feat(vk): launch diagnostic on a direct /vk/ open instead of a guest #256
Reference in New Issue
Block a user
Delete Branch "feature/vk-launch-diagnostic"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
Opening the dedicated
/vk/entry directly in an ordinary browser (no signed VK launch) fell through to the web flow and silently started a throwaway guest — wrong for a VK-only entry. The/telegram/entry already shows a shareable launch-diagnostic screen in the equivalent situation; this brings/vk/to parity.What changed
onVKPath() && !insideVK()setsapp.launchErrorand returns, stopping the fall-through to guest/login. Mirrors the/telegram/diagnostic guard.signvalue — auth material), whether the URL was signed,vk_platform, the iframe / referrer context, plus the shared client-environment lines. VK signs the launch URL at load, so its parameters never arrive late — hence the VK screen offers Share only, no Retry (a Retry could not recover them).TelegramLaunchError.svelte→LaunchError.svelte, rendering a neutral pre-formatted report + a per-platform title, with Retry gated on aretryflag (Telegramtrue, VKfalse).app.launchErroris now a neutralLaunchDiag { platform, report, retry }.lib/launchdiag.ts— the shared pieces both platforms reuse: theLaunchDiagshape, the client-environment lines, and the query field-name reader (moved out oftelegram.tsso VK doesn't duplicate them).Privacy
The report carries only presence / identification signals and field names, never the signed launch data (
sign/ initData) itself, nor an IP — same guarantee as the Telegram diagnostic. A unit test asserts thesignvalue never leaks into the report.Tests
vk.test.ts: purevkDiagLinesunits (unsigned browser open, signed launch, and thesign-value-never-leaks guard) + avkLaunchDiagshape test.launch.errorTitleVk(en/ru).Docs
docs/FUNCTIONAL.md(+_ru) user story anddocs/ARCHITECTURE.mdentry-path note.Verification (local)
vitest run— 622 passed / 9 skipped (+3 new).svelte-check— 0 errors / 0 warnings.vite build— clean./vk/in a plain browser now shows the diagnostic instead of a guest.Opening the dedicated /vk/ entry directly in an ordinary browser (no signed VK launch) fell through to the web flow and silently started a throwaway guest, which is wrong for a VK-only entry. Mirror the existing /telegram/ launch-error behaviour: render a compact, shareable, privacy-safe diagnostic screen instead. - Boot: a new branch `onVKPath() && !insideVK()` sets app.launchError and stops the fall-through, the VK counterpart of the /telegram/ diagnostic guard. - Diagnostic (passive, no VK Bridge round-trip): reads the URL launch-parameter NAMES (never the `sign` value — auth material), whether the URL was signed, `vk_platform`, the iframe/referrer context, plus the shared client-environment lines. VK signs the launch URL at load, so — unlike Telegram's initData — the parameters never arrive late; hence the VK screen offers Share only, no Retry. - Generalise the screen: TelegramLaunchError.svelte -> LaunchError.svelte, which renders a neutral pre-formatted report and a per-platform title, with Retry gated on a `retry` flag (Telegram true, VK false). app.launchError is now a neutral LaunchDiag { platform, report, retry }. - New lib/launchdiag.ts holds the shared pieces both platforms reuse: the LaunchDiag shape, the client-environment lines, and the query field-NAME reader (moved out of telegram.ts so VK does not duplicate them). Tests: pure vkDiagLines units, incl. a guard that the `sign` value never leaks into the report. i18n: launch.errorTitleVk (en/ru). Docs: FUNCTIONAL (+ru) user story and ARCHITECTURE entry-path note.