Merge branch 'master' into resume-practice-end-states

Author: johndoknjas

.github/workflows/server.yml

@@ -33,12 +33,15 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: [21, 25]
     steps:
       - uses: actions/checkout@v5
       - uses: actions/setup-java@v5
         with:
           distribution: temurin
-          java-version: 21
+          java-version: ${{ matrix.java-version }}
           cache: sbt
       - name: Setup sbt
         uses: sbt/setup-sbt@v1
@@ -49,6 +52,7 @@ jobs:
         env:
           ZSTD_LEVEL: 1 # most files are already zipped
       - uses: actions/upload-artifact@v4
+        if: ${{ matrix.java-version == 21 }}
         with:
           name: lila-server
           path: lila-3.0.tar.zst

app/controllers/Auth.scala

@@ -202,37 +202,39 @@ final class Auth(env: Env, accountC: => Account) extends LilaController(env):
       Firewall:
         WithProxy: proxy ?=>
           limit.enumeration.signup(rateLimited):
-            proxy.no.so(forms.preloadEmailDns()) >> negotiateApi(
-              html = env.security.signup
-                .website(ctx.blind)
-                .flatMap:
-                  case Signup.Result.RateLimited | Signup.Result.ForbiddenNetwork => rateLimited
-                  case Signup.Result.MissingCaptcha =>
-                    forms.signup.website.flatMap: form =>
-                      BadRequest.page(views.auth.signup(form))
-                  case Signup.Result.Bad(err) =>
-                    forms.signup.website.flatMap: baseForm =>
-                      BadRequest.page(views.auth.signup(baseForm.withForm(err)))
-                  case Signup.Result.ConfirmEmail(user, email) =>
-                    Redirect(routes.Auth.checkYourEmail).withCookies:
-                      EmailConfirm.cookie.make(env.security.lilaCookie, user, email)(using ctx.req)
-                  case Signup.Result.AllSet(user, email) =>
-                    welcome(user, email, sendWelcomeEmail = true) >> redirectNewUser(user)
-              ,
-              api = apiVersion =>
-                env.security.signup
-                  .mobile(apiVersion)
-                  .flatMap:
-                    case Signup.Result.RateLimited => rateLimited
-                    case Signup.Result.ForbiddenNetwork =>
-                      BadRequest(jsonError("This network cannot create new accounts."))
-                    case Signup.Result.MissingCaptcha => BadRequest(jsonError("Missing captcha?!"))
-                    case Signup.Result.Bad(err) => doubleJsonFormError(err)
-                    case Signup.Result.ConfirmEmail(_, _) => Ok(Json.obj("email_confirm" -> true))
-                    case Signup.Result.AllSet(user, email) =>
-                      welcome(user, email, sendWelcomeEmail = true) >>
-                        authenticateUser(user, remember = true, pwned = IsPwned.No)
-            )
+            proxy.no.so(forms.preloadEmailDns()) >>
+              HTTPRequest
+                .apiVersion(ctx.req)
+                .match
+                  case None =>
+                    env.security.signup
+                      .website(ctx.blind)
+                      .flatMap:
+                        case Signup.Result.RateLimited | Signup.Result.ForbiddenNetwork => rateLimited
+                        case Signup.Result.MissingCaptcha =>
+                          forms.signup.website.flatMap: form =>
+                            BadRequest.page(views.auth.signup(form))
+                        case Signup.Result.Bad(err) =>
+                          forms.signup.website.flatMap: baseForm =>
+                            BadRequest.page(views.auth.signup(baseForm.withForm(err)))
+                        case Signup.Result.ConfirmEmail(user, email) =>
+                          Redirect(routes.Auth.checkYourEmail).withCookies:
+                            EmailConfirm.cookie.make(env.security.lilaCookie, user, email)(using ctx.req)
+                        case Signup.Result.AllSet(user, email) =>
+                          welcome(user, email, sendWelcomeEmail = true) >> redirectNewUser(user)
+                  case Some(apiVersion) =>
+                    env.security.signup
+                      .mobile(apiVersion)
+                      .flatMap:
+                        case Signup.Result.RateLimited => rateLimited
+                        case Signup.Result.ForbiddenNetwork =>
+                          BadRequest(jsonError("This network cannot create new accounts."))
+                        case Signup.Result.MissingCaptcha => BadRequest(jsonError("Missing captcha?!"))
+                        case Signup.Result.Bad(err) => doubleJsonFormError(err)
+                        case Signup.Result.ConfirmEmail(_, _) => Ok(Json.obj("email_confirm" -> true))
+                        case Signup.Result.AllSet(user, email) =>
+                          welcome(user, email, sendWelcomeEmail = true) >>
+                            authenticateUser(user, remember = true, pwned = IsPwned.No)
 
