|
||||||
|
}
|
||||||
|
ids, err := store.Identities(ctx, acc.ID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("identities: %v", err)
|
||||||
|
}
|
||||||
|
if len(ids) != 1 || ids[0].Kind != account.KindEmail {
|
||||||
|
t.Fatalf("identities after unlink = %+v, want only email", ids)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The email is now the last identity, so unlinking it is refused.
|
||||||
|
if err := store.RemoveIdentity(ctx, acc.ID, account.KindEmail); !errors.Is(err, account.ErrLastIdentity) {
|
||||||
|
t.Fatalf("remove last email = %v, want ErrLastIdentity", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestChangeEmailReplaces switches an account's confirmed email to a free address,
|
||||||
|
// freeing the old one.
|
||||||
|
func TestChangeEmailReplaces(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
oldAddr := "old-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, oldAddr, true); err != nil {
|
||||||
|
t.Fatalf("attach old email: %v", err)
|
||||||
|
}
|
||||||
|
newAddr := "new-" + uuid.NewString() + "@example.com"
|
||||||
|
|
||||||
|
if err := svc.RequestChangeCode(ctx, acc.ID, newAddr); err != nil {
|
||||||
|
t.Fatalf("request change: %v", err)
|
||||||
|
}
|
||||||
|
code := sixDigit.FindString(mailer.lastBody)
|
||||||
|
if _, err := svc.ConfirmChange(ctx, acc.ID, newAddr, code); err != nil {
|
||||||
|
t.Fatalf("confirm change: %v", err)
|
||||||
|
}
|
||||||
|
if got := emailOf(t, store, acc.ID); got != newAddr {
|
||||||
|
t.Fatalf("email after change = %q, want %q", got, newAddr)
|
||||||
|
}
|
||||||
|
if !identityConfirmed(t, account.KindEmail, newAddr) {
|
||||||
|
t.Error("the new email identity must be confirmed")
|
||||||
|
}
|
||||||
|
// The old address is freed: another account can now claim it.
|
||||||
|
other, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision other: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, other.ID, account.KindEmail, oldAddr, true); err != nil {
|
||||||
|
t.Fatalf("old address should be free after change, got: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestChangeEmailRefusesTaken refuses (without merging) a new address already confirmed by
|
||||||
|
// another account, leaving the caller's email untouched.
|
||||||
|
func TestChangeEmailRefusesTaken(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision caller: %v", err)
|
||||||
|
}
|
||||||
|
mine := "mine-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, mine, true); err != nil {
|
||||||
|
t.Fatalf("attach caller email: %v", err)
|
||||||
|
}
|
||||||
|
other, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision other: %v", err)
|
||||||
|
}
|
||||||
|
taken := "taken-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, other.ID, account.KindEmail, taken, true); err != nil {
|
||||||
|
t.Fatalf("attach other email: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := svc.RequestChangeCode(ctx, acc.ID, taken); err != nil {
|
||||||
|
t.Fatalf("request change: %v", err)
|
||||||
|
}
|
||||||
|
code := sixDigit.FindString(mailer.lastBody)
|
||||||
|
if _, err := svc.ConfirmChange(ctx, acc.ID, taken, code); !errors.Is(err, account.ErrEmailTaken) {
|
||||||
|
t.Fatalf("confirm change to taken = %v, want ErrEmailTaken", err)
|
||||||
|
}
|
||||||
|
if got := emailOf(t, store, acc.ID); got != mine {
|
||||||
|
t.Errorf("caller email after refused change = %q, want unchanged %q", got, mine)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestChangeEmailViaDeeplink switches the email through the one-tap confirm token.
|
||||||
|
func TestChangeEmailViaDeeplink(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, "old-"+uuid.NewString()+"@example.com", true); err != nil {
|
||||||
|
t.Fatalf("attach old email: %v", err)
|
||||||
|
}
|
||||||
|
newAddr := "dl-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := svc.RequestChangeCode(ctx, acc.ID, newAddr); err != nil {
|
||||||
|
t.Fatalf("request change: %v", err)
|
||||||
|
}
|
||||||
|
res, err := svc.ConfirmByToken(ctx, tokenFromMail(t, mailer.lastBody))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("confirm by token: %v", err)
|
||||||
|
}
|
||||||
|
if res.IsLogin() || res.NeedsMerge || res.Account != acc.ID {
|
||||||
|
t.Fatalf("deeplink change result = %+v, want a plain change for %s", res, acc.ID)
|
||||||
|
}
|
||||||
|
if got := emailOf(t, store, acc.ID); got != newAddr {
|
||||||
|
t.Fatalf("email after deeplink change = %q, want %q", got, newAddr)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -119,7 +119,7 @@ func seatGame(t *testing.T, seats []uuid.UUID, timeout time.Duration) uuid.UUID
|
|||||||
|
|
||||||
func newLinkService(mailer account.Mailer) *link.Service {
|
func newLinkService(mailer account.Mailer) *link.Service {
|
||||||
store := account.NewStore(testDB)
|
store := account.NewStore(testDB)
|
||||||
emails := account.NewEmailService(store, mailer)
|
emails := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
sessions := session.NewService(session.NewStore(testDB), session.NewCache())
|
sessions := session.NewService(session.NewStore(testDB), session.NewCache())
|
||||||
return link.NewService(emails, store, accountmerge.NewMerger(testDB), sessions)
|
return link.NewService(emails, store, accountmerge.NewMerger(testDB), sessions)
|
||||||
}
|
}
|
||||||
@@ -251,6 +251,44 @@ func TestAccountMergeFinishedSharedGameKept(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestAccountMergeDedupesEmail keeps the primary's email when both accounts have one and
|
||||||
|
// journals the secondary's to the dossier (reason=merge), so the survivor never ends up
|
||||||
|
// with two email identities.
|
||||||
|
func TestAccountMergeDedupesEmail(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
merger := accountmerge.NewMerger(testDB)
|
||||||
|
|
||||||
|
primary := provisionAccount(t)
|
||||||
|
secondary := provisionAccount(t)
|
||||||
|
primaryEmail := "keep-" + uuid.NewString() + "@example.com"
|
||||||
|
secondaryEmail := "absorb-" + uuid.NewString() + "@example.com"
|
||||||
|
bindEmailIdentity(t, primary, primaryEmail)
|
||||||
|
bindEmailIdentity(t, secondary, secondaryEmail)
|
||||||
|
|
||||||
|
if err := merger.Merge(ctx, primary, secondary); err != nil {
|
||||||
|
t.Fatalf("merge: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The primary keeps its own email; the secondary's is gone from the live identities.
|
||||||
|
if owner, ok, _ := store.AccountIDByIdentity(ctx, account.KindEmail, primaryEmail); !ok || owner != primary {
|
||||||
|
t.Errorf("primary email owner = %s ok=%v, want primary %s", owner, ok, primary)
|
||||||
|
}
|
||||||
|
if _, ok, _ := store.AccountIDByIdentity(ctx, account.KindEmail, secondaryEmail); ok {
|
||||||
|
t.Error("the secondary's email must be removed (no duplicate email on the survivor)")
|
||||||
|
}
|
||||||
|
// The absorbed email stays in the legal dossier, tagged reason=merge.
|
||||||
|
var reason string
|
||||||
|
if err := testDB.QueryRowContext(ctx,
|
||||||
|
`SELECT reason FROM backend.retained_identities WHERE account_id=$1 AND kind='email' AND external_id=$2`,
|
||||||
|
secondary, secondaryEmail).Scan(&reason); err != nil {
|
||||||
|
t.Fatalf("retained email row: %v", err)
|
||||||
|
}
|
||||||
|
if reason != "merge" {
|
||||||
|
t.Errorf("retained reason = %q, want merge", reason)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TestAccountLinkFreeEmail binds a free email and promotes a guest to durable.
|
// TestAccountLinkFreeEmail binds a free email and promotes a guest to durable.
|
||||||
func TestAccountLinkFreeEmail(t *testing.T) {
|
func TestAccountLinkFreeEmail(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
@@ -355,3 +393,64 @@ func TestAccountLinkGuestInversion(t *testing.T) {
|
|||||||
t.Errorf("email owner = %s, want durable", owner)
|
t.Errorf("email owner = %s, want durable", owner)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestAccountLinkFreeVK binds a free VK identity (gateway-validated, no code) and
|
||||||
|
// promotes a guest to durable — the ConfirmVK counterpart of the free-email case.
|
||||||
|
func TestAccountLinkFreeVK(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
links := newLinkService(&capturingMailer{})
|
||||||
|
|
||||||
|
guest := provisionGuest(t)
|
||||||
|
vkID := "vk-" + uuid.NewString()
|
||||||
|
res, err := links.ConfirmVK(ctx, guest, vkID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("confirm vk: %v", err)
|
||||||
|
}
|
||||||
|
if !res.Linked || res.MergeRequired {
|
||||||
|
t.Fatalf("confirm = %+v, want linked", res)
|
||||||
|
}
|
||||||
|
if acc, _ := store.GetByID(ctx, guest); acc.IsGuest {
|
||||||
|
t.Error("guest flag should clear once VK is linked")
|
||||||
|
}
|
||||||
|
if owner, ok, _ := store.AccountIDByIdentity(ctx, account.KindVK, vkID); !ok || owner != guest {
|
||||||
|
t.Errorf("vk owner = %s, want the promoted guest %s", owner, guest)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestAccountLinkVKMergeIntoCaller merges the account owning a VK identity into the
|
||||||
|
// current durable account: ConfirmVK previews the merge, MergeVK folds it, the caller
|
||||||
|
// stays primary and keeps its session, and the VK identity repoints to the caller.
|
||||||
|
func TestAccountLinkVKMergeIntoCaller(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
links := newLinkService(&capturingMailer{})
|
||||||
|
|
||||||
|
caller := provisionAccount(t)
|
||||||
|
other := provisionAccount(t)
|
||||||
|
vkID := "vk-" + uuid.NewString()
|
||||||
|
if err := store.AttachIdentity(ctx, other, account.KindVK, vkID, true); err != nil {
|
||||||
|
t.Fatalf("seed vk on other: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
confirm, err := links.ConfirmVK(ctx, caller, vkID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("confirm vk: %v", err)
|
||||||
|
}
|
||||||
|
if !confirm.MergeRequired || confirm.SecondaryID != other {
|
||||||
|
t.Fatalf("confirm = %+v, want merge_required to other %s", confirm, other)
|
||||||
|
}
|
||||||
|
merge, err := links.MergeVK(ctx, caller, vkID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("merge vk: %v", err)
|
||||||
|
}
|
||||||
|
if merge.PrimaryID != caller || merge.SwitchedToken != "" {
|
||||||
|
t.Fatalf("merge = %+v, want primary caller and no session switch", merge)
|
||||||
|
}
|
||||||
|
if mergedInto(t, other) != caller {
|
||||||
|
t.Error("other should be tombstoned into caller")
|
||||||
|
}
|
||||||
|
if owner, _, _ := store.AccountIDByIdentity(ctx, account.KindVK, vkID); owner != caller {
|
||||||
|
t.Errorf("vk owner = %s, want caller after merge", owner)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,80 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"slices"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap/zaptest"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/server"
|
||||||
|
"scrabble/backend/internal/session"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestTelegramAuthSeedsPromoVariantForNewUserOnly drives the sessions/telegram endpoint
|
||||||
|
// to confirm a promo deep-link start-param seeds a brand-new account's variant
|
||||||
|
// preferences (English Scrabble alongside the default Erudit), that a new account with no
|
||||||
|
// such payload keeps the Erudit-only default, and that an existing account is never
|
||||||
|
// re-seeded on a later login (the new-user-only contract).
|
||||||
|
func TestTelegramAuthSeedsPromoVariantForNewUserOnly(t *testing.T) {
|
||||||
|
srv := server.New(":0", server.Deps{
|
||||||
|
Logger: zaptest.NewLogger(t),
|
||||||
|
DB: testDB,
|
||||||
|
Accounts: account.NewStore(testDB),
|
||||||
|
Sessions: session.NewService(session.NewStore(testDB), session.NewCache()),
|
||||||
|
Notifier: &captureNotifier{},
|
||||||
|
})
|
||||||
|
h := srv.Handler()
|
||||||
|
|
||||||
|
post := func(ext, startParam string) {
|
||||||
|
body := `{"external_id":"` + ext + `","language_code":"en","first_name":"Promo"`
|
||||||
|
if startParam != "" {
|
||||||
|
body += `,"start_param":"` + startParam + `"`
|
||||||
|
}
|
||||||
|
body += `}`
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/internal/sessions/telegram", strings.NewReader(body))
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
h.ServeHTTP(rec, req)
|
||||||
|
if rec.Code != http.StatusOK {
|
||||||
|
t.Fatalf("telegram auth = %d: %s", rec.Code, rec.Body.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
reload := func(ext string) []string {
|
||||||
|
acc, err := store.AccountByIdentity(context.Background(), account.KindTelegram, ext)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("lookup %s: %v", ext, err)
|
||||||
|
}
|
||||||
|
return acc.VariantPreferences
|
||||||
|
}
|
||||||
|
|
||||||
|
// A brand-new account reached through a promo deep-link is seeded with English
|
||||||
|
// Scrabble alongside the default Erudit.
|
||||||
|
promoExt := "tg-" + uuid.NewString()
|
||||||
|
post(promoExt, "verudit_ru-scrabble_en")
|
||||||
|
if got, want := reload(promoExt), []string{"erudit_ru", "scrabble_en"}; !slices.Equal(got, want) {
|
||||||
|
t.Errorf("promo new account variants = %v, want %v", got, want)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A brand-new account with no promo payload keeps the Erudit-only default.
|
||||||
|
plainExt := "tg-" + uuid.NewString()
|
||||||
|
post(plainExt, "")
|
||||||
|
if got, want := reload(plainExt), []string{"erudit_ru"}; !slices.Equal(got, want) {
|
||||||
|
t.Errorf("plain new account variants = %v, want %v", got, want)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A later login of the promo account, even via a different payload, must not re-seed:
|
||||||
|
// the seed is first-contact only.
|
||||||
|
post(promoExt, "vscrabble_ru")
|
||||||
|
if got, want := reload(promoExt), []string{"erudit_ru", "scrabble_en"}; !slices.Equal(got, want) {
|
||||||
|
t.Errorf("existing account re-seeded = %v, want unchanged %v", got, want)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,192 @@
|
|||||||
|
//go:build integration
|
||||||
|
|
||||||
|
package inttest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/accountdelete"
|
||||||
|
)
|
||||||
|
|
||||||
|
// lastLoginIP reads an account's stamped last-login IP ("" when unset).
|
||||||
|
func lastLoginIP(t *testing.T, accountID uuid.UUID) string {
|
||||||
|
t.Helper()
|
||||||
|
var ip sql.NullString
|
||||||
|
err := testDB.QueryRowContext(context.Background(),
|
||||||
|
"SELECT last_login_ip FROM accounts WHERE account_id = $1", accountID).Scan(&ip)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("read last_login_ip %s: %v", accountID, err)
|
||||||
|
}
|
||||||
|
return ip.String
|
||||||
|
}
|
||||||
|
|
||||||
|
// retainedRow is one row of the retention journal, read directly for assertions.
|
||||||
|
type retainedRow struct {
|
||||||
|
kind, externalID, reason string
|
||||||
|
}
|
||||||
|
|
||||||
|
// retainedRows reads the retention journal for an account, oldest detach first.
|
||||||
|
func retainedRows(t *testing.T, accountID uuid.UUID) []retainedRow {
|
||||||
|
t.Helper()
|
||||||
|
rows, err := testDB.QueryContext(context.Background(),
|
||||||
|
"SELECT kind, external_id, reason FROM retained_identities WHERE account_id = $1 ORDER BY detached_at",
|
||||||
|
accountID)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("query retained_identities %s: %v", accountID, err)
|
||||||
|
}
|
||||||
|
defer rows.Close()
|
||||||
|
var out []retainedRow
|
||||||
|
for rows.Next() {
|
||||||
|
var r retainedRow
|
||||||
|
if err := rows.Scan(&r.kind, &r.externalID, &r.reason); err != nil {
|
||||||
|
t.Fatalf("scan retained row: %v", err)
|
||||||
|
}
|
||||||
|
out = append(out, r)
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestUnlinkJournalsRetainedIdentity: detaching a provider records it in the retention
|
||||||
|
// journal (reason=unlink) before the live identity is removed.
|
||||||
|
func TestUnlinkJournalsRetainedIdentity(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
|
||||||
|
tgExt := "tg-" + uuid.NewString()
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, tgExt)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
email := "keep-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, email, true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := store.RemoveIdentity(ctx, acc.ID, account.KindTelegram); err != nil {
|
||||||
|
t.Fatalf("unlink telegram: %v", err)
|
||||||
|
}
|
||||||
|
got := retainedRows(t, acc.ID)
|
||||||
|
if len(got) != 1 || got[0].kind != account.KindTelegram || got[0].externalID != tgExt || got[0].reason != "unlink" {
|
||||||
|
t.Fatalf("retained rows = %+v, want one unlink telegram %q", got, tgExt)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestChangeEmailJournalsOldAddress: an email change records the outgoing address in the
|
||||||
|
// retention journal (reason=change).
