Fixed bug in view permission causing 500 errors for Avrae

Updated heat metal according to SRD/PHB

README.md

@@ -1,13 +1,71 @@
-RPG Docs
+DiceCloud
 ========
 
 This is the repo for [DiceCloud](dicecloud.com).
 
+DiceCloud is a free, auditable, real-time character sheet for D&D 5e.
+
+Philosophy
+----------
+
+Setting up your character on DiceCloud takes a little longer than
+just filling it in on a paper character sheet would. The goal of using an
+online sheet is to make actually playing the game more streamlined, and
+ultimately more fun. So putting a little extra effort into setting up a
+character now pays off over and over again once you're playing.
+
+The idea is to track where each number comes from, and allow you to easily make
+changes on the fly. Let's look at a hypothetical example.
+
+> You need to swim through a sunken section of dungeon to fetch the quest's Thing.
+> You'll need to take off your magical Plate Armor of +1 Constitution to swim
+> without sinking, of course.
+>
+> Taking it off will take away that disadvantage on
+> stealth checks, change your armor class, your speed and your constitution, and
+> which in turn changes your hit points and your constitution saving throw.
+> Working out all those changes in the middle of a game will drag the game to a
+> halt.
+>
+> Fortunately you have DiceCloud, so it's a matter of dragging
+> your Plate Armor +1 Con from your "equipment" box to your "backpack" box and
+> you're done. Your hitpoints change correctly, your saving throws are up to date,
+> your armor class goes back to reflecting the fact that you have natural armor
+> from being a dragonborn. Your character sheet keeps up and you
+> ultimately get more time to play the game. Huzzah!
+
 Getting started
 ---------------
 
-`git clone https://github.com/ThaumRystra/DiceCloud1 dicecloud`  
+Running DiceCloud locally, either to host it yourself away from an internet
+connection, or to contribute to developing it further, is fairly
+straightforward and it should work on Linux, Windows, and Mac.
+
+You'll need to have installed:
+
+- [git](https://www.atlassian.com/git/tutorials/install-git)
+- [Meteor](https://www.meteor.com/install)
+- [Bower](https://bower.io/)
+
+Then, it's just a matter of cloning this repository into a folder, installing the bower dependencies and running
+`meteor` in the app directory.
+
+`git clone https://github.com/ThaumRystra/DiceCloud dicecloud`  
 `cd dicecloud`  
-`cd rpg-docs`  
+`cd app`  
 `bower install`  
 `meteor`
+
+You should see this:
+
+```
+=> Started proxy.
+=> Started MongoDB.
+=> Started your app.
+
+=> App running at: http://localhost:3000/
+```
+
+Now, visiting http://localhost:3000/ should show you an empty instance of
+DiceCloud running.
+

app/.gitignore

@@ -4,6 +4,8 @@
 settings.json
 public/components
 public/_imports.html
+private/oldClient
 nohup.out
 node_modules
 dump
+.cache

app/.meteor/.finished-upgraders

@@ -15,3 +15,4 @@ notices-for-facebook-graph-api-2
 1.4.1-add-shell-server-package
 1.4.3-split-account-service-packages
 1.5-add-dynamic-import-package
+1.7-split-underscore-from-meteor-base

app/.meteor/packages

@@ -3,10 +3,9 @@
 # 'meteor add' and 'meteor remove' will edit this file for you,
 # but you can also edit it by hand.
 
-iron:router
-accounts-password@1.4.0
-accounts-ui@1.1.9
-random@1.0.10
+accounts-password@1.5.1
+accounts-ui@1.3.1
+random@1.1.0
 dburles:collection-helpers
 reactive-var@1.0.11
 underscore@1.0.10
@@ -18,37 +17,40 @@ dburles:mongo-collection-instances
 percolate:migrations
 ecwyne:mathjs
 useraccounts:polymer
-accounts-google@1.2.0
+accounts-google@1.3.2
 splendido:accounts-meld
 email@1.2.3
 meteorhacks:subs-manager
 chuangbo:marked
 reywood:iron-router-ga
-meteor-base@1.1.0
-mobile-experience@1.0.4
-mongo@1.2.0
+meteor-base@1.4.0
+mobile-experience@1.0.5
+mongo@1.6.0
 blaze-html-templates
-session@1.1.7
+session@1.1.8
 jquery@1.11.10
-tracker@1.1.3
-logging@1.1.17
-reload@1.1.11
-ejson@1.0.14
+tracker@1.2.0
+logging@1.1.20
+reload@1.2.0
+ejson@1.1.0
 spacebars
-check@1.2.5
+check@1.3.1
 useraccounts:iron-routing
 wizonesolutions:canonical
-standard-minifier-js@2.1.1
-shell-server@0.2.4
+standard-minifier-js@2.4.0
+shell-server@0.4.0
 seba:minifiers-autoprefixer
 nikogosovd:multiple-uihooks
 templates:array
-ecmascript@0.8.2
-es5-shim@4.6.15
+ecmascript@0.12.0
+es5-shim@4.8.0
 differential:vulcanize
-reactive-dict@1.1.9
-percolate:synced-cron
+reactive-dict@1.2.1
 ongoworks:speakingurl
 service-configuration@1.0.11
-google-config-ui
-dynamic-import
+google-config-ui@1.0.1
+dynamic-import@0.5.0
+ddp-rate-limiter@1.0.7
+rate-limit@1.0.9
+iron:router
+littledata:synced-cron

