tangled.org
Tried to exhaustively find everything in the codebase that would need a scope added for. Testable on https://tangled.wizardry.systems
+2
-2
appview/oauth/oauth.go
+2
-2
appview/oauth/oauth.go
···
41
41
if config.Core.Dev {
42
42
clientUri = "http://127.0.0.1:3000"
43
43
callbackUri := clientUri + "/oauth/callback"
44
-
oauthConfig = oauth.NewLocalhostConfig(callbackUri, []string{"atproto", "transition:generic"})
44
+
oauthConfig = oauth.NewLocalhostConfig(callbackUri, TangledScopes)
45
45
} else {
46
46
clientUri = config.Core.AppviewHost
47
47
clientId := fmt.Sprintf("%s/oauth/client-metadata.json", clientUri)
48
48
callbackUri := clientUri + "/oauth/callback"
49
-
oauthConfig = oauth.NewPublicConfig(clientId, callbackUri, []string{"atproto", "transition:generic"})
49
+
oauthConfig = oauth.NewPublicConfig(clientId, callbackUri, TangledScopes)
50
50
}
51
51
52
52
// configure client secret
+41
appview/oauth/scopes.go
+41
appview/oauth/scopes.go
···
1
+
package oauth
2
+
3
+
var TangledScopes = []string{
4
+
"atproto",
5
+
6
+
"repo:sh.tangled.publicKey",
7
+
"repo:sh.tangled.repo",
8
+
"repo:sh.tangled.repo.pull",
9
+
"repo:sh.tangled.repo.pull.comment",
10
+
"repo:sh.tangled.repo.artifact",
11
+
"repo:sh.tangled.repo.issue",
12
+
"repo:sh.tangled.repo.issue.comment",
13
+
"repo:sh.tangled.repo.collaborator",
14
+
"repo:sh.tangled.knot",
15
+
"repo:sh.tangled.knot.member",
16
+
"repo:sh.tangled.spindle",
17
+
"repo:sh.tangled.spindle.member",
18
+
"repo:sh.tangled.graph.follow",
19
+
"repo:sh.tangled.feed.star",
20
+
"repo:sh.tangled.feed.reaction",
21
+
"repo:sh.tangled.label.definition",
22
+
"repo:sh.tangled.label.op",
23
+
"repo:sh.tangled.string",
24
+
"repo:sh.tangled.actor.profile",
25
+
26
+
"blob:*/*",
27
+
28
+
"rpc:sh.tangled.repo.create?aud=*",
29
+
"rpc:sh.tangled.repo.delete?aud=*",
30
+
"rpc:sh.tangled.repo.merge?aud=*",
31
+
"rpc:sh.tangled.repo.hiddenRef?aud=*",
32
+
"rpc:sh.tangled.repo.deleteBranch?aud=*",
33
+
"rpc:sh.tangled.repo.setDefaultBranch?aud=*",
34
+
"rpc:sh.tangled.repo.forkSync?aud=*",
35
+
"rpc:sh.tangled.repo.forkStatus?aud=*",
36
+
"rpc:sh.tangled.repo.mergeCheck?aud=*",
37
+
"rpc:sh.tangled.pipeline.cancelPipeline?aud=*",
38
+
"rpc:sh.tangled.repo.addSecret?aud=*",
39
+
"rpc:sh.tangled.repo.removeSecret?aud=*",
40
+
"rpc:sh.tangled.repo.listSecrets?aud=*",
41
+
}
History
2 rounds
3 comments
expand 3 comments
Using consts might end up looking like:
"repo:" + tangled.ActorProfileNSID,
"rpc:" + tangled.RepoCreateNSID + "?aud=*"
we'd kinda lose the readability of plain strings without gaining compile-time safety, and when an nsid changes, we'd have to update both the lexicon and this scope list anyway
lgtm!
pull request successfully merged
very nice work! we use a fork of indigo that exposes
NSIDconsts:Would it make sense to use these consts in the scope-strings? happy with the existing patch as-is too, if not.