@moneypot/hub 1.15.0-dev.3 → 1.16.0-dev.3

package/dist/src/db/index.d.ts

@@ -21,6 +21,7 @@ export declare function userFromActiveSessionKey(pgClient: QueryExecutor, sessio
     user: DbUser;
     sessionId: DbSession["id"];
     isPlayground: boolean;
+    isExperienceOwner: boolean;
 } | null>;
 export declare class DatabaseNotifier extends stream.EventEmitter {
     private pgClient;

package/dist/src/db/index.js

@@ -71,7 +71,7 @@ export async function withPgPoolTransaction(pool, callback, retryCount = 0, maxR
 export async function userFromActiveSessionKey(pgClient, sessionKey) {
     const result = await pgClient
         .query(`
-        select u.id, u.uname, u.casino_id, s.experience_id, u.mp_user_id, s.id as session_id, c.is_playground
+        select u.id, u.uname, u.casino_id, s.experience_id, u.mp_user_id, s.id as session_id, c.is_playground, u.id = e.user_id as is_experience_owner
         from hub.active_session s
         join hub.user u on s.user_id = u.id
         join hub.experience e on e.id = s.experience_id
@@ -82,11 +82,19 @@ export async function userFromActiveSessionKey(pgClient, sessionKey) {
     if (!result) {
         return null;
     }
-    const { session_id, is_playground, ...user } = result;
+    const user = {
+        id: result.id,
+        uname: result.uname,
+        casino_id: result.casino_id,
+        experience_id: result.experience_id,
+        mp_user_id: result.mp_user_id,
+    };
+    const { session_id, is_playground, is_experience_owner } = result;
     return {
         user,
         sessionId: session_id,
         isPlayground: is_playground,
+        isExperienceOwner: is_experience_owner,
     };
 }
 export class DatabaseNotifier extends stream.EventEmitter {

package/dist/src/db/types.d.ts

@@ -49,6 +49,7 @@ export type DbExperience = {
     id: string;
     casino_id: string;
     mp_experience_id: string;
+    user_id: string | null;
 };
 export type DbCasino = {
     id: string;
@@ -172,3 +173,26 @@ export type DbAuditLogRecord = {
     ref_type: string | null;
     ref_id: string | null;
 };
+export type DbChatMute = {
+    id: string;
+    casino_id: DbCasino["id"];
+    experience_id: DbExperience["id"];
+    user_id: DbUser["id"];
+    expired_at: Date | null;
+    reason: string | null;
+};
+export type DbChatMod = {
+    id: string;
+    casino_id: DbCasino["id"];
+    experience_id: DbExperience["id"];
+    user_id: DbUser["id"];
+};
+export type DbChatMessage = {
+    id: string;
+    casino_id: DbCasino["id"];
+    experience_id: DbExperience["id"];
+    user_id: DbUser["id"];
+    client_id: string;
+    body: string;
+    hidden_at: Date | null;
+};

package/dist/src/express.d.ts

@@ -7,6 +7,7 @@ export interface HubRequest extends Request {
         user: DbUser;
         sessionId: DbSession["id"];
         isPlayground: boolean;
+        isExperienceOwner: boolean;
     } | {
         kind: "operator";
         apiKey: string;

package/dist/src/graphql-queries.js

@@ -9,6 +9,10 @@ export const GET_USER_FROM_USER_TOKEN = gql(`
       experience {
         id
         name
+        userByUserId {
+          id
+          uname
+        }
       }
     }
   }

package/dist/src/index.d.ts

@@ -18,7 +18,6 @@ declare global {
     }
 }
 export { MakeOutcomeBetPlugin, type OutcomeBetConfigMap, type OutcomeBetConfig, } from "./plugins/hub-make-outcome-bet.js";
-export { HubCreatePlaygroundSessionPlugin } from "./plugins/hub-create-playground-session.js";
 export { validateRisk, type RiskPolicy, type RiskPolicyArgs, type RiskLimits, } from "./risk-policy.js";
 export type PluginContext = Grafast.Context;
 export { defaultPlugins, type PluginIdentity, type UserSessionContext, } from "./server/graphile.config.js";
@@ -32,6 +31,8 @@ export type ServerOptions = {
     extraPgSchemas?: string[];
     exportSchemaSDLPath?: string;
     userDatabaseMigrationsPath?: string;
+    enableChat?: boolean;
+    enablePlayground?: boolean;
 };
 export declare function startAndListen(options: ServerOptions): Promise<{
     port: number;

