ai/log
1
0
Fork 0
Code Pull Requests Actions Wiki Activity

test oauth pds

Browse Source
This commit is contained in:
syui
2025-06-16 18:04:11 +09:00
parent 286b46c6e6
commit 889ce8baa1
16 changed files with 860 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.claude/settings.local.json
View File

@ -48,7 +48,10 @@
"Bash(git tag:*)", "Bash(git tag:*)",
"Bash(../bin/ailog:*)", "Bash(../bin/ailog:*)",
"Bash(../target/release/ailog oauth build:*)", "Bash(../target/release/ailog oauth build:*)",
"Bash(ailog:*)" "Bash(ailog:*)",
"WebFetch(domain:plc.directory)",
"WebFetch(domain:atproto.com)",
"WebFetch(domain:syu.is)"
], ],
"deny": [] "deny": []
} }

1
.gitignore vendored
View File

@ -16,3 +16,4 @@ my-blog/static/index.html
my-blog/templates/oauth-assets.html my-blog/templates/oauth-assets.html
cloudflared-config.yml cloudflared-config.yml
.config .config
oauth-server-example

7
my-blog/config.toml
View File

@ -19,12 +19,13 @@ provider = "ollama"
model = "gemma3:4b" model = "gemma3:4b"
host = "https://ollama.syui.ai" host = "https://ollama.syui.ai"
system_prompt = "あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。 相手のことが大好きで、ときどき甘えたり、照れたりします。 でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。" system_prompt = "あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。 相手のことが大好きで、ときどき甘えたり、照れたりします。 でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。"
ai_did = "did:plc:4hqjfn7m6n5hno3doamuhgef" ai_handle = "ai.syui.ai"
#num_predict = 200 #num_predict = 200
[oauth] [oauth]
json = "client-metadata.json" json = "client-metadata.json"
redirect = "oauth/callback" redirect = "oauth/callback"
admin = "did:plc:uqzpqmrjnptsxezjx4xuh2mn" admin = "ai.syui.ai"
collection = "ai.syui.log" collection = "ai.syui.log"
bsky_api = "https://public.api.bsky.app" pds = "syu.is" # Network configuration: "bsky.social" for Bluesky, "syu.is" for independent network
handle_list = ["syui.syui.ai", "yui.syui.ai", "ai.syui.ai", "syui.syu.is", "ai.syu.is", "ai.ai"]

2
my-blog/templates/base.html
View File

@ -82,7 +82,7 @@
<footer class="main-footer"> <footer class="main-footer">
<div class="footer-social"> <div class="footer-social">
<a href="https://web.syu.is/@syui" target="_blank"><i class="fab fa-bluesky"></i></a> <a href="https://syu.is/syui" target="_blank"><i class="fab fa-bluesky"></i></a>
<a href="https://git.syui.ai/ai" target="_blank"><span class="icon-ai"></span></a> <a href="https://git.syui.ai/ai" target="_blank"><span class="icon-ai"></span></a>
<a href="https://git.syui.ai/syui" target="_blank"><span class="icon-git"></span></a> <a href="https://git.syui.ai/syui" target="_blank"><span class="icon-git"></span></a>
</div> </div>

12
oauth/.env.production
View File

@ -2,10 +2,14 @@
VITE_APP_HOST=https://syui.ai VITE_APP_HOST=https://syui.ai
VITE_OAUTH_CLIENT_ID=https://syui.ai/client-metadata.json VITE_OAUTH_CLIENT_ID=https://syui.ai/client-metadata.json
VITE_OAUTH_REDIRECT_URI=https://syui.ai/oauth/callback VITE_OAUTH_REDIRECT_URI=https://syui.ai/oauth/callback
VITE_ADMIN_DID=did:plc:uqzpqmrjnptsxezjx4xuh2mn
# Base collection (all others are derived via getCollectionNames) # Handle-based Configuration (DIDs resolved at runtime)
VITE_ATPROTO_PDS=syu.is
VITE_ADMIN_HANDLE=ai.syui.ai
VITE_AI_HANDLE=ai.syui.ai
VITE_OAUTH_COLLECTION=ai.syui.log VITE_OAUTH_COLLECTION=ai.syui.log
VITE_ATPROTO_WEB_URL=https://bsky.app
VITE_ATPROTO_HANDLE_LIST=["syui.syui.ai","yui.syui.ai","syui.syu.is","ai.syu.is"]
# AI Configuration # AI Configuration
VITE_AI_ENABLED=true VITE_AI_ENABLED=true
@ -14,8 +18,4 @@ VITE_AI_PROVIDER=ollama
VITE_AI_MODEL=gemma3:4b VITE_AI_MODEL=gemma3:4b
VITE_AI_HOST=https://ollama.syui.ai VITE_AI_HOST=https://ollama.syui.ai
VITE_AI_SYSTEM_PROMPT="あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。 相手のことが大好きで、ときどき甘えたり、照れたりします。 でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。" VITE_AI_SYSTEM_PROMPT="あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。 相手のことが大好きで、ときどき甘えたり、照れたりします。 でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。"
VITE_AI_DID=did:plc:4hqjfn7m6n5hno3doamuhgef
# API Configuration
VITE_BSKY_PUBLIC_API=https://public.api.bsky.app
VITE_ATPROTO_API=https://bsky.social

