Compare commits
30 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Toutsu
|
dcbd9bab41 | ||
|
Toutsu
|
92d5d9c2d3 | ||
|
Toutsu
|
47d106e288 | ||
|
Toutsu
|
a5624897e9 | ||
|
Toutsu
|
11e75d036a | ||
|
Toutsu
|
2942da0c35 | ||
|
Toutsu
|
549c0c96ae | ||
|
Toutsu
|
dd9337dd20 | ||
|
Toutsu
|
3cc3b373e5 | ||
|
Toutsu
|
f6d5281af8 | ||
|
Toutsu
|
fa63886195 | ||
|
Toutsu
|
9bd5fe75c9 | ||
|
Toutsu
|
d931da37ec | ||
|
Toutsu
|
9375fa45b2 | ||
|
Toutsu
|
0b45aee96d | ||
|
Toutsu
|
80e346d6b5 | ||
|
Toutsu
|
eff0128d29 | ||
|
Toutsu
|
8214e052af | ||
|
Toutsu
|
2a233b2b1e | ||
|
Toutsu
|
5e3028e470 | ||
|
Toutsu
|
63193310f2 | ||
|
Toutsu
|
af37f3a8ec | ||
|
Toutsu
|
66228cf106 | ||
|
Toutsu
|
9c59240f48 | ||
|
Toutsu
|
baa25f2e1e | ||
|
Toutsu
|
7a2ed808c4 | ||
|
Toutsu
|
dd0828a63d | ||
|
Toutsu
|
72a392e652 | ||
|
Toutsu
|
e1fac04775 | ||
|
Toutsu
|
7e02e86cd6 |
@@ -6,7 +6,7 @@ on:
|
||||
- main
|
||||
|
||||
env:
|
||||
VERSION: 2.8.0
|
||||
VERSION: 3.0.9
|
||||
|
||||
jobs:
|
||||
# ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<Project>
|
||||
<PropertyGroup>
|
||||
<Version>2.8.0</Version>
|
||||
<Version>3.0.9</Version>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<LangVersion>preview</LangVersion>
|
||||
<Nullable>enable</Nullable>
|
||||
|
||||
@@ -85,8 +85,10 @@ TELEGRAM_BOT_TOKEN=ваш_токен_здесь
|
||||
# Токен Discord application bot
|
||||
DISCORD_BOT_TOKEN=ваш_discord_токен_здесь
|
||||
|
||||
# Client ID Discord application (используется для slash-команд)
|
||||
DISCORD_BOT_CLIENT_ID=ваш_discord_client_id_здесь
|
||||
# Discord OAuth (для Web Dashboard)
|
||||
DISCORD_CLIENT_ID=ваш_discord_client_id_здесь
|
||||
DISCORD_CLIENT_SECRET=ваш_discord_client_secret_здесь
|
||||
DISCORD_REDIRECT_URI=https://your-domain.example/auth/discord/callback
|
||||
|
||||
# Имя бота без @ (для Telegram Login Widget)
|
||||
TELEGRAM_BOT_USERNAME=ваше_имя_бота_здесь
|
||||
@@ -119,7 +121,7 @@ docker compose up -d
|
||||
1. Напишите боту `/start`.
|
||||
2. Создайте группу через `/newgroup`.
|
||||
3. Откройте Mini App или Web Dashboard для расширенного управления.
|
||||
4. Для Discord пригласите application bot на сервер с правами `bot` и `applications.commands`. Скопируйте `DISCORD_BOT_TOKEN` и `DISCORD_BOT_CLIENT_ID` в `.env`.
|
||||
4. Для Discord пригласите application bot на сервер с правами `bot` и `applications.commands`. Скопируйте `DISCORD_BOT_TOKEN` в `.env`; `DISCORD_CLIENT_ID`, `DISCORD_CLIENT_SECRET` и `DISCORD_REDIRECT_URI` нужны только для входа в Web Dashboard через Discord.
|
||||
5. Перезапустите Docker Compose (`docker compose up -d`), а затем в Discord создайте сессию через `/newsession` или опубликуйте расписание через `/listsessions`; игроки записываются и выходят кнопками в опубликованном сообщении.
|
||||
|
||||
## 💾 Backup и восстановление
|
||||
|
||||
+3
-3
@@ -49,7 +49,7 @@ services:
|
||||
crond -f
|
||||
|
||||
bot:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-bot:2.8.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-bot:3.0.9
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
@@ -67,7 +67,7 @@ services:
|
||||
retries: 3
|
||||
|
||||
discord:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:2.8.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:3.0.9
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
@@ -84,7 +84,7 @@ services:
|
||||
retries: 3
|
||||
|
||||
web:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-web:2.8.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-web:3.0.9
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
-- =============================================================
|
||||
-- V020: Player identity linking for unified multi-platform accounts
|
||||
-- =============================================================
|
||||
-- Scope: Allow linking multiple platform identities (Telegram, Discord)
|
||||
-- to a single "primary" player account. All group/session permissions
|
||||
-- resolve through the effective (primary) player id.
|
||||
-- =============================================================
|
||||
|
||||
-- player_links: secondary player → primary player (1:1 on secondary)
|
||||
CREATE TABLE player_links (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
primary_player_id UUID NOT NULL REFERENCES players(id) ON DELETE CASCADE,
|
||||
secondary_player_id UUID NOT NULL UNIQUE REFERENCES players(id) ON DELETE CASCADE,
|
||||
linked_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
||||
linked_by_player_id UUID REFERENCES players(id) ON DELETE SET NULL,
|
||||
-- Prevent self-linking at the DB level
|
||||
CONSTRAINT no_self_link CHECK (primary_player_id <> secondary_player_id)
|
||||
);
|
||||
|
||||
CREATE INDEX ix_player_links_primary_player_id
|
||||
ON player_links(primary_player_id);
|
||||
|
||||
-- identity_audit_log: security-sensitive link/unlink actions
|
||||
CREATE TABLE identity_audit_log (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
player_id UUID NOT NULL REFERENCES players(id) ON DELETE CASCADE,
|
||||
action VARCHAR(50) NOT NULL, -- 'link', 'unlink', 'link_attempt_conflict'
|
||||
target_platform VARCHAR(50),
|
||||
target_external_user_id VARCHAR(255),
|
||||
performed_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
||||
performed_by_player_id UUID REFERENCES players(id) ON DELETE SET NULL
|
||||
);
|
||||
|
||||
CREATE INDEX ix_identity_audit_log_player_id
|
||||
ON identity_audit_log(player_id);
|
||||
CREATE INDEX ix_identity_audit_log_performed_at
|
||||
ON identity_audit_log(performed_at DESC);
|
||||
@@ -0,0 +1,8 @@
|
||||
-- =============================================================
|
||||
-- V021: Add avatar_url column to players table
|
||||
-- =============================================================
|
||||
-- Scope: Support storing avatar URLs for Discord and other platforms.
|
||||
-- =============================================================
|
||||
|
||||
ALTER TABLE players
|
||||
ADD COLUMN avatar_url VARCHAR(500);
|
||||
@@ -0,0 +1,16 @@
|
||||
-- =============================================================
|
||||
-- V022: Fix incorrectly oriented player_links for Discord↔Telegram
|
||||
-- =============================================================
|
||||
-- Scope: Reverse player_links where Discord was incorrectly made primary
|
||||
-- and Telegram secondary. Telegram (with historical group/session data)
|
||||
-- must always be the primary account.
