fix(engine,server): safe area clamp, analytics batch, achievement save order, daily rollover, replay validation, leaderboard opt-in (#56, #60, #61, #62, #66, #68)
Build and Deploy / build-and-push (push) Successful in 3m54s
Build and Deploy / build-and-push (push) Successful in 3m54s
- #66: Clamp safe-area insets to 25% of window height with warn!() on excess - #68: Move fire_flush outside per-event loop in analytics (batch flush once) - #56: Persist progress before marking reward_granted to prevent XP loss on crash - #60: Add DateRolloverTimer + check_date_rollover system for midnight seed refresh - #62: Add validate_header() in replay upload with mode/draw_mode allowlists - #61: Restore two-query leaderboard opt-in check (SELECT then UPDATE); original queries already in .sqlx cache; EXISTS variant would require sqlx prepare Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
funman300
@@ -14,8 +14,8 @@
|
||||
///
|
||||
/// Only compiled and linked on `target_os = "android"`.
|
||||
use jni::{
|
||||
objects::{JByteArray, JObject, JObjectArray, JValue, JValueOwned},
|
||||
JNIEnv, JavaVM,
|
||||
objects::{JByteArray, JObject, JObjectArray, JValue, JValueOwned},
|
||||
};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::collections::HashMap;
|
||||
@@ -100,8 +100,7 @@ fn load_or_create_key<'local>(env: &mut JNIEnv<'local>) -> jni::errors::Result<J
|
||||
}
|
||||
|
||||
// No key yet — generate AES-256 with GCM block mode.
|
||||
let builder_class =
|
||||
env.find_class("android/security/keystore/KeyGenParameterSpec$Builder")?;
|
||||
let builder_class = env.find_class("android/security/keystore/KeyGenParameterSpec$Builder")?;
|
||||
let alias2 = JValueOwned::from(env.new_string(KEY_ALIAS)?);
|
||||
// PURPOSE_ENCRYPT | PURPOSE_DECRYPT = 1 | 2 = 3
|
||||
let purpose = JValueOwned::Int(3);
|
||||
@@ -252,11 +251,7 @@ fn decrypt_gcm(
|
||||
let tag_len = JValueOwned::Int(128);
|
||||
let iv_arr = env.byte_array_from_slice(iv)?;
|
||||
let iv_val = JValueOwned::Object(iv_arr.into());
|
||||
let spec = env.new_object(
|
||||
&spec_class,
|
||||
"(I[B)V",
|
||||
&[tag_len.borrow(), iv_val.borrow()],
|
||||
)?;
|
||||
let spec = env.new_object(&spec_class, "(I[B)V", &[tag_len.borrow(), iv_val.borrow()])?;
|
||||
|
||||
// cipher.init(Cipher.DECRYPT_MODE=2, key, spec)
|
||||
let mode = JValueOwned::Int(2);
|
||||
@@ -284,8 +279,7 @@ fn decrypt_gcm(
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
fn token_file_path() -> Option<PathBuf> {
|
||||
crate::platform::data_dir()
|
||||
.map(|d| d.join(crate::APP_DIR_NAME).join("auth_tokens.bin"))
|
||||
crate::platform::data_dir().map(|d| d.join(crate::APP_DIR_NAME).join("auth_tokens.bin"))
|
||||
}
|
||||
|
||||
/// Path where the token file lived before the APP_DIR_NAME subdirectory was
|
||||
@@ -302,8 +296,8 @@ fn read_file_bytes_from(path: &PathBuf) -> Result<Vec<u8>, TokenError> {
|
||||
}
|
||||
|
||||
fn write_file_bytes(data: &[u8]) -> Result<(), TokenError> {
|
||||
let path = token_file_path()
|
||||
.ok_or_else(|| TokenError::KeychainUnavailable("no data dir".into()))?;
|
||||
let path =
|
||||
token_file_path().ok_or_else(|| TokenError::KeychainUnavailable("no data dir".into()))?;
|
||||
if let Some(parent) = path.parent() {
|
||||
std::fs::create_dir_all(parent)
|
||||
.map_err(|e| TokenError::Keyring(format!("create dir: {e}")))?;
|
||||
@@ -328,8 +322,8 @@ fn write_file_bytes(data: &[u8]) -> Result<(), TokenError> {
|
||||
/// - Delete the legacy file (best-effort; leave it if removal fails).
|
||||
/// 3. If neither file exists, return an empty map.
|
||||
fn read_map() -> Result<HashMap<String, TokenBlob>, TokenError> {
|
||||
let new_path = token_file_path()
|
||||
.ok_or_else(|| TokenError::KeychainUnavailable("no data dir".into()))?;
|
||||
let new_path =
|
||||
token_file_path().ok_or_else(|| TokenError::KeychainUnavailable("no data dir".into()))?;
|
||||
let legacy_path = legacy_token_file_path();
|
||||
|
||||
// --- 1. New path exists ---
|
||||
@@ -339,7 +333,9 @@ fn read_map() -> Result<HashMap<String, TokenBlob>, TokenError> {
|
||||
other => other,
|
||||
})?;
|
||||
if data.len() < 12 {
|
||||
return Err(TokenError::Keyring("auth_tokens.bin corrupt (too short)".into()));
|
||||
return Err(TokenError::Keyring(
|
||||
"auth_tokens.bin corrupt (too short)".into(),
|
||||
));
|
||||
}
|
||||
let plaintext = with_jvm(|env| {
|
||||
let key = load_or_create_key(env)?;
|
||||
@@ -355,7 +351,9 @@ fn read_map() -> Result<HashMap<String, TokenBlob>, TokenError> {
|
||||
map.insert(blob.username.clone(), blob);
|
||||
return Ok(map);
|
||||
}
|
||||
return Err(TokenError::Keyring("auth_tokens.bin unrecognised format".into()));
|
||||
return Err(TokenError::Keyring(
|
||||
"auth_tokens.bin unrecognised format".into(),
|
||||
));
|
||||
}
|
||||
|
||||
// --- 2. Legacy path migration ---
|
||||
@@ -390,8 +388,8 @@ fn read_map() -> Result<HashMap<String, TokenBlob>, TokenError> {
|
||||
|
||||
/// Serialise and encrypt a map, then write it atomically.
|
||||
fn write_map_inner(map: &HashMap<String, TokenBlob>) -> Result<(), TokenError> {
|
||||
let plaintext = serde_json::to_vec(map)
|
||||
.map_err(|e| TokenError::Keyring(format!("JSON encode: {e}")))?;
|
||||
let plaintext =
|
||||
serde_json::to_vec(map).map_err(|e| TokenError::Keyring(format!("JSON encode: {e}")))?;
|
||||
let encrypted = with_jvm(|env| {
|
||||
let key = load_or_create_key(env)?;
|
||||
encrypt_gcm(env, &key, &plaintext)
|
||||
@@ -500,8 +498,13 @@ pub fn delete_tokens(username: &str) -> Result<(), TokenError> {
|
||||
.v()?;
|
||||
|
||||
let alias = JValueOwned::from(env.new_string(KEY_ALIAS)?);
|
||||
env.call_method(&ks, "deleteEntry", "(Ljava/lang/String;)V", &[alias.borrow()])?
|
||||
.v()
|
||||
env.call_method(
|
||||
&ks,
|
||||
"deleteEntry",
|
||||
"(Ljava/lang/String;)V",
|
||||
&[alias.borrow()],
|
||||
)?
|
||||
.v()
|
||||
})
|
||||
} else {
|
||||
// Other users still exist — just rewrite the map without this user.
|
||||
|
||||
Reference in New Issue
Block a user