Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests 1 Actions Packages Projects Releases 85 Wiki Activity

Merge pull request #91: feat: Discord OAuth и платформонезависимый Web Dashboard (issue #34)
Deploy Telegram Bot / build-and-push (push) Successful in 4m36s
Details
Deploy Telegram Bot / scan-images (push) Successful in 1m22s
Details
Deploy Telegram Bot / deploy (push) Successful in 26s
Details

Browse Source 
- Discord OAuth 2.0 login flow (identify + guilds scopes)
- Platform-agnostic auth via (platform, external_user_id)
- Cookie Authentication with ClaimsPrincipal
- Razor Pages updated to *ForCurrentUserAsync APIs
- CSRF protection for Discord OAuth
- V019 migration for audit log platform identity
- Version bumped to 2.8.0

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Toutsu
2026-05-25 12:14:27 +03:00
parent d0ddf3fb58 66dc53f12f
commit eb9a159dbb
27 changed files with 1098 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.example
+7
View File
@@ -14,6 +14,13 @@ TELEGRAM_MINI_APP_URL=
# Можно получить в Discord Developer Portal (https://discord.com/developers/applications)
DISCORD_BOT_TOKEN=YOUR_DISCORD_BOT_TOKEN_HERE
# Discord OAuth (для Web Dashboard)
# Client ID и Secret из OAuth2 раздела Discord Developer Portal
# Redirect URI должен указывать на /auth/discord/callback вашего домена
DISCORD_CLIENT_ID=YOUR_DISCORD_CLIENT_ID_HERE
DISCORD_CLIENT_SECRET=YOUR_DISCORD_CLIENT_SECRET_HERE
DISCORD_REDIRECT_URI=https://your-domain.example/auth/discord/callback
# Пароль для базы данных PostgreSQL
POSTGRES_PASSWORD=StrongPasswordForDatabase
.gitea/workflows/deploy.yml
+4 -1
View File
@@ -6,7 +6,7 @@ on:
- main
env:
VERSION: 2.7.2
VERSION: 2.8.0
jobs:
# ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами)
@@ -113,6 +113,9 @@ jobs:
echo "DISCORD_BOT_TOKEN=${{ secrets.DISCORD_BOT_TOKEN }}" >> .env
echo "TELEGRAM_BOT_USERNAME=${{ secrets.TELEGRAM_BOT_USERNAME }}" >> .env
echo "TELEGRAM_MINI_APP_URL=${{ secrets.TELEGRAM_MINI_APP_URL }}" >> .env
echo "DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }}" >> .env
echo "DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }}" >> .env
echo "DISCORD_REDIRECT_URI=${{ secrets.DISCORD_REDIRECT_URI }}" >> .env
- name: Deploy Containers
run: |
Directory.Build.props
+1 -1
View File
@@ -1,6 +1,6 @@
<Project>
<PropertyGroup>
<Version>2.7.2</Version>
<Version>2.8.0</Version>
<TargetFramework>net10.0</TargetFramework>
<LangVersion>preview</LangVersion>
<Nullable>enable</Nullable>
README.md
+1 -1
View File
@@ -4,7 +4,7 @@
Проект разработан с упором на производительность, архитектуру Vertical Slice, Native AOT (для бота) и удобство развертывания с использованием .NET Aspire.
**Текущая версия:** `v2.7.2`.
**Текущая версия:** `v2.8.0`.
---
compose.yaml
+6 -3
View File
@@ -49,7 +49,7 @@ services:
crond -f
bot:
image: git.codeanddice.ru/toutsu/gmrelay-bot:2.7.2
image: git.codeanddice.ru/toutsu/gmrelay-bot:2.8.0
restart: always
depends_on:
db:
@@ -67,7 +67,7 @@ services:
retries: 3
discord:
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:2.7.2
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:2.8.0
restart: always
depends_on:
db:
@@ -84,7 +84,7 @@ services:
retries: 3
web:
image: git.codeanddice.ru/toutsu/gmrelay-web:2.7.2
image: git.codeanddice.ru/toutsu/gmrelay-web:2.8.0
restart: always
depends_on:
db:
@@ -94,6 +94,9 @@ services:
- "Telegram__BotToken=${TELEGRAM_BOT_TOKEN:?Set TELEGRAM_BOT_TOKEN in .env}"
- "Telegram__BotUsername=${TELEGRAM_BOT_USERNAME:?Set TELEGRAM_BOT_USERNAME in .env}"
- "Telegram__MiniAppUrl=${TELEGRAM_MINI_APP_URL:-}"
- "Discord__ClientId=${DISCORD_CLIENT_ID:-}"
- "Discord__ClientSecret=${DISCORD_CLIENT_SECRET:-}"
- "Discord__RedirectUri=${DISCORD_REDIRECT_URI:-}"
ports:
- "${GMRELAY_WEB_PORT:-8080}:8080"
volumes:
src/GmRelay.Bot/Migrations/V019__audit_log_platform_identity.sql
+18
View File
@@ -0,0 +1,18 @@
-- =============================================================
-- V019: Rename session_audit_log.actor_telegram_id to actor_external_user_id
-- =============================================================
-- Scope: Support platform-agnostic audit log identity.
-- =============================================================
ALTER TABLE session_audit_log
ADD COLUMN actor_external_user_id VARCHAR(255);
UPDATE session_audit_log
SET actor_external_user_id = actor_telegram_id::TEXT
WHERE actor_external_user_id IS NULL;
ALTER TABLE session_audit_log
ALTER COLUMN actor_external_user_id SET NOT NULL;
ALTER TABLE session_audit_log
DROP COLUMN actor_telegram_id;
src/GmRelay.Web/Components/Layout/NavMenu.razor
+16 -3
View File
@@ -39,9 +39,19 @@
<div class="nav-footer">
<div class="nav-user">
<div class="nav-user-avatar">
@(context.User.Identity?.Name?.Substring(0, 1).ToUpper() ?? "?")
@if (!string.IsNullOrWhiteSpace(context.User.GetAvatarUrl()))
{
<img src="@context.User.GetAvatarUrl()" alt="" />
}
else
{
@(context.User.Identity?.Name?.Substring(0, 1).ToUpper() ?? "?")
}
</div>
<div class="nav-user-info">
<span class="nav-user-name">@context.User.Identity?.Name</span>
<span class="nav-user-platform">@GetPlatformLabel(context.User)</span>
</div>
<span class="nav-user-name">@context.User.Identity?.Name</span>
</div>
<form action="/auth/logout" method="post">
@@ -56,7 +66,7 @@
</button>
</form>
<div class="nav-version">v2.7.2</div>
<div class="nav-version">v2.8.0</div>
</div>
</Authorized>
<NotAuthorized>
@@ -79,4 +89,7 @@
private void ToggleMenu() => isOpen = !isOpen;
private void CloseMenu() => isOpen = false;
private static string GetPlatformLabel(System.Security.Claims.ClaimsPrincipal user) =>
user.TryGetDiscordId(out _) ? "Discord" : "Telegram";
}
src/GmRelay.Web/Components/Pages/CampaignTemplates.razor
+6 -7
View File
@@ -185,7 +185,7 @@
private Guid selectedGroupId;
private Guid? deletingTemplateId;
private bool isCreatingTemplate;
private long telegramId;
private string? externalUserId;
private string? errorMessage;
private string? successMessage;
private CampaignTemplateEditModel templateModel = new();
@@ -195,13 +195,13 @@
protected override async Task OnInitializedAsync()
{
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
if (!authState.User.TryGetTelegramId(out telegramId))
if (!authState.User.TryGetPlatformIdentity(out var platform, out externalUserId))
{
Navigation.NavigateTo("/access-denied");
return;
}
groups = await SessionService.GetGroupsForGmAsync(telegramId);
groups = await SessionService.GetGroupsForCurrentUserAsync();
selectedGroupId = groups.FirstOrDefault()?.Id ?? Guid.Empty;
if (selectedGroupId != Guid.Empty)
@@ -228,7 +228,7 @@
campaignTemplates = null;
campaignTemplateModels = [];
var templates = await SessionService.GetCampaignTemplatesForGmAsync(selectedGroupId, telegramId);
var templates = await SessionService.GetCampaignTemplatesForCurrentUserAsync(selectedGroupId);
if (templates is null)
{
Navigation.NavigateTo("/access-denied");
@@ -260,9 +260,8 @@
try
{
await SessionService.CreateCampaignTemplateForGmAsync(
await SessionService.CreateCampaignTemplateForCurrentUserAsync(
selectedGroupId,
telegramId,
new CreateCampaignTemplateRequest(
templateModel.Name,
templateModel.Title,
@@ -298,7 +297,7 @@
try
{
await SessionService.DeleteCampaignTemplateForGmAsync(template.Id, telegramId);
await SessionService.DeleteCampaignTemplateForCurrentUserAsync(template.Id);
successMessage = "Шаблон кампании удалён.";
await LoadTemplates();
}
src/GmRelay.Web/Components/Pages/EditSession.razor
+4 -4
View File
@@ -87,13 +87,13 @@
protected override async Task OnInitializedAsync()
{
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
if (!authState.User.TryGetTelegramId(out var telegramId))
if (!authState.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
{
Navigation.NavigateTo("/access-denied");
return;
}
session = await SessionService.GetSessionForGmAsync(SessionId, telegramId);
session = await SessionService.GetSessionForCurrentUserAsync(SessionId);
if (session is null)
{
Navigation.NavigateTo("/access-denied");
@@ -114,7 +114,7 @@
try
{
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
if (!authState.User.TryGetTelegramId(out var telegramId))
if (!authState.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
{
Navigation.NavigateTo("/access-denied");
return;
@@ -122,7 +122,7 @@
var utcTime = new DateTimeOffset(model.ScheduledAtLocal, TimeSpan.FromHours(3)).ToUniversalTime().UtcDateTime;
await SessionService.UpdateSessionForGmAsync(SessionId, telegramId, model.Title, utcTime, model.JoinLink, model.MaxPlayers);
await SessionService.UpdateSessionForCurrentUserAsync(SessionId, model.Title, utcTime, model.JoinLink, model.MaxPlayers);
Navigation.NavigateTo($"/group/{session!.GroupId}");
}
catch (SessionAccessDeniedException)
src/GmRelay.Web/Components/Pages/GroupDetails.razor
+22 -23
View File
@@ -40,8 +40,8 @@
</span>
@if (groupManagement.CurrentUserIsOwner && manager.Role == GroupManagerRoleExtensions.CoGmValue)
{
<button type="button" class="btn-gm btn-gm-outline" style="font-size: 0.75rem; padding: 0.25rem 0.5rem;" disabled="@(removingCoGmId == manager.TelegramId)" @onclick="() => RemoveCoGm(manager.TelegramId)">
@(removingCoGmId == manager.TelegramId ? "⏳ Удаляем..." : "Убрать")
<button type="button" class="btn-gm btn-gm-outline" style="font-size: 0.75rem; padding: 0.25rem 0.5rem;" disabled="@(removingCoGmId == manager.ExternalUserId)" @onclick="() => RemoveCoGm(manager.ExternalUserId ?? manager.TelegramId.ToString())">
@(removingCoGmId == manager.ExternalUserId ? "⏳ Удаляем..." : "Убрать")
</button>
}
}
@@ -403,9 +403,9 @@
private Guid? promotingSessionId;
private Guid? processingBatchId;
private Guid? processingTemplateId;
private long? removingCoGmId;
private string? removingCoGmId;
private bool isAddingCoGm;
private long telegramId;
private string? externalUserId;
private string? errorMessage;
private string? successMessage;
private CoGmEditModel coGmModel = new();
@@ -417,7 +417,7 @@
protected override async Task OnInitializedAsync()
{
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
if (!authState.User.TryGetTelegramId(out telegramId))
if (!authState.User.TryGetPlatformIdentity(out var platform, out externalUserId))
{
Navigation.NavigateTo("/access-denied");
return;
@@ -428,21 +428,21 @@
private async Task LoadSessions()
{
groupManagement = await SessionService.GetGroupManagementForGmAsync(GroupId, telegramId);
groupManagement = await SessionService.GetGroupManagementForCurrentUserAsync(GroupId);
if (groupManagement is null)
{
Navigation.NavigateTo("/access-denied");
return;
}
sessions = await SessionService.GetUpcomingSessionsForGmAsync(GroupId, telegramId);
sessions = await SessionService.GetUpcomingSessionsForCurrentUserAsync(GroupId);
if (sessions is null)
{
Navigation.NavigateTo("/access-denied");
return;
}
campaignTemplates = await SessionService.GetCampaignTemplatesForGmAsync(GroupId, telegramId);
campaignTemplates = await SessionService.GetCampaignTemplatesForCurrentUserAsync(GroupId);
if (campaignTemplates is null)
{
Navigation.NavigateTo("/access-denied");
@@ -470,8 +470,8 @@
{
