Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Toutsu
|
8214e052af | ||
|
Toutsu
|
2a233b2b1e | ||
|
Toutsu
|
5e3028e470 | ||
|
Toutsu
|
63193310f2 | ||
|
Toutsu
|
af37f3a8ec |
@@ -6,7 +6,7 @@ on:
|
||||
- main
|
||||
|
||||
env:
|
||||
VERSION: 3.0.0
|
||||
VERSION: 3.0.1
|
||||
|
||||
jobs:
|
||||
# ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<Project>
|
||||
<PropertyGroup>
|
||||
<Version>3.0.0</Version>
|
||||
<Version>3.0.1</Version>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<LangVersion>preview</LangVersion>
|
||||
<Nullable>enable</Nullable>
|
||||
|
||||
+3
-3
@@ -49,7 +49,7 @@ services:
|
||||
crond -f
|
||||
|
||||
bot:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-bot:3.0.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-bot:3.0.1
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
@@ -67,7 +67,7 @@ services:
|
||||
retries: 3
|
||||
|
||||
discord:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:3.0.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:3.0.1
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
@@ -84,7 +84,7 @@ services:
|
||||
retries: 3
|
||||
|
||||
web:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-web:3.0.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-web:3.0.1
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
-- =============================================================
|
||||
-- V021: Add avatar_url column to players table
|
||||
-- =============================================================
|
||||
-- Scope: Support storing avatar URLs for Discord and other platforms.
|
||||
-- =============================================================
|
||||
|
||||
ALTER TABLE players
|
||||
ADD COLUMN avatar_url VARCHAR(500);
|
||||
@@ -0,0 +1,16 @@
|
||||
-- =============================================================
|
||||
-- V022: Fix incorrectly oriented player_links for Discord↔Telegram
|
||||
-- =============================================================
|
||||
-- Scope: Reverse player_links where Discord was incorrectly made primary
|
||||
-- and Telegram secondary. Telegram (with historical group/session data)
|
||||
-- must always be the primary account.
|
||||
-- =============================================================
|
||||
|
||||
UPDATE player_links pl
|
||||
SET primary_player_id = pl.secondary_player_id,
|
||||
secondary_player_id = pl.primary_player_id
|
||||
FROM players p1, players p2
|
||||
WHERE pl.primary_player_id = p1.id
|
||||
AND pl.secondary_player_id = p2.id
|
||||
AND p1.platform = 'Discord'
|
||||
AND p2.platform = 'Telegram';
|
||||
@@ -73,7 +73,7 @@
|
||||
</button>
|
||||
</form>
|
||||
|
||||
<div class="nav-version">v3.0.0</div>
|
||||
<div class="nav-version">v3.0.1</div>
|
||||
</div>
|
||||
</Authorized>
|
||||
<NotAuthorized>
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
@page "/profile"
|
||||
@using Microsoft.AspNetCore.Authorization
|
||||
@using Microsoft.AspNetCore.Components.Authorization
|
||||
@using System.Net.Http.Json
|
||||
@using Microsoft.Extensions.Configuration
|
||||
@attribute [Authorize]
|
||||
@inject IHttpClientFactory HttpClientFactory
|
||||
@inject ISessionStore SessionStore
|
||||
@inject IConfiguration Configuration
|
||||
@inject NavigationManager Navigation
|
||||
|
||||
<PageTitle>Профиль — GM-Relay</PageTitle>
|
||||
@@ -55,7 +56,7 @@
|
||||
<h2 class="section-title">Добавить аккаунт</h2>
|
||||
@if (!HasLinkedPlatform("Discord"))
|
||||
{
|
||||
<a class="btn btn-primary" href="/auth/discord">
|
||||
<a href="/auth/discord" class="btn btn-primary">
|
||||
Привязать Discord
|
||||
</a>
|
||||
}
|
||||
@@ -63,6 +64,19 @@
|
||||
{
|
||||
<p class="muted-text">Discord уже привязан.</p>
|
||||
}
|
||||
|
||||
@if (currentPlatform == "Discord" && !HasLinkedPlatform("Telegram"))
|
||||
{
|
||||
var botUsername = Configuration["Telegram__BotUsername"] ?? Configuration["Telegram:BotUsername"];
|
||||
if (!string.IsNullOrWhiteSpace(botUsername))
|
||||
{
|
||||
var authUrl = new Uri(new Uri(Navigation.BaseUri), "auth/telegram").ToString();
|
||||