app/.meteor/release

@@ -0,0 +1 @@
+METEOR@1.8

app/.meteor/versions

@@ -1,58 +1,59 @@
-accounts-base@1.3.3
-accounts-google@1.2.0
-accounts-oauth@1.1.15
-accounts-password@1.4.0
-accounts-ui@1.1.9
-accounts-ui-unstyled@1.2.1
+accounts-base@1.4.3
+accounts-google@1.3.2
+accounts-oauth@1.1.16
+accounts-password@1.5.1
+accounts-ui@1.3.1
+accounts-ui-unstyled@1.4.1
 aldeed:collection2@2.10.0
 aldeed:collection2-core@1.2.0
 aldeed:schema-deny@1.1.0
 aldeed:schema-index@1.1.1
-aldeed:simple-schema@1.5.3
-allow-deny@1.0.9
-autoupdate@1.3.12
-babel-compiler@6.20.0
-babel-runtime@1.0.1
-base64@1.0.10
-binary-heap@1.0.10
-blaze@2.3.2
+aldeed:simple-schema@1.5.4
+allow-deny@1.1.0
+autoupdate@1.5.0
+babel-compiler@7.2.0
+babel-runtime@1.3.0
+base64@1.0.11
+binary-heap@1.0.11
+blaze@2.3.3
 blaze-html-templates@1.1.2
 blaze-tools@1.0.10
-boilerplate-generator@1.2.0
-caching-compiler@1.1.9
-caching-html-compiler@1.1.2
-callback-hook@1.0.10
-check@1.2.5
+boilerplate-generator@1.6.0
+caching-compiler@1.2.0
+caching-html-compiler@1.1.3
+callback-hook@1.1.0
+check@1.3.1
 chuangbo:marked@0.3.5_1
-coffeescript@1.11.1_4
+coffeescript@1.0.17
 dburles:collection-helpers@1.1.0
 dburles:mongo-collection-instances@0.3.5
-ddp@1.3.1
-ddp-client@2.1.3
-ddp-common@1.2.9
+ddp@1.4.0
+ddp-client@2.3.3
+ddp-common@1.4.0
 ddp-rate-limiter@1.0.7
-ddp-server@2.0.2
+ddp-server@2.2.0
 deps@1.0.12
-diff-sequence@1.0.7
+diff-sequence@1.1.0
 differential:vulcanize@3.0.0
-dynamic-import@0.1.3
-ecmascript@0.8.2
-ecmascript-runtime@0.4.1
-ecmascript-runtime-client@0.4.3
-ecmascript-runtime-server@0.4.1
+dynamic-import@0.5.0
+ecmascript@0.12.0
+ecmascript-runtime@0.7.0
+ecmascript-runtime-client@0.8.0
+ecmascript-runtime-server@0.7.1
 ecwyne:mathjs@0.25.0
-ejson@1.0.14
+ejson@1.1.0
 email@1.2.3
-es5-shim@4.6.15
-fastclick@1.0.13
+es5-shim@4.8.0
+fetch@0.1.0
 geojson-utils@1.0.10
-google-config-ui@1.0.0
-google-oauth@1.2.4
+google-config-ui@1.0.1
+google-oauth@1.2.6
 hot-code-push@1.0.4
 html-tools@1.0.11
 htmljs@1.0.11
-http@1.2.12
-id-map@1.0.9
+http@1.4.1
+id-map@1.1.0
+inter-process-messaging@0.1.0
 iron:controller@1.0.12
 iron:core@1.0.11
 iron:dynamic-template@1.0.12
@@ -61,74 +62,77 @@ iron:location@1.0.11
 iron:middleware-stack@1.1.0
 iron:router@1.1.2
 iron:url@1.1.0
-jquery@1.11.10
+jquery@1.11.11
 lai:collection-extensions@0.2.1_1
 launch-screen@1.1.1
-less@2.7.9
+less@2.8.0
+littledata:synced-cron@1.5.1
 livedata@1.0.18
-localstorage@1.1.1
-logging@1.1.17
+localstorage@1.2.0
+logging@1.1.20
 matb33:collection-hooks@0.8.4
 mdg:validation-error@0.5.1
-meteor@1.7.2
-meteor-base@1.1.0
+meteor@1.9.2
+meteor-base@1.4.0
 meteorhacks:subs-manager@1.6.4
-minifier-css@1.2.16
-minifier-js@2.1.3
-minimongo@1.3.1
-mobile-experience@1.0.4
+minifier-css@1.4.0
+minifier-js@2.4.0
+minimongo@1.4.5
+mobile-experience@1.0.5
 mobile-status-bar@1.0.14
-modules@0.10.0
-modules-runtime@0.8.0
-momentjs:moment@2.18.1
-mongo@1.2.2
-mongo-dev-server@1.0.1
-mongo-id@1.0.6
+modern-browsers@0.1.2
+modules@0.13.0
+modules-runtime@0.10.2
+momentjs:moment@2.22.2
+mongo@1.6.0
+mongo-decimal@0.1.0
+mongo-dev-server@1.1.0
+mongo-id@1.0.7
 nikogosovd:multiple-uihooks@0.1.8
 npm-bcrypt@0.9.3
-npm-mongo@2.2.30
-oauth@1.1.13
-oauth2@1.1.11
+npm-mongo@3.1.1
+oauth@1.2.3
+oauth2@1.2.1
 observe-sequence@1.0.16
 ongoworks:speakingurl@9.0.0
-ordered-dict@1.0.9
+ordered-dict@1.1.0
 percolate:migrations@0.9.8
-percolate:synced-cron@1.3.2
-promise@0.9.0
+promise@0.11.1
 raix:eventemitter@0.1.3
-random@1.0.10
-rate-limit@1.0.8
-reactive-dict@1.1.9
+random@1.1.0
+rate-limit@1.0.9
+reactive-dict@1.2.1
 reactive-var@1.0.11
-reload@1.1.11
-retry@1.0.9
+reload@1.2.0
+retry@1.1.0
 reywood:iron-router-ga@0.7.1
-routepolicy@1.0.12
-seba:minifiers-autoprefixer@1.0.1
+routepolicy@1.1.0
+seba:minifiers-autoprefixer@1.1.1
 service-configuration@1.0.11
-session@1.1.7
+session@1.1.8
 sha@1.0.9
-shell-server@0.2.4
+shell-server@0.4.0
+socket-stream-client@0.2.2
 softwarerero:accounts-t9n@1.3.11
 spacebars@1.0.15
 spacebars-compiler@1.1.3
 splendido:accounts-emails-field@1.2.0
 splendido:accounts-meld@1.3.1
-srp@1.0.10
-standard-minifier-js@2.1.1
+srp@1.0.12
+standard-minifier-js@2.4.0
 templates:array@1.0.3
 templating@1.3.2
 templating-compiler@1.3.3
 templating-runtime@1.3.2
 templating-tools@1.1.2
-tracker@1.1.3
+tracker@1.2.0
 ui@1.0.13
 underscore@1.0.10
-url@1.1.0
+url@1.2.0
 useraccounts:core@1.14.2
 useraccounts:iron-routing@1.14.2
 useraccounts:polymer@1.14.2
-webapp@1.3.19
+webapp@1.7.0
 webapp-hashing@1.0.9
 wizonesolutions:canonical@0.0.5
 zimme:collection-behaviours@1.1.3

