Merge branch 'feature-library-ui'

closes #211

README.md

@@ -1,13 +1,93 @@
-RPG Docs
+DiceCloud
 ========
 
 This is the repo for [DiceCloud](dicecloud.com).
 
+DiceCloud is a free, auditable, real-time character sheet for D&D 5e.
+
+Philosophy
+----------
+
+Setting up your character on DiceCloud takes a little longer than
+just filling it in on a paper character sheet would. The goal of using an
+online sheet is to make actually playing the game more streamlined, and
+ultimately more fun. So putting a little extra effort into setting up a
+character now pays off over and over again once you're playing.
+
+The idea is to track where each number comes from, and allow you to easily make
+changes on the fly. Let's look at a hypothetical example.
+
+> You need to swim through a sunken section of dungeon to fetch the quest's Thing.
+> You'll need to take off your magical Plate Armor of +1 Constitution to swim
+> without sinking, of course.
+>
+> Taking it off will take away that disadvantage on
+> stealth checks, change your armor class, your speed and your constitution, and
+> which in turn changes your hit points and your constitution saving throw.
+> Working out all those changes in the middle of a game will drag the game to a
+> halt.
+>
+> Fortunately you have DiceCloud, so it's a matter of dragging
+> your Plate Armor +1 Con from your "equipment" box to your "backpack" box and
+> you're done. Your hitpoints change correctly, your saving throws are up to date,
+> your armor class goes back to reflecting the fact that you have natural armor
+> from being a dragonborn. Your character sheet keeps up and you
+> ultimately get more time to play the game. Huzzah!
+
 Getting started
 ---------------
 
-`git clone https://github.com/ThaumRystra/DiceCloud1 dicecloud`  
+Running DiceCloud locally, either to run it locally, away from an internet
+connection, or to contribute to developing it further, is fairly
+straightforward and it should work on Linux, Windows, and Mac.
+
+You'll need to have installed:
+
+- [git](https://www.atlassian.com/git/tutorials/install-git)
+- [Meteor](https://www.meteor.com/install)
+
+Then, it's just a matter of cloning this repository into a folder, installing the dependencies and running
+`meteor` in the app directory:
+
+`git clone https://github.com/ThaumRystra/DiceCloud dicecloud`  
 `cd dicecloud`  
-`cd rpg-docs`  
-`bower install`  
+`cd app`  
+`meteor npm install`  
 `meteor`
+
+If you edit the source code at this point, Meteor will rebuild the server with
+your changes.
+
+If you want to simulate a production environment, run `meteor --production`
+
+This will minimize all the files served to your browser, and load a lot faster,
+in exchange for not watching the source code for changes.
+
+Note that this is not how you should deploy Meteor to your own web server, that
+is documented here: https://guide.meteor.com/deployment.html
+
+After running `meteor` or `meteor --production`, you should see this, possibly
+mixed with other logged text:
+
+```
+=> Started proxy.
+=> Started MongoDB.
+=> Started your app.
+
+=> App running at: http://localhost:3000/
+```
+
+Now, visiting http://localhost:3000/ should show you an empty instance of
+DiceCloud running.
+
+To stop the process when you are done (or if it gets stuck) press `ctrl-c`
+
+## Adding default documents
+
+Navigate to `/dataSources/srd/srdimport.js`, and follow the steps under
+'First Setup', running the code in your browser's console, while logged in to
+your own instance of DiceCloud.
+
+Do not run code in your browser console on the live version of DiceCloud hosted
+at dicecloud.com, as doing so could result in a large number of denied requests
+to the server, and may get your account permanently banned.

app/.gitignore

@@ -4,6 +4,9 @@
 settings.json
 public/components
 public/_imports.html
+private/oldClient
 nohup.out
 node_modules
 dump
+.idea/
+.cache

app/.meteor/.finished-upgraders

@@ -15,3 +15,4 @@ notices-for-facebook-graph-api-2
 1.4.1-add-shell-server-package
 1.4.3-split-account-service-packages
 1.5-add-dynamic-import-package
+1.7-split-underscore-from-meteor-base

app/.meteor/packages

@@ -3,9 +3,9 @@
 # 'meteor add' and 'meteor remove' will edit this file for you,
 # but you can also edit it by hand.
 
