From f34d405dc4c823b127acf84763af0d5b74928751 Mon Sep 17 00:00:00 2001
From: Andrei Mihu <andrei@heroiclabs.com>
Date: Tue, 9 Mar 2021 15:25:00 +0000
Subject: [PATCH] Improve Facebook Limited Login integration when unlinking
 accounts.

---
 server/api_unlink.go                |  2 +-
 server/core_unlink.go               | 11 +++++++----
 server/runtime_go_nakama.go         |  2 +-
 server/runtime_javascript_nakama.go |  2 +-
 server/runtime_lua_nakama.go        |  2 +-
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/server/api_unlink.go b/server/api_unlink.go
index b9ddb9937..00df32d0a 100644
--- a/server/api_unlink.go
+++ b/server/api_unlink.go
@@ -226,7 +226,7 @@ func (s *ApiServer) UnlinkFacebook(ctx context.Context, in *api.AccountFacebook)
 		}
 	}
 
-	err := UnlinkFacebook(ctx, s.logger, s.db, s.socialClient, userID, in.Token)
+	err := UnlinkFacebook(ctx, s.logger, s.db, s.socialClient, s.config.GetSocial().FacebookLimitedLogin.AppId, userID, in.Token)
 	if err != nil {
 		return nil, err
 	}
diff --git a/server/core_unlink.go b/server/core_unlink.go
index eae3de8a9..091595291 100644
--- a/server/core_unlink.go
+++ b/server/core_unlink.go
@@ -171,15 +171,18 @@ AND ((apple_id IS NOT NULL
 	return nil
 }
 
-func UnlinkFacebook(ctx context.Context, logger *zap.Logger, db *sql.DB, socialClient *social.Client, id uuid.UUID, token string) error {
+func UnlinkFacebook(ctx context.Context, logger *zap.Logger, db *sql.DB, socialClient *social.Client, appId string, id uuid.UUID, token string) error {
 	if token == "" {
 		return status.Error(codes.InvalidArgument, "Facebook access token is required.")
 	}
 
-	facebookProfile, err := socialClient.GetFacebookProfile(ctx, token)
+	facebookProfile, err := socialClient.CheckFacebookLimitedLoginToken(ctx, appId, token)
 	if err != nil {
-		logger.Info("Could not authenticate Facebook profile.", zap.Error(err))
-		return status.Error(codes.Unauthenticated, "Could not authenticate Facebook profile.")
+		facebookProfile, err = socialClient.GetFacebookProfile(ctx, token)
+		if err != nil {
+			logger.Info("Could not authenticate Facebook profile.", zap.Error(err))
+			return status.Error(codes.Unauthenticated, "Could not authenticate Facebook profile.")
+		}
 	}
 
 	res, err := db.ExecContext(ctx, `UPDATE users SET facebook_id = NULL, update_time = now()
diff --git a/server/runtime_go_nakama.go b/server/runtime_go_nakama.go
index c4327363b..487367ba4 100644
--- a/server/runtime_go_nakama.go
+++ b/server/runtime_go_nakama.go
@@ -617,7 +617,7 @@ func (n *RuntimeGoNakamaModule) UnlinkFacebook(ctx context.Context, userID, toke
 		return errors.New("user ID must be a valid identifier")
 	}
 
-	return UnlinkFacebook(ctx, n.logger, n.db, n.socialClient, id, token)
+	return UnlinkFacebook(ctx, n.logger, n.db, n.socialClient, n.config.GetSocial().FacebookLimitedLogin.AppId, id, token)
 }
 
 func (n *RuntimeGoNakamaModule) UnlinkFacebookInstantGame(ctx context.Context, userID, signedPlayerInfo string) error {
diff --git a/server/runtime_javascript_nakama.go b/server/runtime_javascript_nakama.go
index 130ba7c4f..6aed110c9 100644
--- a/server/runtime_javascript_nakama.go
+++ b/server/runtime_javascript_nakama.go
@@ -1969,7 +1969,7 @@ func (n *runtimeJavascriptNakamaModule) unlinkFacebook(r *goja.Runtime) func(goj
 			panic(r.NewTypeError("expects token string"))
 		}
 
-		if err := UnlinkFacebook(context.Background(), n.logger, n.db, n.socialClient, id, token); err != nil {
+		if err := UnlinkFacebook(context.Background(), n.logger, n.db, n.socialClient, n.config.GetSocial().FacebookLimitedLogin.AppId, id, token); err != nil {
 			panic(r.NewGoError(fmt.Errorf("error unlinking: %v", err.Error())))
 		}
 
diff --git a/server/runtime_lua_nakama.go b/server/runtime_lua_nakama.go
index e93b97903..cf8cb547e 100644
--- a/server/runtime_lua_nakama.go
+++ b/server/runtime_lua_nakama.go
@@ -2567,7 +2567,7 @@ func (n *RuntimeLuaNakamaModule) unlinkFacebook(l *lua.LState) int {
 		return 0
 	}
 
-	if err := UnlinkFacebook(l.Context(), n.logger, n.db, n.socialClient, id, token); err != nil {
+	if err := UnlinkFacebook(l.Context(), n.logger, n.db, n.socialClient, n.config.GetSocial().FacebookLimitedLogin.AppId, id, token); err != nil {
 		l.RaiseError("error unlinking: %v", err.Error())
 	}
 	return 0
-- 
GitLab