|
||||||
|
func TestChangeEmailJournalsOldAddress(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
mailer := &capturingMailer{}
|
||||||
|
svc := account.NewEmailService(store, mailer, "https://erudit-game.ru")
|
||||||
|
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
oldAddr := "old-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, oldAddr, true); err != nil {
|
||||||
|
t.Fatalf("attach old email: %v", err)
|
||||||
|
}
|
||||||
|
newAddr := "new-" + uuid.NewString() + "@example.com"
|
||||||
|
if err := svc.RequestChangeCode(ctx, acc.ID, newAddr); err != nil {
|
||||||
|
t.Fatalf("request change: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := svc.ConfirmChange(ctx, acc.ID, newAddr, sixDigit.FindString(mailer.lastBody)); err != nil {
|
||||||
|
t.Fatalf("confirm change: %v", err)
|
||||||
|
}
|
||||||
|
got := retainedRows(t, acc.ID)
|
||||||
|
if len(got) != 1 || got[0].kind != account.KindEmail || got[0].externalID != oldAddr || got[0].reason != "change" {
|
||||||
|
t.Fatalf("retained rows = %+v, want one change email %q", got, oldAddr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestStampLastLoginThrottles: the first cold-load stamp writes the IP; a second within
|
||||||
|
// the hour is a no-op (throttled), so it costs at most one write per account per hour.
|
||||||
|
func TestStampLastLoginThrottles(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.StampLastLogin(ctx, acc.ID, "1.2.3.4"); err != nil {
|
||||||
|
t.Fatalf("first stamp: %v", err)
|
||||||
|
}
|
||||||
|
if got := lastLoginIP(t, acc.ID); got != "1.2.3.4" {
|
||||||
|
t.Fatalf("first stamp ip = %q, want 1.2.3.4", got)
|
||||||
|
}
|
||||||
|
if err := store.StampLastLogin(ctx, acc.ID, "9.9.9.9"); err != nil {
|
||||||
|
t.Fatalf("second stamp: %v", err)
|
||||||
|
}
|
||||||
|
if got := lastLoginIP(t, acc.ID); got != "1.2.3.4" {
|
||||||
|
t.Fatalf("throttled ip = %q, want unchanged 1.2.3.4", got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestReapExpiredRetention: the reaper keeps journal rows newer than the cutoff and purges
|
||||||
|
// older ones, and drops a long-deleted account's feedback thread + dossier PII.
|
||||||
|
func TestReapExpiredRetention(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
store := account.NewStore(testDB)
|
||||||
|
deleter := accountdelete.NewDeleter(testDB)
|
||||||
|
|
||||||
|
// An unlinked provider leaves a journal row detached "now".
|
||||||
|
tgExt := "tg-" + uuid.NewString()
|
||||||
|
acc, err := store.ProvisionByIdentity(ctx, account.KindTelegram, tgExt)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.AttachIdentity(ctx, acc.ID, account.KindEmail, "keep-"+uuid.NewString()+"@example.com", true); err != nil {
|
||||||
|
t.Fatalf("attach email: %v", err)
|
||||||
|
}
|
||||||
|
if err := store.RemoveIdentity(ctx, acc.ID, account.KindTelegram); err != nil {
|
||||||
|
t.Fatalf("unlink: %v", err)
|
||||||
|
}
|
||||||
|
// A cutoff before the detach keeps the row.
|
||||||
|
if _, _, err := store.ReapExpiredRetention(ctx, time.Now().Add(-time.Hour)); err != nil {
|
||||||
|
t.Fatalf("reap (early cutoff): %v", err)
|
||||||
|
}
|
||||||
|
if got := retainedRows(t, acc.ID); len(got) != 1 {
|
||||||
|
t.Fatalf("journal after early-cutoff reap = %+v, want kept", got)
|
||||||
|
}
|
||||||
|
// A cutoff after the detach purges it.
|
||||||
|
if _, _, err := store.ReapExpiredRetention(ctx, time.Now().Add(time.Hour)); err != nil {
|
||||||
|
t.Fatalf("reap (late cutoff): %v", err)
|
||||||
|
}
|
||||||
|
if got := retainedRows(t, acc.ID); len(got) != 0 {
|
||||||
|
t.Fatalf("journal after late-cutoff reap = %+v, want purged", got)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A deleted account past the cutoff loses its feedback thread and dossier PII.
|
||||||
|
del, _, err := store.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "ru", "", "Иван", "")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("provision deletee: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := testDB.ExecContext(ctx,
|
||||||
|
"INSERT INTO feedback_messages (message_id, account_id, body, channel) VALUES ($1, $2, 'hi', 'web')",
|
||||||
|
uuid.New(), del.ID); err != nil {
|
||||||
|
t.Fatalf("insert feedback: %v", err)
|
||||||
|
}
|
||||||
|
if err := deleter.AnonymizeAndTombstone(ctx, del.ID); err != nil {
|
||||||
|
t.Fatalf("delete: %v", err)
|
||||||
|
}
|
||||||
|
if _, fb, err := store.ReapExpiredRetention(ctx, time.Now().Add(time.Hour)); err != nil || fb == 0 {
|
||||||
|
t.Fatalf("reap deleted = (fb %d, err %v), want fb>=1", fb, err)
|
||||||
|
}
|
||||||
|
if name, _ := deletedFields(t, del.ID); name != "" {
|
||||||
|
t.Errorf("deleted_display_name after reap = %q, want cleared", name)
|
||||||
|
}
|
||||||
|
var fbCount int
|
||||||
|
if err := testDB.QueryRowContext(ctx, "SELECT count(*) FROM feedback_messages WHERE account_id = $1", del.ID).Scan(&fbCount); err != nil {
|
||||||
|
t.Fatalf("count feedback: %v", err)
|
||||||
|
}
|
||||||
|
if fbCount != 0 {
|
||||||
|
t.Errorf("feedback rows after reap = %d, want 0", fbCount)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -38,7 +38,7 @@ func TestSuspensionGate(t *testing.T) {
|
|||||||
Accounts: accounts,
|
Accounts: accounts,
|
||||||
})
|
})
|
||||||
|
|
||||||
acc, _, err := accounts.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "ru", "", "Blocked")
|
acc, _, err := accounts.ProvisionTelegram(ctx, "tg-"+uuid.NewString(), "ru", "", "Blocked", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision: %v", err)
|
t.Fatalf("provision: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ func TestUserListFilter(t *testing.T) {
|
|||||||
st := account.NewStore(testDB)
|
st := account.NewStore(testDB)
|
||||||
uniq := uuid.NewString()
|
uniq := uuid.NewString()
|
||||||
|
|
||||||
human, _, err := st.ProvisionTelegram(ctx, "tg-"+uniq, "en", "", "Zzqxhuman")
|
human, _, err := st.ProvisionTelegram(ctx, "tg-"+uniq, "en", "", "Zzqxhuman", "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision human: %v", err)
|
t.Fatalf("provision human: %v", err)
|
||||||
}
|
}
|
||||||
@@ -26,7 +26,7 @@ func TestUserListFilter(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision robot: %v", err)
|
t.Fatalf("provision robot: %v", err)
|
||||||
}
|
}
|
||||||
guest, err := st.ProvisionGuest(ctx)
|
guest, err := st.ProvisionGuest(ctx, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("provision guest: %v", err)
|
t.Fatalf("provision guest: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -133,6 +133,53 @@ func (s *Service) attachTelegram(ctx context.Context, callerID uuid.UUID, extern
|
|||||||
return s.accounts.ClearGuest(ctx, callerID)
|
return s.accounts.ClearGuest(ctx, callerID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ConfirmVK attaches a gateway-validated VK identity to the caller (Linked) or
|
||||||
|
// reports that it belongs to another account (MergeRequired). The gateway has already
|
||||||
|
// completed the VK ID code exchange, so externalID is the trusted vk user id.
|
||||||
|
func (s *Service) ConfirmVK(ctx context.Context, callerID uuid.UUID, externalID string) (ConfirmResult, error) {
|
||||||
|
owner, ok, err := s.accounts.AccountIDByIdentity(ctx, account.KindVK, externalID)
|
||||||
|
if err != nil {
|
||||||
|
return ConfirmResult{}, err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
if err := s.attachVK(ctx, callerID, externalID); err != nil {
|
||||||
|
return ConfirmResult{}, err
|
||||||
|
}
|
||||||
|
return ConfirmResult{Linked: true}, nil
|
||||||
|
}
|
||||||
|
if owner == callerID {
|
||||||
|
return ConfirmResult{Linked: true}, nil
|
||||||
|
}
|
||||||
|
return ConfirmResult{MergeRequired: true, SecondaryID: owner}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// MergeVK merges the account owning a gateway-validated VK identity into the caller's
|
||||||
|
// (subject to the guest-primary rule).
|
||||||
|
func (s *Service) MergeVK(ctx context.Context, callerID uuid.UUID, externalID string) (MergeResult, error) {
|
||||||
|
owner, ok, err := s.accounts.AccountIDByIdentity(ctx, account.KindVK, externalID)
|
||||||
|
if err != nil {
|
||||||
|
return MergeResult{}, err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
if err := s.attachVK(ctx, callerID, externalID); err != nil {
|
||||||
|
return MergeResult{}, err
|
||||||
|
}
|
||||||
|
return MergeResult{PrimaryID: callerID}, nil
|
||||||
|
}
|
||||||
|
if owner == callerID {
|
||||||
|
return MergeResult{PrimaryID: callerID}, nil
|
||||||
|
}
|
||||||
|
return s.merge(ctx, callerID, owner)
|
||||||
|
}
|
||||||
|
|
||||||
|
// attachVK links the identity to the caller and promotes a guest.
|
||||||
|
func (s *Service) attachVK(ctx context.Context, callerID uuid.UUID, externalID string) error {
|
||||||
|
if err := s.accounts.AttachIdentity(ctx, callerID, account.KindVK, externalID, true); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return s.accounts.ClearGuest(ctx, callerID)
|
||||||
|
}
|
||||||
|
|
||||||
// merge decides the primary (the caller, unless it is a guest and the other is
|
// merge decides the primary (the caller, unless it is a guest and the other is
|
||||||
// durable), runs the data merge, retires the secondary's sessions and mints a new
|
// durable), runs the data merge, retires the secondary's sessions and mints a new
|
||||||
// session when the active account switches.
|
// session when the active account switches.
|
||||||
|
|||||||
@@ -155,6 +155,13 @@ func Notification(userID uuid.UUID, kind string) Intent {
|
|||||||
return Intent{UserID: userID, Kind: KindNotification, Payload: b.FinishedBytes(), EventID: eventID()}
|
return Intent{UserID: userID, Kind: KindNotification, Payload: b.FinishedBytes(), EventID: eventID()}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ProfileChanged is a payload-free "re-fetch your profile" signal to userID, emitted
|
||||||
|
// when the viewer's own account changed out of band — an email confirmed through the
|
||||||
|
// one-tap deeplink opened in another browser.
|
||||||
|
func ProfileChanged(userID uuid.UUID) Intent {
|
||||||
|
return Notification(userID, NotifyProfile)
|
||||||
|
}
|
||||||
|
|
||||||
// NotificationAccount builds a lobby notification of one of the friend_* kinds carrying the
|
// NotificationAccount builds a lobby notification of one of the friend_* kinds carrying the
|
||||||
// account it concerns (the requester, the new friend or the decliner), so the client updates its
|
// account it concerns (the requester, the new friend or the decliner), so the client updates its
|
||||||
// requests/friends lists and the in-game "add friend" state without a refetch.
|
// requests/friends lists and the in-game "add friend" state without a refetch.
|
||||||
|
|||||||
@@ -69,6 +69,10 @@ const (
|
|||||||
// it re-fetches profile.get to show or hide the banner. It carries no payload (the
|
// it re-fetches profile.get to show or hide the banner. It carries no payload (the
|
||||||
// banner set rides the profile response). In-app only.
|
// banner set rides the profile response). In-app only.
|
||||||
NotifyBanner = "banner"
|
NotifyBanner = "banner"
|
||||||
|
// NotifyProfile tells the client that the viewer's own profile changed out of band
|
||||||
|
// (e.g. an email was confirmed via the one-tap deeplink opened in another browser),
|
||||||
|
// so it re-fetches profile.get. It carries no payload. In-app only.
|
||||||
|
NotifyProfile = "profile"
|
||||||
// NotifyUserBlocked confirms to the blocker that a per-user block took effect,
|
// NotifyUserBlocked confirms to the blocker that a per-user block took effect,
|
||||||
// carrying the blocked account, so every one of the blocker's sessions updates the
|
// carrying the blocked account, so every one of the blocker's sessions updates the
|
||||||
// in-game block/add-friend controls and the struck name in place. It is delivered
|
// in-game block/add-friend controls and the struck name in place. It is delivered
|
||||||
|
|||||||
@@ -32,4 +32,8 @@ type Accounts struct {
|
|||||||
MergedAt *time.Time
|
MergedAt *time.Time
|
||||||
FlaggedHighRateAt *time.Time
|
FlaggedHighRateAt *time.Time
|
||||||
VariantPreferences pq.StringArray
|
VariantPreferences pq.StringArray
|
||||||
|
LastLoginAt *time.Time
|
||||||
|
LastLoginIP *string
|
||||||
|
DeletedAt *time.Time
|
||||||
|
DeletedDisplayName *string
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,4 +21,6 @@ type EmailConfirmations struct {
|
|||||||
Attempts int16
|
Attempts int16
|
||||||
ConsumedAt *time.Time
|
ConsumedAt *time.Time
|
||||||
CreatedAt time.Time
|
CreatedAt time.Time
|
||||||
|
Purpose string
|
||||||
|
LinkTokenHash *string
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
//
|
||||||
|
// Code generated by go-jet DO NOT EDIT.
