Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 86 Wiki Activity

feat: unify Telegram and Discord accounts via identity linking
PR Checks / test-and-build (pull_request) Successful in 7m6s
Details

Browse Source 
- Add V020 migration: player_links + identity_audit_log tables
- Add ISessionStore methods: ResolveEffectivePlayerId, LinkIdentity, UnlinkIdentity, GetLinkedIdentities
- Update SessionService to resolve effective player id for all permission checks
- Add /auth/discord/callback linking flow when already authenticated
- Add /api/me/identities GET/DELETE endpoints
- Add Profile.razor page for managing linked accounts
- Update NavMenu with profile link and v3.0.0 badge
- Bump version to 3.0.0 across all files

Bump version → 3.0.0

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Toutsu
2026-05-25 13:51:10 +03:00
parent 7a2ed808c4
commit baa25f2e1e
11 changed files with 585 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/GmRelay.Web/Services/SessionService.cs
+291 -71
View File
@@ -104,6 +104,10 @@ public sealed class SessionService(
public async Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return [];
return (await conn.QueryAsync<WebGameGroup>(
"""
SELECT g.id,
@@ -113,13 +117,11 @@ public sealed class SessionService(
g.platform AS Platform,
gm.role AS ManagerRole
FROM group_managers gm
JOIN players p ON p.id = gm.player_id
JOIN game_groups g ON g.id = gm.group_id
WHERE p.platform = @Platform
AND p.external_user_id = @ExternalUserId
WHERE gm.player_id = @PlayerId
ORDER BY g.name
""",
new { Platform = platform, ExternalUserId = externalUserId })).ToList();
new { PlayerId = effectiveId.Value })).ToList();
}
public async Task<WebGameGroup?> GetGroupAsync(Guid groupId)
@@ -142,36 +144,40 @@ public sealed class SessionService(
public async Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return false;
return await conn.ExecuteScalarAsync<bool>(
"""
SELECT EXISTS (
SELECT 1
FROM group_managers gm
JOIN players p ON p.id = gm.player_id
WHERE gm.group_id = @GroupId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
FROM group_managers
WHERE group_id = @GroupId
AND player_id = @PlayerId
)
""",
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId });
new { GroupId = groupId, PlayerId = effectiveId.Value });
}
public async Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return false;
return await conn.ExecuteScalarAsync<bool>(
"""
SELECT EXISTS (
SELECT 1
FROM group_managers gm
JOIN players p ON p.id = gm.player_id
WHERE gm.group_id = @GroupId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
AND gm.role = @OwnerRole
FROM group_managers
WHERE group_id = @GroupId
AND player_id = @PlayerId
AND role = @OwnerRole
)
""",
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
new { GroupId = groupId, PlayerId = effectiveId.Value, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
}
public async Task<List<WebGroupManager>> GetGroupManagersAsync(Guid groupId)
@@ -255,22 +261,6 @@ public sealed class SessionService(
return entries.ToList();
}
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
{
await using var conn = await dataSource.OpenConnectionAsync();
await conn.ExecuteAsync(
"""
INSERT INTO players (display_name, platform, external_user_id, external_username)
VALUES (@DisplayName, 'Discord', @DiscordId, @DisplayName)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username
""",
new { DisplayName = displayName, DiscordId = discordId });
}
public async Task AddGroupCoGmAsync(
Guid groupId,
string ownerPlatform, string ownerExternalUserId,
@@ -280,35 +270,16 @@ public sealed class SessionService(
await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync();
await conn.ExecuteAsync(
"""
INSERT INTO players (display_name, telegram_username, platform, external_user_id, external_username)
VALUES (@DisplayName, @ExternalUsername, @Platform, @ExternalUserId, @ExternalUsername)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username
""",
new
{
DisplayName = displayName,
ExternalUsername = externalUsername,
Platform = coGmPlatform,
ExternalUserId = coGmExternalUserId
},
transaction);
var ownerPlayerId = await _ResolveEffectivePlayerIdAsync(conn, ownerPlatform, ownerExternalUserId);
if (ownerPlayerId is null)
throw new InvalidOperationException("Owner player not found.");
var coGmPlayerId = await _UpsertPlayerAndGetIdAsync(conn, coGmPlatform, coGmExternalUserId, displayName, externalUsername, transaction);
await conn.ExecuteAsync(
"""
INSERT INTO group_managers (group_id, player_id, role, added_by_player_id)
SELECT @GroupId,
co_gm.id,
@CoGmRole,
owner_player.id
FROM players co_gm
LEFT JOIN players owner_player ON owner_player.platform = @OwnerPlatform AND owner_player.external_user_id = @OwnerExternalUserId
WHERE co_gm.platform = @CoGmPlatform AND co_gm.external_user_id = @CoGmExternalUserId
