···
"github.com/go-chi/chi/v5"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/posthog/posthog-go"
+
"tangled.org/core/api/tangled"
+
"tangled.org/core/appview/db"
+
"tangled.org/core/consts"
func (o *OAuth) Router() http.Handler {
···
+
log.Println("session saved successfully")
+
go o.addToDefaultKnot(sessData.AccountDID.String())
+
go o.addToDefaultSpindle(sessData.AccountDID.String())
err = o.Posthog.Enqueue(posthog.Capture{
DistinctId: sessData.AccountDID.String(),
···
http.Redirect(w, r, "/", http.StatusFound)
+
func (o *OAuth) addToDefaultSpindle(did string) {
+
// use the tangled.sh app password to get an accessJwt
+
// and create an sh.tangled.spindle.member record with that
+
spindleMembers, err := db.GetSpindleMembers(
+
db.FilterEq("instance", "spindle.tangled.sh"),
+
db.FilterEq("subject", did),
+
log.Printf("failed to get spindle members for did %s: %v", did, err)
+
if len(spindleMembers) != 0 {
+
log.Printf("did %s is already a member of the default spindle", did)
+
log.Printf("adding %s to default spindle", did)
+
session, err := o.createAppPasswordSession(o.Config.Core.AppPassword, consts.TangledDid)
+
log.Printf("failed to create session: %s", err)
+
record := tangled.SpindleMember{
+
LexiconTypeID: "sh.tangled.spindle.member",
+
Instance: consts.DefaultSpindle,
+
CreatedAt: time.Now().Format(time.RFC3339),
+
if err := session.putRecord(record, tangled.SpindleMemberNSID); err != nil {
+
log.Printf("failed to add member to default spindle: %s", err)
+
log.Printf("successfully added %s to default spindle", did)
+
func (o *OAuth) addToDefaultKnot(did string) {
+
// use the tangled.sh app password to get an accessJwt
+
// and create an sh.tangled.spindle.member record with that
+
allKnots, err := o.Enforcer.GetKnotsForUser(did)
+
log.Printf("failed to get knot members for did %s: %v", did, err)
+
if slices.Contains(allKnots, consts.DefaultKnot) {
+
log.Printf("did %s is already a member of the default knot", did)
+
log.Printf("adding %s to default knot", did)
+
session, err := o.createAppPasswordSession(o.Config.Core.TmpAltAppPassword, consts.IcyDid)
+
log.Printf("failed to create session: %s", err)
+
record := tangled.KnotMember{
+
LexiconTypeID: "sh.tangled.knot.member",
+
Domain: consts.DefaultKnot,
+
CreatedAt: time.Now().Format(time.RFC3339),
+
if err := session.putRecord(record, tangled.KnotMemberNSID); err != nil {
+
log.Printf("failed to add member to default knot: %s", err)
+
if err := o.Enforcer.AddKnotMember(consts.DefaultKnot, did); err != nil {
+
log.Printf("failed to set up enforcer rules: %s", err)
+
log.Printf("successfully added %s to default Knot", did)
+
// create a session using apppasswords
+
AccessJwt string `json:"accessJwt"`
+
func (o *OAuth) createAppPasswordSession(appPassword, did string) (*session, error) {
+
return nil, fmt.Errorf("no app password configured, skipping member addition")
+
resolved, err := o.IdResolver.ResolveIdent(context.Background(), did)
+
return nil, fmt.Errorf("failed to resolve tangled.sh DID %s: %v", did, err)
+
pdsEndpoint := resolved.PDSEndpoint()
+
return nil, fmt.Errorf("no PDS endpoint found for tangled.sh DID %s", did)
+
sessionPayload := map[string]string{
+
"password": appPassword,
+
sessionBytes, err := json.Marshal(sessionPayload)
+
return nil, fmt.Errorf("failed to marshal session payload: %v", err)
+
sessionURL := pdsEndpoint + "/xrpc/com.atproto.server.createSession"
+
sessionReq, err := http.NewRequestWithContext(context.Background(), "POST", sessionURL, bytes.NewBuffer(sessionBytes))
+
return nil, fmt.Errorf("failed to create session request: %v", err)
+
sessionReq.Header.Set("Content-Type", "application/json")
+
client := &http.Client{Timeout: 30 * time.Second}
+
sessionResp, err := client.Do(sessionReq)
+
return nil, fmt.Errorf("failed to create session: %v", err)
+
defer sessionResp.Body.Close()
+
if sessionResp.StatusCode != http.StatusOK {
+
return nil, fmt.Errorf("failed to create session: HTTP %d", sessionResp.StatusCode)
+
if err := json.NewDecoder(sessionResp.Body).Decode(&session); err != nil {
+
return nil, fmt.Errorf("failed to decode session response: %v", err)
+
session.PdsEndpoint = pdsEndpoint
+
func (s *session) putRecord(record any, collection string) error {
+
recordBytes, err := json.Marshal(record)
+
return fmt.Errorf("failed to marshal knot member record: %w", err)
+
payload := map[string]any{
+
"collection": collection,
+
"record": json.RawMessage(recordBytes),
+
payloadBytes, err := json.Marshal(payload)
+
return fmt.Errorf("failed to marshal request payload: %w", err)
+
url := s.PdsEndpoint + "/xrpc/com.atproto.repo.putRecord"
+
req, err := http.NewRequestWithContext(context.Background(), "POST", url, bytes.NewBuffer(payloadBytes))
+
return fmt.Errorf("failed to create HTTP request: %w", err)
+
req.Header.Set("Content-Type", "application/json")
+
req.Header.Set("Authorization", "Bearer "+s.AccessJwt)
+
client := &http.Client{Timeout: 30 * time.Second}
+
resp, err := client.Do(req)
+
return fmt.Errorf("failed to add user to default service: %w", err)
+
defer resp.Body.Close()
+
if resp.StatusCode != http.StatusOK {
+
return fmt.Errorf("failed to add user to default service: HTTP %d", resp.StatusCode)
julien.rbrt.fr
oppi.li