|
||||||
|
//
|
||||||
|
// WARNING: Changes to this file may cause incorrect behavior
|
||||||
|
// and will be lost if the code is regenerated
|
||||||
|
//
|
||||||
|
|
||||||
|
package model
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
type RetainedIdentities struct {
|
||||||
|
RetainedID uuid.UUID `sql:"primary_key"`
|
||||||
|
AccountID uuid.UUID
|
||||||
|
Kind string
|
||||||
|
ExternalID string
|
||||||
|
Confirmed bool
|
||||||
|
LinkedAt time.Time
|
||||||
|
DetachedAt time.Time
|
||||||
|
Reason string
|
||||||
|
}
|
||||||
@@ -35,6 +35,10 @@ type accountsTable struct {
|
|||||||
MergedAt postgres.ColumnTimestampz
|
MergedAt postgres.ColumnTimestampz
|
||||||
FlaggedHighRateAt postgres.ColumnTimestampz
|
FlaggedHighRateAt postgres.ColumnTimestampz
|
||||||
VariantPreferences postgres.ColumnStringArray
|
VariantPreferences postgres.ColumnStringArray
|
||||||
|
LastLoginAt postgres.ColumnTimestampz
|
||||||
|
LastLoginIP postgres.ColumnString
|
||||||
|
DeletedAt postgres.ColumnTimestampz
|
||||||
|
DeletedDisplayName postgres.ColumnString
|
||||||
|
|
||||||
AllColumns postgres.ColumnList
|
AllColumns postgres.ColumnList
|
||||||
MutableColumns postgres.ColumnList
|
MutableColumns postgres.ColumnList
|
||||||
@@ -94,8 +98,12 @@ func newAccountsTableImpl(schemaName, tableName, alias string) accountsTable {
|
|||||||
MergedAtColumn = postgres.TimestampzColumn("merged_at")
|
MergedAtColumn = postgres.TimestampzColumn("merged_at")
|
||||||
FlaggedHighRateAtColumn = postgres.TimestampzColumn("flagged_high_rate_at")
|
FlaggedHighRateAtColumn = postgres.TimestampzColumn("flagged_high_rate_at")
|
||||||
VariantPreferencesColumn = postgres.StringArrayColumn("variant_preferences")
|
VariantPreferencesColumn = postgres.StringArrayColumn("variant_preferences")
|
||||||
allColumns = postgres.ColumnList{AccountIDColumn, DisplayNameColumn, PreferredLanguageColumn, TimeZoneColumn, BlockChatColumn, BlockFriendRequestsColumn, CreatedAtColumn, UpdatedAtColumn, AwayStartColumn, AwayEndColumn, HintBalanceColumn, IsGuestColumn, NotificationsInAppOnlyColumn, PaidAccountColumn, MergedIntoColumn, MergedAtColumn, FlaggedHighRateAtColumn, VariantPreferencesColumn}
|
LastLoginAtColumn = postgres.TimestampzColumn("last_login_at")
|
||||||
mutableColumns = postgres.ColumnList{DisplayNameColumn, PreferredLanguageColumn, TimeZoneColumn, BlockChatColumn, BlockFriendRequestsColumn, CreatedAtColumn, UpdatedAtColumn, AwayStartColumn, AwayEndColumn, HintBalanceColumn, IsGuestColumn, NotificationsInAppOnlyColumn, PaidAccountColumn, MergedIntoColumn, MergedAtColumn, FlaggedHighRateAtColumn, VariantPreferencesColumn}
|
LastLoginIPColumn = postgres.StringColumn("last_login_ip")
|
||||||
|
DeletedAtColumn = postgres.TimestampzColumn("deleted_at")
|
||||||
|
DeletedDisplayNameColumn = postgres.StringColumn("deleted_display_name")
|
||||||
|
allColumns = postgres.ColumnList{AccountIDColumn, DisplayNameColumn, PreferredLanguageColumn, TimeZoneColumn, BlockChatColumn, BlockFriendRequestsColumn, CreatedAtColumn, UpdatedAtColumn, AwayStartColumn, AwayEndColumn, HintBalanceColumn, IsGuestColumn, NotificationsInAppOnlyColumn, PaidAccountColumn, MergedIntoColumn, MergedAtColumn, FlaggedHighRateAtColumn, VariantPreferencesColumn, LastLoginAtColumn, LastLoginIPColumn, DeletedAtColumn, DeletedDisplayNameColumn}
|
||||||
|
mutableColumns = postgres.ColumnList{DisplayNameColumn, PreferredLanguageColumn, TimeZoneColumn, BlockChatColumn, BlockFriendRequestsColumn, CreatedAtColumn, UpdatedAtColumn, AwayStartColumn, AwayEndColumn, HintBalanceColumn, IsGuestColumn, NotificationsInAppOnlyColumn, PaidAccountColumn, MergedIntoColumn, MergedAtColumn, FlaggedHighRateAtColumn, VariantPreferencesColumn, LastLoginAtColumn, LastLoginIPColumn, DeletedAtColumn, DeletedDisplayNameColumn}
|
||||||
defaultColumns = postgres.ColumnList{DisplayNameColumn, PreferredLanguageColumn, TimeZoneColumn, BlockChatColumn, BlockFriendRequestsColumn, CreatedAtColumn, UpdatedAtColumn, AwayStartColumn, AwayEndColumn, HintBalanceColumn, IsGuestColumn, NotificationsInAppOnlyColumn, PaidAccountColumn, VariantPreferencesColumn}
|
defaultColumns = postgres.ColumnList{DisplayNameColumn, PreferredLanguageColumn, TimeZoneColumn, BlockChatColumn, BlockFriendRequestsColumn, CreatedAtColumn, UpdatedAtColumn, AwayStartColumn, AwayEndColumn, HintBalanceColumn, IsGuestColumn, NotificationsInAppOnlyColumn, PaidAccountColumn, VariantPreferencesColumn}
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -121,6 +129,10 @@ func newAccountsTableImpl(schemaName, tableName, alias string) accountsTable {
|
|||||||
MergedAt: MergedAtColumn,
|
MergedAt: MergedAtColumn,
|
||||||
FlaggedHighRateAt: FlaggedHighRateAtColumn,
|
FlaggedHighRateAt: FlaggedHighRateAtColumn,
|
||||||
VariantPreferences: VariantPreferencesColumn,
|
VariantPreferences: VariantPreferencesColumn,
|
||||||
|
LastLoginAt: LastLoginAtColumn,
|
||||||
|
LastLoginIP: LastLoginIPColumn,
|
||||||
|
DeletedAt: DeletedAtColumn,
|
||||||
|
DeletedDisplayName: DeletedDisplayNameColumn,
|
||||||
|
|
||||||
AllColumns: allColumns,
|
AllColumns: allColumns,
|
||||||
MutableColumns: mutableColumns,
|
MutableColumns: mutableColumns,
|
||||||
|
|||||||
@@ -25,6 +25,8 @@ type emailConfirmationsTable struct {
|
|||||||
Attempts postgres.ColumnInteger
|
Attempts postgres.ColumnInteger
|
||||||
ConsumedAt postgres.ColumnTimestampz
|
ConsumedAt postgres.ColumnTimestampz
|
||||||
CreatedAt postgres.ColumnTimestampz
|
CreatedAt postgres.ColumnTimestampz
|
||||||
|
Purpose postgres.ColumnString
|
||||||
|
LinkTokenHash postgres.ColumnString
|
||||||
|
|
||||||
AllColumns postgres.ColumnList
|
AllColumns postgres.ColumnList
|
||||||
MutableColumns postgres.ColumnList
|
MutableColumns postgres.ColumnList
|
||||||
@@ -74,9 +76,11 @@ func newEmailConfirmationsTableImpl(schemaName, tableName, alias string) emailCo
|
|||||||
AttemptsColumn = postgres.IntegerColumn("attempts")
|
AttemptsColumn = postgres.IntegerColumn("attempts")
|
||||||
ConsumedAtColumn = postgres.TimestampzColumn("consumed_at")
|
ConsumedAtColumn = postgres.TimestampzColumn("consumed_at")
|
||||||
CreatedAtColumn = postgres.TimestampzColumn("created_at")
|
CreatedAtColumn = postgres.TimestampzColumn("created_at")
|
||||||
allColumns = postgres.ColumnList{ConfirmationIDColumn, AccountIDColumn, EmailColumn, CodeHashColumn, ExpiresAtColumn, AttemptsColumn, ConsumedAtColumn, CreatedAtColumn}
|
PurposeColumn = postgres.StringColumn("purpose")
|
||||||
mutableColumns = postgres.ColumnList{AccountIDColumn, EmailColumn, CodeHashColumn, ExpiresAtColumn, AttemptsColumn, ConsumedAtColumn, CreatedAtColumn}
|
LinkTokenHashColumn = postgres.StringColumn("link_token_hash")
|
||||||
defaultColumns = postgres.ColumnList{AttemptsColumn, CreatedAtColumn}
|
allColumns = postgres.ColumnList{ConfirmationIDColumn, AccountIDColumn, EmailColumn, CodeHashColumn, ExpiresAtColumn, AttemptsColumn, ConsumedAtColumn, CreatedAtColumn, PurposeColumn, LinkTokenHashColumn}
|
||||||
|
mutableColumns = postgres.ColumnList{AccountIDColumn, EmailColumn, CodeHashColumn, ExpiresAtColumn, AttemptsColumn, ConsumedAtColumn, CreatedAtColumn, PurposeColumn, LinkTokenHashColumn}
|
||||||
|
defaultColumns = postgres.ColumnList{AttemptsColumn, CreatedAtColumn, PurposeColumn}
|
||||||
)
|
)
|
||||||
|
|
||||||
return emailConfirmationsTable{
|
return emailConfirmationsTable{
|
||||||
@@ -91,6 +95,8 @@ func newEmailConfirmationsTableImpl(schemaName, tableName, alias string) emailCo
|
|||||||
Attempts: AttemptsColumn,
|
Attempts: AttemptsColumn,
|
||||||
ConsumedAt: ConsumedAtColumn,
|
ConsumedAt: ConsumedAtColumn,
|
||||||
CreatedAt: CreatedAtColumn,
|
CreatedAt: CreatedAtColumn,
|
||||||
|
Purpose: PurposeColumn,
|
||||||
|
LinkTokenHash: LinkTokenHashColumn,
|
||||||
|
|
||||||
AllColumns: allColumns,
|
AllColumns: allColumns,
|
||||||
MutableColumns: mutableColumns,
|
MutableColumns: mutableColumns,
|
||||||
|
|||||||
@@ -0,0 +1,99 @@
|
|||||||
|
//
|
||||||
|
// Code generated by go-jet DO NOT EDIT.
|
||||||
|
//
|
||||||
|
// WARNING: Changes to this file may cause incorrect behavior
|
||||||
|
// and will be lost if the code is regenerated
|
||||||
|
//
|
||||||
|
|
||||||
|
package table
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/go-jet/jet/v2/postgres"
|
||||||
|
)
|
||||||
|
|
||||||
|
var RetainedIdentities = newRetainedIdentitiesTable("backend", "retained_identities", "")
|
||||||
|
|
||||||
|
type retainedIdentitiesTable struct {
|
||||||
|
postgres.Table
|
||||||
|
|
||||||
|
// Columns
|
||||||
|
RetainedID postgres.ColumnString
|
||||||
|
AccountID postgres.ColumnString
|
||||||
|
Kind postgres.ColumnString
|
||||||
|
ExternalID postgres.ColumnString
|
||||||
|
Confirmed postgres.ColumnBool
|
||||||
|
LinkedAt postgres.ColumnTimestampz
|
||||||
|
DetachedAt postgres.ColumnTimestampz
|
||||||
|
Reason postgres.ColumnString
|
||||||
|
|
||||||
|
AllColumns postgres.ColumnList
|
||||||
|
MutableColumns postgres.ColumnList
|
||||||
|
DefaultColumns postgres.ColumnList
|
||||||
|
}
|
||||||
|
|
||||||
|
type RetainedIdentitiesTable struct {
|
||||||
|
retainedIdentitiesTable
|
||||||
|
|
||||||
|
EXCLUDED retainedIdentitiesTable
|
||||||
|
}
|
||||||
|
|
||||||
|
// AS creates new RetainedIdentitiesTable with assigned alias
|
||||||
|
func (a RetainedIdentitiesTable) AS(alias string) *RetainedIdentitiesTable {
|
||||||
|
return newRetainedIdentitiesTable(a.SchemaName(), a.TableName(), alias)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Schema creates new RetainedIdentitiesTable with assigned schema name
|
||||||
|
func (a RetainedIdentitiesTable) FromSchema(schemaName string) *RetainedIdentitiesTable {
|
||||||
|
return newRetainedIdentitiesTable(schemaName, a.TableName(), a.Alias())
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithPrefix creates new RetainedIdentitiesTable with assigned table prefix
|
||||||
|
func (a RetainedIdentitiesTable) WithPrefix(prefix string) *RetainedIdentitiesTable {
|
||||||
|
return newRetainedIdentitiesTable(a.SchemaName(), prefix+a.TableName(), a.TableName())
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithSuffix creates new RetainedIdentitiesTable with assigned table suffix
|
||||||
|
func (a RetainedIdentitiesTable) WithSuffix(suffix string) *RetainedIdentitiesTable {
|
||||||
|
return newRetainedIdentitiesTable(a.SchemaName(), a.TableName()+suffix, a.TableName())
|
||||||
|
}
|
||||||
|
|
||||||
|
func newRetainedIdentitiesTable(schemaName, tableName, alias string) *RetainedIdentitiesTable {
|
||||||
|
return &RetainedIdentitiesTable{
|
||||||
|
retainedIdentitiesTable: newRetainedIdentitiesTableImpl(schemaName, tableName, alias),
|
||||||
|
EXCLUDED: newRetainedIdentitiesTableImpl("", "excluded", ""),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func newRetainedIdentitiesTableImpl(schemaName, tableName, alias string) retainedIdentitiesTable {
|
||||||
|
var (
|
||||||
|
RetainedIDColumn = postgres.StringColumn("retained_id")
|
||||||
|
AccountIDColumn = postgres.StringColumn("account_id")
|
||||||
|
KindColumn = postgres.StringColumn("kind")
|
||||||
|
ExternalIDColumn = postgres.StringColumn("external_id")
|
||||||
|
ConfirmedColumn = postgres.BoolColumn("confirmed")
|
||||||
|
LinkedAtColumn = postgres.TimestampzColumn("linked_at")
|
||||||
|
DetachedAtColumn = postgres.TimestampzColumn("detached_at")
|
||||||
|
ReasonColumn = postgres.StringColumn("reason")
|
||||||
|
allColumns = postgres.ColumnList{RetainedIDColumn, AccountIDColumn, KindColumn, ExternalIDColumn, ConfirmedColumn, LinkedAtColumn, DetachedAtColumn, ReasonColumn}
|
||||||
|
mutableColumns = postgres.ColumnList{AccountIDColumn, KindColumn, ExternalIDColumn, ConfirmedColumn, LinkedAtColumn, DetachedAtColumn, ReasonColumn}
|
||||||
|
defaultColumns = postgres.ColumnList{ConfirmedColumn, DetachedAtColumn}
|
||||||
|
)
|
||||||
|
|
||||||
|
return retainedIdentitiesTable{
|
||||||
|
Table: postgres.NewTable(schemaName, tableName, alias, allColumns...),
|
||||||
|
|
||||||
|
//Columns
|
||||||
|
RetainedID: RetainedIDColumn,
|
||||||
|
AccountID: AccountIDColumn,
|
||||||
|
Kind: KindColumn,
|
||||||
|
ExternalID: ExternalIDColumn,
|
||||||
|
Confirmed: ConfirmedColumn,
|
||||||
|
LinkedAt: LinkedAtColumn,
|
||||||
|
DetachedAt: DetachedAtColumn,
|
||||||
|
Reason: ReasonColumn,
|
||||||
|
|
||||||
|
AllColumns: allColumns,
|
||||||
|
MutableColumns: mutableColumns,
|
||||||
|
DefaultColumns: defaultColumns,
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -34,6 +34,7 @@ func UseSchema(schema string) {
|
|||||||
GameSetupDraws = GameSetupDraws.FromSchema(schema)
|
GameSetupDraws = GameSetupDraws.FromSchema(schema)
|
||||||
Games = Games.FromSchema(schema)
|
Games = Games.FromSchema(schema)
|
||||||
Identities = Identities.FromSchema(schema)
|
Identities = Identities.FromSchema(schema)
|
||||||
|
RetainedIdentities = RetainedIdentities.FromSchema(schema)
|
||||||
Sessions = Sessions.FromSchema(schema)
|
Sessions = Sessions.FromSchema(schema)
|
||||||
SuspensionReasons = SuspensionReasons.FromSchema(schema)
|
SuspensionReasons = SuspensionReasons.FromSchema(schema)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,64 @@
|
|||||||
|
-- Replace the default (house) ad campaign's single seed tip with the curated,
|
||||||
|
-- language-agnostic Scrabble tip set (one bilingual row per tip; the client picks the
|
||||||
|
-- column for the viewer's language). Data-only — the ad_messages schema is unchanged, so
|
||||||
|
-- a backend image rollback stays DB-safe. The default campaign is the fixed house id seeded
|
||||||
|
-- in 00001; ON DELETE CASCADE is irrelevant here (we only touch its messages).
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
DELETE FROM backend.ad_messages WHERE campaign_id = '00000000-0000-0000-0000-0000000000ad';
|
||||||
|
INSERT INTO backend.ad_messages (message_id, campaign_id, "position", body_en, body_ru) VALUES
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 0, 'Keep a balanced rack — a slight edge of consonants over vowels.', 'Держи на руках баланс — с лёгким перевесом согласных над гласными.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 1, 'Your "leave" (the tiles you keep) sets up your next turn — value it.', '«Остаток» (что оставляешь на руках) готовит следующий ход — цени его.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 2, 'Shed duplicate tiles — repeats clog your options.', 'Сбрасывай дубли фишек — повторы забивают возможности.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 3, 'A slightly consonant-heavy rack builds full-rack plays more easily.', 'Лёгкий перевес согласных проще складывается в выкладку всех фишек.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 4, 'Play several tiles per turn to keep your rack cycling.', 'Выкладывай по нескольку фишек за ход, чтобы рука обновлялась.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 5, 'Don''t hoard hard-to-place duplicates or a lone high-value tile.', 'Не копи труднопристраиваемые дубли или одинокую дорогую фишку.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 6, 'Using all your rack tiles in one move scores a large bonus — chase it.', 'Выкладка всех фишек с рук за ход даёт крупный бонус — стремись к ней.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 7, 'Learn common prefixes and suffixes — they extend words to use every tile.', 'Учи частые приставки и суффиксы — они растягивают слово на все фишки.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 8, '"Fish": play few tiles to keep a near-complete rack when you''re ahead.', '«Рыбачь»: сыграй мало фишек, сохранив почти всю руку, когда ведёшь.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 9, 'Don''t hoard high-value tiles — play them in good time, not at the very end.', 'Не копи дорогие фишки — играй их вовремя, а не под самый конец.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 10, 'Don''t hold a high-value tile waiting for a rare partner — usually a loss.', 'Не держи дорогую фишку ради редкого партнёра — обычно это проигрыш.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 11, 'Land your priciest tile on a premium square for a big single score.', 'Сажай самую дорогую фишку на бонусную клетку ради крупных очков.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 12, 'High-value tiles shine in parallel plays through short words.', 'Дорогие фишки сильны в параллельных выкладках через короткие слова.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 13, 'Stuck with an unplayable high-value tile late? Exchange it.', 'Завис с неиграбельной дорогой фишкой под конец? Обменяй её.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 14, 'The blanks are the most valuable tiles in the bag — guard them.', 'Пустышки — самые ценные фишки в мешке; береги их.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 15, 'Save a blank for a full-rack play or a key premium square.', 'Береги пустышку для выкладки всех фишек или важной бонусной клетки.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 16, 'Don''t spend a blank cheaply — hold it for a much bigger gain.', 'Не трать пустышку по мелочи — придержи ради куда большей выгоды.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 17, 'Put high-value tiles on letter-bonus or word-bonus squares.', 'Клади дорогие фишки на бонус буквы или слова.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 18, 'Stack bonuses — a letter bonus under a word bonus multiplies both.', 'Совмещай бонусы — бонус буквы под бонусом слова умножает оба.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 19, 'Parallel plays can earn nearly half your points — look for them.', 'Параллельные выкладки могут давать почти половину очков — ищи их.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 20, 'A hook adds one tile to an existing word to make a new one.', '«Крючок» — одна фишка к готовому слову, образующая новое.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 21, 'Hooks work at the front or the back of a word.', 'Крючки работают спереди и сзади слова.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 22, 'Short words are the keys to tight parallel plays — memorize them.', 'Короткие слова — ключ к плотным параллелям; выучи их.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 23, 'Your opening word crosses the centre — keep it compact, don''t open up.', 'Первое слово идёт через центр — держи компактным, не раскрывайся.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 24, 'It''s not only your score — limit your opponent''s options too.', 'Это не только твои очки — ограничивай и возможности соперника.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 25, 'Denying a big reply often beats squeezing a few more points yourself.', 'Закрыть крупный ответ часто важнее, чем добрать пару своих очков.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 26, 'When ahead, keep the board tight and closed; avoid open lanes.', 'Ведёшь — держи доску плотной и закрытой, не открывай линии.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 27, 'When behind, open the board up to create high-scoring chances.', 'Отстаёшь — раскрывай доску ради шансов на крупный ход.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 28, 'Don''t leave a word-bonus square open right beside your word.', 'Не оставляй клетку бонуса слова открытой рядом со своим словом.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 29, 'Block a hot square even with a weak word to deny a big play.', 'Закрывай опасную клетку даже слабым словом, чтобы срубить крупный ход.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 30, 'Know words that take no hooks — use them to seal off lines.', 'Знай слова, не берущие крючков — ими запирай линии.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 31, 'Track the tiles played to judge what is still left in the bag.', 'Считай сыгранные фишки — так поймёшь, что осталось в мешке.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 32, 'Exchange when your rack is unbalanced or can only score low.', 'Меняй фишки, когда рука несбалансированна или тянет мало.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 33, 'A good exchange beats a bad play — a clean rack is worth a turn.', 'Хороший обмен лучше плохого хода — чистая рука стоит хода.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 34, 'Swap away a surplus of vowels or consonants to rebalance.', 'Сбрасывай в обмен избыток гласных или согласных, чтобы выровняться.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 35, 'Rare high-value tiles are gone once seen — note them as they appear.', 'Редкие дорогие фишки исчезают, едва мелькнув — отмечай их.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 36, 'Once the bag is empty, deduce your opponent''s remaining tiles.', 'Когда мешок пуст, вычисли оставшиеся фишки соперника.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 37, 'Shed high-value tiles before the bag empties — don''t get stuck with them.', 'Сбрось дорогие фишки до опустения мешка — не зависай с ними.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 38, 'Unplayed tiles count against you at the end — try to go out first.', 'Несыгранные фишки минусуют очки в конце — старайся выйти первым.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 39, 'Going out first adds your opponent''s leftover tiles to your score.', 'Кто вышел первым, добирает очки за оставшиеся фишки соперника.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 40, 'Sometimes leaving one tile in the bag buys you an extra turn.', 'Иногда оставить одну фишку в мешке — это лишний ход.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 41, 'In the endgame, block the exact squares your opponent needs.', 'В эндшпиле блокируй именно те клетки, что нужны сопернику.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 42, 'Shuffle your rack to spot new patterns.', 'Перемешивай фишки на руках — так замечаешь новые сочетания.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 43, 'Separate prefix, suffix and middle tiles to anagram faster.', 'Разнеси приставку, суффикс и середину — анаграммы решаются быстрее.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 44, 'Value board position and future turns over raw points this turn.', 'Цени позицию и будущие ходы выше сиюминутных очков.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 45, 'Early game build position; midgame maximize score; endgame defend.', 'В начале — позиция, в середине — очки, в конце — защита.'),
|
||||||
|
(gen_random_uuid(), '00000000-0000-0000-0000-0000000000ad', 46, 'Learn the short-word lists first — they pay off in every game.', 'Сначала учи списки коротких слов — окупаются в каждой партии.');
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
-- Restore the original single house tip seeded by the baseline.
