Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests Actions 1 Packages Projects Releases 85 Wiki Activity

Merge pull request #93: feat: unify Telegram and Discord accounts via identity linking
Deploy Telegram Bot / build-and-push (push) Successful in 5m6s
Details
Deploy Telegram Bot / scan-images (push) Successful in 1m48s
Details
Deploy Telegram Bot / deploy (push) Successful in 26s
Details

Browse Source
This commit is contained in:
Toutsu
2026-05-25 14:07:33 +03:00
parent 7a2ed808c4 9c59240f48
commit 66228cf106
11 changed files with 588 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/deploy.yml
+1 -1
View File
@@ -6,7 +6,7 @@ on:
- main - main
env: env:
VERSION: 2.8.1 VERSION: 3.0.0
jobs: jobs:
# ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами) # ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами)
Directory.Build.props
+1 -1
View File
@@ -1,6 +1,6 @@
<Project> <Project>
<PropertyGroup> <PropertyGroup>
<Version>2.8.1</Version> <Version>3.0.0</Version>
<TargetFramework>net10.0</TargetFramework> <TargetFramework>net10.0</TargetFramework>
<LangVersion>preview</LangVersion> <LangVersion>preview</LangVersion>
<Nullable>enable</Nullable> <Nullable>enable</Nullable>
compose.yaml
+3 -3
View File
@@ -49,7 +49,7 @@ services:
crond -f crond -f
bot: bot:
image: git.codeanddice.ru/toutsu/gmrelay-bot:2.8.1 image: git.codeanddice.ru/toutsu/gmrelay-bot:3.0.0
restart: always restart: always
depends_on: depends_on:
db: db:
@@ -67,7 +67,7 @@ services:
retries: 3 retries: 3
discord: discord:
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:2.8.1 image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:3.0.0
restart: always restart: always
depends_on: depends_on:
db: db:
@@ -84,7 +84,7 @@ services:
retries: 3 retries: 3
web: web:
image: git.codeanddice.ru/toutsu/gmrelay-web:2.8.1 image: git.codeanddice.ru/toutsu/gmrelay-web:3.0.0
restart: always restart: always
depends_on: depends_on:
db: db:
src/GmRelay.Bot/Migrations/V020__player_identity_links.sql
+37
View File
@@ -0,0 +1,37 @@
-- =============================================================
-- V020: Player identity linking for unified multi-platform accounts
-- =============================================================
-- Scope: Allow linking multiple platform identities (Telegram, Discord)
-- to a single "primary" player account. All group/session permissions
-- resolve through the effective (primary) player id.
-- =============================================================
-- player_links: secondary player → primary player (1:1 on secondary)
CREATE TABLE player_links (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
primary_player_id UUID NOT NULL REFERENCES players(id) ON DELETE CASCADE,
secondary_player_id UUID NOT NULL UNIQUE REFERENCES players(id) ON DELETE CASCADE,
linked_at TIMESTAMPTZ NOT NULL DEFAULT now(),
linked_by_player_id UUID REFERENCES players(id) ON DELETE SET NULL,
-- Prevent self-linking at the DB level
CONSTRAINT no_self_link CHECK (primary_player_id <> secondary_player_id)
);
CREATE INDEX ix_player_links_primary_player_id
ON player_links(primary_player_id);
-- identity_audit_log: security-sensitive link/unlink actions
CREATE TABLE identity_audit_log (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
player_id UUID NOT NULL REFERENCES players(id) ON DELETE CASCADE,
action VARCHAR(50) NOT NULL, -- 'link', 'unlink', 'link_attempt_conflict'
target_platform VARCHAR(50),
target_external_user_id VARCHAR(255),
performed_at TIMESTAMPTZ NOT NULL DEFAULT now(),
performed_by_player_id UUID REFERENCES players(id) ON DELETE SET NULL
);
CREATE INDEX ix_identity_audit_log_player_id
ON identity_audit_log(player_id);
CREATE INDEX ix_identity_audit_log_performed_at
ON identity_audit_log(performed_at DESC);
src/GmRelay.Web/Components/Layout/NavMenu.razor
+8 -1
View File