package/dist/src/index.js

@@ -7,7 +7,6 @@ import { join } from "path";
 import { logger } from "./logger.js";
 import { createServerContext, closeServerContext, } from "./context.js";
 export { MakeOutcomeBetPlugin, } from "./plugins/hub-make-outcome-bet.js";
-export { HubCreatePlaygroundSessionPlugin } from "./plugins/hub-create-playground-session.js";
 export { validateRisk, } from "./risk-policy.js";
 export { defaultPlugins, } from "./server/graphile.config.js";
 async function initialize(options) {
@@ -82,6 +81,8 @@ export async function startAndListen(options) {
         extraPgSchemas: options.extraPgSchemas,
         abortSignal: abortController.signal,
         context,
+        enableChat: options.enableChat ?? true,
+        enablePlayground: options.enablePlayground ?? true,
     });
     const gracefulShutdown = async ({ exit = true } = {}) => {
         if (isShuttingDown) {

package/dist/src/pg-advisory-lock.d.ts

@@ -10,4 +10,9 @@ export declare const PgAdvisoryLock: {
         experienceId: DbExperience["id"];
         casinoId: DbCasino["id"];
     }) => Promise<void>;
+    forChatUserAction: (pgClient: PgClientInTransaction, params: {
+        userId: DbUser["id"];
+        experienceId: DbExperience["id"];
+        casinoId: DbCasino["id"];
+    }) => Promise<void>;
 };

package/dist/src/pg-advisory-lock.js

@@ -3,6 +3,7 @@ var LockNamespace;
 (function (LockNamespace) {
     LockNamespace[LockNamespace["MP_TAKE_REQUEST"] = 1] = "MP_TAKE_REQUEST";
     LockNamespace[LockNamespace["NEW_HASH_CHAIN"] = 2] = "NEW_HASH_CHAIN";
+    LockNamespace[LockNamespace["CHAT_USER_ACTION"] = 3] = "CHAT_USER_ACTION";
 })(LockNamespace || (LockNamespace = {}));
 function simpleHash32(text) {
     let hash = 0;
@@ -31,4 +32,8 @@ export const PgAdvisoryLock = {
         assert(pgClient._inTransaction, "pgClient must be in a transaction");
         await acquireAdvisoryLock(pgClient, LockNamespace.NEW_HASH_CHAIN, createHashKey(params.userId, params.experienceId, params.casinoId));
     },
+    forChatUserAction: async (pgClient, params) => {
+        assert(pgClient._inTransaction, "pgClient must be in a transaction");
+        await acquireAdvisoryLock(pgClient, LockNamespace.CHAT_USER_ACTION, createHashKey(params.userId, params.experienceId, params.casinoId));
+    },
 };

