|
|
|
|
@ -21,6 +21,186 @@ const sandstormBoard = { |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
if (isSandstorm && Meteor.isServer) { |
|
|
|
|
const fs = require('fs'); |
|
|
|
|
const Capnp = require('capnp'); |
|
|
|
|
const Package = Capnp.importSystem('sandstorm/package.capnp'); |
|
|
|
|
const Powerbox = Capnp.importSystem('sandstorm/powerbox.capnp'); |
|
|
|
|
const Identity = Capnp.importSystem('sandstorm/identity.capnp'); |
|
|
|
|
const SandstormHttpBridge = |
|
|
|
|
Capnp.importSystem('sandstorm/sandstorm-http-bridge.capnp').SandstormHttpBridge; |
|
|
|
|
|
|
|
|
|
let httpBridge = null; |
|
|
|
|
let capnpConnection = null; |
|
|
|
|
|
|
|
|
|
const bridgeConfig = Capnp.parse( |
|
|
|
|
Package.BridgeConfig, |
|
|
|
|
fs.readFileSync('/sandstorm-http-bridge-config')); |
|
|
|
|
|
|
|
|
|
function getHttpBridge() { |
|
|
|
|
if (!httpBridge) { |
|
|
|
|
capnpConnection = Capnp.connect('unix:/tmp/sandstorm-api'); |
|
|
|
|
httpBridge = capnpConnection.restore(null, SandstormHttpBridge); |
|
|
|
|
} |
|
|
|
|
return httpBridge; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
Meteor.methods({ |
|
|
|
|
sandstormClaimIdentityRequest(token, descriptor) { |
|
|
|
|
check(token, String); |
|
|
|
|
check(descriptor, String); |
|
|
|
|
|
|
|
|
|
const parsedDescriptor = Capnp.parse( |
|
|
|
|
Powerbox.PowerboxDescriptor, |
|
|
|
|
new Buffer(descriptor, 'base64'), |
|
|
|
|
{ packed: true }); |
|
|
|
|
|
|
|
|
|
const tag = Capnp.parse(Identity.Identity.PowerboxTag, parsedDescriptor.tags[0].value); |
|
|
|
|
const permissions = []; |
|
|
|
|
if (tag.permissions[1]) { |
|
|
|
|
permissions.push('configure'); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (tag.permissions[0]) { |
|
|
|
|
permissions.push('participate'); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const sessionId = this.connection.sandstormSessionId(); |
|
|
|
|
const httpBridge = getHttpBridge(); |
|
|
|
|
const session = httpBridge.getSessionContext(sessionId).context; |
|
|
|
|
const api = httpBridge.getSandstormApi(sessionId).api; |
|
|
|
|
|
|
|
|
|
Meteor.wrapAsync((done) => { |
|
|
|
|
session.claimRequest(token).then((response) => { |
|
|
|
|
const identity = response.cap.castAs(Identity.Identity); |
|
|
|
|
const promises = [api.getIdentityId(identity), identity.getProfile(), |
|
|
|
|
httpBridge.saveIdentity(identity)]; |
|
|
|
|
return Promise.all(promises).then((responses) => { |
|
|
|
|
const identityId = responses[0].id.toString('hex').slice(0, 32); |
|
|
|
|
const profile = responses[1].profile; |
|
|
|
|
return profile.picture.getUrl().then((response) => { |
|
|
|
|
const sandstormInfo = { |
|
|
|
|
id: identityId, |
|
|
|
|
name: profile.displayName.defaultText, |
|
|
|
|
permissions, |
|
|
|
|
picture: `${response.protocol}://${response.hostPath}`, |
|
|
|
|
preferredHandle: profile.preferredHandle, |
|
|
|
|
pronouns: profile.pronouns, |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
const login = Accounts.updateOrCreateUserFromExternalService( |
|
|
|
|
'sandstorm', sandstormInfo, |
|
|
|
|
{ profile: { name: sandstormInfo.name, fullname: sandstormInfo.name } }); |
|
|
|
|
|
|
|
|
|
updateUserPermissions(login.userId, permissions); |
|
|
|
|
done(); |
|
|
|
|
}); |
|
|
|
|
}); |
|
|
|
|
}).catch((e) => { |
|
|
|
|
done(e, null); |
|
|
|
|
}); |
|
|
|
|
})(); |
|
|
|
|
}, |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
function reportActivity(sessionId, path, type, users, caption) { |
|
|
|
|
const httpBridge = getHttpBridge(); |
|
|
|
|
const session = httpBridge.getSessionContext(sessionId).context; |
|
|
|
|
Meteor.wrapAsync((done) => { |
|
|
|
|
return Promise.all(users.map((user) => { |
|
|
|
|
return httpBridge.getSavedIdentity(user.id).then((response) => { |
|
|
|
|
// Call getProfile() to make sure that the identity successfully resolves.
|
|
|
|
|
// (In C++ we would instead call whenResolved() here.)
