yiffspace 0.0.10 → 0.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f112970fd5ee72b9230c1b3236a3831671bb2dfedd098b4e00a061ebfcff6cf1
-  data.tar.gz: 71c2f7b6b44f0988c00716882dc45c0da80ad7d8b4fa63f8e12aa9d807971b68
+  metadata.gz: db133305de79cf1a94b029e1e149359cd4b94764850b020316e7c14be52a4104
+  data.tar.gz: e9add13312cffed633e8ccb8594843b0468d8dc8a691bdc8910bc8df05ccb9a9
 SHA512:
-  metadata.gz: 5321ef4adb4ac4cf98aac76492bd1ae15c8bd98efcf91e65a39fa39f1e06c32e5153a12650ecee959269a1b0d069ac83590dd758f4809ef8166566caf8be70d2
-  data.tar.gz: bf65d46d86952bdcd8006a821f69220607eec81fc8da392b9a9dbc699976c698ab38e3fe922a577eea480d5e8c928aa0873494c1f697371e51b9b0fcdd6adb76
+  metadata.gz: 78c7fcfe985b6f98b9ff42d0cbff09b75442443ab950ac6e013a62bdbf23aca5452f9bde3c8248fa7e10635254b2b5746dd6c6cd4858a58433463556b9a3ba28
+  data.tar.gz: 1dead8a526b3c5325b79b0c351183d4813c6c4d42d9158d7308376dd05eaf5bcfc633d36abd4c9c6873612bb24e1cabda5306d0e7418085e307a54bbef460a0f

data/engines/auth/app/controllers/yiff_space/auth/root_controller.rb

@@ -12,8 +12,8 @@ module YiffSpace
       def cb
         client.handle_sign_in_callback(url: request.original_url)
         user = client.fetch_user_info
-        token = client.access_token_claims(resource: auth_client_config.resource)
         self.user = UserInfo.new(id: user["identities"]["discord"]["userId"], user: user, discord: user["identities"]["discord"]["details"]["rawData"])
+        token = client.access_token_claims(resource: auth_client_config.resource)
         self.auth = AuthInfo.new(id: user["identities"]["discord"]["userId"], token: token, permissions: token["scope"].split, roles: user["roles"], client_id: auth_client_config.client_id)
       end
 
@@ -21,7 +21,7 @@ module YiffSpace
 
       def logout
         client.sign_out(post_logout_redirect_uri: request.base_url)
-        reset_user!
+        full_reset!
       end
 
       def debug
@@ -33,7 +33,7 @@ module YiffSpace
           session: session,
           client:  auth_client_config.as_json.merge(client_secret: "[REDACTED]"),
           user:    client.fetch_user_info,
-          token:   client.access_token_claims(resource: "https://gallery.furry.cool"),
+          token:   client.access_token_claims(resource: auth_client_config.resource),
         })
       end
 

data/lib/yiffspace/auth/api_user.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module Auth
+    class ApiUser
+      attr_reader(:data)
+
+      def initialize(data)
+        @data = Utils::OpenHash.from(data)
+      end
+
+      delegate(:id, to: :data)
+
+      def discord_id
+        data.identities.discord.userId
+      end
+
+      def created_at
+        Time.zone.at(data.createdAt)
+      end
+
+      def updated_at
+        Time.zone.at(data.updatedAt)
+      end
+
+      def last_sign_in_at
+        data.lastSignInAt.nil? ? nil : Time.zone.at(data.lastSignInAt)
+      end
+
+      def discord
+        data.identities.discord.details.blank? ? nil : DiscordInfo.new(data.identities.discord.details.rawData)
+      end
+
+      def avatar
+        Images::Avatar.get_for(discord_id, :discord)
+      end
+
+      def banner
+        Images::Banner.get_for(discord_id, :discord)
+      end
+    end
+  end
+end

data/lib/yiffspace/auth/client.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative("../core_ext/logto/named_session_storage")
+require("httparty")
 