-accounts-password@1.5.0
-accounts-ui@1.2.0
-random@1.0.10
+accounts-password@1.5.1
+accounts-ui@1.3.1
+random@1.1.0
 dburles:collection-helpers
 reactive-var@1.0.11
 underscore@1.0.10
@@ -17,40 +17,40 @@ dburles:mongo-collection-instances
 percolate:migrations
 ecwyne:mathjs
 useraccounts:polymer
-accounts-google@1.3.0
+accounts-google@1.3.2
 splendido:accounts-meld
 email@1.2.3
 meteorhacks:subs-manager
 chuangbo:marked
 reywood:iron-router-ga
-meteor-base@1.2.0
+meteor-base@1.4.0
 mobile-experience@1.0.5
-mongo@1.3.1
+mongo@1.6.2
 blaze-html-templates
-session@1.1.7
+session@1.2.0
 jquery@1.11.10
-tracker@1.1.3
-logging@1.1.19
-reload@1.1.11
+tracker@1.2.0
+logging@1.1.20
+reload@1.3.0
 ejson@1.1.0
 spacebars
-check@1.2.5
+check@1.3.1
 useraccounts:iron-routing
-wizonesolutions:canonical
-standard-minifier-js@2.2.0
-shell-server@0.3.0
+shell-server@0.4.0
 seba:minifiers-autoprefixer
 nikogosovd:multiple-uihooks
 templates:array
-ecmascript@0.9.0
-es5-shim@4.6.15
+ecmascript@0.12.4
+es5-shim@4.8.0
 differential:vulcanize
-reactive-dict@1.2.0
-percolate:synced-cron
+reactive-dict@1.3.0
 ongoworks:speakingurl
 service-configuration@1.0.11
-google-config-ui@1.0.0
-dynamic-import@0.2.0
+google-config-ui@1.0.1
+dynamic-import@0.5.1
 ddp-rate-limiter@1.0.7
-rate-limit@1.0.8
+rate-limit@1.0.9
 iron:router
+littledata:synced-cron
+montiapm:agent
+zodern:standard-minifier-js