@@ -34,6 +34,13 @@
</svg> </svg>
Шаблоны Шаблоны
</NavLink> </NavLink>
<NavLink class="nav-item" href="profile" @onclick="CloseMenu">
<svg class="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/>
<circle cx="12" cy="7" r="4"/>
</svg>
Профиль
</NavLink>
</div> </div>
<div class="nav-footer"> <div class="nav-footer">
@@ -66,7 +73,7 @@
</button> </button>
</form> </form>
<div class="nav-version">v2.8.1</div> <div class="nav-version">v3.0.0</div>
</div> </div>
</Authorized> </Authorized>
<NotAuthorized> <NotAuthorized>
src/GmRelay.Web/Components/Pages/Profile.razor
+156
View File
@@ -0,0 +1,156 @@
@page "/profile"
@using Microsoft.AspNetCore.Authorization
@using Microsoft.AspNetCore.Components.Authorization
@using System.Net.Http.Json
@attribute [Authorize]
@inject IHttpClientFactory HttpClientFactory
@inject NavigationManager Navigation
<PageTitle>Профиль — GM-Relay</PageTitle>
<div class="profile-container">
<h1 class="page-title">Профиль</h1>
@if (identities is null)
{
<p class="loading-text">Загрузка...</p>
}
else if (identities.Count == 0)
{
<div class="profile-card">
<p>Связанные аккаунты не найдены.</p>
</div>
}
else
{
<div class="profile-card">
<h2 class="section-title">Связанные аккаунты</h2>
<ul class="identity-list">
@foreach (var id in identities)
{
<li class="identity-item">
<div class="identity-info">
<span class="identity-platform">@id.Platform</span>
<span class="identity-name">@id.DisplayName</span>
</div>
@if (id.Platform != currentPlatform || id.ExternalUserId != currentExternalUserId)
{
<button class="btn btn-secondary btn-small"
@onclick="() => Unlink(id.Platform, id.ExternalUserId)"
disabled="@isUnlinking">
Отвязать
</button>
}
else
{
<span class="identity-badge">Текущий</span>
}
</li>
}
</ul>
</div>
}
<div class="profile-card">
<h2 class="section-title">Добавить аккаунт</h2>
@if (!HasLinkedPlatform("Discord"))
{
<a class="btn btn-primary" href="/auth/discord">
Привязать Discord
</a>
}
else
{
<p class="muted-text">Discord уже привязан.</p>
}
</div>
@if (!string.IsNullOrWhiteSpace(errorMessage))
{
<div class="alert alert-error">@errorMessage</div>
}
@if (!string.IsNullOrWhiteSpace(successMessage))
{
<div class="alert alert-success">@successMessage</div>
}
</div>
@code {
private List<LinkedIdentity>? identities;
private string? currentPlatform;
private string? currentExternalUserId;
private bool isUnlinking;
private string? errorMessage;
private string? successMessage;
[CascadingParameter]
private Task<AuthenticationState>? AuthenticationStateTask { get; set; }
protected override async Task OnInitializedAsync()
{
if (AuthenticationStateTask is not null)
{
var authState = await AuthenticationStateTask;
var user = authState.User;
if (user.TryGetPlatformIdentity(out var plat, out var extId))
{
currentPlatform = plat;
currentExternalUserId = extId;
}
}
await LoadIdentities();
}
private async Task LoadIdentities()
{
try
{
var http = HttpClientFactory.CreateClient();
http.BaseAddress = new Uri(Navigation.BaseUri);
identities = await http.GetFromJsonAsync<List<LinkedIdentity>>("api/me/identities");
}
catch (Exception ex)
{
errorMessage = $"Не удалось загрузить аккаунты: {ex.Message}";
}
}
private bool HasLinkedPlatform(string platform)
{
return identities?.Any(i => i.Platform == platform) ?? false;
}
private async Task Unlink(string platform, string externalUserId)
{
isUnlinking = true;
errorMessage = null;
successMessage = null;
try
{
var http = HttpClientFactory.CreateClient();
http.BaseAddress = new Uri(Navigation.BaseUri);
var response = await http.DeleteAsync($"api/me/identities/{Uri.EscapeDataString(platform)}/{Uri.EscapeDataString(externalUserId)}");
if (response.IsSuccessStatusCode)
{
successMessage = $"{platform} аккаунт отвязан.";
await LoadIdentities();
}
else
{
var body = await response.Content.ReadAsStringAsync();