|
||||
-- =============================================================
|
||||
|
||||
UPDATE player_links pl
|
||||
SET primary_player_id = pl.secondary_player_id,
|
||||
secondary_player_id = pl.primary_player_id
|
||||
FROM players p1, players p2
|
||||
WHERE pl.primary_player_id = p1.id
|
||||
AND pl.secondary_player_id = p2.id
|
||||
AND p1.platform = 'Discord'
|
||||
AND p2.platform = 'Telegram';
|
||||
@@ -3,7 +3,6 @@ using NetCord.Services.ApplicationCommands;
|
||||
|
||||
namespace GmRelay.DiscordBot.Features.Sessions;
|
||||
|
||||
[SlashCommand("listsessions", "Show upcoming game sessions in this server")]
|
||||
public class DiscordListSessionsCommand : ApplicationCommandModule<SlashCommandContext>
|
||||
{
|
||||
private readonly DiscordListSessionsHandler _handler;
|
||||
@@ -13,9 +12,10 @@ public class DiscordListSessionsCommand : ApplicationCommandModule<SlashCommandC
|
||||
_handler = handler;
|
||||
}
|
||||
|
||||
[SlashCommand("listsessions", "Show upcoming game sessions in this server")]
|
||||
public async Task ExecuteAsync()
|
||||
{
|
||||
var guildId = Context.Guild?.Id.ToString()
|
||||
var guildId = Context.Interaction.GuildId?.ToString()
|
||||
?? throw new InvalidOperationException("This command can only be used in a guild.");
|
||||
var channelId = Context.Channel.Id.ToString();
|
||||
|
||||
|
||||
@@ -21,8 +21,8 @@ public sealed class DiscordListSessionsHandler(NpgsqlDataSource dataSource)
|
||||
var sessions = await connection.QueryAsync<DiscordSessionListItemDto>(
|
||||
@"SELECT s.id as Id, s.title as Title, s.scheduled_at as ScheduledAt, s.status as Status,
|
||||
s.max_players as MaxPlayers,
|
||||
COUNT(sp.id) FILTER (WHERE sp.is_gm = false AND sp.registration_status = @Active) as PlayerCount,
|
||||
COUNT(sp.id) FILTER (WHERE sp.is_gm = false AND sp.registration_status = @Waitlisted) as WaitlistCount
|
||||
COUNT(sp.id) FILTER (WHERE sp.is_gm = false AND sp.registration_status = @Active)::int as PlayerCount,
|
||||
COUNT(sp.id) FILTER (WHERE sp.is_gm = false AND sp.registration_status = @Waitlisted)::int as WaitlistCount
|
||||
FROM sessions s
|
||||
JOIN game_groups g ON s.group_id = g.id
|
||||
LEFT JOIN session_participants sp ON s.id = sp.session_id
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
using GmRelay.DiscordBot.Rendering;
|
||||
using GmRelay.DiscordBot.Rendering;
|
||||
using NetCord;
|
||||
using NetCord.Rest;
|
||||
using NetCord.Services.ApplicationCommands;
|
||||
|
||||
namespace GmRelay.DiscordBot.Features.Sessions;
|
||||
|
||||
[SlashCommand("newsession", "Create a new game session")]
|
||||
public class DiscordNewSessionCommand : ApplicationCommandModule<SlashCommandContext>
|
||||
{
|
||||
private readonly DiscordNewSessionHandler _handler;
|
||||
@@ -16,15 +16,52 @@ public class DiscordNewSessionCommand : ApplicationCommandModule<SlashCommandCon
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
[SlashCommand("newsession", "Create a new game session")]
|
||||
public async Task ExecuteAsync(
|
||||
[SlashCommandParameter(Name = "title", Description = "Game title")] string title,
|
||||
[SlashCommandParameter(Name = "time", Description = "Session time (YYYY-MM-DD HH:mm or DD.MM.YYYY HH:mm)")] string time,
|
||||
[SlashCommandParameter(Name = "seats", Description = "Maximum number of players")] long? seats = null,
|
||||
[SlashCommandParameter(Name = "link", Description = "Join link")] string? link = null)
|
||||
{
|
||||
var guild = Context.Guild
|
||||
_logger.LogInformation(
|
||||
"newsession called by user {UserId} ({UserType}) in guild {GuildId}, channel {ChannelId}",
|
||||
Context.User.Id,
|
||||
Context.User.GetType().Name,
|
||||
Context.Interaction.GuildId,
|
||||
Context.Channel?.Id);
|
||||
|
||||
var guildId = Context.Interaction.GuildId
|
||||
?? throw new InvalidOperationException("This command can only be used in a guild.");
|
||||
|
||||
var member = Context.User as GuildInteractionUser;
|
||||
if (member is null)
|
||||
{
|
||||
_logger.LogError("Context.User is not GuildInteractionUser. Actual type: {ActualType}", Context.User.GetType().Name);
|
||||
throw new InvalidOperationException("Guild member data not available in interaction.");
|
||||
}
|
||||
|
||||
var resolvedPermissions = (ulong)member.Permissions;
|
||||
_logger.LogInformation("Resolved permissions for user {UserId}: {Permissions}", Context.User.Id, resolvedPermissions);
|
||||
|
||||
ulong guildOwnerId = 0;
|
||||
try
|
||||
{
|
||||
var guild = await Context.Client.Rest.GetGuildAsync(guildId);
|
||||
guildOwnerId = guild.OwnerId;
|
||||
_logger.LogInformation("Guild owner id: {OwnerId}", guildOwnerId);
|
||||
}
|
||||
catch (RestException ex) when (ex.StatusCode == System.Net.HttpStatusCode.NotFound)
|
||||
{
|
||||
_logger.LogWarning(
|
||||
ex,
|
||||
"Bot is not a REST member of guild {GuildId}; using resolved permissions from interaction payload",
|
||||
guildId);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Unexpected error fetching guild {GuildId}", guildId);
|
||||
}
|
||||
|
||||
var timeResult = DiscordNewSessionHandler.ParseTimeInput(time);
|
||||
if (!timeResult.IsSuccess)
|
||||
{
|
||||
@@ -33,55 +70,56 @@ public class DiscordNewSessionCommand : ApplicationCommandModule<SlashCommandCon
|
||||
return;
|
||||
}
|
||||
|
||||
var resolvedPermissions = GetResolvedPermissions(guild, Context.User.Id);
|
||||
// Defer the response to avoid Discord 3-second interaction timeout
|
||||
await Context.Interaction.SendResponseAsync(InteractionCallback.DeferredMessage());
|
||||
|
||||
try
|
||||
{
|
||||
_logger.LogInformation("Creating session for guild {GuildId}, user {UserId}", guildId, Context.User.Id);
|
||||
|
||||
var view = await _handler.HandleAsync(
|
||||
guildId: guild.Id.ToString(),
|
||||
channelId: Context.Channel.Id.ToString(),
|
||||
guildId: guildId.ToString(),
|
||||
channelId: Context.Channel!.Id.ToString(),
|
||||
userId: Context.User.Id,
|
||||
userDisplayName: Context.User.GlobalName ?? Context.User.Username,
|
||||
resolvedPermissions: resolvedPermissions,
|
||||
guildOwnerId: guild.OwnerId,
|
||||
guildOwnerId: guildOwnerId,
|
||||
title: title,
|
||||
scheduledAt: timeResult.Value,
|
||||
maxPlayers: seats is null ? null : (int)seats.Value,
|
||||
joinLink: link,
|
||||
CancellationToken.None);
|
||||
|
||||
_logger.LogInformation("Session created successfully. Building render.");
|
||||
|
||||
var (embeds, actionRows) = DiscordSessionBatchRenderer.Render(view);
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message(new InteractionMessageProperties()
|
||||
.WithContent(":white_check_mark: **Session created successfully!**")
|
||||
.WithEmbeds(embeds)
|
||||
.WithComponents(actionRows)));
|
||||
|
||||
_logger.LogInformation("Sending success response.");
|
||||
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = ":white_check_mark: **Session created successfully!**";
|
||||
message.Embeds = embeds;
|
||||
message.Components = actionRows;
|
||||
});
|
||||
|
||||
_logger.LogInformation("Success response sent.");
|
||||
}
|
||||
catch (UnauthorizedAccessException ex)
|
||||
{
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message($":no_entry: {ex.Message}"));
|
||||
_logger.LogWarning(ex, "Unauthorized session creation attempt by user {UserId}", Context.User.Id);
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = $":no_entry: {ex.Message}";
|
||||
});
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Failed to create session for user {UserId} in guild {GuildId}", Context.User.Id, guild.Id);
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message(":boom: An error occurred while creating the session."));
|
||||
_logger.LogError(ex, "Failed to create session for user {UserId} in guild {GuildId}", Context.User.Id, guildId);
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = ":boom: An error occurred while creating the session.";
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
private static ulong GetResolvedPermissions(NetCord.Gateway.Guild guild, ulong userId)
|
||||
{
|
||||
if (!guild.Users.TryGetValue(userId, out var guildUser))
|
||||
return 0;
|
||||
|
||||
ulong resolved = 0;
|
||||
foreach (var roleId in guildUser.RoleIds)
|
||||
{
|
||||
if (guild.Roles.TryGetValue(roleId, out var role))
|
||||
resolved |= (ulong)role.Permissions;
|
||||
}
|
||||
|
||||
return resolved;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
namespace GmRelay.DiscordBot.Features.Sessions;
|
||||
|
||||
using NetCord;
|
||||
using NetCord.Rest;
|
||||
using NetCord.Services.ApplicationCommands;
|
||||
|
||||
[SlashCommand("reschedule", "Initiate reschedule voting for a session")]
|
||||
public class DiscordRescheduleCommand : ApplicationCommandModule<SlashCommandContext>
|
||||
{
|
||||
private readonly DiscordRescheduleHandler _handler;
|
||||
@@ -15,6 +15,7 @@ public class DiscordRescheduleCommand : ApplicationCommandModule<SlashCommandCon
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
[SlashCommand("reschedule", "Initiate reschedule voting for a session")]
|
||||
public async Task ExecuteAsync(
|
||||