   private def welcome(user: UserModel, email: EmailAddress, sendWelcomeEmail: Boolean)(using
       ctx: Context

app/controllers/Dev.scala

@@ -8,7 +8,6 @@ final class Dev(env: Env) extends LilaController(env):
     env.security.ugcArmedSetting,
     env.security.spamKeywordsSetting,
     env.security.proxy2faSetting,
-    env.security.mobileSignupProxy,
     env.security.alwaysCaptcha,
     env.oAuth.originBlocklistSetting,
     env.mailer.mailerSecondaryPermilleSetting,

app/controllers/LilaController.scala

@@ -369,4 +369,18 @@ abstract private[controllers] class LilaController(val env: Env)
   def anyCaptcha = env.game.captcha.any
 
   def bindForm[T, R](form: Form[T])(error: Form[T] => R, success: T => R)(using Request[?], FormBinding): R =
-    form.bindFromRequest().fold(error, success)
+    val bound =
+      if getBool("patch")
+      then bindPatchForm(form)
+      else form.bindFromRequest()
+    bound.fold(error, success)
+
+  private def bindPatchForm[T](form: Form[T])(using req: Request[?], formBinding: FormBinding): Form[T] =
+    form.bind:
+      // combine pre-filled data with request data
+      formBinding(req).foldLeft(form.data) { case (s, (key, values)) =>
+        if key.endsWith("[]") then
+          val k = key.dropRight(2)
+          s ++ values.zipWithIndex.map { (v, i) => s"$k[$i]" -> v }
+        else s + (key -> ~values.headOption)
+      }

app/controllers/Main.scala

@@ -137,21 +137,23 @@ final class Main(
         Redirect(url)
 
   def uploadImage(rel: String) = AuthBody(parse.multipartFormData) { ctx ?=> me ?=>
-    (rel == "ublogBody" || lila.core.security.canUploadImages).so:
-      limit.imageUpload(rateLimited):
-        ctx.body.body.file("image") match
-          case None => JsonBadRequest("Image content only")
-          case Some(image) =>
-            val meta = lila.memo.PicfitApi.form.upload.bindFromRequest().value
-            val moreRel = s"$rel:${scalalib.ThreadLocalRandom.nextString(12)}"
-            for
-              image <- env.memo.picfitApi.uploadFile(moreRel, image, me, meta)
-              maxWidth = lila.ui.bits.imageDesignWidth(rel)
-              url = meta match
-                case Some(info) if maxWidth.exists(dw => info.dim.width > dw) =>
-                  maxWidth.map(dw => env.memo.picfitUrl.resize(image.id, Left(dw)))
-                case _ => env.memo.picfitUrl.raw(image.id).some
-            yield JsonOk(Json.obj("imageUrl" -> url))
+    lila.core.security
+      .canUploadImages(rel)
+      .so:
+        limit.imageUpload(rateLimited):
+          ctx.body.body.file("image") match
+            case None => JsonBadRequest("Image content only")
+            case Some(image) =>
+              val meta = lila.memo.PicfitApi.form.upload.bindFromRequest().value
+              val moreRel = s"$rel:${scalalib.ThreadLocalRandom.nextString(12)}"
+              for
+                image <- env.memo.picfitApi.uploadFile(moreRel, image, me, meta)
+                maxWidth = lila.ui.bits.imageDesignWidth(rel)
+                url = meta match
+                  case Some(info) if maxWidth.exists(dw => info.dim.width > dw) =>
+                    maxWidth.map(dw => env.memo.picfitUrl.resize(image.id, Left(dw)))
+                  case _ => env.memo.picfitUrl.raw(image.id).some
+              yield JsonOk(Json.obj("imageUrl" -> url))
   }
 
   def imageUrl(id: ImageId, width: Int) = Auth { _ ?=> _ ?=>

app/controllers/RelayTour.scala

@@ -53,7 +53,7 @@ final class RelayTour(env: Env, apiC: => Api, roundC: => RelayRound) extends Lil
           .map:
             views.relay.tour.byOwner(_, owner)
 