app/Model/Character/Buffs.js

@@ -65,3 +65,37 @@ makeParent(Buffs, ["name", "enabled"]); //parents of effects, attacks, proficien
 
 Buffs.allow(CHARACTER_SUBSCHEMA_ALLOW);
 Buffs.deny(CHARACTER_SUBSCHEMA_DENY);
+
+Meteor.methods({
+	applyBuff: function(buffId, targetId){
+		if (!Meteor.call("canWriteCharacter", targetId)){
+			throw new Meteor.Error(
+				"Access denied",
+				"You do not have permission to buff this character"
+			);
+		}
+		let buff = CustomBuffs.findOne(buffId);
+		if (!buff) return;
+
+		var parentCol = Meteor.isClient ?
+			window[buff.parent.collection] : global[buff.parent.collection]
+		var parent = parentCol.findOne(buff.parent.id);
+
+		//insert new buff
+		newBuffId = Buffs.insert({
+			charId: targetId,
+			name: buff.name,
+			description: buff.description,
+			lifeTime: {total: buff.lifeTime.total},
+			type: "custom",
+
+			appliedBy: buff.charId,
+			appliedByDetails: {
+				name: parent && parent.name || "",
+				collection: buff.parent.collection,
+			},
+		});
+
+		Meteor.call("cloneChildren", buffId, {id: newBuffId, collection: "Buffs"})
+	}
+})

app/Model/Character/Characters.js

@@ -164,9 +164,9 @@ Schemas.Character = new SimpleSchema({
 
 	//permissions
 	party:   {type: String, regEx: SimpleSchema.RegEx.Id, optional: true},
-	owner:   {type: String, regEx: SimpleSchema.RegEx.Id},
-	readers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: []},
-	writers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: []},
+	owner:   {type: String, regEx: SimpleSchema.RegEx.Id, index: 1},
+	readers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: [], index: 1},
+	writers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: [], index: 1},
 	color:   {
 		type: String,
 		allowedValues: _.pluck(colorOptions, "key"),
@@ -185,11 +185,13 @@ Schemas.Character = new SimpleSchema({
 		type: String,
 		defaultValue: "whitelist",
 		allowedValues: ["whitelist", "public"],
+		index: 1,
 	},
 	"settings.swapStatAndModifier": {type: Boolean, defaultValue: false},
 	"settings.exportFeatures": {type: Boolean, defaultValue: true},
 	"settings.exportAttacks": {type: Boolean, defaultValue: true},
 	"settings.exportDescription": {type: Boolean, defaultValue: true},
+	"settings.newUserExperience": {type: Boolean, optional: true},
 });
 
