bump: version 3.0.1

Synchronize version across all files:
- Directory.Build.props → 3.0.1
- compose.yaml → gmrelay-bot/web/discord-bot:3.0.1
- deploy.yml → VERSION: 3.0.1
- NavMenu.razor → v3.0.1
- DiscordProjectStructureTests → 3.0.1

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.gitea/workflows/deploy.yml

@@ -6,7 +6,7 @@ on:
       - main 
 
 env:
-  VERSION: 3.0.0
+  VERSION: 3.0.1
 
 jobs:
   # ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами)

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <Version>3.0.0</Version>
+    <Version>3.0.1</Version>
     <TargetFramework>net10.0</TargetFramework>
     <LangVersion>preview</LangVersion>
     <Nullable>enable</Nullable>

compose.yaml

@@ -49,7 +49,7 @@ services:
         crond -f
 
   bot:
-    image: git.codeanddice.ru/toutsu/gmrelay-bot:3.0.0
+    image: git.codeanddice.ru/toutsu/gmrelay-bot:3.0.1
     restart: always
     depends_on:
       db:
@@ -67,7 +67,7 @@ services:
       retries: 3
 
   discord:
-    image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:3.0.0
+    image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:3.0.1
     restart: always
     depends_on:
       db:
@@ -84,7 +84,7 @@ services:
       retries: 3
 
   web:
-    image: git.codeanddice.ru/toutsu/gmrelay-web:3.0.0
+    image: git.codeanddice.ru/toutsu/gmrelay-web:3.0.1
     restart: always
     depends_on:
       db:

src/GmRelay.Bot/Migrations/V021__add_avatar_url.sql

@@ -0,0 +1,8 @@
+-- =============================================================
+-- V021: Add avatar_url column to players table
+-- =============================================================
+-- Scope: Support storing avatar URLs for Discord and other platforms.
+-- =============================================================
+
+ALTER TABLE players
+    ADD COLUMN avatar_url VARCHAR(500);

src/GmRelay.Bot/Migrations/V022__fix_discord_telegram_links.sql

@@ -0,0 +1,16 @@
+-- =============================================================
+-- V022: Fix incorrectly oriented player_links for Discord↔Telegram
+-- =============================================================
+-- Scope: Reverse player_links where Discord was incorrectly made primary
+-- and Telegram secondary. Telegram (with historical group/session data)
+-- must always be the primary account.
+-- =============================================================
+
+UPDATE player_links pl
+SET primary_player_id   = pl.secondary_player_id,
+    secondary_player_id = pl.primary_player_id
+FROM players p1, players p2
+WHERE pl.primary_player_id = p1.id
+  AND pl.secondary_player_id = p2.id
+  AND p1.platform = 'Discord'
+  AND p2.platform = 'Telegram';

src/GmRelay.Web/Components/Layout/NavMenu.razor

@@ -73,7 +73,7 @@
                     </button>
                 </form>
 
-                <div class="nav-version">v3.0.0</div>
+                <div class="nav-version">v3.0.1</div>
             </div>
         </Authorized>
         <NotAuthorized>

src/GmRelay.Web/Components/Pages/Profile.razor

@@ -1,9 +1,10 @@
 @page "/profile"
 @using Microsoft.AspNetCore.Authorization
 @using Microsoft.AspNetCore.Components.Authorization
-@using System.Net.Http.Json
+@using Microsoft.Extensions.Configuration
 @attribute [Authorize]
-@inject IHttpClientFactory HttpClientFactory
+@inject ISessionStore SessionStore
+@inject IConfiguration Configuration
 @inject NavigationManager Navigation
 
 <PageTitle>Профиль — GM-Relay</PageTitle>
@@ -55,7 +56,7 @@
         <h2 class="section-title">Добавить аккаунт</h2>
         @if (!HasLinkedPlatform("Discord"))
         {
-            <a class="btn btn-primary" href="/auth/discord">
+            <a href="/auth/discord" class="btn btn-primary">
                 Привязать Discord
             </a>
         }
@@ -63,6 +64,19 @@
         {
             <p class="muted-text">Discord уже привязан.</p>
         }
+
+        @if (currentPlatform == "Discord" && !HasLinkedPlatform("Telegram"))
+        {
+            var botUsername = Configuration["Telegram__BotUsername"] ?? Configuration["Telegram:BotUsername"];
+            if (!string.IsNullOrWhiteSpace(botUsername))
+            {
+                var authUrl = new Uri(new Uri(Navigation.BaseUri), "auth/telegram").ToString();
+                var widgetHtml = $"<script async src=\"https://telegram.org/js/telegram-widget.js?22\" data-telegram-login=\"{botUsername}\" data-size=\"large\" data-auth-url=\"{authUrl}\" data-request-access=\"write\"></script>";
+                <div class="telegram-widget-wrapper">
+                    @((MarkupString)widgetHtml)
+                </div>
+            }
+        }
     </div>
 