app/.meteor/release

@@ -0,0 +1 @@
+METEOR@1.8.1

app/.meteor/versions

@@ -1,57 +1,59 @@
-accounts-base@1.4.2
-accounts-google@1.3.1
-accounts-oauth@1.1.15
-accounts-password@1.5.0
-accounts-ui@1.2.0
-accounts-ui-unstyled@1.3.0
+accounts-base@1.4.4
+accounts-google@1.3.2
+accounts-oauth@1.1.16
+accounts-password@1.5.1
+accounts-ui@1.3.1
+accounts-ui-unstyled@1.4.2
 aldeed:collection2@2.10.0
 aldeed:collection2-core@1.2.0
 aldeed:schema-deny@1.1.0
 aldeed:schema-index@1.1.1
-aldeed:simple-schema@1.5.3
+aldeed:simple-schema@1.5.4
 allow-deny@1.1.0
-autoupdate@1.3.12
-babel-compiler@6.24.7
-babel-runtime@1.1.1
-base64@1.0.10
-binary-heap@1.0.10
-blaze@2.3.2
+autoupdate@1.6.0
+babel-compiler@7.3.4
+babel-runtime@1.3.0
+base64@1.0.11
+binary-heap@1.0.11
+blaze@2.3.3
 blaze-html-templates@1.1.2
 blaze-tools@1.0.10
-boilerplate-generator@1.3.1
-caching-compiler@1.1.11
-caching-html-compiler@1.1.2
-callback-hook@1.0.10
-check@1.2.5
+boilerplate-generator@1.6.0
+caching-compiler@1.2.1
+caching-html-compiler@1.1.3
+callback-hook@1.1.0
+check@1.3.1
 chuangbo:marked@0.3.5_1
-coffeescript@1.11.1_4
+coffeescript@1.0.17
 dburles:collection-helpers@1.1.0
 dburles:mongo-collection-instances@0.3.5
 ddp@1.4.0
-ddp-client@2.2.0
-ddp-common@1.3.0
+ddp-client@2.3.3
+ddp-common@1.4.0
 ddp-rate-limiter@1.0.7
-ddp-server@2.1.1
+ddp-server@2.3.0
 deps@1.0.12
-diff-sequence@1.0.7
+diff-sequence@1.1.1
 differential:vulcanize@3.0.0
-dynamic-import@0.2.1
-ecmascript@0.9.0
-ecmascript-runtime@0.5.0
-ecmascript-runtime-client@0.5.0
-ecmascript-runtime-server@0.5.0
+dynamic-import@0.5.1
+ecmascript@0.12.7
+ecmascript-runtime@0.7.0
+ecmascript-runtime-client@0.8.0
+ecmascript-runtime-server@0.7.1
 ecwyne:mathjs@0.25.0
 ejson@1.1.0
 email@1.2.3
-es5-shim@4.6.15
+es5-shim@4.8.0
+fetch@0.1.1
 geojson-utils@1.0.10
-google-config-ui@1.0.0
-google-oauth@1.2.5
+google-config-ui@1.0.1
+google-oauth@1.2.6
 hot-code-push@1.0.4
 html-tools@1.0.11
 htmljs@1.0.11
-http@1.3.0
-id-map@1.0.9
+http@1.4.2
+id-map@1.1.0
+inter-process-messaging@0.1.0
 iron:controller@1.0.12
 iron:core@1.0.11
 iron:dynamic-template@1.0.12
@@ -60,75 +62,80 @@ iron:location@1.0.11
 iron:middleware-stack@1.1.0
 iron:router@1.1.2
 iron:url@1.1.0
-jquery@1.11.10
+jquery@1.11.11
 lai:collection-extensions@0.2.1_1
+lamhieu:meteorx@2.0.1
 launch-screen@1.1.1
-less@2.7.12
+less@2.8.0
+littledata:synced-cron@1.5.1
 livedata@1.0.18
 localstorage@1.2.0
-logging@1.1.19
+logging@1.1.20
 matb33:collection-hooks@0.8.4
 mdg:validation-error@0.5.1
-meteor@1.8.2
-meteor-base@1.2.0
+meteor@1.9.3
+meteor-base@1.4.0
 meteorhacks:subs-manager@1.6.4
-minifier-css@1.2.16
-minifier-js@2.2.2
-minimongo@1.4.3
+minifier-css@1.4.2
+minimongo@1.4.5
 mobile-experience@1.0.5
 mobile-status-bar@1.0.14
-modules@0.11.3
-modules-runtime@0.9.2
-momentjs:moment@2.20.1
-mongo@1.3.1
+modern-browsers@0.1.4
+modules@0.13.0
+modules-runtime@0.10.3
+momentjs:moment@2.24.0
+mongo@1.6.2
+mongo-decimal@0.1.1
 mongo-dev-server@1.1.0
-mongo-id@1.0.6
+mongo-id@1.0.7
+mongo-livedata@1.0.12
+montiapm:agent@2.35.0
 nikogosovd:multiple-uihooks@0.1.8
 npm-bcrypt@0.9.3
-npm-mongo@2.2.34
-oauth@1.2.1
-oauth2@1.2.0
+npm-mongo@3.1.2
+oauth@1.2.8
+oauth2@1.2.1
 observe-sequence@1.0.16
 ongoworks:speakingurl@9.0.0
-ordered-dict@1.0.9
+ordered-dict@1.1.0
 percolate:migrations@0.9.8
-percolate:synced-cron@1.3.2
-promise@0.10.1
+promise@0.11.2
 raix:eventemitter@0.1.3
-random@1.0.10
-rate-limit@1.0.8
-reactive-dict@1.2.0
+random@1.1.0
+rate-limit@1.0.9
+reactive-dict@1.3.0
 reactive-var@1.0.11
-reload@1.1.11
-retry@1.0.9
+reload@1.3.0
+retry@1.1.0
 reywood:iron-router-ga@0.7.1
-routepolicy@1.0.12
-seba:minifiers-autoprefixer@1.0.1
+routepolicy@1.1.0
+seba:minifiers-autoprefixer@1.1.2
 service-configuration@1.0.11
-session@1.1.7
+session@1.2.0
 sha@1.0.9
-shell-server@0.3.1
+shell-server@0.4.0
+socket-stream-client@0.2.2
 softwarerero:accounts-t9n@1.3.11
 spacebars@1.0.15
 spacebars-compiler@1.1.3
 splendido:accounts-emails-field@1.2.0
 splendido:accounts-meld@1.3.1
-srp@1.0.10
-standard-minifier-js@2.2.3
+srp@1.0.12
 templates:array@1.0.3
 templating@1.3.2
 templating-compiler@1.3.3
 templating-runtime@1.3.2
 templating-tools@1.1.2
-tracker@1.1.3
+tracker@1.2.0
 ui@1.0.13
 underscore@1.0.10
-url@1.1.0
+url@1.2.0
 useraccounts:core@1.14.2
 useraccounts:iron-routing@1.14.2
 useraccounts:polymer@1.14.2
-webapp@1.4.0
+webapp@1.7.4
 webapp-hashing@1.0.9
-wizonesolutions:canonical@0.0.5
 zimme:collection-behaviours@1.1.3
 zimme:collection-softremovable@1.0.5
+zodern:minifier-js@3.0.0
+zodern:standard-minifier-js@3.0.0

app/Model/Character/Buffs.js

@@ -65,3 +65,37 @@ makeParent(Buffs, ["name", "enabled"]); //parents of effects, attacks, proficien
 