 Characters.attachSchema(Schemas.Character);
@@ -297,6 +299,7 @@ Characters.calculate = {
 		var fieldSelector = {};
 		fieldSelector[fieldName] = 1;
 		var char = Characters.findOne(charId, {fields: fieldSelector});
+		if (!char) return;
 		var field = char[fieldName];
 		if (field === undefined){
 			throw new Meteor.Error(
@@ -330,6 +333,7 @@ Characters.calculate = {
 	},
 	attributeValue: memoize(function(charId, attributeName){
 		var attribute = Characters.calculate.getField(charId, attributeName);
+		if (!attribute) return;
 		//base value
 		var value = Characters.calculate.attributeBase(charId, attributeName);
 		//plus adjustment
@@ -341,6 +345,7 @@ Characters.calculate = {
 	}),
 	skillMod: memoize(preventLoop(function(charId, skillName){
 		var skill = Characters.calculate.getField(charId, skillName);
+		if (!skill) return;
 		//get the final value of the ability score
 		var ability = Characters.calculate.attributeValue(charId, skill.ability);
 
@@ -392,7 +397,6 @@ Characters.calculate = {
 		return prof && prof.value || 0;
 	}),
 	passiveSkill: memoize(function(charId, skillName){
-		var skill = Characters.calculate.getField(charId, skillName);
 		var mod = +Characters.calculate.skillMod(charId, skillName);
 		var value = 10 + mod;
 		Effects.find(
@@ -553,6 +557,10 @@ if (Meteor.isServer){
 	});
 	Characters.before.insert(function(userId, doc) {
 		doc.urlName = getSlug(doc.name, {maintainCase: true}) || "-";
+		// The first character a user creates should have the new user experience
+		if (!Characters.find({owner: userId}).count()){
+			doc.settings.newUserExperience = true;
+		}
 	});
 }
 
@@ -574,8 +582,8 @@ Characters.allow({
 });
 
 Characters.deny({
-	update: function(userId, docs, fields, modifier) {
-		// can't change owners
-		return _.contains(fields, "owner");
+	update: function(userId, doc, fields, modifier) {
+		// can't change owners unless you are the current owner
+		return _.contains(fields, "owner") && doc.owner !== userId;
 	}
 });

app/Model/Library/Library.js

@@ -2,14 +2,38 @@ Libraries = new Mongo.Collection("library");
 
 Schemas.Library = new SimpleSchema({
 	name:    {type: String},
-	owner:   {type: String, regEx: SimpleSchema.RegEx.Id},
-	readers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: []},
-	writers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: []},
-	public:  {type: Boolean, defaultValue: false},
+	owner:   {type: String, regEx: SimpleSchema.RegEx.Id, index: 1},
+	readers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: [], index: 1},
+	writers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: [], index: 1},
+	public:  {type: Boolean, defaultValue: false, index: 1},
 });
 
 Libraries.attachSchema(Schemas.Library);
 
+Libraries.after.remove(function(userId, library) {
+	LibraryItems.remove({library: library._id});
+	LibrarySpells.remove({library: library._id});
+});
+
+Meteor.methods({
+	removeLibrary: function(libraryId) {
+		let library = Libraries.findOne(libraryId);
+    let userId = Meteor.userId();
+
+		if (!library) return;
+		if (library.owner === userId){
+			Libraries.remove(libraryId);
+		} else {
+			if (_.contains(library.readers, userId)){
+				Libraries.update(libraryId, {$pull: {"readers": userId}});
+			}
+			if (_.contains(library.writers, userId)){
+				Libraries.update(libraryId, {$pull: {"writers": userId}});
+			}
+		}
+	},
+});
+
 Libraries.allow({
 	insert(userId, doc) {
 		return userId && doc.owner === userId;
@@ -18,16 +42,14 @@ Libraries.allow({
 		return canEdit(userId, doc);
 	},
 	remove(userId, doc) {
-		return canEdit(userId, doc);
+		return userId && doc.owner === userId;
 	},
 	fetch: ["owner", "writers"],
 });
 
 Libraries.deny({
-	// For now, only admins can manage libraries
 	insert(userId, doc){
-		var user = Meteor.users.findOne(userId);
-		return !user || !_.contains(user.roles, "admin");
+		return !Meteor.users.findOne(userId);
 	},
 	update(userId, doc, fields, modifier) {
 		// Can't change owners

app/Model/Library/LibraryAttacks.js

@@ -1,7 +1,7 @@
 Schemas.LibraryAttacks = new SimpleSchema({
 	name: {
 		type: String,
-		defaultValue: "New Attack",
+		optional: true,
 		trim: false,
 	},
 	details: {

app/Model/Library/LibraryEffects.js

@@ -9,7 +9,6 @@ Schemas.LibraryEffects = new SimpleSchema({
 		defaultValue: "add",
 		allowedValues: [
 			"base",
-			"proficiency",
 			"add",
 			"mul",
 			"min",

