···

       
5
       
5
       
 
       
	"context"

     

       
6
       
6
       
 
       
	"encoding/json"

     

       
7
       
7
       
 
       
	"fmt"

     

       
8
       
8
       
-
       
	"log"

     

       
9
       
8
       
 
       
	"net/http"

     

       
10
       
9
       
 
       
	"slices"

     

       
11
       
10
       
 
       
	"time"

     
···

       
43
       
42
       
 
       
	jwks := o.Config.OAuth.Jwks

     

       
44
       
43
       
 
       
	pubKey, err := pubKeyFromJwk(jwks)

     

       
45
       
44
       
 
       
	if err != nil {

     

       
46
       
46
       
-
       
		log.Printf("error parsing public key: %v", err)

     

       
45
       
45
       
+
       
		o.Logger.Error("error parsing public key", "err", err)

     

       
47
       
46
       
 
       
		http.Error(w, err.Error(), http.StatusInternalServerError)

     

       
48
       
47
       
 
       
		return

     

       
49
       
48
       
 
       
	}

     
···

       
71
       
70
       
 
       
		return

     

       
72
       
71
       
 
       
	}

     

       
73
       
72
       
 
       


     

       
74
       
74
       
-
       
	log.Println("session saved successfully")

     

       
73
       
73
       
+
       
	o.Logger.Debug("session saved successfully")

     

       
75
       
74
       
 
       
	go o.addToDefaultKnot(sessData.AccountDID.String())

     

       
76
       
75
       
 
       
	go o.addToDefaultSpindle(sessData.AccountDID.String())

     

       
77
       
76
       
 
       


     
···

       
81
       
80
       
 
       
			Event:      "signin",

     

       
82
       
81
       
 
       
		})

     

       
83
       
82
       
 
       
		if err != nil {

     

       
84
       
84
       
-
       
			log.Println("failed to enqueue posthog event:", err)

     

       
83
       
83
       
+
       
			o.Logger.Error("failed to enqueue posthog event", "err", err)

     

       
85
       
84
       
 
       
		}

     

       
86
       
85
       
 
       
	}

     

       
87
       
86
       
 
       


     
···

       
89
       
88
       
 
       
}

     

       
90
       
89
       
 
       


     

       
91
       
90
       
 
       
func (o *OAuth) addToDefaultSpindle(did string) {

     

       
91
       
91
       
+
       
	l := o.Logger.With("subject", did)

     

       
92
       
92
       
+
       


     

       
92
       
93
       
 
       
	// use the tangled.sh app password to get an accessJwt

     

       
93
       
94
       
 
       
	// and create an sh.tangled.spindle.member record with that

     

       
94
       
95
       
 
       
	spindleMembers, err := db.GetSpindleMembers(

     
···

       
97
       
98
       
 
       
		db.FilterEq("subject", did),

     

       
98
       
99
       
 
       
	)

     

       
99
       
100
       
 
       
	if err != nil {

     

       
100
       
100
       
-
       
		log.Printf("failed to get spindle members for did %s: %v", did, err)

     

       
101
       
101
       
+
       
		l.Error("failed to get spindle members", "err", err)

     

       
101
       
102
       
 
       
		return

     

       
102
       
103
       
 
       
	}

     

       
103
       
104
       
 
       


     

       
104
       
105
       
 
       
	if len(spindleMembers) != 0 {

     

       
105
       
105
       
-
       
		log.Printf("did %s is already a member of the default spindle", did)

     

       
106
       
106
       
+
       
		l.Warn("already a member of the default spindle")

     

       
106
       
107
       
 
       
		return

     

       
107
       
108
       
 
       
	}

     

       
108
       
109
       
 
       


     

       
109
       
109
       
-
       
	log.Printf("adding %s to default spindle", did)

     

       
110
       
110
       
+
       
	l.Debug("adding to default spindle")

     

       
110
       
111
       
 
       
	session, err := o.createAppPasswordSession(o.Config.Core.AppPassword, consts.TangledDid)

     

       
111
       
112
       
 
       
	if err != nil {

     

       
112
       
112
       
-
       
		log.Printf("failed to create session: %s", err)

     

       
113
       
113
       
+
       
		l.Error("failed to create session", "err", err)

     