 Buffs.allow(CHARACTER_SUBSCHEMA_ALLOW);
 Buffs.deny(CHARACTER_SUBSCHEMA_DENY);
+
+Meteor.methods({
+	applyBuff: function(buffId, targetId){
+		if (!Meteor.call("canWriteCharacter", targetId)){
+			throw new Meteor.Error(
+				"Access denied",
+				"You do not have permission to buff this character"
+			);
+		}
+		let buff = CustomBuffs.findOne(buffId);
+		if (!buff) return;
+
+		var parentCol = Meteor.isClient ?
+			window[buff.parent.collection] : global[buff.parent.collection]
+		var parent = parentCol.findOne(buff.parent.id);
+
+		//insert new buff
+		newBuffId = Buffs.insert({
+			charId: targetId,
+			name: buff.name,
+			description: buff.description,
+			lifeTime: {total: buff.lifeTime.total},
+			type: "custom",
+
+			appliedBy: buff.charId,
+			appliedByDetails: {
+				name: parent && parent.name || "",
+				collection: buff.parent.collection,
+			},
+		});
+
+		Meteor.call("cloneChildren", buffId, {id: newBuffId, collection: "Buffs"})
+	}
+})

app/Model/Character/Characters.js

@@ -582,8 +582,8 @@ Characters.allow({
 });
 
 Characters.deny({
-	update: function(userId, docs, fields, modifier) {
-		// can't change owners
-		return _.contains(fields, "owner");
+	update: function(userId, doc, fields, modifier) {
+		// can't change owners unless you are the current owner
+		return _.contains(fields, "owner") && doc.owner !== userId;
 	}
 });

app/Model/Library/Library.js

@@ -2,14 +2,40 @@ Libraries = new Mongo.Collection("library");
 
 Schemas.Library = new SimpleSchema({
 	name:    {type: String},
-	owner:   {type: String, regEx: SimpleSchema.RegEx.Id},
-	readers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: []},
-	writers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: []},
-	public:  {type: Boolean, defaultValue: false},
+	owner:   {type: String, regEx: SimpleSchema.RegEx.Id, index: 1},
+	readers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: [], index: 1},
+	writers: {type: [String], regEx: SimpleSchema.RegEx.Id, defaultValue: [], index: 1},
+	public:  {type: Boolean, defaultValue: false, index: 1},
 });
 
 Libraries.attachSchema(Schemas.Library);
 
+if (Meteor.isServer){
+	Libraries.after.remove(function(userId, library) {
+		LibraryItems.remove({library: library._id});
+		LibrarySpells.remove({library: library._id});
+	});
+}
+
+Meteor.methods({
+	unshareLibraryWithMe: function(libraryId) {
+		let library = Libraries.findOne(libraryId);
+		let userId = Meteor.userId();
+
+		if (!library) return;
+		if (library.owner === userId){
+			throw new Meteor.error("Can't unshare, you own this")
+		} else {
+			if (_.contains(library.readers, userId)){
+				Libraries.update(libraryId, {$pull: {"readers": userId}});
+			}
+			if (_.contains(library.writers, userId)){
+				Libraries.update(libraryId, {$pull: {"writers": userId}});
+			}
+		}
+	},
+});
+
 Libraries.allow({
 	insert(userId, doc) {
 		return userId && doc.owner === userId;
@@ -18,16 +44,14 @@ Libraries.allow({
 		return canEdit(userId, doc);
 	},
 	remove(userId, doc) {
-		return canEdit(userId, doc);
+		return userId && doc.owner === userId;
 	},
 	fetch: ["owner", "writers"],
 });
 