errorMessage = $"Ошибка отвязки: {body}";
}
}
catch (Exception ex)
{
errorMessage = $"Ошибка отвязки: {ex.Message}";
}
finally
{
isUnlinking = false;
}
}
}
src/GmRelay.Web/Program.cs
+51
View File
@@ -215,6 +215,25 @@ app.MapGet("/auth/discord/callback", async (
await sessionStore.UpsertDiscordUserAsync(user.Id, user.DisplayName, user.AvatarUrl); await sessionStore.UpsertDiscordUserAsync(user.Id, user.DisplayName, user.AvatarUrl);
// If already authenticated via another platform, link instead of replacing session
if (context.User.Identity?.IsAuthenticated == true
&& context.User.TryGetPlatformIdentity(out var currentPlatform, out var currentExternalUserId)
&& currentPlatform != "Discord")
{
try
{
await sessionStore.LinkIdentityAsync(
currentPlatform, currentExternalUserId,
"Discord", user.Id,
user.DisplayName);
return Results.Redirect("/profile?linked=discord");
}
catch (InvalidOperationException ex)
{
return Results.Redirect($"/profile?link_error={Uri.EscapeDataString(ex.Message)}");
}
}
var authProperties = new AuthenticationProperties { IsPersistent = true }; var authProperties = new AuthenticationProperties { IsPersistent = true };
await context.SignInAsync( await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme,
@@ -224,6 +243,38 @@ app.MapGet("/auth/discord/callback", async (
return Results.Redirect("/"); return Results.Redirect("/");
}); });
// Identity linking API endpoints
app.MapGet("/api/me/identities", async (
HttpContext context,
ISessionStore sessionStore) =>
{
if (!context.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
return Results.Unauthorized();
var identities = await sessionStore.GetLinkedIdentitiesAsync(platform, externalUserId);
return Results.Ok(identities);
}).RequireAuthorization();
app.MapDelete("/api/me/identities/{targetPlatform}/{targetExternalUserId}", async (
HttpContext context,
ISessionStore sessionStore,
string targetPlatform,
string targetExternalUserId) =>
{
if (!context.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
return Results.Unauthorized();
try
{
await sessionStore.UnlinkIdentityAsync(platform, externalUserId, targetPlatform, targetExternalUserId);
return Results.NoContent();
}
catch (InvalidOperationException ex)
{
return Results.BadRequest(new { error = ex.Message });
}
}).RequireAuthorization();
// Public calendar subscription endpoint (no auth required) // Public calendar subscription endpoint (no auth required)
app.MapGet("/calendar/{token}.ics", async ( app.MapGet("/calendar/{token}.ics", async (
string token, string token,
src/GmRelay.Web/Services/ISessionStore.cs
+15
View File
@@ -53,4 +53,19 @@ public interface ISessionStore
Task LogSessionChangeAsync(Guid sessionId, string actorExternalUserId, string actorName, string changeType, string? oldValue, string? newValue); Task LogSessionChangeAsync(Guid sessionId, string actorExternalUserId, string actorName, string changeType, string? oldValue, string? newValue);
Task<List<SessionAuditLogEntry>> GetSessionHistoryAsync(Guid sessionId); Task<List<SessionAuditLogEntry>> GetSessionHistoryAsync(Guid sessionId);
Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl); Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl);
// --- Identity linking (issue #35) ---
Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId);
Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId);
Task LinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId, string? currentName);
Task UnlinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId);
Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl);
} }
public sealed record LinkedIdentity(
string Platform,
string ExternalUserId,
string DisplayName,
string? ExternalUsername,
string? AvatarUrl,
DateTime LinkedAt);
src/GmRelay.Web/Services/SessionService.cs
+294 -71
View File
@@ -104,6 +104,10 @@ public sealed class SessionService(
