From afa67e5ac7c2be715c4abc1e0445c1daa44ae7da Mon Sep 17 00:00:00 2001 From: Michael Bumann Date: Sat, 31 Aug 2019 12:51:44 +0200 Subject: [PATCH 1/3] Prefix all configuration environment variables The convention here is to prefix all Kredit related configuration variables with `KREDITS_` --- integrations/github.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/integrations/github.js b/integrations/github.js index b0b9191..9cbafa1 100644 --- a/integrations/github.js +++ b/integrations/github.js @@ -181,23 +181,23 @@ module.exports = async function(robot, kredits) { // GitHub signup // - if (process.env.GITHUB_KEY && process.env.GITHUB_SECRET) { + if (process.env.KREDITS_GITHUB_KEY && process.env.KREDITS_GITHUB_SECRET) { const grantConfig = { defaults: { - protocol: (process.env.GRANT_PROTOCOL || "http"), - host: (process.env.GRANT_HOST || 'localhost:8888'), + protocol: (process.env.KREDITS_GRANT_PROTOCOL || "http"), + host: (process.env.KREDITS_GRANT_HOST || 'localhost:8888'), transport: 'session', response: 'tokens', path: '/kredits/signup' }, github: { - key: process.env.GITHUB_KEY, - secret: process.env.GITHUB_SECRET, + key: process.env.KREDITS_GITHUB_KEY, + secret: process.env.KREDITS_GITHUB_SECRET, callback: '/kredits/signup/github' } }; - robot.router.use(session({ secret: process.env.SESSION_SECRET || 'grant' })); + robot.router.use(session({ secret: process.env.KREDITS_SESSION_SECRET || 'grant' })); robot.router.use('/kredits/signup', grant(grantConfig)); robot.router.get('/kredits/signup/github', async (req, res) => { @@ -266,6 +266,6 @@ module.exports = async function(robot, kredits) { } }); } else { - robot.logger.warning('[hubot-kredits] No GITHUB_KEY and GITHUB_SECRET configured for OAuth signup'); + robot.logger.warning('[hubot-kredits] No KREDITS_GITHUB_KEY and KREDITS_GITHUB_SECRET configured for OAuth signup'); } }; From 101e35622ab422759a4967590accd64d6ca1ff0c Mon Sep 17 00:00:00 2001 From: Michael Bumann Date: Sat, 31 Aug 2019 12:52:36 +0200 Subject: [PATCH 2/3] Add GitHub signup oracle documentation --- README.md | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a7026d..30e7461 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,27 @@ contributions. ## Setup +## Ethereum Wallet + You will need an Ethereum wallet for your bot, so it can interact with the Ethereum smart contracts. `npm run create-wallet` will do the job for you. +That wallet must be funded with enough ETH to interact with the contracts. + +### Contract permissions + +The bot wallet needs the following aragon contract permissions to interact +with [kredits-contracts](https://github.com/67P/kredits-contracts) + +1. `ADD_CONTRIBUTION_ROLE` on the Contribution contract +2. `MANAGE_CONTRIBUTORS_ROLE` on the Contributor contract (used for registering contributors) + +These permissions can be configured using the `aragon-cli` (see [kredits-contracts](https://github.com/67P/kredits-contracts). + + $ aragon dao acl grant [your DAO address] [your contribution app address] ADD_CONTRIBUTION_ROLE [bot wallet address] + $ aragon dao acl grant [your DAO address] [your contributor app address] MANAGE_CONTRIBUTORS_ROLE [bot wallet address] + +To get the contribution and contributor app address use `aragon dao apps` + ## Configuration @@ -26,7 +45,9 @@ As usual in Hubot, you can add all config as environment variables. | `KREDITS_PROVIDER_URL` | Ethereum JSON-RPC URL (default: `http://localhost:7545`) | | `KREDITS_WEB_URL` | URL of the Kredits Web app (default: `https://kredits.kosmos.org`) | | `KREDITS_DAO_ADDRESS` | DAO Kernel address | -| `SESSION_SECRET` | Secret used to sign the Session ID | +| `KREDITS_SESSION_SECRET` | Secret used by [grant](https://www.npmjs.com/package/grant) to sign the Session ID | +| `KREDITS_GRANT_HOST` | Host used by [grant](https://www.npmjs.com/package/grant) to generate OAuth redirect URLs (default: `localhost:8888`) | +| `KREDITS_GRANT_PROTOCOL` | Protocol (http or https) used by [grant](https://www.npmjs.com/package/grant") to generate the OAuth redirect URLs (default: "http") | ## Integrations @@ -37,6 +58,11 @@ which carry a kredits label: `kredits-1`, `kredits-2`, `kredits-3` for small, medium and large contributions. If there are multiple people assigned, it will issue contribution tokens for all of them. +If `KREDITS_GITHUB_KEY` and `KREDITS_GITHUB_SECRET` are set it will also expose +OAuth endpoints to authenticate new contributors and register new profiles on +the smart contract. For this a [GitHub app](https://developer.github.com/apps/about-apps/) +is required and the [OAuth grant config](#Configuration) must set. + #### Setup Point a GitHub organization webhook to the following URL: @@ -48,6 +74,8 @@ Point a GitHub organization webhook to the following URL: | Key | Description | | --- | --- | | `KREDITS_GITHUB_REPO_BLACKLIST` | Repos which you do not want to issue kredits for. Format: `orgname/reponame`, e.g. `67P/test-one-two` | +| `KREDITS_GITHUB_KEY` | Key of the [GitHub app](https://developer.github.com/apps/building-github-apps/creating-a-github-app/) used to authenticate new collaborators | +| `KREDITS_GITHUB_SECRET` | Secret of the [GitHub app]((https://developer.github.com/apps/building-github-apps/creating-a-github-app/) used to authenticate new collaborators | ### Gitea From 6476fe5c88ba049217b9b8934ab390edbb921c7d Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 31 Aug 2019 13:23:11 +0200 Subject: [PATCH 3/3] Improve signup docs --- README.md | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 30e7461..cc640e0 100644 --- a/README.md +++ b/README.md @@ -10,27 +10,28 @@ contributions. ## Setup -## Ethereum Wallet +### Ethereum wallet You will need an Ethereum wallet for your bot, so it can interact with the Ethereum smart contracts. `npm run create-wallet` will do the job for you. -That wallet must be funded with enough ETH to interact with the contracts. + +The wallet must be funded with enough ETH to interact with the contracts. ### Contract permissions -The bot wallet needs the following aragon contract permissions to interact -with [kredits-contracts](https://github.com/67P/kredits-contracts) +The bot wallet needs the following Aragon contract permissions to interact +with [kredits-contracts]: -1. `ADD_CONTRIBUTION_ROLE` on the Contribution contract -2. `MANAGE_CONTRIBUTORS_ROLE` on the Contributor contract (used for registering contributors) +1. `ADD_CONTRIBUTION_ROLE` on the `Contribution` contract +2. `MANAGE_CONTRIBUTORS_ROLE` on the `Contributor` contract -These permissions can be configured using the `aragon-cli` (see [kredits-contracts](https://github.com/67P/kredits-contracts). +These permissions can be configured using the [Aragon +CLI](https://hack.aragon.org/docs/cli-intro.html) (see [kredits-contracts]. - $ aragon dao acl grant [your DAO address] [your contribution app address] ADD_CONTRIBUTION_ROLE [bot wallet address] - $ aragon dao acl grant [your DAO address] [your contributor app address] MANAGE_CONTRIBUTORS_ROLE [bot wallet address] - -To get the contribution and contributor app address use `aragon dao apps` + aragon dao acl grant [DAO address] [contribution app address] ADD_CONTRIBUTION_ROLE [bot wallet address] + aragon dao acl grant [DAO address] [contributor app address] MANAGE_CONTRIBUTORS_ROLE [bot wallet address] +To get the `Contribution` and `Contributor` app addresses use `aragon dao apps`. ## Configuration @@ -45,7 +46,7 @@ As usual in Hubot, you can add all config as environment variables. | `KREDITS_PROVIDER_URL` | Ethereum JSON-RPC URL (default: `http://localhost:7545`) | | `KREDITS_WEB_URL` | URL of the Kredits Web app (default: `https://kredits.kosmos.org`) | | `KREDITS_DAO_ADDRESS` | DAO Kernel address | -| `KREDITS_SESSION_SECRET` | Secret used by [grant](https://www.npmjs.com/package/grant) to sign the Session ID | +| `KREDITS_SESSION_SECRET` | Secret used by [grant](https://www.npmjs.com/package/grant) to sign the session ID | | `KREDITS_GRANT_HOST` | Host used by [grant](https://www.npmjs.com/package/grant) to generate OAuth redirect URLs (default: `localhost:8888`) | | `KREDITS_GRANT_PROTOCOL` | Protocol (http or https) used by [grant](https://www.npmjs.com/package/grant") to generate the OAuth redirect URLs (default: "http") | @@ -58,10 +59,11 @@ which carry a kredits label: `kredits-1`, `kredits-2`, `kredits-3` for small, medium and large contributions. If there are multiple people assigned, it will issue contribution tokens for all of them. -If `KREDITS_GITHUB_KEY` and `KREDITS_GITHUB_SECRET` are set it will also expose -OAuth endpoints to authenticate new contributors and register new profiles on -the smart contract. For this a [GitHub app](https://developer.github.com/apps/about-apps/) -is required and the [OAuth grant config](#Configuration) must set. +If `KREDITS_GITHUB_KEY` and `KREDITS_GITHUB_SECRET` are set, the bot will also +expose OAuth endpoints to authenticate new contributors and register new +contributor profiles on the smart contract. For this feature, a [GitHub OAuth +app] is required and the [OAuth grant config variables](#Configuration) must be +set. #### Setup @@ -74,8 +76,8 @@ Point a GitHub organization webhook to the following URL: | Key | Description | | --- | --- | | `KREDITS_GITHUB_REPO_BLACKLIST` | Repos which you do not want to issue kredits for. Format: `orgname/reponame`, e.g. `67P/test-one-two` | -| `KREDITS_GITHUB_KEY` | Key of the [GitHub app](https://developer.github.com/apps/building-github-apps/creating-a-github-app/) used to authenticate new collaborators | -| `KREDITS_GITHUB_SECRET` | Secret of the [GitHub app]((https://developer.github.com/apps/building-github-apps/creating-a-github-app/) used to authenticate new collaborators | +| `KREDITS_GITHUB_KEY` | Key of the [GitHub OAuth app] used to authenticate contributors | +| `KREDITS_GITHUB_SECRET` | Secret of the [GitHub OAuth app] used to authenticate contributors | ### Gitea @@ -111,3 +113,6 @@ wiki's API on its own. | Key | Description | | --- | --- | | `KREDITS_MEDIAWIKI_URL` | Your wiki URL, e.g. `https://wiki.kosmos.org/` | + +[kredits-contracts]: https://github.com/67P/kredits-contracts +[GitHub OAuth app]: https://developer.github.com/apps/about-apps/#about-oauth-apps