honbra
/
gluestick
forked from NotNet/gluestick
1
0
Fork 0
Code Pull Requests Activity

invite user to github automatically

This commit is contained in:
Julian 2023-04-27 21:01:30 -04:00
parent c51e363b10
commit cbcb8268b0
Signed by untrusted user: NotNite
GPG Key ID: BD91A5402CCEB08A
3 changed files with 47 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/app/oauth/discord/redirect/route.ts
View File

@ -21,11 +21,6 @@ export async function GET(request: Request) {
const id = await provider.getId(); const id = await provider.getId();
const permitted = await provider.isPermitted(); const permitted = await provider.isPermitted();
if (!permitted) {
logger.info({ id }, "user tried to sign up");
return new Response("not permitted to register account", { status: 403 });
}
// If someone clicked register on the front page with an existing account, // If someone clicked register on the front page with an existing account,
// wire it to their user via the auth ticket // wire it to their user via the auth ticket
let gluestickId = null; let gluestickId = null;
@ -35,6 +30,11 @@ export async function GET(request: Request) {
gluestickId = currentUser!.id; gluestickId = currentUser!.id;
} }
if (!permitted && gluestickId == null) {
logger.info({ id }, "user tried to sign up");
return new Response("not permitted to register account", { status: 403 });
}
const userId = await DiscordAuthProvider.update( const userId = await DiscordAuthProvider.update(
id, id,
tokenBody.access_token, tokenBody.access_token,

13
src/app/oauth/github/redirect/route.ts
View File

@ -1,5 +1,5 @@
import { getLogger } from "@/logger"; import { getLogger } from "@/logger";
import { GitHubAuthProvider } from "@/auth/github"; import { GitHubAuthProvider, inviteToGitHub } from "@/auth/github";
import { import {
AuthState, AuthState,
authTicketOAuth, authTicketOAuth,
@ -21,11 +21,6 @@ export async function GET(request: Request) {
const id = await provider.getId(); const id = await provider.getId();
const permitted = await provider.isPermitted(); const permitted = await provider.isPermitted();
if (!permitted) {
logger.info({ id }, "user tried to sign up");
return new Response("not permitted to register account", { status: 403 });
}
// If someone clicked register on the front page with an existing account, // If someone clicked register on the front page with an existing account,
// wire it to their user via the auth ticket // wire it to their user via the auth ticket
let gluestickId = null; let gluestickId = null;
@ -35,6 +30,11 @@ export async function GET(request: Request) {
gluestickId = currentUser!.id; gluestickId = currentUser!.id;
} }
if (!permitted && gluestickId == null) {
logger.info({ id }, "user tried to sign up");
return new Response("not permitted to register account", { status: 403 });
}
const userId = await GitHubAuthProvider.update( const userId = await GitHubAuthProvider.update(
id, id,
tokenBody.access_token, tokenBody.access_token,
@ -42,6 +42,7 @@ export async function GET(request: Request) {
); );
if (gluestickId != null) { if (gluestickId != null) {
await inviteToGitHub(provider);
return new Response(null, { return new Response(null, {
status: 302, status: 302,
headers: { headers: {

45
src/auth/github.ts
View File

@ -14,6 +14,18 @@ type GitHubUserResponse = {
email: string; email: string;
}; };
async function getMembers(): Promise<GitHubUserResponse[]> {
const req = await fetch(
`https://api.github.com/orgs/${process.env.GITHUB_ORG}/members`,
{
headers: {
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`
}
}
);
return await req.json();
}
export class GitHubAuthProvider extends AuthProvider { export class GitHubAuthProvider extends AuthProvider {
private async getMe(): Promise<GitHubUserResponse> { private async getMe(): Promise<GitHubUserResponse> {
const req = await fetch("https://api.github.com/user", { const req = await fetch("https://api.github.com/user", {
@ -27,16 +39,8 @@ export class GitHubAuthProvider extends AuthProvider {
async isPermitted(): Promise<boolean> { async isPermitted(): Promise<boolean> {
const me = await this.getMe(); const me = await this.getMe();
const req = await fetch( const members = await getMembers();
`https://api.github.com/orgs/${process.env.GITHUB_ORG}/members`, return members.some((user) => user.login === me.login);
{
headers: {
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`
}
}
);
const res: GitHubUserResponse[] = await req.json();
return res.some((user) => user.login === me.login);
} }
async getDisplayName(): Promise<string> { async getDisplayName(): Promise<string> {
@ -139,3 +143,24 @@ export class GitHubAuthProvider extends AuthProvider {
return a.userId; return a.userId;
} }
} }
export async function inviteToGitHub(auth: GitHubAuthProvider) {
const id = await auth.getId();
const members = await getMembers();
if (members.find((x) => x.id === parseInt(id))) return;
await fetch(
`https://api.github.com/orgs/${process.env.GITHUB_ORG}/invitations`,
{
method: "POST",
headers: {
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
Accept: "application/vnd.github.v3+json"
},
body: JSON.stringify({
invitee_id: parseInt(id),
role: "direct_member"
})
}
);
}