|
||||||
|
DELETE FROM backend.ad_messages WHERE campaign_id = '00000000-0000-0000-0000-0000000000ad';
|
||||||
|
INSERT INTO backend.ad_messages (message_id, campaign_id, "position", body_en, body_ru)
|
||||||
|
VALUES ('00000000-0000-0000-0000-0000000000a1', '00000000-0000-0000-0000-0000000000ad', 0,
|
||||||
|
'Tip: a play using all 7 tiles earns a +50 bonus.',
|
||||||
|
'Совет: ход всеми 7 фишками приносит бонус +50 очков.');
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
-- Capture the client app version (the build a report was sent from) with each feedback
|
||||||
|
-- message, so the operator console can show which version a player was on. Nullable, so the
|
||||||
|
-- rows that predate this keep working — additive and backward-compatible, so a backend image
|
||||||
|
-- rollback stays DB-safe (older code simply ignores the column).
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
ALTER TABLE backend.feedback_messages ADD COLUMN app_version text;
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
ALTER TABLE backend.feedback_messages DROP COLUMN app_version;
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
-- Capture the client's detected UTC offset ("±HH:MM") with each feedback message, so the
|
||||||
|
-- operator console can show the filed time in the sender's browser-local zone even before that
|
||||||
|
-- player has ever saved a profile (the account zone defaults to UTC until then). Nullable, so the
|
||||||
|
-- rows that predate this keep working — additive and backward-compatible, so a backend image
|
||||||
|
-- rollback stays DB-safe (older code simply ignores the column).
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
ALTER TABLE backend.feedback_messages ADD COLUMN browser_tz text;
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
ALTER TABLE backend.feedback_messages DROP COLUMN browser_tz;
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
-- Admit the 'vk' platform identity (VK Mini App users) into the identities.kind check
|
||||||
|
-- constraint, alongside telegram/email/robot. Expand-contract: widening the allowed set
|
||||||
|
-- is backward-compatible, so a backend image rollback stays DB-safe — the older code
|
||||||
|
-- simply never writes a 'vk' row. The table shape is unchanged (only the CHECK), so the
|
||||||
|
-- generated go-jet model is not regenerated.
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
ALTER TABLE backend.identities DROP CONSTRAINT identities_kind_chk;
|
||||||
|
ALTER TABLE backend.identities ADD CONSTRAINT identities_kind_chk CHECK ((kind = ANY (ARRAY['telegram'::text, 'vk'::text, 'email'::text, 'robot'::text])));
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
ALTER TABLE backend.identities DROP CONSTRAINT identities_kind_chk;
|
||||||
|
ALTER TABLE backend.identities ADD CONSTRAINT identities_kind_chk CHECK ((kind = ANY (ARRAY['telegram'::text, 'email'::text, 'robot'::text])));
|
||||||
@@ -0,0 +1,27 @@
|
|||||||
|
-- Add the confirm deeplink token and the confirmation purpose to email_confirmations.
|
||||||
|
-- purpose tags what verifying the code/token does (email login, identity link, email
|
||||||
|
-- change, or account deletion); link_token_hash holds the SHA-256 hex of the one-click
|
||||||
|
-- deeplink token (only the hash is stored, mirroring the session-token model).
|
||||||
|
-- Expand-contract: both columns are additive. purpose gets a NOT NULL DEFAULT so
|
||||||
|
-- existing rows fill in; link_token_hash is nullable with a partial-unique index. A
|
||||||
|
-- backend image rollback stays DB-safe — older code simply ignores the new columns. The
|
||||||
|
-- table shape changes, so the generated go-jet model for this table is regenerated.
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
ALTER TABLE backend.email_confirmations
|
||||||
|
ADD COLUMN purpose text NOT NULL DEFAULT 'link',
|
||||||
|
ADD COLUMN link_token_hash text;
|
||||||
|
ALTER TABLE backend.email_confirmations
|
||||||
|
ADD CONSTRAINT email_confirmations_purpose_chk
|
||||||
|
CHECK ((purpose = ANY (ARRAY['login'::text, 'link'::text, 'change'::text, 'delete'::text])));
|
||||||
|
CREATE UNIQUE INDEX email_confirmations_link_token_hash_key
|
||||||
|
ON backend.email_confirmations (link_token_hash)
|
||||||
|
WHERE link_token_hash IS NOT NULL;
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
DROP INDEX IF EXISTS backend.email_confirmations_link_token_hash_key;
|
||||||
|
ALTER TABLE backend.email_confirmations
|
||||||
|
DROP CONSTRAINT IF EXISTS email_confirmations_purpose_chk;
|
||||||
|
ALTER TABLE backend.email_confirmations
|
||||||
|
DROP COLUMN IF EXISTS link_token_hash,
|
||||||
|
DROP COLUMN IF EXISTS purpose;
|
||||||
@@ -0,0 +1,47 @@
|
|||||||
|
-- Account deletion as legal retention (not erasure). Two additive pieces.
|
||||||
|
--
|
||||||
|
-- retained_identities is an append-only journal of every credential detached from an
|
||||||
|
-- account — on unlink, email change, or account deletion (reason). It preserves the legal
|
||||||
|
-- dossier (which email/vk/tg was linked, and when) while the live identities row is
|
||||||
|
-- removed, so the (kind, external_id) frees for a new account to reuse. No unique
|
||||||
|
-- constraint and no kind CHECK: the same credential may recur across accounts and events,
|
||||||
|
-- and the log stays robust to future identity kinds. detached_at drives the retention TTL.
|
||||||
|
--
|
||||||
|
-- accounts gains: last_login_at / last_login_ip (stamped on a cold app-load, throttled),
|
||||||
|
-- deleted_at (the tombstone marker), and deleted_display_name (the real name retained for
|
||||||
|
-- the admin dossier after the live display_name is scrubbed to the anonymised label).
|
||||||
|
--
|
||||||
|
-- Expand-contract: everything is additive (a new table plus nullable columns), so a
|
||||||
|
-- backend image rollback stays DB-safe — older code simply ignores them. The accounts
|
||||||
|
-- table shape changes, so its generated go-jet model is regenerated.
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
CREATE TABLE backend.retained_identities (
|
||||||
|
retained_id uuid NOT NULL,
|
||||||
|
account_id uuid NOT NULL,
|
||||||
|
kind text NOT NULL,
|
||||||
|
external_id text NOT NULL,
|
||||||
|
confirmed boolean DEFAULT false NOT NULL,
|
||||||
|
linked_at timestamp with time zone NOT NULL,
|
||||||
|
detached_at timestamp with time zone DEFAULT now() NOT NULL,
|
||||||
|
reason text NOT NULL,
|
||||||
|
CONSTRAINT retained_identities_pkey PRIMARY KEY (retained_id),
|
||||||
|
CONSTRAINT retained_identities_reason_chk
|
||||||
|
CHECK ((reason = ANY (ARRAY['unlink'::text, 'change'::text, 'delete'::text])))
|
||||||
|
);
|
||||||
|
CREATE INDEX retained_identities_account_id_idx ON backend.retained_identities (account_id);
|
||||||
|
CREATE INDEX retained_identities_detached_at_idx ON backend.retained_identities (detached_at);
|
||||||
|
|
||||||
|
ALTER TABLE backend.accounts
|
||||||
|
ADD COLUMN last_login_at timestamp with time zone,
|
||||||
|
ADD COLUMN last_login_ip text,
|
||||||
|
ADD COLUMN deleted_at timestamp with time zone,
|
||||||
|
ADD COLUMN deleted_display_name text;
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
ALTER TABLE backend.accounts
|
||||||
|
DROP COLUMN last_login_at,
|
||||||
|
DROP COLUMN last_login_ip,
|
||||||
|
DROP COLUMN deleted_at,
|
||||||
|
DROP COLUMN deleted_display_name;
|
||||||
|
DROP TABLE backend.retained_identities;
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
-- Admit the 'merge' reason into retained_identities. An account merge folds a secondary
|
||||||
|
-- account into a primary; when both hold an identity of the same kind (e.g. each has a
|
||||||
|
-- confirmed email), the survivor keeps its own and the secondary's is journaled to the
|
||||||
|
-- legal dossier and removed — so the survivor never ends up with two identities of one
|
||||||
|
-- kind, and the absorbed credential is still retained. That journal row carries reason
|
||||||
|
-- 'merge', alongside the existing unlink / change / delete.
|
||||||
|
--
|
||||||
|
-- Expand-contract: the Up only WIDENS the allowed reason set, so an older backend image
|
||||||
|
-- (which writes only unlink/change/delete) still satisfies the constraint — a rollback
|
||||||
|
-- stays DB-safe. The Down narrows it again and would reject pre-existing 'merge' rows, so
|
||||||
|
-- it is a dev-only convenience, not a production rollback path (image rollback runs old
|
||||||
|
-- code against this schema, not the Down migration).
|
||||||
|
|
||||||
|
-- +goose Up
|
||||||
|
ALTER TABLE backend.retained_identities DROP CONSTRAINT retained_identities_reason_chk;
|
||||||
|
ALTER TABLE backend.retained_identities ADD CONSTRAINT retained_identities_reason_chk
|
||||||
|
CHECK ((reason = ANY (ARRAY['unlink'::text, 'change'::text, 'delete'::text, 'merge'::text])));
|
||||||
|
|
||||||
|
-- +goose Down
|
||||||
|
ALTER TABLE backend.retained_identities DROP CONSTRAINT retained_identities_reason_chk;
|
||||||
|
ALTER TABLE backend.retained_identities ADD CONSTRAINT retained_identities_reason_chk
|
||||||
|
CHECK ((reason = ANY (ARRAY['unlink'::text, 'change'::text, 'delete'::text])));
|
||||||
@@ -0,0 +1,61 @@
|
|||||||
|
// Package render is the backend's client for the internal image-render sidecar: it POSTs
|
||||||
|
// a finished game's export payload and receives the rasterized PNG. The sidecar runs the
|
||||||
|
// same drawing code the web client unit-tests (ui/src/lib/gameimage.ts on skia-canvas);
|
||||||
|
// authentication and the signed public URL live in the server layer — this client only
|
||||||
|
// carries bytes.
|
||||||
|
package render
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// maxPNG caps a render response; a scale-2 export of the largest plausible game is well
|
||||||
|
// under 2 MiB, so anything bigger is a sidecar malfunction, not a valid image.
|
||||||
|
const maxPNG = 8 << 20
|
||||||
|
|
||||||
|
// Client calls the render sidecar over the internal network.
|
||||||
|
type Client struct {
|
||||||
|
base string
|
||||||
|
http *http.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
// New returns a client for the sidecar at baseURL (e.g. http://renderer:8090). A render
|
||||||
|
// of a full game takes well under a second; the timeout leaves room for a cold start.
|
||||||
|
func New(baseURL string) *Client {
|
||||||
|
return &Client{base: baseURL, http: &http.Client{Timeout: 15 * time.Second}}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Render posts payload (the JSON request shape the sidecar consumes) and returns the PNG.
|
||||||
|
func (c *Client) Render(ctx context.Context, payload any) ([]byte, error) {
|
||||||
|
body, err := json.Marshal(payload)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("render: marshal payload: %w", err)
|
||||||
|
}
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.base+"/render", bytes.NewReader(body))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("render: build request: %w", err)
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
resp, err := c.http.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("render: %w", err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
return nil, fmt.Errorf("render: sidecar status %d", resp.StatusCode)
|
||||||
|
}
|
||||||
|
png, err := io.ReadAll(io.LimitReader(resp.Body, maxPNG+1))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("render: read response: %w", err)
|
||||||
|
}
|
||||||
|
if len(png) > maxPNG {
|
||||||
|
return nil, fmt.Errorf("render: response exceeds %d bytes", maxPNG)
|
||||||
|
}
|
||||||
|
return png, nil
|
||||||
|
}
|
||||||
@@ -45,9 +45,34 @@ type bannerTimingsDTO struct {
|
|||||||
func (s *Server) profileResponse(ctx context.Context, acc account.Account) profileResponse {
|
func (s *Server) profileResponse(ctx context.Context, acc account.Account) profileResponse {
|
||||||
r := profileResponseFor(acc)
|
r := profileResponseFor(acc)
|
||||||
r.Banner = s.bannerFor(ctx, acc)
|
r.Banner = s.bannerFor(ctx, acc)
|
||||||
|
s.fillLinkedIdentities(ctx, &r, acc.ID)
|
||||||
return r
|
return r
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// fillLinkedIdentities sets the profile's confirmed email address and platform-linked
|
||||||
|
// flags from the account's identities, so the client offers the right link / unlink /
|
||||||
|
// change-email controls. A read failure leaves them zero (no controls), logged as a
|
||||||
|
// warning so the profile response still succeeds.
|
||||||
|
func (s *Server) fillLinkedIdentities(ctx context.Context, r *profileResponse, accountID uuid.UUID) {
|
||||||
|
ids, err := s.accounts.Identities(ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
s.log.Warn("profile: identities read failed", zap.String("account", accountID.String()), zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
for _, id := range ids {
|
||||||
|
switch id.Kind {
|
||||||
|
case account.KindEmail:
|
||||||
|
if id.Confirmed {
|
||||||
|
r.Email = id.ExternalID
|
||||||
|
}
|
||||||
|
case account.KindTelegram:
|
||||||
|
r.TelegramLinked = true
|
||||||
|
case account.KindVK:
|
||||||
|
r.VkLinked = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// bannerFor builds the advertising-banner block for the account's profile, or
|
// bannerFor builds the advertising-banner block for the account's profile, or
|
||||||
// nil when the ads service is not configured or the viewer is not eligible to
|
// nil when the ads service is not configured or the viewer is not eligible to
|
||||||
// see a banner. The message language follows the account's bot (service)
|
// see a banner. The message language follows the account's bot (service)
|
||||||
|
|||||||
@@ -56,6 +56,13 @@ type profileResponse struct {
|
|||||||
// see the banner (a free account with an empty hint wallet and without the
|
// see the banner (a free account with an empty hint wallet and without the
|
||||||
// no_banner role), absent otherwise. See banner.go.
|
// no_banner role), absent otherwise. See banner.go.
|
||||||
Banner *bannerDTO `json:"banner,omitempty"`
|
Banner *bannerDTO `json:"banner,omitempty"`
|
||||||
|
// Email is the account's confirmed email address ("" when none); TelegramLinked and
|
||||||
|
// VkLinked report whether a platform identity is attached. They drive the profile's
|
||||||
|
// link / unlink / change-email controls, and are filled outside the pure projection
|
||||||
|
// (they read the account's identities). See Server.profileResponse.
|
||||||
|
Email string `json:"email"`
|
||||||
|
TelegramLinked bool `json:"telegram_linked"`
|
||||||
|
VkLinked bool `json:"vk_linked"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// tileDTO is one placed (or to-place) tile.
|
// tileDTO is one placed (or to-place) tile.