await SessionService.AddCoGmForOwnerAsync(
GroupId,
telegramId,
coGmModel.TelegramId.Value,
"Telegram",
coGmModel.TelegramId.Value.ToString(),
coGmModel.DisplayName,
coGmModel.TelegramUsername);
@@ -493,15 +493,15 @@
}
}
private async Task RemoveCoGm(long coGmTelegramId)
private async Task RemoveCoGm(string coGmExternalUserId)
{
errorMessage = null;
successMessage = null;
removingCoGmId = coGmTelegramId;
removingCoGmId = coGmExternalUserId;
try
{
await SessionService.RemoveCoGmForOwnerAsync(GroupId, telegramId, coGmTelegramId);
await SessionService.RemoveCoGmForOwnerAsync(GroupId, "Telegram", coGmExternalUserId);
successMessage = "Co-GM удалён.";
await LoadSessions();
}
@@ -527,7 +527,7 @@
try
{
await SessionService.PromoteWaitlistedPlayerForGmAsync(sessionId, telegramId);
await SessionService.PromoteWaitlistedPlayerForCurrentUserAsync(sessionId);
await LoadSessions();
}
catch (SessionAccessDeniedException)
@@ -559,7 +559,7 @@
loadingParticipantsSessionId = sessionId;
try
{
var participants = await SessionService.GetSessionParticipantsForGmAsync(sessionId, telegramId);
var participants = await SessionService.GetSessionParticipantsForCurrentUserAsync(sessionId);
participantsCache[sessionId] = participants ?? [];
}
catch (Exception ex)
@@ -582,7 +582,7 @@
try
{
await SessionService.RemovePlayerFromSessionForGmAsync(sessionId, telegramId, participantId);
await SessionService.RemovePlayerFromSessionForCurrentUserAsync(sessionId, participantId);
participantsCache.Remove(sessionId);
successMessage = "Игрок исключён.";
await LoadSessions();
@@ -658,10 +658,9 @@
try
{
await SessionService.UpdateBatchDetailsForGmAsync(batch.BatchId, telegramId, batch.Title, batch.JoinLink);
await SessionService.UpdateBatchNotificationModeForGmAsync(
await SessionService.UpdateBatchDetailsForCurrentUserAsync(batch.BatchId, batch.Title, batch.JoinLink);
await SessionService.UpdateBatchNotificationModeForCurrentUserAsync(
batch.BatchId,
telegramId,
SessionNotificationModeExtensions.FromDatabaseValue(batch.NotificationMode));
successMessage = "Настройки batch обновлены.";
await LoadSessions();
@@ -696,7 +695,7 @@
try
{
var utcTime = new DateTimeOffset(batch.FirstScheduledAtLocal, TimeSpan.FromHours(3)).ToUniversalTime().UtcDateTime;
await SessionService.RescheduleBatchForGmAsync(batch.BatchId, telegramId, utcTime, batch.IntervalDays);
await SessionService.RescheduleBatchForCurrentUserAsync(batch.BatchId, utcTime, batch.IntervalDays);
successMessage = "Расписание пачки обновлено.";
await LoadSessions();
}
@@ -726,7 +725,7 @@
? BatchCloneInterval.NextMonth
: BatchCloneInterval.NextWeek;
var clonedBatch = await SessionService.CloneBatchForGmAsync(batch.BatchId, telegramId, interval);
var clonedBatch = await SessionService.CloneBatchForCurrentUserAsync(batch.BatchId, interval);
successMessage = $"Пачка склонирована: {clonedBatch.SessionCount} игр.";
await LoadSessions();
}
@@ -759,7 +758,7 @@
return;
}
var createdBatch = await SessionService.CreateBatchFromCampaignTemplateForGmAsync(template.Id, telegramId, utcTime);
var createdBatch = await SessionService.CreateBatchFromCampaignTemplateForCurrentUserAsync(template.Id, utcTime);
successMessage = $"Batch создан из шаблона: {createdBatch.SessionCount} игр.";
await LoadSessions();
}
@@ -836,7 +835,7 @@
private bool IsTemplateBusy(CampaignTemplateUsageModel template) => processingTemplateId == template.Id;
private string CurrentUserRole =>
groupManagement?.Managers.FirstOrDefault(manager => manager.TelegramId == telegramId)?.Role
groupManagement?.Managers.FirstOrDefault(manager => manager.ExternalUserId == externalUserId)?.Role
?? GroupManagerRoleExtensions.CoGmValue;
private static string FormatRole(string role) =>
src/GmRelay.Web/Components/Pages/GroupStats.razor
+7 -8
View File
@@ -5,7 +5,7 @@
@using Microsoft.AspNetCore.Components.Authorization
@using System.Security.Claims
@attribute [Authorize]
@inject ISessionStore SessionStore
@inject AuthorizedSessionService SessionService
@inject AuthenticationStateProvider AuthStateProvider
@inject NavigationManager Navigation
@@ -85,9 +85,9 @@
<td>
<div class="player-info">
<span class="player-name">@s.DisplayName</span>
@if (!string.IsNullOrEmpty(s.TelegramUsername))
@if (!string.IsNullOrEmpty(s.ExternalUsername))
{
<span class="player-username">@@@s.TelegramUsername</span>
<span class="player-username">@@@s.ExternalUsername</span>
}
</div>
</td>
@@ -171,21 +171,20 @@
Navigation.NavigateTo("/login");
return;
}
var telegramIdClaim = user.FindFirst("telegram_id")?.Value
?? user.FindFirst(ClaimTypes.NameIdentifier)?.Value;
if (!long.TryParse(telegramIdClaim, out var telegramId))
if (!user.TryGetPlatformIdentity(out var platform, out var externalUserId))
{
Navigation.NavigateTo("/login");
return;
}
try
{
if (!await SessionStore.IsGroupManagerAsync(GroupId, telegramId))
var groupManagement = await SessionService.GetGroupManagementForCurrentUserAsync(GroupId);
if (groupManagement is null)
{
Navigation.NavigateTo("/access-denied");
return;
}
stats = await SessionStore.GetGroupAttendanceStatsAsync(GroupId) ?? new();
stats = await SessionService.GetGroupAttendanceStatsForCurrentUserAsync(GroupId) ?? new();
UpdateSortedStats();
}
catch (Exception ex)
src/GmRelay.Web/Components/Pages/Home.razor
+3 -3
View File
@@ -43,7 +43,7 @@
<div class="glass-card group-card">
<div class="group-card-icon">🎮</div>
<h3 class="group-card-title">@group.Name</h3>
<p class="group-card-id">ID: @group.TelegramChatId</p>
<p class="group-card-id">ID: @(group.Platform == "Discord" ? group.ExternalGroupId : group.TelegramChatId.ToString())</p>
<span class="status-badge @(group.ManagerRole == GroupManagerRoleExtensions.OwnerValue ? "status-success" : "status-info")" style="align-self: flex-start; margin-bottom: 1rem;">
@FormatRole(group.ManagerRole)
</span>
@@ -93,13 +93,13 @@
var user = authState.User;
userName = user.Identity?.Name ?? "Мастер Игры";
if (!user.TryGetTelegramId(out var telegramId))
if (!user.TryGetPlatformIdentity(out _, out _))
{
Navigation.NavigateTo("/access-denied");
return;
}
groups = await SessionService.GetGroupsForGmAsync(telegramId);
groups = await SessionService.GetGroupsForCurrentUserAsync();
}
private static string FormatRole(string role) =>
src/GmRelay.Web/Components/Pages/Login.razor
+12 -1
View File
@@ -10,7 +10,7 @@
<div class="login-card">
<img src="logo.png" alt="GM-Relay" class="login-logo" />
<h1 class="login-title">GM-Relay</h1>
<p class="login-subtitle">Войдите через Telegram для управления игровыми сессиями</p>
<p class="login-subtitle">Войдите для управления игровыми сессиями</p>
@if (Navigation.Uri.Contains("error=auth_failed"))
{
@@ -20,6 +20,17 @@
}
<div id="telegram-login-container"></div>
<div class="login-divider">
<span>или</span>
</div>
<a href="/auth/discord" class="login-btn login-btn-discord">
<svg class="login-btn-icon" viewBox="0 0 24 24" fill="currentColor">
<path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028 14.09 14.09 0 0 0 1.226-1.994.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.956-2.419 2.157-2.419 1.21 0 2.176 1.086 2.157 2.42 0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.955-2.419 2.157-2.419 1.21 0 2.176 1.086 2.157 2.42 0 1.333-.946 2.418-2.157 2.418z"/>
</svg>
Войти через Discord
</a>
</div>
</div>
src/GmRelay.Web/Components/Pages/SessionHistory.razor
+4 -4
View File
@@ -56,7 +56,7 @@
{
<tr>
<td>@entry.ChangedAt.ToString("dd.MM.yyyy HH:mm") UTC</td>
<td>@entry.ActorName (@entry.ActorTelegramId)</td>
<td>@entry.ActorName (@entry.ActorExternalUserId)</td>
<td>
<span class="status-badge @(GetBadgeClass(entry.ChangeType))">
@GetChangeTypeLabel(entry.ChangeType)
@@ -82,13 +82,13 @@
protected override async Task OnInitializedAsync()
{
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
if (!authState.User.TryGetTelegramId(out var telegramId))
if (!authState.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
{
Navigation.NavigateTo("/access-denied");
return;
}
var session = await SessionService.GetSessionForGmAsync(SessionId, telegramId);
var session = await SessionService.GetSessionForCurrentUserAsync(SessionId);
if (session is null)
{
Navigation.NavigateTo("/access-denied");
@@ -97,7 +97,7 @@
sessionTitle = session.Title;
groupId = session.GroupId;
entries = await SessionService.GetSessionHistoryForGmAsync(SessionId, telegramId);
entries = await SessionService.GetSessionHistoryForCurrentUserAsync(SessionId);
}
private string GetChangeTypeLabel(string changeType) => changeType switch
src/GmRelay.Web/DiscordOAuthOptions.cs
+19
View File
@@ -0,0 +1,19 @@
namespace GmRelay.Web;
public sealed class DiscordOAuthOptions
{
public string ClientId { get; set; } = string.Empty;
public string ClientSecret { get; set; } = string.Empty;
public string RedirectUri { get; set; } = string.Empty;
public string[] Scopes { get; set; } = ["identify", "guilds"];
public void Validate()
{
if (string.IsNullOrWhiteSpace(ClientId))
throw new InvalidOperationException("Discord:ClientId is required.");
if (string.IsNullOrWhiteSpace(ClientSecret))
throw new InvalidOperationException("Discord:ClientSecret is required.");
if (string.IsNullOrWhiteSpace(RedirectUri))
throw new InvalidOperationException("Discord:RedirectUri is required.");
}
}
src/GmRelay.Web/Program.cs
+79 -1
View File
@@ -1,3 +1,4 @@
using GmRelay.Web;
using GmRelay.Web.Components;
using GmRelay.Web.Health;
using GmRelay.Web.Services;
@@ -7,6 +8,7 @@ using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Diagnostics.HealthChecks;
using Microsoft.Extensions.Diagnostics.HealthChecks;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text.Json;
using Telegram.Bot;
using Npgsql;
@@ -16,6 +18,12 @@ var builder = WebApplication.CreateBuilder(args);
// Add Aspire service defaults
builder.AddServiceDefaults();
// Add HttpClient
builder.Services.AddHttpClient();
// Add HttpContextAccessor for platform-agnostic identity resolution
builder.Services.AddHttpContextAccessor();
// Add health checks
builder.Services.AddHealthChecks()
.AddCheck<NpgsqlHealthCheck>("npgsql");
@@ -29,6 +37,8 @@ builder.AddNpgsqlDataSource("gmrelaydb");
// Add Services
builder.Services.AddSingleton<TelegramAuthService>();
builder.Services.Configure<DiscordOAuthOptions>(builder.Configuration.GetSection("Discord"));
builder.Services.AddSingleton<DiscordAuthService>();
builder.Services.AddSingleton<ISessionStore, SessionService>();
builder.Services.AddScoped<AuthorizedSessionService>();
builder.Services.AddScoped<CalendarSubscriptionService>();
@@ -174,6 +184,56 @@ app.MapPost("/auth/logout", async (HttpContext context) =>
return Results.Redirect("/");
});
// Discord OAuth endpoints
app.MapGet("/auth/discord", (HttpContext context, DiscordAuthService discordAuth) =>
{
var state = Guid.NewGuid().ToString("N");
context.Response.Cookies.Append("__DiscordOAuthState", state, new CookieOptions
{
HttpOnly = true,
Secure = true,
SameSite = SameSiteMode.Strict,
MaxAge = TimeSpan.FromMinutes(5)
});
var url = discordAuth.BuildAuthorizeUrl(state);
return Results.Redirect(url);
});
app.MapGet("/auth/discord/callback", async (