app/Model/Library/LibraryItems.js

@@ -0,0 +1,91 @@
+LibraryItems = new Mongo.Collection("libraryItems");
+
+Schemas.LibraryItems = new SimpleSchema({
+	libraryName:{type: String, optional: true, trim: false},
+	name:       {type: String, defaultValue: "New Item", trim: false},
+	plural:		{type: String, optional: true, trim: false},
+	description:{type: String, optional: true, trim: false},
+	quantity:	{type: Number, min: 0, defaultValue: 1},
+	weight:		{type: Number, min: 0, defaultValue: 0, decimal: true},
+	value:		{type: Number, min: 0, defaultValue: 0, decimal: true},
+	requiresAttunement: {type: Boolean, defaultValue: false},
+
+	library:    {type: String, regEx: SimpleSchema.RegEx.Id, index: 1},
+
+	"settings.category":   {
+		type: String,
+		optional: true,
+		allowedValues: [
+			"adventuringGear", "armor", "weapons", "tools",
+		],
+	},
+	"settings.showIncrement": {
+		type: Boolean,
+		defaultValue: false,
+	},
+
+	effects: {type: [Schemas.LibraryEffects], defaultValue: []},
+	attacks: {type: [Schemas.LibraryAttacks], defaultValue: []},
+});
+
+LibraryItems.attachSchema(Schemas.LibraryItems);
+
+LibraryItems.allow({
+	insert(userId, doc) {
+		return Libraries.canEdit(userId, doc.library);
+	},
+	update(userId, doc, fields, modifier) {
+		return Libraries.canEdit(userId, doc.library);
+	},
+	remove(userId, doc) {
+		return Libraries.canEdit(userId, doc.library);
+	},
+	fetch: ["library"],
+});
+
+Meteor.methods({
+	updateLibraryItemEffect: function({itemId, effectIndex, field, value, unsetField}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		let modifier = {
+			$set: {
+				[`effects.${effectIndex}.${field}`]: value,
+			}
+		};
+		if (unsetField){
+			modifier.$unset = {
+				[`effects.${effectIndex}.${unsetField}`]: 1,
+			}
+		}
+		LibraryItems.update(itemId, modifier);
+	},
+	removeLibraryItemEffect: function({itemId, effectIndex}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		LibraryItems.update(itemId, {$unset : {
+			[`effects.${effectIndex}`] : 1,
+		}});
+		LibraryItems.update(itemId, {$pull : {"effects" : null}});
+	},
+	updateLibraryItemAttack: function({itemId, attackIndex, field, value}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		LibraryItems.update(itemId, {
+			$set: {
+				[`attacks.${attackIndex}.${field}`]: value,
+			}
+		});
+	},
+	removeLibraryItemAttack: function({itemId, attackIndex}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		LibraryItems.update(itemId, {$unset : {
+			[`attacks.${attackIndex}`] : 1,
+		}});
+		LibraryItems.update(itemId, {$pull : {"attacks" : null}});
+	},
+})

app/Model/Meta/Blacklist.js

@@ -0,0 +1,9 @@
+Blacklist = new Mongo.Collection("blacklist");
+
+Schemas.Blacklist = new SimpleSchema({
+	userId: {
+		type: String,
+	},
+});
+
+Blacklist.attachSchema(Schemas.Blacklist);

app/Model/Users/Users.js

@@ -0,0 +1,109 @@
+Schemas.UserProfile = new SimpleSchema({
+	username: {
+		type: String,
+		optional: true,
+	},
+	librarySubscriptions: {
+		type: [String],
+		defaultValue: [],
+	},
+});
+
+Schemas.User = new SimpleSchema({
+	username: {
+		type: String,
+		optional: true,
+	},
+	profile: {
+		type: Schemas.UserProfile,
+		optional: true,
+	},
+	emails: {
+		type: Array,
+		optional: true,
+	},
+	"emails.$": {
+		type: Object,
+	},
+	"emails.$.address": {
+		type: String,
+		regEx: SimpleSchema.RegEx.Email,
+	},
+	"emails.$.verified": {
+		type: Boolean,
+	},
+	registered_emails: {
+		type: Array,
+		optional: true,
+	},
+	"registered_emails.$": {
+		type: Object,
+		blackbox: true,
+	},
+	createdAt: {
+		type: Date
+	},
+	services: {
+		type: Object,
+		optional: true,
+		blackbox: true,
+	},
+	roles: {
+		type: Object,
+		optional: true,
+		blackbox: true,
+	},
+	roles: {
+		type: Array,
+		optional: true,
+	},
+	"roles.$": {
+		type: String
+	},
+	// In order to avoid an 'Exception in setInterval callback' from Meteor
+	heartbeat: {
+		type: Date,
+		optional: true,
+	},
+	apiKey: {
+		type: String,
+		index: 1,
+		optional: true,
+	},
+});
+
+Meteor.users.attachSchema(Schemas.User);
+
+Meteor.users.allow({
+	update: function(userId, doc, fields, modifier) {
+		if (
+			doc._id === userId &&
+			_.contains(fields, "username") &&
+			_.contains(fields, "profile") &&
+			fields.length === 2 &&
+			_.keys(modifier).length === 1 &&
+			modifier.$set &&
+			modifier.$set["profile.username"] &&
+			modifier.$set.username &&
+			_.keys(modifier.$set).length === 2
+		){
+			var expectedUsername = modifier.$set["profile.username"];
+			expectedUsername = expectedUsername.toLowerCase().replace(/\s+/gm, "");
+			if (modifier.$set.username !== expectedUsername){
+				return false;
+			}
+			var foundUser = Meteor.call("getUserId", expectedUsername);
+			return !foundUser || foundUser === userId;
+		}
+	}
+});
+
+if (Meteor.isServer) Meteor.methods({
+	generateMyApiKey() {
+		var user = Meteor.users.findOne(this.userId);
+		if (!user) return;
+		if (user && user.apiKey) return;
+		var apiKey = Random.id(30);
+		Meteor.users.update(this.userId, {$set: {apiKey}});
+	},
+});

