Looking for help connecting to the API, and also which event to use to gate access to a room

What event should we listen to in order to gate access to a door? Is a door a portal and then we should use “PlayerEntersPortal”?

I’m having trouble connecting to the game server on staging. short error logs below. Happy to wait until this afternoon if prod will be ready and then I can try again, if that’s easier. I don’t see my API key in the data sent to Gather, below.

new engine constructed with id 0.4633696416940545
connecting S5u2PCikLdcrivnD/lit-protocol-integration
Destroying engine in Game connect
engine 0.4633696416940545 _destroyInternal()
new engine constructed with id 0.1449980115895506
Subscribing to new event playerMoves
Error fetching getGameServer: spaceId is  S5u2PCikLdcrivnD/lit-protocol-integration  error is  { error: 'UNKNOWN', message: 'An unknown error has occurred.' }
Error starting game engine: Error: Request failed with status code 500
    at createError (/Users/chris/Documents/WorkStuff/LIT/GatherController/node_modules/@gathertown/gather-game-client/node_modules/axios/lib/core/createError.js:16:15)
    at settle (/Users/chris/Documents/WorkStuff/LIT/GatherController/node_modules/@gathertown/gather-game-client/node_modules/axios/lib/core/settle.js:17:12)
    at IncomingMessage.handleStreamEnd (/Users/chris/Documents/WorkStuff/LIT/GatherController/node_modules/@gathertown/gather-game-client/node_modules/axios/lib/adapters/http.js:269:11)
    at IncomingMessage.emit (events.js:412:35)
    at endReadableNT (internal/streams/readable.js:1317:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21) {
  config: {
    url: 'https://staging.gather.town/api/getGameServer',
    method: 'post',
    data: '{"room":"S5u2PCikLdcrivnD/lit-protocol-integration"}',
    headers: {
      Accept: 'application/json, text/plain, */*',
      'Content-Type': 'application/json',
      'User-Agent': 'axios/0.21.4',
      'Content-Length': 52
    },

Awesome to have you here Chris!

Pinging some of the engine team internally to get them to look at this today.

Looks like the error is because you have a / instead of \ in the spaceId – this is an annoying and common gotcha, I’ll fix it now for the next release

As for the doors, they aren’t portals, just objects, so there isn’t a special event or anything when people walk through them. You’ll want to subscribe to playerMoves and just respawn people who are past the door but shouldn’t be (this is slightly roundabout, sorry)

awesome, the backslash works! i was able to set up a bounding box on a room and detect when a user is in it, and teleport them out if they don’t belong.

How can I tell the user they aren’t allowed in the room? I am using game.chat() and it works but if the user doesn’t have the chat open then they don’t see the message. Is there any way to show a message in the middle of the screen, or, pop open the chat for them?

also, how can i get the player id from a web browser before a user opens gather? we need to be able to associate their crypto wallet address with their player id so we can check if they are authorized to enter a room

to clarify, the flow is something like this:

1. User goes to a webpage that lets them connect their wallet and gather account (do yall have an “login with gather” oauth flow? or can we drop a cookie or something to identify them?)
2. User clicks a link to enter the gather map
3. User tries to enter a restricted room. If they’re allowed in, nothing happens, and they stay in the room. If they are not allowed in, we teleport them just outside the room and tell them “you aren’t allowed in here because you don’t hold X NFT. click here to learn more (link to NFT community website that explains how they can obtain X NFT)”

indications back to a specific player

chat is the best way right now but we’re adding the ability to set text on-screen soon because yeah this is pretty common
another option in the meantime is to have an object in the lobby which explains the whole “you have to have this NFT to enter” thing, and teleport them back to that if they walk outside the lobby

connect wallet

yeahhhh I can only think of one, very suboptimal way to do this right now. Planning to add “login with gather” soon for this use case

but, in the meantime…

1. in an iframe/different tab
   a. generate a random OTP
   b. have them sign it with metamask
   c. have them copy that signed message
2. in gather:
   a. have them paste the message into a password door- like object, which can send text input back to your mod, along with a uid
3. back in your system
   a. verify the signature, verify the OTP hasn’t been used, and then associate that pubkey withe the uid

I think this actually works and is totally secure, it’s just pretty bad UX

lol reminds me of an old idea i had

Ok thanks guys, this has given me some ideas on how to pull this off. I’m gonna try to set this up by putting Gather in an iFrame and having the “connect wallet” stuff happen on the page that has the iFrame in it.