[SlashCommandParameter(Name = "session", Description = "Session ID to reschedule")] string sessionIdText,
|
||||
[SlashCommandParameter(Name = "option1", Description = "First time option (YYYY-MM-DD HH:mm)")] string option1,
|
||||
@@ -22,9 +23,44 @@ public class DiscordRescheduleCommand : ApplicationCommandModule<SlashCommandCon
|
||||
[SlashCommandParameter(Name = "option3", Description = "Third time option (optional)")] string? option3 = null,
|
||||
[SlashCommandParameter(Name = "deadline", Description = "Voting deadline (YYYY-MM-DD HH:mm)")] string deadline = "")
|
||||
{
|
||||
var guild = Context.Guild
|
||||
_logger.LogInformation(
|
||||
"reschedule called by user {UserId} ({UserType}) in guild {GuildId}",
|
||||
Context.User.Id,
|
||||
Context.User.GetType().Name,
|
||||
Context.Interaction.GuildId);
|
||||
|
||||
var guildId = Context.Interaction.GuildId
|
||||
?? throw new InvalidOperationException("This command can only be used in a guild.");
|
||||
|
||||
var member = Context.User as GuildInteractionUser;
|
||||
if (member is null)
|
||||
{
|
||||
_logger.LogError("Context.User is not GuildInteractionUser. Actual type: {ActualType}", Context.User.GetType().Name);
|
||||
throw new InvalidOperationException("Guild member data not available in interaction.");
|
||||
}
|
||||
|
||||
var resolvedPermissions = (ulong)member.Permissions;
|
||||
_logger.LogInformation("Resolved permissions for user {UserId}: {Permissions}", Context.User.Id, resolvedPermissions);
|
||||
|
||||
ulong guildOwnerId = 0;
|
||||
try
|
||||
{
|
||||
var guild = await Context.Client.Rest.GetGuildAsync(guildId);
|
||||
guildOwnerId = guild.OwnerId;
|
||||
_logger.LogInformation("Guild owner id: {OwnerId}", guildOwnerId);
|
||||
}
|
||||
catch (RestException ex) when (ex.StatusCode == System.Net.HttpStatusCode.NotFound)
|
||||
{
|
||||
_logger.LogWarning(
|
||||
ex,
|
||||
"Bot is not a REST member of guild {GuildId}; using resolved permissions from interaction payload",
|
||||
guildId);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Unexpected error fetching guild {GuildId}", guildId);
|
||||
}
|
||||
|
||||
if (!Guid.TryParse(sessionIdText, out var sessionId))
|
||||
{
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
@@ -64,54 +100,55 @@ public class DiscordRescheduleCommand : ApplicationCommandModule<SlashCommandCon
|
||||
return;
|
||||
}
|
||||
|
||||
var resolvedPermissions = GetResolvedPermissions(guild, Context.User.Id);
|
||||
// Defer the response to avoid Discord 3-second interaction timeout
|
||||
await Context.Interaction.SendResponseAsync(InteractionCallback.DeferredMessage());
|
||||
|
||||
try
|
||||
{
|
||||
_logger.LogInformation("Initiating reschedule for session {SessionId} in guild {GuildId}", sessionId, guildId);
|
||||
|
||||
var result = await _handler.HandleAsync(
|
||||
guildId: guild.Id.ToString(),
|
||||
channelId: Context.Channel.Id.ToString(),
|
||||
guildId: guildId.ToString(),
|
||||
channelId: Context.Channel!.Id.ToString(),
|
||||
userId: Context.User.Id,
|
||||
userDisplayName: Context.User.GlobalName ?? Context.User.Username,
|
||||
resolvedPermissions: resolvedPermissions,
|
||||
guildOwnerId: guild.OwnerId,
|
||||
guildOwnerId: guildOwnerId,
|
||||
sessionId: sessionId,
|
||||
options: parsedOptions,
|
||||
deadline: deadlineResult.Value,
|
||||
CancellationToken.None);
|
||||
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message(
|
||||
$"🗳 Голосование за перенос запущено! Дедлайн: {deadlineResult.Value:yyyy-MM-dd HH:mm} UTC."));
|
||||
_logger.LogInformation("Reschedule voting started for session {SessionId}, proposal {ProposalId}", sessionId, result.ProposalId);
|
||||
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = $"🗳 Голосование за перенос запущено! Дедлайн: {deadlineResult.Value:yyyy-MM-dd HH:mm} UTC.";
|
||||
});
|
||||
}
|
||||
catch (UnauthorizedAccessException ex)
|
||||
{
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message($":no_entry: {ex.Message}"));
|
||||
_logger.LogWarning(ex, "Unauthorized reschedule attempt by user {UserId}", Context.User.Id);
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = $":no_entry: {ex.Message}";
|
||||
});
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message($":warning: {ex.Message}"));
|
||||
_logger.LogWarning(ex, "Invalid reschedule request by user {UserId}", Context.User.Id);
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = $":warning: {ex.Message}";
|
||||
});
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Failed to initiate reschedule for session {SessionId}", sessionId);
|
||||
await Context.Interaction.SendResponseAsync(
|
||||
InteractionCallback.Message(":boom: Ошибка при запуске голосования."));
|
||||
await Context.Interaction.ModifyResponseAsync(message =>
|
||||
{
|
||||
message.Content = ":boom: Ошибка при запуске голосования.";
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
private static ulong GetResolvedPermissions(NetCord.Gateway.Guild guild, ulong userId)
|
||||
{
|
||||
if (!guild.Users.TryGetValue(userId, out var guildUser))
|
||||
return 0;
|
||||
ulong resolved = 0;
|
||||
foreach (var roleId in guildUser.RoleIds)
|
||||
{
|
||||
if (guild.Roles.TryGetValue(roleId, out var role))
|
||||
resolved |= (ulong)role.Permissions;
|
||||
}
|
||||
return resolved;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -168,7 +168,7 @@ public sealed class DiscordSessionInteractionModule(
|
||||
|
||||
private DiscordSessionInteractionInput CreateInput(Guid sessionId)
|
||||
{
|
||||
var guild = Context.Guild
|
||||
var guildId = Context.Interaction.GuildId?.ToString(CultureInfo.InvariantCulture)
|
||||
?? throw new InvalidOperationException("Session buttons can only be used in a guild.");
|
||||
var message = Context.Interaction.Message
|
||||
?? throw new InvalidOperationException("Session button interaction must include a message.");
|
||||
@@ -176,7 +176,7 @@ public sealed class DiscordSessionInteractionModule(
|
||||
return new DiscordSessionInteractionInput(
|
||||
SessionId: sessionId,
|
||||
InteractionId: Context.Interaction.Id.ToString(System.Globalization.CultureInfo.InvariantCulture),
|
||||
GuildId: guild.Id.ToString(CultureInfo.InvariantCulture),
|
||||
GuildId: guildId,
|
||||
ChannelId: Context.Channel.Id.ToString(CultureInfo.InvariantCulture),
|
||||
MessageId: message.Id.ToString(CultureInfo.InvariantCulture),
|
||||
UserId: Context.User.Id,
|
||||
|
||||
@@ -6,11 +6,14 @@
|
||||
<Nullable>enable</Nullable>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<UserSecretsId>dotnet-GmRelay.DiscordBot-issue-26</UserSecretsId>
|
||||
<!-- DiscordBot uses vanilla Dapper in its own handlers; DAP005 requires AOT-enabled Dapper -->
|
||||
<NoWarn>$(NoWarn);DAP005</NoWarn>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Aspire.Npgsql" Version="13.2.2" />
|
||||
<PackageReference Include="Dapper" Version="2.1.72" />
|
||||
<PackageReference Include="Dapper.AOT" Version="1.0.48" />
|
||||
<PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.5" />
|
||||
<PackageReference Include="NetCord.Hosting" Version="1.0.0-alpha.489" />
|
||||
<PackageReference Include="NetCord.Hosting.Services" Version="1.0.0-alpha.489" />
|
||||
|
||||
@@ -18,8 +18,10 @@ using Microsoft.Extensions.DependencyInjection;
|
||||
using NetCord;
|
||||
using NetCord.Gateway;
|
||||
using NetCord.Hosting.Gateway;
|
||||
using NetCord.Hosting.Services;
|
||||
using NetCord.Hosting.Services.ApplicationCommands;
|
||||
using NetCord.Hosting.Services.ComponentInteractions;
|
||||
using NetCord.Services.ApplicationCommands;
|
||||
using NetCord.Services.ComponentInteractions;
|
||||
using Npgsql;
|
||||
|
||||
@@ -34,6 +36,8 @@ discordOptions.Validate();
|
||||
|
||||
builder.Services.AddSingleton(discordOptions);
|
||||
|
||||
builder.Logging.AddConsole();
|
||||
|
||||
builder.Services.AddSingleton<NpgsqlDataSource>(sp =>
|
||||
{
|
||||
var config = sp.GetRequiredService<IConfiguration>();
|
||||
@@ -82,12 +86,13 @@ builder.Services
|
||||
options.Token = discordOptions.Token;
|
||||
options.Intents = GatewayIntents.Guilds;
|
||||
})
|
||||
.AddApplicationCommands()
|
||||
.AddApplicationCommands<SlashCommandInteraction, SlashCommandContext>()
|
||||
.AddComponentInteractions<ButtonInteraction, ButtonInteractionContext>()
|
||||
.AddGatewayHandlers(typeof(Program).Assembly);
|
||||
|
||||
var host = builder.Build();
|
||||
|
||||
host.AddSlashCommand("ping", "Checks whether GM-Relay Discord is online.", () => "Pong!");
|
||||
host.AddModules(typeof(Program).Assembly);
|
||||
|
||||
await host.RunAsync();
|
||||
|
||||
@@ -28,6 +28,12 @@
|
||||
"resolved": "2.1.72",
|
||||
"contentHash": "ns4mGqQd9a/MhP8m6w556vVlZIa0/MfUu03zrxjZC/jlr1uVCsUac8bkdB+Fs98Llbd56rRSo1eZH5VVmeGZyw=="
|
||||
},
|
||||
"Dapper.AOT": {
|
||||
"type": "Direct",
|
||||
"requested": "[1.0.48, )",
|
||||
"resolved": "1.0.48",
|
||||
"contentHash": "rsLM3yKr4g+YKKox9lhc8D+kz67P7Q9+xdyn1LmCsoYr1kYpJSm+Nt6slo5UrfUrcTiGJ57zUlyO8XUdV7G7iA=="
|
||||
},
|
||||
"Microsoft.Extensions.Hosting": {
|
||||
"type": "Direct",
|
||||
"requested": "[10.0.5, )",
|
||||
|
||||
@@ -34,6 +34,13 @@
|
||||
</svg>
|
||||