HttpContext context,
DiscordAuthService discordAuth,
ISessionStore sessionStore) =>
{
var code = context.Request.Query["code"].ToString();
var state = context.Request.Query["state"].ToString();
var storedState = context.Request.Cookies["__DiscordOAuthState"];
context.Response.Cookies.Delete("__DiscordOAuthState");
if (string.IsNullOrWhiteSpace(code) ||
string.IsNullOrWhiteSpace(state) ||
!CryptographicOperations.FixedTimeEquals(
System.Text.Encoding.UTF8.GetBytes(state),
System.Text.Encoding.UTF8.GetBytes(storedState ?? string.Empty)))
{
return Results.Redirect("/login?error=auth_failed");
}
var user = await discordAuth.ExchangeCodeAsync(code);
if (user is null)
return Results.Redirect("/login?error=auth_failed");
await sessionStore.UpsertDiscordUserAsync(user.Id, user.DisplayName, user.AvatarUrl);
var authProperties = new AuthenticationProperties { IsPersistent = true };
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
CreateDiscordPrincipal(user.Id, user.DisplayName, user.AvatarUrl),
authProperties);
return Results.Redirect("/");
});
// Public calendar subscription endpoint (no auth required)
app.MapGet("/calendar/{token}.ics", async (
string token,
@@ -200,11 +260,29 @@ static ClaimsPrincipal CreateTelegramPrincipal(long telegramId, string name)
{
new(ClaimTypes.NameIdentifier, telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture)),
new(ClaimTypes.Name, name),
new("TelegramId", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture))
new("TelegramId", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture)),
new("Platform", "Telegram")
};
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
return new ClaimsPrincipal(claimsIdentity);
}
static ClaimsPrincipal CreateDiscordPrincipal(string discordId, string name, string? avatarUrl)
{
var claims = new List<Claim>
{
new(ClaimTypes.NameIdentifier, discordId),
new(ClaimTypes.Name, name),
new("DiscordId", discordId),
new("Platform", "Discord")
};
if (!string.IsNullOrWhiteSpace(avatarUrl))
claims.Add(new Claim("AvatarUrl", avatarUrl));
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
return new ClaimsPrincipal(claimsIdentity);
}
public sealed record TelegramWebAppAuthRequest(string InitData);
src/GmRelay.Web/Services/AuthorizedSessionService.cs
+168 -90
View File
@@ -1,182 +1,237 @@
using System.Security.Claims;
using GmRelay.Shared.Domain;
namespace GmRelay.Web.Services;
public sealed class AuthorizedSessionService(ISessionStore sessionStore)
public sealed class AuthorizedSessionService(ISessionStore sessionStore, IHttpContextAccessor httpContextAccessor)
{
public Task<List<WebGameGroup>> GetGroupsForGmAsync(long gmId) =>
sessionStore.GetGroupsForGmAsync(gmId);
public async Task<WebGroupManagement?> GetGroupManagementForGmAsync(Guid groupId, long gmId)
private (string Platform, string ExternalUserId, string Name)? GetCurrentIdentity()
{
if (!await GroupBelongsToGmAsync(groupId, gmId))
{
var user = httpContextAccessor.HttpContext?.User;
if (user is null || !user.TryGetPlatformIdentity(out var platform, out var externalUserId))
return null;
var name = user.FindFirst(ClaimTypes.Name)?.Value ?? externalUserId;
return (platform, externalUserId, name);
}
public Task<List<WebGameGroup>> GetGroupsForCurrentUserAsync()
{
var identity = GetCurrentIdentity();
if (identity is null)
return Task.FromResult(new List<WebGameGroup>());
return sessionStore.GetGroupsForUserAsync(identity.Value.Platform, identity.Value.ExternalUserId);
}
public async Task<WebGroupManagement?> GetGroupManagementForCurrentUserAsync(Guid groupId)
{
var identity = GetCurrentIdentity();
if (identity is null)
return null;
if (!await sessionStore.IsGroupManagerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
return null;
}
var group = await sessionStore.GetGroupAsync(groupId);
if (group is null)
{
return null;
}
var managers = await sessionStore.GetGroupManagersAsync(groupId);
var isOwner = await sessionStore.IsGroupOwnerAsync(groupId, gmId);
var isOwner = await sessionStore.IsGroupOwnerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId);
return new WebGroupManagement(group, managers, isOwner);
}
public async Task<List<WebSession>?> GetUpcomingSessionsForGmAsync(Guid groupId, long gmId)
public async Task<List<WebSession>?> GetUpcomingSessionsForCurrentUserAsync(Guid groupId)
{
if (!await GroupBelongsToGmAsync(groupId, gmId))
{
var identity = GetCurrentIdentity();
if (identity is null)
return null;
if (!await sessionStore.IsGroupManagerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
return null;
}
return await sessionStore.GetUpcomingSessionsAsync(groupId);
}
public async Task<WebSession?> GetSessionForGmAsync(Guid sessionId, long gmId)
public async Task<WebSession?> GetSessionForCurrentUserAsync(Guid sessionId)
{
var identity = GetCurrentIdentity();
if (identity is null)
return null;
var session = await sessionStore.GetSessionAsync(sessionId);
if (session is null)
{
return null;
}
return await GroupBelongsToGmAsync(session.GroupId, gmId) ? session : null;
return await sessionStore.IsGroupManagerAsync(session.GroupId, identity.Value.Platform, identity.Value.ExternalUserId) ? session : null;
}
public async Task<WebSessionBatch?> GetBatchForGmAsync(Guid batchId, long gmId)
public async Task<WebSessionBatch?> GetBatchForCurrentUserAsync(Guid batchId)
{
var identity = GetCurrentIdentity();
if (identity is null)
return null;
var batch = await sessionStore.GetBatchAsync(batchId);
if (batch is null)
{
return null;
}
return await GroupBelongsToGmAsync(batch.GroupId, gmId) ? batch : null;
return await sessionStore.IsGroupManagerAsync(batch.GroupId, identity.Value.Platform, identity.Value.ExternalUserId) ? batch : null;
}
public async Task UpdateSessionForGmAsync(Guid sessionId, long gmId, string title, DateTime scheduledAt, string joinLink, int? maxPlayers)
public async Task UpdateSessionForCurrentUserAsync(Guid sessionId, string title, DateTime scheduledAt, string joinLink, int? maxPlayers)
{
var session = await GetSessionForGmAsync(sessionId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var session = await GetSessionForCurrentUserAsync(sessionId);
if (session is null)
{
throw new SessionAccessDeniedException(sessionId, gmId);
throw new SessionAccessDeniedException(sessionId, identity.Value.ExternalUserId);
}
await sessionStore.UpdateSessionAsync(sessionId, session.GroupId, title, scheduledAt, joinLink, maxPlayers);
if (session.Title != title)
await sessionStore.LogSessionChangeAsync(sessionId, gmId, "ГМ", "Title", session.Title, title);
await sessionStore.LogSessionChangeAsync(sessionId, identity.Value.ExternalUserId, identity.Value.Name, "Title", session.Title, title);
if (session.ScheduledAt != scheduledAt)
await sessionStore.LogSessionChangeAsync(sessionId, gmId, "ГМ", "Time", session.ScheduledAt.ToString("O"), scheduledAt.ToString("O"));
await sessionStore.LogSessionChangeAsync(sessionId, identity.Value.ExternalUserId, identity.Value.Name, "Time", session.ScheduledAt.ToString("O"), scheduledAt.ToString("O"));
if (session.JoinLink != joinLink)
await sessionStore.LogSessionChangeAsync(sessionId, gmId, "ГМ", "Link", session.JoinLink, joinLink);
await sessionStore.LogSessionChangeAsync(sessionId, identity.Value.ExternalUserId, identity.Value.Name, "Link", session.JoinLink, joinLink);
if (session.MaxPlayers != maxPlayers)
await sessionStore.LogSessionChangeAsync(sessionId, gmId, "ГМ", "MaxPlayers", session.MaxPlayers?.ToString(), maxPlayers?.ToString());
await sessionStore.LogSessionChangeAsync(sessionId, identity.Value.ExternalUserId, identity.Value.Name, "MaxPlayers", session.MaxPlayers?.ToString(), maxPlayers?.ToString());
}
public async Task PromoteWaitlistedPlayerForGmAsync(Guid sessionId, long gmId)
public async Task PromoteWaitlistedPlayerForCurrentUserAsync(Guid sessionId)
{
var session = await GetSessionForGmAsync(sessionId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var session = await GetSessionForCurrentUserAsync(sessionId);
if (session is null)
{
throw new SessionAccessDeniedException(sessionId, gmId);
throw new SessionAccessDeniedException(sessionId, identity.Value.ExternalUserId);
}
await sessionStore.PromoteWaitlistedPlayerAsync(sessionId, session.GroupId);
await sessionStore.LogSessionChangeAsync(sessionId, gmId, "ГМ", "WaitlistPromote", null, null);
await sessionStore.LogSessionChangeAsync(sessionId, identity.Value.ExternalUserId, identity.Value.Name, "WaitlistPromote", null, null);
}
public async Task UpdateBatchDetailsForGmAsync(Guid batchId, long gmId, string title, string joinLink)
public async Task UpdateBatchDetailsForCurrentUserAsync(Guid batchId, string title, string joinLink)
{
var batch = await GetBatchForGmAsync(batchId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var batch = await GetBatchForCurrentUserAsync(batchId);
if (batch is null)
{
throw new SessionAccessDeniedException(batchId, gmId);
throw new SessionAccessDeniedException(batchId, identity.Value.ExternalUserId);
}
await sessionStore.UpdateBatchDetailsAsync(batchId, batch.GroupId, title.Trim(), joinLink.Trim());
}
public async Task UpdateBatchNotificationModeForGmAsync(Guid batchId, long gmId, SessionNotificationMode notificationMode)
public async Task UpdateBatchNotificationModeForCurrentUserAsync(Guid batchId, SessionNotificationMode notificationMode)
{
var batch = await GetBatchForGmAsync(batchId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var batch = await GetBatchForCurrentUserAsync(batchId);
if (batch is null)
{
throw new SessionAccessDeniedException(batchId, gmId);
throw new SessionAccessDeniedException(batchId, identity.Value.ExternalUserId);
}
await sessionStore.UpdateBatchNotificationModeAsync(batchId, batch.GroupId, notificationMode);
}
public async Task RescheduleBatchForGmAsync(Guid batchId, long gmId, DateTime firstScheduledAt, int intervalDays)
public async Task RescheduleBatchForCurrentUserAsync(Guid batchId, DateTime firstScheduledAt, int intervalDays)
{
if (intervalDays <= 0)
{
throw new ArgumentOutOfRangeException(nameof(intervalDays), intervalDays, "Interval must be greater than zero.");
}
var batch = await GetBatchForGmAsync(batchId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var batch = await GetBatchForCurrentUserAsync(batchId);
if (batch is null)
{
throw new SessionAccessDeniedException(batchId, gmId);
throw new SessionAccessDeniedException(batchId, identity.Value.ExternalUserId);
}
await sessionStore.RescheduleBatchAsync(batchId, batch.GroupId, firstScheduledAt, intervalDays);
await sessionStore.LogSessionChangeAsync(batchId, gmId, "ГМ", "BatchRescheduled", batch.FirstScheduledAt.ToString("O"), firstScheduledAt.ToString("O"));
await sessionStore.LogSessionChangeAsync(batchId, identity.Value.ExternalUserId, identity.Value.Name, "BatchRescheduled", batch.FirstScheduledAt.ToString("O"), firstScheduledAt.ToString("O"));
}
public async Task<WebSessionBatch> CloneBatchForGmAsync(Guid batchId, long gmId, BatchCloneInterval interval)
public async Task<WebSessionBatch> CloneBatchForCurrentUserAsync(Guid batchId, BatchCloneInterval interval)
