myxelium/Toju
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects 2 Releases 36 Wiki Activity

fix: Major bug cleanup pass 1
All checks were successful
Queue Release Build / prepare (push) Successful in 19s
Details
Deploy Web Apps / deploy (push) Successful in 8m12s
Details
Queue Release Build / build-windows (push) Successful in 27m44s
Details
Queue Release Build / build-linux (push) Successful in 48m1s
Details
Queue Release Build / build-android (push) Successful in 22m7s
Details
Queue Release Build / finalize (push) Successful in 2m42s
Details

Browse Source
This commit is contained in:
SocksOnHead
2026-06-09 17:59:54 +02:00
parent 80d7728e66
commit eb51f043ac
127 changed files with 2731 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
toju-app/src/app/domains/authentication/application/services/auth-token-store.service.ts
View File

@@ -18,6 +18,12 @@ export class AuthTokenStoreService {
}
getToken(serverUrl: string): string | null {
const entry = this.getTokenEntry(serverUrl);
return entry?.token ?? null;
}
getTokenEntry(serverUrl: string): StoredAuthToken | null {
const normalizedUrl = this.normalizeServerUrl(serverUrl);
const entry = this.readStore()[normalizedUrl];
@@ -30,7 +36,7 @@ export class AuthTokenStoreService {
return null;
}
return entry.token;
return entry;
}
clearToken(serverUrl: string): void {

8
toju-app/src/app/domains/authentication/application/services/authentication.service.ts
View File

@@ -34,7 +34,13 @@ export class AuthenticationService {
}
private persistSessionToken(serverId: string | undefined, response: LoginResponse): void {
this.authTokenStore.setToken(this.resolveServerUrl(serverId), response.token, response.expiresAt);
const serverUrl = this.resolveServerUrl(serverId);
this.authTokenStore.setToken(serverUrl, response.token, response.expiresAt);
}
resolveServerUrlFor(serverId?: string): string {
return this.resolveServerUrl(serverId);
}
private endpointFor(serverId?: string): string {

10
toju-app/src/app/domains/authentication/application/services/message-signing.service.ts
View File

@@ -101,10 +101,7 @@ export class MessageSigningService {
const stored = this.readStoredKeyPair();
if (stored) {
const [publicKey, privateKey] = await Promise.all([
crypto.subtle.importKey('jwk', stored.publicKeyJwk, { name: 'Ed25519' }, true, ['verify']),
crypto.subtle.importKey('jwk', stored.privateKeyJwk, { name: 'Ed25519' }, false, ['sign'])
]);
const [publicKey, privateKey] = await Promise.all([crypto.subtle.importKey('jwk', stored.publicKeyJwk, { name: 'Ed25519' }, true, ['verify']), crypto.subtle.importKey('jwk', stored.privateKeyJwk, { name: 'Ed25519' }, false, ['sign'])]);
return { publicKey, privateKey };
}
@@ -114,10 +111,7 @@ export class MessageSigningService {
true,
['sign', 'verify']
);
const [publicKeyJwk, privateKeyJwk] = await Promise.all([
crypto.subtle.exportKey('jwk', generated.publicKey),
crypto.subtle.exportKey('jwk', generated.privateKey)
]);
const [publicKeyJwk, privateKeyJwk] = await Promise.all([crypto.subtle.exportKey('jwk', generated.publicKey), crypto.subtle.exportKey('jwk', generated.privateKey)]);
this.writeStoredKeyPair({ publicKeyJwk, privateKeyJwk });

65
toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.spec.ts Normal file
View File

@@ -0,0 +1,65 @@
import {
describe,
it,
expect,
beforeEach,
vi
} from 'vitest';
import { ProvisionSecretStoreService } from './provision-secret-store.service';
import { ElectronBridgeService } from '../../../../core/platform/electron/electron-bridge.service';
describe('ProvisionSecretStoreService', () => {
let service: ProvisionSecretStoreService;
let electronBridge: ElectronBridgeService;
beforeEach(() => {
const sessionStorageMap = new Map<string, string>();
vi.stubGlobal('sessionStorage', {
getItem: (key: string) => sessionStorageMap.get(key) ?? null,
setItem: (key: string, value: string) => { sessionStorageMap.set(key, value); },
removeItem: (key: string) => { sessionStorageMap.delete(key); },
clear: () => { sessionStorageMap.clear(); }
});
electronBridge = {
isAvailable: false,
getApi: () => null,
requireApi: () => {
throw new Error('Electron API is not available in this runtime.');
}
} as ElectronBridgeService;
service = new ProvisionSecretStoreService(electronBridge);
});
it('stores and retrieves provision secrets in session storage when electron is unavailable', async () => {
await service.storeSecret('home-user-1', 'secret-abc');
await expect(service.getSecret('home-user-1')).resolves.toBe('secret-abc');
});
it('uses electron secure storage when available', async () => {
const storeProvisionSecret = vi.fn(async () => true);
const getProvisionSecret = vi.fn(async () => 'electron-secret');
electronBridge = {
isAvailable: true,
getApi: () => ({
storeProvisionSecret,
getProvisionSecret
}),
requireApi: () => ({
storeProvisionSecret,
getProvisionSecret
})
} as unknown as ElectronBridgeService;
service = new ProvisionSecretStoreService(electronBridge);
await service.storeSecret('home-user-1', 'secret-abc');
await expect(service.getSecret('home-user-1')).resolves.toBe('electron-secret');
expect(storeProvisionSecret).toHaveBeenCalledWith('home-user-1', 'secret-abc');
expect(getProvisionSecret).toHaveBeenCalledWith('home-user-1');
});
});

52
toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.ts Normal file
View File

@@ -0,0 +1,52 @@
import { Injectable, inject } from '@angular/core';
import { ElectronBridgeService } from '../../../../core/platform/electron/electron-bridge.service';
const SESSION_STORAGE_PREFIX = 'metoyou.provisionSecret.';
@Injectable({ providedIn: 'root' })
export class ProvisionSecretStoreService {
private readonly electronBridge: ElectronBridgeService;
constructor(electronBridge: ElectronBridgeService = inject(ElectronBridgeService)) {
this.electronBridge = electronBridge;
}
async storeSecret(homeUserId: string, secret: string): Promise<void> {
const api = this.electronBridge.getApi();
if (api?.storeProvisionSecret) {
await api.storeProvisionSecret(homeUserId, secret);
return;
}
sessionStorage.setItem(this.sessionKey(homeUserId), secret);
}
async getSecret(homeUserId: string): Promise<string | null> {
const api = this.electronBridge.getApi();
if (api?.getProvisionSecret) {
return api.getProvisionSecret(homeUserId);
}
return sessionStorage.getItem(this.sessionKey(homeUserId));
}
async hasSecret(homeUserId: string): Promise<boolean> {
const secret = await this.getSecret(homeUserId);
return !!secret;
}
private sessionKey(homeUserId: string): string {
return `${SESSION_STORAGE_PREFIX}${homeUserId}`;
}
}
export function generateProvisionSecret(): string {
const bytes = new Uint8Array(32);
crypto.getRandomValues(bytes);
return Array.from(bytes, (byte) => byte.toString(16).padStart(2, '0')).join('');
}

206
toju-app/src/app/domains/authentication/application/services/signal-server-auth.service.ts Normal file
View File