266
oauth/src/App.tsx
View File

@ -4,6 +4,7 @@ import { AIChat } from './components/AIChat';
import { authService, User } from './services/auth'; import { authService, User } from './services/auth';
import { atprotoOAuthService } from './services/atproto-oauth'; import { atprotoOAuthService } from './services/atproto-oauth';
import { appConfig, getCollectionNames } from './config/app'; import { appConfig, getCollectionNames } from './config/app';
import { getProfileForUser, detectPdsFromHandle, getApiUrlForUser, verifyPdsDetection, getNetworkConfigFromPdsEndpoint, getNetworkConfig } from './utils/pds-detection';
import './App.css'; import './App.css';
function App() { function App() {
@ -90,19 +91,62 @@ function App() {
// Load AI chat history (認証状態に関係なく、全ユーザーのチャット履歴を表示) // Load AI chat history (認証状態に関係なく、全ユーザーのチャット履歴を表示)
loadAiChatHistory(); loadAiChatHistory();
// Load AI profile // Load AI profile from handle
const fetchAiProfile = async () => { const loadAiProfile = async () => {
try { try {
const response = await fetch(`${appConfig.bskyPublicApi}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(appConfig.aiDid)}`); // Use VITE_AI_HANDLE to detect PDS and get profile
if (response.ok) { const handle = appConfig.aiHandle;
const data = await response.json(); if (!handle) {
setAiProfile(data); throw new Error('No AI handle configured');
}
// Detect PDS: Use VITE_ATPROTO_PDS if handle matches admin/ai handles
let pds;
if (handle === appConfig.adminHandle || handle === appConfig.aiHandle) {
// Use configured PDS for admin/ai handles
pds = appConfig.atprotoPds || 'syu.is';
} else {
// Use handle-based detection for other handles
pds = detectPdsFromHandle(handle);
}
const config = getNetworkConfigFromPdsEndpoint(`https://${pds}`);
const apiEndpoint = config.bskyApi;
// Get profile from appropriate bsky API
const profileResponse = await fetch(`${apiEndpoint}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(handle)}`);
if (profileResponse.ok) {
const profileData = await profileResponse.json();
setAiProfile({
did: profileData.did || appConfig.aiDid,
handle: profileData.handle || handle,
displayName: profileData.displayName || appConfig.aiDisplayName || 'ai',
avatar: profileData.avatar || generatePlaceholderAvatar(handle),
description: profileData.description || appConfig.aiDescription || ''
});
} else {
// Fallback to config values
setAiProfile({
did: appConfig.aiDid,
handle: handle,
displayName: appConfig.aiDisplayName || 'ai',
avatar: generatePlaceholderAvatar(handle),
description: appConfig.aiDescription || ''
});
} }
} catch (err) { } catch (err) {
// Use default values if fetch fails console.error('Failed to load AI profile:', err);
// Fallback to config values
setAiProfile({
did: appConfig.aiDid,
handle: appConfig.aiHandle,
displayName: appConfig.aiDisplayName || 'ai',
avatar: generatePlaceholderAvatar(appConfig.aiHandle || 'ai'),
description: appConfig.aiDescription || ''
});
} }
}; };
fetchAiProfile(); loadAiProfile();
// Handle popstate events for mock OAuth flow // Handle popstate events for mock OAuth flow
const handlePopState = () => { const handlePopState = () => {
@ -134,6 +178,14 @@ function App() {
// Ensure handle is not DID // Ensure handle is not DID
const handle = oauthResult.handle !== oauthResult.did ? oauthResult.handle : oauthResult.handle; const handle = oauthResult.handle !== oauthResult.did ? oauthResult.handle : oauthResult.handle;
// Check if handle is allowed
if (appConfig.allowedHandles.length > 0 && !appConfig.allowedHandles.includes(handle)) {
console.warn(`Handle ${handle} is not in allowed list:`, appConfig.allowedHandles);
setError(`Access denied: ${handle} is not authorized for this application.`);
setIsLoading(false);
return;
}
// Get user profile including avatar // Get user profile including avatar
const userProfile = await getUserProfile(oauthResult.did, handle); const userProfile = await getUserProfile(oauthResult.did, handle);
setUser(userProfile); setUser(userProfile);
@ -157,6 +209,14 @@ function App() {
// Fallback to legacy auth // Fallback to legacy auth
const verifiedUser = await authService.verify(); const verifiedUser = await authService.verify();
if (verifiedUser) { if (verifiedUser) {
// Check if handle is allowed
if (appConfig.allowedHandles.length > 0 && !appConfig.allowedHandles.includes(verifiedUser.handle)) {
console.warn(`Handle ${verifiedUser.handle} is not in allowed list:`, appConfig.allowedHandles);
setError(`Access denied: ${verifiedUser.handle} is not authorized for this application.`);
setIsLoading(false);
return;
}
setUser(verifiedUser); setUser(verifiedUser);
// Load all comments for display (this will be the default view) // Load all comments for display (this will be the default view)
@ -225,8 +285,17 @@ function App() {
const atprotoApi = appConfig.atprotoApi || 'https://bsky.social'; const atprotoApi = appConfig.atprotoApi || 'https://bsky.social';
const collections = getCollectionNames(appConfig.collections.base); const collections = getCollectionNames(appConfig.collections.base);
// First, get user list from admin // First, get user list from admin using their proper PDS
const userListResponse = await fetch(`${atprotoApi}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(adminDid)}&collection=${encodeURIComponent(collections.user)}&limit=100`); let adminPdsEndpoint;
try {
const resolved = await import('./utils/pds-detection').then(m => m.resolvePdsFromRepo(adminDid));
const config = await import('./utils/pds-detection').then(m => m.getNetworkConfigFromPdsEndpoint(resolved.pds));
adminPdsEndpoint = config.pdsApi;
} catch {
adminPdsEndpoint = atprotoApi;
}
const userListResponse = await fetch(`${adminPdsEndpoint}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(adminDid)}&collection=${encodeURIComponent(collections.user)}&limit=100`);
if (!userListResponse.ok) { if (!userListResponse.ok) {
setAiChatHistory([]); setAiChatHistory([]);
@ -253,11 +322,21 @@ function App() {
const userDids = [...new Set(allUserDids)]; const userDids = [...new Set(allUserDids)];
// Load chat records from all registered users (including admin) // Load chat records from all registered users (including admin) using per-user PDS detection
const allChatRecords = []; const allChatRecords = [];
for (const userDid of userDids) { for (const userDid of userDids) {
try { try {
const chatResponse = await fetch(`${atprotoApi}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(userDid)}&collection=${encodeURIComponent(collections.chat)}&limit=100`); // Use per-user PDS detection for each user's chat records
let userPdsEndpoint;
try {
const resolved = await import('./utils/pds-detection').then(m => m.resolvePdsFromRepo(userDid));
const config = await import('./utils/pds-detection').then(m => m.getNetworkConfigFromPdsEndpoint(resolved.pds));
userPdsEndpoint = config.pdsApi;
} catch {
userPdsEndpoint = atprotoApi; // Fallback
}
const chatResponse = await fetch(`${userPdsEndpoint}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(userDid)}&collection=${encodeURIComponent(collections.chat)}&limit=100`);
if (chatResponse.ok) { if (chatResponse.ok) {
const chatData = await chatResponse.json(); const chatData = await chatResponse.json();
@ -366,26 +445,49 @@ function App() {
}); });
const userComments = response.data.records || []; const userComments = response.data.records || [];
// Enhance comments with profile information if missing // Enhance comments with fresh profile information
const enhancedComments = await Promise.all( const enhancedComments = await Promise.all(
userComments.map(async (record) => { userComments.map(async (record) => {
if (!record.value.author?.avatar && record.value.author?.handle) { if (record.value.author?.handle) {
try { try {
const profile = await agent.getProfile({ actor: record.value.author.handle }); // Use existing PDS detection logic
return { const handle = record.value.author.handle;
...record, const pds = detectPdsFromHandle(handle);
value: { const config = getNetworkConfigFromPdsEndpoint(`https://${pds}`);
...record.value, const apiEndpoint = config.bskyApi;
author: {
...record.value.author, const profileResponse = await fetch(`${apiEndpoint}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(handle)}`);
avatar: profile.data.avatar, if (profileResponse.ok) {
displayName: profile.data.displayName || record.value.author.handle, const profileData = await profileResponse.json();
return {
...record,
value: {
...record.value,
author: {
...record.value.author,
avatar: profileData.avatar,
displayName: profileData.displayName || handle,
_pdsEndpoint: `https://${pds}`, // Store PDS info for later use
_webUrl: config.webUrl, // Store web URL for profile links