VALUES (@GroupId, @CoGmPlayerId, @CoGmRole, @OwnerPlayerId)
ON CONFLICT (group_id, player_id) DO UPDATE
SET role = CASE
WHEN group_managers.role = @OwnerRole THEN group_managers.role
@@ -319,10 +290,8 @@ public sealed class SessionService(
new
{
GroupId = groupId,
OwnerPlatform = ownerPlatform,
OwnerExternalUserId = ownerExternalUserId,
CoGmPlatform = coGmPlatform,
CoGmExternalUserId = coGmExternalUserId,
OwnerPlayerId = ownerPlayerId.Value,
CoGmPlayerId = coGmPlayerId,
OwnerRole = GroupManagerRoleExtensions.OwnerValue,
CoGmRole = GroupManagerRoleExtensions.CoGmValue
},
@@ -334,21 +303,21 @@ public sealed class SessionService(
public async Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
var coGmPlayerId = await _ResolveEffectivePlayerIdAsync(conn, coGmPlatform, coGmExternalUserId);
if (coGmPlayerId is null)
return;
await conn.ExecuteAsync(
"""
DELETE FROM group_managers gm
USING players p
WHERE gm.player_id = p.id
AND gm.group_id = @GroupId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
AND gm.role = @CoGmRole
DELETE FROM group_managers
WHERE group_id = @GroupId
AND player_id = @PlayerId
AND role = @CoGmRole
""",
new
{
GroupId = groupId,
Platform = coGmPlatform,
ExternalUserId = coGmExternalUserId,
PlayerId = coGmPlayerId.Value,
CoGmRole = GroupManagerRoleExtensions.CoGmValue
});
}
@@ -1371,4 +1340,255 @@ public sealed class SessionService(
new { BatchId = batchId, GroupId = groupId },
transaction);
}
// --- Identity linking (issue #35) ---
public async Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
return await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
}
public async Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
if (effectiveId is null)
return [];
return (await conn.QueryAsync<LinkedIdentity>(
"""
SELECT p.platform AS Platform,
p.external_user_id AS ExternalUserId,
p.display_name AS DisplayName,
p.external_username AS ExternalUsername,
p.avatar_url AS AvatarUrl,
COALESCE(pl.linked_at, p.created_at) AS LinkedAt
FROM players p
LEFT JOIN player_links pl ON pl.secondary_player_id = p.id
WHERE pl.primary_player_id = @EffectiveId
OR p.id = @EffectiveId
ORDER BY CASE WHEN p.id = @EffectiveId THEN 0 ELSE 1 END,
p.platform
""",
new { EffectiveId = effectiveId.Value })).ToList();
}
public async Task LinkIdentityAsync(
string currentPlatform, string currentExternalUserId,
string targetPlatform, string targetExternalUserId,
string? currentName)
{
if (currentPlatform == targetPlatform && currentExternalUserId == targetExternalUserId)
throw new InvalidOperationException("Cannot link an identity to itself.");
await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync();
// Resolve current player (must exist — they are logged in)
var currentPlayerId = await _ResolvePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
if (currentPlayerId is null)
throw new InvalidOperationException("Current player not found.");
// Upsert target player so it exists
var targetDisplayName = currentName ?? $"{targetPlatform} {targetExternalUserId}";
var targetPlayerId = await _UpsertPlayerAndGetIdAsync(conn, targetPlatform, targetExternalUserId, targetDisplayName, null, transaction);
// Check if target is already a primary of another link chain (conflict)
var targetIsPrimary = await conn.ExecuteScalarAsync<bool>(
"""
SELECT EXISTS (
SELECT 1 FROM player_links WHERE primary_player_id = @TargetPlayerId
)
""",
new { TargetPlayerId = targetPlayerId }, transaction);
if (targetIsPrimary)
{
await _LogIdentityAuditAsync(conn, currentPlayerId.Value, "link_attempt_conflict",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
throw new InvalidOperationException("Target identity is already the primary account of another linked set.");
}
// Check if target is already linked to someone else as secondary
var existingLink = await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT primary_player_id
FROM player_links
WHERE secondary_player_id = @TargetPlayerId
""",
new { TargetPlayerId = targetPlayerId }, transaction);
if (existingLink is not null && existingLink.Value != currentPlayerId.Value)
{
await _LogIdentityAuditAsync(conn, currentPlayerId.Value, "link_attempt_conflict",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
throw new InvalidOperationException("Target identity is already linked to another account.");
}
// Check if current is already a secondary (then their primary becomes the effective primary)
var currentPrimaryId = await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT primary_player_id
FROM player_links
WHERE secondary_player_id = @CurrentPlayerId
""",
new { CurrentPlayerId = currentPlayerId.Value }, transaction);
var effectivePrimary = currentPrimaryId ?? currentPlayerId.Value;
// Check if already linked
var alreadyLinked = await conn.ExecuteScalarAsync<bool>(
"""
SELECT EXISTS (
SELECT 1 FROM player_links