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ func TestStatusForError(t *testing.T) {
|
|||||||
"illegal play": {engine.ErrIllegalPlay, http.StatusUnprocessableEntity, "illegal_play"},
|
"illegal play": {engine.ErrIllegalPlay, http.StatusUnprocessableEntity, "illegal_play"},
|
||||||
"email taken": {account.ErrEmailTaken, http.StatusConflict, "email_taken"},
|
"email taken": {account.ErrEmailTaken, http.StatusConflict, "email_taken"},
|
||||||
"code mismatch": {account.ErrCodeMismatch, http.StatusUnauthorized, "code_invalid"},
|
"code mismatch": {account.ErrCodeMismatch, http.StatusUnauthorized, "code_invalid"},
|
||||||
|
"too many codes": {account.ErrTooManyRequests, http.StatusTooManyRequests, "too_many_requests"},
|
||||||
"session gone": {session.ErrNotFound, http.StatusUnauthorized, "session_invalid"},
|
"session gone": {session.ErrNotFound, http.StatusUnauthorized, "session_invalid"},
|
||||||
"chat forbidden": {social.ErrForbiddenContent, http.StatusUnprocessableEntity, "chat_rejected"},
|
"chat forbidden": {social.ErrForbiddenContent, http.StatusUnprocessableEntity, "chat_rejected"},
|
||||||
"no hint move": {game.ErrNoHintAvailable, http.StatusConflict, "no_hint_available"},
|
"no hint move": {game.ErrNoHintAvailable, http.StatusConflict, "no_hint_available"},
|
||||||
|
|||||||
@@ -0,0 +1,310 @@
|
|||||||
|
// Finished-game export downloads: a signed, short-lived, relative URL minted for a
|
||||||
|
// participant and later fetched with no credentials at all — the platforms' native
|
||||||
|
// download calls (Telegram downloadFile, VKWebAppDownloadFile, a plain browser
|
||||||
|
// anchor) strip cookies and headers, so the HMAC in the URL is the whole grant.
|
||||||
|
// The client resolves the relative path against its own origin; the edge routes
|
||||||
|
// /dl/* to the gateway, which forwards it here (/api/v1/public/dl/...).
|
||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/hmac"
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/base64"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/engine"
|
||||||
|
"scrabble/backend/internal/game"
|
||||||
|
)
|
||||||
|
|
||||||
|
// exportURLTTL is how long a minted download URL stays valid. Long enough for the
|
||||||
|
// platform's download dialog and a retry, short enough that a leaked link dies fast.
|
||||||
|
const exportURLTTL = 10 * time.Minute
|
||||||
|
|
||||||
|
// Query/label size caps: the presentation params ride the signed URL, so they are
|
||||||
|
// bounded defensively (they only ever hold a BCP-47 tag and four short UI words).
|
||||||
|
const (
|
||||||
|
maxDateLocaleLen = 35
|
||||||
|
maxLabelsLen = 120
|
||||||
|
maxTimeZoneLen = 50
|
||||||
|
)
|
||||||
|
|
||||||
|
// exportActionOrder fixes the position of each non-play move label in the `t` CSV.
|
||||||
|
var exportActionOrder = [4]string{"pass", "exchange", "resign", "timeout"}
|
||||||
|
|
||||||
|
// signExport computes the URL signature over the canonical parameter string. The
|
||||||
|
// canonical form is independent of the public path prefix, so the gateway may mount
|
||||||
|
// the route anywhere.
|
||||||
|
func (s *Server) signExport(gameID, kind, exp, dateLocale, timeZone, labels string) string {
|
||||||
|
mac := hmac.New(sha256.New, s.exportKey)
|
||||||
|
fmt.Fprintf(mac, "%s|%s|%s|%s|%s|%s", gameID, kind, exp, dateLocale, timeZone, labels)
|
||||||
|
return base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
|
||||||
|
}
|
||||||
|
|
||||||
|
// exportURLDTO is the minted link: a relative signed path plus the download filename.
|
||||||
|
type exportURLDTO struct {
|
||||||
|
Path string `json:"path"`
|
||||||
|
Filename string `json:"filename"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleExportURL mints the signed download path for a finished game's artifact.
|
||||||
|
// GET /api/v1/user/games/:id/export-url?kind=png|gcg&dl=<date-locale>&tz=<IANA zone>&t=<labels CSV>
|
||||||
|
func (s *Server) handleExportURL(c *gin.Context) {
|
||||||
|
if len(s.exportKey) == 0 {
|
||||||
|
c.AbortWithStatusJSON(http.StatusServiceUnavailable,
|
||||||
|
errorResponse{Error: errorBody{Code: "export_unavailable", Message: "export signing is not configured"}})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
_, gameID, ok := s.userGame(c)
|
||||||
|
if !ok {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
kind := c.Query("kind")
|
||||||
|
if kind != "png" && kind != "gcg" {
|
||||||
|
abortBadRequest(c, "invalid kind")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
dateLocale := c.Query("dl")
|
||||||
|
timeZone := c.Query("tz")
|
||||||
|
labels := c.Query("t")
|
||||||
|
if len(dateLocale) > maxDateLocaleLen || len(labels) > maxLabelsLen || len(timeZone) > maxTimeZoneLen {
|
||||||
|
abortBadRequest(c, "presentation params too long")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := s.games.EnsureExportable(c.Request.Context(), gameID); err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
exp := strconv.FormatInt(time.Now().Add(exportURLTTL).Unix(), 10)
|
||||||
|
sig := s.signExport(gameID.String(), kind, exp, dateLocale, timeZone, labels)
|
||||||
|
q := url.Values{"e": {exp}, "s": {sig}}
|
||||||
|
if dateLocale != "" {
|
||||||
|
q.Set("l", dateLocale)
|
||||||
|
}
|
||||||
|
if timeZone != "" {
|
||||||
|
q.Set("z", timeZone)
|
||||||
|
}
|
||||||
|
if labels != "" {
|
||||||
|
q.Set("t", labels)
|
||||||
|
}
|
||||||
|
c.JSON(http.StatusOK, exportURLDTO{
|
||||||
|
Path: "/dl/" + gameID.String() + "/" + kind + "?" + q.Encode(),
|
||||||
|
Filename: exportFilename(gameID, kind),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func exportFilename(gameID uuid.UUID, kind string) string {
|
||||||
|
return "game-" + gameID.String()[:8] + "." + kind
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleExportDownload serves a minted artifact. It is a public route: the signature
|
||||||
|
// and expiry are the only authorization (see the package comment). Every failure is
|
||||||
|
// a plain 404 so the endpoint is not a validity oracle.
|
||||||
|
// GET /api/v1/public/dl/:id/:kind?e=&l=&z=&t=&s=
|
||||||
|
func (s *Server) handleExportDownload(c *gin.Context) {
|
||||||
|
if len(s.exportKey) == 0 {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
gameID, err := uuid.Parse(c.Param("id"))
|
||||||
|
kind := c.Param("kind")
|
||||||
|
exp := c.Query("e")
|
||||||
|
dateLocale := c.Query("l")
|
||||||
|
timeZone := c.Query("z")
|
||||||
|
labels := c.Query("t")
|
||||||
|
sig := c.Query("s")
|
||||||
|
if err != nil || (kind != "png" && kind != "gcg") ||
|
||||||
|
len(dateLocale) > maxDateLocaleLen || len(labels) > maxLabelsLen || len(timeZone) > maxTimeZoneLen {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
want := s.signExport(gameID.String(), kind, exp, dateLocale, timeZone, labels)
|
||||||
|
if subtleNeq(sig, want) {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if unix, err := strconv.ParseInt(exp, 10, 64); err != nil || time.Now().Unix() > unix {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
filename := exportFilename(gameID, kind)
|
||||||
|
if kind == "gcg" {
|
||||||
|
gcg, err := s.games.ExportGCG(c.Request.Context(), gameID)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
serveAttachment(c, filename, "text/plain; charset=utf-8", []byte(gcg))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if s.renderer == nil {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
g, moves, names, err := s.games.ExportView(c.Request.Context(), gameID)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
payload, err := renderPayload(g, moves, names, dateLocale, timeZone, labels, c.GetHeader("X-Public-Host"))
|
||||||
|
if err != nil {
|
||||||
|
s.log.Warn("export render payload", zap.Error(err))
|
||||||
|
c.String(http.StatusNotFound, "not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
png, err := s.renderer.Render(c.Request.Context(), payload)
|
||||||
|
if err != nil {
|
||||||
|
s.log.Warn("export render", zap.Error(err))
|
||||||
|
c.String(http.StatusServiceUnavailable, "render unavailable")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
serveAttachment(c, filename, "image/png", png)
|
||||||
|
}
|
||||||
|
|
||||||
|
// subtleNeq compares two signature strings in constant time.
|
||||||
|
func subtleNeq(got, want string) bool {
|
||||||
|
return !hmac.Equal([]byte(got), []byte(want))
|
||||||
|
}
|
||||||
|
|
||||||
|
// serveAttachment writes bytes as a named file download. Content-Length is set
|
||||||
|
// explicitly: a body over net/http's write buffer otherwise goes out chunked, and
|
||||||
|
// Android's system DownloadManager (which VKWebAppDownloadFile delegates to) hangs
|
||||||
|
// forever on a download of unknown length.
|
||||||
|
func serveAttachment(c *gin.Context, filename, contentType string, data []byte) {
|
||||||
|
c.Header("X-Content-Type-Options", "nosniff")
|
||||||
|
c.Header("Content-Disposition", `attachment; filename="`+sanitizeFilename(filename)+`"`)
|
||||||
|
c.Header("Cache-Control", "private, max-age=0")
|
||||||
|
c.Header("Content-Length", strconv.Itoa(len(data)))
|
||||||
|
c.Data(http.StatusOK, contentType, data)
|
||||||
|
}
|
||||||
|
|
||||||
|
// --- the render-sidecar request payload (the ui-model shapes drawGameImage consumes) ---
|
||||||
|
|
||||||
|
type renderSeatJSON struct {
|
||||||
|
Seat int `json:"seat"`
|
||||||
|
AccountID string `json:"accountId"`
|
||||||
|
DisplayName string `json:"displayName"`
|
||||||
|
Score int `json:"score"`
|
||||||
|
HintsUsed int `json:"hintsUsed"`
|
||||||
|
IsWinner bool `json:"isWinner"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type renderGameJSON struct {
|
||||||
|
ID string `json:"id"`
|
||||||
|
Variant string `json:"variant"`
|
||||||
|
Status string `json:"status"`
|
||||||
|
Players int `json:"players"`
|
||||||
|
LastActivityUnix int64 `json:"lastActivityUnix"`
|
||||||
|
Seats []renderSeatJSON `json:"seats"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type renderTileJSON struct {
|
||||||
|
Row int `json:"row"`
|
||||||
|
Col int `json:"col"`
|
||||||
|
Letter string `json:"letter"`
|
||||||
|
Blank bool `json:"blank"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type renderMoveJSON struct {
|
||||||
|
Player int `json:"player"`
|
||||||
|
Action string `json:"action"`
|
||||||
|
Dir string `json:"dir"`
|
||||||
|
MainRow int `json:"mainRow"`
|
||||||
|
MainCol int `json:"mainCol"`
|
||||||
|
Tiles []renderTileJSON `json:"tiles"`
|
||||||
|
Words []string `json:"words"`
|
||||||
|
Count int `json:"count"`
|
||||||
|
Score int `json:"score"`
|
||||||
|
Total int `json:"total"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type renderAlphaJSON struct {
|
||||||
|
Index int `json:"index"`
|
||||||
|
Letter string `json:"letter"`
|
||||||
|
Value int `json:"value"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type renderRequestJSON struct {
|
||||||
|
Game renderGameJSON `json:"game"`
|
||||||
|
Moves []renderMoveJSON `json:"moves"`
|
||||||
|
Alphabet []renderAlphaJSON `json:"alphabet"`
|
||||||
|
Labels map[string]string `json:"labels"`
|
||||||
|
DateLocale string `json:"dateLocale"`
|
||||||
|
TimeZone string `json:"timeZone"`
|
||||||
|
Hostname string `json:"hostname"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// renderPayload assembles the sidecar request from the export view. Letters are
|
||||||
|
// upper-cased for display exactly as the client codec does; the localized non-play
|
||||||
|
// labels arrive as a positional CSV (see exportActionOrder) minted into the URL.
|
||||||
|
func renderPayload(g game.Game, moves []game.HistoryMove, names []string, dateLocale, timeZone, labelsCSV, host string) (renderRequestJSON, error) {
|
||||||
|
alpha, err := engine.AlphabetTable(g.Variant)
|
||||||
|
if err != nil {
|
||||||
|
return renderRequestJSON{}, fmt.Errorf("alphabet for %s: %w", g.Variant, err)
|
||||||
|
}
|
||||||
|
req := renderRequestJSON{
|
||||||
|
Game: renderGameJSON{
|
||||||
|
ID: g.ID.String(),
|
||||||
|
Variant: g.Variant.String(),
|
||||||
|
Status: g.Status,
|
||||||
|
Players: g.Players,
|
||||||
|
},
|
||||||
|
Labels: map[string]string{},
|
||||||
|
DateLocale: dateLocale,
|
||||||
|
TimeZone: timeZone,
|
||||||
|
Hostname: host,
|
||||||
|
}
|
||||||
|
finished := g.UpdatedAt
|
||||||
|
if g.FinishedAt != nil {
|
||||||
|
finished = *g.FinishedAt
|
||||||
|
}
|
||||||
|
req.Game.LastActivityUnix = finished.Unix()
|
||||||
|
for _, st := range g.Seats {
|
||||||
|
name := st.DisplayName
|
||||||
|
if st.Seat < len(names) {
|
||||||
|
name = names[st.Seat]
|
||||||
|
}
|
||||||
|
req.Game.Seats = append(req.Game.Seats, renderSeatJSON{
|
||||||
|
Seat: st.Seat, AccountID: st.AccountID.String(), DisplayName: name,
|
||||||
|
Score: st.Score, HintsUsed: st.HintsUsed, IsWinner: st.IsWinner,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
for _, m := range moves {
|
||||||
|
mv := renderMoveJSON{
|
||||||
|
Player: m.Seat, Action: m.Action, Dir: m.Dir,
|
||||||
|
MainRow: m.MainRow, MainCol: m.MainCol,
|
||||||
|
Words: make([]string, 0, len(m.Words)),
|
||||||
|
Count: len(m.Exchanged), Score: m.Score, Total: m.RunningTotal,
|
||||||
|
Tiles: make([]renderTileJSON, 0, len(m.Tiles)),
|
||||||
|
}
|
||||||
|
for _, w := range m.Words {
|
||||||
|
mv.Words = append(mv.Words, strings.ToUpper(w))
|
||||||
|
}
|
||||||
|
for _, t := range m.Tiles {
|
||||||
|
mv.Tiles = append(mv.Tiles, renderTileJSON{Row: t.Row, Col: t.Col, Letter: strings.ToUpper(t.Letter), Blank: t.Blank})
|
||||||
|
}
|
||||||
|
req.Moves = append(req.Moves, mv)
|
||||||
|
}
|
||||||
|
for _, a := range alpha {
|
||||||
|
req.Alphabet = append(req.Alphabet, renderAlphaJSON{Index: int(a.Index), Letter: strings.ToUpper(a.Letter), Value: a.Value})
|
||||||
|
}
|
||||||
|
if labelsCSV != "" {
|
||||||
|
parts := strings.Split(labelsCSV, ",")
|
||||||
|
for i, action := range exportActionOrder {
|
||||||
|
if i < len(parts) && parts[i] != "" {
|
||||||
|
req.Labels[action] = parts[i]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return req, nil
|
||||||
|
}
|
||||||
@@ -0,0 +1,148 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/engine"
|
||||||
|
"scrabble/backend/internal/game"
|
||||||
|
"scrabble/backend/internal/session"
|
||||||
|
)
|
||||||
|
|
||||||
|
// newExportServer is the routing harness with a signing key installed, so the
|
||||||
|
// pre-service branches of the export endpoints are reachable.
|
||||||
|
func newExportServer() *Server {
|
||||||
|
return New(":0", Deps{
|
||||||
|
Sessions: &session.Service{},
|
||||||
|
Accounts: &account.Store{},
|
||||||
|
Games: &game.Service{},
|
||||||
|
ExportSignKey: "test-key",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestSignExportIsDeterministicAndTamperEvident(t *testing.T) {
|
||||||
|
s := newExportServer()
|
||||||
|
sig := s.signExport("g1", "png", "123", "ru", "Europe/Moscow", "пас,обмен")
|
||||||
|
if sig != s.signExport("g1", "png", "123", "ru", "Europe/Moscow", "пас,обмен") {
|
||||||
|
t.Fatal("same inputs produced different signatures")
|
||||||
|
}
|
||||||
|
for _, tampered := range []string{
|
||||||
|
s.signExport("g2", "png", "123", "ru", "Europe/Moscow", "пас,обмен"),
|
||||||
|
s.signExport("g1", "gcg", "123", "ru", "Europe/Moscow", "пас,обмен"),
|
||||||
|
s.signExport("g1", "png", "124", "ru", "Europe/Moscow", "пас,обмен"),
|
||||||
|
s.signExport("g1", "png", "123", "en", "Europe/Moscow", "пас,обмен"),
|
||||||
|
s.signExport("g1", "png", "123", "ru", "UTC", "пас,обмен"),
|
||||||
|
s.signExport("g1", "png", "123", "ru", "Europe/Moscow", "пас"),
|
||||||
|
} {
|
||||||
|
if tampered == sig {
|
||||||
|
t.Fatal("tampered input produced the same signature")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestExportURLWithoutKeyIs503(t *testing.T) {
|
||||||
|
s := New(":0", Deps{Sessions: &session.Service{}, Accounts: &account.Store{}, Games: &game.Service{}})
|
||||||
|
rec := do(t, s, http.MethodGet, "/api/v1/user/games/"+uuid.NewString()+"/export-url?kind=png", "",
|
||||||
|
map[string]string{"X-User-ID": uuid.NewString()})
|
||||||
|
if rec.Code != http.StatusServiceUnavailable {
|
||||||
|
t.Fatalf("mint without key = %d, want 503", rec.Code)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestExportURLRejectsBadParams(t *testing.T) {
|
||||||
|
s := newExportServer()
|
||||||
|
uid := map[string]string{"X-User-ID": uuid.NewString()}
|
||||||
|
gid := uuid.NewString()
|
||||||
|
|
||||||
|
if rec := do(t, s, http.MethodGet, "/api/v1/user/games/"+gid+"/export-url?kind=exe", "", uid); rec.Code != http.StatusBadRequest {
|
||||||
|
t.Fatalf("bad kind = %d, want 400", rec.Code)
|
||||||
|
}
|
||||||
|
long := strings.Repeat("x", maxLabelsLen+1)
|
||||||
|
if rec := do(t, s, http.MethodGet, "/api/v1/user/games/"+gid+"/export-url?kind=png&t="+long, "", uid); rec.Code != http.StatusBadRequest {
|
||||||
|
t.Fatalf("oversized labels = %d, want 400", rec.Code)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestExportDownloadRejectsBadSignatures(t *testing.T) {
|
||||||
|
s := newExportServer()
|
||||||
|
gid := uuid.NewString()
|
||||||
|
exp := strconv.FormatInt(time.Now().Add(time.Minute).Unix(), 10)
|
||||||
|
|
||||||
|
// A wrong signature never reaches the domain (404 before any service call).