{
var batch = await GetBatchForGmAsync(batchId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var batch = await GetBatchForCurrentUserAsync(batchId);
if (batch is null)
{
throw new SessionAccessDeniedException(batchId, gmId);
throw new SessionAccessDeniedException(batchId, identity.Value.ExternalUserId);
}
return await sessionStore.CloneBatchAsync(batchId, batch.GroupId, interval);
}
public async Task<List<WebCampaignTemplate>?> GetCampaignTemplatesForGmAsync(Guid groupId, long gmId)
public async Task<List<WebCampaignTemplate>?> GetCampaignTemplatesForCurrentUserAsync(Guid groupId)
{
if (!await GroupBelongsToGmAsync(groupId, gmId))
{
var identity = GetCurrentIdentity();
if (identity is null)
return null;
if (!await sessionStore.IsGroupManagerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
return null;
}
return await sessionStore.GetCampaignTemplatesAsync(groupId);
}
public async Task<WebCampaignTemplate> CreateCampaignTemplateForGmAsync(
public async Task<WebCampaignTemplate> CreateCampaignTemplateForCurrentUserAsync(
Guid groupId,
long gmId,
CreateCampaignTemplateRequest request)
{
if (!await GroupBelongsToGmAsync(groupId, gmId))
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
if (!await sessionStore.IsGroupManagerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
{
throw new SessionAccessDeniedException(groupId, gmId);
throw new SessionAccessDeniedException(groupId, identity.Value.ExternalUserId);
}
var normalizedRequest = NormalizeCampaignTemplateRequest(request);
return await sessionStore.CreateCampaignTemplateAsync(groupId, normalizedRequest);
}
public async Task DeleteCampaignTemplateForGmAsync(Guid templateId, long gmId)
public async Task DeleteCampaignTemplateForCurrentUserAsync(Guid templateId)
{
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var template = await sessionStore.GetCampaignTemplateAsync(templateId);
if (template is null || !await GroupBelongsToGmAsync(template.GroupId, gmId))
if (template is null || !await sessionStore.IsGroupManagerAsync(template.GroupId, identity.Value.Platform, identity.Value.ExternalUserId))
{
throw new SessionAccessDeniedException(templateId, gmId);
throw new SessionAccessDeniedException(templateId, identity.Value.ExternalUserId);
}
await sessionStore.DeleteCampaignTemplateAsync(templateId, template.GroupId);
}
public async Task<WebSessionBatch> CreateBatchFromCampaignTemplateForGmAsync(
public async Task<WebSessionBatch> CreateBatchFromCampaignTemplateForCurrentUserAsync(
Guid templateId,
long gmId,
DateTime firstScheduledAt)
{
if (firstScheduledAt <= DateTime.UtcNow)
@@ -184,89 +239,112 @@ public sealed class AuthorizedSessionService(ISessionStore sessionStore)
throw new ArgumentOutOfRangeException(nameof(firstScheduledAt), firstScheduledAt, "First scheduled time must be in the future.");
}
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var template = await sessionStore.GetCampaignTemplateAsync(templateId);
if (template is null || !await GroupBelongsToGmAsync(template.GroupId, gmId))
if (template is null || !await sessionStore.IsGroupManagerAsync(template.GroupId, identity.Value.Platform, identity.Value.ExternalUserId))
{
throw new SessionAccessDeniedException(templateId, gmId);
throw new SessionAccessDeniedException(templateId, identity.Value.ExternalUserId);
}
return await sessionStore.CreateBatchFromTemplateAsync(templateId, template.GroupId, firstScheduledAt);
}
public async Task AddCoGmForOwnerAsync(Guid groupId, long ownerTelegramId, long coGmTelegramId, string displayName, string? telegramUsername)
public async Task AddCoGmForOwnerAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId, string displayName, string? externalUsername)
{
if (coGmTelegramId <= 0)
if (string.IsNullOrWhiteSpace(coGmExternalUserId))
{
throw new ArgumentOutOfRangeException(nameof(coGmTelegramId), coGmTelegramId, "Telegram id must be greater than zero.");
throw new ArgumentException("External user id must not be empty.", nameof(coGmExternalUserId));
}
if (ownerTelegramId == coGmTelegramId)
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
if (identity.Value.ExternalUserId == coGmExternalUserId && identity.Value.Platform == coGmPlatform)
{
throw new InvalidOperationException("Owner is already a group manager.");
}
if (!await sessionStore.IsGroupOwnerAsync(groupId, ownerTelegramId))
if (!await sessionStore.IsGroupOwnerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
{
throw new SessionAccessDeniedException(groupId, ownerTelegramId);
throw new SessionAccessDeniedException(groupId, identity.Value.ExternalUserId);
}
var normalizedName = string.IsNullOrWhiteSpace(displayName)
? $"Telegram {coGmTelegramId.ToString(System.Globalization.CultureInfo.InvariantCulture)}"
? $"{coGmPlatform} {coGmExternalUserId}"
: displayName.Trim();
var normalizedUsername = string.IsNullOrWhiteSpace(telegramUsername)
var normalizedUsername = string.IsNullOrWhiteSpace(externalUsername)
? null
: telegramUsername.Trim().TrimStart('@');
: externalUsername.Trim().TrimStart('@');
await sessionStore.AddGroupCoGmAsync(groupId, ownerTelegramId, coGmTelegramId, normalizedName, normalizedUsername);
await sessionStore.AddGroupCoGmAsync(
groupId,
identity.Value.Platform, identity.Value.ExternalUserId,
coGmPlatform, coGmExternalUserId,
normalizedName, normalizedUsername);
}
public async Task RemoveCoGmForOwnerAsync(Guid groupId, long ownerTelegramId, long coGmTelegramId)
public async Task RemoveCoGmForOwnerAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId)
{
if (!await sessionStore.IsGroupOwnerAsync(groupId, ownerTelegramId))
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
if (!await sessionStore.IsGroupOwnerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
{
throw new SessionAccessDeniedException(groupId, ownerTelegramId);
throw new SessionAccessDeniedException(groupId, identity.Value.ExternalUserId);
}
await sessionStore.RemoveGroupCoGmAsync(groupId, coGmTelegramId);
await sessionStore.RemoveGroupCoGmAsync(groupId, coGmPlatform, coGmExternalUserId);
}
public async Task<List<WebParticipant>?> GetSessionParticipantsForGmAsync(Guid sessionId, long gmId)
public async Task<List<WebParticipant>?> GetSessionParticipantsForCurrentUserAsync(Guid sessionId)
{
var session = await GetSessionForGmAsync(sessionId, gmId);
var session = await GetSessionForCurrentUserAsync(sessionId);
if (session is null)
{
return null;
}
return await sessionStore.GetSessionParticipantsAsync(sessionId);
}
public async Task<List<SessionAuditLogEntry>?> GetSessionHistoryForGmAsync(Guid sessionId, long gmId)
public async Task<List<SessionAuditLogEntry>?> GetSessionHistoryForCurrentUserAsync(Guid sessionId)
{
var session = await GetSessionForGmAsync(sessionId, gmId);
var session = await GetSessionForCurrentUserAsync(sessionId);
if (session is null)
{
return null;
}
return await sessionStore.GetSessionHistoryAsync(sessionId);
}
public async Task RemovePlayerFromSessionForGmAsync(Guid sessionId, long gmId, Guid participantId)
public async Task RemovePlayerFromSessionForCurrentUserAsync(Guid sessionId, Guid participantId)
{
var session = await GetSessionForGmAsync(sessionId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
throw new InvalidOperationException("User is not authenticated.");
var session = await GetSessionForCurrentUserAsync(sessionId);
if (session is null)
{
throw new SessionAccessDeniedException(sessionId, gmId);
throw new SessionAccessDeniedException(sessionId, identity.Value.ExternalUserId);
}
await sessionStore.RemovePlayerFromSessionAsync(sessionId, session.GroupId, participantId);
await sessionStore.LogSessionChangeAsync(sessionId, gmId, "ГМ", "PlayerRemoved", participantId.ToString(), null);
await sessionStore.LogSessionChangeAsync(sessionId, identity.Value.ExternalUserId, identity.Value.Name, "PlayerRemoved", participantId.ToString(), null);
}
private async Task<bool> GroupBelongsToGmAsync(Guid groupId, long gmId)
public async Task<List<PlayerAttendanceStats>?> GetGroupAttendanceStatsForCurrentUserAsync(Guid groupId)
{
return await sessionStore.IsGroupManagerAsync(groupId, gmId);
var identity = GetCurrentIdentity();
if (identity is null)
return null;
if (!await sessionStore.IsGroupManagerAsync(groupId, identity.Value.Platform, identity.Value.ExternalUserId))
return null;
return await sessionStore.GetGroupAttendanceStatsAsync(groupId);
}
private static CreateCampaignTemplateRequest NormalizeCampaignTemplateRequest(CreateCampaignTemplateRequest request)
src/GmRelay.Web/Services/ClaimsPrincipalExtensions.cs
+33
View File
@@ -6,4 +6,37 @@ public static class ClaimsPrincipalExtensions
{
public static bool TryGetTelegramId(this ClaimsPrincipal user, out long telegramId) =>
long.TryParse(user.FindFirst("TelegramId")?.Value, out telegramId);
public static bool TryGetDiscordId(this ClaimsPrincipal user, out string? discordId)
{
discordId = user.FindFirst("DiscordId")?.Value;
return !string.IsNullOrWhiteSpace(discordId);
}
public static bool TryGetPlatformIdentity(this ClaimsPrincipal user, out string platform, out string externalUserId)
{
platform = string.Empty;
externalUserId = string.Empty;
var platformClaim = user.FindFirst("Platform")?.Value;
if (!string.IsNullOrWhiteSpace(platformClaim))
{
platform = platformClaim;
externalUserId = user.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? string.Empty;
return !string.IsNullOrWhiteSpace(externalUserId);
}
// Fallback for legacy Telegram users before Platform claim was added
if (TryGetTelegramId(user, out var telegramId))
{
platform = "Telegram";
externalUserId = telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture);
return true;
}
return false;
}
public static string? GetAvatarUrl(this ClaimsPrincipal user) =>
user.FindFirst("AvatarUrl")?.Value;
}
src/GmRelay.Web/Services/DiscordAuthService.cs
+82
View File
@@ -0,0 +1,82 @@
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace GmRelay.Web.Services;
public sealed class DiscordAuthService(IHttpClientFactory httpClientFactory, IConfiguration configuration)
{
private readonly DiscordOAuthOptions _options = configuration.GetSection("Discord").Get<DiscordOAuthOptions>() ?? new DiscordOAuthOptions();
public string BuildAuthorizeUrl(string state)
{
_options.Validate();
var scopes = string.Join(" ", _options.Scopes);
return $"https://discord.com/oauth2/authorize?client_id={_options.ClientId}&redirect_uri={Uri.EscapeDataString(_options.RedirectUri)}&response_type=code&scope={Uri.EscapeDataString(scopes)}&state={Uri.EscapeDataString(state)}";
}
public async Task<DiscordUser?> ExchangeCodeAsync(string code)
{
_options.Validate();
var client = httpClientFactory.CreateClient();
var tokenResponse = await ExchangeCodeForTokenAsync(client, code);
if (tokenResponse is null)
return null;
return await FetchUserProfileAsync(client, tokenResponse.AccessToken);
}
private async Task<DiscordTokenResponse?> ExchangeCodeForTokenAsync(HttpClient client, string code)
{
var content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "authorization_code",
["code"] = code,
["redirect_uri"] = _options.RedirectUri,