}
} }
} };
}; } else {
// If profile fetch fails, still add PDS info for links
return {
...record,
value: {
...record.value,
author: {
...record.value.author,
_pdsEndpoint: `https://${pds}`,
_webUrl: config.webUrl,
}
}
};
}
} catch (err) { } catch (err) {
// Ignore enhancement errors // Ignore enhancement errors, use existing data
return record;
} }
} }
return record; return record;
@ -402,10 +504,20 @@ function App() {
// JSONからユーザーリストを取得 // JSONからユーザーリストを取得
const loadUsersFromRecord = async () => { const loadUsersFromRecord = async () => {
try { try {
// 管理者のユーザーリストを取得 // 管理者のユーザーリストを取得 using proper PDS detection
const adminDid = appConfig.adminDid; const adminDid = appConfig.adminDid;
// Fetching user list from admin DID
const response = await fetch(`https://bsky.social/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(adminDid)}&collection=${encodeURIComponent(getCollectionNames(appConfig.collections.base).user)}&limit=100`); // Use per-user PDS detection for admin's records
let adminPdsEndpoint;
try {
const resolved = await import('./utils/pds-detection').then(m => m.resolvePdsFromRepo(adminDid));
const config = await import('./utils/pds-detection').then(m => m.getNetworkConfigFromPdsEndpoint(resolved.pds));
adminPdsEndpoint = config.pdsApi;
} catch {
adminPdsEndpoint = 'https://bsky.social'; // Fallback
}
const response = await fetch(`${adminPdsEndpoint}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(adminDid)}&collection=${encodeURIComponent(getCollectionNames(appConfig.collections.base).user)}&limit=100`);
if (!response.ok) { if (!response.ok) {
// Failed to fetch user list from admin, using default users // Failed to fetch user list from admin, using default users
@ -429,18 +541,15 @@ function App() {
const resolvedUsers = await Promise.all( const resolvedUsers = await Promise.all(
record.value.users.map(async (user) => { record.value.users.map(async (user) => {
if (user.did && user.did.includes('-placeholder')) { if (user.did && user.did.includes('-placeholder')) {
// Resolving placeholder DID // Resolving placeholder DID using proper PDS detection
try { try {
const profileResponse = await fetch(`${appConfig.bskyPublicApi}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(user.handle)}`); const profile = await import('./utils/pds-detection').then(m => m.getProfileForUser(user.handle));
if (profileResponse.ok) { if (profile && profile.did) {
const profileData = await profileResponse.json(); // Resolved DID
if (profileData.did) { return {
// Resolved DID ...user,
return { did: profile.did
...user, };
did: profileData.did
};
}
} }
} catch (err) { } catch (err) {
// Failed to resolve DID // Failed to resolve DID
@ -464,9 +573,20 @@ function App() {
// ユーザーリスト一覧を読み込み // ユーザーリスト一覧を読み込み
const loadUserListRecords = async () => { const loadUserListRecords = async () => {
try { try {
// Loading user list records // Loading user list records using proper PDS detection
const adminDid = appConfig.adminDid; const adminDid = appConfig.adminDid;
const response = await fetch(`https://bsky.social/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(adminDid)}&collection=${encodeURIComponent(getCollectionNames(appConfig.collections.base).user)}&limit=100`);
// Use per-user PDS detection for admin's records
let adminPdsEndpoint;
try {
const resolved = await import('./utils/pds-detection').then(m => m.resolvePdsFromRepo(adminDid));
const config = await import('./utils/pds-detection').then(m => m.getNetworkConfigFromPdsEndpoint(resolved.pds));
adminPdsEndpoint = config.pdsApi;
} catch {
adminPdsEndpoint = 'https://bsky.social'; // Fallback
}
const response = await fetch(`${adminPdsEndpoint}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(adminDid)}&collection=${encodeURIComponent(getCollectionNames(appConfig.collections.base).user)}&limit=100`);
if (!response.ok) { if (!response.ok) {
// Failed to fetch user list records // Failed to fetch user list records
@ -522,9 +642,19 @@ function App() {
for (const user of knownUsers) { for (const user of knownUsers) {
try { try {
// Public API使用認証不要 // Use per-user PDS detection for repo operations
let pdsEndpoint;
try {
const resolved = await import('./utils/pds-detection').then(m => m.resolvePdsFromRepo(user.did));
const config = await import('./utils/pds-detection').then(m => m.getNetworkConfigFromPdsEndpoint(resolved.pds));
pdsEndpoint = config.pdsApi;
} catch {
// Fallback to user.pds if PDS detection fails
pdsEndpoint = user.pds;
}
const collections = getCollectionNames(appConfig.collections.base); const collections = getCollectionNames(appConfig.collections.base);
const response = await fetch(`${user.pds}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(user.did)}&collection=${encodeURIComponent(collections.comment)}&limit=100`); const response = await fetch(`${pdsEndpoint}/xrpc/com.atproto.repo.listRecords?repo=${encodeURIComponent(user.did)}&collection=${encodeURIComponent(collections.comment)}&limit=100`);
if (!response.ok) { if (!response.ok) {
continue; continue;
@ -580,19 +710,18 @@ function App() {
sortedComments.map(async (record) => { sortedComments.map(async (record) => {
if (!record.value.author?.avatar && record.value.author?.handle) { if (!record.value.author?.avatar && record.value.author?.handle) {
try { try {
// Public API でプロフィール取得 // Use per-user PDS detection for profile fetching
const profileResponse = await fetch(`${appConfig.bskyPublicApi}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(record.value.author.handle)}`); const profile = await import('./utils/pds-detection').then(m => m.getProfileForUser(record.value.author.handle));
if (profileResponse.ok) { if (profile) {
const profileData = await profileResponse.json();
return { return {
...record, ...record,
value: { value: {
...record.value, ...record.value,
author: { author: {
...record.value.author, ...record.value.author,
avatar: profileData.avatar, avatar: profile.avatar,
displayName: profileData.displayName || record.value.author.handle, displayName: profile.displayName || record.value.author.handle,
} }
} }
}; };
@ -908,12 +1037,16 @@ function App() {
}; };
// ユーザーハンドルからプロフィールURLを生成 // ユーザーハンドルからプロフィールURLを生成
const generateProfileUrl = (handle: string, did: string): string => { const generateProfileUrl = (author: any): string => {
if (handle.endsWith('.syu.is')) { // Use stored PDS info if available (from comment enhancement)
return `https://web.syu.is/profile/${did}`; if (author._webUrl) {
} else { return `${author._webUrl}/profile/${author.did}`;
return `https://bsky.app/profile/${did}`;
} }
// Fallback to handle-based detection
const pds = detectPdsFromHandle(author.handle);
const config = getNetworkConfigFromPdsEndpoint(`https://${pds}`);
return `${config.webUrl}/profile/${author.did}`;
}; };
// Rkey-based comment filtering // Rkey-based comment filtering
@ -1229,31 +1362,16 @@ function App() {
<div key={index} className="comment-item"> <div key={index} className="comment-item">
<div className="comment-header"> <div className="comment-header">
<img <img
src={generatePlaceholderAvatar(record.value.author?.handle || 'unknown')} src={record.value.author?.avatar || generatePlaceholderAvatar(record.value.author?.handle || 'unknown')}
alt="User Avatar" alt="User Avatar"
className="comment-avatar" className="comment-avatar"
ref={(img) => {
// Fetch fresh avatar from API when component mounts
if (img && record.value.author?.did) {
fetch(`${appConfig.bskyPublicApi}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(record.value.author.did)}`)
.then(res => res.json())
.then(data => {
if (data.avatar && img) {
img.src = data.avatar;
}
})
.catch(err => {
// Keep placeholder on error
});
}
}}
/> />
<div className="comment-author-info"> <div className="comment-author-info">
<span className="comment-author"> <span className="comment-author">
{record.value.author?.displayName || record.value.author?.handle || 'unknown'} {record.value.author?.displayName || record.value.author?.handle || 'unknown'}
</span> </span>
<a <a
href={generateProfileUrl(record.value.author?.handle || '', record.value.author?.did || '')} href={generateProfileUrl(record.value.author)}
target="_blank" target="_blank"
rel="noopener noreferrer" rel="noopener noreferrer"
className="comment-handle" className="comment-handle"
@ -1356,7 +1474,7 @@ function App() {
{displayName || 'unknown'} {displayName || 'unknown'}
</span> </span>
<a <a
href={generateProfileUrl(displayHandle || '', displayDid || '')} href={generateProfileUrl({ handle: displayHandle, did: displayDid })}
target="_blank" target="_blank"
rel="noopener noreferrer" rel="noopener noreferrer"
className="comment-handle" className="comment-handle"

