Z0R-603 anonymous guest cursors#14878
Closed
z0rgoyok wants to merge 43 commits intotoeverything:canaryfrom
Closed
Conversation
Merge anonymous board access via PR #3.
Wrap anonymous board editor in the same Scrollable.Viewport contract used by detail/share pages.
fix: show tools on anonymous boards
Fix anonymous board blob loading
fix: restrict anonymous deletes to own content
fix: document local affine deploy
Add scoped access tokens
Bundle server native x64 fallback
Disable automatic fork image builds
fix: ignore existing anonymous doc delete ranges
fix: allow anonymous image upload updates
Recognize real image upload Yjs updates that store bare blob source ids, and add the local full-test-cycle skill.
Detect image upload markers across the whole Yjs update and cover split image/source structs.
…sed-blobs Fix anonymous content-addressed blob uploads
…e-ranges Fix anonymous template delete ranges
Fix anonymous derived object ownership
|
|
github-actions
Bot
added
docs
Author
|
Opened against upstream by mistake; this fork-specific production change is being handled in z0rgoyok/AFFiNE. |
Contributor
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (74)
Disabled knowledge base sources:
📝 WalkthroughWalkthroughThis PR introduces anonymous document access functionality to AFFiNE, enabling guest access to shared documents through token-based links. Changes include backend services and database migrations for guest sessions/access links, scoped access tokens, GraphQL mutations/queries for link management, cloud storage/sync gateway support for anonymous guests, a frontend anonymous board page, and operational deployment documentation. Changes
Sequence Diagram(s)sequenceDiagram
participant Client as Frontend Client
participant Resolver as GraphQL Resolver<br/>(resolveAnonymousDocAccessLink)
participant Service as AnonymousDocAccessService
participant DB as Database
participant Gateway as Sync Gateway
participant Storage as Cloud Storage
Client->>Resolver: resolveAnonymousDocAccessLink(token, displayName)
Resolver->>Service: resolveLink(token)
Service->>DB: Query anonymousDocAccessLink by token hash
DB-->>Service: Link record (enabled, not revoked)
Service->>DB: Create/fetch anonymousDocGuestSession
DB-->>Service: Guest session with guestToken
Service-->>Resolver: {guestToken, link, guest}
Resolver-->>Client: guestToken + link metadata
Client->>Gateway: WebSocket connect with anonymousGuestToken
Gateway->>Service: Validate guest token
Service->>DB: Verify guestToken hash & link status
DB-->>Service: Valid guest principal
Service-->>Gateway: Guest principal established
Gateway-->>Client: Authenticated as anonymous guest
Client->>Gateway: space:join (workspace/doc)
Gateway->>Service: assertCanAccessDoc(guest, docId)
Service-->>Gateway: Access allowed
Gateway->>Storage: Load workspace sync state
Storage-->>Gateway: Initial sync state
Gateway-->>Client: Doc state synced
Client->>Gateway: space:push-doc-update (Yjs update)
Gateway->>Service: assertUpdatesDeleteOnlyGuestContent(update)
Service->>Service: Validate struct deletions (analyze Yjs ranges)
Service-->>Gateway: Update allowed/denied
Gateway->>DB: recordUpdates(guestSessionId, update)
DB-->>Gateway: Update recorded
Gateway-->>Client: Update applied
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements anonymous guest themed names and visible cursors for anonymous boards.\n\nChecks run locally:\n- yarn affine @affine/server ava src/core/anonymous-doc-access/tests/service.spec.ts --serial --concurrency 1\n- yarn lint:ox changed files\n- yarn eslint changed files\n- yarn prettier --check changed files\n- yarn typecheck\n- local Playwright two anonymous sessions on non-standard ports 58719/58711
Summary by CodeRabbit
New Features
Bug Fixes
Documentation