     @if (!string.IsNullOrWhiteSpace(errorMessage))
@@ -87,6 +101,12 @@
     [CascadingParameter]
     private Task<AuthenticationState>? AuthenticationStateTask { get; set; }
 
+    [SupplyParameterFromQuery]
+    public string? Linked { get; set; }
+
+    [SupplyParameterFromQuery(Name = "link_error")]
+    public string? LinkError { get; set; }
+
     protected override async Task OnInitializedAsync()
     {
         if (AuthenticationStateTask is not null)
@@ -100,6 +120,16 @@
             }
         }
 
+        if (!string.IsNullOrWhiteSpace(Linked))
+        {
+            successMessage = $"{Linked} аккаунт успешно привязан!";
+        }
+
+        if (!string.IsNullOrWhiteSpace(LinkError))
+        {
+            errorMessage = $"Ошибка привязки: {Uri.UnescapeDataString(LinkError)}";
+        }
+
         await LoadIdentities();
     }
 
@@ -107,9 +137,14 @@
     {
         try
         {
-            var http = HttpClientFactory.CreateClient();
+            if (currentPlatform is not null && currentExternalUserId is not null)
-            http.BaseAddress = new Uri(Navigation.BaseUri);
+            {
-            identities = await http.GetFromJsonAsync<List<LinkedIdentity>>("api/me/identities");
+                identities = await SessionStore.GetLinkedIdentitiesAsync(currentPlatform, currentExternalUserId);
+            }
+            else
+            {
+                identities = [];
+            }
         }
         catch (Exception ex)
         {
@@ -130,19 +165,19 @@
 
         try
         {
-            var http = HttpClientFactory.CreateClient();
+            if (currentPlatform is null || currentExternalUserId is null)
-            http.BaseAddress = new Uri(Navigation.BaseUri);
-            var response = await http.DeleteAsync($"api/me/identities/{Uri.EscapeDataString(platform)}/{Uri.EscapeDataString(externalUserId)}");
-            if (response.IsSuccessStatusCode)
             {
-                successMessage = $"{platform} аккаунт отвязан.";
+                errorMessage = "Не удалось определить текущего пользователя.";
-                await LoadIdentities();
+                return;
-            }
-            else
-            {
-                var body = await response.Content.ReadAsStringAsync();
-                errorMessage = $"Ошибка отвязки: {body}";
             }
+
+            await SessionStore.UnlinkIdentityAsync(currentPlatform, currentExternalUserId, platform, externalUserId);
+            successMessage = $"{platform} аккаунт отвязан.";
+            await LoadIdentities();
+        }
+        catch (InvalidOperationException ex)
+        {
+            errorMessage = $"Ошибка отвязки: {ex.Message}";
         }
         catch (Exception ex)
         {

src/GmRelay.Web/Program.cs

@@ -61,7 +61,7 @@ builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationSc
         options.AccessDeniedPath = "/access-denied";
         options.Cookie.HttpOnly = true;
         options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
-        options.Cookie.SameSite = SameSiteMode.Strict;
+        options.Cookie.SameSite = SameSiteMode.Lax;
         options.ExpireTimeSpan = TimeSpan.FromDays(7);
         options.SlidingExpiration = true;
     });
@@ -123,19 +123,39 @@ app.MapHealthChecks("/alive", new HealthCheckOptions
 });
 
 // Endpoint to handle Telegram Login callback
-app.MapGet("/auth/telegram", async (HttpContext context, TelegramAuthService authService) =>
+app.MapGet("/auth/telegram", async (HttpContext context, TelegramAuthService authService, ISessionStore sessionStore) =>
 {
-    if (authService.Verify(context.Request.Query, out var telegramId, out var name))
+    if (!authService.Verify(context.Request.Query, out var telegramId, out var name))
+        return Results.Redirect("/login?error=auth_failed");
+
+    await sessionStore.UpsertPlayerAsync("Telegram", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture), name, null);
+
+    // If already authenticated via another platform, link instead of replacing session
+    if (context.User.Identity?.IsAuthenticated == true
+        && context.User.TryGetPlatformIdentity(out var currentPlatform, out var currentExternalUserId)
+        && currentPlatform != "Telegram")
     {
-        var authProperties = new AuthenticationProperties { IsPersistent = true };
+        try
-        await context.SignInAsync(
+        {
-            CookieAuthenticationDefaults.AuthenticationScheme,
+            // Always make Telegram the primary (it has the historical data/groups)
-            CreateTelegramPrincipal(telegramId, name),
+            await sessionStore.LinkIdentityAsync(
-            authProperties);
+                "Telegram", telegramId.ToString(System.Globalization.CultureInfo.InvariantCulture),
-        return Results.Redirect("/");
+                currentPlatform, currentExternalUserId,
+                name);
+            return Results.Redirect("/profile?linked=telegram");
+        }
+        catch (InvalidOperationException ex)
+        {
+            return Results.Redirect($"/profile?link_error={Uri.EscapeDataString(ex.Message)}");
+        }
     }
 
