Merge branch 'main' of https://github.com/jpolitz/pyret

Author: jpolitz

code.pyret.org/src/web/close.html

@@ -2,8 +2,39 @@
 <html>
 <head>
 <script>
-window.opener.postMessage("done", document.location.origin);
-window.close()
+// Method 1: Traditional postMessage (works when COOP allows window.opener)
+if (window.opener) {
+  try {
+    window.opener.postMessage("done", document.location.origin);
+  } catch (e) {
+    console.warn("postMessage to opener failed:", e);
+  }
+}
+else {
+  console.warn("No window.opener", window.opener);
+}
+
+// Method 2: BroadcastChannel (works even when COOP severs window.opener)
+// This is the fallback for environments like GoGuardian that inject COOP headers
+if (typeof BroadcastChannel !== 'undefined') {
+  try {
+    let channel = new BroadcastChannel('pyret_auth');
+    channel.postMessage({ type: 'auth_complete' });
+    channel.close();
+  } catch (e) {
+    console.warn("BroadcastChannel failed:", e);
+  }
+}
+
+// Method 3: localStorage fallback for very old browsers without BroadcastChannel
+// The opener can detect this via the 'storage' event
+try {
+  localStorage.setItem('pyret_auth_complete', Date.now().toString());
+} catch (e) {
+  console.warn("localStorage fallback failed:", e);
+}
+
+window.close();
 </script>
 </head>
 </html>

code.pyret.org/src/web/editor.html

@@ -156,7 +156,7 @@ <h2 id="menutitle" class="screenreader-only">Navigation Controls</h2>
                   aria-label="Contribute detailed usage information"/>
                   <label for="detailed-logging" id="detailed-logging-label">
                     Contribute detailed usage information.</label>
-                  <a href="https://www.pyret.org/cpo-faq#(part._logging)" target="_blank" rel="noopener noreferrer" class="focusable info-btn" role="menuitem" tabindex="-1"
+                  <a href="https://code.pyret.org/faq/" target="_blank" rel="noopener noreferrer" class="focusable info-btn" role="menuitem" tabindex="-1"
                     id="detailed-logging-learn-more"
                     title="Learn More" aria-label="Learn More">?</a>
                 </span>

code.pyret.org/src/web/faq.html

@@ -42,15 +42,7 @@ <h3>What permissions does code.pyret.org ask for and why?</h3>
 <li><em>Know who you are on Google</em> and <em>View your email address</em>:
 The site needs to know your Google identity because this allows us to give
 persistent access to saving to Drive that doesn't expire or require popping up
-new windows while you're editing.  </li>
-
-<li><em>Manage your photos and videos</em> and <em>View the photos, videos, and
-albums in your Google Drive</em>:  This is used to import images into programs
-from your Drive (which can be useful for customizing games, for example).
-</li>
-
-<li><em>View and manage your spreadsheets on Google Drive</em>: This enables
-importing tables and working with data sources in your Drive.</li>
+new windows while you're editing.</li>
 
 <li><em>Add itself to Google Drive</em>: This lets you right-click on Pyret
 programs in Google Drive and "Open with Pyret."</li>

code.pyret.org/src/web/js/cpo-main.js

@@ -150,6 +150,15 @@
     // NOTE(joe): this function just allocates a closure, so it's stack-safe
     var onCompile = gmf(cpo, "make-on-compile").app(runtime.makeFunction(saveGDriveCachedFile, "save-gdrive-cached-file"));
 
+    function maybeAppendSlash(s) {
+      if(s.endsWith("/")) { return s; }
+      return s + "/";
+    }
+
+    function urlResolve(path, base) {
+      return new URL(path, base).href;
+    }
+
     // NOTE(joe/ben): this function _used_ to be trivially stack safe, but files
     // need to resolve their absolute path to calculate their URI, which
     // requires an RPC, so this function is no-longer trivially flat
@@ -198,7 +207,7 @@
               return arr[0];
             }
             else if (protocol === "url-file") {
-              return arr[0] + "/" + arr[1];
+              return urlResolve(arr[1], maybeAppendSlash(arr[0]));
             }
             else {
               console.error("Unknown import: ", dependency);
@@ -256,7 +265,7 @@
                     return runtime.getField(runtime.getField(urlLoc, "values"), "url-locator").app(arr[0], replGlobals);
                   }
                   else if (protocol === "url-file") {
-                    const fullUrl = arr[0] + "/" + arr[1];
+                    const fullUrl = urlResolve(arr[1], maybeAppendSlash(arr[0]));
                     switch(urlFileMode) {
                       case "all-remote":
                         fetch(fullUrl).then(async (response) => {

code.pyret.org/src/web/js/dashboard/StudentDashboard.js

@@ -228,7 +228,7 @@ class StudentDashboard extends Component {
         </div>
         <div className='footer middle'>
           <p className='right'>
-            <a target="_blank" href="https://www.pyret.org">pyret.org</a> | <a target="_blank" href="https://pyret.org/cpo-faq/">Privacy</a> | <a target="_blank" href="https://www.github.com/brownplt/code.pyret.org">Software</a></p>
+            <a target="_blank" href="https://www.pyret.org">pyret.org</a> | <a target="_blank" href="https://code.pyret.org/faq/">Policies</a> | <a target="_blank" href="https://www.github.com/brownplt/code.pyret.org">Software</a></p>
         </div>
 