public async Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId) public async Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId)
{ {
await using var conn = await dataSource.OpenConnectionAsync(); await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return [];
return (await conn.QueryAsync<WebGameGroup>( return (await conn.QueryAsync<WebGameGroup>(
""" """
SELECT g.id, SELECT g.id,
@@ -113,13 +117,11 @@ public sealed class SessionService(
g.platform AS Platform, g.platform AS Platform,
gm.role AS ManagerRole gm.role AS ManagerRole
FROM group_managers gm FROM group_managers gm
JOIN players p ON p.id = gm.player_id
JOIN game_groups g ON g.id = gm.group_id JOIN game_groups g ON g.id = gm.group_id
WHERE p.platform = @Platform WHERE gm.player_id = @PlayerId
AND p.external_user_id = @ExternalUserId
ORDER BY g.name ORDER BY g.name
""", """,
new { Platform = platform, ExternalUserId = externalUserId })).ToList(); new { PlayerId = effectiveId.Value })).ToList();
} }
public async Task<WebGameGroup?> GetGroupAsync(Guid groupId) public async Task<WebGameGroup?> GetGroupAsync(Guid groupId)
@@ -142,36 +144,40 @@ public sealed class SessionService(
public async Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId) public async Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId)
{ {
await using var conn = await dataSource.OpenConnectionAsync(); await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return false;
return await conn.ExecuteScalarAsync<bool>( return await conn.ExecuteScalarAsync<bool>(
""" """
SELECT EXISTS ( SELECT EXISTS (
SELECT 1 SELECT 1
FROM group_managers gm FROM group_managers
JOIN players p ON p.id = gm.player_id WHERE group_id = @GroupId
WHERE gm.group_id = @GroupId AND player_id = @PlayerId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
) )
""", """,
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId }); new { GroupId = groupId, PlayerId = effectiveId.Value });
} }
public async Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId) public async Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId)
{ {
await using var conn = await dataSource.OpenConnectionAsync(); await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return false;
return await conn.ExecuteScalarAsync<bool>( return await conn.ExecuteScalarAsync<bool>(
""" """
SELECT EXISTS ( SELECT EXISTS (
SELECT 1 SELECT 1
FROM group_managers gm FROM group_managers
JOIN players p ON p.id = gm.player_id WHERE group_id = @GroupId
WHERE gm.group_id = @GroupId AND player_id = @PlayerId
AND p.platform = @Platform AND role = @OwnerRole
AND p.external_user_id = @ExternalUserId
AND gm.role = @OwnerRole
) )
""", """,
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId, OwnerRole = GroupManagerRoleExtensions.OwnerValue }); new { GroupId = groupId, PlayerId = effectiveId.Value, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
} }
public async Task<List<WebGroupManager>> GetGroupManagersAsync(Guid groupId) public async Task<List<WebGroupManager>> GetGroupManagersAsync(Guid groupId)
@@ -255,22 +261,6 @@ public sealed class SessionService(
return entries.ToList(); return entries.ToList();
} }
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
{
await using var conn = await dataSource.OpenConnectionAsync();
await conn.ExecuteAsync(
"""
INSERT INTO players (display_name, platform, external_user_id, external_username)
VALUES (@DisplayName, 'Discord', @DiscordId, @DisplayName)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username
""",
new { DisplayName = displayName, DiscordId = discordId });
}
public async Task AddGroupCoGmAsync( public async Task AddGroupCoGmAsync(
Guid groupId, Guid groupId,
string ownerPlatform, string ownerExternalUserId, string ownerPlatform, string ownerExternalUserId,
@@ -280,35 +270,16 @@ public sealed class SessionService(