@@ -0,0 +1,206 @@
import { Injectable, inject } from '@angular/core';
import { Store } from '@ngrx/store';
import { firstValueFrom } from 'rxjs';
import type { User } from '../../../../shared-kernel';
import { selectCurrentUser } from '../../../../store/users/users.selectors';
import type { LoginResponse } from '../../domain/models/authentication.model';
import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
import { ProvisionUsernameCollisionError } from '../../domain/logic/signal-server-provision.rules';
import { type ResolvedSignalIdentity, resolveSignalIdentity } from '../../domain/logic/signal-server-credential-resolution.rules';
import { resolveSelfPresenceUserIds } from '../../domain/logic/self-presence-identity.rules';
import { AuthTokenStoreService } from './auth-token-store.service';
import { ProvisionSecretStoreService, generateProvisionSecret } from './provision-secret-store.service';
import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
import { SignalServerProvisionerService, type ProvisionResult } from './signal-server-provisioner.service';
import { SignalServerProvisionNoticeService } from './signal-server-provision-notice.service';
export type EnsureProvisionedResult =
| { kind: 'existing'; credential: SignalServerCredential }
| { kind: 'provisioned'; result: ProvisionResult }
| { kind: 'skipped'; reason: 'no-home-user' | 'no-provision-secret' | 'already-valid' }
| { kind: 'collision'; error: ProvisionUsernameCollisionError };
@Injectable({ providedIn: 'root' })
export class SignalServerAuthService {
private readonly store = inject(Store);
private readonly credentialStore = inject(SignalServerCredentialStoreService);
private readonly authTokenStore = inject(AuthTokenStoreService);
private readonly provisionSecretStore = inject(ProvisionSecretStoreService);
private readonly provisioner = inject(SignalServerProvisionerService);
private readonly provisionNotice = inject(SignalServerProvisionNoticeService);
private readonly provisionInFlight = new Map<string, Promise<EnsureProvisionedResult>>();
getCredential(serverUrl: string): SignalServerCredential | null {
return this.credentialStore.getCredential(serverUrl);
}
hasValidCredential(serverUrl: string): boolean {
return this.credentialStore.hasValidCredential(serverUrl);
}
upsertCredentialFromLogin(
serverUrl: string,
response: LoginResponse,
options: { provisioned?: boolean } = {}
): SignalServerCredential {
return this.provisioner.upsertManualCredential(serverUrl, response, options.provisioned ?? false);
}
clearCredential(serverUrl: string): void {
this.credentialStore.clearCredential(serverUrl);
}
migrateHomeCredential(user: Pick<User, 'id' | 'username' | 'displayName' | 'homeSignalServerUrl'>): void {
const homeSignalServerUrl = user.homeSignalServerUrl?.trim();
if (!homeSignalServerUrl || this.credentialStore.hasValidCredential(homeSignalServerUrl)) {
return;
}
const tokenEntry = this.authTokenStore.getTokenEntry(homeSignalServerUrl);
if (!tokenEntry) {
return;
}
this.credentialStore.upsertCredential({
serverUrl: homeSignalServerUrl,
userId: user.id,
username: user.username,
displayName: user.displayName,
token: tokenEntry.token,
expiresAt: tokenEntry.expiresAt,
provisioned: false
});
}
async ensureHomeProvisionSecret(homeUser: Pick<User, 'id'>, existingSecret?: string | null): Promise<string> {
const stored = existingSecret ?? await this.provisionSecretStore.getSecret(homeUser.id);
if (stored) {
return stored;
}
const generated = generateProvisionSecret();
await this.provisionSecretStore.storeSecret(homeUser.id, generated);
return generated;
}
async ensureProvisioned(serverUrl: string, homeUser?: User | null): Promise<EnsureProvisionedResult> {
const normalizedUrl = this.normalizeServerUrl(serverUrl);
const existing = this.credentialStore.getCredential(normalizedUrl);
if (existing) {
return { kind: 'existing', credential: existing };
}
const inFlight = this.provisionInFlight.get(normalizedUrl);
if (inFlight) {
return inFlight;
}
const provisionPromise = this.runProvision(normalizedUrl, homeUser);
this.provisionInFlight.set(normalizedUrl, provisionPromise);
try {
return await provisionPromise;
} finally {
this.provisionInFlight.delete(normalizedUrl);
}
}
resolveActorUserIdForServer(serverUrl: string | undefined, fallbackUserId: string): string {
if (!serverUrl?.trim()) {
return fallbackUserId;
}
const credential = this.getCredential(serverUrl);
return credential?.userId ?? fallbackUserId;
}
resolveSelfPresenceUserIdsForRoom(
currentUser: Pick<User, 'id' | 'oderId'> | null | undefined,
roomSourceUrl: string | undefined
): ReadonlySet<string> {
const homeOderId = currentUser?.oderId || currentUser?.id;
return resolveSelfPresenceUserIds({
homeUserId: currentUser?.id,
homeOderId,
actorUserId: homeOderId
? this.resolveActorUserIdForServer(roomSourceUrl, homeOderId)
: undefined
});
}
resolveCredentialForSignalUrl(
signalUrl: string,
homeUser?: Pick<User, 'id' | 'homeSignalServerUrl' | 'displayName'> | null
): ResolvedSignalIdentity | null {
const httpUrl = signalUrl.replace(/^ws/i, 'http');
return resolveSignalIdentity(
this.credentialStore.getCredential(httpUrl),
this.authTokenStore.getTokenEntry(httpUrl),
homeUser
);
}
private async runProvision(
normalizedUrl: string,
homeUser?: User | null
): Promise<EnsureProvisionedResult> {
const user = homeUser ?? await firstValueFrom(this.store.select(selectCurrentUser));
if (!user) {
return { kind: 'skipped', reason: 'no-home-user' };
}
const provisionSecret = await this.provisionSecretStore.getSecret(user.id);
if (!provisionSecret) {
return { kind: 'skipped', reason: 'no-provision-secret' };
}
try {
const result = await this.provisioner.provisionOnServer({
serverUrl: normalizedUrl,
homeUser: user,
provisionSecret
});
if (result.usedSuffix) {
this.provisionNotice.publish({
serverName: this.resolveServerDisplayName(normalizedUrl),
preferredUsername: user.username,
provisionedUsername: result.username
});
}
return { kind: 'provisioned', result };
} catch (error) {
if (error instanceof ProvisionUsernameCollisionError) {
return { kind: 'collision', error };
}
throw error;
}
}
private normalizeServerUrl(serverUrl: string): string {
return serverUrl.trim().replace(/\/+$/, '');
}
private resolveServerDisplayName(serverUrl: string): string {
try {
return new URL(serverUrl).hostname;
} catch {
return serverUrl;
}
}
}

68
toju-app/src/app/domains/authentication/application/services/signal-server-authorize.service.ts Normal file
View File

@@ -0,0 +1,68 @@
import { Injectable, inject } from '@angular/core';
import { Router } from '@angular/router';
import { Store } from '@ngrx/store';
import { firstValueFrom } from 'rxjs';
import { selectCurrentUser } from '../../../../store/users/users.selectors';
import { ServerDirectoryFacade } from '../../../server-directory';
import { AUTH_MODE_AUTHORIZE, buildLoginReturnQueryParams } from '../../domain/logic/auth-navigation.rules';
import { SignalServerAuthService } from './signal-server-auth.service';
@Injectable({ providedIn: 'root' })
export class SignalServerAuthorizeService {
private readonly router = inject(Router);
private readonly store = inject(Store);
private readonly serverDirectory = inject(ServerDirectoryFacade);
private readonly signalServerAuth = inject(SignalServerAuthService);
async ensureCredentialForServerUrl(serverUrl: string): Promise<boolean> {
if (this.signalServerAuth.hasValidCredential(serverUrl)) {
return true;
}
const currentUser = await firstValueFrom(this.store.select(selectCurrentUser));
if (!currentUser) {
return false;
}
const result = await this.signalServerAuth.ensureProvisioned(serverUrl, currentUser);
if (result.kind === 'existing' || result.kind === 'provisioned') {
return true;
}
if (result.kind === 'collision') {
await this.navigateToAuthorize(serverUrl, this.router.url);
return false;
}
if (result.kind === 'skipped' && result.reason === 'no-provision-secret') {
await this.navigateToAuthorize(serverUrl, this.router.url);
return false;
}
return false;
}
async navigateToAuthorize(serverUrl: string, returnUrl: string): Promise<void> {
const endpoint = this.serverDirectory.ensureServerEndpoint({
name: this.buildEndpointName(serverUrl),
url: serverUrl
});
await this.router.navigate(['/login'], {
queryParams: buildLoginReturnQueryParams(returnUrl, undefined, {
mode: AUTH_MODE_AUTHORIZE,
serverId: endpoint.id
})
});
}
private buildEndpointName(serverUrl: string): string {
try {
return new URL(serverUrl).hostname;
} catch {
return serverUrl;
}
}
}

84
toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.spec.ts Normal file
View File

@@ -0,0 +1,84 @@
import {
describe,
it,
expect,
beforeEach
} from 'vitest';
import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
import { AuthTokenStoreService } from './auth-token-store.service';
describe('SignalServerCredentialStoreService', () => {
let service: SignalServerCredentialStoreService;
beforeEach(() => {
const storage = new Map<string, string>();
vi.stubGlobal('localStorage', {
getItem: (key: string) => storage.get(key) ?? null,
setItem: (key: string, value: string) => { storage.set(key, value); },
removeItem: (key: string) => { storage.delete(key); },
clear: () => { storage.clear(); }
});
service = new SignalServerCredentialStoreService(new AuthTokenStoreService());
});
it('stores and retrieves credentials by normalized server url', () => {
service.upsertCredential({
serverUrl: 'https://signal.example.com/',
userId: 'user-1',
username: 'alice',
displayName: 'Alice',
token: 'token-abc',
expiresAt: Date.now() + 60_000,
provisioned: true
});
const credential = service.getCredential('https://signal.example.com');
expect(credential?.userId).toBe('user-1');
expect(credential?.token).toBe('token-abc');
});
it('clears expired credentials on read', () => {
service.upsertCredential({
serverUrl: 'https://signal.example.com',
userId: 'user-1',
username: 'alice',
displayName: 'Alice',
token: 'expired',
expiresAt: Date.now() - 1,
provisioned: false
});
expect(service.getCredential('https://signal.example.com')).toBeNull();
expect(service.hasValidCredential('https://signal.example.com')).toBe(false);
});
it('removes credentials for a single server url', () => {
service.upsertCredential({
serverUrl: 'https://signal-a.example.com',
userId: 'user-a',
username: 'alice',
displayName: 'Alice',
token: 'token-a',
expiresAt: Date.now() + 60_000,
provisioned: true
});
service.upsertCredential({
serverUrl: 'https://signal-b.example.com',
userId: 'user-b',
username: 'alice',
displayName: 'Alice',
token: 'token-b',
expiresAt: Date.now() + 60_000,
provisioned: true
});
service.clearCredential('https://signal-a.example.com');
expect(service.getCredential('https://signal-a.example.com')).toBeNull();
expect(service.getCredential('https://signal-b.example.com')?.token).toBe('token-b');
});
});

88
toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.ts Normal file
View File