app/Routes/API.js

@@ -0,0 +1,91 @@
+Router.map(function() {
+	this.route("vmixCharacter", {
+		path: "/vmix-character/:_id/",
+		where: "server",
+		action: function() {
+			this.response.setHeader("Content-Type", "application/json");
+			var query = this.params.query;
+			var key = query && query.key;
+			ifKeyValid(key, this.response, "vmixCharacter", () =>
+				this.response.end(vMixCharacter(this.params._id))
+			);
+		},
+	});
+	this.route("vmixParty", {
+		path: "/vmix-party/:_id/",
+		where: "server",
+		action: function() {
+			this.response.setHeader("Content-Type", "application/json");
+			var query = this.params.query;
+			var key = query && query.key;
+			ifKeyValid(key, this.response, "vmixParty", () =>
+				this.response.end(vMixParty(this.params._id))
+			);
+		},
+	});
+
+	this.route("jsonCharacterSheet", {
+		path: "/character/:_id/json",
+		where: "server",
+		action: function() {
+			this.response.setHeader("Content-Type", "application/json");
+			var query = this.params.query;
+			var key = query && query.key;
+			ifKeyValid(key, this.response, "jsonCharacterSheet", () => {
+				if (canViewCharacter(this.params._id, userIdFromKey(key))){
+					this.response.end(JSONExport(this.params._id))
+				} else {
+					this.response.writeHead(403, "You do not have permission to view this character");
+					this.response.end();
+				}
+			}
+			);
+		},
+	});
+});
+
+var ifKeyValid = function(apiKey, response, method, callback){
+	if (!apiKey){
+		response.writeHead(403, "You must use an api key to access this api");
+		response.end();
+	} else if (!isKeyValid(apiKey)){
+		response.writeHead(403, "API key is invalid");
+		response.end();
+	} else if (isRateLimited(apiKey, method)){
+		response.writeHead(429, "Too many requests");
+		response.end(JSON.stringify({
+			"timeToReset": rateLimiter.check({apiKey: apiKey, method: method}).timeToReset
+		}));
+	} else {
+		rateLimiter.increment({apiKey: apiKey, method: method})
+		callback();
+	}
+};
+
+var isKeyValid = function(apiKey){
+	var user = Meteor.users.findOne({apiKey});
+	if (!user) return false;
+	var blackListed = Blacklist.findOne({userId: user._id});
+	return !blackListed;
+};
+
+var userIdFromKey = function(apiKey){
+	var user = Meteor.users.findOne({apiKey}); // we know user exists from isKeyValid
+	return user._id;
+}
+
+var rateLimiter = new RateLimiter();
+rateLimiter.addRule({apiKey: String}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "vmixCharacter"}, 2, 10000);
+rateLimiter.addRule({apiKey: String, method: "vmixParty"}, 2, 10000);
+rateLimiter.addRule({apiKey: String, method: "jsonCharacterSheet"}, 5, 5000);
+
+var isRateLimited = function(apiKey, method){
+	const limited = !rateLimiter.check({apiKey: apiKey, method: method}).allowed
+	if (limited) {
+		console.log(`Rate limit hit by API key ${apiKey}`);
+		return true;
+	} else {
+		return false;
+	}
+};

app/Routes/Routes.js

@@ -13,6 +13,11 @@ Router.plugin("ensureSignedIn", {
 
 Router.plugin("dataNotFound", {notFoundTemplate: "notFound"});
 
+var handleSubError = function(e){
+	Session.set("error", {reason: e.reason, href: location.href});
+	Router.go("/error");
+};
+
 Router.map(function() {
 	this.route("/", {
 		name: "home",
@@ -36,7 +41,9 @@ Router.map(function() {
 		path: "/character/:_id/",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
+					"singleCharacter", this.params._id, {onError: handleSubError}
+				),
 			];
 		},
 		action: function(){
@@ -52,7 +59,9 @@ Router.map(function() {
 		path: "/character/:_id/:urlName",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
+					"singleCharacter", this.params._id, {onError: handleSubError}
+				),
 			];
 		},
 		data: function() {
@@ -78,10 +87,41 @@ Router.map(function() {
 		fastRender: true,
 	});
 
