mirror of
https://github.com/openfrontio/OpenFrontIO.git
synced 2026-07-11 20:28:09 +00:00
0a44f4d3db
Client-side CrazyGames login: exchange the SDK user token for our session, then surface that identity in the UI. Implements the client side of the [CrazyGames login handoff guide](https://docs.crazygames.com/sdk/user/). On CrazyGames we exchange the SDK's user token for our own session via `POST /auth/crazygames`, instead of the cookie-based `/auth/refresh` (the refresh cookie is `SameSite=Lax` and unusable from the CrazyGames iframe). - **`CrazyGamesSDK.ts`** — `getUserToken()` wrapper (awaits `ready()`, gates on `isUserAccountAvailable`, returns `null` on throw / no signed-in user). - **`Auth.ts`** — `doRefreshJwt()` routes to `doCrazyGamesLogin()` when on CrazyGames with a signed-in account; a `null` token (guest / no account) falls through to the existing `/auth/refresh` flow. `reauthAfterCrazyGamesChange()` drops the cached session on a mid-session sign-in. - **`Main.ts`** — `addAuthListener` re-runs auth + `getUserMe()` when the player signs into CrazyGames mid-session. Everything funnels through the existing `userAuth()` → `refreshJwt()` path, so **startup login and the 15-min re-exchange on expiry come for free** — no new expiry/polling code. - **Account button** shows the CrazyGames avatar + username when signed in (clicking opens the account modal), or a **"Sign in"** that opens CrazyGames' own `showAuthPrompt()` when a guest. Wired across every entry point: the desktop nav pill, the mobile hamburger item (un-hidden on CrazyGames by dropping `.no-crazygames`), and — since CrazyGames renders below the `lg` breakpoint where the desktop nav is hidden — a new button in the **homepage top bar's** right slot. - **AccountModal** treats the CrazyGames user as logged-in: "Connected as" avatar + username, currency/subscription, and stats/games/friends. **No Discord/Google/email login+link buttons and no logout** (CrazyGames owns the account). A guest who reaches the modal gets a CrazyGames sign-in button, never Discord/Google. - **`CrazyGamesSDK.ts`** — `getUserProfile()` + `showAuthPrompt()` wrappers; `profilePictureUrl` added to the user type. Identity comes from the SDK (`getUser()`), not `/users/@me`, which doesn't surface CrazyGames identity yet. - **Signed-in CrazyGames account** → real backend session; avatar + username in the top bar; CrazyGames-only account modal. - **CrazyGames guest / not signed in** → silent fallback to guest; "Sign in" button opens `showAuthPrompt()`; auto-logged-in the moment they sign in (via `addAuthListener`). - **Not on CrazyGames** → completely unchanged. - `npx tsc --noEmit` — clean - `npx eslint` on changed files — clean - No new i18n keys (reuses `main.sign_in`, `account_modal.*`). - No unit tests: this repo tests core sim only, and CrazyGames only initializes inside a crazygames.com iframe, so the CG paths can't run locally (the localhost SDK mock returns unsigned tokens the backend rejects). **Needs a manual pass on the CrazyGames game page (gameId `64178`)** covering: signed-in avatar/username + account modal, guest "Sign in" → prompt, and mid-session sign-in. 1. The `/auth/crazygames` JWT carries the same `iss` (`getApiBase()`) and `aud` (`getAudience()`) as normal openfront.io tokens and satisfies `TokenPayloadSchema` (incl. base64url `sub`) — otherwise `userAuth()` will `logOut()`. 2. CrazyGames iframes our own origin (so `getApiBase()` → `https://api.openfront.io`), consistent with the existing integration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
103 lines
4.1 KiB
TypeScript
103 lines
4.1 KiB
TypeScript
import { crazyGamesSDK } from "./CrazyGamesSDK";
|
|
import { closeMobileSidebar } from "./Navigation";
|
|
import { translateText } from "./Utils";
|
|
|
|
// On CrazyGames the player's identity comes from the CrazyGames SDK, not our
|
|
// backend user object. Show their avatar + username when signed in (clicking
|
|
// opens the account modal), or a "Sign in" affordance that opens CrazyGames'
|
|
// own auth prompt when they're a guest. Applies to every account entry point:
|
|
// the desktop nav pill, the mobile hamburger item, and the homepage top bar
|
|
// (which layout is visible depends on viewport width).