 Libraries.deny({
-	// For now, only admins can manage libraries
 	insert(userId, doc){
-		var user = Meteor.users.findOne(userId);
-		return !user || !_.contains(user.roles, "admin");
+		return !Meteor.users.findOne(userId);
 	},
 	update(userId, doc, fields, modifier) {
 		// Can't change owners

app/Model/Library/LibraryAttacks.js

@@ -1,7 +1,7 @@
 Schemas.LibraryAttacks = new SimpleSchema({
 	name: {
 		type: String,
-		defaultValue: "New Attack",
+		optional: true,
 		trim: false,
 	},
 	details: {

app/Model/Library/LibraryEffects.js

@@ -9,7 +9,6 @@ Schemas.LibraryEffects = new SimpleSchema({
 		defaultValue: "add",
 		allowedValues: [
 			"base",
-			"proficiency",
 			"add",
 			"mul",
 			"min",

app/Model/Library/LibraryItems.js

@@ -0,0 +1,91 @@
+LibraryItems = new Mongo.Collection("libraryItems");
+
+Schemas.LibraryItems = new SimpleSchema({
+	libraryName:{type: String, optional: true, trim: false},
+	name:       {type: String, defaultValue: "New Item", trim: false},
+	plural:		{type: String, optional: true, trim: false},
+	description:{type: String, optional: true, trim: false},
+	quantity:	{type: Number, min: 0, defaultValue: 1},
+	weight:		{type: Number, min: 0, defaultValue: 0, decimal: true},
+	value:		{type: Number, min: 0, defaultValue: 0, decimal: true},
+	requiresAttunement: {type: Boolean, defaultValue: false},
+
+	library:    {type: String, regEx: SimpleSchema.RegEx.Id, index: 1},
+
+	"settings.category":   {
+		type: String,
+		optional: true,
+		allowedValues: [
+			"adventuringGear", "armor", "weapons", "tools",
+		],
+	},
+	"settings.showIncrement": {
+		type: Boolean,
+		defaultValue: false,
+	},
+
+	effects: {type: [Schemas.LibraryEffects], defaultValue: []},
+	attacks: {type: [Schemas.LibraryAttacks], defaultValue: []},
+});
+
+LibraryItems.attachSchema(Schemas.LibraryItems);
+
+LibraryItems.allow({
+	insert(userId, doc) {
+		return Libraries.canEdit(userId, doc.library);
+	},
+	update(userId, doc, fields, modifier) {
+		return Libraries.canEdit(userId, doc.library);
+	},
+	remove(userId, doc) {
+		return Libraries.canEdit(userId, doc.library);
+	},
+	fetch: ["library"],
+});
+
+Meteor.methods({
+	updateLibraryItemEffect: function({itemId, effectIndex, field, value, unsetField}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		let modifier = {
+			$set: {
+				[`effects.${effectIndex}.${field}`]: value,
+			}
+		};
+		if (unsetField){
+			modifier.$unset = {
+				[`effects.${effectIndex}.${unsetField}`]: 1,
+			}
+		}
+		LibraryItems.update(itemId, modifier);
+	},
+	removeLibraryItemEffect: function({itemId, effectIndex}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		LibraryItems.update(itemId, {$unset : {
+			[`effects.${effectIndex}`] : 1,
+		}});
+		LibraryItems.update(itemId, {$pull : {"effects" : null}});
+	},
+	updateLibraryItemAttack: function({itemId, attackIndex, field, value}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		LibraryItems.update(itemId, {
+			$set: {
+				[`attacks.${attackIndex}.${field}`]: value,
+			}
+		});
+	},
+	removeLibraryItemAttack: function({itemId, attackIndex}){
+		let libraryId = LibraryItems.findOne(itemId).library;
+		let userId = Meteor.userId();
+		if (!Libraries.canEdit(userId, libraryId)) return;
+		LibraryItems.update(itemId, {$unset : {
+			[`attacks.${attackIndex}`] : 1,
+		}});
+		LibraryItems.update(itemId, {$pull : {"attacks" : null}});
+	},
+})

app/Model/Meta/Blacklist.js

@@ -0,0 +1,9 @@
+Blacklist = new Mongo.Collection("blacklist");
+
+Schemas.Blacklist = new SimpleSchema({
+	userId: {
+		type: String,
+	},
+});
+
+Blacklist.attachSchema(Schemas.Blacklist);

app/Model/Meta/PatreonPosts.js

@@ -0,0 +1,26 @@
+PatreonPosts = new Mongo.Collection("patreonPosts");
+
+Schemas.PatreonPosts = new SimpleSchema({
+	link: {
+    type: String,
+  },
+  dateAdded: {
+    type: Date,
+    autoValue(){
+      return new Date();
+    },
+  },
+});
+
+PatreonPosts.attachSchema(Schemas.PatreonPosts);
+
+PatreonPosts.allow({
+	insert: function(userId, doc) {
+		var user = Meteor.users.findOne(userId);
+		if (user) return _.contains(user.roles, "admin");
+	},
+	remove: function(userId, doc) {
+		var user = Meteor.users.findOne(userId);
+		if (user) return _.contains(user.roles, "admin");
+	},
+});

app/Model/Users/Users.js

@@ -3,6 +3,10 @@ Schemas.UserProfile = new SimpleSchema({
 		type: String,
 		optional: true,
 	},
+	librarySubscriptions: {
+		type: [String],
+		defaultValue: [],
+	},
 });
 