["client_id"] = _options.ClientId,
["client_secret"] = _options.ClientSecret
});
var response = await client.PostAsync("https://discord.com/api/oauth2/token", content);
if (!response.IsSuccessStatusCode)
return null;
var json = await response.Content.ReadAsStringAsync();
return JsonSerializer.Deserialize<DiscordTokenResponse>(json);
}
private static async Task<DiscordUser?> FetchUserProfileAsync(HttpClient client, string accessToken)
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var response = await client.GetAsync("https://discord.com/api/users/@me");
if (!response.IsSuccessStatusCode)
return null;
var json = await response.Content.ReadAsStringAsync();
return JsonSerializer.Deserialize<DiscordUser>(json);
}
}
public sealed record DiscordTokenResponse(
[property: JsonPropertyName("access_token")] string AccessToken,
[property: JsonPropertyName("token_type")] string TokenType,
[property: JsonPropertyName("expires_in")] int ExpiresIn,
[property: JsonPropertyName("scope")] string Scope);
public sealed record DiscordUser(
[property: JsonPropertyName("id")] string Id,
[property: JsonPropertyName("username")] string Username,
[property: JsonPropertyName("discriminator")] string Discriminator,
[property: JsonPropertyName("avatar")] string? Avatar,
[property: JsonPropertyName("email")] string? Email)
{
public string DisplayName =>
Discriminator == "0" ? Username : $"{Username}#{Discriminator}";
public string? AvatarUrl =>
!string.IsNullOrWhiteSpace(Avatar)
? $"https://cdn.discordapp.com/avatars/{Id}/{Avatar}.png"
: null;
}
src/GmRelay.Web/Services/ISessionStore.cs
+11 -12
View File
@@ -5,33 +5,31 @@ namespace GmRelay.Web.Services;
public sealed record PlayerAttendanceStats(
Guid PlayerId,
string DisplayName,
string? TelegramUsername,
string? ExternalUsername,
long TotalSessions,
long ConfirmedCount,
long DeclinedCount,
long NoResponseCount,
long WaitlistedCount,
long CancellationAffectedCount,
decimal AttendanceRate
);
decimal AttendanceRate);
public sealed record SessionAuditLogEntry(
Guid Id,
Guid SessionId,
long ActorTelegramId,
string ActorExternalUserId,
string ActorName,
string ChangeType,
string? OldValue,
string? NewValue,
DateTime ChangedAt
);
DateTime ChangedAt);
public interface ISessionStore
{
Task<List<WebGameGroup>> GetGroupsForGmAsync(long gmId);
Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId);
Task<WebGameGroup?> GetGroupAsync(Guid groupId);
Task<bool> IsGroupManagerAsync(Guid groupId, long telegramId);
Task<bool> IsGroupOwnerAsync(Guid groupId, long telegramId);
Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId);
Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId);
Task<List<WebGroupManager>> GetGroupManagersAsync(Guid groupId);
Task<List<WebSession>> GetUpcomingSessionsAsync(Guid groupId);
Task<WebSession?> GetSessionAsync(Guid sessionId);
@@ -47,11 +45,12 @@ public interface ISessionStore
Task<WebCampaignTemplate> CreateCampaignTemplateAsync(Guid groupId, CreateCampaignTemplateRequest request);
Task DeleteCampaignTemplateAsync(Guid templateId, Guid groupId);
Task<WebSessionBatch> CreateBatchFromTemplateAsync(Guid templateId, Guid groupId, DateTime firstScheduledAt);
Task AddGroupCoGmAsync(Guid groupId, long ownerTelegramId, long coGmTelegramId, string displayName, string? telegramUsername);
Task RemoveGroupCoGmAsync(Guid groupId, long coGmTelegramId);
Task AddGroupCoGmAsync(Guid groupId, string ownerPlatform, string ownerExternalUserId, string coGmPlatform, string coGmExternalUserId, string displayName, string? externalUsername);
Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId);
Task<List<WebParticipant>> GetSessionParticipantsAsync(Guid sessionId);
Task RemovePlayerFromSessionAsync(Guid sessionId, Guid groupId, Guid participantId);
Task<List<PlayerAttendanceStats>> GetGroupAttendanceStatsAsync(Guid groupId);
Task LogSessionChangeAsync(Guid sessionId, long actorTelegramId, string actorName, string changeType, string? oldValue, string? newValue);
Task LogSessionChangeAsync(Guid sessionId, string actorExternalUserId, string actorName, string changeType, string? oldValue, string? newValue);
Task<List<SessionAuditLogEntry>> GetSessionHistoryAsync(Guid sessionId);
Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl);
}
src/GmRelay.Web/Services/SessionAccessDeniedException.cs
+2 -2
View File
@@ -1,4 +1,4 @@
namespace GmRelay.Web.Services;
public sealed class SessionAccessDeniedException(Guid sessionId, long gmId)
: InvalidOperationException($"Session '{sessionId}' is not accessible for GM '{gmId}'.");
public sealed class SessionAccessDeniedException(Guid sessionId, string externalUserId)
: InvalidOperationException($"Session '{sessionId}' is not accessible for user '{externalUserId}'.");
src/GmRelay.Web/Services/SessionService.cs
+101 -55
View File
@@ -10,16 +10,32 @@ namespace GmRelay.Web.Services;
public sealed record WebGameGroup(
Guid Id,
long TelegramChatId,
string? ExternalGroupId,
string Name,
long GmTelegramId,
string ManagerRole = GroupManagerRoleExtensions.OwnerValue);
string? Platform,
string ManagerRole = GroupManagerRoleExtensions.OwnerValue)
{
public long GmTelegramId { get; init; }
public WebGameGroup(Guid id, long telegramChatId, string name, long gmTelegramId)
: this(id, telegramChatId, null, name, null)
{
GmTelegramId = gmTelegramId;
}
}
public sealed record WebGroupManager(
long TelegramId,
string? ExternalUserId,
string DisplayName,
string? TelegramUsername,
string? ExternalUsername,
string Role,
DateTime AddedAt);
DateTime AddedAt)
{
public WebGroupManager(long telegramId, string displayName, string? telegramUsername, string role, DateTime addedAt)
: this(telegramId, null, displayName, telegramUsername, null, role, addedAt) { }
}
public sealed record WebGroupManagement(
WebGameGroup Group,
@@ -44,8 +60,10 @@ public sealed record WebSession(
public sealed record WebParticipant(
Guid Id,
long TelegramId,
string? ExternalUserId,
string DisplayName,
string? TelegramUsername,
string? ExternalUsername,
string RsvpStatus,
string RegistrationStatus,
bool IsGm,
@@ -83,23 +101,25 @@ public sealed class SessionService(
ITelegramBotClient bot,
ILogger<SessionService> logger) : ISessionStore
{
public async Task<List<WebGameGroup>> GetGroupsForGmAsync(long gmId)
public async Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
return (await conn.QueryAsync<WebGameGroup>(
"""
SELECT g.id,
g.telegram_chat_id AS TelegramChatId,
g.external_group_id AS ExternalGroupId,
g.name,
g.gm_telegram_id AS GmTelegramId,
g.platform AS Platform,
gm.role AS ManagerRole
FROM group_managers gm
JOIN players p ON p.id = gm.player_id
JOIN game_groups g ON g.id = gm.group_id
WHERE p.telegram_id = @GmId
WHERE p.platform = @Platform
AND p.external_user_id = @ExternalUserId
ORDER BY g.name
""",
new { GmId = gmId })).ToList();
new { Platform = platform, ExternalUserId = externalUserId })).ToList();
}
public async Task<WebGameGroup?> GetGroupAsync(Guid groupId)
@@ -109,8 +129,9 @@ public sealed class SessionService(
"""
SELECT g.id,
g.telegram_chat_id AS TelegramChatId,
g.external_group_id AS ExternalGroupId,
g.name,
g.gm_telegram_id AS GmTelegramId,
g.platform AS Platform,
@OwnerRole AS ManagerRole
FROM game_groups g
WHERE g.id = @GroupId
@@ -118,7 +139,7 @@ public sealed class SessionService(
new { GroupId = groupId, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
}
public async Task<bool> IsGroupManagerAsync(Guid groupId, long telegramId)
public async Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
return await conn.ExecuteScalarAsync<bool>(
@@ -128,13 +149,14 @@ public sealed class SessionService(
FROM group_managers gm
JOIN players p ON p.id = gm.player_id
WHERE gm.group_id = @GroupId
AND p.telegram_id = @TelegramId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
)
""",
new { GroupId = groupId, TelegramId = telegramId });
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId });
}
public async Task<bool> IsGroupOwnerAsync(Guid groupId, long telegramId)
public async Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
return await conn.ExecuteScalarAsync<bool>(
@@ -144,11 +166,12 @@ public sealed class SessionService(
FROM group_managers gm
JOIN players p ON p.id = gm.player_id
WHERE gm.group_id = @GroupId
AND p.telegram_id = @TelegramId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
AND gm.role = @OwnerRole
)
""",
new { GroupId = groupId, TelegramId = telegramId, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
}
public async Task<List<WebGroupManager>> GetGroupManagersAsync(Guid groupId)
@@ -156,9 +179,11 @@ public sealed class SessionService(
await using var conn = await dataSource.OpenConnectionAsync();
return (await conn.QueryAsync<WebGroupManager>(
"""
SELECT p.telegram_id AS TelegramId,
SELECT COALESCE(p.telegram_id, 0) AS TelegramId,
COALESCE(p.external_user_id, p.telegram_id::TEXT) AS ExternalUserId,
p.display_name AS DisplayName,
p.telegram_username AS TelegramUsername,
COALESCE(p.external_username, p.telegram_username) AS ExternalUsername,
gm.role AS Role,
gm.created_at AS AddedAt
FROM group_managers gm
@@ -179,7 +204,7 @@ public sealed class SessionService(
SELECT
p.id AS PlayerId,
p.display_name AS DisplayName,
p.telegram_username AS TelegramUsername,
COALESCE(p.external_username, p.telegram_username) AS ExternalUsername,
COUNT(DISTINCT s.id) AS TotalSessions,
COUNT(DISTINCT CASE WHEN sp.rsvp_status = 'Confirmed' THEN s.id END) AS ConfirmedCount,
COUNT(DISTINCT CASE WHEN sp.rsvp_status = 'Declined' THEN s.id END) AS DeclinedCount,
@@ -198,21 +223,21 @@ public sealed class SessionService(
WHERE s.group_id = @GroupId
AND s.scheduled_at <= now()
AND sp.is_gm = false
GROUP BY p.id, p.display_name, p.telegram_username
GROUP BY p.id, p.display_name, p.external_username, p.telegram_username
ORDER BY AttendanceRate DESC, ConfirmedCount DESC
""",
new { GroupId = groupId })).ToList();
}
public async Task LogSessionChangeAsync(Guid sessionId, long actorTelegramId, string actorName, string changeType, string? oldValue, string? newValue)
public async Task LogSessionChangeAsync(Guid sessionId, string actorExternalUserId, string actorName, string changeType, string? oldValue, string? newValue)
{
await using var conn = await dataSource.OpenConnectionAsync();
await conn.ExecuteAsync(
"""
INSERT INTO session_audit_log (session_id, actor_telegram_id, actor_name, change_type, old_value, new_value)
VALUES (@SessionId, @ActorTelegramId, @ActorName, @ChangeType, @OldValue, @NewValue)
INSERT INTO session_audit_log (session_id, actor_external_user_id, actor_name, change_type, old_value, new_value)
VALUES (@SessionId, @ActorExternalUserId, @ActorName, @ChangeType, @OldValue, @NewValue)
""",
new { SessionId = sessionId, ActorTelegramId = actorTelegramId, ActorName = actorName, ChangeType = changeType, OldValue = oldValue, NewValue = newValue });
new { SessionId = sessionId, ActorExternalUserId = actorExternalUserId, ActorName = actorName, ChangeType = changeType, OldValue = oldValue, NewValue = newValue });
}
public async Task<List<SessionAuditLogEntry>> GetSessionHistoryAsync(Guid sessionId)