|
||||||
|
url := "/api/v1/public/dl/" + gid + "/png?e=" + exp + "&s=forged"
|
||||||
|
if rec := do(t, s, http.MethodGet, url, "", nil); rec.Code != http.StatusNotFound {
|
||||||
|
t.Fatalf("forged signature = %d, want 404", rec.Code)
|
||||||
|
}
|
||||||
|
|
||||||
|
// A valid signature over an EXPIRED timestamp is refused the same way.
|
||||||
|
old := strconv.FormatInt(time.Now().Add(-time.Minute).Unix(), 10)
|
||||||
|
url = "/api/v1/public/dl/" + gid + "/png?e=" + old + "&s=" + s.signExport(gid, "png", old, "", "", "")
|
||||||
|
if rec := do(t, s, http.MethodGet, url, "", nil); rec.Code != http.StatusNotFound {
|
||||||
|
t.Fatalf("expired link = %d, want 404", rec.Code)
|
||||||
|
}
|
||||||
|
|
||||||
|
// An unknown kind is refused before signature checks.
|
||||||
|
url = "/api/v1/public/dl/" + gid + "/exe?e=" + exp + "&s=x"
|
||||||
|
if rec := do(t, s, http.MethodGet, url, "", nil); rec.Code != http.StatusNotFound {
|
||||||
|
t.Fatalf("bad kind = %d, want 404", rec.Code)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestRenderPayloadMapsTheExportView(t *testing.T) {
|
||||||
|
gid := uuid.New()
|
||||||
|
finished := time.Unix(1_782_997_629, 0)
|
||||||
|
g := game.Game{
|
||||||
|
ID: gid,
|
||||||
|
Variant: engine.VariantRussianScrabble,
|
||||||
|
Status: game.StatusFinished,
|
||||||
|
Players: 2,
|
||||||
|
FinishedAt: &finished,
|
||||||
|
Seats: []game.Seat{
|
||||||
|
{Seat: 0, Score: 42, IsWinner: true, DisplayName: "snapshot"},
|
||||||
|
{Seat: 1, Score: 30},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
moves := []game.HistoryMove{
|
||||||
|
{
|
||||||
|
Seat: 0, Action: "play", Dir: "H", MainRow: 7, MainCol: 4,
|
||||||
|
Tiles: []engine.TileRecord{{Row: 7, Col: 4, Letter: "ч", Blank: false}},
|
||||||
|
Words: []string{"чика"}, Score: 9, RunningTotal: 9,
|
||||||
|
},
|
||||||
|
{Seat: 1, Action: "exchange", Exchanged: []string{"а", "б"}, RunningTotal: 0},
|
||||||
|
}
|
||||||
|
names := []string{"Аня", "Боб"}
|
||||||
|
|
||||||
|
p, err := renderPayload(g, moves, names, "ru", "Europe/Moscow", "пас,обмен,сдался,таймаут", "erudit-game.ru")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("renderPayload: %v", err)
|
||||||
|
}
|
||||||
|
if p.Game.LastActivityUnix != finished.Unix() {
|
||||||
|
t.Fatalf("lastActivityUnix = %d, want %d", p.Game.LastActivityUnix, finished.Unix())
|
||||||
|
}
|
||||||
|
if p.Game.Seats[0].DisplayName != "Аня" || !p.Game.Seats[0].IsWinner {
|
||||||
|
t.Fatalf("seat 0 = %+v, want the resolved name and the winner flag", p.Game.Seats[0])
|
||||||
|
}
|
||||||
|
if p.Moves[0].Words[0] != "ЧИКА" || p.Moves[0].Tiles[0].Letter != "Ч" {
|
||||||
|
t.Fatalf("letters not upper-cased: %+v", p.Moves[0])
|
||||||
|
}
|
||||||
|
if p.Moves[1].Count != 2 {
|
||||||
|
t.Fatalf("exchange count = %d, want 2", p.Moves[1].Count)
|
||||||
|
}
|
||||||
|
if p.Labels["pass"] != "пас" || p.Labels["timeout"] != "таймаут" {
|
||||||
|
t.Fatalf("labels not mapped positionally: %v", p.Labels)
|
||||||
|
}
|
||||||
|
if len(p.Alphabet) == 0 || p.Hostname != "erudit-game.ru" || p.TimeZone != "Europe/Moscow" {
|
||||||
|
t.Fatalf("alphabet/hostname/zone missing: %d entries, host %q, tz %q", len(p.Alphabet), p.Hostname, p.TimeZone)
|
||||||
|
}
|
||||||
|
for _, a := range p.Alphabet {
|
||||||
|
if a.Letter != strings.ToUpper(a.Letter) {
|
||||||
|
t.Fatalf("alphabet letter %q not upper-cased", a.Letter)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -27,9 +27,11 @@ func (s *Server) registerRoutes() {
|
|||||||
if s.sessions != nil && s.accounts != nil {
|
if s.sessions != nil && s.accounts != nil {
|
||||||
in := s.internal
|
in := s.internal
|
||||||
in.POST("/sessions/telegram", s.handleTelegramAuth)
|
in.POST("/sessions/telegram", s.handleTelegramAuth)
|
||||||
|
in.POST("/sessions/vk", s.handleVKAuth)
|
||||||
in.POST("/sessions/guest", s.handleGuestAuth)
|
in.POST("/sessions/guest", s.handleGuestAuth)
|
||||||
in.POST("/sessions/email/request", s.handleEmailRequest)
|
in.POST("/sessions/email/request", s.handleEmailRequest)
|
||||||
in.POST("/sessions/email/login", s.handleEmailLogin)
|
in.POST("/sessions/email/login", s.handleEmailLogin)
|
||||||
|
in.POST("/sessions/email/confirm-link", s.handleEmailConfirmLink)
|
||||||
in.POST("/sessions/resolve", s.handleResolveSession)
|
in.POST("/sessions/resolve", s.handleResolveSession)
|
||||||
in.POST("/sessions/revoke", s.handleRevokeSession)
|
in.POST("/sessions/revoke", s.handleRevokeSession)
|
||||||
// Out-of-app push routing for the platform side-service: the
|
// Out-of-app push routing for the platform side-service: the
|
||||||
@@ -72,6 +74,18 @@ func (s *Server) registerRoutes() {
|
|||||||
u.POST("/link/email/merge", s.handleLinkEmailMerge)
|
u.POST("/link/email/merge", s.handleLinkEmailMerge)
|
||||||
u.POST("/link/telegram", s.handleLinkTelegram)
|
u.POST("/link/telegram", s.handleLinkTelegram)
|
||||||
u.POST("/link/telegram/merge", s.handleLinkTelegramMerge)
|
u.POST("/link/telegram/merge", s.handleLinkTelegramMerge)
|
||||||
|
u.POST("/link/vk", s.handleLinkVK)
|
||||||
|
u.POST("/link/vk/merge", s.handleLinkVKMerge)
|
||||||
|
u.POST("/link/unlink", s.handleUnlink)
|
||||||
|
// Change the account's confirmed email: mail a code to the new address, then
|
||||||
|
// atomically switch on confirm (a new address owned by another account is
|
||||||
|
// refused without disclosure, never merged).
|
||||||
|
u.POST("/link/email/change/request", s.handleChangeEmailRequest)
|
||||||
|
u.POST("/link/email/change/confirm", s.handleChangeEmailConfirm)
|
||||||
|
// Account deletion (legal retention, not erasure): step-up via a mailed code
|
||||||
|
// (email accounts) or a typed phrase (platform-only), then tombstone + free creds.
|
||||||
|
u.POST("/delete/request", s.handleRequestDelete)
|
||||||
|
u.POST("/delete/confirm", s.handleConfirmDelete)
|
||||||
}
|
}
|
||||||
if s.games != nil {
|
if s.games != nil {
|
||||||
u.GET("/games", s.handleListGames)
|
u.GET("/games", s.handleListGames)
|
||||||
@@ -86,9 +100,17 @@ func (s *Server) registerRoutes() {
|
|||||||
u.POST("/games/:id/complaint", s.handleComplaint)
|
u.POST("/games/:id/complaint", s.handleComplaint)
|
||||||
u.GET("/games/:id/history", s.handleHistory)
|
u.GET("/games/:id/history", s.handleHistory)
|
||||||
u.GET("/games/:id/gcg", s.handleExportGCG)
|
u.GET("/games/:id/gcg", s.handleExportGCG)
|
||||||
|
u.GET("/games/:id/export-url", s.handleExportURL)
|
||||||
u.GET("/games/:id/draft", s.handleGetDraft)
|
u.GET("/games/:id/draft", s.handleGetDraft)
|
||||||
u.PUT("/games/:id/draft", s.handleSaveDraft)
|
u.PUT("/games/:id/draft", s.handleSaveDraft)
|
||||||
u.POST("/games/:id/hide", s.handleHideGame)
|
u.POST("/games/:id/hide", s.handleHideGame)
|
||||||
|
// Raw dictionary download for the client-side local move preview, keyed by
|
||||||
|
// the game's pinned (variant, version); immutable, so cached hard.
|
||||||
|
u.GET("/dict/:variant/:version", s.handleDictBytes)
|
||||||
|
// The signed finished-game export download — the only public data route:
|
||||||
|
// the URL's HMAC + expiry are the whole grant (export.go), because the
|
||||||
|
// platforms' native download calls carry no credentials.
|
||||||
|
s.public.GET("/dl/:id/:kind", s.handleExportDownload)
|
||||||
}
|
}
|
||||||
if s.feedback != nil {
|
if s.feedback != nil {
|
||||||
u.POST("/feedback", s.handleFeedbackSubmit)
|
u.POST("/feedback", s.handleFeedbackSubmit)
|
||||||
@@ -221,6 +243,8 @@ func statusForError(err error) (int, string) {
|
|||||||
return http.StatusUnprocessableEntity, "illegal_play"
|
return http.StatusUnprocessableEntity, "illegal_play"
|
||||||
case errors.Is(err, account.ErrEmailTaken), errors.Is(err, account.ErrIdentityTaken):
|
case errors.Is(err, account.ErrEmailTaken), errors.Is(err, account.ErrIdentityTaken):
|
||||||
return http.StatusConflict, "email_taken"
|
return http.StatusConflict, "email_taken"
|
||||||
|
case errors.Is(err, account.ErrLastIdentity):
|
||||||
|
return http.StatusConflict, "last_identity"
|
||||||
case errors.Is(err, accountmerge.ErrActiveGameConflict):
|
case errors.Is(err, accountmerge.ErrActiveGameConflict):
|
||||||
return http.StatusConflict, "merge_active_game_conflict"
|
return http.StatusConflict, "merge_active_game_conflict"
|
||||||
case errors.Is(err, account.ErrInvalidEmail):
|
case errors.Is(err, account.ErrInvalidEmail):
|
||||||
@@ -228,6 +252,8 @@ func statusForError(err error) (int, string) {
|
|||||||
case errors.Is(err, account.ErrCodeMismatch), errors.Is(err, account.ErrCodeExpired),
|
case errors.Is(err, account.ErrCodeMismatch), errors.Is(err, account.ErrCodeExpired),
|
||||||
errors.Is(err, account.ErrNoPendingCode), errors.Is(err, account.ErrTooManyAttempts):
|
errors.Is(err, account.ErrNoPendingCode), errors.Is(err, account.ErrTooManyAttempts):
|
||||||
return http.StatusUnauthorized, "code_invalid"
|
return http.StatusUnauthorized, "code_invalid"
|
||||||
|
case errors.Is(err, account.ErrTooManyRequests):
|
||||||
|
return http.StatusTooManyRequests, "too_many_requests"
|
||||||
case errors.Is(err, session.ErrNotFound):
|
case errors.Is(err, session.ErrNotFound):
|
||||||
return http.StatusUnauthorized, "session_invalid"
|
return http.StatusUnauthorized, "session_invalid"
|
||||||
case errors.Is(err, social.ErrChatBlocked), errors.Is(err, social.ErrMessageTooLong),
|
case errors.Is(err, social.ErrChatBlocked), errors.Is(err, social.ErrMessageTooLong),
|
||||||
|
|||||||
@@ -61,6 +61,8 @@ func (s *Server) registerConsole(router *gin.Engine) {
|
|||||||
gm.POST("/users/:id/unblock", s.consoleUnblockUser)
|
gm.POST("/users/:id/unblock", s.consoleUnblockUser)
|
||||||
gm.POST("/users/:id/grant-role", s.consoleGrantRole)
|
gm.POST("/users/:id/grant-role", s.consoleGrantRole)
|
||||||
gm.POST("/users/:id/revoke-role", s.consoleRevokeRole)
|
gm.POST("/users/:id/revoke-role", s.consoleRevokeRole)
|
||||||
|
gm.POST("/users/:id/remove-email", s.consoleRemoveEmail)
|
||||||
|
gm.POST("/users/:id/delete", s.consoleDeleteUser)
|
||||||
gm.GET("/reasons", s.consoleReasons)
|
gm.GET("/reasons", s.consoleReasons)
|
||||||
gm.POST("/reasons", s.consoleCreateReason)
|
gm.POST("/reasons", s.consoleCreateReason)
|
||||||
gm.POST("/reasons/:id/update", s.consoleUpdateReason)
|
gm.POST("/reasons/:id/update", s.consoleUpdateReason)
|
||||||
@@ -132,8 +134,10 @@ func (s *Server) consoleUsers(c *gin.Context) {
|
|||||||
page := consolePage(c)
|
page := consolePage(c)
|
||||||
filter := account.UserFilter{
|
filter := account.UserFilter{
|
||||||
Robots: c.Query("kind") == "robots",
|
Robots: c.Query("kind") == "robots",
|
||||||
|
Deleted: c.Query("kind") == "deleted",
|
||||||
NameMask: c.Query("name"),
|
NameMask: c.Query("name"),
|
||||||
ExternalIDMask: c.Query("ext"),
|
ExternalIDMask: c.Query("ext"),
|
||||||
|
EmailExact: c.Query("email"),
|
||||||
}
|
}
|
||||||
total, _ := s.accounts.CountUsers(ctx, filter)
|
total, _ := s.accounts.CountUsers(ctx, filter)
|
||||||
items, err := s.accounts.ListUsers(ctx, filter, adminPageSize, (page-1)*adminPageSize)
|
items, err := s.accounts.ListUsers(ctx, filter, adminPageSize, (page-1)*adminPageSize)
|
||||||
@@ -145,28 +149,38 @@ func (s *Server) consoleUsers(c *gin.Context) {
|
|||||||
if filter.Robots {
|
if filter.Robots {
|
||||||
q.Set("kind", "robots")
|
q.Set("kind", "robots")
|
||||||
}
|
}
|
||||||
|
if filter.Deleted {
|
||||||
|
q.Set("kind", "deleted")
|
||||||
|
}
|
||||||
if strings.TrimSpace(filter.NameMask) != "" {
|
if strings.TrimSpace(filter.NameMask) != "" {
|
||||||
q.Set("name", filter.NameMask)
|
q.Set("name", filter.NameMask)
|
||||||
}
|
}
|
||||||
if strings.TrimSpace(filter.ExternalIDMask) != "" {
|
if strings.TrimSpace(filter.ExternalIDMask) != "" {
|
||||||
q.Set("ext", filter.ExternalIDMask)
|
q.Set("ext", filter.ExternalIDMask)
|
||||||
}
|
}
|
||||||
|
if strings.TrimSpace(filter.EmailExact) != "" {
|
||||||
|
q.Set("email", filter.EmailExact)
|
||||||
|
}
|
||||||
view := adminconsole.UsersView{
|
view := adminconsole.UsersView{
|
||||||
Pager: adminconsole.NewPager(page, adminPageSize, total),
|
Pager: adminconsole.NewPager(page, adminPageSize, total),
|
||||||
Robots: filter.Robots, NameMask: filter.NameMask, ExternalIDMask: filter.ExternalIDMask,
|
Robots: filter.Robots, Deleted: filter.Deleted, NameMask: filter.NameMask, ExternalIDMask: filter.ExternalIDMask,
|
||||||
|
EmailExact: filter.EmailExact,
|
||||||
FilterQuery: template.URL(q.Encode()),
|
FilterQuery: template.URL(q.Encode()),
|
||||||
}
|
}
|
||||||
ids := make([]uuid.UUID, 0, len(items))
|
ids := make([]uuid.UUID, 0, len(items))
|
||||||
for _, it := range items {
|
for _, it := range items {
|
||||||
kind := "registered"
|
kind := "registered"
|
||||||
if it.IsRobot {
|
switch {
|
||||||
|
case it.IsRobot:
|
||||||
kind = "robot"
|
kind = "robot"
|
||||||
} else if it.IsGuest {
|
case it.IsDeleted:
|
||||||
|
kind = "deleted"
|
||||||
|
case it.IsGuest:
|
||||||
kind = "guest"
|
kind = "guest"
|
||||||
}
|
}
|
||||||
view.Items = append(view.Items, adminconsole.UserRow{
|
view.Items = append(view.Items, adminconsole.UserRow{
|
||||||
ID: it.ID.String(), DisplayName: it.DisplayName, Kind: kind,
|
ID: it.ID.String(), DisplayName: it.DisplayName, Kind: kind,
|
||||||
Language: it.PreferredLanguage, Guest: it.IsGuest,
|
Language: it.PreferredLanguage, Guest: it.IsGuest, Deleted: it.IsDeleted,
|
||||||
FlaggedHighRate: !it.FlaggedHighRateAt.IsZero(), CreatedAt: fmtTime(it.CreatedAt),
|
FlaggedHighRate: !it.FlaggedHighRateAt.IsZero(), CreatedAt: fmtTime(it.CreatedAt),
|
||||||
})
|
})
|
||||||
ids = append(ids, it.ID)
|
ids = append(ids, it.ID)
|
||||||
@@ -356,12 +370,37 @@ func (s *Server) consoleUserDetail(c *gin.Context) {
|
|||||||
}
|
}
|
||||||
if ids, err := s.accounts.Identities(ctx, id); err == nil {
|
if ids, err := s.accounts.Identities(ctx, id); err == nil {
|
||||||
for _, idn := range ids {
|
for _, idn := range ids {
|
||||||
|
if idn.Kind == account.KindEmail {
|
||||||
|
view.HasEmail = true
|
||||||
|
}
|
||||||
view.Identities = append(view.Identities, adminconsole.IdentityRow{Kind: idn.Kind, ExternalID: idn.ExternalID, Confirmed: idn.Confirmed, CreatedAt: fmtTime(idn.CreatedAt)})
|
view.Identities = append(view.Identities, adminconsole.IdentityRow{Kind: idn.Kind, ExternalID: idn.ExternalID, Confirmed: idn.Confirmed, CreatedAt: fmtTime(idn.CreatedAt)})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if info, err := s.accounts.DeletionInfo(ctx, id); err == nil {
|
||||||
|
if info.LastLoginAt != nil {
|
||||||
|
view.LastLoginAt = fmtTime(*info.LastLoginAt)
|
||||||
|
}
|
||||||
|
view.LastLoginIP = info.LastLoginIP
|
||||||
|
if info.DeletedAt != nil {
|
||||||
|
view.Deleted = true
|
||||||
|
view.DeletedAt = fmtTime(*info.DeletedAt)
|
||||||
|
view.DeletedName = info.DeletedDisplayName
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if rets, err := s.accounts.RetainedIdentities(ctx, id); err == nil {
|
||||||
|
for _, r := range rets {
|
||||||
|
view.Retained = append(view.Retained, adminconsole.RetainedRow{
|
||||||
|
Kind: r.Kind, ExternalID: r.ExternalID, Reason: r.Reason,
|
||||||
|
Confirmed: r.Confirmed, LinkedAt: fmtTime(r.LinkedAt), DetachedAt: fmtTime(r.DetachedAt),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
if tg, err := s.accounts.IdentityExternalID(ctx, id, account.KindTelegram); err == nil {
|
if tg, err := s.accounts.IdentityExternalID(ctx, id, account.KindTelegram); err == nil {
|
||||||
view.TelegramID = tg
|
view.TelegramID = tg
|
||||||
}
|
}
|
||||||
|
if vk, err := s.accounts.IdentityExternalID(ctx, id, account.KindVK); err == nil {
|
||||||
|
view.VKID = vk
|
||||||
|
}
|
||||||
if games, err := s.games.ListForAccount(ctx, id); err == nil {
|
if games, err := s.games.ListForAccount(ctx, id); err == nil {
|
||||||
for _, g := range games {
|
for _, g := range games {
|
||||||
view.Games = append(view.Games, gameRow(g))
|
view.Games = append(view.Games, gameRow(g))
|
||||||
@@ -948,6 +987,41 @@ func (s *Server) consoleGrantHints(c *gin.Context) {
|
|||||||
s.renderConsoleMessage(c, "Granted", fmt.Sprintf("added %d hint(s); the wallet is now %d", n, balance), back)
|
s.renderConsoleMessage(c, "Granted", fmt.Sprintf("added %d hint(s); the wallet is now %d", n, balance), back)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// consoleRemoveEmail deletes the account's bound email identity (and any pending
|
||||||
|
// confirmations), freeing the address. It refuses to remove the account's only
|
||||||
|
// identity, which would leave it unreachable.