 Schemas.User = new SimpleSchema({
@@ -66,6 +70,45 @@ Schemas.User = new SimpleSchema({
 		index: 1,
 		optional: true,
 	},
+	lastPatreonPostClicked: {
+		type: String,
+		optional: true,
+	},
+	patreon: {
+		type: Object,
+		optional: true,
+	},
+	"patreon.accessToken": {
+		type: String,
+		optional: true,
+	},
+	"patreon.refreshToken": {
+		type: String,
+		optional: true,
+	},
+	"patreon.tokenExpiryDate": {
+		type: Date,
+		optional: true,
+	},
+	"patreon.userId": {
+		type: String,
+		optional: true,
+		index: 1,
+	},
+	"patreon.entitledCents": {
+		type: Number,
+		decimal: false,
+		optional: true,
+	},
+	"patreon.entitledCentsOverride": {
+		type: Number,
+		decimal: false,
+		optional: true,
+	},
+	"patreon.error": {
+		type: String,
+		optional: true,
+	},
 });
 
 Meteor.users.attachSchema(Schemas.User);
@@ -103,3 +146,11 @@ if (Meteor.isServer) Meteor.methods({
 		Meteor.users.update(this.userId, {$set: {apiKey}});
 	},
 });
+
+Meteor.methods({
+	clickPatreonPost(link) {
+		Meteor.users.update(this.userId, {$set: {
+			lastPatreonPostClicked: link
+		}});
+	},
+});