@@ -220,7 +245,7 @@ public sealed class SessionService(
await using var conn = await dataSource.OpenConnectionAsync();
var entries = await conn.QueryAsync<SessionAuditLogEntry>(
"""
SELECT id, session_id AS SessionId, actor_telegram_id AS ActorTelegramId, actor_name AS ActorName,
SELECT id, session_id AS SessionId, actor_external_user_id AS ActorExternalUserId, actor_name AS ActorName,
change_type AS ChangeType, old_value AS OldValue, new_value AS NewValue, changed_at AS ChangedAt
FROM session_audit_log
WHERE session_id = @SessionId
@@ -230,32 +255,47 @@ public sealed class SessionService(
return entries.ToList();
}
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
{
await using var conn = await dataSource.OpenConnectionAsync();
await conn.ExecuteAsync(
"""
INSERT INTO players (display_name, platform, external_user_id, external_username)
VALUES (@DisplayName, 'Discord', @DiscordId, @DisplayName)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
external_username = EXCLUDED.external_username
""",
new { DisplayName = displayName, DiscordId = discordId });
}
public async Task AddGroupCoGmAsync(
Guid groupId,
long ownerTelegramId,
long coGmTelegramId,
string displayName,
string? telegramUsername)
string ownerPlatform, string ownerExternalUserId,
string coGmPlatform, string coGmExternalUserId,
string displayName, string? externalUsername)
{
await using var conn = await dataSource.OpenConnectionAsync();
await using var transaction = await conn.BeginTransactionAsync();
await conn.ExecuteAsync(
"""
INSERT INTO players (telegram_id, display_name, telegram_username, platform, external_user_id, external_username)
VALUES (@TelegramId, @DisplayName, @TelegramUsername, 'Telegram', @TelegramId::TEXT, @TelegramUsername)
ON CONFLICT (telegram_id) DO UPDATE
INSERT INTO players (display_name, telegram_username, platform, external_user_id, external_username)
VALUES (@DisplayName, @ExternalUsername, @Platform, @ExternalUserId, @ExternalUsername)
ON CONFLICT (platform, external_user_id)
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
DO UPDATE
SET display_name = EXCLUDED.display_name,
telegram_username = EXCLUDED.telegram_username,
platform = COALESCE(players.platform, 'Telegram'),
external_user_id = COALESCE(players.external_user_id, EXCLUDED.telegram_id::TEXT),
external_username = COALESCE(players.external_username, EXCLUDED.telegram_username)
external_username = EXCLUDED.external_username
""",
new
{
TelegramId = coGmTelegramId,
DisplayName = displayName,
TelegramUsername = telegramUsername
ExternalUsername = externalUsername,
Platform = coGmPlatform,
ExternalUserId = coGmExternalUserId
},
transaction);
@@ -267,8 +307,8 @@ public sealed class SessionService(
@CoGmRole,
owner_player.id
FROM players co_gm
LEFT JOIN players owner_player ON owner_player.telegram_id = @OwnerTelegramId
WHERE co_gm.telegram_id = @CoGmTelegramId
LEFT JOIN players owner_player ON owner_player.platform = @OwnerPlatform AND owner_player.external_user_id = @OwnerExternalUserId
WHERE co_gm.platform = @CoGmPlatform AND co_gm.external_user_id = @CoGmExternalUserId
ON CONFLICT (group_id, player_id) DO UPDATE
SET role = CASE
WHEN group_managers.role = @OwnerRole THEN group_managers.role
@@ -279,8 +319,10 @@ public sealed class SessionService(
new
{
GroupId = groupId,
OwnerTelegramId = ownerTelegramId,
CoGmTelegramId = coGmTelegramId,
OwnerPlatform = ownerPlatform,
OwnerExternalUserId = ownerExternalUserId,
CoGmPlatform = coGmPlatform,
CoGmExternalUserId = coGmExternalUserId,
OwnerRole = GroupManagerRoleExtensions.OwnerValue,
CoGmRole = GroupManagerRoleExtensions.CoGmValue
},
@@ -289,7 +331,7 @@ public sealed class SessionService(
await transaction.CommitAsync();
}
public async Task RemoveGroupCoGmAsync(Guid groupId, long coGmTelegramId)
public async Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId)
{
await using var conn = await dataSource.OpenConnectionAsync();
await conn.ExecuteAsync(
@@ -298,13 +340,15 @@ public sealed class SessionService(
USING players p
WHERE gm.player_id = p.id
AND gm.group_id = @GroupId
AND p.telegram_id = @CoGmTelegramId
AND p.platform = @Platform
AND p.external_user_id = @ExternalUserId
AND gm.role = @CoGmRole
""",
new
{
GroupId = groupId,
CoGmTelegramId = coGmTelegramId,
Platform = coGmPlatform,
ExternalUserId = coGmExternalUserId,
CoGmRole = GroupManagerRoleExtensions.CoGmValue
});
}
@@ -426,7 +470,7 @@ public sealed class SessionService(
if (oldSession is null)
{
throw new SessionAccessDeniedException(sessionId, 0);
throw new SessionAccessDeniedException(sessionId, "0");
}
var updatedRows = await conn.ExecuteAsync(
@@ -454,7 +498,7 @@ public sealed class SessionService(
if (updatedRows == 0)
{
throw new SessionAccessDeniedException(sessionId, 0);
throw new SessionAccessDeniedException(sessionId, "0");
}
await conn.ExecuteAsync(
@@ -513,7 +557,7 @@ public sealed class SessionService(
if (session is null)
{
throw new SessionAccessDeniedException(sessionId, 0);
throw new SessionAccessDeniedException(sessionId, "0");
}
var activeParticipants = await conn.ExecuteScalarAsync<int>(
@@ -597,9 +641,11 @@ public sealed class SessionService(
return (await conn.QueryAsync<WebParticipant>(
"""
SELECT sp.id AS Id,
p.telegram_id AS TelegramId,
COALESCE(p.telegram_id, 0) AS TelegramId,
COALESCE(p.external_user_id, p.telegram_id::TEXT) AS ExternalUserId,
p.display_name AS DisplayName,
p.telegram_username AS TelegramUsername,
COALESCE(p.external_username, p.telegram_username) AS ExternalUsername,
sp.rsvp_status AS RsvpStatus,
sp.registration_status AS RegistrationStatus,
sp.is_gm AS IsGm,
@@ -637,7 +683,7 @@ public sealed class SessionService(
if (session is null)
{
throw new SessionAccessDeniedException(sessionId, 0);
throw new SessionAccessDeniedException(sessionId, "0");
}
var participant = await conn.QuerySingleOrDefaultAsync<WebParticipant>(
@@ -744,7 +790,7 @@ public sealed class SessionService(
var batch = await GetBatchInfoAsync(conn, batchId, groupId, transaction);
if (batch is null)
{
throw new SessionAccessDeniedException(batchId, 0);
throw new SessionAccessDeniedException(batchId, "0");
}
var updatedRows = await conn.ExecuteAsync(
@@ -767,7 +813,7 @@ public sealed class SessionService(
if (updatedRows == 0)
{
throw new SessionAccessDeniedException(batchId, 0);
throw new SessionAccessDeniedException(batchId, "0");
}
await transaction.CommitAsync();
@@ -786,7 +832,7 @@ public sealed class SessionService(
var batch = await GetBatchInfoAsync(conn, batchId, groupId, transaction);
if (batch is null)
{
throw new SessionAccessDeniedException(batchId, 0);
throw new SessionAccessDeniedException(batchId, "0");
}
var updatedRows = await conn.ExecuteAsync(
@@ -807,7 +853,7 @@ public sealed class SessionService(
if (updatedRows == 0)
{
throw new SessionAccessDeniedException(batchId, 0);
throw new SessionAccessDeniedException(batchId, "0");
}
await transaction.CommitAsync();
@@ -844,7 +890,7 @@ public sealed class SessionService(
if (batchSessions.Count == 0)
{
throw new SessionAccessDeniedException(batchId, 0);
throw new SessionAccessDeniedException(batchId, "0");
}
var newSchedule = BatchSchedulePlanner.BuildFixedIntervalSchedule(
@@ -928,7 +974,7 @@ public sealed class SessionService(
if (sourceSessions.Count == 0)
{
throw new SessionAccessDeniedException(batchId, 0);
throw new SessionAccessDeniedException(batchId, "0");
}
var newBatchId = Guid.NewGuid();
@@ -1130,7 +1176,7 @@ public sealed class SessionService(
if (template is null)
{
throw new SessionAccessDeniedException(templateId, 0);
throw new SessionAccessDeniedException(templateId, "0");
}
var group = await conn.QuerySingleOrDefaultAsync<WebTemplateGroupDto>(
@@ -1140,7 +1186,7 @@ public sealed class SessionService(
if (group is null)
{
throw new SessionAccessDeniedException(groupId, 0);
throw new SessionAccessDeniedException(groupId, "0");
}
var schedule = BatchSchedulePlanner.BuildRecurringSchedule(
src/GmRelay.Web/wwwroot/app.css
+75
View File
@@ -1619,3 +1619,78 @@ body.telegram-mini-app .session-card-mobile {
display: flex;
}
}
/* === Discord Login Button === */
.login-btn-discord {
display: flex;
align-items: center;
justify-content: center;
gap: 0.75rem;
width: 100%;
padding: 0.75rem 1.25rem;
border-radius: var(--radius-md);
font-weight: 500;
font-size: 0.9375rem;
text-decoration: none;
transition: all 0.2s ease;
background-color: #5865F2;
color: white;
border: none;
cursor: pointer;
}
.login-btn-discord:hover {
background-color: #4752C4;
transform: translateY(-1px);
}
.login-btn-discord:active {
transform: translateY(0);
}
.login-btn-discord .login-btn-icon {
width: 20px;
height: 20px;
flex-shrink: 0;
}
.login-divider {
display: flex;
align-items: center;
margin: 1.25rem 0;
color: var(--text-muted);
font-size: 0.875rem;
}
.login-divider::before,
.login-divider::after {
content: "";
flex: 1;
height: 1px;
background: var(--border-color);
}
.login-divider span {
padding: 0 1rem;
}
/* === Platform Indicator in Nav === */
.nav-user-info {
display: flex;
flex-direction: column;
gap: 0.125rem;
}
.nav-user-platform {
font-size: 0.6875rem;
color: var(--text-muted);
text-transform: uppercase;
letter-spacing: 0.025em;
}
.nav-user-avatar img {
width: 100%;
height: 100%;
object-fit: cover;
border-radius: 50%;
}
tests/GmRelay.Bot.Tests/Discord/DiscordProjectStructureTests.cs
+7 -7
View File
@@ -61,7 +61,7 @@ public sealed class DiscordProjectStructureTests
var prChecks = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "pr-checks.yml"));
var deploy = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml"));
Assert.Contains("gmrelay-discord-bot:2.7.2", compose);
Assert.Contains("gmrelay-discord-bot:2.8.0", compose);
Assert.Contains("Discord__Token=${DISCORD_BOT_TOKEN:?Set DISCORD_BOT_TOKEN in .env}", compose);
Assert.Contains("src/GmRelay.DiscordBot/Dockerfile", deploy);
Assert.Contains("DISCORD_BOT_TOKEN", deploy);
@@ -75,13 +75,13 @@ public sealed class DiscordProjectStructureTests
{
var repoRoot = GetRepoRoot();
Assert.Contains("<Version>2.7.2</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
Assert.Contains("VERSION: 2.7.2", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
Assert.Contains("gmrelay-bot:2.7.2", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("gmrelay-web:2.7.2", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("gmrelay-discord-bot:2.7.2", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("<Version>2.8.0</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
Assert.Contains("VERSION: 2.8.0", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
Assert.Contains("gmrelay-bot:2.8.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("gmrelay-web:2.8.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains("gmrelay-discord-bot:2.8.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
Assert.Contains(
"v2.7.2",
"v2.8.0",
File.ReadAllText(Path.Combine(repoRoot, "src", "GmRelay.Web", "Components", "Layout", "NavMenu.razor")));
}
tests/GmRelay.Bot.Tests/Web/AuthorizedSessionServiceTests.cs
+157 -62
View File
@@ -1,10 +1,29 @@