-  def apiBy(owner: UserStr, page: Int) = Open:
+  def apiBy(owner: UserStr, page: Int) = AnonOrScoped(_.Study.Read, _.Web.Mobile):
     Reasonable(page, Max(20)):
       Found(env.user.lightUser(owner.id)): owner =>
         env.relay.pager

app/controllers/Study.scala

@@ -174,7 +174,7 @@ final class Study(
                 chat <- noCrawler.so(chatOf(sc.study))
                 sVersion <- noCrawler.so(env.study.version(sc.study.id))
                 streamers <- noCrawler.so(streamerCache.get(sc.study.id))
-                page <- renderPage(views.study.show(sc.study, data, chat, sVersion, streamers))
+                page <- renderPage(views.study.show(sc.study, sc.chapter, data, chat, sVersion, streamers))
               yield Ok(page)
                 .withCanonical(routes.Study.chapter(sc.study.id, sc.chapter.id))
                 .enforceCrossSiteIsolation

app/http/CtrlFilters.scala

@@ -33,11 +33,11 @@ trait CtrlFilters(using Executor) extends ControllerHelpers with ResponseBuilder
     if isGrantedOpt(perm) then f
     else negotiate(authorizationFailed, authorizationFailed)
 
-  def Firewall[A <: Result](a: => Fu[A])(using ctx: Context): Fu[Result] =
+  def Firewall(a: => Fu[Result])(using ctx: Context): Fu[Result] =
     if env.security.firewall.accepts(ctx.req) then a
     else keyPages.blacklisted
 
-  def WithProxy(res: IsProxy ?=> Fu[Result])(using req: RequestHeader): Fu[Result] =
+  def WithProxy[A](res: IsProxy ?=> Fu[A])(using req: RequestHeader): Fu[A] =
     env.security.ip2proxy.ofIp(req.ipAddress).flatMap(res(using _))
 
   def NoTor(res: => Fu[Result])(using ctx: Context): Fu[Result] =

app/views/game/side.scala

@@ -102,9 +102,14 @@ def meta(
         chess.variant.Chess960
           .positionNumber(initialFen | chess.format.Fen.initial)
           .map: number =>
-            val url = routes.UserAnalysis
-              .parseArg(s"chess960/${underscoreFen(initialFen | chess.format.Fen.initial)}")
-            st.section(trans.site.chess960StartPosition(a(href := url)(number)))
+            st.section(
+              trans.site.chess960StartPosition(
+                a(
+                  targetBlank,
+                  href := "https://chess960.net/wp-content/uploads/2018/02/chess960-starting-positions.pdf"
+                )(number)
+              )
+            )
       ,
       userTv.map: u =>
         st.section(cls := "game__tv"):

app/views/study.scala

@@ -42,6 +42,7 @@ def create(
 
 def show(
     s: lila.study.Study,
+    chapter: lila.study.Chapter,
     data: lila.study.JsonView.JsData,
     chatOption: Option[lila.chat.UserChat.Mine],
     socketVersion: SocketVersion,
@@ -85,9 +86,16 @@ def show(
     .flag(_.zoom)
     .csp(views.analyse.ui.bits.cspExternalEngine.compose(_.withPeer.withExternalAnalysisApis))
     .graph(
-      title = s.name.value,
-      url = routeUrl(routes.Study.show(s.id)),
-      description = s"A chess study by ${titleNameOrId(s.ownerId)}"
+      OpenGraph(
+        title = s.name.value,
+        url = routeUrl(routes.Study.show(s.id)),
+        description = s"A chess study by ${titleNameOrId(s.ownerId)}",
+        image = fenThumbnailUrl(
+          chapter.root.fen.opening,
+          chapter.setup.orientation.some,
+          chapter.setup.variant
+        ).some
+      )
     ):
       frag(
         main(cls := "analyse"),