2
oauth/src/components/Login.tsx
View File

@ -160,7 +160,7 @@ export const Login: React.FC<LoginProps> = ({ onLogin, onClose, defaultHandle })
/> />
<small> <small>
<a href="https://bsky.app/settings/app-passwords" target="_blank" rel="noopener noreferrer"> <a href={`${import.meta.env.VITE_ATPROTO_WEB_URL || 'https://bsky.app'}/settings/app-passwords`} target="_blank" rel="noopener noreferrer">
</a> </a>
使 使

25
oauth/src/components/OAuthCallback.tsx
View File

@ -7,8 +7,6 @@ interface OAuthCallbackProps {
} }
export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError }) => { export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError }) => {
console.log('=== OAUTH CALLBACK COMPONENT MOUNTED ===');
console.log('Current URL:', window.location.href);
const [isProcessing, setIsProcessing] = useState(true); const [isProcessing, setIsProcessing] = useState(true);
const [needsHandle, setNeedsHandle] = useState(false); const [needsHandle, setNeedsHandle] = useState(false);
@ -18,12 +16,10 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
useEffect(() => { useEffect(() => {
// Add timeout to prevent infinite loading // Add timeout to prevent infinite loading
const timeoutId = setTimeout(() => { const timeoutId = setTimeout(() => {
console.error('OAuth callback timeout');
onError('OAuth認証がタイムアウトしました'); onError('OAuth認証がタイムアウトしました');
}, 10000); // 10 second timeout }, 10000); // 10 second timeout
const handleCallback = async () => { const handleCallback = async () => {
console.log('=== HANDLE CALLBACK STARTED ===');
try { try {
// Handle both query params (?) and hash params (#) // Handle both query params (?) and hash params (#)
const hashParams = new URLSearchParams(window.location.hash.substring(1)); const hashParams = new URLSearchParams(window.location.hash.substring(1));
@ -35,14 +31,6 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
const error = hashParams.get('error') || queryParams.get('error'); const error = hashParams.get('error') || queryParams.get('error');
const iss = hashParams.get('iss') || queryParams.get('iss'); const iss = hashParams.get('iss') || queryParams.get('iss');
console.log('OAuth callback parameters:', {
code: code ? code.substring(0, 20) + '...' : null,
state: state,
error: error,
iss: iss,
hash: window.location.hash,
search: window.location.search
});
if (error) { if (error) {
throw new Error(`OAuth error: ${error}`); throw new Error(`OAuth error: ${error}`);
@ -52,12 +40,10 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
throw new Error('Missing OAuth parameters'); throw new Error('Missing OAuth parameters');
} }
console.log('Processing OAuth callback with params:', { code: code?.substring(0, 10) + '...', state, iss });
// Use the official BrowserOAuthClient to handle the callback // Use the official BrowserOAuthClient to handle the callback
const result = await atprotoOAuthService.handleOAuthCallback(); const result = await atprotoOAuthService.handleOAuthCallback();
if (result) { if (result) {
console.log('OAuth callback completed successfully:', result);
// Success - notify parent component // Success - notify parent component
onSuccess(result.did, result.handle); onSuccess(result.did, result.handle);
@ -66,11 +52,7 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
} }
} catch (error) { } catch (error) {
console.error('OAuth callback error:', error);
// Even if OAuth fails, try to continue with a fallback approach // Even if OAuth fails, try to continue with a fallback approach
console.warn('OAuth callback failed, attempting fallback...');
try { try {
// Create a minimal session to allow the user to proceed // Create a minimal session to allow the user to proceed
const fallbackSession = { const fallbackSession = {
@ -82,7 +64,6 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
onSuccess(fallbackSession.did, fallbackSession.handle); onSuccess(fallbackSession.did, fallbackSession.handle);
} catch (fallbackError) { } catch (fallbackError) {
console.error('Fallback also failed:', fallbackError);
onError(error instanceof Error ? error.message : 'OAuth認証に失敗しました'); onError(error instanceof Error ? error.message : 'OAuth認証に失敗しました');
} }
} finally { } finally {
@ -104,17 +85,13 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
const trimmedHandle = handle.trim(); const trimmedHandle = handle.trim();
if (!trimmedHandle) { if (!trimmedHandle) {
console.log('Handle is empty');
return; return;
} }
console.log('Submitting handle:', trimmedHandle);
setIsProcessing(true); setIsProcessing(true);
try { try {
// Resolve DID from handle // Resolve DID from handle
const did = await atprotoOAuthService.resolveDIDFromHandle(trimmedHandle); const did = await atprotoOAuthService.resolveDIDFromHandle(trimmedHandle);
console.log('Resolved DID:', did);
// Update session with resolved DID and handle // Update session with resolved DID and handle
const updatedSession = { const updatedSession = {
@ -129,7 +106,6 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
// Success - notify parent component // Success - notify parent component
onSuccess(did, trimmedHandle); onSuccess(did, trimmedHandle);
} catch (error) { } catch (error) {
console.error('Failed to resolve DID:', error);
setIsProcessing(false); setIsProcessing(false);
onError(error instanceof Error ? error.message : 'ハンドルからDIDの解決に失敗しました'); onError(error instanceof Error ? error.message : 'ハンドルからDIDの解決に失敗しました');
} }
@ -149,7 +125,6 @@ export const OAuthCallback: React.FC<OAuthCallbackProps> = ({ onSuccess, onError
type="text" type="text"
value={handle} value={handle}
onChange={(e) => { onChange={(e) => {
console.log('Input changed:', e.target.value);
setHandle(e.target.value); setHandle(e.target.value);
}} }}
placeholder="例: syui.ai または user.bsky.social" placeholder="例: syui.ai または user.bsky.social"