using GmRelay.Web.Services;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using GmRelay.Shared.Domain;
namespace GmRelay.Bot.Tests.Web;
public sealed class AuthorizedSessionServiceTests
{
private static IHttpContextAccessor CreateAccessor(string externalUserId, string? name = null)
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, externalUserId),
new Claim("TelegramId", externalUserId),
new Claim("Platform", "Telegram")
};
if (name is not null)
claims.Add(new Claim(ClaimTypes.Name, name));
var identity = new ClaimsIdentity(claims, "Test");
var principal = new ClaimsPrincipal(identity);
var httpContext = new DefaultHttpContext { User = principal };
return new HttpContextAccessor { HttpContext = httpContext };
}
[Fact]
public async Task GetUpcomingSessionsForGmAsync_ReturnsSessions_WhenGroupBelongsToGm()
{
@@ -19,9 +38,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var sessions = await service.GetUpcomingSessionsForGmAsync(groupId, gmId);
var sessions = await service.GetUpcomingSessionsForCurrentUserAsync(groupId);
Assert.NotNull(sessions);
Assert.Single(sessions);
@@ -47,9 +67,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, coGmId, GroupManagerRole.CoGm)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(coGmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var sessions = await service.GetUpcomingSessionsForGmAsync(groupId, coGmId);
var sessions = await service.GetUpcomingSessionsForCurrentUserAsync(groupId);
Assert.NotNull(sessions);
Assert.Single(sessions);
@@ -65,9 +86,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, 42, "Alpha", 2002L)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var sessions = await service.GetUpcomingSessionsForGmAsync(groupId, 1001L);
var sessions = await service.GetUpcomingSessionsForCurrentUserAsync(groupId);
Assert.Null(sessions);
}
@@ -87,9 +109,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var session = await service.GetSessionForGmAsync(sessionId, gmId);
var session = await service.GetSessionForCurrentUserAsync(sessionId);
Assert.NotNull(session);
Assert.Equal(sessionId, session.Id);
@@ -109,9 +132,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var session = await service.GetSessionForGmAsync(sessionId, 1001L);
var session = await service.GetSessionForCurrentUserAsync(sessionId);
Assert.Null(session);
}
@@ -130,9 +154,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.UpdateSessionForGmAsync(sessionId, 1001L, "Updated", DateTime.UtcNow.AddDays(1), "https://example.test/b", 5);
var action = () => service.UpdateSessionForCurrentUserAsync(sessionId, "Updated", DateTime.UtcNow.AddDays(1), "https://example.test/b", 5);
await Assert.ThrowsAsync<SessionAccessDeniedException>(action);
Assert.False(store.UpdateCalled);
@@ -154,9 +179,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.UpdateSessionForGmAsync(sessionId, gmId, "Updated", scheduledAt, "https://example.test/b", 5);
await service.UpdateSessionForCurrentUserAsync(sessionId, "Updated", scheduledAt, "https://example.test/b", 5);
Assert.True(store.UpdateCalled);
Assert.Equal(groupId, store.LastUpdatedGroupId);
@@ -183,9 +209,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", originalTime, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.UpdateSessionForGmAsync(sessionId, gmId, "Updated Title", originalTime, "https://example.test/a", 4);
await service.UpdateSessionForCurrentUserAsync(sessionId, "Updated Title", originalTime, "https://example.test/a", 4);
Assert.Single(store.LogEntries);
Assert.Equal("Title", store.LogEntries[0].ChangeType);
@@ -209,10 +236,11 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", originalTime, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var newTime = originalTime.AddDays(1);
await service.UpdateSessionForGmAsync(sessionId, gmId, "Updated Title", newTime, "https://example.test/b", 5);
await service.UpdateSessionForCurrentUserAsync(sessionId, "Updated Title", newTime, "https://example.test/b", 5);
Assert.Equal(4, store.LogEntries.Count);
Assert.Contains(store.LogEntries, e => e.ChangeType == "Title");
@@ -237,9 +265,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", originalTime, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.UpdateSessionForGmAsync(sessionId, gmId, "Session A", originalTime, "https://example.test/a", 4);
await service.UpdateSessionForCurrentUserAsync(sessionId, "Session A", originalTime, "https://example.test/a", 4);
Assert.Empty(store.LogEntries);
}
@@ -259,9 +288,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var history = await service.GetSessionHistoryForGmAsync(sessionId, gmId);
var history = await service.GetSessionHistoryForCurrentUserAsync(sessionId);
Assert.NotNull(history);
Assert.Empty(history);
@@ -281,9 +311,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var history = await service.GetSessionHistoryForGmAsync(sessionId, 1001L);
var history = await service.GetSessionHistoryForCurrentUserAsync(sessionId);
Assert.Null(history);
}
@@ -303,9 +334,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(sessionId, groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", Guid.NewGuid(), 10, 42, 4, 3, 1)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.PromoteWaitlistedPlayerForGmAsync(sessionId, gmId);
await service.PromoteWaitlistedPlayerForCurrentUserAsync(sessionId);
Assert.True(store.PromoteCalled);
Assert.Equal(groupId, store.LastPromotedGroupId);
@@ -326,9 +358,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.UpdateBatchDetailsForGmAsync(batchId, 1001L, "Updated", "https://example.test/b");
var action = () => service.UpdateBatchDetailsForCurrentUserAsync(batchId, "Updated", "https://example.test/b");
await Assert.ThrowsAsync<SessionAccessDeniedException>(action);
Assert.False(store.UpdateBatchDetailsCalled);
@@ -349,9 +382,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.UpdateBatchDetailsForGmAsync(batchId, gmId, "Updated", "https://example.test/b");
await service.UpdateBatchDetailsForCurrentUserAsync(batchId, "Updated", "https://example.test/b");
Assert.True(store.UpdateBatchDetailsCalled);
Assert.Equal(batchId, store.LastUpdatedBatchId);
@@ -380,9 +414,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, coGmId, GroupManagerRole.CoGm)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(coGmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.UpdateBatchDetailsForGmAsync(batchId, coGmId, "Updated", "https://example.test/b");
await service.UpdateBatchDetailsForCurrentUserAsync(batchId, "Updated", "https://example.test/b");
Assert.True(store.UpdateBatchDetailsCalled);
Assert.Equal(batchId, store.LastUpdatedBatchId);
@@ -400,9 +435,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, 42, "Alpha", ownerId)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(ownerId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.AddCoGmForOwnerAsync(groupId, ownerId, coGmId, "Assistant GM", "assistant");
await service.AddCoGmForOwnerAsync(groupId, "Telegram", coGmId.ToString(), "Assistant GM", "assistant");
Assert.True(store.AddCoGmCalled);
Assert.Equal(groupId, store.LastAddedCoGmGroupId);
@@ -427,9 +463,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, coGmId, GroupManagerRole.CoGm)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(coGmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.AddCoGmForOwnerAsync(groupId, coGmId, newCoGmId, "Second Assistant", null);
var action = () => service.AddCoGmForOwnerAsync(groupId, "Telegram", newCoGmId.ToString(), "Second Assistant", null);
await Assert.ThrowsAsync<SessionAccessDeniedException>(action);
Assert.False(store.AddCoGmCalled);
@@ -450,9 +487,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, coGmId, GroupManagerRole.CoGm)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(ownerId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.RemoveCoGmForOwnerAsync(groupId, ownerId, coGmId);
await service.RemoveCoGmForOwnerAsync(groupId, "Telegram", coGmId.ToString());
Assert.True(store.RemoveCoGmCalled);
Assert.Equal(groupId, store.LastRemovedCoGmGroupId);
@@ -473,9 +511,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.UpdateBatchNotificationModeForGmAsync(batchId, 1001L, SessionNotificationMode.GroupOnly);
var action = () => service.UpdateBatchNotificationModeForCurrentUserAsync(batchId, SessionNotificationMode.GroupOnly);
await Assert.ThrowsAsync<SessionAccessDeniedException>(action);
Assert.False(store.UpdateBatchNotificationModeCalled);
@@ -496,9 +535,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.UpdateBatchNotificationModeForGmAsync(batchId, gmId, SessionNotificationMode.GroupOnly);
await service.UpdateBatchNotificationModeForCurrentUserAsync(batchId, SessionNotificationMode.GroupOnly);
Assert.True(store.UpdateBatchNotificationModeCalled);
Assert.Equal(batchId, store.LastUpdatedNotificationBatchId);
@@ -521,9 +561,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.RescheduleBatchForGmAsync(batchId, gmId, DateTime.UtcNow.AddDays(7), intervalDays: 0);
var action = () => service.RescheduleBatchForCurrentUserAsync(batchId, DateTime.UtcNow.AddDays(7), intervalDays: 0);
await Assert.ThrowsAsync<ArgumentOutOfRangeException>(action);
Assert.False(store.RescheduleBatchCalled);
@@ -545,9 +586,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.RescheduleBatchForGmAsync(batchId, gmId, firstScheduledAt, intervalDays: 14);
await service.RescheduleBatchForCurrentUserAsync(batchId, firstScheduledAt, intervalDays: 14);
Assert.True(store.RescheduleBatchCalled);
Assert.Equal(batchId, store.LastRescheduledBatchId);
@@ -571,9 +613,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(Guid.NewGuid(), groupId, "Session A", DateTime.UtcNow, "Planned", "https://example.test/a", batchId, 10, 42, 4, 1, 0)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.CloneBatchForGmAsync(batchId, gmId, BatchCloneInterval.NextWeek);
await service.CloneBatchForCurrentUserAsync(batchId, BatchCloneInterval.NextWeek);
Assert.True(store.CloneBatchCalled);
Assert.Equal(batchId, store.LastClonedBatchId);
@@ -591,11 +634,11 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, 42, "Alpha", gmId)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.CreateCampaignTemplateForGmAsync(
await service.CreateCampaignTemplateForCurrentUserAsync(
groupId,
gmId,
new CreateCampaignTemplateRequest(
" Weekly arc ",
" Kingmaker ",
@@ -626,11 +669,11 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, 42, "Alpha", gmId)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.CreateCampaignTemplateForGmAsync(
await service.CreateCampaignTemplateForCurrentUserAsync(
groupId,
gmId,
new CreateCampaignTemplateRequest(
"Open table",
"West Marches",
@@ -653,11 +696,11 @@ public sealed class AuthorizedSessionServiceTests
[
new(groupId, 42, "Alpha", 2002L)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.CreateCampaignTemplateForGmAsync(
var action = () => service.CreateCampaignTemplateForCurrentUserAsync(
groupId,
1001L,
new CreateCampaignTemplateRequest(
"Weekly arc",
"Kingmaker",