Шаблоны
|
||||
</NavLink>
|
||||
<NavLink class="nav-item" href="profile" @onclick="CloseMenu">
|
||||
<svg class="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
|
||||
<path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/>
|
||||
<circle cx="12" cy="7" r="4"/>
|
||||
</svg>
|
||||
Профиль
|
||||
</NavLink>
|
||||
</div>
|
||||
|
||||
<div class="nav-footer">
|
||||
@@ -66,7 +73,7 @@
|
||||
</button>
|
||||
</form>
|
||||
|
||||
<div class="nav-version">v2.8.0</div>
|
||||
<div class="nav-version">v3.0.9</div>
|
||||
</div>
|
||||
</Authorized>
|
||||
<NotAuthorized>
|
||||
|
||||
@@ -0,0 +1,191 @@
|
||||
@page "/profile"
|
||||
@using Microsoft.AspNetCore.Authorization
|
||||
@using Microsoft.AspNetCore.Components.Authorization
|
||||
@using Microsoft.Extensions.Configuration
|
||||
@attribute [Authorize]
|
||||
@inject ISessionStore SessionStore
|
||||
@inject IConfiguration Configuration
|
||||
@inject NavigationManager Navigation
|
||||
|
||||
<PageTitle>Профиль — GM-Relay</PageTitle>
|
||||
|
||||
<div class="profile-container">
|
||||
<h1 class="page-title">Профиль</h1>
|
||||
|
||||
@if (identities is null)
|
||||
{
|
||||
<p class="loading-text">Загрузка...</p>
|
||||
}
|
||||
else if (identities.Count == 0)
|
||||
{
|
||||
<div class="profile-card">
|
||||
<p>Связанные аккаунты не найдены.</p>
|
||||
</div>
|
||||
}
|
||||
else
|
||||
{
|
||||
<div class="profile-card">
|
||||
<h2 class="section-title">Связанные аккаунты</h2>
|
||||
<ul class="identity-list">
|
||||
@foreach (var id in identities)
|
||||
{
|
||||
<li class="identity-item">
|
||||
<div class="identity-info">
|
||||
<span class="identity-platform">@id.Platform</span>
|
||||
<span class="identity-name">@id.DisplayName</span>
|
||||
</div>
|
||||
@if (id.Platform != currentPlatform || id.ExternalUserId != currentExternalUserId)
|
||||
{
|
||||
<button class="btn btn-secondary btn-small"
|
||||
@onclick="() => Unlink(id.Platform, id.ExternalUserId)"
|
||||
disabled="@isUnlinking">
|
||||
Отвязать
|
||||
</button>
|
||||
}
|
||||
else
|
||||
{
|
||||
<span class="identity-badge">Текущий</span>
|
||||
}
|
||||
</li>
|
||||
}
|
||||
</ul>
|
||||
</div>
|
||||
}
|
||||
|
||||
<div class="profile-card">
|
||||
<h2 class="section-title">Добавить аккаунт</h2>
|
||||
@if (!HasLinkedPlatform("Discord"))
|
||||
{
|
||||
<a href="/auth/discord" class="btn btn-primary">
|
||||
Привязать Discord
|
||||
</a>
|
||||
}
|
||||
else
|
||||
{
|
||||
<p class="muted-text">Discord уже привязан.</p>
|
||||
}
|
||||
|
||||
@if (currentPlatform == "Discord" && !HasLinkedPlatform("Telegram"))
|
||||
{
|
||||
var botUsername = Configuration["Telegram__BotUsername"] ?? Configuration["Telegram:BotUsername"];
|
||||
if (!string.IsNullOrWhiteSpace(botUsername))
|
||||
{
|
||||
var authUrl = new Uri(new Uri(Navigation.BaseUri), "auth/telegram").ToString();
|
||||
var widgetHtml = $"<script async src=\"https://telegram.org/js/telegram-widget.js?22\" data-telegram-login=\"{botUsername}\" data-size=\"large\" data-auth-url=\"{authUrl}\" data-request-access=\"write\"></script>";
|
||||
<div class="telegram-widget-wrapper">
|
||||
@((MarkupString)widgetHtml)
|
||||
</div>
|
||||
}
|
||||
}
|
||||
</div>
|
||||
|
||||
@if (!string.IsNullOrWhiteSpace(errorMessage))
|
||||
{
|
||||
<div class="alert alert-error">@errorMessage</div>
|
||||
}
|
||||
|
||||
@if (!string.IsNullOrWhiteSpace(successMessage))
|
||||
{
|
||||
<div class="alert alert-success">@successMessage</div>
|
||||
}
|
||||
</div>
|
||||
|
||||
@code {
|
||||
private List<LinkedIdentity>? identities;
|
||||
private string? currentPlatform;
|
||||
private string? currentExternalUserId;
|
||||
private bool isUnlinking;
|
||||
private string? errorMessage;
|
||||
private string? successMessage;
|
||||
|
||||
[CascadingParameter]
|
||||
private Task<AuthenticationState>? AuthenticationStateTask { get; set; }
|
||||
|
||||
[SupplyParameterFromQuery]
|
||||
public string? Linked { get; set; }
|
||||
|
||||
[SupplyParameterFromQuery(Name = "link_error")]
|
||||
public string? LinkError { get; set; }
|
||||
|
||||
protected override async Task OnInitializedAsync()
|
||||
{
|
||||
if (AuthenticationStateTask is not null)
|
||||
{
|
||||
var authState = await AuthenticationStateTask;
|
||||
var user = authState.User;
|
||||
if (user.TryGetPlatformIdentity(out var plat, out var extId))
|
||||
{
|
||||
currentPlatform = plat;
|
||||
currentExternalUserId = extId;
|
||||
}
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(Linked))
|
||||
{
|
||||
successMessage = $"{Linked} аккаунт успешно привязан!";
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(LinkError))
|
||||
{
|
||||
errorMessage = $"Ошибка привязки: {Uri.UnescapeDataString(LinkError)}";
|
||||
}
|
||||
|
||||
await LoadIdentities();
|
||||
}
|
||||
|
||||
private async Task LoadIdentities()
|
||||
{
|
||||
try
|
||||
{
|
||||
if (currentPlatform is not null && currentExternalUserId is not null)
|
||||
{
|
||||
identities = await SessionStore.GetLinkedIdentitiesAsync(currentPlatform, currentExternalUserId);
|
||||
}
|
||||
else
|
||||
{
|
||||
identities = [];
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
errorMessage = $"Не удалось загрузить аккаунты: {ex.Message}";
|
||||
}
|
||||
}
|
||||
|
||||
private bool HasLinkedPlatform(string platform)
|
||||
{
|
||||
return identities?.Any(i => i.Platform == platform) ?? false;
|
||||
}
|
||||
|
||||
private async Task Unlink(string platform, string externalUserId)
|
||||
{
|
||||
isUnlinking = true;
|
||||
errorMessage = null;
|
||||
successMessage = null;
|
||||
|
||||
try
|
||||
{
|
||||
if (currentPlatform is null || currentExternalUserId is null)
|
||||
{
|
||||
errorMessage = "Не удалось определить текущего пользователя.";
|
||||
return;
|
||||
}
|
||||
|
||||
await SessionStore.UnlinkIdentityAsync(currentPlatform, currentExternalUserId, platform, externalUserId);
|
||||
successMessage = $"{platform} аккаунт отвязан.";
|
||||
await LoadIdentities();
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
errorMessage = $"Ошибка отвязки: {ex.Message}";
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
errorMessage = $"Ошибка отвязки: {ex.Message}";
|
||||
}
|
||||
finally
|
||||
{
|
||||
isUnlinking = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
+86
-25
@@ -39,6 +39,7 @@ builder.AddNpgsqlDataSource("gmrelaydb");
|
||||
builder.Services.AddSingleton<TelegramAuthService>();
|
||||
builder.Services.Configure<DiscordOAuthOptions>(builder.Configuration.GetSection("Discord"));
|
||||
builder.Services.AddSingleton<DiscordAuthService>();
|
||||
builder.Services.AddSingleton<DiscordOAuthStateStore>();
|
||||
builder.Services.AddSingleton<ISessionStore, SessionService>();
|
||||
builder.Services.AddScoped<AuthorizedSessionService>();
|
||||
builder.Services.AddScoped<CalendarSubscriptionService>();
|
||||
@@ -60,7 +61,7 @@ builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationSc
|
||||
options.AccessDeniedPath = "/access-denied";
|
||||
options.Cookie.HttpOnly = true;
|
||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = SameSiteMode.Strict;
|
||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
||||
options.ExpireTimeSpan = TimeSpan.FromDays(7);
|
||||
options.SlidingExpiration = true;
|
||||
});
|
||||
@@ -122,19 +123,39 @@ app.MapHealthChecks("/alive", new HealthCheckOptions
|
||||
});
|
||||
|
||||
// Endpoint to handle Telegram Login callback
|
||||
app.MapGet("/auth/telegram", async (HttpContext context, TelegramAuthService authService) =>
|
||||
app.MapGet("/auth/telegram", async (HttpContext context, TelegramAuthService authService, ISessionStore sessionStore) =>
|
||||
{
|
||||
if (authService.Verify(context.Request.Query, out var telegramId, out var name))
|
||||
if (!authService.Verify(context.Request.Query, out var telegramId, out var name))
|
||||
return Results.Redirect("/login?error=auth_failed");
|
||||
|
||||
await sessionStore.UpsertPlayerAsync("Telegram", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture), name, null);
|
||||
|
||||
// If already authenticated via another platform, link instead of replacing session
|
||||
if (context.User.Identity?.IsAuthenticated == true
|
||||
&& context.User.TryGetPlatformIdentity(out var currentPlatform, out var currentExternalUserId)
|
||||
&& currentPlatform != "Telegram")
|
||||
{
|
||||
var authProperties = new AuthenticationProperties { IsPersistent = true };
|
||||
await context.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
CreateTelegramPrincipal(telegramId, name),
|
||||
authProperties);
|
||||
return Results.Redirect("/");
|
||||
try
|
||||
{
|
||||
// Always make Telegram the primary (it has the historical data/groups)
|
||||
await sessionStore.LinkIdentityAsync(
|
||||
"Telegram", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture),
|
||||
currentPlatform, currentExternalUserId,
|
||||
name);
|
||||
return Results.Redirect("/profile?linked=telegram");
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
return Results.Redirect($"/profile?link_error={Uri.EscapeDataString(ex.Message)}");
|
||||
}
|
||||
}
|
||||
|
||||