How do I set a password for a door with the HTTP API?

also, how do i add a door with a password in the mapmaker?

ok i think i’m on the right track here but tell me if this is wrong. i can create a new space protected with a password, and then a portal to / from that space, and when the user enters it, it will request the space password?

password spaces

yeah it’ll request the password even if you portal to it. but there isn’t a way for you the developer to programmatically get/set that password yet unfortunately

how to add password door

oof yeah this is not pleasant right now because our in-house doors are still in beta

1. enable beta features in your space (ctrl+P while in-game, it’s one of the tabs)
2. click the top left menu of the mapmaker and hit “extension settings”
3. activate password doors
4. go into the object picker and there will be a category at the bottom, pw doors
5. place that door
6. (optional) turn off the pw door extension, or it will connect to your space and try to do door things

I promise this is going to get better soon when we take them out of beta

Ok, this makes sense! Would it be possible to add this JS snippet to the Gather code? It lets a parent frame pull out the logged in user’s ID. I know this is a big ask but it would make our user flow sooo smooth and users would have a great UX vs having to paste in passwords. It’s secure, has no dependencies and is super simple.

const receiveMessage = async (msg) => {
  if (msg.data === "getUserId") {
    // get the JWT
    const { token } = await window.game.getAuth();
    // parse the JWT to get out the user id
    var base64Url = token.split(".")[1];
    var base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
    var jsonPayload = decodeURIComponent(
      atob(base64)
        .split("")
        .map(function (c) {
          return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
        })
        .join("")
    );
    const parsedPayload = JSON.parse(jsonPayload);
    const { user_id } = parsedPayload;

    // send the user id back to the parent frame
    window.parent.postMessage({ userId: user_id }, "*");
  } else {
    console.log("Error: Unsupported command");
  }
};

window.addEventListener("message", receiveMessage, false);

This is really interesting, didn’t consider iFrame messages as a potential alternative to ‘login with Gather’ – discussing this internally since we don’t intentionally support embedding, but maybe should.

Would this be a lot easier for you than login with gather? (OAuth or something to get their uid)

Update on this – we’re planning to disallow embedding soon because of the security risk (fake logins, click-jacking, etc) but want to build in all of the benefits, like being able to add custom overlays. Besides identity linking, what else are you using (or planning to use) embedding for?

Yeah I think oauth is a more complete solution for yall in the long term. But you can do embedding securely by only whitelisting approved domains using CSP CSP: frame-ancestors - HTTP | MDN.

We would use the frame parent website to let the user connect their wallet, and then possibly to show them messages when various things happen in Gather. Like when they approach a door, we can show them the requirement like “This room is only for Cryptopunk holders”, with a link to Cryptopunks on OpenSea so that the user could buy one if they wanted to get into the room.

I know that Topia, for example, supports embedding in an iFrame but you have to get the domain approved and added to the their CSP. I think they do it because various corporate clients have wanted to embed a Topia room in an event provider website. Here’s their CSP in case you were curious:

frame-ancestors 'self' https://sevensevensix.com https://explore.topia.io https://www.vtogether.io https://vtogether.io https://live.gevme.com https://*.gevme.com https://gevme.com https://*.hubb.me https://*.yanon.us https://yanon.us https://elevent.ly/ https://*.elevent.ly/ https://*.religionandpubliclife.org https://religionandpubliclife.org https://ipfs.litgateway.com https://app.aumivi.ch https://places.aumivi.ch https://dev.aumivi.net https://app2.aumivi.ch https://app.aumivi.world http://blissfullbrides.sg

Yeah turns out a bunch of people have made cool stuff by embedding Gather already, so we’re going to move to this whitelist until we can provide equivalently expressive tooling to everyone securely. What domain are you doing this on? I can add it to the list we’re accumulating

Awesome! https://ipfs.litgateway.com would be the domain.

Can you add the receiveMessage/postMessage snippet I posted above? It just lets a parent frame get the user’s ID in gather.