@@ -0,0 +1,88 @@
import { Injectable, inject } from '@angular/core';
import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
import { AuthTokenStoreService } from './auth-token-store.service';
const STORAGE_KEY = 'metoyou.signalServerCredentials';
@Injectable({ providedIn: 'root' })
export class SignalServerCredentialStoreService {
private readonly authTokenStore: AuthTokenStoreService;
constructor(authTokenStore: AuthTokenStoreService = inject(AuthTokenStoreService)) {
this.authTokenStore = authTokenStore;
}
upsertCredential(credential: SignalServerCredential): void {
const normalizedUrl = this.normalizeServerUrl(credential.serverUrl);
const store = this.readStore();
store[normalizedUrl] = {
...credential,
serverUrl: normalizedUrl
};
this.writeStore(store);
this.authTokenStore.setToken(normalizedUrl, credential.token, credential.expiresAt);
}
getCredential(serverUrl: string): SignalServerCredential | null {
const normalizedUrl = this.normalizeServerUrl(serverUrl);
const entry = this.readStore()[normalizedUrl];
if (!entry) {
return null;
}
if (entry.expiresAt <= Date.now()) {
this.clearCredential(serverUrl);
return null;
}
return entry;
}
hasValidCredential(serverUrl: string): boolean {
return this.getCredential(serverUrl) !== null;
}
clearCredential(serverUrl: string): void {
const normalizedUrl = this.normalizeServerUrl(serverUrl);
const store = this.readStore();
const nextStore = Object.fromEntries(
Object.entries(store).filter(([key]) => key !== normalizedUrl)
) as Record<string, SignalServerCredential>;
this.writeStore(nextStore);
this.authTokenStore.clearToken(normalizedUrl);
}
listValidCredentials(): SignalServerCredential[] {
const now = Date.now();
return Object.values(this.readStore()).filter((entry) => entry.expiresAt > now);
}
private readStore(): Record<string, SignalServerCredential> {
try {
const raw = localStorage.getItem(STORAGE_KEY);
if (!raw) {
return {};
}
const parsed = JSON.parse(raw) as Record<string, SignalServerCredential>;
return parsed && typeof parsed === 'object' ? parsed : {};
} catch {
return {};
}
}
private writeStore(store: Record<string, SignalServerCredential>): void {
localStorage.setItem(STORAGE_KEY, JSON.stringify(store));
}
private normalizeServerUrl(serverUrl: string): string {
return serverUrl.trim().replace(/\/+$/, '');
}
}

20
toju-app/src/app/domains/authentication/application/services/signal-server-provision-notice.service.ts Normal file
View File

@@ -0,0 +1,20 @@
import { Injectable, signal } from '@angular/core';
export interface SignalServerProvisionNotice {
serverName: string;
preferredUsername: string;
provisionedUsername: string;
}
@Injectable({ providedIn: 'root' })
export class SignalServerProvisionNoticeService {
readonly notice = signal<SignalServerProvisionNotice | null>(null);
publish(notice: SignalServerProvisionNotice): void {
this.notice.set(notice);
}
clear(): void {
this.notice.set(null);
}
}

171
toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.spec.ts Normal file
View File

@@ -0,0 +1,171 @@
import {
describe,
it,
expect,
beforeEach,
vi
} from 'vitest';
import { of, throwError } from 'rxjs';
import { HttpClient, HttpErrorResponse } from '@angular/common/http';
import { SignalServerProvisionerService } from './signal-server-provisioner.service';
import { AuthTokenStoreService } from './auth-token-store.service';
import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
import { ProvisionUsernameCollisionError } from '../../domain/logic/signal-server-provision.rules';
import type { User } from '../../../../shared-kernel';
describe('SignalServerProvisionerService', () => {
let service: SignalServerProvisionerService;
let httpPost: ReturnType<typeof vi.fn>;
let credentialStore: SignalServerCredentialStoreService;
const homeUser: User = {
id: 'a3f2b1c4-5678-90ab-cdef-1234567890ab',
oderId: 'a3f2b1c4-5678-90ab-cdef-1234567890ab',
username: 'alice',
displayName: 'Alice',
status: 'online',
role: 'member',
joinedAt: Date.now(),
homeSignalServerUrl: 'https://home.example.com'
};
beforeEach(() => {
const storage = new Map<string, string>();
vi.stubGlobal('localStorage', {
getItem: (key: string) => storage.get(key) ?? null,
setItem: (key: string, value: string) => { storage.set(key, value); },
removeItem: (key: string) => { storage.delete(key); },
clear: () => { storage.clear(); }
});
httpPost = vi.fn();
credentialStore = new SignalServerCredentialStoreService(new AuthTokenStoreService());
service = new SignalServerProvisionerService(
{ post: httpPost } as unknown as HttpClient,
credentialStore
);
});
it('registers on a foreign server when the preferred username is available', async () => {
httpPost.mockReturnValue(of({
id: 'foreign-user-1',
username: 'alice',
displayName: 'Alice',
token: 'foreign-token',
expiresAt: Date.now() + 60_000
}));
const result = await service.provisionOnServer({
serverUrl: 'https://foreign.example.com',
homeUser,
provisionSecret: 'provision-secret'
});
expect(result.username).toBe('alice');
expect(result.usedSuffix).toBe(false);
expect(credentialStore.getCredential('https://foreign.example.com')?.userId).toBe('foreign-user-1');
expect(httpPost).toHaveBeenCalledWith(
'https://foreign.example.com/api/users/register',
{
username: 'alice',
password: 'provision-secret',
displayName: 'Alice'
}
);
});
it('logs in when the preferred username was provisioned earlier', async () => {
httpPost
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
.mockReturnValueOnce(of({
id: 'foreign-user-1',
username: 'alice',
displayName: 'Alice',
token: 'foreign-token',
expiresAt: Date.now() + 60_000
}));
const result = await service.provisionOnServer({
serverUrl: 'https://foreign.example.com',
homeUser,
provisionSecret: 'provision-secret'
});
expect(result.username).toBe('alice');
expect(httpPost).toHaveBeenNthCalledWith(
2,
'https://foreign.example.com/api/users/login',
{
username: 'alice',
password: 'provision-secret'
}
);
});
it('registers with a suffixed username when the preferred name belongs to someone else', async () => {
httpPost
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })))
.mockReturnValueOnce(of({
id: 'foreign-user-2',
username: 'alice-a3f2b1',
displayName: 'Alice',
token: 'foreign-token-2',
expiresAt: Date.now() + 60_000
}));
const result = await service.provisionOnServer({
serverUrl: 'https://foreign.example.com',
homeUser,
provisionSecret: 'provision-secret'
});
expect(result.username).toBe('alice-a3f2b1');
expect(result.usedSuffix).toBe(true);
expect(httpPost).toHaveBeenNthCalledWith(
3,
'https://foreign.example.com/api/users/register',
{
username: 'alice-a3f2b1',
password: 'provision-secret',
displayName: 'Alice'
}
);
});
it('throws when all username candidates are exhausted', async () => {
httpPost
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })))
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
.mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })));
await expect(service.provisionOnServer({
serverUrl: 'https://foreign.example.com',
homeUser,
provisionSecret: 'provision-secret'
})).rejects.toBeInstanceOf(ProvisionUsernameCollisionError);
});
it('returns an existing credential without making network calls', async () => {
credentialStore.upsertCredential({
serverUrl: 'https://foreign.example.com',
userId: 'foreign-user-1',
username: 'alice',
displayName: 'Alice',
token: 'foreign-token',
expiresAt: Date.now() + 60_000,
provisioned: true
});
const result = await service.provisionOnServer({
serverUrl: 'https://foreign.example.com',
homeUser,
provisionSecret: 'provision-secret'
});
expect(result.username).toBe('alice');
expect(httpPost).not.toHaveBeenCalled();
});
});

143
toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.ts Normal file
View File

@@ -0,0 +1,143 @@
import { Injectable, inject } from '@angular/core';
import { HttpClient, HttpErrorResponse } from '@angular/common/http';
import { firstValueFrom } from 'rxjs';
import type { User } from '../../../../shared-kernel';
import type { LoginResponse } from '../../domain/models/authentication.model';
import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
import { ProvisionUsernameCollisionError, buildProvisionUsernameCandidates } from '../../domain/logic/signal-server-provision.rules';
import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
export interface ProvisionResult {
credential: SignalServerCredential;
username: string;
usedSuffix: boolean;
}
@Injectable({ providedIn: 'root' })
export class SignalServerProvisionerService {
private readonly http: HttpClient;
private readonly credentialStore: SignalServerCredentialStoreService;
constructor(
http: HttpClient = inject(HttpClient),
credentialStore: SignalServerCredentialStoreService = inject(SignalServerCredentialStoreService)
) {
this.http = http;
this.credentialStore = credentialStore;
}
async provisionOnServer(params: {
serverUrl: string;
homeUser: Pick<User, 'id' | 'username' | 'displayName'>;
provisionSecret: string;
}): Promise<ProvisionResult> {
const normalizedUrl = this.normalizeServerUrl(params.serverUrl);
const existing = this.credentialStore.getCredential(normalizedUrl);
if (existing) {
return {
credential: existing,
username: existing.username,
usedSuffix: existing.username !== params.homeUser.username.trim()
};
}
const candidates = buildProvisionUsernameCandidates(params.homeUser.username, params.homeUser.id);
for (let index = 0; index < candidates.length; index += 1) {
const candidate = candidates[index];
const usedSuffix = index > 0;
try {
const response = await this.register(normalizedUrl, candidate, params.provisionSecret, params.homeUser.displayName);
return this.persistProvisionResult(normalizedUrl, response, usedSuffix);
} catch (error) {
if (!this.isHttpStatus(error, 409)) {
throw error;
}
try {
const response = await this.login(normalizedUrl, candidate, params.provisionSecret);
return this.persistProvisionResult(normalizedUrl, response, usedSuffix);
} catch (loginError) {
if (!this.isHttpStatus(loginError, 401)) {
throw loginError;
}
}
}
}
throw new ProvisionUsernameCollisionError(normalizedUrl, candidates);
}
upsertManualCredential(
serverUrl: string,
response: LoginResponse,
provisioned = false
): SignalServerCredential {
const credential: SignalServerCredential = {
serverUrl: this.normalizeServerUrl(serverUrl),
userId: response.id,
username: response.username,
displayName: response.displayName,
token: response.token,
expiresAt: response.expiresAt,
provisioned
};
this.credentialStore.upsertCredential(credential);
return credential;
}
private async register(
serverUrl: string,
username: string,
password: string,
displayName: string
): Promise<LoginResponse> {
return firstValueFrom(
this.http.post<LoginResponse>(`${serverUrl}/api/users/register`, {
username,
password,
displayName
})
);
}
private async login(
serverUrl: string,
username: string,
password: string
): Promise<LoginResponse> {
return firstValueFrom(
this.http.post<LoginResponse>(`${serverUrl}/api/users/login`, {
username,
password
})
);
}
private persistProvisionResult(
serverUrl: string,
response: LoginResponse,
usedSuffix: boolean
): ProvisionResult {
const credential = this.upsertManualCredential(serverUrl, response, true);
return {
credential,
username: response.username,
usedSuffix
};
}
private isHttpStatus(error: unknown, status: number): boolean {
return error instanceof HttpErrorResponse && error.status === status;
}
private normalizeServerUrl(serverUrl: string): string {
return serverUrl.trim().replace(/\/+$/, '');
}
}