|
|
|
|
|
const identity = response.identity; |
|
|
|
|
return identity.getProfile().then(() => { |
|
|
|
|
return { identity, |
|
|
|
|
mentioned: !!user.mentioned, |
|
|
|
|
subscribed: !!user.subscribed, |
|
|
|
|
}; |
|
|
|
|
}).catch(() => { |
|
|
|
|
// Ignore identities that fail to resolve. Probably they have lost access to the board.
|
|
|
|
|
}); |
|
|
|
|
}); |
|
|
|
|
})).then((maybeUsers) => { |
|
|
|
|
const users = maybeUsers.filter((u) => !!u); |
|
|
|
|
const event = { path, type, users }; |
|
|
|
|
if (caption) { |
|
|
|
|
event.notification = { caption }; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return session.activity(event); |
|
|
|
|
}).then(() => done(), |
|
|
|
|
(e) => done(e)); |
|
|
|
|
})(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
Meteor.startup(() => { |
|
|
|
|
Activities.after.insert((userId, doc) => { |
|
|
|
|
// HACK: We need the connection that's making the request in order to read the
|
|
|
|
|
// Sandstorm session ID.
|
|
|
|
|
const invocation = DDP._CurrentInvocation.get(); // eslint-disable-line no-undef
|
|
|
|
|
if (invocation) { |
|
|
|
|
const sessionId = invocation.connection.sandstormSessionId(); |
|
|
|
|
|
|
|
|
|
const eventTypes = bridgeConfig.viewInfo.eventTypes; |
|
|
|
|
|
|
|
|
|
const defIdx = eventTypes.findIndex((def) => def.name === doc.activityType ); |
|
|
|
|
if (defIdx >= 0) { |
|
|
|
|
const users = {}; |
|
|
|
|
function ensureUserListed(userId) { |
|
|
|
|
if (!users[userId]) { |
|
|
|
|
const user = Meteor.users.findOne(userId); |
|
|
|
|
if (user) { |
|
|
|
|
users[userId] = { id: user.services.sandstorm.id }; |
|
|
|
|
} else { |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
function mentionedUser(userId) { |
|
|
|
|
if (ensureUserListed(userId)) { |
|
|
|
|
users[userId].mentioned = true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
function subscribedUser(userId) { |
|
|
|
|
if (ensureUserListed(userId)) { |
|
|
|
|
users[userId].subscribed = true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
let path = ''; |
|
|
|
|
let caption = null; |
|
|
|
|
|
|
|
|
|
if (doc.cardId) { |
|
|
|
|
path = `b/sandstorm/libreboard/${doc.cardId}`; |
|
|
|
|
Cards.findOne(doc.cardId).members.map(subscribedUser); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (doc.memberId) { |
|
|
|
|
mentionedUser(doc.memberId); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (doc.activityType === 'addComment') { |
|
|
|
|
const comment = CardComments.findOne(doc.commentId); |
|
|
|
|
caption = { defaultText: comment.text }; |
|
|
|
|
const activeMembers = |
|
|
|
|
_.pluck(Boards.findOne(sandstormBoard._id).activeMembers(), 'userId'); |
|
|
|
|
(comment.text.match(/\B@(\w*)/g) || []).forEach((username) => { |
|
|
|
|
const user = Meteor.users.findOne({ username: username.slice(1)}); |
|
|
|
|
if (user && activeMembers.indexOf(user._id) !== -1) { |
|
|
|
|
mentionedUser(user._id); |
|
|
|
|
} |
|
|
|
|
}); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
reportActivity(sessionId, path, defIdx, _.values(users), caption); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
}); |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
function updateUserPermissions(userId, permissions) { |
|
|
|
|
const isActive = permissions.indexOf('participate') > -1; |
|
|
|
|
const isAdmin = permissions.indexOf('configure') > -1; |
|
|
|
|
@ -58,29 +238,6 @@ if (isSandstorm && Meteor.isServer) { |
|
|
|
|
Location: base + boardPath, |
|
|
|
|
}); |
|
|
|
|
res.end(); |
|
|
|
|
|
|
|
|
|
// `accounts-sandstorm` populate the Users collection when new users
|
|
|
|
|
// accesses the document, but in case a already known user comes back, we
|
|
|
|
|
// need to update his associated document to match the request HTTP headers
|
|
|
|
|
// informations.
|
|
|
|
|
// XXX We need to update this document even if the initial route is not `/`.
|
|
|
|
|
// Unfortuanlty I wasn't able to make the Webapp.rawConnectHandlers solution
|
|
|
|
|
// work.
|
|
|
|
|
const user = Users.findOne({ |
|
|
|
|
'services.sandstorm.id': req.headers['x-sandstorm-user-id'], |
|
|
|
|
}); |
|
|
|
|
if (user) { |
|
|
|
|
// XXX At this point the user.services.sandstorm credentials haven't been
|
|
|
|
|
// updated, which mean that the user will have to restart the application
|
|
|
|
|
// a second time to see its updated name and avatar.
