patch of appview/oauth: add to default spindle · round #0 · pull #421 · tangled.org/core

Signed-off-by: Anirudh Oppiliappan anirudh@tangled.sh

appview/config/config.go

··· 16 16 AppviewHost string `env:"APPVIEW_HOST, default=https://tangled.sh"` 17 17 Dev bool `env:"DEV, default=false"` 18 18 DisallowedNicknamesFile string `env:"DISALLOWED_NICKNAMES_FILE"` 19 + 20 + // temporarily, to add users to default spindle 21 + AppPassword string `env:"APP_PASSWORD"` 19 22 } 20 23 21 24 type OAuthConfig struct {

+126

appview/oauth/handler/handler.go

··· 1 1 package oauth 2 2 3 3 import ( 4 + "bytes" 5 + "context" 4 6 "encoding/json" 5 7 "fmt" 6 8 "log" 7 9 "net/http" 8 10 "net/url" 9 11 "strings" 12 + "time" 10 13 11 14 "github.com/go-chi/chi/v5" 12 15 "github.com/gorilla/sessions" 13 16 "github.com/lestrrat-go/jwx/v2/jwk" 14 17 "github.com/posthog/posthog-go" 15 18 "tangled.sh/icyphox.sh/atproto-oauth/helpers" 19 + tangled "tangled.sh/tangled.sh/core/api/tangled" 16 20 sessioncache "tangled.sh/tangled.sh/core/appview/cache/session" 17 21 "tangled.sh/tangled.sh/core/appview/config" 18 22 "tangled.sh/tangled.sh/core/appview/db" ··· 23 27 "tangled.sh/tangled.sh/core/idresolver" 24 28 "tangled.sh/tangled.sh/core/knotclient" 25 29 "tangled.sh/tangled.sh/core/rbac" 30 + "tangled.sh/tangled.sh/core/tid" 26 31 ) 27 32 28 33 const ( ··· 294 299 295 300 log.Println("session saved successfully") 296 301 go o.addToDefaultKnot(oauthRequest.Did) 302 + go o.addToDefaultSpindle(oauthRequest.Did) 297 303 298 304 if !o.config.Core.Dev { 299 305 err = o.posthog.Enqueue(posthog.Capture{ ··· 332 338 return pubKey, nil 333 339 } 334 340 341 + func (o *OAuthHandler) addToDefaultSpindle(did string) { 342 + // use the tangled.sh app password to get an accessJwt 343 + // and create an sh.tangled.spindle.member record with that 344 + 345 + defaultSpindle := "spindle.tangled.sh" 346 + appPassword := o.config.Core.AppPassword 347 + 348 + // TODO: hardcoded tangled handle and did for now 349 + tangledHandle := "tangled.sh" 350 + tangledDid := "did:plc:wshs7t2adsemcrrd4snkeqli" 351 + 352 + if appPassword == "" { 353 + log.Println("no app password configured, skipping spindle member addition") 354 + return 355 + } 356 + 357 + log.Printf("adding %s to default spindle", did) 358 + 359 + resolved, err := o.idResolver.ResolveIdent(context.Background(), tangledDid) 360 + if err != nil { 361 + log.Printf("failed to resolve tangled.sh DID %s: %v", tangledDid, err) 362 + return 363 + } 364 + 365 + pdsEndpoint := resolved.PDSEndpoint() 366 + if pdsEndpoint == "" { 367 + log.Printf("no PDS endpoint found for tangled.sh DID %s", tangledDid) 368 + return 369 + } 370 + 371 + sessionPayload := map[string]string{ 372 + "identifier": tangledHandle, 373 + "password": appPassword, 374 + } 375 + sessionBytes, err := json.Marshal(sessionPayload) 376 + if err != nil { 377 + log.Printf("failed to marshal session payload: %v", err) 378 + return 379 + } 380 + 381 + sessionURL := pdsEndpoint + "/xrpc/com.atproto.server.createSession" 382 + sessionReq, err := http.NewRequestWithContext(context.Background(), "POST", sessionURL, bytes.NewBuffer(sessionBytes)) 383 + if err != nil { 384 + log.Printf("failed to create session request: %v", err) 385 + return 386 + } 387 + sessionReq.Header.Set("Content-Type", "application/json") 388 + 389 + client := &http.Client{Timeout: 30 * time.Second} 390 + sessionResp, err := client.Do(sessionReq) 391 + if err != nil { 392 + log.Printf("failed to create session: %v", err) 393 + return 394 + } 395 + defer sessionResp.Body.Close() 396 + 397 + if sessionResp.StatusCode != http.StatusOK { 398 + log.Printf("failed to create session: HTTP %d", sessionResp.StatusCode) 399 + return 400 + } 401 + 402 + var session struct { 403 + AccessJwt string `json:"accessJwt"` 404 + } 405 + if err := json.NewDecoder(sessionResp.Body).Decode(&session); err != nil { 406 + log.Printf("failed to decode session response: %v", err) 407 + return 408 + } 409 + 410 + record := tangled.SpindleMember{ 411 + LexiconTypeID: "sh.tangled.spindle.member", 412 + Subject: did, 413 + Instance: defaultSpindle, 414 + CreatedAt: time.Now().Format(time.RFC3339), 415 + } 416 + 417 + recordBytes, err := json.Marshal(record) 418 + if err != nil { 419 + log.Printf("failed to marshal spindle member record: %v", err) 420 + return 421 + } 422 + 423 + payload := map[string]interface{}{ 424 + "repo": tangledDid, 425 + "collection": tangled.SpindleMemberNSID, 426 + "rkey": tid.TID(), 427 + "record": json.RawMessage(recordBytes), 428 + } 429 + 430 + payloadBytes, err := json.Marshal(payload) 431 + if err != nil { 432 + log.Printf("failed to marshal request payload: %v", err) 433 + return 434 + } 435 + 436 + url := pdsEndpoint + "/xrpc/com.atproto.repo.putRecord" 437 + req, err := http.NewRequestWithContext(context.Background(), "POST", url, bytes.NewBuffer(payloadBytes)) 438 + if err != nil { 439 + log.Printf("failed to create HTTP request: %v", err) 440 + return 441 + } 442 + 443 + req.Header.Set("Content-Type", "application/json") 444 + req.Header.Set("Authorization", "Bearer "+session.AccessJwt) 445 + 446 + resp, err := client.Do(req) 447 + if err != nil { 448 + log.Printf("failed to add user to default spindle: %v", err) 449 + return 450 + } 451 + defer resp.Body.Close() 452 + 453 + if resp.StatusCode != http.StatusOK { 454 + log.Printf("failed to add user to default spindle: HTTP %d", resp.StatusCode) 455 + return 456 + } 457 + 458 + log.Printf("successfully added %s to default spindle", did) 459 + } 460 + 335 461 func (o *OAuthHandler) addToDefaultKnot(did string) { 336 462 defaultKnot := "knot1.tangled.sh" 337 463