23
toju-app/src/app/domains/authentication/domain/logic/auth-navigation.rules.ts
View File

@@ -9,6 +9,7 @@ import { UsersActions } from '../../../../store/users/users.actions';
import type { User } from '../../../../shared-kernel';
export const DEFAULT_POST_AUTH_URL = '/dashboard';
export const AUTH_MODE_AUTHORIZE = 'authorize';
const AUTH_ROUTE_PATHS = new Set(['/login', '/register']);
const MAX_RETURN_URL_DEPTH = 10;
@@ -79,15 +80,27 @@ export function resolveSafeReturnUrl(
export function buildLoginReturnQueryParams(
currentUrl: string,
fallback = DEFAULT_POST_AUTH_URL
): { returnUrl?: string } {
fallback = DEFAULT_POST_AUTH_URL,
extra: Record<string, string | undefined> = {}
): Record<string, string> {
const safeReturnUrl = resolveSafeReturnUrl(currentUrl, fallback);
const queryParams: Record<string, string> = {};
if (safeReturnUrl === fallback) {
return {};
if (safeReturnUrl !== fallback) {
queryParams['returnUrl'] = safeReturnUrl;
}
return { returnUrl: safeReturnUrl };
for (const [key, value] of Object.entries(extra)) {
if (value?.trim()) {
queryParams[key] = value.trim();
}
}
return queryParams;
}
export function isAuthorizeAuthMode(mode: string | null | undefined): boolean {
return mode?.trim() === AUTH_MODE_AUTHORIZE;
}
export function waitForAuthenticationOutcome(

10
toju-app/src/app/domains/authentication/domain/logic/auth-session.rules.spec.ts
View File

@@ -16,13 +16,9 @@ describe('auth-session.rules', () => {
} as Pick<User, 'homeSignalServerUrl'>;
it('collects home and active server urls without duplicates', () => {
expect(collectSessionTokenLookupUrls(user, 'https://signal.example.com')).toEqual([
'https://signal.example.com'
]);
expect(collectSessionTokenLookupUrls(user, 'http://localhost:3001')).toEqual([
'http://localhost:3001',
'https://signal.example.com'
]);
expect(collectSessionTokenLookupUrls(user, 'https://signal.example.com')).toEqual(['https://signal.example.com']);
expect(collectSessionTokenLookupUrls(user, 'http://localhost:3001')).toEqual(['http://localhost:3001', 'https://signal.example.com']);
});
it('requires a valid token for a known server url', () => {

53
toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.spec.ts Normal file
View File

@@ -0,0 +1,53 @@
import {
describe,
expect,
it
} from 'vitest';
import { isSelfPresenceUserId, resolveSelfPresenceUserIds } from './self-presence-identity.rules';
describe('resolveSelfPresenceUserIds', () => {
it('includes home user id and oderId', () => {
const ids = resolveSelfPresenceUserIds({
homeUserId: 'home-id',
homeOderId: 'peer-a'
});
expect([...ids]).toEqual(['home-id', 'peer-a']);
});
it('includes the per-server actor user id when provisioned on a foreign server', () => {
const ids = resolveSelfPresenceUserIds({
homeUserId: 'home-id',
homeOderId: 'peer-a',
actorUserId: 'foreign-id'
});
expect([...ids]).toEqual([
'home-id',
'peer-a',
'foreign-id'
]);
});
it('deduplicates when actor id matches home id', () => {
const ids = resolveSelfPresenceUserIds({
homeUserId: 'same-id',
homeOderId: 'same-id',
actorUserId: 'same-id'
});
expect([...ids]).toEqual(['same-id']);
});
});
describe('isSelfPresenceUserId', () => {
it('returns true when the user id is part of the self set', () => {
const selfIds = resolveSelfPresenceUserIds({
homeUserId: 'home-id',
actorUserId: 'foreign-id'
});
expect(isSelfPresenceUserId('foreign-id', selfIds)).toBe(true);
expect(isSelfPresenceUserId('other-id', selfIds)).toBe(false);
});
});

31
toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.ts Normal file
View File

@@ -0,0 +1,31 @@
export interface SelfPresenceIdentityInput {
homeUserId?: string;
homeOderId?: string;
actorUserId?: string;
}
/** Collect every user id that represents the local user on a room's signal server. */
export function resolveSelfPresenceUserIds(input: SelfPresenceIdentityInput): ReadonlySet<string> {
const ids = new Set<string>();
if (input.homeUserId?.trim()) {
ids.add(input.homeUserId.trim());
}
if (input.homeOderId?.trim()) {
ids.add(input.homeOderId.trim());
}
if (input.actorUserId?.trim()) {
ids.add(input.actorUserId.trim());
}
return ids;
}
export function isSelfPresenceUserId(
userId: string | undefined,
selfIds: ReadonlySet<string>
): boolean {
return !!userId?.trim() && selfIds.has(userId.trim());
}

55
toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.spec.ts Normal file
View File

@@ -0,0 +1,55 @@
import {
describe,
it,
expect
} from 'vitest';
import { resolveSignalIdentity } from './signal-server-credential-resolution.rules';
describe('resolveSignalIdentity', () => {
const homeUser = {
id: 'home-user-1',
displayName: 'Alice',
homeSignalServerUrl: 'https://signal.example.com'
};
it('prefers the per-signal credential when present', () => {
const resolved = resolveSignalIdentity(
{ userId: 'provisioned-1', token: 'cred-token', displayName: 'Alice On Foreign' },
{ token: 'legacy-token' },
homeUser
);
expect(resolved).toEqual({
userId: 'provisioned-1',
token: 'cred-token',
displayName: 'Alice On Foreign',
homeSignalServerUrl: 'https://signal.example.com'
});
});
it('falls back to the legacy session token using the home identity when no credential exists', () => {
const resolved = resolveSignalIdentity(
null,
{ token: 'legacy-token' },
homeUser
);
expect(resolved).toEqual({
userId: 'home-user-1',
token: 'legacy-token',
displayName: 'Alice',
homeSignalServerUrl: 'https://signal.example.com'
});
});
it('returns null when neither a credential nor a legacy token is available', () => {
expect(resolveSignalIdentity(null, null, homeUser)).toBeNull();
});
it('does not fall back to the legacy token without a known home user id', () => {
expect(resolveSignalIdentity(null, { token: 'legacy-token' }, null)).toBeNull();
expect(
resolveSignalIdentity(null, { token: 'legacy-token' }, { displayName: 'Alice' })
).toBeNull();
});
});

53
toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.ts Normal file
View File

@@ -0,0 +1,53 @@
export interface ResolvableHomeUser {
id?: string;
displayName?: string;
homeSignalServerUrl?: string;
}
export interface ResolvedSignalIdentity {
userId: string;
token: string;
displayName: string;
homeSignalServerUrl?: string;
}
/**
* Resolve the identity (oder id + session token) used to `identify` on a signal
* server.
*
* Order of precedence:
* 1. The per-signal-server credential (the authoritative source for both home
* and provisioned foreign servers).
* 2. The legacy single-session token store, reconstructed with the home user's
* identity. This keeps `identify` working for sessions restored from disk
* that pre-date the per-signal credential store (otherwise the client never
* authenticates and the user appears alone in every room).
*
* Foreign servers are never reconstructed from the legacy token: their account
* id is the provisioned id, which only the per-signal credential carries.
*/
export function resolveSignalIdentity(
credential: { userId: string; token: string; displayName: string } | null,
legacyToken: { token: string } | null,
homeUser: ResolvableHomeUser | null | undefined
): ResolvedSignalIdentity | null {
if (credential) {
return {
userId: credential.userId,
token: credential.token,
displayName: credential.displayName,
homeSignalServerUrl: homeUser?.homeSignalServerUrl
};
}
if (legacyToken && homeUser?.id) {
return {
userId: homeUser.id,
token: legacyToken.token,
displayName: homeUser.displayName ?? '',
homeSignalServerUrl: homeUser.homeSignalServerUrl
};
}
return null;
}

36
toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.spec.ts Normal file
View File