|
|
|
|
|
Users.update(user._id, { |
|
|
|
|
$set: { |
|
|
|
|
'profile.fullname': user.services.sandstorm.name, |
|
|
|
|
'profile.avatarUrl': user.services.sandstorm.picture, |
|
|
|
|
}, |
|
|
|
|
}); |
|
|
|
|
updateUserPermissions(user._id, user.services.sandstorm.permissions); |
|
|
|
|
} |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
// On the first launch of the instance a user is automatically created thanks
|
|
|
|
|
@ -126,6 +283,29 @@ if (isSandstorm && Meteor.isServer) { |
|
|
|
|
updateUserPermissions(doc._id, doc.services.sandstorm.permissions); |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
Meteor.startup(() => { |
|
|
|
|
Users.find().observeChanges({ |
|
|
|
|
changed(userId, fields) { |
|
|
|
|
const sandstormData = (fields.services || {}).sandstorm || {}; |
|
|
|
|
if (sandstormData.name) { |
|
|
|
|
Users.update(userId, { |
|
|
|
|
$set: { 'profile.fullname': sandstormData.name }, |
|
|
|
|
}); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (sandstormData.picture) { |
|
|
|
|
Users.update(userId, { |
|
|
|
|
$set: { 'profile.avatarUrl': sandstormData.picture }, |
|
|
|
|
}); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (sandstormData.permissions) { |
|
|
|
|
updateUserPermissions(userId, sandstormData.permissions); |
|
|
|
|
} |
|
|
|
|
}, |
|
|
|
|
}); |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
// Wekan v0.8 didn’t implement the Sandstorm sharing model and instead kept
|
|
|
|
|
// the visibility setting (“public” or “private”) in the UI as does the main
|
|
|
|
|
// Meteor application. We need to enforce “public” visibility as the sharing
|
|
|
|
|
@ -137,6 +317,77 @@ if (isSandstorm && Meteor.isServer) { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (isSandstorm && Meteor.isClient) { |
|
|
|
|
let rpcCounter = 0; |
|
|
|
|
const rpcs = {}; |
|
|
|
|
|
|
|
|
|
window.addEventListener('message', (event) => { |
|
|
|
|
if (event.source === window) { |
|
|
|
|
// Meteor likes to postmessage itself.
|
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ((event.source !== window.parent) || |
|
|
|
|
typeof event.data !== 'object' || |
|
|
|
|
typeof event.data.rpcId !== 'number') { |
|
|
|
|
throw new Error(`got unexpected postMessage: ${event}`); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const handler = rpcs[event.data.rpcId]; |
|
|
|
|
if (!handler) { |
|
|
|
|
throw new Error(`no such rpc ID for event ${event}`); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
delete rpcs[event.data.rpcId]; |
|
|
|
|
handler(event.data); |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
function sendRpc(name, message) { |
|
|
|
|
const id = rpcCounter++; |
|
|
|
|
message.rpcId = id; |
|
|
|
|
const obj = {}; |
|
|
|
|
obj[name] = message; |
|
|
|
|
window.parent.postMessage(obj, '*'); |
|
|
|
|
return new Promise((resolve, reject) => { |
|
|
|
|
rpcs[id] = (response) => { |
|
|
|
|
if (response.error) { |
|
|
|
|
reject(new Error(response.error)); |
|
|
|
|
} else { |
|
|
|
|
resolve(response); |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
}); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const powerboxDescriptors = { |
|
|
|
|
identity: 'EAhQAQEAABEBF1EEAQH_GN1RqXqYhMAAQAERAREBAQ', |
|
|
|
|
// Generated using the following code:
|
|
|
|
|
//
|
|
|
|
|
// Capnp.serializePacked(
|
|
|
|
|
// Powerbox.PowerboxDescriptor,
|
|
|
|
|
// { tags: [ {
|
|
|
|
|
// id: "13872380404802116888",
|
|
|
|
|
// value: Capnp.serialize(Identity.PowerboxTag, { permissions: [true, false] })
|
|
|
|
|
// }]}).toString('base64')
|
|
|
|
|
// .replace(/\//g, "_")
|
|
|
|
|
// .replace(/\+/g, "-");
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
function doRequest(serializedPowerboxDescriptor, onSuccess) { |
|
|
|
|
return sendRpc('powerboxRequest', { |
|
|
|
|
query: [serializedPowerboxDescriptor], |
|
|
|
|
}).then((response) => { |
|
|
|
|
if (!response.canceled) { |
|
|
|
|
onSuccess(response); |
|
|
|
|
} |
|
|
|
|
}); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
window.sandstormRequestIdentity = function () { |
|
|
|
|
doRequest(powerboxDescriptors.identity, (response) => { |
|
|
|
|
Meteor.call('sandstormClaimIdentityRequest', response.token, response.descriptor); |
|
|
|
|
}); |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
// Since the Sandstorm grain is displayed in an iframe of the Sandstorm shell,
|
|
|
|
|
// we need to explicitly expose meta data like the page title or the URL path
|
|
|
|
|
// so that they could appear in the browser window.
|
|
|
|
|
|
Lauri Ojansivu
9 years ago
committed by