return Results.Redirect("/login?error=auth_failed");
|
||||
var authProperties = new AuthenticationProperties { IsPersistent = true };
|
||||
await context.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
CreateTelegramPrincipal(telegramId, name),
|
||||
authProperties);
|
||||
return Results.Redirect("/");
|
||||
});
|
||||
|
||||
app.MapPost("/auth/telegram-webapp", async (
|
||||
@@ -185,16 +206,9 @@ app.MapPost("/auth/logout", async (HttpContext context) =>
|
||||
});
|
||||
|
||||
// Discord OAuth endpoints
|
||||
app.MapGet("/auth/discord", (HttpContext context, DiscordAuthService discordAuth) =>
|
||||
app.MapGet("/auth/discord", (DiscordAuthService discordAuth, DiscordOAuthStateStore stateStore) =>
|
||||
{
|
||||
var state = Guid.NewGuid().ToString("N");
|
||||
context.Response.Cookies.Append("__DiscordOAuthState", state, new CookieOptions
|
||||
{
|
||||
HttpOnly = true,
|
||||
Secure = true,
|
||||
SameSite = SameSiteMode.Strict,
|
||||
MaxAge = TimeSpan.FromMinutes(5)
|
||||
});
|
||||
var state = stateStore.CreateState();
|
||||
var url = discordAuth.BuildAuthorizeUrl(state);
|
||||
return Results.Redirect(url);
|
||||
});
|
||||
@@ -202,19 +216,15 @@ app.MapGet("/auth/discord", (HttpContext context, DiscordAuthService discordAuth
|
||||
app.MapGet("/auth/discord/callback", async (
|
||||
HttpContext context,
|
||||
DiscordAuthService discordAuth,
|
||||
DiscordOAuthStateStore stateStore,
|
||||
ISessionStore sessionStore) =>
|
||||
{
|
||||
var code = context.Request.Query["code"].ToString();
|
||||
var state = context.Request.Query["state"].ToString();
|
||||
var storedState = context.Request.Cookies["__DiscordOAuthState"];
|
||||
|
||||
context.Response.Cookies.Delete("__DiscordOAuthState");
|
||||
|
||||
if (string.IsNullOrWhiteSpace(code) ||
|
||||
string.IsNullOrWhiteSpace(state) ||
|
||||
!CryptographicOperations.FixedTimeEquals(
|
||||
System.Text.Encoding.UTF8.GetBytes(state),
|
||||
System.Text.Encoding.UTF8.GetBytes(storedState ?? string.Empty)))
|
||||
!stateStore.ValidateAndRemove(state))
|
||||
{
|
||||
return Results.Redirect("/login?error=auth_failed");
|
||||
}
|
||||
@@ -225,6 +235,25 @@ app.MapGet("/auth/discord/callback", async (
|
||||
|
||||
await sessionStore.UpsertDiscordUserAsync(user.Id, user.DisplayName, user.AvatarUrl);
|
||||
|
||||
// If already authenticated via another platform, link instead of replacing session
|
||||
if (context.User.Identity?.IsAuthenticated == true
|
||||
&& context.User.TryGetPlatformIdentity(out var currentPlatform, out var currentExternalUserId)
|
||||
&& currentPlatform != "Discord")
|
||||
{
|
||||
try
|
||||
{
|
||||
await sessionStore.LinkIdentityAsync(
|
||||
currentPlatform, currentExternalUserId,
|
||||
"Discord", user.Id,
|
||||
user.DisplayName);
|
||||
return Results.Redirect("/profile?linked=discord");
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
return Results.Redirect($"/profile?link_error={Uri.EscapeDataString(ex.Message)}");
|
||||
}
|
||||
}
|
||||
|
||||
var authProperties = new AuthenticationProperties { IsPersistent = true };
|
||||
await context.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
@@ -234,6 +263,38 @@ app.MapGet("/auth/discord/callback", async (
|
||||
return Results.Redirect("/");
|
||||
});
|
||||
|
||||
// Identity linking API endpoints
|
||||
app.MapGet("/api/me/identities", async (
|
||||
HttpContext context,
|
||||
ISessionStore sessionStore) =>
|
||||
{
|
||||
if (!context.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
|
||||
return Results.Unauthorized();
|
||||
|
||||
var identities = await sessionStore.GetLinkedIdentitiesAsync(platform, externalUserId);
|
||||
return Results.Ok(identities);
|
||||
}).RequireAuthorization();
|
||||
|
||||
app.MapDelete("/api/me/identities/{targetPlatform}/{targetExternalUserId}", async (
|
||||
HttpContext context,
|
||||
ISessionStore sessionStore,
|
||||
string targetPlatform,
|
||||
string targetExternalUserId) =>
|
||||
{
|
||||
if (!context.User.TryGetPlatformIdentity(out var platform, out var externalUserId))
|
||||
return Results.Unauthorized();
|
||||
|
||||
try
|
||||
{
|
||||
await sessionStore.UnlinkIdentityAsync(platform, externalUserId, targetPlatform, targetExternalUserId);
|
||||
return Results.NoContent();
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
return Results.BadRequest(new { error = ex.Message });
|
||||
}
|
||||
}).RequireAuthorization();
|
||||
|
||||
// Public calendar subscription endpoint (no auth required)
|
||||
app.MapGet("/calendar/{token}.ics", async (
|
||||
string token,
|
||||
|
||||
@@ -5,7 +5,7 @@ using System.Text.Json.Serialization;
|
||||
|
||||
namespace GmRelay.Web.Services;
|
||||
|
||||
public sealed class DiscordAuthService(IHttpClientFactory httpClientFactory, IConfiguration configuration)
|
||||
public sealed class DiscordAuthService(IHttpClientFactory httpClientFactory, IConfiguration configuration, ILogger<DiscordAuthService> logger)
|
||||
{
|
||||
private readonly DiscordOAuthOptions _options = configuration.GetSection("Discord").Get<DiscordOAuthOptions>() ?? new DiscordOAuthOptions();
|
||||
|
||||
@@ -40,10 +40,14 @@ public sealed class DiscordAuthService(IHttpClientFactory httpClientFactory, ICo
|
||||
});
|
||||
|
||||
var response = await client.PostAsync("https://discord.com/api/oauth2/token", content);
|
||||
if (!response.IsSuccessStatusCode)
|
||||
return null;
|
||||
|
||||
var json = await response.Content.ReadAsStringAsync();
|
||||
if (!response.IsSuccessStatusCode)
|
||||
{
|
||||
logger.LogError("Discord token exchange failed: {StatusCode} {Body}. client_id={ClientId}, redirect_uri={RedirectUri}",
|
||||
(int)response.StatusCode, json, _options.ClientId, _options.RedirectUri);
|
||||
return null;
|
||||
}
|
||||
|
||||
return JsonSerializer.Deserialize<DiscordTokenResponse>(json);
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
namespace GmRelay.Web.Services;
|
||||
|
||||
public sealed class DiscordOAuthStateStore(ILogger<DiscordOAuthStateStore> logger)
|
||||
{
|
||||
private readonly System.Collections.Concurrent.ConcurrentDictionary<string, DateTime> _states = new();
|
||||
|
||||
public string CreateState()
|
||||
{
|
||||
var state = Guid.NewGuid().ToString("N");
|
||||
_states[state] = DateTime.UtcNow.AddMinutes(5);
|
||||
logger.LogDebug("Discord OAuth state created: {State}", state);
|
||||
return state;
|
||||
}
|
||||
|
||||
public bool ValidateAndRemove(string state)
|
||||
{
|
||||
if (!_states.TryRemove(state, out var expiresAt))
|
||||
{
|
||||
logger.LogWarning("Discord OAuth state not found or already used: {State}", state);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (DateTime.UtcNow > expiresAt)
|
||||
{
|
||||
logger.LogWarning("Discord OAuth state expired: {State}", state);
|
||||
return false;
|
||||
}
|
||||
|
||||
logger.LogDebug("Discord OAuth state validated: {State}", state);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -53,4 +53,19 @@ public interface ISessionStore
|
||||
Task LogSessionChangeAsync(Guid sessionId, string actorExternalUserId, string actorName, string changeType, string? oldValue, string? newValue);
|
||||
Task<List<SessionAuditLogEntry>> GetSessionHistoryAsync(Guid sessionId);
|
||||
Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl);
|
||||
|
||||
// --- Identity linking (issue #35) ---
|
||||
Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId);
|
||||
Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId);
|
||||
Task LinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId, string? currentName);
|
||||
Task UnlinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId);
|
||||
Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl);
|
||||
}
|
||||
|
||||
public sealed record LinkedIdentity(
|
||||
string Platform,
|
||||
string ExternalUserId,
|
||||
string DisplayName,
|
||||
string? ExternalUsername,
|
||||
string? AvatarUrl,
|
||||
DateTime LinkedAt);
|
||||
|
||||
@@ -104,6 +104,10 @@ public sealed class SessionService(
|
||||
public async Task<List<WebGameGroup>> GetGroupsForUserAsync(string platform, string externalUserId)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
|
||||
if (effectiveId is null)
|
||||
return [];
|
||||
|
||||
return (await conn.QueryAsync<WebGameGroup>(
|
||||
"""
|
||||
SELECT g.id,
|
||||
@@ -113,13 +117,11 @@ public sealed class SessionService(
|
||||
g.platform AS Platform,
|
||||
gm.role AS ManagerRole
|
||||
FROM group_managers gm
|
||||
JOIN players p ON p.id = gm.player_id
|
||||
JOIN game_groups g ON g.id = gm.group_id
|
||||
WHERE p.platform = @Platform
|
||||
AND p.external_user_id = @ExternalUserId
|
||||
WHERE gm.player_id = @PlayerId
|
||||
ORDER BY g.name
|
||||
""",
|
||||
new { Platform = platform, ExternalUserId = externalUserId })).ToList();
|
||||
new { PlayerId = effectiveId.Value })).ToList();
|
||||
}
|
||||
|
||||
public async Task<WebGameGroup?> GetGroupAsync(Guid groupId)
|
||||
@@ -142,36 +144,40 @@ public sealed class SessionService(
|
||||
public async Task<bool> IsGroupManagerAsync(Guid groupId, string platform, string externalUserId)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