 module YiffSpace
   module Auth
@@ -13,7 +14,7 @@ module YiffSpace
 
       def initialize(name)
         @name                    = name.to_sym
-        @scopes                  = %i[openid offline_access profile roles identities]
+        @scopes                  = %i[openid offline_access profile roles identities custom_data]
         @permissions             = []
         @redirect_uri            = "http://127.0.0.1:3000/auth/cb"
         @server_url              = "https://auth.yiff.space"
@@ -38,6 +39,18 @@ module YiffSpace
           storage:  LogtoClient::NamedSessionStorage.new("yiffspace", controller.session, app_id: @name),
         )
       end
+
+      def logto_management
+        @logto_management ||= LogtoManagementClient.new(self)
+      end
+
+      def fetch_discord_user(id)
+        response = HTTParty.get("https://discord.com/api/v10/users/#{id}", { headers: { "Authorization" => "Bot #{YiffSpace.config.discord_bot_token}" } })
+        return nil if response.code == 404
+        raise("failed to fetch discord user: #{response.code} #{response.message}\n#{response.parsed_response.inspect}") if response.code != 200
+
+        DiscordInfo.new(response.parsed_response)
+      end
     end
   end
 end

data/lib/yiffspace/auth/discord_info.rb

@@ -3,13 +3,15 @@
 module YiffSpace
   module Auth
     class DiscordInfo
-      ATTRIBUTES = %i[id flags avatar banner locale username avatar_url banner_url global_name mfa_enabled public_flags discriminator].freeze
-      attr_reader(*ATTRIBUTES)
+      # locale, mfa_enabled, and premium_type are not present for legacy users backfilled from api data,
+      # we don't need that data either way
+      ATTRIBUTES = %i[id flags avatar banner username global_name public_flags discriminator].freeze
+      attr_reader(:data, *ATTRIBUTES)
 
       def initialize(options = {}, **kwargs)
-        options = options.merge(kwargs).with_indifferent_access
+        @data = options.merge(kwargs).with_indifferent_access
         ATTRIBUTES.each do |attr|
-          instance_variable_set("@#{attr}", options[attr])
+          instance_variable_set("@#{attr}", @data[attr])
         end
 
         return unless YiffSpace.config.auth.update_discord_images

data/lib/yiffspace/configuration.rb

@@ -31,6 +31,12 @@ module YiffSpace
     # The `last_ip_addr` attribute of the User model, used by the UserResolvableMethods concern
     attr_accessor(:last_ip_addr_attribute)
 
+    # Logto Management API credentials (shared across all auth clients).
+    attr_accessor(:logto_api_client_id, :logto_api_client_secret, :logto_api_resource)
+
+    # Discord bot token used to look up Discord users (shared across all auth clients).
+    attr_accessor(:discord_bot_token)
+
     # The anonymous user's name, can be a proc
     attr_reader(:anonymous_user_name)
 
@@ -43,15 +49,19 @@ module YiffSpace
     attr_writer(:system_user_getter)
 
     def initialize
-      @max_multi_count        = -> { 100 }
-      @redis_url              = -> {}
-      @user_class             = nil
-      @user_like_class        = nil
-      @user_resolvable_class  = nil
-      @current_class          = nil
-      @default_ip_address     = "127.0.0.1"
-      @last_ip_addr_attribute = :last_ip_addr
-      @anonymous_user_name    = -> { "Anonymous" }
+      @max_multi_count         = -> { 100 }
+      @redis_url               = -> {}
+      @user_class              = nil
+      @user_like_class         = nil
+      @user_resolvable_class   = nil
+      @current_class           = nil
+      @default_ip_address      = "127.0.0.1"
+      @last_ip_addr_attribute  = :last_ip_addr
+      @anonymous_user_name     = -> { "Anonymous" }
+      @logto_api_client_id     = nil
+      @logto_api_client_secret = nil
+      @logto_api_resource      = nil
+      @discord_bot_token       = nil
     end
 