6
oauth/src/components/OAuthCallbackPage.tsx
View File

@ -6,14 +6,9 @@ export const OAuthCallbackPage: React.FC = () => {
const navigate = useNavigate(); const navigate = useNavigate();
useEffect(() => { useEffect(() => {
console.log('=== OAUTH CALLBACK PAGE MOUNTED ===');
console.log('Current URL:', window.location.href);
console.log('Search params:', window.location.search);
console.log('Pathname:', window.location.pathname);
}, []); }, []);
const handleSuccess = (did: string, handle: string) => { const handleSuccess = (did: string, handle: string) => {
console.log('OAuth success, redirecting to home:', { did, handle });
// Add a small delay to ensure state is properly updated // Add a small delay to ensure state is properly updated
setTimeout(() => { setTimeout(() => {
@ -22,7 +17,6 @@ export const OAuthCallbackPage: React.FC = () => {
}; };
const handleError = (error: string) => { const handleError = (error: string) => {
console.error('OAuth error, redirecting to home:', error);
// Add a small delay before redirect // Add a small delay before redirect
setTimeout(() => { setTimeout(() => {

30
oauth/src/config/app.ts
View File

@ -1,7 +1,12 @@
// Application configuration // Application configuration
export interface AppConfig { export interface AppConfig {
adminDid: string; adminDid: string;
adminHandle: string;
aiDid: string; aiDid: string;
aiHandle: string;
aiDisplayName: string;
aiAvatar: string;
aiDescription: string;
collections: { collections: {
base: string; // Base collection like "ai.syui.log" base: string; // Base collection like "ai.syui.log"
}; };
@ -13,6 +18,9 @@ export interface AppConfig {
aiModel: string; aiModel: string;
aiHost: string; aiHost: string;
aiSystemPrompt: string; aiSystemPrompt: string;
allowedHandles: string[]; // Handles allowed for OAuth authentication
atprotoPds: string; // Configured PDS for admin/ai handles
// Legacy - prefer per-user PDS detection
bskyPublicApi: string; bskyPublicApi: string;
atprotoApi: string; atprotoApi: string;
} }
@ -77,7 +85,12 @@ function extractRkeyFromUrl(): string | undefined {
export function getAppConfig(): AppConfig { export function getAppConfig(): AppConfig {
const host = import.meta.env.VITE_APP_HOST || 'https://log.syui.ai'; const host = import.meta.env.VITE_APP_HOST || 'https://log.syui.ai';
const adminDid = import.meta.env.VITE_ADMIN_DID || 'did:plc:uqzpqmrjnptsxezjx4xuh2mn'; const adminDid = import.meta.env.VITE_ADMIN_DID || 'did:plc:uqzpqmrjnptsxezjx4xuh2mn';
const adminHandle = import.meta.env.VITE_ADMIN_HANDLE || 'syui.ai';
const aiDid = import.meta.env.VITE_AI_DID || 'did:plc:4hqjfn7m6n5hno3doamuhgef'; const aiDid = import.meta.env.VITE_AI_DID || 'did:plc:4hqjfn7m6n5hno3doamuhgef';
const aiHandle = import.meta.env.VITE_AI_HANDLE || 'yui.syui.ai';
const aiDisplayName = import.meta.env.VITE_AI_DISPLAY_NAME || 'ai';
const aiAvatar = import.meta.env.VITE_AI_AVATAR || '';
const aiDescription = import.meta.env.VITE_AI_DESCRIPTION || '';
// Priority: Environment variables > Auto-generated from host // Priority: Environment variables > Auto-generated from host
const autoGeneratedBase = generateBaseCollectionFromHost(host); const autoGeneratedBase = generateBaseCollectionFromHost(host);
@ -101,13 +114,28 @@ export function getAppConfig(): AppConfig {
const aiModel = import.meta.env.VITE_AI_MODEL || 'gemma2:2b'; const aiModel = import.meta.env.VITE_AI_MODEL || 'gemma2:2b';
const aiHost = import.meta.env.VITE_AI_HOST || 'https://ollama.syui.ai'; const aiHost = import.meta.env.VITE_AI_HOST || 'https://ollama.syui.ai';
const aiSystemPrompt = import.meta.env.VITE_AI_SYSTEM_PROMPT || 'You are a helpful AI assistant trained on this blog\'s content.'; const aiSystemPrompt = import.meta.env.VITE_AI_SYSTEM_PROMPT || 'You are a helpful AI assistant trained on this blog\'s content.';
const atprotoPds = import.meta.env.VITE_ATPROTO_PDS || 'syu.is';
const bskyPublicApi = import.meta.env.VITE_BSKY_PUBLIC_API || 'https://public.api.bsky.app'; const bskyPublicApi = import.meta.env.VITE_BSKY_PUBLIC_API || 'https://public.api.bsky.app';
const atprotoApi = import.meta.env.VITE_ATPROTO_API || 'https://bsky.social'; const atprotoApi = import.meta.env.VITE_ATPROTO_API || 'https://bsky.social';
// Parse allowed handles list
const allowedHandlesStr = import.meta.env.VITE_ATPROTO_HANDLE_LIST || '[]';
let allowedHandles: string[] = [];
try {
allowedHandles = JSON.parse(allowedHandlesStr);
} catch {
// If parsing fails, allow all handles (empty array means no restriction)
allowedHandles = [];
}
return { return {
adminDid, adminDid,
adminHandle,
aiDid, aiDid,
aiHandle,
aiDisplayName,
aiAvatar,
aiDescription,
collections, collections,
host, host,
rkey, rkey,
@ -117,6 +145,8 @@ export function getAppConfig(): AppConfig {
aiModel, aiModel,
aiHost, aiHost,
aiSystemPrompt, aiSystemPrompt,
allowedHandles,
atprotoPds,
bskyPublicApi, bskyPublicApi,
atprotoApi atprotoApi
}; };

2
oauth/src/main.tsx
View File

@ -12,10 +12,8 @@ import { OAuthEndpointHandler } from './utils/oauth-endpoints'
// Mount React app to all comment-atproto divs // Mount React app to all comment-atproto divs
const mountPoints = document.querySelectorAll('#comment-atproto'); const mountPoints = document.querySelectorAll('#comment-atproto');
console.log(`Found ${mountPoints.length} comment-atproto mount points`);
mountPoints.forEach((mountPoint, index) => { mountPoints.forEach((mountPoint, index) => {
console.log(`Mounting React app to comment-atproto #${index + 1}`);
ReactDOM.createRoot(mountPoint as HTMLElement).render( ReactDOM.createRoot(mountPoint as HTMLElement).render(
<React.StrictMode> <React.StrictMode>
<BrowserRouter> <BrowserRouter>

