@commonpub/layer 0.19.2 → 0.20.0

package/composables/useFeatures.ts

@@ -2,6 +2,14 @@
 // Initializes from build-time runtime config, then hydrates from /api/features
 // to pick up runtime DB overrides set via admin panel.
 
+export interface IdentityFeatures {
+  linkRemoteAccounts: boolean;
+  signInWithRemote: boolean;
+  actingAs: boolean;
+  remoteInteract: boolean;
+  remotePublish: boolean;
+}
+
 export interface FeatureFlags {
   content: boolean;
   social: boolean;
@@ -17,6 +25,12 @@ export interface FeatureFlags {
   admin: boolean;
   emailNotifications: boolean;
   publicApi: boolean;
+  /**
+   * Cross-instance delegated authorization. All sub-flags default false.
+   * Mirrors `@commonpub/config`'s `IdentityFeatures`. Phase 1b+ — see
+   * docs/sessions/136-cross-instance-identity-plan.md.
+   */
+  identity: IdentityFeatures;
 }
 
 let hydrated = false;
@@ -31,13 +45,28 @@ export const DEFAULT_FLAGS: FeatureFlags = {
   contests: false, events: false, learning: true, explainers: true,
   editorial: true, federation: false, admin: false, emailNotifications: false,
   publicApi: false,
+  identity: {
+    linkRemoteAccounts: false,
+    signInWithRemote: false,
+    actingAs: false,
+    remoteInteract: false,
+    remotePublish: false,
+  },
 };
 
 /** Build the initial flags by merging the layer's runtime config over defaults. */
 export function getInitialFlags(): FeatureFlags {
   const config = useRuntimeConfig();
   const buildFlags = (config.public.features as unknown as Partial<FeatureFlags> | undefined) ?? {};
-  return { ...DEFAULT_FLAGS, ...buildFlags };
+  // Merge top-level booleans, but deep-merge `identity` so a partial
+  // runtime override (e.g., `{ identity: { actingAs: true } }`) lands on
+  // top of the defaulted sub-flags rather than replacing the whole
+  // nested object.
+  return {
+    ...DEFAULT_FLAGS,
+    ...buildFlags,
+    identity: { ...DEFAULT_FLAGS.identity, ...(buildFlags.identity ?? {}) },
+  };
 }
 
 export function useFeatures() {
@@ -56,9 +85,18 @@ export function useFeatures() {
   if (import.meta.client && !hydrated) {
     hydrated = true;
     ($fetch as Function)('/api/features')
-      .then((dynamic: FeatureFlags) => {
+      .then((dynamic: Partial<FeatureFlags>) => {
         if (dynamic && typeof dynamic === 'object') {
-          flags.value = { ...flags.value, ...dynamic };
+          // Deep-merge `identity` so a server response that omits some
+          // sub-flag doesn't blank it out at the client.
+          flags.value = {
+            ...flags.value,
+            ...dynamic,
+            identity: {
+              ...flags.value.identity,
+              ...(dynamic.identity ?? {}),
+            },
+          };
         }
       })
       .catch(() => { /* use build-time defaults on failure */ });
@@ -80,5 +118,6 @@ export function useFeatures() {
     admin: computed(() => flags.value.admin),
     emailNotifications: computed(() => flags.value.emailNotifications),
     publicApi: computed(() => flags.value.publicApi),
+    identity: computed(() => flags.value.identity),
   };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commonpub/layer",
-  "version": "0.19.2",
+  "version": "0.20.0",
   "type": "module",
   "main": "./nuxt.config.ts",
   "files": [
@@ -50,16 +50,16 @@
     "vue": "^3.4.0",
     "vue-router": "^4.3.0",
     "zod": "^4.3.6",
-    "@commonpub/editor": "0.7.9",
-    "@commonpub/config": "0.12.0",
-    "@commonpub/docs": "0.6.2",
     "@commonpub/auth": "0.6.0",
-    "@commonpub/learning": "0.5.2",
+    "@commonpub/docs": "0.6.2",
+    "@commonpub/config": "0.12.0",
+    "@commonpub/explainer": "0.7.12",
+    "@commonpub/editor": "0.7.9",
     "@commonpub/protocol": "0.9.9",
+    "@commonpub/learning": "0.5.2",
     "@commonpub/schema": "0.16.0",
-    "@commonpub/ui": "0.8.5",
-    "@commonpub/server": "2.49.0",
-    "@commonpub/explainer": "0.7.12"
+    "@commonpub/server": "2.50.0",
+    "@commonpub/ui": "0.8.5"
   },
   "devDependencies": {
     "@testing-library/jest-dom": "^6.9.1",