|
||||||
|
func (s *Server) consoleRemoveEmail(c *gin.Context) {
|
||||||
|
id, ok := s.consoleUUID(c, "/_gm/users")
|
||||||
|
if !ok {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
back := "/_gm/users/" + id.String()
|
||||||
|
switch err := s.accounts.RemoveEmailIdentity(c.Request.Context(), id); {
|
||||||
|
case errors.Is(err, account.ErrLastIdentity):
|
||||||
|
s.renderConsoleMessage(c, "Can't remove", "the email is this account's only identity — removing it would leave the account unreachable", back)
|
||||||
|
case err != nil:
|
||||||
|
s.consoleError(c, err)
|
||||||
|
default:
|
||||||
|
s.renderConsoleMessage(c, "Removed", "the email identity was erased and the address freed", back)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// consoleDeleteUser deletes an account from the console — the operator-initiated equivalent
|
||||||
|
// of the in-app deletion (legal retention, not erasure): the account is tombstoned, its
|
||||||
|
// credentials journalled + freed, its live surfaces anonymised, and its sessions revoked.
|
||||||
|
func (s *Server) consoleDeleteUser(c *gin.Context) {
|
||||||
|
id, ok := s.consoleUUID(c, "/_gm/users")
|
||||||
|
if !ok {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
back := "/_gm/users/" + id.String()
|
||||||
|
if err := s.deleteAccount(c.Request.Context(), id); err != nil {
|
||||||
|
s.consoleError(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
s.renderConsoleMessage(c, "Deleted", "the account was deleted: its credentials were journalled and freed, its data anonymised, and its sessions revoked", back)
|
||||||
|
}
|
||||||
|
|
||||||
// consoleBlockUser manually blocks an account: it records the suspension (permanent or until a
|
// consoleBlockUser manually blocks an account: it records the suspension (permanent or until a
|
||||||
// parsed deadline, snapshotting the chosen reason's en/ru text) and forfeits the player's active
|
// parsed deadline, snapshotting the chosen reason's en/ru text) and forfeits the player's active
|
||||||
// games, removing them from matchmaking. The block takes effect on the player's next request.
|
// games, removing them from matchmaking. The block takes effect on the player's next request.
|
||||||
@@ -1198,6 +1272,17 @@ func fmtTime(t time.Time) string {
|
|||||||
return t.UTC().Format("2006-01-02 15:04")
|
return t.UTC().Format("2006-01-02 15:04")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// fmtTimeIn formats a timestamp in the given zone — a "±HH:MM" offset or an IANA name, resolved
|
||||||
|
// by account.ResolveZone (falling back to UTC when empty or unknown) — or "" when zero. Used to
|
||||||
|
// show a time in a user's local zone beside UTC; the offset form is what the profile editor and
|
||||||
|
// the feedback browser-tz snapshot store, so it must not go through time.LoadLocation alone.
|
||||||
|
func fmtTimeIn(t time.Time, tz string) string {
|
||||||
|
if t.IsZero() {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return t.In(account.ResolveZone(tz)).Format("2006-01-02 15:04")
|
||||||
|
}
|
||||||
|
|
||||||
// fmtTimePtr formats an optional timestamp for display, or "" when nil.
|
// fmtTimePtr formats an optional timestamp for display, or "" when nil.
|
||||||
func fmtTimePtr(t *time.Time) string {
|
func fmtTimePtr(t *time.Time) string {
|
||||||
if t == nil {
|
if t == nil {
|
||||||
|
|||||||
@@ -77,6 +77,17 @@ func (s *Server) consoleFeedbackDetail(c *gin.Context) {
|
|||||||
s.consoleError(c, err)
|
s.consoleError(c, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// Filed time in three zones so the operator can tell what is certainly known from what is
|
||||||
|
// merely defaulted: always UTC; the client's offset detected at submit (when the build
|
||||||
|
// reported one); and the sender's saved profile zone (when set beyond the UTC default). An
|
||||||
|
// empty rendered time makes the template show "N/A" for that line.
|
||||||
|
browserCreated, userCreated := "", ""
|
||||||
|
if m.BrowserTZ != "" {
|
||||||
|
browserCreated = fmtTimeIn(m.CreatedAt, m.BrowserTZ)
|
||||||
|
}
|
||||||
|
if m.TimeZone != "" && m.TimeZone != "UTC" {
|
||||||
|
userCreated = fmtTimeIn(m.CreatedAt, m.TimeZone)
|
||||||
|
}
|
||||||
view := adminconsole.FeedbackDetailView{
|
view := adminconsole.FeedbackDetailView{
|
||||||
ID: m.ID.String(), AccountID: m.AccountID.String(), SenderName: m.SenderName,
|
ID: m.ID.String(), AccountID: m.AccountID.String(), SenderName: m.SenderName,
|
||||||
Source: m.Source, Channel: m.Channel, InterfaceLanguage: m.Lang,
|
Source: m.Source, Channel: m.Channel, InterfaceLanguage: m.Lang,
|
||||||
@@ -84,6 +95,9 @@ func (s *Server) consoleFeedbackDetail(c *gin.Context) {
|
|||||||
HasAttachment: m.HasAttachment, AttachmentName: m.AttachmentName, IsImage: feedback.IsImage(m.AttachmentName),
|
HasAttachment: m.HasAttachment, AttachmentName: m.AttachmentName, IsImage: feedback.IsImage(m.AttachmentName),
|
||||||
Read: m.Read, Archived: m.Archived, Replied: m.Replied, ReplyBody: m.ReplyBody,
|
Read: m.Read, Archived: m.Archived, Replied: m.Replied, ReplyBody: m.ReplyBody,
|
||||||
RepliedAt: fmtTime(m.RepliedAt), CreatedAt: fmtTime(m.CreatedAt),
|
RepliedAt: fmtTime(m.RepliedAt), CreatedAt: fmtTime(m.CreatedAt),
|
||||||
|
Version: m.Version,
|
||||||
|
CreatedAtBrowser: browserCreated, BrowserTZ: m.BrowserTZ,
|
||||||
|
CreatedAtUser: userCreated, UserTZ: m.TimeZone,
|
||||||
}
|
}
|
||||||
if banned, err := s.accounts.HasRole(ctx, m.AccountID, account.RoleFeedbackBanned); err == nil {
|
if banned, err := s.accounts.HasRole(ctx, m.AccountID, account.RoleFeedbackBanned); err == nil {
|
||||||
view.Banned = banned
|
view.Banned = banned
|
||||||
|
|||||||
@@ -6,8 +6,10 @@ import (
|
|||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
"scrabble/backend/internal/account"
|
"scrabble/backend/internal/account"
|
||||||
|
"scrabble/backend/internal/notify"
|
||||||
)
|
)
|
||||||
|
|
||||||
// The /api/v1/internal/sessions/* endpoints are gateway-only: the gateway has
|
// The /api/v1/internal/sessions/* endpoints are gateway-only: the gateway has
|
||||||
@@ -18,12 +20,17 @@ import (
|
|||||||
|
|
||||||
// telegramAuthRequest carries the identity the connector extracted from a
|
// telegramAuthRequest carries the identity the connector extracted from a
|
||||||
// validated initData payload. Username, FirstName and LanguageCode seed a
|
// validated initData payload. Username, FirstName and LanguageCode seed a
|
||||||
// brand-new account's display name and language (first contact only).
|
// brand-new account's display name and language; BrowserTZ (the client's detected
|
||||||
|
// "±HH:MM" UTC offset) seeds its time zone; StartParam is the validated launch
|
||||||
|
// deep-link payload, which may seed the new account's variant preferences (first
|
||||||
|
// contact only).
|
||||||
type telegramAuthRequest struct {
|
type telegramAuthRequest struct {
|
||||||
ExternalID string `json:"external_id"`
|
ExternalID string `json:"external_id"`
|
||||||
Username string `json:"username"`
|
Username string `json:"username"`
|
||||||
FirstName string `json:"first_name"`
|
FirstName string `json:"first_name"`
|
||||||
LanguageCode string `json:"language_code"`
|
LanguageCode string `json:"language_code"`
|
||||||
|
BrowserTZ string `json:"browser_tz"`
|
||||||
|
StartParam string `json:"start_param"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// handleTelegramAuth provisions (or finds) the account bound to a Telegram
|
// handleTelegramAuth provisions (or finds) the account bound to a Telegram
|
||||||
@@ -35,7 +42,7 @@ func (s *Server) handleTelegramAuth(c *gin.Context) {
|
|||||||
abortBadRequest(c, "external_id is required")
|
abortBadRequest(c, "external_id is required")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
acc, created, err := s.accounts.ProvisionTelegram(c.Request.Context(), req.ExternalID, req.LanguageCode, req.Username, req.FirstName)
|
acc, created, err := s.accounts.ProvisionTelegram(c.Request.Context(), req.ExternalID, req.LanguageCode, req.Username, req.FirstName, req.BrowserTZ)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.abortErr(c, err)
|
s.abortErr(c, err)
|
||||||
return
|
return
|
||||||
@@ -45,6 +52,47 @@ func (s *Server) handleTelegramAuth(c *gin.Context) {
|
|||||||
// joined the chat before registering is granted on the spot (no chat_member
|
// joined the chat before registering is granted on the spot (no chat_member
|
||||||
// event fires on registration).
|
// event fires on registration).
|
||||||
s.publishChatAccessChange(acc.ID)
|
s.publishChatAccessChange(acc.ID)
|
||||||
|
// A promo deep-link may seed this brand-new account's variant preferences (e.g.
|
||||||
|
// English Scrabble alongside the default Erudit). Best-effort: an absent or
|
||||||
|
// malformed payload leaves the account on its defaults, and a write failure must
|
||||||
|
// not block the session mint.
|
||||||
|
if seed := account.SeedVariantsFromStartParam(req.StartParam); len(seed) > 0 {
|
||||||
|
if _, err := s.accounts.SetVariantPreferences(c.Request.Context(), acc.ID, seed); err != nil {
|
||||||
|
s.log.Warn("telegram: seed variant preferences failed",
|
||||||
|
zap.String("account", acc.ID.String()), zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
s.mintSession(c, acc)
|
||||||
|
}
|
||||||
|
|
||||||
|
// vkAuthRequest carries the identity the gateway extracted from verified VK launch
|
||||||
|
// params. LanguageCode (vk_language) and DisplayName (read client-side via
|
||||||
|
// VKWebAppGetUserInfo, since VK omits the name from the signed params) seed a brand-new
|
||||||
|
// account's language and display name; BrowserTZ (the client's detected "±HH:MM" UTC
|
||||||
|
// offset) seeds its time zone. All seeds apply on first contact only.
|
||||||
|
type vkAuthRequest struct {
|
||||||
|
ExternalID string `json:"external_id"`
|
||||||
|
LanguageCode string `json:"language_code"`
|
||||||
|
DisplayName string `json:"display_name"`
|
||||||
|
BrowserTZ string `json:"browser_tz"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleVKAuth provisions (or finds) the account bound to a VK identity and mints a
|
||||||
|
// session for it, seeding a new account's language and display name from the supplied VK
|
||||||
|
// fields (first contact only). Unlike Telegram there is no moderated-chat re-evaluation
|
||||||
|
// or deep-link variant seed: a fresh VK account has no Telegram chat eligibility and the
|
||||||
|
// MVP carries no launch deep link.
|
||||||
|
func (s *Server) handleVKAuth(c *gin.Context) {
|
||||||
|
var req vkAuthRequest
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil || req.ExternalID == "" {
|
||||||
|
abortBadRequest(c, "external_id is required")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
acc, _, err := s.accounts.ProvisionVK(c.Request.Context(), req.ExternalID, req.LanguageCode, req.DisplayName, req.BrowserTZ)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
s.mintSession(c, acc)
|
s.mintSession(c, acc)
|
||||||
}
|
}
|
||||||
@@ -97,9 +145,21 @@ func (s *Server) handlePushTarget(c *gin.Context) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// handleGuestAuth provisions a fresh ephemeral guest account and mints a session.
|
// guestAuthRequest carries the guest bootstrap's optional time-zone seed: BrowserTZ
|
||||||
|
// (the client's detected "±HH:MM" UTC offset) is written to the new guest account's
|
||||||
|
// time zone, so robot timing is anchored to the player's zone from the first game.
|
||||||
|
type guestAuthRequest struct {
|
||||||
|
BrowserTZ string `json:"browser_tz"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleGuestAuth provisions a fresh ephemeral guest account and mints a session,
|
||||||
|
// seeding its time zone from the optional detected browser offset.
|
||||||
func (s *Server) handleGuestAuth(c *gin.Context) {
|
func (s *Server) handleGuestAuth(c *gin.Context) {
|
||||||
acc, err := s.accounts.ProvisionGuest(c.Request.Context())
|
// The body is optional: an absent or malformed one simply yields no time-zone seed
|
||||||
|
// (the account keeps the UTC default), so a bind error must not fail the bootstrap.