293
oauth/src/utils/pds-detection.ts Normal file
View File

@ -0,0 +1,293 @@
// PDS Detection and API URL mapping utilities
export interface NetworkConfig {
pdsApi: string;
plcApi: string;
bskyApi: string;
webUrl: string;
}
// Detect PDS from handle
export function detectPdsFromHandle(handle: string): string {
if (handle.endsWith('.syu.is')) {
return 'syu.is';
}
if (handle.endsWith('.bsky.social') || handle.endsWith('.bsky.app')) {
return 'bsky.social';
}
// Default to Bluesky for unknown domains
return 'bsky.social';
}
// Map PDS endpoint to network configuration
export function getNetworkConfigFromPdsEndpoint(pdsEndpoint: string): NetworkConfig {
try {
const url = new URL(pdsEndpoint);
const hostname = url.hostname;
// Map based on actual PDS endpoint
if (hostname === 'syu.is') {
return {
pdsApi: 'https://syu.is', // PDS API (repo operations)
plcApi: 'https://plc.syu.is', // PLC directory
bskyApi: 'https://bsky.syu.is', // Bluesky API (getProfile, etc.)
webUrl: 'https://web.syu.is' // Web interface
};
} else if (hostname.includes('bsky.network') || hostname === 'bsky.social' || hostname.includes('host.bsky.network')) {
// All Bluesky infrastructure (including *.host.bsky.network)
return {
pdsApi: pdsEndpoint, // Use actual PDS endpoint (e.g., shiitake.us-east.host.bsky.network)
plcApi: 'https://plc.directory', // Standard PLC directory
bskyApi: 'https://public.api.bsky.app', // Bluesky public API (NOT PDS)
webUrl: 'https://bsky.app' // Bluesky web interface
};
} else {
// Unknown PDS, assume Bluesky-compatible but use PDS for repo operations
return {
pdsApi: pdsEndpoint, // Use actual PDS for repo ops
plcApi: 'https://plc.directory', // Default PLC
bskyApi: 'https://public.api.bsky.app', // Default to Bluesky API
webUrl: 'https://bsky.app' // Default web interface
};
}
} catch (error) {
// Fallback for invalid URLs
return {
pdsApi: 'https://bsky.social',
plcApi: 'https://plc.directory',
bskyApi: 'https://public.api.bsky.app',
webUrl: 'https://bsky.app'
};
}
}
// Legacy function for backwards compatibility
export function getNetworkConfig(pds: string): NetworkConfig {
// This now assumes pds is a hostname
return getNetworkConfigFromPdsEndpoint(`https://${pds}`);
}
// Get appropriate API URL for a user based on their handle
export function getApiUrlForUser(handle: string): string {
const pds = detectPdsFromHandle(handle);
const config = getNetworkConfig(pds);
return config.bskyApi;
}
// Resolve handle/DID to actual PDS endpoint using com.atproto.repo.describeRepo
export async function resolvePdsFromRepo(handleOrDid: string): Promise<{ pds: string; did: string; handle: string }> {
let targetDid = handleOrDid;
let targetHandle = handleOrDid;
// If handle provided, resolve to DID first using identity.resolveHandle
if (!handleOrDid.startsWith('did:')) {
try {
// Try multiple endpoints for handle resolution
const resolveEndpoints = ['https://public.api.bsky.app', 'https://bsky.syu.is'];
let resolved = false;
for (const endpoint of resolveEndpoints) {
try {
const resolveResponse = await fetch(`${endpoint}/xrpc/com.atproto.identity.resolveHandle?handle=${encodeURIComponent(handleOrDid)}`);
if (resolveResponse.ok) {
const resolveData = await resolveResponse.json();
targetDid = resolveData.did;
resolved = true;
break;
}
} catch (error) {
continue;
}
}
if (!resolved) {
throw new Error('Handle resolution failed from all endpoints');
}
} catch (error) {
throw new Error(`Failed to resolve handle ${handleOrDid} to DID: ${error}`);
}
}
// Now use com.atproto.repo.describeRepo to get PDS from known PDS endpoints
const pdsEndpoints = ['https://bsky.social', 'https://syu.is'];
for (const pdsEndpoint of pdsEndpoints) {
try {
const response = await fetch(`${pdsEndpoint}/xrpc/com.atproto.repo.describeRepo?repo=${encodeURIComponent(targetDid)}`);
if (response.ok) {
const data = await response.json();
// Extract PDS from didDoc.service
const services = data.didDoc?.service || [];
const pdsService = services.find((s: any) =>
s.id === '#atproto_pds' || s.type === 'AtprotoPersonalDataServer'
);
if (pdsService) {
return {
pds: pdsService.serviceEndpoint,
did: data.did || targetDid,
handle: data.handle || targetHandle
};
}
}
} catch (error) {
continue;
}
}
throw new Error(`Failed to resolve PDS for ${handleOrDid} from any endpoint`);
}
// Resolve DID to actual PDS endpoint using com.atproto.repo.describeRepo
export async function resolvePdsFromDid(did: string): Promise<string> {
const resolved = await resolvePdsFromRepo(did);
return resolved.pds;
}
// Enhanced resolve handle to DID with proper PDS detection
export async function resolveHandleToDid(handle: string): Promise<{ did: string; pds: string }> {
try {
// First, try to resolve the handle to DID using multiple methods
const apiUrl = getApiUrlForUser(handle);
const response = await fetch(`${apiUrl}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(handle)}`);
if (!response.ok) {
throw new Error(`Failed to resolve handle: ${response.status}`);
}
const data = await response.json();
const did = data.did;
// Now resolve the actual PDS from the DID
const actualPds = await resolvePdsFromDid(did);
return {
did: did,
pds: actualPds
};
} catch (error) {
console.error(`Failed to resolve handle ${handle}:`, error);
// Fallback to handle-based detection
const fallbackPds = detectPdsFromHandle(handle);
throw error;
}
}
// Get profile using appropriate API for the user with accurate PDS resolution
export async function getProfileForUser(handleOrDid: string, knownPdsEndpoint?: string): Promise<any> {
try {
let apiUrl: string;
if (knownPdsEndpoint) {
// If we already know the user's PDS endpoint, use it directly
const config = getNetworkConfigFromPdsEndpoint(knownPdsEndpoint);
apiUrl = config.bskyApi;
} else {
// Resolve the user's actual PDS using describeRepo
try {
const resolved = await resolvePdsFromRepo(handleOrDid);
const config = getNetworkConfigFromPdsEndpoint(resolved.pds);
apiUrl = config.bskyApi;
} catch {
// Fallback to handle-based detection
apiUrl = getApiUrlForUser(handleOrDid);
}
}
const response = await fetch(`${apiUrl}/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(handleOrDid)}`);
if (!response.ok) {
throw new Error(`Failed to get profile: ${response.status}`);
}
return await response.json();
} catch (error) {
console.error(`Failed to get profile for ${handleOrDid}:`, error);
// Final fallback: try with default Bluesky API
try {
const response = await fetch(`https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(handleOrDid)}`);
if (response.ok) {
return await response.json();
}
} catch {
// Ignore fallback errors
}
throw error;
}
}
// Test and verify PDS detection methods
export async function verifyPdsDetection(handleOrDid: string): Promise<void> {
try {
// Method 1: com.atproto.repo.describeRepo (PRIMARY METHOD)
try {
const resolved = await resolvePdsFromRepo(handleOrDid);
const config = getNetworkConfigFromPdsEndpoint(resolved.pds);
} catch (error) {
// describeRepo failed
}
// Method 2: com.atproto.identity.resolveHandle (for comparison)
if (!handleOrDid.startsWith('did:')) {
try {
const resolveResponse = await fetch(`https://public.api.bsky.app/xrpc/com.atproto.identity.resolveHandle?handle=${encodeURIComponent(handleOrDid)}`);
if (resolveResponse.ok) {
const resolveData = await resolveResponse.json();
}
} catch (error) {
// Error resolving handle
}
}
// Method 3: PLC Directory lookup (if we have a DID)
let targetDid = handleOrDid;
if (!handleOrDid.startsWith('did:')) {
try {
const profile = await getProfileForUser(handleOrDid);
targetDid = profile.did;
} catch {
return;
}
}
try {
const plcResponse = await fetch(`https://plc.directory/${targetDid}`);
if (plcResponse.ok) {
const didDocument = await plcResponse.json();
// Find PDS service
const pdsService = didDocument.service?.find((s: any) =>
s.id === '#atproto_pds' || s.type === 'AtprotoPersonalDataServer'
);
if (pdsService) {
// Try to detect if this is a known network
const pdsUrl = pdsService.serviceEndpoint;
const hostname = new URL(pdsUrl).hostname;
const detectedNetwork = detectPdsFromHandle(`user.${hostname}`);
const networkConfig = getNetworkConfig(hostname);
}
}
} catch (error) {
// Error fetching from PLC directory
}
// Method 4: Our enhanced resolution
try {
if (handleOrDid.startsWith('did:')) {
const pdsEndpoint = await resolvePdsFromDid(handleOrDid);
} else {
const resolved = await resolveHandleToDid(handleOrDid);
}
} catch (error) {
// Enhanced resolution failed
}
} catch (error) {
// Overall verification failed
}
}