await using var conn = await dataSource.OpenConnectionAsync(); await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync(); await using var transaction = await conn.BeginTransactionAsync();
await conn.ExecuteAsync( var ownerPlayerId = await _ResolveEffectivePlayerIdAsync(conn, ownerPlatform, ownerExternalUserId);
""" if (ownerPlayerId is null)
INSERT INTO players (display_name, telegram_username, platform, external_user_id, external_username) throw new InvalidOperationException("Owner player not found.");
VALUES (@DisplayName, @ExternalUsername, @Platform, @ExternalUserId, @ExternalUsername)
ON CONFLICT (platform, external_user_id) var coGmPlayerId = await _UpsertPlayerAndGetIdAsync(conn, coGmPlatform, coGmExternalUserId, displayName, externalUsername, transaction);
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username
""",
new
{
DisplayName = displayName,
ExternalUsername = externalUsername,
Platform = coGmPlatform,
ExternalUserId = coGmExternalUserId
},
transaction);
await conn.ExecuteAsync( await conn.ExecuteAsync(
""" """
INSERT INTO group_managers (group_id, player_id, role, added_by_player_id) INSERT INTO group_managers (group_id, player_id, role, added_by_player_id)
SELECT @GroupId, VALUES (@GroupId, @CoGmPlayerId, @CoGmRole, @OwnerPlayerId)
co_gm.id,
@CoGmRole,
owner_player.id
FROM players co_gm
LEFT JOIN players owner_player ON owner_player.platform = @OwnerPlatform AND owner_player.external_user_id = @OwnerExternalUserId
WHERE co_gm.platform = @CoGmPlatform AND co_gm.external_user_id = @CoGmExternalUserId
ON CONFLICT (group_id, player_id) DO UPDATE ON CONFLICT (group_id, player_id) DO UPDATE
SET role = CASE SET role = CASE
WHEN group_managers.role = @OwnerRole THEN group_managers.role WHEN group_managers.role = @OwnerRole THEN group_managers.role
@@ -319,10 +290,8 @@ public sealed class SessionService(
new new
{ {
GroupId = groupId, GroupId = groupId,
OwnerPlatform = ownerPlatform, OwnerPlayerId = ownerPlayerId.Value,
OwnerExternalUserId = ownerExternalUserId, CoGmPlayerId = coGmPlayerId,
CoGmPlatform = coGmPlatform,
CoGmExternalUserId = coGmExternalUserId,
OwnerRole = GroupManagerRoleExtensions.OwnerValue, OwnerRole = GroupManagerRoleExtensions.OwnerValue,
CoGmRole = GroupManagerRoleExtensions.CoGmValue CoGmRole = GroupManagerRoleExtensions.CoGmValue
}, },
@@ -334,21 +303,21 @@ public sealed class SessionService(
public async Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId) public async Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId)
{ {
await using var conn = await dataSource.OpenConnectionAsync(); await using var conn = await dataSource.OpenConnectionAsync();
var coGmPlayerId = await _ResolveEffectivePlayerIdAsync(conn, coGmPlatform, coGmExternalUserId);
if (coGmPlayerId is null)
return;
await conn.ExecuteAsync( await conn.ExecuteAsync(
""" """
DELETE FROM group_managers gm DELETE FROM group_managers
USING players p WHERE group_id = @GroupId
WHERE gm.player_id = p.id AND player_id = @PlayerId
AND gm.group_id = @GroupId AND role = @CoGmRole
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
AND gm.role = @CoGmRole
""", """,
new new
{ {
GroupId = groupId, GroupId = groupId,
Platform = coGmPlatform, PlayerId = coGmPlayerId.Value,
ExternalUserId = coGmExternalUserId,
CoGmRole = GroupManagerRoleExtensions.CoGmValue CoGmRole = GroupManagerRoleExtensions.CoGmValue
}); });
} }
@@ -1371,4 +1340,258 @@ public sealed class SessionService(
new { BatchId = batchId, GroupId = groupId }, new { BatchId = batchId, GroupId = groupId },
transaction); transaction);
} }
// --- Identity linking (issue #35) ---
public async Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
return await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
}
public async Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return [];
return (await conn.QueryAsync<LinkedIdentity>(
