···
"github.com/go-chi/chi/v5"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/posthog/posthog-go"
16
+
"tangled.org/core/api/tangled"
17
+
"tangled.org/core/appview/db"
18
+
"tangled.org/core/consts"
19
+
"tangled.org/core/tid"
func (o *OAuth) Router() http.Handler {
···
74
+
log.Println("session saved successfully")
75
+
go o.addToDefaultKnot(sessData.AccountDID.String())
76
+
go o.addToDefaultSpindle(sessData.AccountDID.String())
err = o.Posthog.Enqueue(posthog.Capture{
DistinctId: sessData.AccountDID.String(),
···
http.Redirect(w, r, "/", http.StatusFound)
91
+
func (o *OAuth) addToDefaultSpindle(did string) {
92
+
// use the tangled.sh app password to get an accessJwt
93
+
// and create an sh.tangled.spindle.member record with that
94
+
spindleMembers, err := db.GetSpindleMembers(
96
+
db.FilterEq("instance", "spindle.tangled.sh"),
97
+
db.FilterEq("subject", did),
100
+
log.Printf("failed to get spindle members for did %s: %v", did, err)
104
+
if len(spindleMembers) != 0 {
105
+
log.Printf("did %s is already a member of the default spindle", did)
109
+
log.Printf("adding %s to default spindle", did)
110
+
session, err := o.createAppPasswordSession(o.Config.Core.AppPassword, consts.TangledDid)
112
+
log.Printf("failed to create session: %s", err)
116
+
record := tangled.SpindleMember{
117
+
LexiconTypeID: "sh.tangled.spindle.member",
119
+
Instance: consts.DefaultSpindle,
120
+
CreatedAt: time.Now().Format(time.RFC3339),
123
+
if err := session.putRecord(record, tangled.SpindleMemberNSID); err != nil {
124
+
log.Printf("failed to add member to default spindle: %s", err)
128
+
log.Printf("successfully added %s to default spindle", did)
131
+
func (o *OAuth) addToDefaultKnot(did string) {
132
+
// use the tangled.sh app password to get an accessJwt
133
+
// and create an sh.tangled.spindle.member record with that
135
+
allKnots, err := o.Enforcer.GetKnotsForUser(did)
137
+
log.Printf("failed to get knot members for did %s: %v", did, err)
141
+
if slices.Contains(allKnots, consts.DefaultKnot) {
142
+
log.Printf("did %s is already a member of the default knot", did)
146
+
log.Printf("adding %s to default knot", did)
147
+
session, err := o.createAppPasswordSession(o.Config.Core.TmpAltAppPassword, consts.IcyDid)
149
+
log.Printf("failed to create session: %s", err)
153
+
record := tangled.KnotMember{
154
+
LexiconTypeID: "sh.tangled.knot.member",
156
+
Domain: consts.DefaultKnot,
157
+
CreatedAt: time.Now().Format(time.RFC3339),
160
+
if err := session.putRecord(record, tangled.KnotMemberNSID); err != nil {
161
+
log.Printf("failed to add member to default knot: %s", err)
165
+
if err := o.Enforcer.AddKnotMember(consts.DefaultKnot, did); err != nil {
166
+
log.Printf("failed to set up enforcer rules: %s", err)
170
+
log.Printf("successfully added %s to default Knot", did)
173
+
// create a session using apppasswords
174
+
type session struct {
175
+
AccessJwt string `json:"accessJwt"`
180
+
func (o *OAuth) createAppPasswordSession(appPassword, did string) (*session, error) {
181
+
if appPassword == "" {
182
+
return nil, fmt.Errorf("no app password configured, skipping member addition")
185
+
resolved, err := o.IdResolver.ResolveIdent(context.Background(), did)
187
+
return nil, fmt.Errorf("failed to resolve tangled.sh DID %s: %v", did, err)
190
+
pdsEndpoint := resolved.PDSEndpoint()
191
+
if pdsEndpoint == "" {
192
+
return nil, fmt.Errorf("no PDS endpoint found for tangled.sh DID %s", did)
195
+
sessionPayload := map[string]string{
197
+
"password": appPassword,
199
+
sessionBytes, err := json.Marshal(sessionPayload)
201
+
return nil, fmt.Errorf("failed to marshal session payload: %v", err)
204
+
sessionURL := pdsEndpoint + "/xrpc/com.atproto.server.createSession"
205
+
sessionReq, err := http.NewRequestWithContext(context.Background(), "POST", sessionURL, bytes.NewBuffer(sessionBytes))
207
+
return nil, fmt.Errorf("failed to create session request: %v", err)
209
+
sessionReq.Header.Set("Content-Type", "application/json")
211
+
client := &http.Client{Timeout: 30 * time.Second}
212
+
sessionResp, err := client.Do(sessionReq)
214
+
return nil, fmt.Errorf("failed to create session: %v", err)
216
+
defer sessionResp.Body.Close()
218
+
if sessionResp.StatusCode != http.StatusOK {
219
+
return nil, fmt.Errorf("failed to create session: HTTP %d", sessionResp.StatusCode)
222
+
var session session
223
+
if err := json.NewDecoder(sessionResp.Body).Decode(&session); err != nil {
224
+
return nil, fmt.Errorf("failed to decode session response: %v", err)
227
+
session.PdsEndpoint = pdsEndpoint
230
+
return &session, nil
233
+
func (s *session) putRecord(record any, collection string) error {
234
+
recordBytes, err := json.Marshal(record)
236
+
return fmt.Errorf("failed to marshal knot member record: %w", err)
239
+
payload := map[string]any{
241
+
"collection": collection,
243
+
"record": json.RawMessage(recordBytes),
246
+
payloadBytes, err := json.Marshal(payload)
248
+
return fmt.Errorf("failed to marshal request payload: %w", err)
251
+
url := s.PdsEndpoint + "/xrpc/com.atproto.repo.putRecord"
252
+
req, err := http.NewRequestWithContext(context.Background(), "POST", url, bytes.NewBuffer(payloadBytes))
254
+
return fmt.Errorf("failed to create HTTP request: %w", err)
257
+
req.Header.Set("Content-Type", "application/json")
258
+
req.Header.Set("Authorization", "Bearer "+s.AccessJwt)
260
+
client := &http.Client{Timeout: 30 * time.Second}
261
+
resp, err := client.Do(req)
263
+
return fmt.Errorf("failed to add user to default service: %w", err)
265
+
defer resp.Body.Close()
267
+
if resp.StatusCode != http.StatusOK {
268
+
return fmt.Errorf("failed to add user to default service: HTTP %d", resp.StatusCode)
julien.rbrt.fr
oppi.li