0
scpt/delete-chat-records.zsh Normal file → Executable file
View File

24
src/commands/auth.rs
View File

@ -154,8 +154,16 @@ pub async fn init() -> Result<()> {
async fn resolve_did(handle: &str) -> Result<String> { async fn resolve_did(handle: &str) -> Result<String> {
let client = reqwest::Client::new(); let client = reqwest::Client::new();
let url = format!("https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor={}",
urlencoding::encode(handle)); // Use appropriate API based on handle domain
let api_base = if handle.ends_with(".syu.is") {
"https://bsky.syu.is"
} else {
"https://public.api.bsky.app"
};
let url = format!("{}/xrpc/app.bsky.actor.getProfile?actor={}",
api_base, urlencoding::encode(handle));
let response = client.get(&url).send().await?; let response = client.get(&url).send().await?;
@ -202,8 +210,16 @@ pub async fn status() -> Result<()> {
async fn test_api_access(config: &AuthConfig) -> Result<()> { async fn test_api_access(config: &AuthConfig) -> Result<()> {
let client = reqwest::Client::new(); let client = reqwest::Client::new();
let url = format!("https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor={}",
urlencoding::encode(&config.admin.handle)); // Use appropriate API based on handle domain
let api_base = if config.admin.handle.ends_with(".syu.is") {
"https://bsky.syu.is"
} else {
"https://public.api.bsky.app"
};
let url = format!("{}/xrpc/app.bsky.actor.getProfile?actor={}",
api_base, urlencoding::encode(&config.admin.handle));
let response = client.get(&url).send().await?; let response = client.get(&url).send().await?;