     def user_class

data/lib/yiffspace/logto_management_client.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require("active_support/core_ext/integer/time")
+require("httparty")
+
+module YiffSpace
+  class LogtoManagementClient
+    attr_reader(:auth)
+
+    def initialize(auth)
+      @auth = auth
+    end
+
+    def get_token # rubocop:disable Naming/AccessorMethodName
+      if @_cached_token
+        return @_cached_token if @_cache_expire_time > Time.current
+
+        @_cached_token = nil
+        @_cache_expire_time = nil
+      end
+      response = HTTParty.post("#{auth.server_url}/oidc/token", {
+        body: {
+          grant_type:    "client_credentials",
+          client_id:     YiffSpace.config.logto_api_client_id,
+          client_secret: YiffSpace.config.logto_api_client_secret,
+          resource:      YiffSpace.config.logto_api_resource,
+          scope:         "all",
+        },
+      })
+      raise("failed to get access token: #{response.to_json}") unless response.key?("access_token")
+
+      @_cached_token = response["access_token"]
+      @_cache_expire_time = response["expires_in"].to_i.seconds.from_now
+      response["access_token"]
+    end
+
+    def get_user(id)
+      response = HTTParty.get("#{auth.server_url}/api/users?discordId=#{id}", { headers: { "Authorization" => "Bearer #{get_token}" } })
+      return nil if response.code == 404 || (response.parsed_response.is_a?(Array) && response.parsed_response.empty?)
+      raise("failed to get user: #{response.code} #{response.message}\n#{response.parsed_response.inspect}") if response.code != 200 || !response.parsed_response.is_a?(Array)
+
+      Utils::TraceLogger.warn("LogtoManagementClient", "query discordId=#{id} returned more than one user:\n#{response.parsed_response.inspect}") if response.parsed_response.length > 1
+
+      Auth::ApiUser.new(response.parsed_response.first)
+    end
+
+    def create_user(id)
+      details = auth.fetch_discord_user(id)&.data
+      raise("invalid discord user: #{id}") if details.blank?
+
+      response = HTTParty.post("#{auth.server_url}/api/users", {
+        headers: { "Authorization" => "Bearer #{get_token}", "Content-Type" => "application/json" },
+        body:    { avatar: "https://cdn.discordapp.com/avatars/#{details['id']}/#{details['avatar']}", username: details["username"] }.to_json,
+      })
+      raise("failed to create user: #{response.code} #{response.message}\n#{response.parsed_response.inspect}") if response.code != 200
+
+      response2 = HTTParty.put("#{auth.server_url}/api/users/#{response.parsed_response['id']}/identities/discord", {
+        headers: { "Authorization" => "Bearer #{get_token}", "Content-Type" => "application/json" },
+        body:    {
+          userId:  details["id"],
+          details: {
+            id:      details["id"],
+            name:    details["username"],
+            avatar:  "https://cdn.discordapp.com/avatars/#{details['id']}/#{details['avatar']}",
+            rawData: details,
+          },
+        }.to_json,
+      })
+      raise("failed to add discord identity: #{response2.code} #{response2.message}\n#{response2.parsed_response.inspect}") if response2.code != 201
+
+      Auth::ApiUser.new(response.parsed_response)
+    end
+
+    def get_or_create_user(id)
+      get_user(id) || create_user(id)
+    end
+  end
+end

data/lib/yiffspace/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module YiffSpace
-  VERSION = "0.0.10"
+  VERSION = "0.0.12"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: yiffspace
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.0.12
 platform: ruby
 authors:
 - Donovan_DMC
 bindir: bin
 cert_chain: []
-date: 2026-06-17 00:00:00.000000000 Z
+date: 2026-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: abbrev
@@ -119,6 +119,7 @@ files:
 - lib/tasks/yiff_space_tasks.rake
 - lib/yiffspace.rb
 - lib/yiffspace/auth.rb
+- lib/yiffspace/auth/api_user.rb
 - lib/yiffspace/auth/auth_info.rb
 - lib/yiffspace/auth/auth_info/anonymous.rb
 - lib/yiffspace/auth/client.rb
@@ -201,6 +202,7 @@ files:
 - lib/yiffspace/include/user_attribute.rb
 - lib/yiffspace/include/user_like.rb
 - lib/yiffspace/include/user_resolvable.rb
+- lib/yiffspace/logto_management_client.rb
 - lib/yiffspace/railtie.rb
 - lib/yiffspace/search/query_builder.rb
 - lib/yiffspace/search/query_dsl.rb