package/server/api/auth/federated/callback.get.ts

@@ -66,11 +66,30 @@ export default defineEventHandler(async (event) => {
   // Check if the current user is logged in — if so, link to their account
   const auth = event.context.auth;
   if (auth?.user) {
-    await linkFederatedAccount(db, auth.user.id, tokenResult.user.actorUri, oauthState.instanceDomain, {
-      preferredUsername: tokenResult.user.username,
-      displayName: tokenResult.user.displayName ?? undefined,
-      avatarUrl: tokenResult.user.avatarUrl ?? undefined,
-    });
+    await linkFederatedAccount(
+      db,
+      auth.user.id,
+      tokenResult.user.actorUri,
+      oauthState.instanceDomain,
+      {
+        preferredUsername: tokenResult.user.username,
+        displayName: tokenResult.user.displayName ?? undefined,
+        avatarUrl: tokenResult.user.avatarUrl ?? undefined,
+      },
+      // Phase 1b: persist the access token so future delegated actions
+      // (Phase 4) can call the remote on this user's behalf. Encrypted
+      // at rest via @commonpub/infra/tokenCrypto. Scopes default to
+      // 'read write follow' for CommonPub↔CommonPub trust (the existing
+      // SSO model assumes mutual trustedInstances). Software-kind is
+      // 'cpub' here because this callback handles CommonPub→CommonPub;
+      // a Mastodon-login flow (Phase 2) will use a separate callback
+      // that detects software via WebFinger / megalodon.
+      {
+        accessToken: tokenResult.accessToken,
+        scopes: ['read', 'write', 'follow'],
+        softwareKind: 'cpub',
+      },
+    );
 
     return sendRedirect(event, '/settings/account?federated=linked', 302);
   }

package/server/plugins/identity-startup.ts

@@ -0,0 +1,43 @@
+/**
+ * Cross-instance identity — Nitro startup wiring.
+ *
+ * Runs at app init to:
+ *
+ *   1. Validate that any token-using `features.identity.*` flag has
+ *      `CPUB_FED_TOKEN_KEY` set. Throws if misconfigured — the boot
+ *      fails loudly rather than 500-ing partway through a real user's
+ *      OAuth callback. Only `actingAs` is exempt (UI-only, no token I/O).
+ *
+ *   2. Register the Mastodon-API-backed FediClient factory so
+ *      `run(event, ctx.active, action, input)` can dispatch to remote
+ *      handlers when `ctx.active.kind === 'linked'`. Factory closes
+ *      over the request-scoped DB handle.
+ *
+ * Plugin order: this should run early, alongside other infrastructure
+ * plugins. Nitro picks up plugins in alphabetical order — file is
+ * named `identity-startup.ts` so it sorts before app-level plugins.
+ *
+ * Phase-skip ergonomics: if no identity flag is enabled, the factory
+ * is registered anyway (cheap; the factory is lazy and only executes
+ * when `getFediClient` is called). The startup invariant only fires
+ * for flags that need the key.
+ *
+ * See docs/sessions/136-cross-instance-identity-plan.md.
+ */
+import {
+  assertIdentityConfig,
+  createMastodonFediClientFactory,
+  setFediClientFactory,
+} from '@commonpub/server';
+
+export default defineNitroPlugin(() => {
+  const config = useConfig();
+
+  // Fails loudly + early if a token-using flag is on without the
+  // encryption key. Listed errors include the env var name to set.
+  assertIdentityConfig(config);
+
+  // Register the factory exactly once. Subsequent calls would replace
+  // (which is fine in tests; in prod this fires once per process).
+  setFediClientFactory(createMastodonFediClientFactory(useDB()));
+});