|
|
export async function updateCrazyGamesNavButton() {
|
|
if (!crazyGamesSDK.isOnCrazyGames()) return;
|
|
const profile = await crazyGamesSDK.getUserProfile();
|
|
const signInText = translateText("main.sign_in");
|
|
|
|
// Bypass the data-page router (which would open the account modal) and hand
|
|
// off to CrazyGames' own sign-in prompt instead. stopPropagation also skips
|
|
// the router's sidebar cleanup, so close it ourselves.
|
|
const promptSignIn = (e: Event) => {
|
|
e.stopPropagation();
|
|
e.preventDefault();
|
|
closeMobileSidebar();
|
|
void crazyGamesSDK.showAuthPrompt();
|
|
};
|
|
|
|
// Desktop nav pill: avatar + person icon + text.
|
|
const desktopButton = document.getElementById(
|
|
"nav-account-button",
|
|
) as HTMLButtonElement | null;
|
|
const avatarEl = document.getElementById(
|
|
"nav-account-avatar",
|
|
) as HTMLImageElement | null;
|
|
const personIconEl = document.getElementById("nav-account-person-icon");
|
|
// CrazyGames accounts have no email, so the email badge is always hidden.
|
|
document.getElementById("nav-account-email-badge")?.classList.add("hidden");
|
|
const signInTextEl = document.getElementById("nav-account-signin-text");
|
|
if (profile) {
|
|
if (avatarEl) {
|
|
avatarEl.alt = profile.username;
|
|
avatarEl.src = profile.profilePictureUrl;
|
|
avatarEl.classList.remove("hidden");
|
|
}
|
|
personIconEl?.classList.add("hidden");
|
|
if (signInTextEl) {
|
|
// The translation pass rewrites every [data-i18n] element's text, which
|
|
// would clobber the username — drop the attribute while it holds one.
|
|
signInTextEl.removeAttribute("data-i18n");
|
|
signInTextEl.textContent = profile.username;
|
|
signInTextEl.classList.remove("hidden");
|
|
}
|
|
desktopButton?.classList.remove("border", "border-white/20");
|
|
if (desktopButton) desktopButton.onclick = null;
|
|
} else {
|
|
avatarEl?.classList.add("hidden");
|
|
personIconEl?.classList.remove("hidden");
|
|
if (signInTextEl) {
|
|
// Restore so language changes keep the label translated.
|
|
signInTextEl.setAttribute("data-i18n", "main.sign_in");
|
|
signInTextEl.textContent = signInText;
|
|
signInTextEl.classList.remove("hidden");
|
|
}
|
|
desktopButton?.classList.add("border", "border-white/20");
|
|
if (desktopButton) desktopButton.onclick = promptSignIn;
|
|
}
|
|
|
|
// Mobile hamburger menu item: text only. Same data-i18n handling as above.
|
|
const mobileButton = document.getElementById(
|
|
"mobile-nav-account-button",
|
|
) as HTMLButtonElement | null;
|
|
if (mobileButton) {
|
|
if (profile) {
|
|
mobileButton.removeAttribute("data-i18n");
|
|
mobileButton.textContent = profile.username;
|
|
} else {
|
|
mobileButton.setAttribute("data-i18n", "main.sign_in");
|
|
mobileButton.textContent = signInText;
|
|
}
|
|
mobileButton.onclick = profile ? null : promptSignIn;
|
|
}
|
|
|
|
// Homepage top bar (narrow layout): avatar or person icon only.
|
|
const topBarButton = document.getElementById(
|
|
"crazygames-account-btn",
|
|
) as HTMLButtonElement | null;
|
|
const topBarAvatar = document.getElementById(
|
|
"crazygames-account-avatar",
|
|
) as HTMLImageElement | null;
|
|
const topBarIcon = document.getElementById("crazygames-account-icon");
|
|
if (profile) {
|
|
if (topBarAvatar) {
|
|
topBarAvatar.alt = profile.username;
|
|
topBarAvatar.src = profile.profilePictureUrl;
|
|
topBarAvatar.classList.remove("hidden");
|
|
}
|
|
topBarIcon?.classList.add("hidden");
|
|
if (topBarButton) topBarButton.onclick = null;
|
|
} else {
|
|
topBarAvatar?.classList.add("hidden");
|
|
topBarIcon?.classList.remove("hidden");
|
|
if (topBarButton) topBarButton.onclick = promptSignIn;
|
|
}
|
|
}
|