From 21c7b351365ad718e9b61cc3cbe089a58f2c4c6c Mon Sep 17 00:00:00 2001 From: Cadence Ember Date: Fri, 21 Feb 2025 16:38:00 +1300 Subject: [PATCH] Put QR code behind reveal button --- src/web/pug/guild.pug | 9 ++++---- src/web/routes/guild.js | 44 +++++++++++++++++++++++++----------- src/web/routes/guild.test.js | 40 +++++++++++++++++++++++++++++++- 3 files changed, 75 insertions(+), 18 deletions(-) diff --git a/src/web/pug/guild.pug b/src/web/pug/guild.pug index d66c4f4..5899b98 100644 --- a/src/web/pug/guild.pug +++ b/src/web/pug/guild.pug @@ -69,7 +69,8 @@ block body .grid--row-start2 button.s-btn.s-btn__filled#invite-button Invite div - != svg + .s-card.d-flex.ai-center.jc-center(style="min-width: 130px; min-height: 130px;") + button.s-btn.s-btn__filled(hx-get=`/qr?guild_id=${guild_id}` hx-indicator="closest button" hx-swap="outerHTML" hx-disabled-elt="this") Show QR if space_id h2.mt48.fs-headline1 Matrix setup @@ -133,19 +134,19 @@ block body | How people can join on Matrix span#privacy-level-loading .s-toggle-switch.s-toggle-switch__multiple.s-toggle-switch__incremental.d-grid.gx16.ai-center(style="grid-template-columns: auto 1fr") - input(type="radio" name="level" value="directory" id="privacy-level-directory" checked=(privacy_level === 2)) + input(type="radio" name="privacy_level" value="directory" id="privacy-level-directory" checked=(privacy_level === 2)) label.d-flex.gx8.jc-center.grid--row-start3(for="privacy-level-directory") != icons.Icons.IconPlusSm != icons.Icons.IconInternationalSm .fl-grow1 Directory - input(type="radio" name="level" value="link" id="privacy-level-link" checked=(privacy_level === 1)) + input(type="radio" name="privacy_level" value="link" id="privacy-level-link" checked=(privacy_level === 1)) label.d-flex.gx8.jc-center.grid--row-start2(for="privacy-level-link") != icons.Icons.IconPlusSm != icons.Icons.IconLinkSm .fl-grow1 Link - input(type="radio" name="level" value="invite" id="privacy-level-invite" checked=(privacy_level === 0)) + input(type="radio" name="privacy_level" value="invite" id="privacy-level-invite" checked=(privacy_level === 0)) label.d-flex.gx8.jc-center.grid--row-start1(for="privacy-level-invite") svg.svg-icon(width="14" height="14" viewBox="0 0 14 14") != icons.Icons.IconLockSm diff --git a/src/web/routes/guild.js b/src/web/routes/guild.js index 64e79ed..f39d603 100644 --- a/src/web/routes/guild.js +++ b/src/web/routes/guild.js @@ -21,6 +21,9 @@ const schema = { guild: z.object({ guild_id: z.string().optional() }), + qr: z.object({ + guild_id: z.string().optional() + }), invite: z.object({ mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/), permissions: z.enum(["default", "moderator", "admin"]), @@ -127,6 +130,33 @@ as.router.get("/guild", defineEventHandler(async event => { return pugSync.render(event, "guild_not_linked.pug", {guild, guild_id, spaces}) } + // Easy mode guild that hasn't been linked yet - need to remove elements that would require an existing space + if (!row.space_id) { + const links = getChannelRoomsLinks(guild_id, []) + return pugSync.render(event, "guild.pug", {guild, guild_id, ...links, ...row}) + } + + // Linked guild + const api = getAPI(event) + const mods = await api.getStateEvent(row.space_id, "m.room.power_levels", "") + const banned = await api.getMembers(row.space_id, "ban") + const rooms = await api.getFullHierarchy(row.space_id) + const links = getChannelRoomsLinks(guild_id, rooms) + return pugSync.render(event, "guild.pug", {guild, guild_id, mods, banned, ...links, ...row}) +})) + +as.router.get("/qr", defineEventHandler(async