@@ -0,0 +1,36 @@
import {
describe,
it,
expect
} from 'vitest';
import {
ProvisionUsernameCollisionError,
buildProvisionUsernameCandidates,
shortHomeUserId
} from './signal-server-provision.rules';
describe('signal-server-provision.rules', () => {
it('derives a stable short id from a home user uuid', () => {
expect(shortHomeUserId('a3f2b1c4-5678-90ab-cdef-1234567890ab')).toBe('a3f2b1');
});
it('orders username candidates with preferred first then suffixed fallback', () => {
expect(
buildProvisionUsernameCandidates('alice', 'a3f2b1c4-5678-90ab-cdef-1234567890ab')
).toEqual(['alice', 'alice-a3f2b1']);
});
it('deduplicates candidates when suffix would repeat preferred username', () => {
expect(
buildProvisionUsernameCandidates('alice-a3f2b1', 'a3f2b1c4-5678-90ab-cdef-1234567890ab')
).toEqual(['alice-a3f2b1']);
});
it('exposes attempted usernames on collision errors', () => {
const error = new ProvisionUsernameCollisionError('https://signal.example.com', ['alice', 'alice-a3f2b1']);
expect(error.name).toBe('ProvisionUsernameCollisionError');
expect(error.serverUrl).toBe('https://signal.example.com');
expect(error.attemptedUsernames).toEqual(['alice', 'alice-a3f2b1']);
});
});

34
toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.ts Normal file
View File

@@ -0,0 +1,34 @@
export class ProvisionUsernameCollisionError extends Error {
constructor(
readonly serverUrl: string,
readonly attemptedUsernames: readonly string[]
) {
super(`Could not provision account on ${serverUrl}`);
this.name = 'ProvisionUsernameCollisionError';
}
}
export function shortHomeUserId(homeUserId: string): string {
return homeUserId.replace(/-/g, '').slice(0, 6)
.toLowerCase();
}
export function buildProvisionUsernameCandidates(
preferredUsername: string,
homeUserId: string
): string[] {
const trimmed = preferredUsername.trim();
if (!trimmed) {
return [];
}
const candidates = [trimmed];
const suffix = shortHomeUserId(homeUserId);
if (suffix && !trimmed.endsWith(`-${suffix}`)) {
candidates.push(`${trimmed}-${suffix}`);
}
return [...new Set(candidates)];
}

9
toju-app/src/app/domains/authentication/domain/models/signal-server-credential.model.ts Normal file
View File

@@ -0,0 +1,9 @@
export interface SignalServerCredential {
serverUrl: string;
userId: string;
username: string;
displayName: string;
token: string;
expiresAt: number;
provisioned: boolean;
}

12
toju-app/src/app/domains/authentication/feature/login/login.component.html
View File

@@ -5,9 +5,19 @@
name="lucideLogIn"
class="w-5 h-5 text-primary"
/>
<h1 class="text-lg font-semibold text-foreground">{{ 'auth.login.title' | translate }}</h1>
<h1 class="text-lg font-semibold text-foreground">
@if (isAuthorizeMode()) {
{{ 'auth.authorize.title' | translate: { serverName: authorizeServerName() } }}
} @else {
{{ 'auth.login.title' | translate }}
}
</h1>
</div>
@if (isAuthorizeMode()) {
<p class="text-xs text-muted-foreground mb-4">{{ 'auth.authorize.description' | translate }}</p>
}
<form
class="space-y-3"
(ngSubmit)="submit()"

48
toju-app/src/app/domains/authentication/feature/login/login.component.ts
View File

@@ -1,6 +1,7 @@
import {
Component,
computed,
inject,
OnInit,
signal
@@ -21,7 +22,9 @@ import {
import { AuthenticationService } from '../../application/services/authentication.service';
import { ServerDirectoryFacade } from '../../../server-directory';
import {
AUTH_MODE_AUTHORIZE,
buildLoginReturnQueryParams,
isAuthorizeAuthMode,
resolveSafeReturnUrl,
waitForAuthenticationOutcome
} from '../../domain/logic/auth-navigation.rules';
@@ -56,6 +59,13 @@ export class LoginComponent implements OnInit {
password = '';
serverId: string | undefined = this.serversSvc.activeServer()?.id;
error = signal<string | null>(null);
readonly isAuthorizeMode = signal(false);
readonly authorizeServerName = computed(() => {
const sid = this.serverId || this.serversSvc.activeServer()?.id;
const endpoint = this.servers().find((server) => server.id === sid);
return endpoint?.name ?? this.appI18n.instant('auth.authorize.defaultServerName');
});
private readonly appI18n = inject(AppI18nService);
private auth = inject(AuthenticationService);
@@ -68,6 +78,19 @@ export class LoginComponent implements OnInit {
trackById(_index: number, item: { id: string }) { return item.id; }
ngOnInit(): void {
const mode = this.route.snapshot.queryParamMap.get('mode');
const requestedServerId = this.route.snapshot.queryParamMap.get('serverId')?.trim();
this.isAuthorizeMode.set(isAuthorizeAuthMode(mode));
if (requestedServerId) {
this.serverId = requestedServerId;
}
if (this.isAuthorizeMode()) {
return;
}
this.store.select(selectCurrentUser).pipe(
filter(Boolean),
take(1)
@@ -88,8 +111,24 @@ export class LoginComponent implements OnInit {
password: this.password,
serverId: sid }).subscribe({
next: async (resp) => {
if (sid)
const serverUrl = this.auth.resolveServerUrlFor(sid);
if (this.isAuthorizeMode()) {
this.store.dispatch(UsersActions.authorizeSignalServer({
serverUrl,
response: resp,
provisioned: false
}));
const returnUrl = resolveSafeReturnUrl(this.route.snapshot.queryParamMap.get('returnUrl'));
await this.router.navigateByUrl(returnUrl);
return;
}
if (sid) {
this.serversSvc.setActiveServer(sid);
}
const homeSignalServerUrl = this.serversSvc.servers().find((server) => server.id === sid)?.url
?? this.serversSvc.activeServer()?.url;
@@ -104,7 +143,7 @@ export class LoginComponent implements OnInit {
homeSignalServerUrl
};
this.store.dispatch(UsersActions.authenticateUser({ user }));
this.store.dispatch(UsersActions.authenticateUser({ user, loginResponse: resp }));
const outcome = await firstValueFrom(waitForAuthenticationOutcome(this.actions$));
@@ -126,7 +165,10 @@ export class LoginComponent implements OnInit {
/** Navigate to the registration page. */
goRegister() {
this.router.navigate(['/register'], {
queryParams: buildLoginReturnQueryParams(this.router.url)
queryParams: buildLoginReturnQueryParams(this.router.url, undefined, {
mode: this.isAuthorizeMode() ? AUTH_MODE_AUTHORIZE : undefined,
serverId: this.serverId
})
});
}
}

12
toju-app/src/app/domains/authentication/feature/register/register.component.html
View File

@@ -5,9 +5,19 @@
name="lucideUserPlus"
class="w-5 h-5 text-primary"
/>
<h1 class="text-lg font-semibold text-foreground">{{ 'auth.register.title' | translate }}</h1>
<h1 class="text-lg font-semibold text-foreground">
@if (isAuthorizeMode()) {
{{ 'auth.authorize.registerTitle' | translate: { serverName: authorizeServerName() } }}
} @else {
{{ 'auth.register.title' | translate }}
}
</h1>
</div>
@if (isAuthorizeMode()) {
<p class="text-xs text-muted-foreground mb-4">{{ 'auth.authorize.description' | translate }}</p>
}
<form
class="space-y-3"
(ngSubmit)="submit()"

49
toju-app/src/app/domains/authentication/feature/register/register.component.ts
View File

@@ -1,7 +1,9 @@
import {
Component,
computed,
inject,
OnInit,
signal
} from '@angular/core';
import { CommonModule } from '@angular/common';
@@ -16,7 +18,9 @@ import { firstValueFrom } from 'rxjs';
import { AuthenticationService } from '../../application/services/authentication.service';
import { ServerDirectoryFacade } from '../../../server-directory';
import {
AUTH_MODE_AUTHORIZE,
buildLoginReturnQueryParams,
isAuthorizeAuthMode,
resolveSafeReturnUrl,
waitForAuthenticationOutcome
} from '../../domain/logic/auth-navigation.rules';
@@ -42,7 +46,7 @@ import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/d
/**
* Registration form allowing new users to create an account on a selected server.
*/
export class RegisterComponent {
export class RegisterComponent implements OnInit {
serversSvc = inject(ServerDirectoryFacade);
servers = this.serversSvc.servers;
@@ -51,6 +55,13 @@ export class RegisterComponent {
password = '';
serverId: string | undefined = this.serversSvc.activeServer()?.id;
error = signal<string | null>(null);
readonly isAuthorizeMode = signal(false);
readonly authorizeServerName = computed(() => {
const sid = this.serverId || this.serversSvc.activeServer()?.id;
const endpoint = this.servers().find((server) => server.id === sid);
return endpoint?.name ?? this.appI18n.instant('auth.authorize.defaultServerName');
});
private readonly appI18n = inject(AppI18nService);
private auth = inject(AuthenticationService);
@@ -62,6 +73,17 @@ export class RegisterComponent {
/** TrackBy function for server list rendering. */
trackById(_index: number, item: { id: string }) { return item.id; }
ngOnInit(): void {
const mode = this.route.snapshot.queryParamMap.get('mode');
const requestedServerId = this.route.snapshot.queryParamMap.get('serverId')?.trim();
this.isAuthorizeMode.set(isAuthorizeAuthMode(mode));
if (requestedServerId) {
this.serverId = requestedServerId;
}
}
/** Validate and submit the registration form, then navigate to search on success. */
submit() {
this.error.set(null);
@@ -72,8 +94,24 @@ export class RegisterComponent {
displayName: this.displayName.trim(),
serverId: sid }).subscribe({
next: async (resp) => {
if (sid)
const serverUrl = this.auth.resolveServerUrlFor(sid);
if (this.isAuthorizeMode()) {
this.store.dispatch(UsersActions.authorizeSignalServer({
serverUrl,
response: resp,
provisioned: false
}));
const returnUrl = resolveSafeReturnUrl(this.route.snapshot.queryParamMap.get('returnUrl'));
await this.router.navigateByUrl(returnUrl);
return;
}
if (sid) {
this.serversSvc.setActiveServer(sid);
}
const homeSignalServerUrl = this.serversSvc.servers().find((server) => server.id === sid)?.url
?? this.serversSvc.activeServer()?.url;
@@ -88,7 +126,7 @@ export class RegisterComponent {
homeSignalServerUrl
};
this.store.dispatch(UsersActions.authenticateUser({ user }));
this.store.dispatch(UsersActions.authenticateUser({ user, loginResponse: resp }));
const outcome = await firstValueFrom(waitForAuthenticationOutcome(this.actions$));
@@ -110,7 +148,10 @@ export class RegisterComponent {
/** Navigate to the login page. */
goLogin() {
this.router.navigate(['/login'], {
queryParams: buildLoginReturnQueryParams(this.router.url)
queryParams: buildLoginReturnQueryParams(this.router.url, undefined, {
mode: this.isAuthorizeMode() ? AUTH_MODE_AUTHORIZE : undefined,
serverId: this.serverId
})
});
}
}