"""
SELECT p.platform AS Platform,
p.external_user_id AS ExternalUserId,
p.display_name AS DisplayName,
p.external_username AS ExternalUsername,
p.avatar_url AS AvatarUrl,
COALESCE(pl.linked_at, p.created_at) AS LinkedAt
FROM players p
LEFT JOIN player_links pl ON pl.secondary_player_id = p.id
WHERE pl.primary_player_id = @EffectiveId
OR p.id = @EffectiveId
ORDER BY CASE WHEN p.id = @EffectiveId THEN 0 ELSE 1 END,
p.platform
""",
new { EffectiveId = effectiveId.Value })).ToList();
}
public async Task LinkIdentityAsync(
string currentPlatform, string currentExternalUserId,
string targetPlatform, string targetExternalUserId,
string? currentName)
{
if (currentPlatform == targetPlatform && currentExternalUserId == targetExternalUserId)
throw new InvalidOperationException("Cannot link an identity to itself.");
await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync();
// Resolve current player (must exist — they are logged in)
var currentPlayerId = await _ResolvePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
if (currentPlayerId is null)
throw new InvalidOperationException("Current player not found.");
// Upsert target player so it exists
var targetDisplayName = currentName ?? $"{targetPlatform} {targetExternalUserId}";
var targetPlayerId = await _UpsertPlayerAndGetIdAsync(conn, targetPlatform, targetExternalUserId, targetDisplayName, null, transaction);
// Check if target is already a primary of another link chain (conflict)
var targetIsPrimary = await conn.ExecuteScalarAsync<bool>(
"""
SELECT EXISTS (
SELECT 1 FROM player_links WHERE primary_player_id = @TargetPlayerId
)
""",
new { TargetPlayerId = targetPlayerId }, transaction);
if (targetIsPrimary)
{
await _LogIdentityAuditAsync(conn, currentPlayerId.Value, "link_attempt_conflict",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
throw new InvalidOperationException("Target identity is already the primary account of another linked set.");
}
// Check if current is already a secondary (then their primary becomes the effective primary)
var currentPrimaryId = await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT primary_player_id
FROM player_links
WHERE secondary_player_id = @CurrentPlayerId
""",
new { CurrentPlayerId = currentPlayerId.Value }, transaction);
var effectiveCurrentPrimary = currentPrimaryId ?? currentPlayerId.Value;
// Check if target is already linked to someone else as secondary
var existingLink = await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT primary_player_id
FROM player_links
WHERE secondary_player_id = @TargetPlayerId
""",
new { TargetPlayerId = targetPlayerId }, transaction);
if (existingLink is not null && existingLink.Value != effectiveCurrentPrimary)
{
await _LogIdentityAuditAsync(conn, effectiveCurrentPrimary, "link_attempt_conflict",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
throw new InvalidOperationException("Target identity is already linked to another account.");
}
var effectivePrimary = currentPrimaryId ?? currentPlayerId.Value;
// Check if already linked
var alreadyLinked = await conn.ExecuteScalarAsync<bool>(
"""
SELECT EXISTS (
SELECT 1 FROM player_links
WHERE primary_player_id = @EffectivePrimary AND secondary_player_id = @TargetPlayerId
)
""",
new { EffectivePrimary = effectivePrimary, TargetPlayerId = targetPlayerId }, transaction);
if (alreadyLinked)
{
await transaction.CommitAsync();
return; // Already linked, idempotent
}
await conn.ExecuteAsync(
"""
INSERT INTO player_links (primary_player_id, secondary_player_id, linked_by_player_id)
VALUES (@PrimaryPlayerId, @SecondaryPlayerId, @LinkedByPlayerId)
""",
new
{
PrimaryPlayerId = effectivePrimary,
SecondaryPlayerId = targetPlayerId,
LinkedByPlayerId = currentPlayerId.Value
},
transaction);
await _LogIdentityAuditAsync(conn, effectivePrimary, "link",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
