From cbcb8268b0baf843a88bbd0a52fad238d31c95ec Mon Sep 17 00:00:00 2001
From: NotNite <hi@notnite.com>
Date: Thu, 27 Apr 2023 21:01:30 -0400
Subject: [PATCH] invite user to github automatically

---
 src/app/oauth/discord/redirect/route.ts | 10 +++---
 src/app/oauth/github/redirect/route.ts  | 13 +++----
 src/auth/github.ts                      | 45 +++++++++++++++++++------
 3 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/src/app/oauth/discord/redirect/route.ts b/src/app/oauth/discord/redirect/route.ts
index b3366b1..3ec38de 100644
--- a/src/app/oauth/discord/redirect/route.ts
+++ b/src/app/oauth/discord/redirect/route.ts
@@ -21,11 +21,6 @@ export async function GET(request: Request) {
   const id = await provider.getId();
   const permitted = await provider.isPermitted();
 
-  if (!permitted) {
-    logger.info({ id }, "user tried to sign up");
-    return new Response("not permitted to register account", { status: 403 });
-  }
-
   // If someone clicked register on the front page with an existing account,
   // wire it to their user via the auth ticket
   let gluestickId = null;
@@ -35,6 +30,11 @@ export async function GET(request: Request) {
     gluestickId = currentUser!.id;
   }
 
+  if (!permitted && gluestickId == null) {
+    logger.info({ id }, "user tried to sign up");
+    return new Response("not permitted to register account", { status: 403 });
+  }
+
   const userId = await DiscordAuthProvider.update(
     id,
     tokenBody.access_token,
diff --git a/src/app/oauth/github/redirect/route.ts b/src/app/oauth/github/redirect/route.ts
index 2cd4bd6..b4563d7 100644
--- a/src/app/oauth/github/redirect/route.ts
+++ b/src/app/oauth/github/redirect/route.ts
@@ -1,5 +1,5 @@
 import { getLogger } from "@/logger";
-import { GitHubAuthProvider } from "@/auth/github";
+import { GitHubAuthProvider, inviteToGitHub } from "@/auth/github";
 import {
   AuthState,
   authTicketOAuth,
@@ -21,11 +21,6 @@ export async function GET(request: Request) {
   const id = await provider.getId();
   const permitted = await provider.isPermitted();
 
-  if (!permitted) {
-    logger.info({ id }, "user tried to sign up");
-    return new Response("not permitted to register account", { status: 403 });
-  }
-
   // If someone clicked register on the front page with an existing account,
   // wire it to their user via the auth ticket
   let gluestickId = null;
@@ -35,6 +30,11 @@ export async function GET(request: Request) {
     gluestickId = currentUser!.id;
   }
 
+  if (!permitted && gluestickId == null) {
+    logger.info({ id }, "user tried to sign up");
+    return new Response("not permitted to register account", { status: 403 });
+  }
+
   const userId = await GitHubAuthProvider.update(
     id,
     tokenBody.access_token,
@@ -42,6 +42,7 @@ export async function GET(request: Request) {
   );
 
   if (gluestickId != null) {
+    await inviteToGitHub(provider);
     return new Response(null, {
       status: 302,
       headers: {
diff --git a/src/auth/github.ts b/src/auth/github.ts
index 66c703e..1feb8e7 100644
--- a/src/auth/github.ts
+++ b/src/auth/github.ts
@@ -14,6 +14,18 @@ type GitHubUserResponse = {
   email: string;
 };
 
+async function getMembers(): Promise<GitHubUserResponse[]> {
+  const req = await fetch(
+    `https://api.github.com/orgs/${process.env.GITHUB_ORG}/members`,
+    {
+      headers: {
+        Authorization: `Bearer ${process.env.GITHUB_TOKEN}`
+      }
+    }
+  );
+  return await req.json();
+}
+
 export class GitHubAuthProvider extends AuthProvider {
   private async getMe(): Promise<GitHubUserResponse> {
     const req = await fetch("https://api.github.com/user", {
@@ -27,16 +39,8 @@ export class GitHubAuthProvider extends AuthProvider {
 
   async isPermitted(): Promise<boolean> {
     const me = await this.getMe();
-    const req = await fetch(
-      `https://api.github.com/orgs/${process.env.GITHUB_ORG}/members`,
-      {
-        headers: {
-          Authorization: `Bearer ${process.env.GITHUB_TOKEN}`
-        }
-      }
-    );
-    const res: GitHubUserResponse[] = await req.json();
-    return res.some((user) => user.login === me.login);
+    const members = await getMembers();
+    return members.some((user) => user.login === me.login);
   }
 
   async getDisplayName(): Promise<string> {
@@ -139,3 +143,24 @@ export class GitHubAuthProvider extends AuthProvider {
     return a.userId;
   }
 }
+
+export async function inviteToGitHub(auth: GitHubAuthProvider) {
+  const id = await auth.getId();
+  const members = await getMembers();
+  if (members.find((x) => x.id === parseInt(id))) return;
+
+  await fetch(
+    `https://api.github.com/orgs/${process.env.GITHUB_ORG}/invitations`,
+    {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
+        Accept: "application/vnd.github.v3+json"
+      },
+      body: JSON.stringify({
+        invitee_id: parseInt(id),
+        role: "direct_member"
+      })
+    }
+  );
+}