From 21c7b351365ad718e9b61cc3cbe089a58f2c4c6c Mon Sep 17 00:00:00 2001 From: Cadence Ember Date: Fri, 21 Feb 2025 16:38:00 +1300 Subject: [PATCH 1/2] Put QR code behind reveal button --- src/web/pug/guild.pug | 9 ++++---- src/web/routes/guild.js | 44 +++++++++++++++++++++++++----------- src/web/routes/guild.test.js | 40 +++++++++++++++++++++++++++++++- 3 files changed, 75 insertions(+), 18 deletions(-) diff --git a/src/web/pug/guild.pug b/src/web/pug/guild.pug index d66c4f4..5899b98 100644 --- a/src/web/pug/guild.pug +++ b/src/web/pug/guild.pug @@ -69,7 +69,8 @@ block body .grid--row-start2 button.s-btn.s-btn__filled#invite-button Invite div - != svg + .s-card.d-flex.ai-center.jc-center(style="min-width: 130px; min-height: 130px;") + button.s-btn.s-btn__filled(hx-get=`/qr?guild_id=${guild_id}` hx-indicator="closest button" hx-swap="outerHTML" hx-disabled-elt="this") Show QR if space_id h2.mt48.fs-headline1 Matrix setup @@ -133,19 +134,19 @@ block body | How people can join on Matrix span#privacy-level-loading .s-toggle-switch.s-toggle-switch__multiple.s-toggle-switch__incremental.d-grid.gx16.ai-center(style="grid-template-columns: auto 1fr") - input(type="radio" name="level" value="directory" id="privacy-level-directory" checked=(privacy_level === 2)) + input(type="radio" name="privacy_level" value="directory" id="privacy-level-directory" checked=(privacy_level === 2)) label.d-flex.gx8.jc-center.grid--row-start3(for="privacy-level-directory") != icons.Icons.IconPlusSm != icons.Icons.IconInternationalSm .fl-grow1 Directory - input(type="radio" name="level" value="link" id="privacy-level-link" checked=(privacy_level === 1)) + input(type="radio" name="privacy_level" value="link" id="privacy-level-link" checked=(privacy_level === 1)) label.d-flex.gx8.jc-center.grid--row-start2(for="privacy-level-link") != icons.Icons.IconPlusSm != icons.Icons.IconLinkSm .fl-grow1 Link - input(type="radio" name="level" value="invite" id="privacy-level-invite" checked=(privacy_level === 0)) + input(type="radio" name="privacy_level" value="invite" id="privacy-level-invite" checked=(privacy_level === 0)) label.d-flex.gx8.jc-center.grid--row-start1(for="privacy-level-invite") svg.svg-icon(width="14" height="14" viewBox="0 0 14 14") != icons.Icons.IconLockSm diff --git a/src/web/routes/guild.js b/src/web/routes/guild.js index 64e79ed..f39d603 100644 --- a/src/web/routes/guild.js +++ b/src/web/routes/guild.js @@ -21,6 +21,9 @@ const schema = { guild: z.object({ guild_id: z.string().optional() }), + qr: z.object({ + guild_id: z.string().optional() + }), invite: z.object({ mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/), permissions: z.enum(["default", "moderator", "admin"]), @@ -127,6 +130,33 @@ as.router.get("/guild", defineEventHandler(async event => { return pugSync.render(event, "guild_not_linked.pug", {guild, guild_id, spaces}) } + // Easy mode guild that hasn't been linked yet - need to remove elements that would require an existing space + if (!row.space_id) { + const links = getChannelRoomsLinks(guild_id, []) + return pugSync.render(event, "guild.pug", {guild, guild_id, ...links, ...row}) + } + + // Linked guild + const api = getAPI(event) + const mods = await api.getStateEvent(row.space_id, "m.room.power_levels", "") + const banned = await api.getMembers(row.space_id, "ban") + const rooms = await api.getFullHierarchy(row.space_id) + const links = getChannelRoomsLinks(guild_id, rooms) + return pugSync.render(event, "guild.pug", {guild, guild_id, mods, banned, ...links, ...row}) +})) + +as.router.get("/qr", defineEventHandler(async event => { + const {guild_id} = await getValidatedQuery(event, schema.qr.parse) + const managed = await auth.getManagedGuilds(event) + const row = from("guild_active").join("guild_space", "guild_id", "left").select("space_id", "privacy_level", "autocreate").where({guild_id}).get() + // @ts-ignore + const guild = discord.guilds.get(guild_id) + + // Permission problems + if (!guild_id || !guild || !managed.has(guild_id) || !row) { + return pugSync.render(event, "guild_access_denied.pug", {guild_id, row}) + } + const nonce = randomUUID() validNonce.set(nonce, guild_id) @@ -137,19 +167,7 @@ as.router.get("/guild", defineEventHandler(async event => { const svg = generatedSvg.replace(/viewBox="0 0 ([0-9]+) ([0-9]+)"/, `data-nonce="${nonce}" width="$1" height="$2" $&`) assert.notEqual(svg, generatedSvg) - // Easy mode guild that hasn't been linked yet - need to remove elements that would require an existing space - if (!row.space_id) { - const links = getChannelRoomsLinks(guild_id, []) - return pugSync.render(event, "guild.pug", {guild, guild_id, svg, ...links, ...row}) - } - - // Linked guild - const api = getAPI(event) - const mods = await api.getStateEvent(row.space_id, "m.room.power_levels", "") - const banned = await api.getMembers(row.space_id, "ban") - const rooms = await api.getFullHierarchy(row.space_id) - const links = getChannelRoomsLinks(guild_id, rooms) - return pugSync.render(event, "guild.pug", {guild, guild_id, svg, mods, banned, ...links, ...row}) + return svg })) as.router.get("/invite", defineEventHandler(async event => { diff --git a/src/web/routes/guild.test.js b/src/web/routes/guild.test.js index 02c6767..ea59173 100644 --- a/src/web/routes/guild.test.js +++ b/src/web/routes/guild.test.js @@ -34,6 +34,16 @@ test("web guild: access denied when guild id messed up", async t => { t.has(html, "the selected server doesn't exist") }) +test("web qr: access denied when guild id messed up", async t => { + const html = await router.test("get", "/qr?guild_id=1", { + sessionData: { + userID: "1", + managedGuilds: [] + }, + }) + t.has(html, "the selected server doesn't exist") +}) + test("web invite: access denied with invalid nonce", async t => { const html = await router.test("get", "/invite?nonce=1") t.match(html, /This QR code has expired./) @@ -85,7 +95,7 @@ test("web guild: unbridged self-service guild shows available spaces", async t = }) -test("web guild: can view bridged guild", async t => { +test("web guild: can view bridged guild when logged in with discord", async t => { const html = await router.test("get", "/guild?guild_id=112760669178241024", { sessionData: { managedGuilds: ["112760669178241024"] @@ -103,6 +113,34 @@ test("web guild: can view bridged guild", async t => { } }) t.has(html, `

Psychonauts 3

`) +}) + +test("web guild: can view bridged guild when logged in with matrix", async t => { + const html = await router.test("get", "/guild?guild_id=112760669178241024", { + sessionData: { + mxid: "@cadence:cadence.moe" + }, + api: { + async getStateEvent(roomID, type, key) { + return {} + }, + async getMembers(roomID, membership) { + return {chunk: []} + }, + async getFullHierarchy(roomID) { + return [] + } + } + }) + t.has(html, `

Psychonauts 3

`) +}) + +test("web qr: generates nonce", async t => { + const html = await router.test("get", "/qr?guild_id=112760669178241024", { + sessionData: { + managedGuilds: ["112760669178241024"] + } + }) nonce = html.match(/data-nonce="([a-f0-9-]+)"/)?.[1] t.ok(nonce) }) From 62be5f7091aa76addec59c102e702080744f00e7 Mon Sep 17 00:00:00 2001 From: Cadence Ember Date: Fri, 21 Feb 2025 16:41:43 +1300 Subject: [PATCH 2/2] Code coverage for web settings --- src/web/routes/guild-settings.js | 124 +++++++++++++------------- src/web/routes/guild-settings.test.js | 17 +++- src/web/routes/link.js | 10 +-- src/web/routes/link.test.js | 14 ++- test/ooye-test-data.sql | 1 + 5 files changed, 92 insertions(+), 74 deletions(-) diff --git a/src/web/routes/guild-settings.js b/src/web/routes/guild-settings.js index cdb9a63..b640d36 100644 --- a/src/web/routes/guild-settings.js +++ b/src/web/routes/guild-settings.js @@ -20,77 +20,75 @@ function getCreateSpace(event) { return event.context.createSpace || sync.require("../../d2m/actions/create-space") } -/** @type {["invite", "link", "directory"]} */ -const levels = ["invite", "link", "directory"] -const schema = { - autocreate: z.object({ - guild_id: z.string(), - autocreate: z.string().optional() - }), - urlPreview: z.object({ - guild_id: z.string(), - url_preview: z.string().optional() - }), - presence: z.object({ - guild_id: z.string(), - presence: z.string().optional() - }), - privacyLevel: z.object({ - guild_id: z.string(), - level: z.enum(levels) +/** + * @typedef Options + * @prop {(value: string?) => number} transform + * @prop {(event: H3Event, guildID: string) => any} [after] + * @prop {keyof import("../../db/orm-defs").Models} table + */ + +/** + * @template {string} T + * @param {T} key + * @param {Partial} [inputOptions] + */ +function defineToggle(key, inputOptions) { + /** @type {Options} */ + const options = { + transform: x => +!!x, // convert toggle to 0 or 1 + table: "guild_space" + } + Object.assign(options, inputOptions) + return defineEventHandler(async event => { + const bodySchema = z.object({ + guild_id: z.string(), + [key]: z.string().optional() + }) + /** @type {Record & Record<"guild_id", string> & Record} */ // @ts-ignore + const parsedBody = await readValidatedBody(event, bodySchema.parse) + const managed = await auth.getManagedGuilds(event) + if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"}) + + const value = options.transform(parsedBody[key]) + assert(typeof value === "number") + db.prepare(`UPDATE ${options.table} SET ${key} = ? WHERE guild_id = ?`).run(value, parsedBody.guild_id) + + return (options.after && await options.after(event, parsedBody.guild_id)) || null }) } -as.router.post("/api/autocreate", defineEventHandler(async event => { - const parsedBody = await readValidatedBody(event, schema.autocreate.parse) - const managed = await auth.getManagedGuilds(event) - if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"}) - - db.prepare("UPDATE guild_active SET autocreate = ? WHERE guild_id = ?").run(+!!parsedBody.autocreate, parsedBody.guild_id) - - // If showing a partial page due to incomplete setup, need to refresh the whole page to show the alternate version - const spaceID = select("guild_space", "space_id", {guild_id: parsedBody.guild_id}).pluck().get() - if (!spaceID) { - if (getRequestHeader(event, "HX-Request")) { - setResponseHeader(event, "HX-Refresh", "true") - } else { - return sendRedirect(event, "", 302) +as.router.post("/api/autocreate", defineToggle("autocreate", { + table: "guild_active", + after(event, guild_id) { + // If showing a partial page due to incomplete setup, need to refresh the whole page to show the alternate version + const spaceID = select("guild_space", "space_id", {guild_id}).pluck().get() + if (!spaceID) { + if (getRequestHeader(event, "HX-Request")) { + setResponseHeader(event, "HX-Refresh", "true") + } else { + return sendRedirect(event, "", 302) + } } } - - return null // 204 })) -as.router.post("/api/url-preview", defineEventHandler(async event => { - const parsedBody = await readValidatedBody(event, schema.urlPreview.parse) - const managed = await auth.getManagedGuilds(event) - if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"}) +as.router.post("/api/url-preview", defineToggle("url_preview")) - db.prepare("UPDATE guild_space SET url_preview = ? WHERE guild_id = ?").run(+!!parsedBody.url_preview, parsedBody.guild_id) - - return null // 204 +as.router.post("/api/presence", defineToggle("presence", { + after() { + setPresence.guildPresenceSetting.update() + } })) -as.router.post("/api/presence", defineEventHandler(async event => { - const parsedBody = await readValidatedBody(event, schema.presence.parse) - const managed = await auth.getManagedGuilds(event) - if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"}) - - db.prepare("UPDATE guild_space SET presence = ? WHERE guild_id = ?").run(+!!parsedBody.presence, parsedBody.guild_id) - setPresence.guildPresenceSetting.update() - - return null // 204 -})) - -as.router.post("/api/privacy-level", defineEventHandler(async event => { - const parsedBody = await readValidatedBody(event, schema.privacyLevel.parse) - const managed = await auth.getManagedGuilds(event) - if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"}) - - const createSpace = getCreateSpace(event) - const i = levels.indexOf(parsedBody.level) - assert.notEqual(i, -1) - db.prepare("UPDATE guild_space SET privacy_level = ? WHERE guild_id = ?").run(i, parsedBody.guild_id) - await createSpace.syncSpaceFully(parsedBody.guild_id) // this is inefficient but OK to call infrequently on user request - return null // 204 +as.router.post("/api/privacy-level", defineToggle("privacy_level", { + transform(value) { + assert(value) + const i = ["invite", "link", "directory"].indexOf(value) + assert.notEqual(i, -1) + return i + }, + async after(event, guildID) { + const createSpace = getCreateSpace(event) + await createSpace.syncSpaceFully(guildID) // this is inefficient but OK to call infrequently on user request + } })) diff --git a/src/web/routes/guild-settings.test.js b/src/web/routes/guild-settings.test.js index 19c36af..fccc266 100644 --- a/src/web/routes/guild-settings.test.js +++ b/src/web/routes/guild-settings.test.js @@ -54,7 +54,7 @@ test("web privacy level: checks permissions", async t => { const [error] = await tryToCatch(() => router.test("post", "/api/privacy-level", { body: { guild_id: "112760669178241024", - level: "directory" + privacy_level: "directory" } })) t.equal(error.data, "Can't change settings for a guild you don't have Manage Server permissions in") @@ -68,7 +68,7 @@ test("web privacy level: updates privacy level", async t => { }, body: { guild_id: "112760669178241024", - level: "directory" + privacy_level: "directory" }, createSpace: { async syncSpaceFully(guildID) { @@ -81,3 +81,16 @@ test("web privacy level: updates privacy level", async t => { t.equal(called, 1) t.equal(select("guild_space", "privacy_level", {guild_id: "112760669178241024"}).pluck().get(), 2) // directory = 2 }) + +test("web presence: updates presence", async t => { + await router.test("post", "/api/presence", { + sessionData: { + managedGuilds: ["112760669178241024"] + }, + body: { + guild_id: "112760669178241024" + // presence is on by default - turn it off + } + }) + t.equal(select("guild_space", "presence", {guild_id: "112760669178241024"}).pluck().get(), 0) +}) diff --git a/src/web/routes/link.js b/src/web/routes/link.js index 3226278..080ffc5 100644 --- a/src/web/routes/link.js +++ b/src/web/routes/link.js @@ -79,10 +79,7 @@ as.router.post("/api/link-space", defineEventHandler(async event => { try { await api.joinRoom(parsedBody.space_id) } catch (e) { - if (e instanceof mreq.MatrixServerError) { - throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`}) - } - throw e + throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`}) } // Check bridge has PL 100 @@ -148,10 +145,7 @@ as.router.post("/api/link", defineEventHandler(async event => { try { await api.joinRoom(parsedBody.matrix) } catch (e) { - if (e instanceof mreq.MatrixServerError) { - throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`}) - } - throw e + throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`}) } // Check bridge has PL 100 diff --git a/src/web/routes/link.test.js b/src/web/routes/link.test.js index 664acaa..3c503cf 100644 --- a/src/web/routes/link.test.js +++ b/src/web/routes/link.test.js @@ -518,6 +518,18 @@ test("web link room: successfully calls createRoom", async t => { t.equal(roomID, "!zTMspHVUBhFLLSdmnS:cadence.moe") t.equal(key, "!NDbIqNpJyPvfKRnNcr:cadence.moe") return {via: ["cadence.moe"]} + } else if (type === "m.room.name") { + called++ + t.equal(roomID, "!NDbIqNpJyPvfKRnNcr:cadence.moe") + return {} + } else if (type === "m.room.avatar") { + called++ + t.equal(roomID, "!NDbIqNpJyPvfKRnNcr:cadence.moe") + return {} + } else if (type === "m.room.topic") { + called++ + t.equal(roomID, "!NDbIqNpJyPvfKRnNcr:cadence.moe") + return {} } }, async sendEvent(roomID, type, content) { @@ -536,7 +548,7 @@ test("web link room: successfully calls createRoom", async t => { } } }) - t.equal(called, 5) + t.equal(called, 8) }) // ***** diff --git a/test/ooye-test-data.sql b/test/ooye-test-data.sql index d4dac3f..e3f0478 100644 --- a/test/ooye-test-data.sql +++ b/test/ooye-test-data.sql @@ -144,6 +144,7 @@ INSERT INTO emoji (emoji_id, name, animated, mxc_url) VALUES ('288858540888686602', 'upstinky', 0, 'mxc://cadence.moe/mwZaCtRGAQQyOItagDeCocEO'); INSERT INTO member_cache (room_id, mxid, displayname, avatar_url, power_level) VALUES +('!jjmvBegULiLucuWEHU:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 50), ('!kLRqKKUQXcibIMtOpl:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 0), ('!kLRqKKUQXcibIMtOpl:cadence.moe', '@test_auto_invite:example.org', NULL, NULL, 0), ('!fGgIymcYWOqjbSRUdV:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', 'mxc://cadence.moe/azCAhThKTojXSZJRoWwZmhvU', 0),