@@ -687,9 +730,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(templateId, groupId, "Weekly arc", "Kingmaker", "https://example.test/kingmaker", 6, 7, 5, SessionNotificationModeExtensions.GroupOnlyValue, DateTime.UtcNow, DateTime.UtcNow)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor(gmId.ToString());
var service = new AuthorizedSessionService(store, accessor);
await service.CreateBatchFromCampaignTemplateForGmAsync(templateId, gmId, firstScheduledAt);
await service.CreateBatchFromCampaignTemplateForCurrentUserAsync(templateId, firstScheduledAt);
Assert.True(store.CreateBatchFromTemplateCalled);
Assert.Equal(templateId, store.LastCreatedBatchTemplateId);
@@ -711,9 +755,10 @@ public sealed class AuthorizedSessionServiceTests
[
new(templateId, groupId, "Weekly arc", "Kingmaker", "https://example.test/kingmaker", 6, 7, 5, SessionNotificationModeExtensions.GroupOnlyValue, DateTime.UtcNow, DateTime.UtcNow)
]);
var service = new AuthorizedSessionService(store);
var accessor = CreateAccessor("1001");
var service = new AuthorizedSessionService(store, accessor);
var action = () => service.CreateBatchFromCampaignTemplateForGmAsync(templateId, 1001L, DateTime.UtcNow.AddDays(3));
var action = () => service.CreateBatchFromCampaignTemplateForCurrentUserAsync(templateId, DateTime.UtcNow.AddDays(3));
await Assert.ThrowsAsync<SessionAccessDeniedException>(action);
Assert.False(store.CreateBatchFromTemplateCalled);
@@ -1019,7 +1064,7 @@ public sealed class AuthorizedSessionServiceTests
public Task LogSessionChangeAsync(Guid sessionId, long actorTelegramId, string actorName, string changeType, string? oldValue, string? newValue)
{
var entry = new SessionAuditLogEntry(Guid.NewGuid(), sessionId, actorTelegramId, actorName, changeType, oldValue, newValue, DateTime.UtcNow);
var entry = new SessionAuditLogEntry(Guid.NewGuid(), sessionId, actorTelegramId.ToString(), actorName, changeType, oldValue, newValue, DateTime.UtcNow);
LogEntries.Add(entry);
LastLogSessionId = sessionId;
LastLogActorTelegramId = actorTelegramId;
@@ -1033,12 +1078,62 @@ public sealed class AuthorizedSessionServiceTests
public Task<List<SessionAuditLogEntry>> GetSessionHistoryAsync(Guid sessionId) =>
Task.FromResult(LogEntries.Where(e => e.SessionId == sessionId).OrderByDescending(e => e.ChangedAt).ToList());
public Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId) =>
Task.FromResult(groupsById.Values.Where(group => IsManager(group.Id, externalUserId)).ToList());
public Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId) =>
Task.FromResult(IsManager(groupId, externalUserId));
public Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId) =>
Task.FromResult(IsOwner(groupId, externalUserId));
public Task AddGroupCoGmAsync(Guid groupId, string ownerPlatform, string ownerExternalUserId, string coGmPlatform, string coGmExternalUserId, string displayName, string? externalUsername)
{
AddCoGmCalled = true;
LastAddedCoGmGroupId = groupId;
LastAddedCoGmTelegramId = long.TryParse(coGmExternalUserId, out var id) ? id : null;
LastAddedCoGmDisplayName = displayName;
LastAddedCoGmUsername = externalUsername;
return Task.CompletedTask;
}
public Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId)
{
RemoveCoGmCalled = true;
LastRemovedCoGmGroupId = groupId;
LastRemovedCoGmTelegramId = long.TryParse(coGmExternalUserId, out var id) ? id : null;
return Task.CompletedTask;
}
public Task LogSessionChangeAsync(Guid sessionId, string actorExternalUserId, string actorName, string changeType, string? oldValue, string? newValue)
{
var entry = new SessionAuditLogEntry(Guid.NewGuid(), sessionId, actorExternalUserId, actorName, changeType, oldValue, newValue, DateTime.UtcNow);
LogEntries.Add(entry);
LastLogSessionId = sessionId;
LastLogActorTelegramId = long.TryParse(actorExternalUserId, out var id) ? (long?)id : null;
LastLogActorName = actorName;
LastLogChangeType = changeType;
LastLogOldValue = oldValue;
LastLogNewValue = newValue;
return Task.CompletedTask;
}
public Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl) =>
Task.CompletedTask;
private bool IsManager(Guid groupId, long telegramId) =>
IsOwner(groupId, telegramId) ||
managers.Any(manager => manager.GroupId == groupId && manager.TelegramId == telegramId);
private bool IsOwner(Guid groupId, long telegramId) =>
groupsById.TryGetValue(groupId, out var group) && group.GmTelegramId == telegramId;
private bool IsManager(Guid groupId, string externalUserId) =>
IsOwner(groupId, externalUserId) ||
managers.Any(manager => manager.GroupId == groupId && manager.TelegramId.ToString() == externalUserId);
private bool IsOwner(Guid groupId, string externalUserId) =>
groupsById.TryGetValue(groupId, out var group) && group.GmTelegramId.ToString() == externalUserId;
}
private sealed record FakeGroupManager(Guid GroupId, long TelegramId, GroupManagerRole Role);
tests/GmRelay.Bot.Tests/Web/DiscordAuthServiceTests.cs
+139
View File
@@ -0,0 +1,139 @@
using System.Net;
using System.Text.Json;
using GmRelay.Web;
using GmRelay.Web.Services;
using Microsoft.Extensions.Configuration;
namespace GmRelay.Bot.Tests.Web;
public class DiscordAuthServiceTests
{
[Fact]
public void BuildAuthorizeUrl_GeneratesCorrectUrl()
{
var config = new ConfigurationBuilder()
.AddInMemoryCollection(new Dictionary<string, string?>
{
["Discord:ClientId"] = "12345",
["Discord:ClientSecret"] = "secret",
["Discord:RedirectUri"] = "https://example.com/callback"
})
.Build();
var service = new DiscordAuthService(new TestHttpClientFactory(), config);
var url = service.BuildAuthorizeUrl("state123");
Assert.Contains("client_id=12345", url);
Assert.Contains("response_type=code", url);
Assert.Contains("state=state123", url);
Assert.Contains("https%3A%2F%2Fexample.com%2Fcallback", url);
}
[Fact]
public void BuildAuthorizeUrl_WithMissingConfig_ThrowsInvalidOperationException()
{
var config = new ConfigurationBuilder().Build();
var service = new DiscordAuthService(new TestHttpClientFactory(), config);
Assert.Throws<InvalidOperationException>(() => service.BuildAuthorizeUrl("state"));
}
[Fact]
public async Task ExchangeCodeAsync_WithValidCode_ReturnsUser()
{
var handler = new TestHttpMessageHandler((request) =>
{
if (request.RequestUri?.AbsolutePath == "/api/oauth2/token")
{
var response = new DiscordTokenResponse("access_123", "Bearer", 604800, "identify");
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonSerializer.Serialize(response))
};
}
if (request.RequestUri?.AbsolutePath == "/api/users/@me")
{
var user = new DiscordUser("98765", "TestUser", "0", "avatar123", null);
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonSerializer.Serialize(user))
};
}
return new HttpResponseMessage(HttpStatusCode.NotFound);
});
var config = new ConfigurationBuilder()
.AddInMemoryCollection(new Dictionary<string, string?>
{
["Discord:ClientId"] = "client",
["Discord:ClientSecret"] = "secret",
["Discord:RedirectUri"] = "https://example.com/callback"
})
.Build();
var factory = new TestHttpClientFactory(handler);
var service = new DiscordAuthService(factory, config);
var result = await service.ExchangeCodeAsync("valid_code");
Assert.NotNull(result);
Assert.Equal("98765", result.Id);
Assert.Equal("TestUser", result.Username);
Assert.Equal("https://cdn.discordapp.com/avatars/98765/avatar123.png", result.AvatarUrl);
}
[Fact]
public async Task ExchangeCodeAsync_WithInvalidCode_ReturnsNull()
{
var handler = new TestHttpMessageHandler((request) =>
{
return new HttpResponseMessage(HttpStatusCode.BadRequest);
});
var config = new ConfigurationBuilder()
.AddInMemoryCollection(new Dictionary<string, string?>
{
["Discord:ClientId"] = "client",
["Discord:ClientSecret"] = "secret",
["Discord:RedirectUri"] = "https://example.com/callback"
})
.Build();
var factory = new TestHttpClientFactory(handler);
var service = new DiscordAuthService(factory, config);
var result = await service.ExchangeCodeAsync("invalid_code");
Assert.Null(result);
}
private class TestHttpClientFactory : IHttpClientFactory
{
private readonly HttpMessageHandler? _handler;
public TestHttpClientFactory(HttpMessageHandler? handler = null)
{
_handler = handler;
}
public HttpClient CreateClient(string name) =>
_handler is not null ? new HttpClient(_handler) : new HttpClient();
}
private class TestHttpMessageHandler : HttpMessageHandler
{
private readonly Func<HttpRequestMessage, HttpResponseMessage> _handler;
public TestHttpMessageHandler(Func<HttpRequestMessage, HttpResponseMessage> handler)
{
_handler = handler;
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
return Task.FromResult(_handler(request));
}
}
}
tests/GmRelay.Bot.Tests/Web/PlatformIdentityTests.cs
+114
View File
@@ -0,0 +1,114 @@
using System.Security.Claims;
using GmRelay.Web.Services;
namespace GmRelay.Bot.Tests.Web;
public class PlatformIdentityTests
{
[Fact]
public void TryGetPlatformIdentity_TelegramUser_ReturnsTelegramPlatform()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, "12345"),
new Claim("TelegramId", "12345")
}));
var result = user.TryGetPlatformIdentity(out var platform, out var externalUserId);
Assert.True(result);
Assert.Equal("Telegram", platform);
Assert.Equal("12345", externalUserId);
}
[Fact]
public void TryGetPlatformIdentity_TelegramUserWithPlatformClaim_ReturnsTelegramPlatform()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, "12345"),
new Claim("Platform", "Telegram")
}));
var result = user.TryGetPlatformIdentity(out var platform, out var externalUserId);
Assert.True(result);
Assert.Equal("Telegram", platform);
Assert.Equal("12345", externalUserId);
}
[Fact]
public void TryGetPlatformIdentity_DiscordUser_ReturnsDiscordPlatform()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, "98765"),
new Claim("DiscordId", "98765"),
new Claim("Platform", "Discord")
}));
var result = user.TryGetPlatformIdentity(out var platform, out var externalUserId);
Assert.True(result);
Assert.Equal("Discord", platform);
Assert.Equal("98765", externalUserId);
}
[Fact]
public void TryGetPlatformIdentity_UnknownUser_ReturnsFalse()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Anonymous")
}));
var result = user.TryGetPlatformIdentity(out _, out _);
Assert.False(result);
}
[Fact]
public void TryGetDiscordId_DiscordUser_ReturnsTrue()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim("DiscordId", "123")
}));
var result = user.TryGetDiscordId(out var discordId);
Assert.True(result);
Assert.Equal("123", discordId);
}
[Fact]
public void TryGetDiscordId_TelegramUser_ReturnsFalse()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim("TelegramId", "123")
}));
var result = user.TryGetDiscordId(out _);
Assert.False(result);
}
[Fact]
public void GetAvatarUrl_DiscordUserWithAvatar_ReturnsUrl()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim("AvatarUrl", "https://cdn.discordapp.com/avatars/1/abc.png")
}));
var result = user.GetAvatarUrl();
Assert.Equal("https://cdn.discordapp.com/avatars/1/abc.png", result);
}
[Fact]
public void GetAvatarUrl_UserWithoutAvatar_ReturnsNull()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(Array.Empty<Claim>()));
var result = user.GetAvatarUrl();
Assert.Null(result);
}
}