|
||||
if (effectiveId is null)
|
||||
return false;
|
||||
|
||||
return await conn.ExecuteScalarAsync<bool>(
|
||||
"""
|
||||
SELECT EXISTS (
|
||||
SELECT 1
|
||||
FROM group_managers gm
|
||||
JOIN players p ON p.id = gm.player_id
|
||||
WHERE gm.group_id = @GroupId
|
||||
AND p.platform = @Platform
|
||||
AND p.external_user_id = @ExternalUserId
|
||||
FROM group_managers
|
||||
WHERE group_id = @GroupId
|
||||
AND player_id = @PlayerId
|
||||
)
|
||||
""",
|
||||
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId });
|
||||
new { GroupId = groupId, PlayerId = effectiveId.Value });
|
||||
}
|
||||
|
||||
public async Task<bool> IsGroupOwnerAsync(Guid groupId, string platform, string externalUserId)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
|
||||
if (effectiveId is null)
|
||||
return false;
|
||||
|
||||
return await conn.ExecuteScalarAsync<bool>(
|
||||
"""
|
||||
SELECT EXISTS (
|
||||
SELECT 1
|
||||
FROM group_managers gm
|
||||
JOIN players p ON p.id = gm.player_id
|
||||
WHERE gm.group_id = @GroupId
|
||||
AND p.platform = @Platform
|
||||
AND p.external_user_id = @ExternalUserId
|
||||
AND gm.role = @OwnerRole
|
||||
FROM group_managers
|
||||
WHERE group_id = @GroupId
|
||||
AND player_id = @PlayerId
|
||||
AND role = @OwnerRole
|
||||
)
|
||||
""",
|
||||
new { GroupId = groupId, Platform = platform, ExternalUserId = externalUserId, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
|
||||
new { GroupId = groupId, PlayerId = effectiveId.Value, OwnerRole = GroupManagerRoleExtensions.OwnerValue });
|
||||
}
|
||||
|
||||
public async Task<List<WebGroupManager>> GetGroupManagersAsync(Guid groupId)
|
||||
@@ -255,22 +261,6 @@ public sealed class SessionService(
|
||||
return entries.ToList();
|
||||
}
|
||||
|
||||
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
await conn.ExecuteAsync(
|
||||
"""
|
||||
INSERT INTO players (display_name, platform, external_user_id, external_username)
|
||||
VALUES (@DisplayName, 'Discord', @DiscordId, @DisplayName)
|
||||
ON CONFLICT (platform, external_user_id)
|
||||
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
|
||||
DO UPDATE
|
||||
SET display_name = EXCLUDED.display_name,
|
||||
external_username = EXCLUDED.external_username
|
||||
""",
|
||||
new { DisplayName = displayName, DiscordId = discordId });
|
||||
}
|
||||
|
||||
public async Task AddGroupCoGmAsync(
|
||||
Guid groupId,
|
||||
string ownerPlatform, string ownerExternalUserId,
|
||||
@@ -280,35 +270,16 @@ public sealed class SessionService(
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
await using var transaction = await conn.BeginTransactionAsync();
|
||||
|
||||
await conn.ExecuteAsync(
|
||||
"""
|
||||
INSERT INTO players (display_name, telegram_username, platform, external_user_id, external_username)
|
||||
VALUES (@DisplayName, @ExternalUsername, @Platform, @ExternalUserId, @ExternalUsername)
|
||||
ON CONFLICT (platform, external_user_id)
|
||||
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
|
||||
DO UPDATE
|
||||
SET display_name = EXCLUDED.display_name,
|
||||
external_username = EXCLUDED.external_username
|
||||
""",
|
||||
new
|
||||
{
|
||||
DisplayName = displayName,
|
||||
ExternalUsername = externalUsername,
|
||||
Platform = coGmPlatform,
|
||||
ExternalUserId = coGmExternalUserId
|
||||
},
|
||||
transaction);
|
||||
var ownerPlayerId = await _ResolveEffectivePlayerIdAsync(conn, ownerPlatform, ownerExternalUserId);
|
||||
if (ownerPlayerId is null)
|
||||
throw new InvalidOperationException("Owner player not found.");
|
||||
|
||||
var coGmPlayerId = await _UpsertPlayerAndGetIdAsync(conn, coGmPlatform, coGmExternalUserId, displayName, externalUsername, transaction);
|
||||
|
||||
await conn.ExecuteAsync(
|
||||
"""
|
||||
INSERT INTO group_managers (group_id, player_id, role, added_by_player_id)
|
||||
SELECT @GroupId,
|
||||
co_gm.id,
|
||||
@CoGmRole,
|
||||
owner_player.id
|
||||
FROM players co_gm
|
||||
LEFT JOIN players owner_player ON owner_player.platform = @OwnerPlatform AND owner_player.external_user_id = @OwnerExternalUserId
|
||||
WHERE co_gm.platform = @CoGmPlatform AND co_gm.external_user_id = @CoGmExternalUserId
|
||||
VALUES (@GroupId, @CoGmPlayerId, @CoGmRole, @OwnerPlayerId)
|
||||
ON CONFLICT (group_id, player_id) DO UPDATE
|
||||
SET role = CASE
|
||||
WHEN group_managers.role = @OwnerRole THEN group_managers.role
|
||||
@@ -319,10 +290,8 @@ public sealed class SessionService(
|
||||
new
|
||||
{
|
||||
GroupId = groupId,
|
||||
OwnerPlatform = ownerPlatform,
|
||||
OwnerExternalUserId = ownerExternalUserId,
|
||||
CoGmPlatform = coGmPlatform,
|
||||
CoGmExternalUserId = coGmExternalUserId,
|
||||
OwnerPlayerId = ownerPlayerId.Value,
|
||||
CoGmPlayerId = coGmPlayerId,
|
||||
OwnerRole = GroupManagerRoleExtensions.OwnerValue,
|
||||
CoGmRole = GroupManagerRoleExtensions.CoGmValue
|
||||
},
|
||||
@@ -334,21 +303,21 @@ public sealed class SessionService(
|
||||
public async Task RemoveGroupCoGmAsync(Guid groupId, string coGmPlatform, string coGmExternalUserId)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
var coGmPlayerId = await _ResolveEffectivePlayerIdAsync(conn, coGmPlatform, coGmExternalUserId);
|
||||
if (coGmPlayerId is null)
|
||||
return;
|
||||
|
||||
await conn.ExecuteAsync(
|
||||
"""
|
||||
DELETE FROM group_managers gm
|
||||
USING players p
|
||||
WHERE gm.player_id = p.id
|
||||
AND gm.group_id = @GroupId
|
||||
AND p.platform = @Platform
|
||||
AND p.external_user_id = @ExternalUserId
|
||||
AND gm.role = @CoGmRole
|
||||
DELETE FROM group_managers
|
||||
WHERE group_id = @GroupId
|
||||
AND player_id = @PlayerId
|
||||
AND role = @CoGmRole
|
||||
""",
|
||||
new
|
||||
{
|
||||
GroupId = groupId,
|
||||
Platform = coGmPlatform,
|
||||
ExternalUserId = coGmExternalUserId,
|
||||
PlayerId = coGmPlayerId.Value,
|
||||
CoGmRole = GroupManagerRoleExtensions.CoGmValue
|
||||
});
|
||||
}
|
||||
@@ -1371,4 +1340,258 @@ public sealed class SessionService(
|
||||
new { BatchId = batchId, GroupId = groupId },
|
||||
transaction);
|
||||
}
|
||||
|
||||
// --- Identity linking (issue #35) ---
|
||||
|
||||
public async Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
return await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
|
||||
}
|
||||
|
||||
public async Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
|
||||
var effectiveId = await _ResolveEffectivePlayerIdAsync(conn, platform, externalUserId);
|
||||
if (effectiveId is null)
|
||||
return [];
|
||||
|
||||
return (await conn.QueryAsync<LinkedIdentity>(
|
||||
"""
|
||||
SELECT p.platform AS Platform,
|
||||
p.external_user_id AS ExternalUserId,
|
||||
p.display_name AS DisplayName,
|
||||
p.external_username AS ExternalUsername,
|
||||
p.avatar_url AS AvatarUrl,
|
||||
COALESCE(pl.linked_at, p.created_at) AS LinkedAt
|
||||
FROM players p
|
||||
LEFT JOIN player_links pl ON pl.secondary_player_id = p.id
|
||||
WHERE pl.primary_player_id = @EffectiveId
|
||||
OR p.id = @EffectiveId
|
||||
ORDER BY CASE WHEN p.id = @EffectiveId THEN 0 ELSE 1 END,
|
||||
p.platform
|
||||
""",
|
||||
new { EffectiveId = effectiveId.Value })).ToList();
|
||||
}
|
||||
|
||||
public async Task LinkIdentityAsync(
|
||||
string currentPlatform, string currentExternalUserId,
|
||||
string targetPlatform, string targetExternalUserId,
|
||||
string? currentName)
|
||||
{
|
||||
if (currentPlatform == targetPlatform && currentExternalUserId == targetExternalUserId)
|
||||
throw new InvalidOperationException("Cannot link an identity to itself.");
|
||||
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
await using var transaction = await conn.BeginTransactionAsync();
|
||||
|
||||
// Resolve current player (must exist — they are logged in)
|
||||
var currentPlayerId = await _ResolvePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
|
||||
if (currentPlayerId is null)
|
||||
throw new InvalidOperationException("Current player not found.");
|
||||
|
||||
// Upsert target player so it exists
|
||||
var targetDisplayName = currentName ?? $"{targetPlatform} {targetExternalUserId}";
|
||||
var targetPlayerId = await _UpsertPlayerAndGetIdAsync(conn, targetPlatform, targetExternalUserId, targetDisplayName, null, transaction);
|
||||
|
||||
// Check if target is already a primary of another link chain (conflict)
|
||||
var targetIsPrimary = await conn.ExecuteScalarAsync<bool>(
|
||||
"""
|
||||
SELECT EXISTS (
|
||||
SELECT 1 FROM player_links WHERE primary_player_id = @TargetPlayerId
|
||||
)
|
||||
""",
|
||||
new { TargetPlayerId = targetPlayerId }, transaction);
|
||||
|
||||
if (targetIsPrimary)
|
||||
{
|
||||
await _LogIdentityAuditAsync(conn, currentPlayerId.Value, "link_attempt_conflict",
|
||||
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
|
||||
await transaction.CommitAsync();
|
||||
throw new InvalidOperationException("Target identity is already the primary account of another linked set.");
|
||||
}
|
||||
|
||||
// Check if current is already a secondary (then their primary becomes the effective primary)
|
||||
var currentPrimaryId = await conn.QuerySingleOrDefaultAsync<Guid?>(