}
public async Task UnlinkIdentityAsync(
string currentPlatform, string currentExternalUserId,
string targetPlatform, string targetExternalUserId)
{
if (currentPlatform == targetPlatform && currentExternalUserId == targetExternalUserId)
throw new InvalidOperationException("Cannot unlink your own primary identity from itself.");
await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync();
var currentPlayerId = await _ResolvePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
if (currentPlayerId is null)
throw new InvalidOperationException("Current player not found.");
var targetPlayerId = await _ResolvePlayerIdAsync(conn, targetPlatform, targetExternalUserId);
if (targetPlayerId is null)
throw new InvalidOperationException("Target identity not found.");
var effectivePrimary = await _ResolveEffectivePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
if (effectivePrimary is null)
throw new InvalidOperationException("Effective primary not found.");
// Only the primary account owner (or the linked identity itself) can unlink
var rows = await conn.ExecuteAsync(
"""
DELETE FROM player_links
WHERE primary_player_id = @EffectivePrimary
AND secondary_player_id = @TargetPlayerId
""",
new { EffectivePrimary = effectivePrimary.Value, TargetPlayerId = targetPlayerId.Value },
transaction);
if (rows == 0)
{
await transaction.RollbackAsync();
throw new InvalidOperationException("Identity is not linked to your account.");
}
await _LogIdentityAuditAsync(conn, effectivePrimary.Value, "unlink",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
}
public async Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl)
{
await using var conn = await dataSource.OpenConnectionAsync();
await _UpsertPlayerAndGetIdAsync(conn, platform, externalUserId, displayName, avatarUrl, null);
}
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
{
await using var conn = await dataSource.OpenConnectionAsync();
await _UpsertPlayerAndGetIdAsync(conn, "Discord", discordId, displayName, avatarUrl, null);
}
// --- Private helpers ---
private static async Task<Guid?> _ResolvePlayerIdAsync(NpgsqlConnection conn, string platform, string externalUserId)
{
return await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT id FROM players
WHERE platform = @Platform AND external_user_id = @ExternalUserId
""",
new { Platform = platform, ExternalUserId = externalUserId });
}
private static async Task<Guid?> _ResolveEffectivePlayerIdAsync(NpgsqlConnection conn, string platform, string externalUserId)
{
var playerId = await _ResolvePlayerIdAsync(conn, platform, externalUserId);
if (playerId is null)
return null;
var primaryId = await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT primary_player_id FROM player_links
WHERE secondary_player_id = @PlayerId
""",
new { PlayerId = playerId.Value });
return primaryId ?? playerId;
}
private static async Task<Guid> _UpsertPlayerAndGetIdAsync(
NpgsqlConnection conn, string platform, string externalUserId,
string displayName, string? avatarUrl, NpgsqlTransaction? transaction)
{
return await conn.QuerySingleAsync<Guid>(
"""
INSERT INTO players (display_name, platform, external_user_id, external_username, avatar_url)
VALUES (@DisplayName, @Platform, @ExternalUserId, @DisplayName, @AvatarUrl)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username,
avatar_url = COALESCE(EXCLUDED.avatar_url, players.avatar_url)
RETURNING id
""",
new { DisplayName = displayName, Platform = platform, ExternalUserId = externalUserId, AvatarUrl = avatarUrl },
transaction);
}
private static async Task _LogIdentityAuditAsync(
NpgsqlConnection conn, Guid playerId, string action,
string? targetPlatform, string? targetExternalUserId,
Guid? performedByPlayerId, NpgsqlTransaction? transaction)
{
await conn.ExecuteAsync(
"""