|
||||||
|
var req guestAuthRequest
|
||||||
|
_ = c.ShouldBindJSON(&req)
|
||||||
|
acc, err := s.accounts.ProvisionGuest(c.Request.Context(), req.BrowserTZ)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.abortErr(c, err)
|
s.abortErr(c, err)
|
||||||
return
|
return
|
||||||
@@ -107,9 +167,13 @@ func (s *Server) handleGuestAuth(c *gin.Context) {
|
|||||||
s.mintSession(c, acc)
|
s.mintSession(c, acc)
|
||||||
}
|
}
|
||||||
|
|
||||||
// emailRequest is an email-login code request.
|
// emailRequest is an email-login code request. BrowserTZ (the client's detected
|
||||||
|
// "±HH:MM" UTC offset) seeds the time zone of an account provisioned here on first
|
||||||
|
// contact (the email account is created at the request step, not at login).
|
||||||
type emailRequest struct {
|
type emailRequest struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
|
BrowserTZ string `json:"browser_tz"`
|
||||||
|
Language string `json:"language"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// handleEmailRequest issues a login confirm-code to the email. It always reports
|
// handleEmailRequest issues a login confirm-code to the email. It always reports
|
||||||
@@ -121,7 +185,7 @@ func (s *Server) handleEmailRequest(c *gin.Context) {
|
|||||||
abortBadRequest(c, "email is required")
|
abortBadRequest(c, "email is required")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if _, err := s.emails.RequestLoginCode(c.Request.Context(), req.Email); err != nil {
|
if _, err := s.emails.RequestLoginCode(c.Request.Context(), req.Email, req.BrowserTZ, req.Language); err != nil {
|
||||||
s.abortErr(c, err)
|
s.abortErr(c, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -149,6 +213,56 @@ func (s *Server) handleEmailLogin(c *gin.Context) {
|
|||||||
s.mintSession(c, acc)
|
s.mintSession(c, acc)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// confirmLinkResponse is the outcome of a one-tap deeplink confirmation. For a login,
|
||||||
|
// Session carries the freshly minted credential (the deeplink page signs in with it);
|
||||||
|
// for a link, Status is "confirmed" or "merge_required" (the app completes the merge).
|
||||||
|
type confirmLinkResponse struct {
|
||||||
|
Purpose string `json:"purpose"`
|
||||||
|
Status string `json:"status"`
|
||||||
|
Session *sessionResponse `json:"session,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleEmailConfirmLink verifies a one-tap deeplink token. A login mints a session
|
||||||
|
// (the deeplink page signs in with it); a link attaches the confirmed email, reporting
|
||||||
|
// "merge_required" when the address is owned by another account so the app drives the
|
||||||
|
// interactive merge. The token, not a request session, is the authorization — the page
|
||||||
|
// need not be signed in.
|
||||||
|
func (s *Server) handleEmailConfirmLink(c *gin.Context) {
|
||||||
|
var req tokenRequest
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil || req.Token == "" {
|
||||||
|
abortBadRequest(c, "token is required")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
res, err := s.emails.ConfirmByToken(c.Request.Context(), req.Token)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if res.IsLogin() {
|
||||||
|
acc, err := s.accounts.GetByID(c.Request.Context(), res.Account)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
token, _, err := s.sessions.Create(c.Request.Context(), acc.ID)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
sess := sessionResponseFor(token, acc)
|
||||||
|
c.JSON(http.StatusOK, confirmLinkResponse{Purpose: "login", Status: "confirmed", Session: &sess})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if res.NeedsMerge {
|
||||||
|
c.JSON(http.StatusOK, confirmLinkResponse{Purpose: "link", Status: "merge_required"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// A free link attached the email; nudge the account's in-app session(s) to re-fetch
|
||||||
|
// the profile, so a link confirmed in another browser reflects at once.
|
||||||
|
s.notifier.Publish(notify.ProfileChanged(res.Account))
|
||||||
|
c.JSON(http.StatusOK, confirmLinkResponse{Purpose: "link", Status: "confirmed"})
|
||||||
|
}
|
||||||
|
|
||||||
// tokenRequest carries an opaque session token.
|
// tokenRequest carries an opaque session token.
|
||||||
type tokenRequest struct {
|
type tokenRequest struct {
|
||||||
Token string `json:"token"`
|
Token string `json:"token"`
|
||||||
|
|||||||
@@ -0,0 +1,131 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/accountdelete"
|
||||||
|
"scrabble/backend/internal/game"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Account deletion is legal retention, not erasure (docs/ARCHITECTURE.md §9.1): the account
|
||||||
|
// row survives as a tombstone while its credentials are journalled + freed, its live
|
||||||
|
// surfaces anonymised, and its own social/ephemeral data dropped. Messages are kept. The
|
||||||
|
// step-up is a mailed code for an account with a confirmed email, or a typed phrase for a
|
||||||
|
// platform-only account (possession-proof is unattainable there, so the phrase is
|
||||||
|
// anti-impulse only).
|
||||||
|
|
||||||
|
// deletePhrase is the fixed confirmation phrase a no-email account types to delete.
|
||||||
|
// Compared case-insensitively; the client localises only the surrounding instruction.
|
||||||
|
const deletePhrase = "DELETE"
|
||||||
|
|
||||||
|
// deleteRequestResponse tells the client which step-up the account uses.
|
||||||
|
type deleteRequestResponse struct {
|
||||||
|
Method string `json:"method"` // "email" | "phrase"
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleRequestDelete starts account deletion: it mails a delete code to an account with a
|
||||||
|
// confirmed email, or reports the typed-phrase path otherwise.
|
||||||
|
func (s *Server) handleRequestDelete(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx := c.Request.Context()
|
||||||
|
hasEmail, err := s.emails.HasEmail(ctx, uid)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if !hasEmail {
|
||||||
|
c.JSON(http.StatusOK, deleteRequestResponse{Method: "phrase"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := s.emails.RequestDeleteCode(ctx, uid); err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.JSON(http.StatusOK, deleteRequestResponse{Method: "email"})
|
||||||
|
}
|
||||||
|
|
||||||
|
// deleteConfirmBody carries the step-up proof: a mailed code (email account) or the typed
|
||||||
|
// phrase (platform-only account).
|
||||||
|
type deleteConfirmBody struct {
|
||||||
|
Code string `json:"code"`
|
||||||
|
Phrase string `json:"phrase"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleConfirmDelete verifies the step-up and deletes the account.
|
||||||
|
func (s *Server) handleConfirmDelete(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var req deleteConfirmBody
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil {
|
||||||
|
abortBadRequest(c, "invalid request body")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx := c.Request.Context()
|
||||||
|
hasEmail, err := s.emails.HasEmail(ctx, uid)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if hasEmail {
|
||||||
|
if err := s.emails.VerifyDeleteCode(ctx, uid, req.Code); err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} else if !strings.EqualFold(strings.TrimSpace(req.Phrase), deletePhrase) {
|
||||||
|
abortBadRequest(c, "confirmation phrase does not match")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := s.deleteAccount(ctx, uid); err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.JSON(http.StatusOK, okResponse{OK: true})
|
||||||
|
}
|
||||||
|
|
||||||
|
// deleteAccount runs the deletion orchestration after the step-up passed: it resigns the
|
||||||
|
// account's active games (so opponents are not stranded and robot games end cleanly),
|
||||||
|
// drops its all-robot games, tombstones + anonymises the account (journalling and freeing
|
||||||
|
// its credentials), and revokes its sessions. The tombstone is the point of no return —
|
||||||
|
// its failure aborts; the game cleanup and session revocation around it are best-effort.
|
||||||
|
func (s *Server) deleteAccount(ctx context.Context, uid uuid.UUID) error {
|
||||||
|
deleter := accountdelete.NewDeleter(s.db)
|
||||||
|
if s.games != nil {
|
||||||
|
if games, err := s.games.ListForAccount(ctx, uid); err == nil {
|
||||||
|
for _, g := range games {
|
||||||
|
if g.Status != game.StatusActive {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if _, err := s.games.Resign(ctx, g.ID, uid); err != nil {
|
||||||
|
s.log.Warn("delete: resign game failed", zap.String("game", g.ID.String()), zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
s.log.Warn("delete: list games failed", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if _, err := deleter.DropAllRobotGames(ctx, uid); err != nil {
|
||||||
|
s.log.Warn("delete: drop all-robot games failed", zap.Error(err))
|
||||||
|
}
|
||||||
|
if err := deleter.AnonymizeAndTombstone(ctx, uid); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if s.sessions != nil {
|
||||||
|
if err := s.sessions.RevokeAllForAccount(ctx, uid); err != nil {
|
||||||
|
s.log.Warn("delete: revoke sessions failed", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/engine"
|
||||||
|
)
|
||||||
|
|
||||||
|
// handleDictBytes streams the raw serialized dictionary for a (variant, version)
|
||||||
|
// pair so the client can validate and score moves locally — the local move
|
||||||
|
// preview — instead of a network round trip per tile arrangement. It is reached
|
||||||
|
// only through the gateway's session-gated /dict route (which resolves the
|
||||||
|
// X-User-ID this group requires), and served with a long immutable cache lifetime
|
||||||
|
// because a published dictionary version never changes. An unknown variant or a
|
||||||
|
// version that is not resident is a 404.
|
||||||
|
func (s *Server) handleDictBytes(c *gin.Context) {
|
||||||
|
variant, err := engine.ParseVariant(c.Param("variant"))
|
||||||
|
if err != nil {
|
||||||
|
c.JSON(http.StatusNotFound, gin.H{"error": "unknown variant"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
data, err := s.games.DictBytes(variant, c.Param("version"))
|
||||||
|
if err != nil {
|
||||||
|
c.JSON(http.StatusNotFound, gin.H{"error": "dictionary not found"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.Header("Cache-Control", "public, max-age=31536000, immutable")
|
||||||
|
c.Data(http.StatusOK, "application/octet-stream", data)
|
||||||
|
}
|
||||||
@@ -16,6 +16,12 @@ type feedbackSubmitRequest struct {
|
|||||||
Attachment string `json:"attachment"`
|
Attachment string `json:"attachment"`
|
||||||
AttachmentName string `json:"attachment_name"`
|
AttachmentName string `json:"attachment_name"`
|
||||||
Channel string `json:"channel"`
|
Channel string `json:"channel"`
|
||||||
|
// Version is the client's app version (pkg/version / the SPA build), snapshotted so the
|
||||||
|
// operator sees which build a report came from.
|
||||||
|
Version string `json:"version"`
|
||||||
|
// BrowserTZ is the client's detected UTC offset ("±HH:MM") at submit, so the operator can
|
||||||
|
// see the filed time in the sender's local zone even before they save a profile.
|
||||||
|
BrowserTZ string `json:"browser_tz"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// feedbackReplyDTO is the operator's reply shown back to the player.
|
// feedbackReplyDTO is the operator's reply shown back to the player.
|
||||||
@@ -61,7 +67,7 @@ func (s *Server) handleFeedbackSubmit(c *gin.Context) {
|
|||||||
}
|
}
|
||||||
attachment = data
|
attachment = data
|
||||||
}
|
}
|
||||||
if err := s.feedback.Submit(c.Request.Context(), uid, req.Body, attachment, req.AttachmentName, req.Channel, clientIP(c)); err != nil {
|
if err := s.feedback.Submit(c.Request.Context(), uid, req.Body, attachment, req.AttachmentName, req.Channel, req.Version, req.BrowserTZ, clientIP(c)); err != nil {
|
||||||
s.abortErr(c, err)
|
s.abortErr(c, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ import (
|
|||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"scrabble/backend/internal/account"
|
||||||
"scrabble/backend/internal/link"
|
"scrabble/backend/internal/link"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -33,6 +34,12 @@ type linkTelegramBody struct {
|
|||||||
ExternalID string `json:"external_id"`
|
ExternalID string `json:"external_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// linkVKBody carries a gateway-validated VK identity (the trusted vk user id the
|
||||||
|
// gateway resolved from the VK ID code exchange).
|
||||||
|
type linkVKBody struct {
|
||||||
|
ExternalID string `json:"external_id"`
|
||||||
|
}
|
||||||
|
|
||||||
// linkResultResponse is the unified result of a confirm or merge step. Status is
|
// linkResultResponse is the unified result of a confirm or merge step. Status is
|
||||||
// "linked" (bound to the caller), "merge_required" (the identity belongs to another
|
// "linked" (bound to the caller), "merge_required" (the identity belongs to another
|
||||||
// account — the secondary_* fields summarise it for the irreversible confirmation),
|
// account — the secondary_* fields summarise it for the irreversible confirmation),
|
||||||
@@ -66,6 +73,89 @@ func (s *Server) handleLinkEmailRequest(c *gin.Context) {
|
|||||||
c.JSON(http.StatusOK, okResponse{OK: true})
|
c.JSON(http.StatusOK, okResponse{OK: true})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// unlinkBody carries the provider kind to detach.
|
||||||
|
type unlinkBody struct {
|
||||||
|
Kind string `json:"kind"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleUnlink detaches a platform identity (telegram or vk) from the caller's
|
||||||
|
// account, refusing to remove the last identity (ErrLastIdentity). Email is never
|
||||||
|
// unlinked — it is replaced through the change-email flow — so an email kind is
|
||||||
|
// rejected. It returns the refreshed profile so the client updates its controls.
|
||||||
|
func (s *Server) handleUnlink(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var req unlinkBody
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil {
|
||||||
|
abortBadRequest(c, "invalid request body")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if req.Kind != account.KindTelegram && req.Kind != account.KindVK {
|
||||||
|
abortBadRequest(c, "only telegram or vk can be unlinked")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx := c.Request.Context()
|
||||||
|
if err := s.accounts.RemoveIdentity(ctx, uid, req.Kind); err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
acc, err := s.accounts.GetByID(ctx, uid)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
r := s.profileResponse(ctx, acc)
|
||||||
|
c.JSON(http.StatusOK, linkResultResponse{Status: "unlinked", Profile: &r})
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleChangeEmailRequest mails a confirm-code to a new address for an authenticated
|
||||||
|
// email change. Like the link request it never signals "taken" up front — a conflict is
|
||||||
|
// only revealed (non-disclosingly) at confirm.
|
||||||
|
func (s *Server) handleChangeEmailRequest(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var req linkEmailRequestBody
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil {
|
||||||
|
abortBadRequest(c, "invalid request body")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := s.emails.RequestChangeCode(c.Request.Context(), uid, req.Email); err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.JSON(http.StatusOK, okResponse{OK: true})
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleChangeEmailConfirm verifies the code and atomically switches the account to the
|
||||||
|
// new address, returning the refreshed profile. A new address confirmed by another
|
||||||
|
// account is refused (ErrEmailTaken → the non-disclosing message), never merged.
|
||||||
|
func (s *Server) handleChangeEmailConfirm(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var req linkEmailConfirmBody
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil {
|
||||||
|
abortBadRequest(c, "invalid request body")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx := c.Request.Context()
|
||||||
|
acc, err := s.emails.ConfirmChange(ctx, uid, req.Email, req.Code)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
r := s.profileResponse(ctx, acc)
|
||||||
|
c.JSON(http.StatusOK, linkResultResponse{Status: "changed", Profile: &r})
|
||||||
|
}
|
||||||
|
|
||||||
// handleLinkEmailConfirm verifies the code and binds a free email or reports a
|
// handleLinkEmailConfirm verifies the code and binds a free email or reports a
|
||||||
// required merge.
|
// required merge.
|
||||||
func (s *Server) handleLinkEmailConfirm(c *gin.Context) {
|
func (s *Server) handleLinkEmailConfirm(c *gin.Context) {
|
||||||
@@ -149,6 +239,48 @@ func (s *Server) handleLinkTelegramMerge(c *gin.Context) {
|
|||||||
c.JSON(http.StatusOK, s.mergeResultResponse(c, res))
|
c.JSON(http.StatusOK, s.mergeResultResponse(c, res))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// handleLinkVK attaches a gateway-validated VK identity to the caller or reports a
|
||||||
|
// required merge.
|
||||||
|
func (s *Server) handleLinkVK(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var req linkVKBody
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil || req.ExternalID == "" {
|
||||||
|
abortBadRequest(c, "missing external_id")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
res, err := s.links.ConfirmVK(c.Request.Context(), uid, req.ExternalID)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.JSON(http.StatusOK, s.confirmResultResponse(c, uid, res))
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleLinkVKMerge merges the account owning a gateway-validated VK identity into
|
||||||
|
// the caller's.
|
||||||
|
func (s *Server) handleLinkVKMerge(c *gin.Context) {
|
||||||
|
uid, ok := userID(c)
|
||||||
|
if !ok {
|
||||||
|
abortBadRequest(c, "missing identity")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var req linkVKBody
|
||||||
|
if err := c.ShouldBindJSON(&req); err != nil || req.ExternalID == "" {
|
||||||
|
abortBadRequest(c, "missing external_id")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
res, err := s.links.MergeVK(c.Request.Context(), uid, req.ExternalID)
|
||||||
|
if err != nil {
|
||||||
|
s.abortErr(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.JSON(http.StatusOK, s.mergeResultResponse(c, res))
|
||||||
|
}
|
||||||
|
|
||||||
// confirmResultResponse renders a confirm step: a merge preview (secondary summary)
|
// confirmResultResponse renders a confirm step: a merge preview (secondary summary)
|
||||||
// or a completed link (the active account's refreshed profile).
|
// or a completed link (the active account's refreshed profile).
|
||||||
func (s *Server) confirmResultResponse(c *gin.Context, activeID uuid.UUID, res link.ConfirmResult) linkResultResponse {
|
func (s *Server) confirmResultResponse(c *gin.Context, activeID uuid.UUID, res link.ConfirmResult) linkResultResponse {
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user