var widgetHtml = $"<script async src=\"https://telegram.org/js/telegram-widget.js?22\" data-telegram-login=\"{botUsername}\" data-size=\"large\" data-auth-url=\"{authUrl}\" data-request-access=\"write\"></script>";
|
||||
<div class="telegram-widget-wrapper">
|
||||
@((MarkupString)widgetHtml)
|
||||
</div>
|
||||
}
|
||||
}
|
||||
</div>
|
||||
|
||||
@if (!string.IsNullOrWhiteSpace(errorMessage))
|
||||
@@ -87,6 +101,12 @@
|
||||
[CascadingParameter]
|
||||
private Task<AuthenticationState>? AuthenticationStateTask { get; set; }
|
||||
|
||||
[SupplyParameterFromQuery]
|
||||
public string? Linked { get; set; }
|
||||
|
||||
[SupplyParameterFromQuery(Name = "link_error")]
|
||||
public string? LinkError { get; set; }
|
||||
|
||||
protected override async Task OnInitializedAsync()
|
||||
{
|
||||
if (AuthenticationStateTask is not null)
|
||||
@@ -100,6 +120,16 @@
|
||||
}
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(Linked))
|
||||
{
|
||||
successMessage = $"{Linked} аккаунт успешно привязан!";
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(LinkError))
|
||||
{
|
||||
errorMessage = $"Ошибка привязки: {Uri.UnescapeDataString(LinkError)}";
|
||||
}
|
||||
|
||||
await LoadIdentities();
|
||||
}
|
||||
|
||||
@@ -107,9 +137,14 @@
|
||||
{
|
||||
try
|
||||
{
|
||||
var http = HttpClientFactory.CreateClient();
|
||||
http.BaseAddress = new Uri(Navigation.BaseUri);
|
||||
identities = await http.GetFromJsonAsync<List<LinkedIdentity>>("api/me/identities");
|
||||
if (currentPlatform is not null && currentExternalUserId is not null)
|
||||
{
|
||||
identities = await SessionStore.GetLinkedIdentitiesAsync(currentPlatform, currentExternalUserId);
|
||||
}
|
||||
else
|
||||
{
|
||||
identities = [];
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
@@ -130,19 +165,19 @@
|
||||
|
||||
try
|
||||
{
|
||||
var http = HttpClientFactory.CreateClient();
|
||||
http.BaseAddress = new Uri(Navigation.BaseUri);
|
||||
var response = await http.DeleteAsync($"api/me/identities/{Uri.EscapeDataString(platform)}/{Uri.EscapeDataString(externalUserId)}");
|
||||
if (response.IsSuccessStatusCode)
|
||||
if (currentPlatform is null || currentExternalUserId is null)
|
||||
{
|
||||
successMessage = $"{platform} аккаунт отвязан.";
|
||||
await LoadIdentities();
|
||||
}
|
||||
else
|
||||
{
|
||||
var body = await response.Content.ReadAsStringAsync();
|
||||
errorMessage = $"Ошибка отвязки: {body}";
|
||||
errorMessage = "Не удалось определить текущего пользователя.";
|
||||
return;
|
||||
}
|
||||
|
||||
await SessionStore.UnlinkIdentityAsync(currentPlatform, currentExternalUserId, platform, externalUserId);
|
||||
successMessage = $"{platform} аккаунт отвязан.";
|
||||
await LoadIdentities();
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
errorMessage = $"Ошибка отвязки: {ex.Message}";
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
||||
+30
-10
@@ -61,7 +61,7 @@ builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationSc
|
||||
options.AccessDeniedPath = "/access-denied";
|
||||
options.Cookie.HttpOnly = true;
|
||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = SameSiteMode.Strict;
|
||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
||||
options.ExpireTimeSpan = TimeSpan.FromDays(7);
|
||||
options.SlidingExpiration = true;
|
||||
});
|
||||
@@ -123,19 +123,39 @@ app.MapHealthChecks("/alive", new HealthCheckOptions
|
||||
});
|
||||
|
||||
// Endpoint to handle Telegram Login callback
|
||||
app.MapGet("/auth/telegram", async (HttpContext context, TelegramAuthService authService) =>
|
||||
app.MapGet("/auth/telegram", async (HttpContext context, TelegramAuthService authService, ISessionStore sessionStore) =>
|
||||
{
|
||||
if (authService.Verify(context.Request.Query, out var telegramId, out var name))
|
||||
if (!authService.Verify(context.Request.Query, out var telegramId, out var name))
|
||||
return Results.Redirect("/login?error=auth_failed");
|
||||
|
||||
await sessionStore.UpsertPlayerAsync("Telegram", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture), name, null);
|
||||
|
||||
// If already authenticated via another platform, link instead of replacing session
|
||||
if (context.User.Identity?.IsAuthenticated == true
