Added support for cross-domain login.

For multi-domain setups, having to log in on each different domain is annoying. This saves the user's login information in the 'root' domain of the deployment, and on all domains sources the login credentials from an iframe running in the root domain using postMessage. This only gets skipped if a user has expressly denied cross-domain sharing of their login information, in which case localStorage will be used as the source for login credentials. The iframe loads a new non-vite page in client/public, and does so in the root domain. Some user authorization flow is required on most browsers to enable this, using the requestStorageAccess API. A new backend service, allowed-domains, takes in a domain on a query paramter and returns true if that domain is part of the deployment, and a 204 if not. By default this just returns the root domain, but this is extensible via projects' hooks to add other domains to the allowed list. It can also just be passed a variable isAllowed from a hook if fetching all domains would be cumbersome, and simply querying whether the domain is in a table would be simpler. The accessor iframe uses the response to determine whether to even attempt to access the cookies or prompt the user with requestStorageAccess.
EtherealEngine · Mar 7, 2024 · afbd7af · afbd7af
1 parent 342e807
commit afbd7af
Show file tree

Hide file tree

Showing 25 changed files with 686 additions and 102 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -62,6 +62,7 @@ ARG VITE_READY_PLAYER_ME_URL
 ARG VITE_DISABLE_LOG
 ARG VITE_AVATURN_URL
 ARG VITE_AVATURN_API
+ARG VITE_FEATHERS_STORE_KEY
 ENV MYSQL_HOST=$MYSQL_HOST
 ENV MYSQL_PORT=$MYSQL_PORT
 ENV MYSQL_USER=$MYSQL_USER
@@ -85,6 +86,7 @@ ENV VITE_READY_PLAYER_ME_URL=$VITE_READY_PLAYER_ME_URL
 ENV VITE_DISABLE_LOG=$VITE_DISABLE_LOG
 ENV VITE_AVATURN_URL=$VITE_AVATURN_URL
 ENV VITE_AVATURN_API=$VITE_AVATURN_API
+ENV VITE_FEATHERS_STORE_KEY=$VITE_FEATHERS_STORE_KEY
 
 ARG CACHE_DATE
 RUN npx cross-env ts-node --swc scripts/check-db-exists.ts

diff --git a/packages/client-core/src/API.ts b/packages/client-core/src/API.ts
@@ -61,10 +61,7 @@ export class API {
       })
     )
 
-    primus.on('reconnected', () => API.instance.client.reAuthenticate(true))
-
-    API.instance = new API()
-    API.instance.client = feathersClient as any
+    primus.on('reconnected', () => feathersClient.reAuthenticate(true))
 
     Engine.instance.api = feathersClient
   }

diff --git a/packages/client-core/src/social/services/LocationService.ts b/packages/client-core/src/social/services/LocationService.ts
@@ -30,7 +30,6 @@ import { Engine } from '@etherealengine/ecs/src/Engine'
 import { defineState, getMutableState } from '@etherealengine/hyperflux'
 
 import { locationBanPath, SceneID, UserID } from '@etherealengine/common/src/schema.type.module'
-import { API } from '../../API'
 import { NotificationService } from '../../common/services/NotificationService'
 
 export const LocationSeed: LocationType = {
@@ -129,15 +128,15 @@ export const LocationService = {
   getLocation: async (locationId: LocationID) => {
     try {
       LocationState.fetchingCurrentSocialLocation()
-      const location = await API.instance.client.service(locationPath).get(locationId)
+      const location = await Engine.instance.api.service(locationPath).get(locationId)
       LocationState.socialLocationRetrieved(location)
     } catch (err) {
       NotificationService.dispatchNotify(err.message, { variant: 'error' })
     }
   },
   getLocationByName: async (locationName: string) => {
     LocationState.fetchingCurrentSocialLocation()
-    const locationResult = (await API.instance.client.service(locationPath).find({
+    const locationResult = (await Engine.instance.api.service(locationPath).find({
       query: {
         slugifiedName: locationName
       }
@@ -155,7 +154,7 @@ export const LocationService = {
     }
   },
   getLobby: async () => {
-    const lobbyResult = (await API.instance.client.service(locationPath).find({
+    const lobbyResult = (await Engine.instance.api.service(locationPath).find({
       query: {
         isLobby: true,
         $limit: 1
@@ -170,7 +169,7 @@ export const LocationService = {
   },
   banUserFromLocation: async (userId: UserID, locationId: LocationID) => {
     try {
-      await API.instance.client.service(locationBanPath).create({
+      await Engine.instance.api.service(locationBanPath).create({
         userId: userId,
         locationId: locationId
       })

diff --git a/packages/client-core/src/user/components/UserMenu/menus/LocationMenu.tsx b/packages/client-core/src/user/components/UserMenu/menus/LocationMenu.tsx
@@ -41,7 +41,7 @@ import TextField from '@etherealengine/ui/src/primitives/mui/TextField'
 import Typography from '@etherealengine/ui/src/primitives/mui/Typography'
 
 import { SceneID } from '@etherealengine/common/src/schema.type.module'
-import { API } from '../../../../API'
+import { Engine } from '@etherealengine/ecs/src/Engine'
 import { LocationSeed } from '../../../../social/services/LocationService'
 import styles from '../index.module.scss'
 
@@ -69,7 +69,7 @@ const LocationMenu = (props: Props) => {
   }, [])
 
   const fetchLocations = (page: number, rows: number, search?: string) => {
-    API.instance.client
+    Engine.instance.api
       .service(locationPath)
       .find({
         query: {