package/dist/src/pg-versions/013-chat.sql

@@ -0,0 +1,221 @@
+
+-- A simple single-room chat system
+
+-- Quick revert:
+drop table if exists hub.chat_message;
+drop view if exists hub.active_chat_mute;
+drop table if exists hub.chat_mute;
+drop table if exists hub.chat_rate_bucket;
+drop table if exists hub.chat_mod;
+drop type if exists hub.chat_message_type;
+alter table hub.experience drop column if exists user_id;
+alter table hub.user drop column if exists client_id;
+alter table hub.experience drop column if exists client_id;
+
+-- New helper function for RLS so we don't have to do a subquery
+create or replace function hub_hidden.is_experience_owner() returns boolean as $$
+  select nullif(current_setting('session.is_experience_owner', true), '') = '1';
+$$ language sql stable;
+
+-- We want to know which hub.user is the MP owner of the hub.experience
+-- Ideally it would be not-null but we can't do that in this migration 
+-- since that info must be queried from MP.
+alter table hub.experience add column user_id uuid null references hub.user(id);
+
+create type hub.chat_message_type as enum ('user', 'system');
+
+-- chat message type is 'user' or 'system'
+-- system messages don't have a user_id
+create table hub.chat_message (
+  -- uuidv7 has creation timestamp in it
+  id uuid primary key default hub_hidden.uuid_generate_v7(),
+
+  -- fks
+  casino_id uuid not null references hub.casino(id),
+  experience_id uuid not null references hub.experience(id),
+  -- system messages don't have a user_id
+  user_id uuid null references hub.user(id),
+
+  type hub.chat_message_type not null,
+
+  -- message info
+  client_id uuid not null, -- idempotent id 
+  body text not null,
+  hidden_at timestamptz null,
+
+  constraint chat_message_user_id_check check (
+    (type = 'user' and user_id is not null) or (type = 'system' and user_id is null)
+  )
+);
+
+-- fk indexes
+create index chat_message_casino_id_idx on hub.chat_message(casino_id);
+create index chat_message_user_id_idx on hub.chat_message(user_id);
+create index chat_message_experience_id_idx on hub.chat_message(experience_id);
+
+-- support idempotency
+create unique index chat_idempotent_user_message_idx
+  on hub.chat_message(casino_id, experience_id, user_id, client_id)
+  where type = 'user';
+create unique index chat_idempotent_system_message_idx
+  on hub.chat_message(casino_id, experience_id, client_id)
+  where type = 'system';
+
+-- append-only table
+create table hub.chat_mute (
+  id uuid primary key default hub_hidden.uuid_generate_v7(),
+  casino_id uuid not null references hub.casino(id),
+  experience_id uuid not null references hub.experience(id),
+  user_id uuid not null references hub.user(id),
+  expired_at timestamptz null,
+  -- set on unmute
+  revoked_at timestamptz null,
+  reason text null
+);
+
+-- fk indexes
+create index chat_mute_casino_id_idx on hub.chat_mute(casino_id);
+create index chat_mute_user_id_idx on hub.chat_mute(user_id);
+create index chat_mute_experience_id_idx on hub.chat_mute(experience_id);
+
+-- One unrevoked row per key; expiry handled in code/view.
+create unique index if not exists chat_mute_one_unrevoked_per_key
+on hub.chat_mute (casino_id, experience_id, user_id)
+where revoked_at is null;
+
+-- "Active" means not revoked AND not expired (null = indefinite).
+-- order by id desc determines which key is picked for `distinct on`: the latest one
+create or replace view hub.active_chat_mute as
+select distinct on (casino_id, experience_id, user_id) *
+from hub.chat_mute
+where revoked_at is null
+  and (expired_at is null or expired_at > now())
+order by casino_id, experience_id, user_id, id desc; -- highest uuidv7 per key
+
+-- for active chat mute lookup
+create index if not exists chat_mute_lookup_idx
+on hub.chat_mute (casino_id, experience_id, user_id)
+where revoked_at is null;
+
+-- not exposed to graphql
+create table hub.chat_rate_bucket (
+  id uuid primary key default hub_hidden.uuid_generate_v7(),
+  casino_id uuid not null references hub.casino(id),
+  experience_id uuid not null references hub.experience(id),
+  user_id uuid not null references hub.user(id),
+
+  window_seconds int not null,