+	this.route("printedCharacterSheet", {
+		path: "/character/:_id/:urlName/print",
+		waitOn: function(){
+			return [
+				subsManager.subscribe(
+					"singleCharacter", this.params._id, {onError: handleSubError}
+				),
+			];
+		},
+		data: function() {
+			var data = Characters.findOne(
+				{_id: this.params._id},
+				{fields: {_id: 1, name: 1, color: 1, writers: 1, readers: 1}}
+			);
+			return data;
+		},
+		onAfterAction: function() {
+			var char = Characters.findOne({_id: this.params._id}, {fields: {name: 1}});
+			var name = char && char.name;
+			if (name){
+				document.title = name + " - Printing";
+			}
+		},
+		//analytics
+		trackPageView: false,
+		onRun: function() {
+			window.ga && window.ga("send", "pageview", "/print-character");
+			this.next();
+		},
+	});
+
 	this.route("library", {
 		path: "/library",
 		waitOn: function(){
-			return subsManager.subscribe("standardLibraries");
+			return subsManager.subscribe("customLibraries");
 		},
 		onAfterAction: function() {
 			document.title = appName + " - Library";
@@ -124,4 +164,11 @@ Router.map(function() {
 			document.title = appName;
 		},
 	});
+
+	this.route("/error", {
+		name: "error",
+		onAfterAction: function() {
+			document.title = `${appName} - Error`;
+		},
+	});
 });

app/bower.json

@@ -1,6 +1,6 @@
 {
-  "name": "RPG Docs",
-  "version": "0.0.0",
+  "name": "dicecloud",
+  "version": "1",
   "homepage": "",
   "authors": [
     "Stefan Zermatten"

app/client/compatibility/jquery.quickfit.js

@@ -0,0 +1,174 @@
+// jscs:disable
+// https://github.com/chunksnbits/jquery-quickfit
+(function ($) {
+  var Quickfit, QuickfitHelper, defaults, pluginName;
+
+  pluginName = 'quickfit';
+
+  defaults = {
+    min: 8,
+    max: 12,
+    tolerance: 0.02,
+    truncate: false,
+    width: null,
+    sampleNumberOfLetters: 10,
+    sampleFontSize: 12
+  };
+  QuickfitHelper = (function () {
+
+    var sharedInstance = null;
+
+    QuickfitHelper.instance = function (options) {
+      if (!sharedInstance) {
+        sharedInstance = new QuickfitHelper(options);
+      }
+      return sharedInstance;
+    };
+
+    function QuickfitHelper(options) {
+      this.options = options;
+
+      this.item = $('<span id="meassure"></span>');
+      this.item.css({
+        position: 'absolute',
+        left: '-1000px',
+        top: '-1000px',
+        'font-size': "" + this.options.sampleFontSize + "px"
+      });
+      $('body').append(this.item);
+
+      this.meassures = {};
+    }
+
+    QuickfitHelper.prototype.getMeassure = function (letter) {
+      var currentMeassure;
+      currentMeassure = this.meassures[letter];
+      if (!currentMeassure) {
+        currentMeassure = this.setMeassure(letter);
+      }
+      return currentMeassure;
+    };
+
+    QuickfitHelper.prototype.setMeassure = function (letter) {
+      var currentMeassure, index, sampleLetter, text, _ref;
+
+      text = '';
+      sampleLetter = letter === ' ' ? '&nbsp;' : letter;
+
+      for (index = 0, _ref = this.options.sampleNumberOfLetters - 1; 0 <= _ref ? index <= _ref : index >= _ref; 0 <= _ref ? index++ : index--) {
+        text += sampleLetter;
+      }
+
+      this.item.html(text);
+      currentMeassure = this.item.width() / this.options.sampleNumberOfLetters / this.options.sampleFontSize;
+      this.meassures[letter] = currentMeassure;
+
+      return currentMeassure;
+    };
+
+    return QuickfitHelper;
+
+  })();
+
+  Quickfit = (function () {
+
+    function Quickfit(element, options) {
+      this.$element = element;
+      this.options = $.extend({}, defaults, options);
+      this.$element = $(this.$element);
+      this._defaults = defaults;
+      this._name = pluginName;
+      this.quickfitHelper = QuickfitHelper.instance(this.options);
+    }
+
+    Quickfit.prototype.fit = function () {
+      var elementWidth;
+      if (!this.options.width) {
+        elementWidth = this.$element.width();
+        this.options.width = elementWidth - this.options.tolerance * elementWidth;
+      }
+      if (this.text = this.$element.attr('data-quickfit')) {
+        this.previouslyTruncated = true;
+      } else {
+        this.text = this.$element.text();
+      }
+      this.calculateFontSize();
+
+      if (this.options.truncate) this.truncate();
+
+      return {
+        $element: this.$element,
+        size: this.fontSize
+      };
+    };
+
+    Quickfit.prototype.calculateFontSize = function () {
+      var letter, textWidth, i;
+
+      textWidth = 0;
+      for (i = 0; i < this.text.length; ++i) {
+        letter = this.text.charAt(i);
+        textWidth += this.quickfitHelper.getMeassure(letter);
+      }
+
+      this.targetFontSize = parseInt(this.options.width / textWidth);
+      return this.fontSize = Math.max(this.options.min, Math.min(this.options.max, this.targetFontSize));
+    };
+
+    Quickfit.prototype.truncate = function () {
+      var index, lastLetter, letter, textToAdd, textWidth;
+
+      if (this.fontSize > this.targetFontSize) {
+        textToAdd = '';
+        textWidth = 3 * this.quickfitHelper.getMeassure('.') * this.fontSize;
+
+        index = 0;
+        while (textWidth < this.options.width && index < this.text.length) {
+          letter = this.text[index++];
+          if (lastLetter) textToAdd += lastLetter;
+          textWidth += this.fontSize * this.quickfitHelper.getMeassure(letter);
+          lastLetter = letter;
+        }
+
+        if (textToAdd.length + 1 === this.text.length) {
+          textToAdd = this.text;
+        } else {
+          textToAdd += '...';
+        }
+        this.textWasTruncated = true;
+
+        return this.$element.attr('data-quickfit', this.text).html(textToAdd);
+
+      } else {
+        if (this.previouslyTruncated) {
+          return this.$element.html(this.text);
+        }
+      }
+    };
+
+    return Quickfit;
+
+  })();
+
+  return $.fn.quickfit = function (options) {
+    var measurements = [];
+
+    // Separate measurements from repaints
+    // First calculate all measurements...
+    var $elements = this.each(function () {
+      var measurement = new Quickfit(this, options).fit();
+      measurements.push(measurement);
+      return measurement.$element;
+    });
+
+    // ... then apply the measurements.
+    for (var i = 0; i < measurements.length; i++) {
+      var measurement = measurements[i];
+
+      measurement.$element.css({ fontSize: measurement.size + 'px' });
+    }
+
+    return $elements;
+  };
+
+})(jQuery, window);