app/Routes/API.js

@@ -0,0 +1,268 @@
+Router.map(function () {
+    this.route("vmixCharacter", {
+        path: "/vmix-character/:_id/",
+        where: "server",
+        action: function () {
+            this.response.setHeader("Content-Type", "application/json");
+            var query = this.params.query;
+            var key = query && query.key;
+            ifKeyValid(key, this.response, "vmixCharacter", () =>
+                this.response.end(vMixCharacter(this.params._id))
+            );
+        },
+    });
+    this.route("vmixParty", {
+        path: "/vmix-party/:_id/",
+        where: "server",
+        action: function () {
+            this.response.setHeader("Content-Type", "application/json");
+            var query = this.params.query;
+            var key = query && query.key;
+            ifKeyValid(key, this.response, "vmixParty", () =>
+                this.response.end(vMixParty(this.params._id))
+            );
+        },
+    });
+
+    this.route("jsonCharacterSheet", { // GET /character/:_id/json?key=:key
+        path: "/character/:_id/json",
+        where: "server",
+        action: function () {
+            this.response.setHeader("Content-Type", "application/json");
+            var query = this.params.query;
+            var key = query && query.key;
+            ifKeyValid(key, this.response, "jsonCharacterSheet", () => {
+                    if (canViewCharacter(this.params._id, userIdFromKey(key))) {
+                        this.response.end(JSONExport(this.params._id))
+                    } else {
+                        this.response.writeHead(403, "You do not have permission to view this character");
+                        this.response.end();
+                    }
+                }
+            );
+        },
+    });
+
+    this.route("getUserId", { // GET /api/user?username=:un&key=:key
+        path: "/api/user",
+        where: "server",
+        action: function () {
+            this.response.setHeader("Content-Type", "application/json");
+            var query = this.params.query;
+            var key = query && query.key;
+            var username = query && query.username;
+            ifKeyValid(key, this.response, "getUserId", () => {
+                Meteor.call("getUserId", username, (err, result) => {
+                    if (err) {
+                        console.error(err);
+                        this.response.writeHead(404, "User not found");
+                        this.response.end();
+                    } else {
+                        console.log(result);
+                        this.response.end(JSON.stringify({id: result}));
+                    }
+                });
+            });
+        }
+    });
+
+    this.route("addSpellsToCharacter", { // POST /api/character/:_id/spellList/:listId
+        path: "/api/character/:_id/spellList/:listId",
+        where: "server"
+    }).post(function () {
+        const key = startPOSTResponse(this);
+        const spells = this.request.body;
+        const charId = this.params._id;
+        const listId = this.params.listId;
+        Meteor.call("insertSpells", key, charId, listId, spells, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("createCharacter", { // POST /api/character
+        path: "/api/character",
+        where: "server"
+    }).post(function () {
+        const key = startPOSTResponse(this);
+        const character = this.request.body;
+        Meteor.call("insertCharacter", key, character, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("deleteCharacter", { // DELETE /api/character/:_id
+        path: "/api/character/:_id",
+        where: "server"
+    }).delete(function () {
+        const key = startPOSTResponse(this);
+        const charId = this.params._id;
+        Meteor.call("deleteCharacter", key, charId, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("transferCharacterOwnership", { // PUT /api/character/:_id/owner
+        path: "/api/character/:_id/owner",
+        where: "server"
+    }).put(function () {
+        const key = startPOSTResponse(this);
+        const charId = this.params._id;
+        const ownerId = this.request.body['id'];
+        Meteor.call("transferCharacterOwnership", key, charId, ownerId, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("insertFeatures", { // POST /api/character/:_id/feature
+        path: "/api/character/:_id/feature",
+        where: "server",
+    }).post(function () {
+        const key = startPOSTResponse(this);
+        const charId = this.params._id;
+        const features = this.request.body;
+        Meteor.call("insertFeatures", key, charId, features, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("insertProfs", { // POST /api/character/:_id/prof
+        path: "/api/character/:_id/prof",
+        where: "server",
+    }).post(function () {
+        const key = startPOSTResponse(this);
+        const charId = this.params._id;
+        const profs = this.request.body;
+        Meteor.call("insertProfs", key, charId, profs, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("insertEffects", { // POST /api/character/:_id/effect
+        path: "/api/character/:_id/effect",
+        where: "server",
+    }).post(function () {
+        const key = startPOSTResponse(this);
+        const charId = this.params._id;
+        const effects = this.request.body;
+        Meteor.call("insertEffects", key, charId, effects, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+
+    this.route("insertClasses", { // POST /api/character/:_id/class
+        path: "/api/character/:_id/class",
+        where: "server",
+    }).post(function () {
+        const key = startPOSTResponse(this);
+        const charId = this.params._id;
+        const classes = this.request.body;
+        Meteor.call("insertClasses", key, charId, classes, (err, res) => {
+            if (err) {
+                this.response.writeHead(err.error, err.reason);
+                this.response.end(err.details);
+            } else {
+                this.response.end(JSON.stringify(res));
+            }
+        });
+    });
+});
+
+const startPOSTResponse = function (request) {
+    request.response.setHeader("Content-Type", "application/json");
+    const header = request.request.headers;
+    return header && header['authorization'];
+};
+
+var ifKeyValid = function (apiKey, response, method, callback) {
+    if (!apiKey) {
+        response.writeHead(403, "You must use an api key to access this api");
+        response.end();
+    } else if (!isKeyValid(apiKey)) {
+        response.writeHead(403, "API key is invalid");
+        response.end();
+    } else if (isRateLimited(apiKey, method)) {
+        response.writeHead(429, "Too many requests");
+        response.end(JSON.stringify({
+            "timeToReset": rateLimiter.check({apiKey: apiKey, method: method}).timeToReset
+        }));
+    } else {
+        rateLimiter.increment({apiKey: apiKey, method: method});
+        callback();
+    }
+};
+
+isKeyValid = function (apiKey) {
+    var user = Meteor.users.findOne({apiKey});
+    if (!user) return false;
+    var blackListed = Blacklist.findOne({userId: user._id});
+    return !blackListed;
+};
+
+userIdFromKey = function (apiKey) {
+    var user = Meteor.users.findOne({apiKey}); // we know user exists from isKeyValid
+    return user._id;
+};
+
+rateLimiter = new RateLimiter();
+// global limit
+rateLimiter.addRule({apiKey: String}, 10, 1000);
+
+// vmix stuff
+rateLimiter.addRule({apiKey: String, method: "vmixCharacter"}, 2, 10000);
+rateLimiter.addRule({apiKey: String, method: "vmixParty"}, 2, 10000);
+
+// bot API endpoints
+rateLimiter.addRule({apiKey: String, method: "jsonCharacterSheet"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "getUserId"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "addSpellsToCharacter"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "createCharacter"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "transferCharacterOwnership"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "insertFeatures"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "insertProfs"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "insertEffects"}, 5, 5000);
+rateLimiter.addRule({apiKey: String, method: "insertClasses"}, 5, 5000);
+
+isRateLimited = function (apiKey, method) {
+    const limited = !rateLimiter.check({apiKey: apiKey, method: method}).allowed;
+    if (limited) {
+        console.log(`Rate limit hit by API key ${apiKey}`);
+        return true;
+    } else {
+        return false;
+    }
+};

app/Routes/Routes.js

@@ -8,11 +8,18 @@ Router.plugin("ensureSignedIn", {
 	only: [
 		"profile",
 		"characterList",
+		"library",
+		"libraries",
 	]
 });
 
