diff --git a/src/app/oauth/discord/redirect/route.ts b/src/app/oauth/discord/redirect/route.ts index b3366b1..3ec38de 100644 --- a/src/app/oauth/discord/redirect/route.ts +++ b/src/app/oauth/discord/redirect/route.ts @@ -21,11 +21,6 @@ export async function GET(request: Request) { const id = await provider.getId(); const permitted = await provider.isPermitted(); - if (!permitted) { - logger.info({ id }, "user tried to sign up"); - return new Response("not permitted to register account", { status: 403 }); - } - // If someone clicked register on the front page with an existing account, // wire it to their user via the auth ticket let gluestickId = null; @@ -35,6 +30,11 @@ export async function GET(request: Request) { gluestickId = currentUser!.id; } + if (!permitted && gluestickId == null) { + logger.info({ id }, "user tried to sign up"); + return new Response("not permitted to register account", { status: 403 }); + } + const userId = await DiscordAuthProvider.update( id, tokenBody.access_token, diff --git a/src/app/oauth/github/redirect/route.ts b/src/app/oauth/github/redirect/route.ts index 2cd4bd6..b4563d7 100644 --- a/src/app/oauth/github/redirect/route.ts +++ b/src/app/oauth/github/redirect/route.ts @@ -1,5 +1,5 @@ import { getLogger } from "@/logger"; -import { GitHubAuthProvider } from "@/auth/github"; +import { GitHubAuthProvider, inviteToGitHub } from "@/auth/github"; import { AuthState, authTicketOAuth, @@ -21,11 +21,6 @@ export async function GET(request: Request) { const id = await provider.getId(); const permitted = await provider.isPermitted(); - if (!permitted) { - logger.info({ id }, "user tried to sign up"); - return new Response("not permitted to register account", { status: 403 }); - } - // If someone clicked register on the front page with an existing account, // wire it to their user via the auth ticket let gluestickId = null; @@ -35,6 +30,11 @@ export async function GET(request: Request) { gluestickId = currentUser!.id; } + if (!permitted && gluestickId == null) { + logger.info({ id }, "user tried to sign up"); + return new Response("not permitted to register account", { status: 403 }); + } + const userId = await GitHubAuthProvider.update( id, tokenBody.access_token, @@ -42,6 +42,7 @@ export async function GET(request: Request) { ); if (gluestickId != null) { + await inviteToGitHub(provider); return new Response(null, { status: 302, headers: { diff --git a/src/auth/github.ts b/src/auth/github.ts index 66c703e..1feb8e7 100644 --- a/src/auth/github.ts +++ b/src/auth/github.ts @@ -14,6 +14,18 @@ type GitHubUserResponse = { email: string; }; +async function getMembers(): Promise { + const req = await fetch( + `https://api.github.com/orgs/${process.env.GITHUB_ORG}/members`, + { + headers: { + Authorization: `Bearer ${process.env.GITHUB_TOKEN}` + } + } + ); + return await req.json(); +} + export class GitHubAuthProvider extends AuthProvider { private async getMe(): Promise { const req = await fetch("https://api.github.com/user", { @@ -27,16 +39,8 @@ export class GitHubAuthProvider extends AuthProvider { async isPermitted(): Promise { const me = await this.getMe(); - const req = await fetch( - `https://api.github.com/orgs/${process.env.GITHUB_ORG}/members`, - { - headers: { - Authorization: `Bearer ${process.env.GITHUB_TOKEN}` - } - } - ); - const res: GitHubUserResponse[] = await req.json(); - return res.some((user) => user.login === me.login); + const members = await getMembers(); + return members.some((user) => user.login === me.login); } async getDisplayName(): Promise { @@ -139,3 +143,24 @@ export class GitHubAuthProvider extends AuthProvider { return a.userId; } } + +export async function inviteToGitHub(auth: GitHubAuthProvider) { + const id = await auth.getId(); + const members = await getMembers(); + if (members.find((x) => x.id === parseInt(id))) return; + + await fetch( + `https://api.github.com/orgs/${process.env.GITHUB_ORG}/invitations`, + { + method: "POST", + headers: { + Authorization: `Bearer ${process.env.GITHUB_TOKEN}`, + Accept: "application/vnd.github.v3+json" + }, + body: JSON.stringify({ + invitee_id: parseInt(id), + role: "direct_member" + }) + } + ); +}