app/client/globalHelpers/canEditCharacter.js

@@ -3,7 +3,8 @@ Template.registerHelper("canEditCharacter", function(charId) {
 });
 
 canEditCharacter = function(charId) {
-	var char = Characters.findOne(charId)
+	var char = Characters.findOne(charId);
+	if (!char) return false;
 	var userId = Meteor.userId();
 	return char.owner === userId ||
 		_.contains(char.writers, userId);

app/client/lib/fixPasswordButton.js

@@ -0,0 +1,5 @@
+let pwdFormSubmit = AccountsTemplates.atPwdFormEvents["submit #at-pwd-form"]
+
+Template.atPwdForm.events({
+  "click .at-btn.submit": pwdFormSubmit,
+});

app/client/lib/printing.js

@@ -0,0 +1,12 @@
+Session.setDefault("isPrinting", false);
+if (window.matchMedia) {
+	var mediaQueryList = window.matchMedia("print");
+	mediaQueryList.addListener(function(mql) {
+		if (mql.matches) {
+			Session.set("isPrinting", true);
+			Tracker.flush();
+		} else {
+			Session.set("isPrinting", false);
+		}
+	});
+}

app/client/lib/removeDuplicateProficiencies.js

@@ -0,0 +1,17 @@
+removeDuplicateProficiencies = function(proficiencies) {
+	dict = {};
+	proficiencies.forEach(function(prof) {
+		if (prof.name in dict) { //if we have already gone over another proficiency for the same thing
+			if (dict[prof.name].value < prof.value) {
+				dict[prof.name] = prof; //then take the new one if it's higher, otherwise leave it
+			}
+		} else {
+			dict[prof.name] = prof; //if it wasn't already there, store it
+		}
+	});
+	profs = []
+	_.forEach(dict, function(prof) {
+		profs.push(prof);
+	})
+	return profs;
+};

app/client/style/bounce.css

@@ -0,0 +1,17 @@
+@keyframes bounce {
+	from {
+		transform: translate(0px,0px);
+	}
+	to {
+		transform: translate(0px,-16px);
+	}
+}
+
+.bounce{
+	animation-name: bounce;
+	animation-duration: 0.3s;
+	animation-direction: alternate;
+	animation-timing-function: cubic-bezier(0.25, 0.46, 0.45, 0.94);
+	animation-delay: 0s;
+	animation-iteration-count: infinite;
+}

app/client/style/iosButtonFix.css

@@ -0,0 +1,8 @@
+/*
+ * iOS doens't believe in click events for some elements.
+ * This is here to convince it to allow buttons to be clickable
+ */
+ button {
+   cursor: pointer;
+ }
+ 

app/client/views/character/buffs/customBuffView/customBuffView.js

@@ -0,0 +1,40 @@
+const applyBuff = function(targetId, buff) {
+	Meteor.call("applyBuff", buff._id, targetId)
+	let target;
+	if (targetId == buff.charId) {
+		target = "self";
+	} else {
+		target = Characters.findOne(targetId) || {};
+		target = target && target.name || "target"
+	}
+	GlobalUI.toast(`${buff.name || "Buff"} applied to ${target}`);
+};
+
+Template.customBuffView.helpers({
+	toSelf: function() {
+		if (this.buff.target === "self") {
+			return " to self";
+		} else {
+			return "";
+		}
+	}
+});
+
+Template.customBuffView.events({
+	"click .apply-buff-button": function(){
+		if (this.buff.target !== "self") {
+			pushDialogStack({
+				template: "applyBuffDialog",
+				data: {buff: this.buff},
+				element: event.currentTarget,
+				callback: (targetId) => {
+					if (!targetId) return;
+					applyBuff(targetId, this.buff);
+				},
+			});
+		} else {
+			var targetId = this.buff.charId;
+			applyBuff(targetId, this.buff);
+		}
+	},
+});