 Router.plugin("dataNotFound", {notFoundTemplate: "notFound"});
 
+var handleSubError = function(e){
+	Session.set("error", {reason: e.reason, href: location.href});
+	Router.go("/error");
+};
+
 Router.map(function() {
 	this.route("/", {
 		name: "home",
@@ -36,7 +43,9 @@ Router.map(function() {
 		path: "/character/:_id/",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
+					"singleCharacter", this.params._id, {onError: handleSubError}
+				),
 			];
 		},
 		action: function(){
@@ -52,7 +61,9 @@ Router.map(function() {
 		path: "/character/:_id/:urlName",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
+					"singleCharacter", this.params._id, {onError: handleSubError}
+				),
 			];
 		},
 		data: function() {
@@ -82,7 +93,9 @@ Router.map(function() {
 		path: "/character/:_id/:urlName/print",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
+					"singleCharacter", this.params._id, {onError: handleSubError}
+				),
 			];
 		},
 		data: function() {
@@ -107,10 +120,27 @@ Router.map(function() {
 		},
 	});
 
-	this.route("library", {
+	this.route("libraries", {
 		path: "/library",
 		waitOn: function(){
-			return subsManager.subscribe("standardLibraries");
+			return subsManager.subscribe("customLibraries");
+		},
+		onAfterAction: function() {
+			document.title = appName + " - Libraries";
+		},
+		fastRender: true,
+	});
+
+	this.route("library", {
+		path: "/library/:_id",
+		waitOn: function(){
+			return [
+				subsManager.subscribe("libraryItems", this.params._id),
+				subsManager.subscribe("singleLibrary", this.params._id),
+			];
+		},
+		data: function() {
+			return Libraries.findOne(this.params._id);
 		},
 		onAfterAction: function() {
 			document.title = appName + " - Library";
@@ -153,4 +183,11 @@ Router.map(function() {
 			document.title = appName;
 		},
 	});
+
+	this.route("/error", {
+		name: "error",
+		onAfterAction: function() {
+			document.title = `${appName} - Error`;
+		},
+	});
 });

app/bower.json

@@ -1,6 +1,6 @@
 {
-  "name": "RPG Docs",
-  "version": "0.0.0",
+  "name": "dicecloud",
+  "version": "1",
   "homepage": "",
   "authors": [
     "Stefan Zermatten"

app/client/globalHelpers/isTier5.js

@@ -0,0 +1,7 @@
+Template.registerHelper("isTier5", function(){
+  let user = Meteor.user();
+  if (!user) return false;
+  patreon = user.patreon;
+  if (!patreon) return false;
+  return patreon.entitledCents >= 500 || patreon.entitledCentsOverride >= 500;
+});

app/client/globalHelpers/patreonLoginUrl.js

@@ -0,0 +1,19 @@
+const CLIENT_ID = Meteor.settings &&
+	Meteor.settings.public.patreon  &&
+	Meteor.settings.public.patreon.clientId;
+
+Template.registerHelper("patreonLoginUrl", function() {
+  if (!CLIENT_ID) return;
+  return formatUrl({
+    protocol: 'https',
+    host: 'patreon.com',
+    pathname: '/oauth2/authorize',
+    query: {
+      response_type: 'code',
+      client_id: CLIENT_ID,
+      redirect_uri: Meteor.absoluteUrl() + 'patreon-redirect',
+      state: Meteor.userId(),
+      scope: 'identity',
+    },
+  });
+});

app/client/lib/fixPasswordButton.js

@@ -0,0 +1,5 @@
+let pwdFormSubmit = AccountsTemplates.atPwdFormEvents["submit #at-pwd-form"]
+
+Template.atPwdForm.events({
+  "click .at-btn.submit": pwdFormSubmit,
+});

app/client/style/iosButtonFix.css

@@ -0,0 +1,8 @@
+/*
+ * iOS doens't believe in click events for some elements.
+ * This is here to convince it to allow buttons to be clickable
+ */
+ button {
+   cursor: pointer;
+ }
+