9
toju-app/src/app/domains/authentication/index.ts
View File

@@ -1,3 +1,12 @@
export * from './application/services/authentication.service';
export * from './application/services/auth-token-store.service';
export * from './application/services/signal-server-auth.service';
export * from './application/services/signal-server-authorize.service';
export * from './application/services/signal-server-credential-store.service';
export * from './application/services/signal-server-provisioner.service';
export * from './application/services/signal-server-provision-notice.service';
export * from './application/services/provision-secret-store.service';
export * from './domain/models/authentication.model';
export * from './domain/models/signal-server-credential.model';
export * from './domain/logic/signal-server-provision.rules';
export * from './domain/logic/auth-navigation.rules';

4
toju-app/src/app/domains/chat/domain/rules/message-integrity.rules.ts
View File

@@ -21,14 +21,14 @@ export interface InventoryIntegritySnapshot {
headHash: string;
}
export type RemoteInventoryItem = {
export interface RemoteInventoryItem {
id: string;
ts: number;
rc?: number;
ac?: number;
revision?: number;
headHash?: string;
};
}
export type MessageRevisionAction = MessageRevisionType;

6
toju-app/src/app/domains/chat/domain/rules/message-revision-signing.rules.spec.ts
View File

@@ -5,10 +5,7 @@ import {
vi
} from 'vitest';
import type { MessageRevision } from '../../../../shared-kernel';
import {
attachRevisionSignatureIfPossible,
shouldAcceptRevisionWithoutRegisteredKey
} from './message-revision-signing.rules';
import { attachRevisionSignatureIfPossible, shouldAcceptRevisionWithoutRegisteredKey } from './message-revision-signing.rules';
describe('message-revision-signing.rules', () => {
const revision: MessageRevision = {
@@ -43,6 +40,7 @@ describe('message-revision-signing.rules', () => {
...revision,
signature: 'signature'
}, null)).toBe(true);
expect(shouldAcceptRevisionWithoutRegisteredKey(revision, null)).toBe(false);
});
});

6
toju-app/src/app/domains/chat/domain/rules/message-sync.rules.spec.ts
View File

@@ -7,11 +7,7 @@ import { findMissingIds } from './message-sync.rules';
describe('message-sync.rules', () => {
it('requests ids with newer revision or mismatched head hash', () => {
const localMap = new Map([
['m1', { ts: 10, rc: 0, ac: 0, revision: 1, headHash: 'aaa' }],
['m2', { ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' }]
]);
const localMap = new Map([['m1', { ts: 10, rc: 0, ac: 0, revision: 1, headHash: 'aaa' }], ['m2', { ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' }]]);
const missing = findMissingIds([
{ id: 'm1', ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'ccc' },
{ id: 'm2', ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' },

2
toju-app/src/app/domains/chat/feature/typing-indicator/typing-indicator.component.ts
View File

@@ -1,4 +1,4 @@
/* eslint-disable @typescript-eslint/member-ordering, id-length, id-denylist, */
/* eslint-disable @typescript-eslint/member-ordering, */
import {
Component,
computed,

1
toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.spec.ts
View File

@@ -94,6 +94,7 @@ describe('CustomEmojiPickerComponent', () => {
}
]
});
initializeAppI18nForTests(injector);
return runInInjectionContext(injector, () => injector.get(CustomEmojiPickerComponent));

5
toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.ts
View File

@@ -22,10 +22,7 @@ import {
import { CustomEmoji, EmojiShortcutEntry } from '../../../../shared-kernel';
import { CustomEmojiService } from '../../application/custom-emoji.service';
import { APP_TRANSLATE_IMPORTS, AppI18nService } from '../../../../core/i18n';
import {
AutoFocusDirective,
SelectOnFocusDirective
} from '../../../../shared/directives';
import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
import {
CUSTOM_EMOJI_ACCEPT_ATTRIBUTE,
UNICODE_EMOJI_PICKER_ENTRIES,

7
toju-app/src/app/domains/direct-call/application/services/direct-call.service.spec.ts
View File

@@ -9,7 +9,11 @@ import { Router } from '@angular/router';
import { Store } from '@ngrx/store';
import { Subject } from 'rxjs';
import { NotificationAudioService, AppSound } from '../../../../core/services/notification-audio.service';
import { MobileCallSessionService, MobileMediaService, MobileNotificationsService } from '../../../../infrastructure/mobile';
import {
MobileCallSessionService,
MobileMediaService,
MobileNotificationsService
} from '../../../../infrastructure/mobile';
import { initializeAppI18nForTests, provideAppI18nForTests } from '../../../../core/i18n/app-i18n.testing';
import { ViewportService } from '../../../../core/platform';
import {
@@ -575,6 +579,7 @@ function createServiceContext(options: ServiceContextOptions): ServiceContext {
...provideAppI18nForTests()
]
});
initializeAppI18nForTests(injector);
return {

5
toju-app/src/app/domains/direct-call/application/services/direct-call.service.ts
View File

@@ -21,10 +21,7 @@ import {
VoiceConnectionFacade,
VoicePlaybackService
} from '../../../voice-connection';
import {
VoiceSessionFacade,
isVoiceOnAnotherClient
} from '../../../voice-session';
import { VoiceSessionFacade, isVoiceOnAnotherClient } from '../../../voice-session';
import { RealtimeSessionFacade } from '../../../../core/realtime';
import { DirectMessageService, PeerDeliveryService } from '../../../direct-message';
import type { DirectMessageConversation } from '../../../direct-message';

5
toju-app/src/app/domains/direct-message/feature/find-people/find-people.component.ts
View File

@@ -17,10 +17,7 @@ import {
} from '@ng-icons/lucide';
import { AppI18nService, APP_TRANSLATE_IMPORTS } from '../../../../core/i18n';
import {
AutoFocusDirective,
SelectOnFocusDirective
} from '../../../../shared/directives';
import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
import { UserSearchListComponent } from '../user-search-list/user-search-list.component';
import { selectAllUsers } from '../../../../store/users/users.selectors';
import { selectSavedRooms } from '../../../../store/rooms/rooms.selectors';

6
toju-app/src/app/domains/direct-message/feature/friend-button/friend-button.component.ts
View File

@@ -15,7 +15,11 @@ import type { User } from '../../../../shared-kernel';
@Component({
selector: 'app-friend-button',
standalone: true,
imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
imports: [
CommonModule,
NgIcon,
...APP_TRANSLATE_IMPORTS
],
viewProviders: [provideIcons({ lucideUserCheck, lucideUserPlus })],
templateUrl: './friend-button.component.html'
})

6
toju-app/src/app/domains/experimental-media/feature/experimental-vlc-player/experimental-vlc-player.component.ts
View File

@@ -23,7 +23,11 @@ import { ExperimentalVlcPlayerHandle, ExperimentalVlcRuntimeService } from '../.
@Component({
selector: 'app-experimental-vlc-player',
standalone: true,
imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
imports: [
CommonModule,
NgIcon,
...APP_TRANSLATE_IMPORTS
],
viewProviders: [
provideIcons({
lucideDownload,

1
toju-app/src/app/domains/game-activity/application/game-activity.service.spec.ts
View File

@@ -232,6 +232,7 @@ function createServiceContext(options: ServiceContextOptions): ServiceContext {
}
]
});
initializeAppI18nForTests(injector);
const service = runInInjectionContext(injector, () => new GameActivityService());
const context = {

6
toju-app/src/app/domains/notifications/feature/settings/notifications-settings/notifications-settings.component.ts
View File

@@ -21,7 +21,11 @@ import { APP_TRANSLATE_IMPORTS } from '../../../../../core/i18n';
@Component({
selector: 'app-notifications-settings',
standalone: true,
imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
imports: [
CommonModule,
NgIcon,
...APP_TRANSLATE_IMPORTS
],
viewProviders: [
provideIcons({
lucideBell,

2
toju-app/src/app/domains/plugins/application/services/plugin-client-api.service.spec.ts
View File

@@ -125,6 +125,7 @@ describe('PluginClientApiService', () => {
})
})
);
expect(context.voice.broadcastMessage).toHaveBeenCalledWith(expect.objectContaining({
type: 'chat-message',
message: expect.objectContaining({
@@ -132,6 +133,7 @@ describe('PluginClientApiService', () => {
roomId: 'room-1'
})
}));
expect(context.messageRevisions.broadcastRevision).toHaveBeenCalled();
});

12
toju-app/src/app/domains/plugins/application/services/plugin-host.service.ts
View File