+  bucket_start timestamptz not null,
+  count int not null default 0
+);
+
+-- fk indexes
+create index chat_rate_bucket_casino_id_idx on hub.chat_rate_bucket(casino_id);
+create index chat_rate_bucket_user_id_idx on hub.chat_rate_bucket(user_id);
+create index chat_rate_bucket_experience_id_idx on hub.chat_rate_bucket(experience_id);
+
+create unique index chat_rate_bucket_window_idx on hub.chat_rate_bucket(casino_id, experience_id, user_id, window_seconds, bucket_start);
+
+-- not exposed to graphql
+create table hub.chat_mod (
+  id uuid primary key default hub_hidden.uuid_generate_v7(),
+  casino_id uuid not null references hub.casino(id),
+  experience_id uuid not null references hub.experience(id),
+  user_id uuid not null references hub.user(id)
+);
+
+-- fk indexes
+create index chat_mod_casino_id_idx on hub.chat_mod(casino_id);
+create index chat_mod_user_id_idx on hub.chat_mod(user_id);
+create index chat_mod_experience_id_idx on hub.chat_mod(experience_id);
+-- a user can only be a chat mod once per experience
+create unique index chat_mod_unique_idx on hub.chat_mod(casino_id, experience_id, user_id);
+
+-- grant
+grant select on hub.chat_message to app_postgraphile;
+grant select on hub.chat_mute to app_postgraphile;
+grant select on hub.chat_mod to app_postgraphile;
+
+-- rls
+alter table hub.chat_message enable row level security;
+alter table hub.chat_mute enable row level security;
+alter table hub.chat_mod enable row level security;
+
+drop policy if exists select_chat_message on hub.chat_message;
+create policy select_chat_message on hub.chat_message for select using (
+  -- operator can see all rows
+  hub_hidden.is_operator() 
+
+  -- normal users can only see non-hidden rows in the current experience
+  or (
+    hidden_at is null 
+    and experience_id = hub_hidden.current_experience_id()
+    and casino_id = hub_hidden.current_casino_id()
+  )
+
+  -- experience owner can see all messages no matter hidden status
+  or hub_hidden.is_experience_owner()
+);
+
+drop policy if exists select_chat_mute on hub.chat_mute;
+create policy select_chat_mute on hub.chat_mute for select using (
+  -- operator can see all rows
+  hub_hidden.is_operator()
+
+  -- users can see their own mutes 
+  or hub_hidden.current_user_id() = hub.chat_mute.user_id
+
+  -- experience owner can see all mutes
+  or hub_hidden.is_experience_owner()
+
+  -- anyone in chat_mod can see all mutes
+  or exists (
+    select 1
+    from hub.chat_mod
+    where user_id = hub_hidden.current_user_id()
+      and casino_id = hub.chat_mute.casino_id
+      and experience_id = hub.chat_mute.experience_id
+  )
+);
+
+create policy select_chat_mod on hub.chat_mod for select using (
+  -- operator can see all rows
+  hub_hidden.is_operator()
+
+  -- experience owner can see all mods
+  or hub_hidden.is_experience_owner()
+);
+
+-- relax the select_experience policy so that it's public
+-- this lets us use hubCurrentExperience { hubChatMessages { ... } }
+-- previously (in 001-schema.sql) this was scoped to operator only
+alter policy select_experience on hub.experience using (true);
+
+----
+
+-- add client_id to hub.user and hub.experience for playground sessions
+alter table hub.user add column client_id uuid null;
+alter table hub.experience add column client_id uuid null;
+
+-- fk indexes, ensure client_id is unique per casino
+create unique index user_playground_client_id_idx on hub.user(casino_id, client_id) 
+  where client_id is not null;
+create unique index experience_playground_client_id_idx on hub.experience(casino_id, client_id) 
+  where client_id is not null;
+
+-- Update select_user policy so users can see other users
+-- This way they can see user info {id, uname} on chat messages
+drop policy if exists select_user on hub.user;
+create policy select_user on hub.user for select using (
+  -- Old:
+  -- hub_hidden.is_operator() or (id = hub_hidden.current_user_id())
+
+  -- New:
+  true
+);
+
+-- Here's how we could clean up rate limit buckets periodically
+-- create or replace function hub_hidden.gc_chat_buckets() returns void language sql as $$
+--   delete from hub.chat_rate_bucket
+--   where bucket_start < now() - interval '2 days';
+-- $$;