|
||||
"""
|
||||
SELECT primary_player_id
|
||||
FROM player_links
|
||||
WHERE secondary_player_id = @CurrentPlayerId
|
||||
""",
|
||||
new { CurrentPlayerId = currentPlayerId.Value }, transaction);
|
||||
|
||||
var effectiveCurrentPrimary = currentPrimaryId ?? currentPlayerId.Value;
|
||||
|
||||
// Check if target is already linked to someone else as secondary
|
||||
var existingLink = await conn.QuerySingleOrDefaultAsync<Guid?>(
|
||||
"""
|
||||
SELECT primary_player_id
|
||||
FROM player_links
|
||||
WHERE secondary_player_id = @TargetPlayerId
|
||||
""",
|
||||
new { TargetPlayerId = targetPlayerId }, transaction);
|
||||
|
||||
if (existingLink is not null && existingLink.Value != effectiveCurrentPrimary)
|
||||
{
|
||||
await _LogIdentityAuditAsync(conn, effectiveCurrentPrimary, "link_attempt_conflict",
|
||||
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
|
||||
await transaction.CommitAsync();
|
||||
throw new InvalidOperationException("Target identity is already linked to another account.");
|
||||
}
|
||||
|
||||
var effectivePrimary = currentPrimaryId ?? currentPlayerId.Value;
|
||||
|
||||
// Check if already linked
|
||||
var alreadyLinked = await conn.ExecuteScalarAsync<bool>(
|
||||
"""
|
||||
SELECT EXISTS (
|
||||
SELECT 1 FROM player_links
|
||||
WHERE primary_player_id = @EffectivePrimary AND secondary_player_id = @TargetPlayerId
|
||||
)
|
||||
""",
|
||||
new { EffectivePrimary = effectivePrimary, TargetPlayerId = targetPlayerId }, transaction);
|
||||
|
||||
if (alreadyLinked)
|
||||
{
|
||||
await transaction.CommitAsync();
|
||||
return; // Already linked, idempotent
|
||||
}
|
||||
|
||||
await conn.ExecuteAsync(
|
||||
"""
|
||||
INSERT INTO player_links (primary_player_id, secondary_player_id, linked_by_player_id)
|
||||
VALUES (@PrimaryPlayerId, @SecondaryPlayerId, @LinkedByPlayerId)
|
||||
""",
|
||||
new
|
||||
{
|
||||
PrimaryPlayerId = effectivePrimary,
|
||||
SecondaryPlayerId = targetPlayerId,
|
||||
LinkedByPlayerId = currentPlayerId.Value
|
||||
},
|
||||
transaction);
|
||||
|
||||
await _LogIdentityAuditAsync(conn, effectivePrimary, "link",
|
||||
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
|
||||
|
||||
await transaction.CommitAsync();
|
||||
}
|
||||
|
||||
public async Task UnlinkIdentityAsync(
|
||||
string currentPlatform, string currentExternalUserId,
|
||||
string targetPlatform, string targetExternalUserId)
|
||||
{
|
||||
if (currentPlatform == targetPlatform && currentExternalUserId == targetExternalUserId)
|
||||
throw new InvalidOperationException("Cannot unlink your own primary identity from itself.");
|
||||
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
await using var transaction = await conn.BeginTransactionAsync();
|
||||
|
||||
var currentPlayerId = await _ResolvePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
|
||||
if (currentPlayerId is null)
|
||||
throw new InvalidOperationException("Current player not found.");
|
||||
|
||||
var targetPlayerId = await _ResolvePlayerIdAsync(conn, targetPlatform, targetExternalUserId);
|
||||
if (targetPlayerId is null)
|
||||
throw new InvalidOperationException("Target identity not found.");
|
||||
|
||||
var effectivePrimary = await _ResolveEffectivePlayerIdAsync(conn, currentPlatform, currentExternalUserId);
|
||||
if (effectivePrimary is null)
|
||||
throw new InvalidOperationException("Effective primary not found.");
|
||||
|
||||
// Only the primary account owner (or the linked identity itself) can unlink
|
||||
var rows = await conn.ExecuteAsync(
|
||||
"""
|
||||
DELETE FROM player_links
|
||||
WHERE primary_player_id = @EffectivePrimary
|
||||
AND secondary_player_id = @TargetPlayerId
|
||||
""",
|
||||
new { EffectivePrimary = effectivePrimary.Value, TargetPlayerId = targetPlayerId.Value },
|
||||
transaction);
|
||||
|
||||
if (rows == 0)
|
||||
{
|
||||
await transaction.RollbackAsync();
|
||||
throw new InvalidOperationException("Identity is not linked to your account.");
|
||||
}
|
||||
|
||||
await _LogIdentityAuditAsync(conn, effectivePrimary.Value, "unlink",
|
||||
targetPlatform, targetExternalUserId, currentPlayerId.Value, transaction);
|
||||
|
||||
await transaction.CommitAsync();
|
||||
}
|
||||
|
||||
public async Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
await _UpsertPlayerAndGetIdAsync(conn, platform, externalUserId, displayName, avatarUrl, null);
|
||||
}
|
||||
|
||||
public async Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl)
|
||||
{
|
||||
await using var conn = await dataSource.OpenConnectionAsync();
|
||||
await _UpsertPlayerAndGetIdAsync(conn, "Discord", discordId, displayName, avatarUrl, null);
|
||||
}
|
||||
|
||||
// --- Private helpers ---
|
||||
|
||||
private static async Task<Guid?> _ResolvePlayerIdAsync(NpgsqlConnection conn, string platform, string externalUserId)
|
||||
{
|
||||
return await conn.QuerySingleOrDefaultAsync<Guid?>(
|
||||
"""
|
||||
SELECT id FROM players
|
||||
WHERE platform = @Platform AND external_user_id = @ExternalUserId
|
||||
""",
|
||||
new { Platform = platform, ExternalUserId = externalUserId });
|
||||
}
|
||||
|
||||
private static async Task<Guid?> _ResolveEffectivePlayerIdAsync(NpgsqlConnection conn, string platform, string externalUserId)
|
||||
{
|
||||
var playerId = await _ResolvePlayerIdAsync(conn, platform, externalUserId);
|
||||
if (playerId is null)
|
||||
return null;
|
||||
|
||||
var primaryId = await conn.QuerySingleOrDefaultAsync<Guid?>(
|
||||
"""
|
||||
SELECT primary_player_id FROM player_links
|
||||
WHERE secondary_player_id = @PlayerId
|
||||
""",
|
||||
new { PlayerId = playerId.Value });
|
||||
|
||||
return primaryId ?? playerId;
|
||||
}
|
||||
|
||||
private static async Task<Guid> _UpsertPlayerAndGetIdAsync(
|
||||
NpgsqlConnection conn, string platform, string externalUserId,
|
||||
string displayName, string? avatarUrl, NpgsqlTransaction? transaction)
|
||||
{
|
||||
return await conn.QuerySingleAsync<Guid>(
|
||||
"""
|
||||
INSERT INTO players (display_name, platform, external_user_id, external_username, avatar_url)
|
||||
VALUES (@DisplayName, @Platform, @ExternalUserId, @DisplayName, @AvatarUrl)
|
||||
ON CONFLICT (platform, external_user_id)
|
||||
WHERE platform IS NOT NULL AND external_user_id IS NOT NULL
|
||||
DO UPDATE
|
||||
SET display_name = EXCLUDED.display_name,
|
||||
external_username = EXCLUDED.external_username,
|
||||
avatar_url = COALESCE(EXCLUDED.avatar_url, players.avatar_url)
|
||||
RETURNING id
|
||||
""",
|
||||
new { DisplayName = displayName, Platform = platform, ExternalUserId = externalUserId, AvatarUrl = avatarUrl },
|
||||
transaction);
|
||||
}
|
||||
|
||||
private static async Task _LogIdentityAuditAsync(
|
||||
NpgsqlConnection conn, Guid playerId, string action,
|
||||
string? targetPlatform, string? targetExternalUserId,
|
||||
Guid? performedByPlayerId, NpgsqlTransaction? transaction)
|
||||
{
|
||||
await conn.ExecuteAsync(
|
||||
"""
|
||||
INSERT INTO identity_audit_log (player_id, action, target_platform, target_external_user_id, performed_by_player_id)
|
||||
VALUES (@PlayerId, @Action, @TargetPlatform, @TargetExternalUserId, @PerformedByPlayerId)
|
||||
""",
|
||||
new { PlayerId = playerId, Action = action, TargetPlatform = targetPlatform, TargetExternalUserId = targetExternalUserId, PerformedByPlayerId = performedByPlayerId },
|
||||
transaction);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -145,7 +145,7 @@ public sealed class DiscordNewSessionHandlerTests
|
||||
var source = File.ReadAllText(commandPath);
|
||||
|
||||
Assert.Contains("DiscordSessionBatchRenderer.Render", source, StringComparison.Ordinal);
|
||||
Assert.Contains("WithEmbeds", source, StringComparison.Ordinal);
|
||||
Assert.Contains("message.Embeds = embeds", source, StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
private static DateTimeOffset FutureDateAt1930()
|
||||
|
||||
@@ -40,6 +40,7 @@ public sealed class DiscordProjectStructureTests
|
||||
Assert.Contains("GmRelay.Shared.csproj", project);
|
||||
Assert.DoesNotContain("Telegram.Bot", project);
|
||||
Assert.DoesNotContain("GmRelay.Bot.csproj", project);
|
||||
Assert.Contains("Dapper.AOT", project);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
@@ -61,7 +62,7 @@ public sealed class DiscordProjectStructureTests
|
||||
var prChecks = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "pr-checks.yml"));
|
||||
var deploy = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml"));
|
||||
|
||||
Assert.Contains("gmrelay-discord-bot:2.8.0", compose);
|
||||
Assert.Contains("gmrelay-discord-bot:3.0.9", compose);
|
||||
Assert.Contains("Discord__Token=${DISCORD_BOT_TOKEN:?Set DISCORD_BOT_TOKEN in .env}", compose);
|
||||
Assert.Contains("src/GmRelay.DiscordBot/Dockerfile", deploy);
|
||||
Assert.Contains("DISCORD_BOT_TOKEN", deploy);
|
||||
@@ -75,13 +76,13 @@ public sealed class DiscordProjectStructureTests
|
||||
{
|
||||
var repoRoot = GetRepoRoot();
|
||||
|
||||
Assert.Contains("<Version>2.8.0</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
|
||||