@@ -17,6 +17,7 @@ import type {
LocalPluginRegistrationResult,
RegisteredPlugin
} from '../../domain/models/plugin-runtime.models';
import { isSecurePluginRemoteUrl } from '../../domain/rules/plugin-source-url.rules';
import { LocalPluginDiscoveryService } from '../../infrastructure/local-plugin-discovery.service';
import { PluginCapabilityService } from './plugin-capability.service';
import { PluginDesktopStateService } from './plugin-desktop-state.service';
@@ -24,10 +25,7 @@ import { PluginClientApiService } from './plugin-client-api.service';
import { PluginLoggerService } from './plugin-logger.service';
import { PluginRegistryService } from './plugin-registry.service';
import { PluginUiRegistryService } from './plugin-ui-registry.service';
import {
fileUrlToPath,
grantPluginReadRoots
} from '../../domain/rules/plugin-local-file.rules';
import { fileUrlToPath, grantPluginReadRoots } from '../../domain/rules/plugin-local-file.rules';
interface ActivePluginRuntime {
context: TojuPluginActivationContext;
@@ -379,7 +377,7 @@ export class PluginHostService {
return { module, moduleObjectUrl };
}
if (!entrypointUrl.startsWith('file://') && !entrypointUrl.startsWith('https://')) {
if (!entrypointUrl.startsWith('file://') && !isSecurePluginRemoteUrl(entrypointUrl)) {
throw new Error('Remote plugin entrypoints must use HTTPS');
}
@@ -388,7 +386,7 @@ export class PluginHostService {
module: await import(/* @vite-ignore */ entrypointUrl) as TojuClientPluginModule
};
} catch (error) {
if (!entrypointUrl.startsWith('https://')) {
if (!isSecurePluginRemoteUrl(entrypointUrl)) {
throw error;
}
@@ -420,7 +418,7 @@ export class PluginHostService {
}
private async createRemoteModuleObjectUrl(entrypointUrl: string, manifest: TojuPluginManifest): Promise<string> {
if (!entrypointUrl.startsWith('https://')) {
if (!isSecurePluginRemoteUrl(entrypointUrl)) {
throw new Error('Remote plugin entrypoints must use HTTPS');
}

18
toju-app/src/app/domains/plugins/application/services/plugin-store.service.spec.ts
View File

@@ -238,6 +238,22 @@ describe('PluginStoreService', () => {
url: plugin.readmeUrl
});
});
it('allows localhost HTTP plugin source URLs for local dev and E2E', async () => {
const localSourceUrl = 'http://localhost:4200/plugins/e2e-plugin-source.json';
mockFetchResponses(fetchMock, {
[localSourceUrl]: jsonResponse({
title: 'Local E2E Source',
plugins: []
})
});
const service = createService(registerLocalManifest, unregister);
await expect(service.addSourceUrl(localSourceUrl)).resolves.toBeUndefined();
expect(service.sourceUrls()).toContain(localSourceUrl);
});
});
function mockFetchResponses(fetchMock: ReturnType<typeof vi.fn>, responses: Record<string, Response>): void {
@@ -312,8 +328,8 @@ function createService(
}
]
});
const service = injector.get(PluginStoreService);
injector.get(AppI18nService).initialize();
return service;

10
toju-app/src/app/domains/plugins/application/services/plugin-store.service.ts
View File

@@ -11,6 +11,7 @@ import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
import { Store } from '@ngrx/store';
import { firstValueFrom } from 'rxjs';
import { environment } from '../../../../../environments/environment';
import { isLocalDevPluginSourceUrl } from '../../domain/rules/plugin-source-url.rules';
import { RealtimeSessionFacade } from '../../../../core/realtime';
import { AppI18nService } from '../../../../core/i18n';
import { getUserScopedStorageKey } from '../../../../core/storage/current-user-storage';
@@ -45,10 +46,7 @@ import { PluginCapabilityService } from './plugin-capability.service';
import { PluginDesktopStateService } from './plugin-desktop-state.service';
import { PluginRequirementService } from './plugin-requirement.service';
import { PluginRegistryService } from './plugin-registry.service';
import {
fileUrlToPath,
grantPluginReadRoots
} from '../../domain/rules/plugin-local-file.rules';
import { fileUrlToPath, grantPluginReadRoots } from '../../domain/rules/plugin-local-file.rules';
const STORE_SCHEMA_VERSION = 2;
const STORAGE_KEY_PLUGIN_STORE = 'metoyou_plugin_store';
@@ -172,8 +170,8 @@ export class PluginStoreService {
}
this.sourceUrlsSignal.update((sourceUrls) => [...sourceUrls, sourceUrl]);
await this.ensurePluginSourceReadRoot(sourceUrl);
this.saveState();
await this.ensurePluginSourceReadRoot(sourceUrl);
await this.refreshSources();
}
@@ -514,7 +512,7 @@ export class PluginStoreService {
return await this.readLocalFileUrl(url);
}
if (!url.startsWith('https://')) {
if (!url.startsWith('https://') && !isLocalDevPluginSourceUrl(url)) {
throw new Error('Remote plugin store requests must use HTTPS');
}

20
toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.spec.ts
View File

@@ -1,4 +1,8 @@
import { describe, expect, it } from 'vitest';
import {
describe,
expect,
it
} from 'vitest';
import {
collectPluginReadRoots,
fileUrlToPath,
@@ -15,18 +19,12 @@ describe('plugin-local-file.rules', () => {
expect(collectPluginReadRoots(
'file:///home/ludde/Desktop/TestPlugin/plugin-source.json',
'file:///home/ludde/Desktop/TestPlugin/dist/main.js'
)).toEqual([
'/home/ludde/Desktop/TestPlugin',
'/home/ludde/Desktop/TestPlugin/dist'
]);
)).toEqual(['/home/ludde/Desktop/TestPlugin', '/home/ludde/Desktop/TestPlugin/dist']);
});
it('treats directory file URLs as their own read roots', () => {
expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin/')).toEqual([
'/home/ludde/Desktop/TestPlugin'
]);
expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin')).toEqual([
'/home/ludde/Desktop/TestPlugin'
]);
expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin/')).toEqual(['/home/ludde/Desktop/TestPlugin']);
expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin')).toEqual(['/home/ludde/Desktop/TestPlugin']);
});
});

7
toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.ts
View File

@@ -8,7 +8,8 @@ export function pluginFileParentDir(filePath: string): string {
}
export function pluginReadRootForFileUrl(fileUrl: string): string {
const filePath = fileUrlToPath(fileUrl).replace(/\\/g, '/').replace(/\/+$/, '');
const filePath = fileUrlToPath(fileUrl).replace(/\\/g, '/')
.replace(/\/+$/, '');
const basename = filePath.split('/').pop() ?? '';
if (fileUrl.endsWith('/') || !basename.includes('.')) {
@@ -18,7 +19,7 @@ export function pluginReadRootForFileUrl(fileUrl: string): string {
return pluginFileParentDir(filePath);
}
export function collectPluginReadRoots(...fileUrls: Array<string | undefined>): string[] {
export function collectPluginReadRoots(...fileUrls: (string | undefined)[]): string[] {
const roots = new Set<string>();
for (const fileUrl of fileUrls) {
@@ -34,7 +35,7 @@ export function collectPluginReadRoots(...fileUrls: Array<string | undefined>):
export async function grantPluginReadRoots(
api: Pick<ElectronApi, 'grantPluginReadRoot'> | null | undefined,
...fileUrls: Array<string | undefined>
...fileUrls: (string | undefined)[]
): Promise<void> {
if (!api?.grantPluginReadRoot) {
return;

16
toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.spec.ts Normal file
View File

@@ -0,0 +1,16 @@
import { isLocalDevPluginSourceUrl, isSecurePluginRemoteUrl } from './plugin-source-url.rules';
describe('plugin source URL rules', () => {
it('treats localhost HTTP URLs as local dev plugin sources', () => {
expect(isLocalDevPluginSourceUrl('http://localhost:4200/plugins/e2e-plugin-source.json')).toBe(true);
expect(isLocalDevPluginSourceUrl('http://127.0.0.1:4200/plugins/e2e-plugin-source.json')).toBe(true);
expect(isLocalDevPluginSourceUrl('http://example.com/plugins.json')).toBe(false);
expect(isLocalDevPluginSourceUrl('https://localhost/plugins.json')).toBe(false);
});
it('accepts HTTPS and localhost HTTP as secure remote plugin URLs', () => {
expect(isSecurePluginRemoteUrl('https://plugins.example.test/index.json')).toBe(true);
expect(isSecurePluginRemoteUrl('http://localhost:4200/plugins/e2e-plugin-source.json')).toBe(true);
expect(isSecurePluginRemoteUrl('http://example.com/plugins.json')).toBe(false);
});
});

14
toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.ts Normal file
View File

@@ -0,0 +1,14 @@
export function isLocalDevPluginSourceUrl(url: string): boolean {
try {
const parsed = new URL(url);
return parsed.protocol === 'http:'
&& (parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1');
} catch {
return false;
}
}
export function isSecurePluginRemoteUrl(url: string): boolean {
return url.startsWith('https://') || isLocalDevPluginSourceUrl(url);
}

6
toju-app/src/app/domains/profile-avatar/feature/profile-avatar-editor/profile-avatar-editor.component.ts
View File

@@ -23,7 +23,11 @@ import {
@Component({
selector: 'app-profile-avatar-editor',
standalone: true,
imports: [CommonModule, ModalBackdropComponent, ...APP_TRANSLATE_IMPORTS],
imports: [
CommonModule,
ModalBackdropComponent,
...APP_TRANSLATE_IMPORTS
],
templateUrl: './profile-avatar-editor.component.html'
})
export class ProfileAvatarEditorComponent {