event => { + const {guild_id} = await getValidatedQuery(event, schema.qr.parse) + const managed = await auth.getManagedGuilds(event) + const row = from("guild_active").join("guild_space", "guild_id", "left").select("space_id", "privacy_level", "autocreate").where({guild_id}).get() + // @ts-ignore + const guild = discord.guilds.get(guild_id) + + // Permission problems + if (!guild_id || !guild || !managed.has(guild_id) || !row) { + return pugSync.render(event, "guild_access_denied.pug", {guild_id, row}) + } + const nonce = randomUUID() validNonce.set(nonce, guild_id) @@ -137,19 +167,7 @@ as.router.get("/guild", defineEventHandler(async event => { const svg = generatedSvg.replace(/viewBox="0 0 ([0-9]+) ([0-9]+)"/, `data-nonce="${nonce}" width="$1" height="$2" $&`) assert.notEqual(svg, generatedSvg) - // Easy mode guild that hasn't been linked yet - need to remove elements that would require an existing space - if (!row.space_id) { - const links = getChannelRoomsLinks(guild_id, []) - return pugSync.render(event, "guild.pug", {guild, guild_id, svg, ...links, ...row}) - } - - // Linked guild - const api = getAPI(event) - const mods = await api.getStateEvent(row.space_id, "m.room.power_levels", "") - const banned = await api.getMembers(row.space_id, "ban") - const rooms = await api.getFullHierarchy(row.space_id) - const links = getChannelRoomsLinks(guild_id, rooms) - return pugSync.render(event, "guild.pug", {guild, guild_id, svg, mods, banned, ...links, ...row}) + return svg })) as.router.get("/invite", defineEventHandler(async event => { diff --git a/src/web/routes/guild.test.js b/src/web/routes/guild.test.js index 02c6767..ea59173 100644 --- a/src/web/routes/guild.test.js +++ b/src/web/routes/guild.test.js @@ -34,6 +34,16 @@ test("web guild: access denied when guild id messed up", async t => { t.has(html, "the selected server doesn't exist") }) +test("web qr: access denied when guild id messed up", async t => { + const html = await router.test("get", "/qr?guild_id=1", { + sessionData: { + userID: "1", + managedGuilds: [] + }, + }) + t.has(html, "the selected server doesn't exist") +}) + test("web invite: access denied with invalid nonce", async t => { const html = await router.test("get", "/invite?nonce=1") t.match(html, /This QR code has expired./) @@ -85,7 +95,7 @@ test("web guild: unbridged self-service guild shows available spaces", async t = }) -test("web guild: can view bridged guild", async t => { +test("web guild: can view bridged guild when logged in with discord", async t => { const html = await router.test("get", "/guild?guild_id=112760669178241024", { sessionData: { managedGuilds: ["112760669178241024"] @@ -103,6 +113,34 @@ test("web guild: can view bridged guild", async t => { } }) t.has(html, `

Psychonauts 3

`) +}) + +test("web guild: can view bridged guild when logged in with matrix", async t => { + const html = await router.test("get", "/guild?guild_id=112760669178241024", { + sessionData: { + mxid: "@cadence:cadence.moe" + }, + api: { + async getStateEvent(roomID, type, key) { + return {} + }, + async getMembers(roomID, membership) { + return {chunk: []} + }, + async getFullHierarchy(roomID) { + return [] + } + } + }) + t.has(html, `

Psychonauts 3

`) +}) + +test("web qr: generates nonce", async t => { + const html = await router.test("get", "/qr?guild_id=112760669178241024", { + sessionData: { + managedGuilds: ["112760669178241024"] + } + }) nonce = html.match(/data-nonce="([a-f0-9-]+)"/)?.[1] t.ok(nonce) })