       </div>

code.pyret.org/src/web/js/google-apis/api-wrapper.js

@@ -51,15 +51,73 @@ function reauth(immediate, useFullScopes) {
     if(useFullScopes) {
       path += "&scopes=full";
     }
-    // Need to do a login to get a cookie for this user; do it in a popup
-    window.addEventListener('message', function(e) {
+
+    // Track whether we've already resolved to avoid double-resolution
+    var resolved = false;
+    function resolveOnce(method) {
+      if (!resolved) {
+        console.log("INFO: Popup login resolved by: ", method);
+        resolved = true;
+        // NOTE(joe): A useful thing to do for testing is to comment out this
+        // cleanup(), and check which of the 3 methods are returning success
+        // here. cleanup() will stop others from triggering.
+        cleanup();
+        d.resolve(reauth(true, useFullScopes));
+      }
+      else {
+        console.log("INFO: Popup login resolved again (ignored): ", method);
+      }
+    }
+
+    // Cleanup function to remove all listeners
+    var channel = null;
+    function cleanup() {
+      window.removeEventListener('message', messageHandler);
+      window.removeEventListener('storage', storageHandler);
+      try { localStorage.removeItem('pyret_auth_complete'); } catch (err) {}
+      if (channel) {
+        try { channel.close(); }
+        finally { channel = null; }
+      }
+    }
+
+    // Method 1: Traditional postMessage (works when COOP allows window.opener)
+    function messageHandler(e) {
       // e.domain appears to not be defined in Firefox
       if ((e.domain || e.origin) === document.location.origin) {
-        d.resolve(reauth(true, useFullScopes));
-      } else {
-        d.resolve(null);
+        resolveOnce("postMessage");
       }
-    });
+    }
+    window.addEventListener('message', messageHandler);
+
+    // Method 2: BroadcastChannel (works even when COOP severs window.opener)
+    // This is the fallback for environments like GoGuardian that inject COOP headers
+    if (typeof BroadcastChannel !== 'undefined') {
+      try {
+        channel = new BroadcastChannel('pyret_auth');
+        channel.onmessage = function(e) {
+          if (e.data && e.data.type === 'auth_complete') {
+            resolveOnce("Broadcast");
+          }
+        };
+      } catch (e) {
+        console.warn("BroadcastChannel setup failed:", e);
+      }
+    }
+
+    // Method 3: localStorage fallback for very old browsers without BroadcastChannel
+    function storageHandler(e) {
+      if (e.key === 'pyret_auth_complete') {
+        resolveOnce("localStorage");
+        // Clean up the flag
+        try { localStorage.removeItem('pyret_auth_complete'); } catch (err) {}
+      }
+    }
+    // Clear any stale auth flag before opening popup
+    try { localStorage.removeItem('pyret_auth_complete'); } catch (e) {}
+    window.addEventListener('storage', storageHandler);
+
+    // Need to do a login to get a cookie for this user; do it in a popup
     window.open(path);
   } else {
     // The user is logged in, but needs an access token from our server

code.pyret.org/src/web/js/trove/world.js

@@ -532,8 +532,7 @@
               }
               var ctx = reusableCanvas.getContext("2d");
               ctx.save();
-              ctx.fillStyle = "rgba(255,255,255,0)";
-              ctx.fillRect(0, 0, width, height);
+              ctx.clearRect(0, 0, width, height);
               ctx.restore();
               theImage.render(ctx, 0, 0);
               success([toplevelNode, reusableCanvasNode]);

embed/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "pyret-embed",
-  "version": "0.0.46",
+  "version": "0.0.57",
   "description": "A library for embedding Pyret into webpages",
   "main": "dist/pyret.js",
   "files": [

embed/package.json

@@ -13,6 +13,7 @@ import filesystem as Filesystem
 import file as F
 import error as ERR
 import system as SYS
+import url as URL
 import file("js-ast.arr") as J
 import file("concat-lists.arr") as C
 import file("compile-lib.arr") as CL
@@ -308,6 +309,13 @@ fun get-real-path(current-load-path :: String, this-path :: String):
   end
 end
 
+fun maybe-add-slash(s):
+  last-index = string-length(s) - 1
+  if string-char-at(s, last-index) == "/": s
+  else: s + "/"
+  end
+end
+
 fun locate-file(ctxt :: CLIContext, rel-path :: String):
   clp = ctxt.current-load-path
   real-path = get-real-path(clp, rel-path)
@@ -329,7 +337,8 @@ fun module-finder(ctxt :: CLIContext, dep :: CS.Dependency):
       else if protocol == "url":
         CL.located(UL.url-locator(dep.arguments.get(0), CS.standard-globals), ctxt)
       else if protocol == "url-file":
-        full-url = args.get(0) + "/" + args.get(1)
+        base = maybe-add-slash(args.get(0))
+        full-url = URL.resolve(args.get(1), base)
         cases(CS.UrlFileMode) ctxt.url-file-mode:
           | all-remote =>
             CL.located(UL.url-locator(full-url, CS.standard-globals), ctxt)
@@ -551,11 +560,9 @@ fun build-runnable-standalone(path, require-config-path, outfile, options) block
     | left(problems) =>
       handle-compilation-errors(problems, options)
     | right(program) =>
-      shadow require-config-path = if not( Filesystem.is-absolute( require-config-path ) ):
-          Filesystem.resolve(Filesystem.join(options.base-dir, require-config-path))
-        else: require-config-path
-        end
-      config.set-now("out", JSON.j-str(Filesystem.resolve(Filesystem.join(options.base-dir, outfile))))
+      shadow require-config-path = get-real-path(options.base-dir, require-config-path)
+
+      config.set-now("out", JSON.j-str(get-real-path(options.base-dir, outfile)))
       when not(config.has-key-now("baseUrl")):
         config.set-now("baseUrl", JSON.j-str(options.compiled-cache))
       end