39
toju-app/src/app/domains/server-directory/application/services/server-directory.service.ts
View File

@@ -29,6 +29,7 @@ import {
import { ServerEndpointCompatibilityService } from '../../infrastructure/services/server-endpoint-compatibility.service';
import { ServerEndpointHealthService } from '../../infrastructure/services/server-endpoint-health.service';
import { ServerEndpointStateService } from './server-endpoint-state.service';
import { SignalServerAuthService } from '../../../authentication/application/services/signal-server-auth.service';
@Injectable({ providedIn: 'root' })
export class ServerDirectoryService {
@@ -41,6 +42,7 @@ export class ServerDirectoryService {
private readonly endpointCompatibility = inject(ServerEndpointCompatibilityService);
private readonly endpointHealth = inject(ServerEndpointHealthService);
private readonly api = inject(ServerDirectoryApiService);
private readonly signalServerAuth = inject(SignalServerAuthService);
private readonly initialServerHealthCheck: Promise<void>;
private shouldSearchAllServers = true;
@@ -217,6 +219,10 @@ export class ServerDirectoryService {
healthResult.serverTag
);
if (healthResult.status === 'online' && endpoint.isActive) {
void this.signalServerAuth.ensureProvisioned(endpoint.url).catch(() => undefined);
}
return healthResult.status === 'online';
}
@@ -286,7 +292,13 @@ export class ServerDirectoryService {
request: ServerJoinAccessRequest,
selector?: ServerSourceSelector
): Observable<ServerJoinAccessResponse> {
return this.api.requestJoin(request, selector);
const actorUserId = this.resolveActorUserId(request.userId, selector);
return this.api.requestJoin({
...request,
userId: actorUserId,
userPublicKey: actorUserId
}, selector);
}
createInvite(
@@ -326,7 +338,7 @@ export class ServerDirectoryService {
}
notifyLeave(serverId: string, userId: string, selector?: ServerSourceSelector): Observable<void> {
return this.api.notifyLeave(serverId, userId, selector);
return this.api.notifyLeave(serverId, this.resolveActorUserId(userId, selector), selector);
}
updateUserCount(serverId: string, count: number): Observable<void> {
@@ -353,4 +365,27 @@ export class ServerDirectoryService {
this.shouldSearchAllServers = true;
}
}
private resolveActorUserId(userId: string, selector?: ServerSourceSelector): string {
return this.signalServerAuth.resolveActorUserIdForServer(
this.resolveSelectorServerUrl(selector),
userId
);
}
private resolveSelectorServerUrl(selector?: ServerSourceSelector): string | undefined {
const sourceUrl = selector?.sourceUrl?.trim();
if (sourceUrl) {
return this.endpointState.sanitiseUrl(sourceUrl);
}
const sourceId = selector?.sourceId?.trim();
if (sourceId) {
return this.servers().find((endpoint) => endpoint.id === sourceId)?.url;
}
return this.activeServer()?.url;
}
}

6
toju-app/src/app/domains/server-directory/feature/create-server-dialog/create-server-dialog.component.ts
View File

@@ -20,10 +20,7 @@ import { ServerDirectoryFacade } from '../../application/facades/server-director
import { ThemeNodeDirective } from '../../../theme';
import { ViewportService } from '../../../../core/platform';
import { BottomSheetComponent, ModalBackdropComponent } from '../../../../shared';
import {
AutoFocusDirective,
SelectOnFocusDirective
} from '../../../../shared/directives';
import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
import { CATEGORY_PRESETS, ServerCategoryPreset } from '../create-server/create-server.component';
/**
@@ -114,6 +111,7 @@ export class CreateServerDialogComponent {
this.router.navigate(['/login'], {
queryParams: buildLoginReturnQueryParams(this.router.url)
});
return;
}

1
toju-app/src/app/domains/server-directory/feature/find-servers/find-servers.component.spec.ts
View File

@@ -52,6 +52,7 @@ function createHarness(options: HarnessOptions = {}) {
...provideAppI18nForTests()
]
});
initializeAppI18nForTests(injector);
const component = runInInjectionContext(injector, () => injector.get(FindServersComponent));

17
toju-app/src/app/domains/server-directory/feature/invite/invite.component.ts
View File

@@ -18,6 +18,7 @@ import { DatabaseService } from '../../../../infrastructure/persistence';
import { ServerDirectoryFacade } from '../../application/facades/server-directory.facade';
import { User } from '../../../../shared-kernel';
import { buildLoginReturnQueryParams } from '../../../authentication/domain/logic/auth-navigation.rules';
import { SignalServerAuthorizeService } from '../../../authentication/application/services/signal-server-authorize.service';
@Component({
selector: 'app-invite',
@@ -26,19 +27,22 @@ import { buildLoginReturnQueryParams } from '../../../authentication/domain/logi
templateUrl: './invite.component.html'
})
export class InviteComponent implements OnInit {
private readonly i18n = inject(AppI18nService);
readonly currentUser = inject(Store).selectSignal(selectCurrentUser);
readonly invite = signal<ServerInviteInfo | null>(null);
readonly status = signal<'loading' | 'redirecting' | 'joining' | 'error'>('loading');
readonly message = signal(this.i18n.instant('servers.invite.messages.loading'));
readonly message = signal('');
private readonly i18n = inject(AppI18nService);
private readonly route = inject(ActivatedRoute);
private readonly router = inject(Router);
private readonly store = inject(Store);
private readonly serverDirectory = inject(ServerDirectoryFacade);
private readonly databaseService = inject(DatabaseService);
private readonly signalServerAuthorize = inject(SignalServerAuthorizeService);
async ngOnInit(): Promise<void> {
this.message.set(this.i18n.instant('servers.invite.messages.loading'));
const inviteContext = this.resolveInviteContext();
if (!inviteContext) {
@@ -127,6 +131,15 @@ export class InviteComponent implements OnInit {
this.message.set(this.i18n.instant('servers.invite.messages.joining', { name: invite.server.name }));
const currentUser = await this.hydrateCurrentUser();
const hasCredential = await this.signalServerAuthorize.ensureCredentialForServerUrl(context.sourceUrl);
if (!hasCredential) {
this.status.set('redirecting');
this.message.set(this.i18n.instant('servers.invite.messages.redirectingAuthorize'));
return;
}
const joinResponse = await firstValueFrom(this.serverDirectory.requestJoin({
roomId: invite.server.id,
userId: currentUserId,

1
toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.spec.ts
View File

@@ -114,6 +114,7 @@ function createHarness(options: HarnessOptions = {}) {
...provideAppI18nForTests()
]
});
initializeAppI18nForTests(injector);
const component = runInInjectionContext(injector, () => injector.get(ServerBrowserComponent));

10
toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.ts
View File

@@ -32,6 +32,7 @@ import {
import { AppI18nService, APP_TRANSLATE_IMPORTS } from '../../../../core/i18n';
import { setStoredCurrentUserId } from '../../../../core/storage/current-user-storage';
import { buildLoginReturnQueryParams } from '../../../authentication/domain/logic/auth-navigation.rules';
import { SignalServerAuthorizeService } from '../../../authentication/application/services/signal-server-authorize.service';
import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
import { RoomsActions } from '../../../../store/rooms/rooms.actions';
import {
@@ -124,6 +125,7 @@ export class ServerBrowserComponent implements OnInit {
private pluginStore = inject(PluginStoreService);
private injector = inject(Injector);
private readonly i18n = inject(AppI18nService);
private readonly signalServerAuthorize = inject(SignalServerAuthorizeService);
private searchSubject = new Subject<string>();
private banLookupRequestVersion = 0;
@@ -530,6 +532,14 @@ export class ServerBrowserComponent implements OnInit {
}
}
if (server.sourceUrl) {
const hasCredential = await this.signalServerAuthorize.ensureCredentialForServerUrl(server.sourceUrl);
if (!hasCredential) {
return;
}
}
const response = await firstValueFrom(
this.serverDirectory.requestJoin(
{

1
toju-app/src/app/domains/theme/application/services/theme.service.spec.ts
View File

@@ -28,6 +28,7 @@ describe('ThemeService theme application', () => {
useValue: createDocumentStub(styleElements)
}
]);
initializeAppI18nForTests(injector);
service = injector.get(ThemeService);

7
toju-app/src/app/domains/theme/application/services/theme.service.ts
View File

@@ -347,7 +347,12 @@ export class ThemeService {
return false;
}
this.commitTheme(result.value, stringifyTheme(result.value), this.appI18n.instant('theme.status.presetApplied', { name: result.value.meta.name }));
this.commitTheme(
result.value,
stringifyTheme(result.value),
this.appI18n.instant('theme.status.presetApplied', { name: result.value.meta.name })
);
return true;
}

5
toju-app/src/app/domains/theme/feature/theme-picker-overlay/theme-picker-overlay.component.ts
View File

@@ -12,10 +12,7 @@ import { ThemeRegistryService } from '../../application/services/theme-registry.
@Component({
selector: 'app-theme-picker-overlay',
standalone: true,
imports: [
CommonModule,
...APP_TRANSLATE_IMPORTS
],
imports: [CommonModule, ...APP_TRANSLATE_IMPORTS],
templateUrl: './theme-picker-overlay.component.html'
})
export class ThemePickerOverlayComponent {

6
toju-app/src/app/domains/voice-session/domain/logic/client-voice-session.rules.spec.ts
View File

@@ -1,4 +1,8 @@
import { describe, expect, it } from 'vitest';
import {
describe,
expect,
it
} from 'vitest';
import type { VoiceState } from '../../../../shared-kernel';
import {
isLocalVoiceOwner,