WHERE primary_player_id = @EffectivePrimary AND secondary_player_id = @TargetPlayerId
)
""",
new { EffectivePrimary = effectivePrimary, TargetPlayerId = targetPlayerId }, transaction);
if (alreadyLinked)
{
await transaction.CommitAsync();
return; // Already linked, idempotent
}
await conn.ExecuteAsync(
"""
INSERT INTO player_links (primary_player_id, secondary_player_id, linked_by_player_id)
VALUES (@PrimaryPlayerId, @SecondaryPlayerId, @LinkedByPlayerId)
""",
new
{
PrimaryPlayerId = effectivePrimary,
SecondaryPlayerId = targetPlayerId,
LinkedByPlayerId = currentPlayerId.Value
},
transaction);
await _LogIdentityAuditAsync(conn, effectivePrimary, "link",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
}
public async Task UnlinkIdentityAsync(
string currentPlatform, string currentExternalUserId,
string targetPlatform, string targetExternalUserId)
{
if (currentPlatform == targetPlatform && currentExternalUserId == targetExternalUserId)
throw new InvalidOperationException("Cannot unlink your own primary identity from itself.");
await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync();
var currentPlayerId = await _ResolvePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
if (currentPlayerId is null)
throw new InvalidOperationException("Current player not found.");
var targetPlayerId = await _ResolvePlayerIdAsync(conn, targetPlatform, targetExternalUserId);
if (targetPlayerId is null)
throw new InvalidOperationException("Target identity not found.");
var effectivePrimary = await _ResolveEffectivePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
if (effectivePrimary is null)
throw new InvalidOperationException("Effective primary not found.");
// Only the primary account owner (or the linked identity itself) can unlink
var rows = await conn.ExecuteAsync(
"""
DELETE FROM player_links
WHERE primary_player_id = @EffectivePrimary
AND secondary_player_id = @TargetPlayerId
""",
new { EffectivePrimary = effectivePrimary.Value, TargetPlayerId = targetPlayerId.Value },
transaction);
if (rows == 0)
{
await transaction.RollbackAsync();
throw new InvalidOperationException("Identity is not linked to your account.");
}
await _LogIdentityAuditAsync(conn, effectivePrimary.Value, "unlink",
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
await transaction.CommitAsync();
}
public async Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl)
{
await using var conn = await dataSource.OpenConnectionAsync();
await _UpsertPlayerAndGetIdAsync(conn, platform, externalUserId, displayName, avatarUrl, null);
}
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
{
await _UpsertPlayerAndGetIdAsync(await dataSource.OpenConnectionAsync(), "Discord", discordId, displayName, avatarUrl, null);
}
// --- Private helpers ---
private static async Task<Guid?> _ResolvePlayerIdAsync(NpgsqlConnection conn, string platform, string externalUserId)
{
return await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT id FROM players
WHERE platform = @Platform AND external_user_id = @ExternalUserId
""",
new { Platform = platform, ExternalUserId = externalUserId });
}
private static async Task<Guid?> _ResolveEffectivePlayerIdAsync(NpgsqlConnection conn, string platform, string externalUserId)
{
var playerId = await _ResolvePlayerIdAsync(conn, platform, externalUserId);
if (playerId is null)
return null;
var primaryId = await conn.QuerySingleOrDefaultAsync<Guid?>(
"""
SELECT primary_player_id FROM player_links
WHERE secondary_player_id = @PlayerId
""",
new { PlayerId = playerId.Value });
return primaryId ?? playerId;
}
private static async Task<Guid> _UpsertPlayerAndGetIdAsync(
NpgsqlConnection conn, string platform, string externalUserId,
string displayName, string? avatarUrl, NpgsqlTransaction? transaction)
{
return await conn.QuerySingleAsync<Guid>(
"""
INSERT INTO players (display_name, platform, external_user_id, external_username, avatar_url)
VALUES (@DisplayName, @Platform, @ExternalUserId, @DisplayName, @AvatarUrl)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username,
avatar_url = COALESCE(EXCLUDED.avatar_url, players.avatar_url)
RETURNING id
""",
new { DisplayName = displayName, Platform = platform, ExternalUserId = externalUserId, AvatarUrl = avatarUrl },
transaction);
}
private static async Task _LogIdentityAuditAsync(
NpgsqlConnection conn, Guid playerId, string action,
string? targetPlatform, string? targetExternalUserId,
Guid? performedByPlayerId, NpgsqlTransaction? transaction)
{
await conn.ExecuteAsync(
"""
INSERT INTO identity_audit_log (player_id, action, target_platform, target_external_user_id, performed_by_player_id)
VALUES (@PlayerId, @Action, @TargetPlatform, @TargetExternalUserId, @PerformedByPlayerId)
""",
new { PlayerId = playerId, Action = action, TargetPlatform = targetPlatform, TargetExternalUserId = targetExternalUserId, PerformedByPlayerId = performedByPlayerId },
transaction);
}
}