Assert.Contains("VERSION: 2.8.0", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
|
||||
Assert.Contains("gmrelay-bot:2.8.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-web:2.8.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-discord-bot:2.8.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("<Version>3.0.9</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
|
||||
Assert.Contains("VERSION: 3.0.9", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
|
||||
Assert.Contains("gmrelay-bot:3.0.9", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-web:3.0.9", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-discord-bot:3.0.9", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains(
|
||||
"v2.8.0",
|
||||
"v3.0.9",
|
||||
File.ReadAllText(Path.Combine(repoRoot, "src", "GmRelay.Web", "Components", "Layout", "NavMenu.razor")));
|
||||
}
|
||||
|
||||
@@ -94,6 +95,16 @@ public sealed class DiscordProjectStructureTests
|
||||
Assert.Contains("DISCORD_BOT_TOKEN", envExample);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Readme_ShouldNotAskForUnusedDiscordBotClientId()
|
||||
{
|
||||
var repoRoot = GetRepoRoot();
|
||||
var readme = File.ReadAllText(Path.Combine(repoRoot, "README.md"));
|
||||
|
||||
Assert.DoesNotContain("DISCORD_BOT_CLIENT_ID", readme);
|
||||
Assert.Contains("DISCORD_CLIENT_ID", readme);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Compose_ShouldIncludeDiscordHealthcheck()
|
||||
{
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Reflection;
|
||||
using GmRelay.DiscordBot.Features.Sessions;
|
||||
using NetCord.Services.ApplicationCommands;
|
||||
|
||||
namespace GmRelay.Bot.Tests.Discord;
|
||||
|
||||
@@ -47,6 +50,41 @@ public sealed class DiscordStartupTests
|
||||
Assert.Contains(".AddComponentInteractions", program);
|
||||
Assert.Contains(".AddGatewayHandlers", program);
|
||||
Assert.Contains("AddSlashCommand", program);
|
||||
Assert.Contains("AddModules(typeof(Program).Assembly)", program);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(typeof(DiscordNewSessionCommand), "newsession")]
|
||||
[InlineData(typeof(DiscordListSessionsCommand), "listsessions")]
|
||||
[InlineData(typeof(DiscordRescheduleCommand), "reschedule")]
|
||||
public void DiscordSessionSlashCommands_ShouldBeDeclaredOnModuleMethods(Type moduleType, string commandName)
|
||||
{
|
||||
var executeMethod = moduleType.GetMethod("ExecuteAsync", BindingFlags.Instance | BindingFlags.Public);
|
||||
|
||||
Assert.NotNull(executeMethod);
|
||||
|
||||
var methodAttribute = Assert.Single(executeMethod.GetCustomAttributes<SlashCommandAttribute>(inherit: false));
|
||||
var nameProperty = typeof(SlashCommandAttribute).GetProperty("Name")
|
||||
?? throw new InvalidOperationException("SlashCommandAttribute should expose command name.");
|
||||
|
||||
Assert.Equal(commandName, nameProperty.GetValue(methodAttribute));
|
||||
Assert.Empty(moduleType.GetCustomAttributes<SlashCommandAttribute>(inherit: false));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void DiscordSessionSlashCommands_ShouldBeDiscoverableByNetCordService()
|
||||
{
|
||||
var service = new ApplicationCommandService<SlashCommandContext>();
|
||||
|
||||
service.AddModules(typeof(DiscordNewSessionCommand).Assembly);
|
||||
|
||||
var commandNames = service.GetCommands()
|
||||
.Select(command => command.Name)
|
||||
.ToArray();
|
||||
|
||||
Assert.Contains("newsession", commandNames);
|
||||
Assert.Contains("listsessions", commandNames);
|
||||
Assert.Contains("reschedule", commandNames);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
||||
@@ -1121,6 +1121,21 @@ public sealed class AuthorizedSessionServiceTests
|
||||
public Task UpsertDiscordUserAsync(string discordId, string displayName, string? avatarUrl) =>
|
||||
Task.CompletedTask;
|
||||
|
||||
public Task<Guid?> ResolveEffectivePlayerIdAsync(string platform, string externalUserId) =>
|
||||
Task.FromResult<Guid?>(Guid.NewGuid());
|
||||
|
||||
public Task<List<LinkedIdentity>> GetLinkedIdentitiesAsync(string platform, string externalUserId) =>
|
||||
Task.FromResult(new List<LinkedIdentity>());
|
||||
|
||||
public Task LinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId, string? currentName) =>
|
||||
Task.CompletedTask;
|
||||
|
||||
public Task UnlinkIdentityAsync(string currentPlatform, string currentExternalUserId, string targetPlatform, string targetExternalUserId) =>
|
||||
Task.CompletedTask;
|
||||
|
||||
public Task UpsertPlayerAsync(string platform, string externalUserId, string displayName, string? avatarUrl) =>
|
||||
Task.CompletedTask;
|
||||
|
||||
private bool IsManager(Guid groupId, long telegramId) =>
|
||||
IsOwner(groupId, telegramId) ||
|
||||
managers.Any(manager => manager.GroupId == groupId && manager.TelegramId == telegramId);
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace GmRelay.Bot.Tests.Web;
|
||||
|
||||
public sealed class CookieAuthOptionsTests
|
||||
{
|
||||
[Fact]
|
||||
public void CookieAuthOptions_ShouldUseLaxSameSite_ToAllowOAuthCallback()
|
||||
{
|
||||
// Arrange
|
||||
var services = new ServiceCollection();
|
||||
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddCookie(options =>
|
||||
{
|
||||
options.Cookie.HttpOnly = true;
|
||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
||||
options.ExpireTimeSpan = TimeSpan.FromDays(7);
|
||||
options.SlidingExpiration = true;
|
||||
});
|
||||
|
||||
var provider = services.BuildServiceProvider();
|
||||
var optionsMonitor = provider.GetRequiredService<IOptionsMonitor<CookieAuthenticationOptions>>();
|
||||
var options = optionsMonitor.Get(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
|
||||
// Assert
|
||||
Assert.Equal(SameSiteMode.Lax, options.Cookie.SameSite);
|
||||
Assert.True(options.Cookie.HttpOnly);
|
||||
Assert.Equal(CookieSecurePolicy.Always, options.Cookie.SecurePolicy);
|
||||
}
|
||||
}
|
||||
@@ -3,6 +3,7 @@ using System.Text.Json;
|
||||
using GmRelay.Web;
|
||||
using GmRelay.Web.Services;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
|
||||
namespace GmRelay.Bot.Tests.Web;
|
||||
|
||||
@@ -20,7 +21,7 @@ public class DiscordAuthServiceTests
|
||||
})
|
||||
.Build();
|
||||
|
||||
var service = new DiscordAuthService(new TestHttpClientFactory(), config);
|
||||
var service = new DiscordAuthService(new TestHttpClientFactory(), config, NullLogger<DiscordAuthService>.Instance);
|
||||
var url = service.BuildAuthorizeUrl("state123");
|
||||
|
||||
Assert.Contains("client_id=12345", url);
|
||||
@@ -33,7 +34,7 @@ public class DiscordAuthServiceTests
|
||||
public void BuildAuthorizeUrl_WithMissingConfig_ThrowsInvalidOperationException()
|
||||
{
|
||||
var config = new ConfigurationBuilder().Build();
|
||||
var service = new DiscordAuthService(new TestHttpClientFactory(), config);
|
||||
var service = new DiscordAuthService(new TestHttpClientFactory(), config, NullLogger<DiscordAuthService>.Instance);
|
||||
|
||||
Assert.Throws<InvalidOperationException>(() => service.BuildAuthorizeUrl("state"));
|
||||
}
|
||||
@@ -74,7 +75,7 @@ public class DiscordAuthServiceTests
|
||||
.Build();
|
||||
|
||||
var factory = new TestHttpClientFactory(handler);
|
||||
var service = new DiscordAuthService(factory, config);
|
||||
var service = new DiscordAuthService(factory, config, NullLogger<DiscordAuthService>.Instance);
|
||||
|
||||
var result = await service.ExchangeCodeAsync("valid_code");
|
||||
|
||||
@@ -102,7 +103,7 @@ public class DiscordAuthServiceTests
|
||||
.Build();
|
||||
|
||||
var factory = new TestHttpClientFactory(handler);
|
||||
var service = new DiscordAuthService(factory, config);
|
||||
var service = new DiscordAuthService(factory, config, NullLogger<DiscordAuthService>.Instance);
|
||||
|
||||
var result = await service.ExchangeCodeAsync("invalid_code");
|
||||
|
||||
|
||||
@@ -392,8 +392,8 @@
|
||||
"Aspire.Npgsql": "[13.2.2, )",
|
||||
"Dapper": "[2.1.72, )",
|
||||
"Dapper.AOT": "[1.0.48, )",
|
||||
"GmRelay.ServiceDefaults": "[2.5.0, )",
|
||||
"GmRelay.Shared": "[2.5.0, )",
|
||||
"GmRelay.ServiceDefaults": "[3.0.9, )",
|
||||
"GmRelay.Shared": "[3.0.9, )",
|
||||
"Npgsql": "[10.0.2, )",
|
||||
"Telegram.Bot": "[22.9.5.3, )",
|
||||
"dbup-postgresql": "[7.0.1, )"
|
||||
@@ -404,8 +404,9 @@
|
||||
"dependencies": {
|
||||
"Aspire.Npgsql": "[13.2.2, )",
|
||||
"Dapper": "[2.1.72, )",
|
||||
"GmRelay.ServiceDefaults": "[2.5.0, )",
|
||||
"GmRelay.Shared": "[2.5.0, )",
|
||||
"Dapper.AOT": "[1.0.48, )",
|
||||
"GmRelay.ServiceDefaults": "[3.0.9, )",
|
||||
"GmRelay.Shared": "[3.0.9, )",
|
||||
"NetCord.Hosting": "[1.0.0-alpha.489, )",
|
||||
"NetCord.Hosting.Services": "[1.0.0-alpha.489, )",
|
||||
"NetCord.Services": "[1.0.0-alpha.489, )",
|
||||
@@ -436,8 +437,8 @@
|
||||
"dependencies": {
|
||||
"Aspire.Npgsql": "[13.2.2, )",
|
||||
"Dapper": "[2.1.72, )",
|
||||
"GmRelay.ServiceDefaults": "[2.5.0, )",
|
||||
"GmRelay.Shared": "[2.5.0, )",
|
||||
"GmRelay.ServiceDefaults": "[3.0.9, )",
|
||||
"GmRelay.Shared": "[3.0.9, )",
|
||||
"Npgsql": "[10.0.2, )",
|
||||
"Telegram.Bot": "[22.9.6.1, )"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user