-    return Results.Redirect("/login?error=auth_failed");
+    var authProperties = new AuthenticationProperties { IsPersistent = true };
+    await context.SignInAsync(
+        CookieAuthenticationDefaults.AuthenticationScheme,
+        CreateTelegramPrincipal(telegramId, name),
+        authProperties);
+    return Results.Redirect("/");
 });
 
 app.MapPost("/auth/telegram-webapp", async (

tests/GmRelay.Bot.Tests/Discord/DiscordProjectStructureTests.cs

@@ -61,7 +61,7 @@ public sealed class DiscordProjectStructureTests
         var prChecks = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "pr-checks.yml"));
         var deploy = File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml"));
 
-        Assert.Contains("gmrelay-discord-bot:3.0.0", compose);
+        Assert.Contains("gmrelay-discord-bot:3.0.1", compose);
         Assert.Contains("Discord__Token=${DISCORD_BOT_TOKEN:?Set DISCORD_BOT_TOKEN in .env}", compose);
         Assert.Contains("src/GmRelay.DiscordBot/Dockerfile", deploy);
         Assert.Contains("DISCORD_BOT_TOKEN", deploy);
@@ -75,13 +75,13 @@ public sealed class DiscordProjectStructureTests
     {
         var repoRoot = GetRepoRoot();
 
-        Assert.Contains("<Version>3.0.0</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
+        Assert.Contains("<Version>3.0.1</Version>", File.ReadAllText(Path.Combine(repoRoot, "Directory.Build.props")));
-        Assert.Contains("VERSION: 3.0.0", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
+        Assert.Contains("VERSION: 3.0.1", File.ReadAllText(Path.Combine(repoRoot, ".gitea", "workflows", "deploy.yml")));
-        Assert.Contains("gmrelay-bot:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
+        Assert.Contains("gmrelay-bot:3.0.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
-        Assert.Contains("gmrelay-web:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
+        Assert.Contains("gmrelay-web:3.0.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
-        Assert.Contains("gmrelay-discord-bot:3.0.0", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
+        Assert.Contains("gmrelay-discord-bot:3.0.1", File.ReadAllText(Path.Combine(repoRoot, "compose.yaml")));
         Assert.Contains(
-            "v3.0.0",
+            "v3.0.1",
             File.ReadAllText(Path.Combine(repoRoot, "src", "GmRelay.Web", "Components", "Layout", "NavMenu.razor")));
     }
 

tests/GmRelay.Bot.Tests/Web/CookieAuthOptionsTests.cs

@@ -0,0 +1,34 @@
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+
+namespace GmRelay.Bot.Tests.Web;
+
+public sealed class CookieAuthOptionsTests
+{
+    [Fact]
+    public void CookieAuthOptions_ShouldUseLaxSameSite_ToAllowOAuthCallback()
+    {
+        // Arrange
+        var services = new ServiceCollection();
+        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
+            .AddCookie(options =>
+            {
+                options.Cookie.HttpOnly = true;
+                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+                options.Cookie.SameSite = SameSiteMode.Lax;
+                options.ExpireTimeSpan = TimeSpan.FromDays(7);
+                options.SlidingExpiration = true;
+            });
+
+        var provider = services.BuildServiceProvider();
+        var optionsMonitor = provider.GetRequiredService<IOptionsMonitor<CookieAuthenticationOptions>>();
+        var options = optionsMonitor.Get(CookieAuthenticationDefaults.AuthenticationScheme);
+
+        // Assert
+        Assert.Equal(SameSiteMode.Lax, options.Cookie.SameSite);
+        Assert.True(options.Cookie.HttpOnly);
+        Assert.Equal(CookieSecurePolicy.Always, options.Cookie.SecurePolicy);
+    }
+}