3.4.0

Add GitHub signup oracle documentation

README.md

@@ -10,9 +10,29 @@ contributions.
 
 ## Setup
 
+### Ethereum wallet
+
 You will need an Ethereum wallet for your bot, so it can interact with the
 Ethereum smart contracts. `npm run create-wallet` will do the job for you.
 
+The wallet must be funded with enough ETH to interact with the contracts.
+
+### Contract permissions
+
+The bot wallet needs the following Aragon contract permissions to interact
+with [kredits-contracts]:
+
+1. `ADD_CONTRIBUTION_ROLE` on the `Contribution` contract
+2. `MANAGE_CONTRIBUTORS_ROLE` on the `Contributor` contract
+
+These permissions can be configured using the [Aragon
+CLI](https://hack.aragon.org/docs/cli-intro.html) (see [kredits-contracts].
+
+    aragon dao acl grant [DAO address] [contribution app address] ADD_CONTRIBUTION_ROLE [bot wallet address]
+    aragon dao acl grant [DAO address] [contributor app address] MANAGE_CONTRIBUTORS_ROLE [bot wallet address]
+
+To get the `Contribution` and `Contributor` app addresses use `aragon dao apps`.
+
 ## Configuration
 
 As usual in Hubot, you can add all config as environment variables.
@@ -24,6 +44,11 @@ As usual in Hubot, you can add all config as environment variables.
 | `KREDITS_WALLET_PATH` | Path to an Etherum wallet JSON file (default: `./wallet.json`) |
 | `KREDITS_WALLET_PASSWORD` | Wallet password |
 | `KREDITS_PROVIDER_URL` | Ethereum JSON-RPC URL (default: `http://localhost:7545`) |
+| `KREDITS_WEB_URL` | URL of the Kredits Web app (default: `https://kredits.kosmos.org`) |
+| `KREDITS_DAO_ADDRESS` | DAO Kernel address |
+| `KREDITS_SESSION_SECRET` | Secret used by [grant](https://www.npmjs.com/package/grant) to sign the session ID |
+| `KREDITS_GRANT_HOST` | Host used by [grant](https://www.npmjs.com/package/grant) to generate OAuth redirect URLs (default: `localhost:8888`) |
+| `KREDITS_GRANT_PROTOCOL` | Protocol (http or https) used by [grant](https://www.npmjs.com/package/grant") to generate the OAuth redirect URLs (default: "http") |
 
 ## Integrations
 
@@ -34,6 +59,12 @@ which carry a kredits label: `kredits-1`, `kredits-2`, `kredits-3` for small,
 medium and large contributions. If there are multiple people assigned, it will
 issue contribution tokens for all of them.
 
+If `KREDITS_GITHUB_KEY` and `KREDITS_GITHUB_SECRET` are set, the bot will also
+expose OAuth endpoints to authenticate new contributors and register new
+contributor profiles on the smart contract. For this feature, a [GitHub OAuth
+app] is required and the [OAuth grant config variables](#Configuration) must be
+set.
+
 #### Setup
 
 Point a GitHub organization webhook to the following URL:
@@ -45,6 +76,8 @@ Point a GitHub organization webhook to the following URL:
 | Key | Description |
 | --- | --- |
 | `KREDITS_GITHUB_REPO_BLACKLIST` | Repos which you do not want to issue kredits for. Format: `orgname/reponame`, e.g. `67P/test-one-two` |
+| `KREDITS_GITHUB_KEY` | Key of the [GitHub OAuth app] used to authenticate contributors |
+| `KREDITS_GITHUB_SECRET` | Secret of the [GitHub OAuth app] used to authenticate contributors |
 
 ### Gitea
 
@@ -80,3 +113,6 @@ wiki's API on its own.
 | Key | Description |
 | --- | --- |
 | `KREDITS_MEDIAWIKI_URL` | Your wiki URL, e.g. `https://wiki.kosmos.org/` |
+
+[kredits-contracts]: https://github.com/67P/kredits-contracts
+[GitHub OAuth app]: https://developer.github.com/apps/about-apps/#about-oauth-apps

index.js

@@ -7,6 +7,7 @@ const Kredits = require('kredits-contracts');
 const walletPath  = process.env.KREDITS_WALLET_PATH || './wallet.json';
 const walletJson  = fs.readFileSync(walletPath);
 const providerUrl = process.env.KREDITS_PROVIDER_URL;
+const daoAddress  = process.env.KREDITS_DAO_ADDRESS;
 
 const ipfsConfig = {
   host: process.env.IPFS_API_HOST || 'localhost',
@@ -48,14 +49,14 @@ module.exports = async function(robot) {
   // Kredits contracts setup
   //
 
+  const opts = { ipfsConfig };
+  if (daoAddress) {
+    opts.addresses = { Kernel: daoAddress };
+  }
   let kredits;
+
   try {
-    kredits = await new Kredits(signer.provider, signer, {
+    kredits = await new Kredits(signer.provider, signer, opts).init();
-      // TODO support local devchain custom address
-      apm: 'open.aragonpm.eth',
-      // addresses: { Kernel: '0x93aa4531329e4bf3efcd1ec0b74adb6f66d9d10e' }
-      ipfsConfig
-    }).init();
   } catch(error) {
     robot.logger.warning('[hubot-kredits] Could not set up kredits:', error);
     process.exit(1);

integrations/github.js

@@ -1,5 +1,8 @@
 const util = require('util');
 const fetch = require('node-fetch');
+const session = require('express-session');
+const grant = require('grant-express');
+const cors = require('cors');
 const amountFromLabels = require('./utils/amount-from-labels');
 const kindFromLabels = require('./utils/kind-from-labels');
 