       
113
       
114
       
 
       
		return

     

       
114
       
115
       
 
       
	}

     

       
115
       
116
       
 
       


     
···

       
121
       
122
       
 
       
	}

     

       
122
       
123
       
 
       


     

       
123
       
124
       
 
       
	if err := session.putRecord(record, tangled.SpindleMemberNSID); err != nil {

     

       
124
       
124
       
-
       
		log.Printf("failed to add member to default spindle: %s", err)

     

       
125
       
125
       
+
       
		l.Error("failed to add to default spindle", "err", err)

     

       
125
       
126
       
 
       
		return

     

       
126
       
127
       
 
       
	}

     

       
127
       
128
       
 
       


     

       
128
       
128
       
-
       
	log.Printf("successfully added %s to default spindle", did)

     

       
129
       
129
       
+
       
	l.Debug("successfully added to default spindle", "did", did)

     

       
129
       
130
       
 
       
}

     

       
130
       
131
       
 
       


     

       
131
       
132
       
 
       
func (o *OAuth) addToDefaultKnot(did string) {

     

       
133
       
133
       
+
       
	l := o.Logger.With("subject", did)

     

       
134
       
134
       
+
       


     

       
132
       
135
       
 
       
	// use the tangled.sh app password to get an accessJwt

     

       
133
       
136
       
 
       
	// and create an sh.tangled.spindle.member record with that

     

       
134
       
137
       
 
       


     

       
135
       
138
       
 
       
	allKnots, err := o.Enforcer.GetKnotsForUser(did)

     

       
136
       
139
       
 
       
	if err != nil {

     

       
137
       
137
       
-
       
		log.Printf("failed to get knot members for did %s: %v", did, err)

     

       
140
       
140
       
+
       
		l.Error("failed to get knot members for did", "err", err)

     

       
138
       
141
       
 
       
		return

     

       
139
       
142
       
 
       
	}

     

       
140
       
143
       
 
       


     

       
141
       
144
       
 
       
	if slices.Contains(allKnots, consts.DefaultKnot) {

     

       
142
       
142
       
-
       
		log.Printf("did %s is already a member of the default knot", did)

     

       
145
       
145
       
+
       
		l.Warn("already a member of the default knot")

     

       
143
       
146
       
 
       
		return

     

       
144
       
147
       
 
       
	}

     

       
145
       
148
       
 
       


     

       
146
       
146
       
-
       
	log.Printf("adding %s to default knot", did)

     

       
149
       
149
       
+
       
	l.Debug("addings to default knot")

     

       
147
       
150
       
 
       
	session, err := o.createAppPasswordSession(o.Config.Core.TmpAltAppPassword, consts.IcyDid)

     

       
148
       
151
       
 
       
	if err != nil {

     

       
149
       
149
       
-
       
		log.Printf("failed to create session: %s", err)

     

       
152
       
152
       
+
       
		l.Error("failed to create session", "err", err)

     

       
150
       
153
       
 
       
		return

     

       
151
       
154
       
 
       
	}

     

       
152
       
155
       
 
       


     
···

       
158
       
161
       
 
       
	}

     

       
159
       
162
       
 
       


     

       
160
       
163
       
 
       
	if err := session.putRecord(record, tangled.KnotMemberNSID); err != nil {

     

       
161
       
161
       
-
       
		log.Printf("failed to add member to default knot: %s", err)

     

       
164
       
164
       
+
       
		l.Error("failed to add to default knot", "err", err)

     

       
162
       
165
       
 
       
		return

     

       
163
       
166
       
 
       
	}

     

       
164
       
167
       
 
       


     

       
165
       
168
       
 
       
	if err := o.Enforcer.AddKnotMember(consts.DefaultKnot, did); err != nil {

     

       
166
       
166
       
-
       
		log.Printf("failed to set up enforcer rules: %s", err)

     

       
169
       
169
       
+
       
		l.Error("failed to set up enforcer rules", "err", err)

     

       
167
       
170
       
 
       
		return

     

       
168
       
171
       
 
       
	}

     

       
169
       
172
       
 
       


     

       
170
       
170
       
-
       
	log.Printf("successfully added %s to default Knot", did)

     

       
173
       
173
       
+
       
	l.Debug("successfully addeds to default Knot")

