Added support for cross-domain login.

For multi-domain setups, having to log in on each different domain
is annoying. This saves the user's login information in the 'root'
domain of the deployment, and on all domains sources the login
credentials from an iframe running in the root domain using
postMessage. This only gets skipped if a user has expressly denied
cross-domain sharing of their login information, in which case
localStorage will be used as the source for login credentials.

The iframe loads a new non-vite page in client/public, and does so
in the root domain. Some user authorization flow is required on
most browsers to enable this, using the requestStorageAccess API.

A new backend service, allowed-domains, takes in a domain on a query
paramter and returns true if that domain is part of the deployment,
and a 204 if not. By default this just returns the root domain, but
this is extensible via projects' hooks to add other domains to the
allowed list. It can also just be passed a variable isAllowed from
a hook if fetching all domains would be cumbersome, and simply
querying whether the domain is in a table would be simpler.
The accessor iframe uses the response to determine
whether to even attempt to access the cookies or prompt the user
with requestStorageAccess.

Author: barankyle

Dockerfile

@@ -62,6 +62,7 @@ ARG VITE_READY_PLAYER_ME_URL
 ARG VITE_DISABLE_LOG
 ARG VITE_AVATURN_URL
 ARG VITE_AVATURN_API
+ARG VITE_FEATHERS_STORE_KEY
 ENV MYSQL_HOST=$MYSQL_HOST
 ENV MYSQL_PORT=$MYSQL_PORT
 ENV MYSQL_USER=$MYSQL_USER
@@ -85,6 +86,7 @@ ENV VITE_READY_PLAYER_ME_URL=$VITE_READY_PLAYER_ME_URL
 ENV VITE_DISABLE_LOG=$VITE_DISABLE_LOG
 ENV VITE_AVATURN_URL=$VITE_AVATURN_URL
 ENV VITE_AVATURN_API=$VITE_AVATURN_API
+ENV VITE_FEATHERS_STORE_KEY=$VITE_FEATHERS_STORE_KEY
 
 ARG CACHE_DATE
 RUN npx cross-env ts-node --swc scripts/check-db-exists.ts

packages/client-core/src/API.ts

@@ -61,10 +61,7 @@ export class API {
       })
     )
 
-    primus.on('reconnected', () => API.instance.client.reAuthenticate(true))
-
-    API.instance = new API()
-    API.instance.client = feathersClient as any
+    primus.on('reconnected', () => feathersClient.reAuthenticate(true))
 
     Engine.instance.api = feathersClient
   }

packages/client-core/src/social/services/LocationService.ts

@@ -30,7 +30,6 @@ import { Engine } from '@etherealengine/ecs/src/Engine'
 import { defineState, getMutableState } from '@etherealengine/hyperflux'
 
 import { locationBanPath, SceneID, UserID } from '@etherealengine/common/src/schema.type.module'
-import { API } from '../../API'
 import { NotificationService } from '../../common/services/NotificationService'
 
 export const LocationSeed: LocationType = {
@@ -129,15 +128,15 @@ export const LocationService = {
   getLocation: async (locationId: LocationID) => {
     try {
       LocationState.fetchingCurrentSocialLocation()
-      const location = await API.instance.client.service(locationPath).get(locationId)
+      const location = await Engine.instance.api.service(locationPath).get(locationId)
       LocationState.socialLocationRetrieved(location)
     } catch (err) {
       NotificationService.dispatchNotify(err.message, { variant: 'error' })
     }
   },
   getLocationByName: async (locationName: string) => {
     LocationState.fetchingCurrentSocialLocation()
-    const locationResult = (await API.instance.client.service(locationPath).find({
+    const locationResult = (await Engine.instance.api.service(locationPath).find({
       query: {
         slugifiedName: locationName
       }
@@ -155,7 +154,7 @@ export const LocationService = {
     }
   },
   getLobby: async () => {
-    const lobbyResult = (await API.instance.client.service(locationPath).find({
+    const lobbyResult = (await Engine.instance.api.service(locationPath).find({
       query: {
         isLobby: true,
         $limit: 1
@@ -170,7 +169,7 @@ export const LocationService = {
   },
   banUserFromLocation: async (userId: UserID, locationId: LocationID) => {
     try {
-      await API.instance.client.service(locationBanPath).create({
+      await Engine.instance.api.service(locationBanPath).create({
         userId: userId,
         locationId: locationId
       })

packages/client-core/src/user/components/UserMenu/menus/LocationMenu.tsx

@@ -41,7 +41,7 @@ import TextField from '@etherealengine/ui/src/primitives/mui/TextField'
 import Typography from '@etherealengine/ui/src/primitives/mui/Typography'
 
 import { SceneID } from '@etherealengine/common/src/schema.type.module'
-import { API } from '../../../../API'
+import { Engine } from '@etherealengine/ecs/src/Engine'
 import { LocationSeed } from '../../../../social/services/LocationService'
 import styles from '../index.module.scss'
 
@@ -69,7 +69,7 @@ const LocationMenu = (props: Props) => {
   }, [])
 
   const fetchLocations = (page: number, rows: number, search?: string) => {
-    API.instance.client
+    Engine.instance.api
       .service(locationPath)
       .find({
         query: {