@@ -21,6 +24,8 @@ module.exports = async function(robot, kredits) {
     robot.logger.debug('[hubot-kredits] Ignoring GitHub actions from ', util.inspect(repoBlackList));
   }
 
+  const kreditsWebUrl = process.env.KREDITS_WEB_URL || 'https://kredits.kosmos.org';
+
   const Contributor = kredits.Contributor;
   const Contribution = kredits.Contribution;
 
@@ -172,4 +177,95 @@ module.exports = async function(robot, kredits) {
     }
   });
 
+  //
+  // GitHub signup
+  //
+
+  if (process.env.KREDITS_GITHUB_KEY && process.env.KREDITS_GITHUB_SECRET) {
+    const grantConfig = {
+      defaults: {
+        protocol: (process.env.KREDITS_GRANT_PROTOCOL || "http"),
+        host: (process.env.KREDITS_GRANT_HOST || 'localhost:8888'),
+        transport: 'session',
+        response: 'tokens',
+        path: '/kredits/signup'
+      },
+      github: {
+        key: process.env.KREDITS_GITHUB_KEY,
+        secret: process.env.KREDITS_GITHUB_SECRET,
+        callback: '/kredits/signup/github'
+      }
+    };
+
+    robot.router.use(session({ secret: process.env.KREDITS_SESSION_SECRET || 'grant' }));
+    robot.router.use('/kredits/signup', grant(grantConfig));
+
+    robot.router.get('/kredits/signup/github', async (req, res) => {
+      const access_token = req.session.grant.response.access_token;
+
+      res.redirect(`${kreditsWebUrl}/signup/github#access_token=${access_token}`);
+    });
+
+    robot.router.options('/kredits/signup/github', cors());
+
+    robot.router.post('/kredits/signup/github', cors(), async (req, res) => {
+      const accessToken = req.body.accessToken;
+      if (!accessToken) {
+        res.status(400).json({});
+        return;
+      }
+      try {
+        const githubResponse = await fetch('https://api.github.com/user', {
+          headers: {
+            'Accept': 'application/vnd.github.v3+json',
+            'Authorization': `token ${accessToken}`
+          }
+        });
+      } catch (error) {
+        robot.logger.error('[hubot-kredits] Fetching user data from GitHub failed:', error);
+        res.status(500).json({ error });
+      };
+
+      if (githubResponse.status >= 300) {
+        res.status(githubResponse.status).json({});
+        return;
+      }
+      const user = await githubResponse.json();
+
+      const contributor = await kredits.Contributor.findByAccount({
+        site: 'github.com',
+        username: user.login
+      });
+
+      if (!contributor) {
+        let contributorAttr = {};
+        contributorAttr.account = req.body.account;
+        contributorAttr.name = user.name || user.login;
+        contributorAttr.kind = "person";
+        contributorAttr.url = user.blog;
+        contributorAttr.github_username = user.login;
+        contributorAttr.github_uid = user.id;
+
+        kredits.Contributor.add(contributorAttr, { gasLimit: 350000 })
+          .then(transaction => {
+            robot.logger.info('[hubot-kredits] Contributor added from GitHub signup', transaction.hash);
+            res.status(201);
+            res.json({
+              transactionHash: transaction.hash,
+              github_username: user.login
+            });
+          }, error => {
+            robot.logger.error(`[hubot-kredits] Adding contributor failed: ${error}`);
+            res.status(422);
+            res.json({ error })
+          });
+      } else {
+        res.json({
+          github_username: user.login
+        });
+      }
+    });
+  } else {
+    robot.logger.warning('[hubot-kredits] No KREDITS_GITHUB_KEY and KREDITS_GITHUB_SECRET configured for OAuth signup');
+  }
 };

integrations/mediawiki.js

@@ -129,8 +129,7 @@ module.exports = async function(robot, kredits) {
   function calculateAmountForChanges(details) {
     let amount;
 
-    if (details.charsAdded < 280) {
+    if (details.charsAdded < 500) {
-      // less than a tweet
       amount = 500;
     } else if (details.charsAdded < 2000) {
       amount = 1500;

package.json

@@ -1,6 +1,6 @@
 {
   "name": "hubot-kredits",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "description": "Kosmos Kredits functionality for chat bots",
   "main": "index.js",
   "scripts": {
@@ -10,11 +10,15 @@
     "create-wallet": "scripts/create-wallet.js"
   },
   "dependencies": {
+    "cors": "^2.8.5",
     "eth-provider": "^0.2.2",
     "ethers": "^4.0.27",
-    "group-array": "^0.3.3",
+    "express": "^4.17.1",
+    "express-session": "^1.16.2",
+    "grant-express": "^4.6.1",
+    "group-array": "^1.0.0",
     "kosmos-schemas": "^1.1.2",
-    "kredits-contracts": "^5.3.0",
+    "kredits-contracts": "^5.4.0",
     "node-cron": "^2.0.3",
     "node-fetch": "^2.3.0",
     "prompt": "^1.0.0"