package/dist/src/plugins/chat/hub-chat-after-id-condition.d.ts

@@ -0,0 +1 @@
+export declare const HubChatAfterIdConditionPlugin: GraphileConfig.Plugin;

package/dist/src/plugins/chat/hub-chat-after-id-condition.js

@@ -0,0 +1,15 @@
+import { sqlValueWithCodec, TYPES } from "postgraphile/@dataplan/pg";
+import { sql } from "postgraphile/pg-sql2";
+import { addPgTableCondition } from "postgraphile/utils";
+export const HubChatAfterIdConditionPlugin = addPgTableCondition({
+    schemaName: "hub",
+    tableName: "chat_message",
+}, "afterId", (build) => {
+    return {
+        description: "Get chat messages after a given ID",
+        type: build.getInputTypeByName("UUID"),
+        apply: (condition, value) => {
+            condition.where(sql `${condition.alias}.id > ${sqlValueWithCodec(value, TYPES.uuid)}`);
+        },
+    };
+});

package/dist/src/plugins/chat/hub-chat-create-system-message.d.ts

@@ -0,0 +1 @@
+export declare const HubChatCreateSystemMessagePlugin: GraphileConfig.Plugin;

package/dist/src/plugins/chat/hub-chat-create-system-message.js

@@ -0,0 +1,124 @@
+import { GraphQLError } from "graphql";
+import { context, object, sideEffect } from "postgraphile/grafast";
+import { extendSchema, gql } from "postgraphile/utils";
+import z from "zod/v4";
+import { extractFirstZodErrorMessage } from "../../util.js";
+import { exactlyOneRow, maybeOneRow, withPgPoolTransaction, } from "../../db/index.js";
+const InputSchema = z.object({
+    clientId: z.uuid("Invalid client ID"),
+    experienceId: z.uuid("Invalid experience ID"),
+    body: z
+        .string()
+        .transform(normalizeSystemMessageBody)
+        .refine((body) => body.length > 0, "Body is required")
+        .refine((body) => body.length <= 140, `Max body length: 140 chars`),
+});
+export const HubChatCreateSystemMessagePlugin = extendSchema((build) => {
+    const chatMessageTable = build.input.pgRegistry.pgResources.hub_chat_message;
+    return {
+        typeDefs: gql `
+      input HubChatCreateSystemMessageInput {
+        clientId: UUID!
+        body: String!
+        experienceId: UUID!
+      }
+
+      type HubChatCreateSystemMessagePayload {
+        chatMessage: HubChatMessage!
+      }
+
+      extend type Mutation {
+        hubChatCreateSystemMessage(
+          input: HubChatCreateSystemMessageInput!
+        ): HubChatCreateSystemMessagePayload
+      }
+    `,
+        objects: {
+            Mutation: {
+                plans: {
+                    hubChatCreateSystemMessage(_, { $input }) {
+                        const $identity = context().get("identity");
+                        const $superuserPool = context().get("superuserPool");
+                        const $chatMessageId = sideEffect([$input, $identity, $superuserPool], async ([rawInput, identity, superuserPool]) => {
+                            if (identity?.kind === "operator" ||
+                                (identity?.kind === "user" &&
+                                    identity?.session.is_experience_owner)) {
+                            }
+                            else {
+                                throw new GraphQLError("Unauthorized");
+                            }
+                            let input;
+                            try {
+                                input = InputSchema.parse(rawInput);
+                            }
+                            catch (e) {
+                                if (e instanceof z.ZodError) {
+                                    throw new GraphQLError(extractFirstZodErrorMessage(e));
+                                }
+                                throw e;
+                            }
+                            const dbExperience = await superuserPool
+                                .query({
+                                text: `
+                  SELECT id, casino_id
+                  FROM hub.experience
+                  WHERE id = $1`,
+                                values: [input.experienceId],
+                            })
+                                .then(maybeOneRow);
+                            if (!dbExperience) {
+                                throw new GraphQLError("Experience not found");
+                            }
+                            return await withPgPoolTransaction(superuserPool, async (pgClient) => {
+                                const dbChatMessage = await pgClient
+                                    .query({
+                                    text: `
+                    with ins as (
+                      insert into hub.chat_message (casino_id, experience_id, client_id, body, type)
+                      values ($1, $2, $3, $4, 'system')
+                      on conflict (casino_id, experience_id, client_id) where type = 'system'
+                      do nothing
+                      returning id
+                    )
+                    select id from ins
+                    union all
+                    select id
+                    from hub.chat_message
+                    where casino_id = $1 and experience_id = $2 and client_id = $3
+                    limit 1
+                  `,
+                                    values: [
+                                        dbExperience.casino_id,
+                                        dbExperience.id,
+                                        input.clientId,
+                                        input.body,
+                                    ],
+                                })
+                                    .then(exactlyOneRow);
+                                const notifyPayload = {
+                                    type: "message",
+                                    chat_message_id: dbChatMessage.id,
+                                };
+                                await pgClient.query({
+                                    text: `select pg_notify('hub:chat:${dbExperience.id}', $1::text)`,
+                                    values: [JSON.stringify(notifyPayload)],
+                                });
+                                return dbChatMessage.id;
+                            });
+                        });
+                        return object({
+                            chatMessage: chatMessageTable.get({ id: $chatMessageId }),
+                        });
+                    },
+                },
+            },
+        },
+    };
+});
+function normalizeSystemMessageBody(body) {
+    return body
+        .normalize("NFC")
+        .replace(/[\u200B-\u200D\uFEFF]/g, "")
+        .replace(/\s+/g, " ")
+        .trim();
+}

package/dist/src/plugins/chat/hub-chat-create-user-message.d.ts

@@ -0,0 +1 @@
+export declare const HubChatCreateUserMessagePlugin: GraphileConfig.Plugin;