     

       
171
       
174
       
 
       
}

     

       
172
       
175
       
 
       


     

       
173
       
176
       
 
       
// create a session using apppasswords

     

···

       
3
       
3
       
 
       
import (

     

       
4
       
4
       
 
       
	"errors"

     

       
5
       
5
       
 
       
	"fmt"

     

       
6
       
6
       
+
       
	"log/slog"

     

       
6
       
7
       
 
       
	"net/http"

     

       
7
       
8
       
 
       
	"time"

     

       
8
       
9
       
 
       


     
···

       
20
       
21
       
 
       
	"tangled.org/core/rbac"

     

       
21
       
22
       
 
       
)

     

       
22
       
23
       
 
       


     

       
23
       
23
       
-
       
func New(config *config.Config, ph posthog.Client, db *db.DB, enforcer *rbac.Enforcer, res *idresolver.Resolver) (*OAuth, error) {

     

       
24
       
24
       
+
       
type OAuth struct {

     

       
25
       
25
       
+
       
	ClientApp  *oauth.ClientApp

     

       
26
       
26
       
+
       
	SessStore  *sessions.CookieStore

     

       
27
       
27
       
+
       
	Config     *config.Config

     

       
28
       
28
       
+
       
	JwksUri    string

     

       
29
       
29
       
+
       
	Posthog    posthog.Client

     

       
30
       
30
       
+
       
	Db         *db.DB

     

       
31
       
31
       
+
       
	Enforcer   *rbac.Enforcer

     

       
32
       
32
       
+
       
	IdResolver *idresolver.Resolver

     

       
33
       
33
       
+
       
	Logger     *slog.Logger

     

       
34
       
34
       
+
       
}

     

       
35
       
35
       
+
       


     

       
36
       
36
       
+
       
func New(config *config.Config, ph posthog.Client, db *db.DB, enforcer *rbac.Enforcer, res *idresolver.Resolver, logger *slog.Logger) (*OAuth, error) {

     

       
24
       
37
       
 
       


     

       
25
       
38
       
 
       
	var oauthConfig oauth.ClientConfig

     

       
26
       
39
       
 
       
	var clientUri string

     
···

       
54
       
67
       
 
       
		Db:         db,

     

       
55
       
68
       
 
       
		Enforcer:   enforcer,

     

       
56
       
69
       
 
       
		IdResolver: res,

     

       
70
       
70
       
+
       
		Logger:     logger,

     

       
57
       
71
       
 
       
	}, nil

     

       
58
       
58
       
-
       
}

     

       
59
       
59
       
-
       


     

       
60
       
60
       
-
       
type OAuth struct {

     

       
61
       
61
       
-
       
	ClientApp  *oauth.ClientApp

     

       
62
       
62
       
-
       
	SessStore  *sessions.CookieStore

     

       
63
       
63
       
-
       
	Config     *config.Config

     

       
64
       
64
       
-
       
	JwksUri    string

     

       
65
       
65
       
-
       
	Posthog    posthog.Client

     

       
66
       
66
       
-
       
	Db         *db.DB

     

       
67
       
67
       
-
       
	Enforcer   *rbac.Enforcer

     

       
68
       
68
       
-
       
	IdResolver *idresolver.Resolver

     

       
69
       
72
       
 
       
}

     

       
70
       
73
       
 
       


     

       
71
       
74
       
 
       
func (o *OAuth) SaveSession(w http.ResponseWriter, r *http.Request, sessData *oauth.ClientSessionData) error {

     

···

       
82
       
82
       
 
       
	}

     

       
83
       
83
       
 
       


     

       
84
       
84
       
 
       
	pages := pages.NewPages(config, res, log.SubLogger(logger, "pages"))

     

       
85
       
85
       
-
       
	oauth, err := oauth.New(config, posthog, d, enforcer, res)

     

       
85
       
85
       
+
       
	oauth, err := oauth.New(config, posthog, d, enforcer, res, log.SubLogger(logger, "oauth"))

     

       
86
       
86
       
 
       
	if err != nil {

     

       
87
       
87
       
 
       
		return nil, fmt.Errorf("failed to start oauth handler: %w", err)

     

       
88
       
88
       
 
       
	}