|
||||
&& context.User.TryGetPlatformIdentity(out var currentPlatform, out var currentExternalUserId)
|
||||
&& currentPlatform != "Telegram")
|
||||
{
|
||||
var authProperties = new AuthenticationProperties { IsPersistent = true };
|
||||
await context.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
CreateTelegramPrincipal(telegramId, name),
|
||||
authProperties);
|
||||
return Results.Redirect("/");
|
||||
try
|
||||
{
|
||||
// Always make Telegram the primary (it has the historical data/groups)
|
||||
await sessionStore.LinkIdentityAsync(
|
||||
"Telegram", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture),
|
||||
currentPlatform, currentExternalUserId,
|
||||
name);
|
||||
return Results.Redirect("/profile?linked=telegram");
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
return Results.Redirect($"/profile?link_error={Uri.EscapeDataString(ex.Message)}");
|
||||
}
|
||||
}
|
||||
|
||||
return Results.Redirect("/login?error=auth_failed");
|
||||
var authProperties = new AuthenticationProperties { IsPersistent = true };
|
||||
await context.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
CreateTelegramPrincipal(telegramId, name),
|
||||
authProperties);
|
||||
return Results.Redirect("/");
|
||||
});
|
||||
|
||||
app.MapPost("/auth/telegram-webapp", async (
|
||||
|
||||
@@ -61,7 +61,7 @@ public sealed class DiscordProjectStructureTests
|
||||
var prChecks = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "pr-checks.yml"));
|
||||
var deploy = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml"));
|
||||
|
||||
Assert.Contains("gmrelay-discord-bot:3.0.0", compose);
|
||||
Assert.Contains("gmrelay-discord-bot:3.0.1", compose);
|
||||
Assert.Contains("Discord__Token=${DISCORD_BOT_TOKEN:?Set DISCORD_BOT_TOKEN in .env}", compose);
|
||||
Assert.Contains("src/GmRelay.DiscordBot/Dockerfile", deploy);
|
||||
Assert.Contains("DISCORD_BOT_TOKEN", deploy);
|
||||
@@ -75,13 +75,13 @@ public sealed class DiscordProjectStructureTests
|
||||
{
|
||||
var repoRoot = GetRepoRoot();
|
||||
|
||||
Assert.Contains("<Version>3.0.0</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
|
||||
Assert.Contains("VERSION: 3.0.0", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
|
||||
Assert.Contains("gmrelay-bot:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-web:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-discord-bot:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("<Version>3.0.1</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
|
||||
Assert.Contains("VERSION: 3.0.1", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
|
||||
Assert.Contains("gmrelay-bot:3.0.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-web:3.0.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains("gmrelay-discord-bot:3.0.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
|
||||
Assert.Contains(
|
||||
"v3.0.0",
|
||||
"v3.0.1",
|
||||
File.ReadAllText(Path.Combine(repoRoot, "src", "GmRelay.Web", "Components", "Layout", "NavMenu.razor")));
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace GmRelay.Bot.Tests.Web;
|
||||
|
||||
public sealed class CookieAuthOptionsTests
|
||||
{
|
||||
[Fact]
|
||||
public void CookieAuthOptions_ShouldUseLaxSameSite_ToAllowOAuthCallback()
|
||||
{
|
||||
// Arrange
|
||||
var services = new ServiceCollection();
|
||||
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddCookie(options =>
|
||||
{
|
||||
options.Cookie.HttpOnly = true;
|
||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
||||
options.ExpireTimeSpan = TimeSpan.FromDays(7);
|
||||
options.SlidingExpiration = true;
|
||||
});
|
||||
|
||||
var provider = services.BuildServiceProvider();
|
||||
var optionsMonitor = provider.GetRequiredService<IOptionsMonitor<CookieAuthenticationOptions>>();
|
||||
var options = optionsMonitor.Get(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
|
||||
// Assert
|
||||
Assert.Equal(SameSiteMode.Lax, options.Cookie.SameSite);
|
||||
Assert.True(options.Cookie.HttpOnly);
|
||||
Assert.Equal(CookieSecurePolicy.Always, options.Cookie.SecurePolicy);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user