INSERT INTO identity_audit_log (player_id, action, target_platform, target_external_user_id, performed_by_player_id)
VALUES (@PlayerId, @Action, @TargetPlatform, @TargetExternalUserId, @PerformedByPlayerId)
""",
new { PlayerId = playerId, Action = action, TargetPlatform = targetPlatform, TargetExternalUserId = targetExternalUserId, PerformedByPlayerId = performedByPlayerId },
transaction);
}
} }
tests/GmRelay.Bot.Tests/Discord/DiscordProjectStructureTests.cs
+7 -7
View File
@@ -61,7 +61,7 @@ public sealed class DiscordProjectStructureTests
var prChecks = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "pr-checks.yml")); var prChecks = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "pr-checks.yml"));
var deploy = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")); var deploy = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml"));
Assert.Contains("gmrelay-discord-bot:2.8.1", compose); Assert.Contains("gmrelay-discord-bot:3.0.0", compose);
Assert.Contains("Discord__Token=${DISCORD_BOT_TOKEN:?Set DISCORD_BOT_TOKEN in .env}", compose); Assert.Contains("Discord__Token=${DISCORD_BOT_TOKEN:?Set DISCORD_BOT_TOKEN in .env}", compose);
Assert.Contains("src/GmRelay.DiscordBot/Dockerfile", deploy); Assert.Contains("src/GmRelay.DiscordBot/Dockerfile", deploy);
Assert.Contains("DISCORD_BOT_TOKEN", deploy); Assert.Contains("DISCORD_BOT_TOKEN", deploy);
@@ -75,13 +75,13 @@ public sealed class DiscordProjectStructureTests
{ {
var repoRoot = GetRepoRoot(); var repoRoot = GetRepoRoot();
Assert.Contains("<Version>2.8.1</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props"))); Assert.Contains("<Version>3.0.0</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
Assert.Contains("VERSION: 2.8.1", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml"))); Assert.Contains("VERSION: 3.0.0", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
Assert.Contains("gmrelay-bot:2.8.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml"))); Assert.Contains("gmrelay-bot:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("gmrelay-web:2.8.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml"))); Assert.Contains("gmrelay-web:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("gmrelay-discord-bot:2.8.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml"))); Assert.Contains("gmrelay-discord-bot:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains( Assert.Contains(
"v2.8.1", "v3.0.0",
File.ReadAllText(Path.Combine(repoRoot, "src", "GmRelay.Web", "Components", "Layout", "NavMenu.razor"))); File.ReadAllText(Path.Combine(repoRoot, "src", "GmRelay.Web", "Components", "Layout", "NavMenu.razor")));
} }
tests/GmRelay.Bot.Tests/Web/AuthorizedSessionServiceTests.cs
+15
View File
@@ -1121,6 +1121,21 @@ public sealed class AuthorizedSessionServiceTests
public Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl) => public Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl) =>
Task.CompletedTask; Task.CompletedTask;
public Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId) =>
Task.FromResult<Guid?>(Guid.NewGuid());
public Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId) =>
Task.FromResult(new List<LinkedIdentity>());
public Task LinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId, string? currentName) =>
Task.CompletedTask;
public Task UnlinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId) =>
Task.CompletedTask;
public Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl) =>
Task.CompletedTask;
private bool IsManager(Guid groupId, long telegramId) => private bool IsManager(Guid groupId, long telegramId) =>
IsOwner(groupId, telegramId) || IsOwner(groupId, telegramId) ||
managers.Any(manager => manager.GroupId == groupId && manager.TelegramId == telegramId); managers.Any(manager => manager.GroupId == groupId && manager.TelegramId == telegramId);