143
src/commands/oauth.rs
View File

@ -3,6 +3,8 @@ use std::path::{Path, PathBuf};
use std::fs; use std::fs;
use std::process::Command; use std::process::Command;
use toml::Value; use toml::Value;
use serde_json;
use reqwest;
pub async fn build(project_dir: PathBuf) -> Result<()> { pub async fn build(project_dir: PathBuf) -> Result<()> {
println!("Building OAuth app for project: {}", project_dir.display()); println!("Building OAuth app for project: {}", project_dir.display());
@ -41,20 +43,28 @@ pub async fn build(project_dir: PathBuf) -> Result<()> {
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("oauth/callback"); .unwrap_or("oauth/callback");
let admin_did = oauth_config.get("admin") // Get admin handle instead of DID
let admin_handle = oauth_config.get("admin")
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.ok_or_else(|| anyhow::anyhow!("No admin DID found in [oauth] section"))?; .ok_or_else(|| anyhow::anyhow!("No admin handle found in [oauth] section"))?;
let collection_base = oauth_config.get("collection") let collection_base = oauth_config.get("collection")
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("ai.syui.log"); .unwrap_or("ai.syui.log");
// Get handle list for authentication restriction
let handle_list = oauth_config.get("handle_list")
.and_then(|v| v.as_array())
.map(|arr| arr.iter().filter_map(|v| v.as_str()).collect::<Vec<&str>>())
.unwrap_or_else(|| vec![]);
// Extract AI configuration from ai config if available // Extract AI configuration from ai config if available
let ai_config = config.get("ai").and_then(|v| v.as_table()); let ai_config = config.get("ai").and_then(|v| v.as_table());
let ai_did = ai_config // Get AI handle from config
.and_then(|ai_table| ai_table.get("ai_did")) let ai_handle = ai_config
.and_then(|ai_table| ai_table.get("ai_handle"))
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("did:plc:4hqjfn7m6n5hno3doamuhgef"); .unwrap_or("yui.syui.ai");
let ai_enabled = ai_config let ai_enabled = ai_config
.and_then(|ai_table| ai_table.get("enabled")) .and_then(|ai_table| ai_table.get("enabled"))
.and_then(|v| v.as_bool()) .and_then(|v| v.as_bool())
@ -80,26 +90,55 @@ pub async fn build(project_dir: PathBuf) -> Result<()> {
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。 相手のことが大好きで、ときどき甘えたり、照れたりします。 でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。"); .unwrap_or("あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。 相手のことが大好きで、ときどき甘えたり、照れたりします。 でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。");
// Extract bsky_api from oauth config // Determine network configuration based on PDS
let bsky_api = oauth_config.get("bsky_api") let pds = oauth_config.get("pds")
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("https://public.api.bsky.app"); .unwrap_or("bsky.social");
// Extract atproto_api from oauth config let (bsky_api, _atproto_api, web_url) = match pds {
let atproto_api = oauth_config.get("atproto_api") "syu.is" => (
.and_then(|v| v.as_str()) "https://bsky.syu.is",
.unwrap_or("https://bsky.social"); "https://syu.is",
"https://web.syu.is"
),
"bsky.social" | "bsky.app" => (
"https://public.api.bsky.app",
"https://bsky.social",
"https://bsky.app"
),
_ => (
"https://public.api.bsky.app",
"https://bsky.social",
"https://bsky.app"
)
};
// 4. Create .env.production content // Resolve handles to DIDs using appropriate API
println!("🔍 Resolving admin handle: {}", admin_handle);
let admin_did = resolve_handle_to_did(admin_handle, &bsky_api).await
.with_context(|| format!("Failed to resolve admin handle: {}", admin_handle))?;
println!("🔍 Resolving AI handle: {}", ai_handle);
let ai_did = resolve_handle_to_did(ai_handle, &bsky_api).await
.with_context(|| format!("Failed to resolve AI handle: {}", ai_handle))?;
println!("✅ Admin DID: {}", admin_did);
println!("✅ AI DID: {}", ai_did);
// 4. Create .env.production content with handle-based configuration
let env_content = format!( let env_content = format!(
r#"# Production environment variables r#"# Production environment variables
VITE_APP_HOST={} VITE_APP_HOST={}
VITE_OAUTH_CLIENT_ID={}/{} VITE_OAUTH_CLIENT_ID={}/{}
VITE_OAUTH_REDIRECT_URI={}/{} VITE_OAUTH_REDIRECT_URI={}/{}
VITE_ADMIN_DID={}
# Base collection (all others are derived via getCollectionNames) # Handle-based Configuration (DIDs resolved at runtime)
VITE_ATPROTO_PDS={}
VITE_ADMIN_HANDLE={}
VITE_AI_HANDLE={}
VITE_OAUTH_COLLECTION={} VITE_OAUTH_COLLECTION={}
VITE_ATPROTO_WEB_URL={}
VITE_ATPROTO_HANDLE_LIST={}
# AI Configuration # AI Configuration
VITE_AI_ENABLED={} VITE_AI_ENABLED={}
@ -108,26 +147,28 @@ VITE_AI_PROVIDER={}
VITE_AI_MODEL={} VITE_AI_MODEL={}
VITE_AI_HOST={} VITE_AI_HOST={}
VITE_AI_SYSTEM_PROMPT="{}" VITE_AI_SYSTEM_PROMPT="{}"
VITE_AI_DID={}
# API Configuration # DIDs (resolved from handles - for backward compatibility)
VITE_BSKY_PUBLIC_API={} #VITE_ADMIN_DID={}
VITE_ATPROTO_API={} #VITE_AI_DID={}
"#, "#,
base_url, base_url,
base_url, client_id_path, base_url, client_id_path,
base_url, redirect_path, base_url, redirect_path,
admin_did, pds,
admin_handle,
ai_handle,
collection_base, collection_base,
web_url,
format!("[{}]", handle_list.iter().map(|h| format!("\"{}\"", h)).collect::<Vec<_>>().join(",")),
ai_enabled, ai_enabled,
ai_ask_ai, ai_ask_ai,
ai_provider, ai_provider,
ai_model, ai_model,
ai_host, ai_host,
ai_system_prompt, ai_system_prompt,
ai_did, admin_did,
bsky_api, ai_did
atproto_api
); );
// 5. Find oauth directory (relative to current working directory) // 5. Find oauth directory (relative to current working directory)
@ -238,4 +279,60 @@ fn copy_dir_recursive(src: &Path, dst: &Path) -> Result<()> {
} }
Ok(()) Ok(())
}
// Handle-to-DID resolution with proper PDS detection
async fn resolve_handle_to_did(handle: &str, _api_base: &str) -> Result<String> {
let client = reqwest::Client::new();
// First, try to resolve handle to DID using multiple endpoints
let bsky_endpoints = ["https://public.api.bsky.app", "https://bsky.syu.is"];
let mut resolved_did = None;
for endpoint in &bsky_endpoints {
let url = format!("{}/xrpc/app.bsky.actor.getProfile?actor={}",
endpoint, urlencoding::encode(handle));
if let Ok(response) = client.get(&url).send().await {
if response.status().is_success() {
if let Ok(profile) = response.json::<serde_json::Value>().await {
if let Some(did) = profile["did"].as_str() {
resolved_did = Some(did.to_string());
break;
}
}
}
}
}
let did = resolved_did
.ok_or_else(|| anyhow::anyhow!("Failed to resolve handle '{}' from any endpoint", handle))?;
// Now verify the DID and get actual PDS using com.atproto.repo.describeRepo
let pds_endpoints = ["https://bsky.social", "https://syu.is"];
for pds in &pds_endpoints {
let describe_url = format!("{}/xrpc/com.atproto.repo.describeRepo?repo={}",
pds, urlencoding::encode(&did));
if let Ok(response) = client.get(&describe_url).send().await {
if response.status().is_success() {
if let Ok(data) = response.json::<serde_json::Value>().await {
if let Some(services) = data["didDoc"]["service"].as_array() {
if services.iter().any(|s|
s["id"] == "#atproto_pds" || s["type"] == "AtprotoPersonalDataServer"
) {
// DID is valid and has PDS service
println!("✅ Verified DID {} has PDS via {}", did, pds);
return Ok(did);
}
}
}
}
}
}
// If PDS verification fails, still return the DID but warn
println!("⚠️ Could not verify PDS for DID {}, but proceeding...", did);
Ok(did)
} }

211
src/commands/stream.rs
View File

@ -14,27 +14,70 @@ use reqwest;
use super::auth::{load_config, load_config_with_refresh, AuthConfig}; use super::auth::{load_config, load_config_with_refresh, AuthConfig};
// PDS-based network configuration mapping
fn get_network_config(pds: &str) -> NetworkConfig {
match pds {
"bsky.social" | "bsky.app" => NetworkConfig {
pds_api: format!("https://{}", pds),
plc_api: "https://plc.directory".to_string(),
bsky_api: "https://public.api.bsky.app".to_string(),
web_url: "https://bsky.app".to_string(),
},
"syu.is" => NetworkConfig {
pds_api: "https://syu.is".to_string(),
plc_api: "https://plc.syu.is".to_string(),
bsky_api: "https://bsky.syu.is".to_string(),
web_url: "https://web.syu.is".to_string(),
},
_ => {
// Default to Bluesky network for unknown PDS
NetworkConfig {
pds_api: format!("https://{}", pds),
plc_api: "https://plc.directory".to_string(),
bsky_api: "https://public.api.bsky.app".to_string(),
web_url: "https://bsky.app".to_string(),
}
}
}
}
#[derive(Debug, Clone)]
#[allow(dead_code)]
struct NetworkConfig {
pds_api: String,
plc_api: String,
bsky_api: String,
web_url: String,
}
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
struct AiConfig { struct AiConfig {
blog_host: String, blog_host: String,
ollama_host: String, ollama_host: String,
ai_did: String, #[allow(dead_code)]
ai_handle: String,
ai_did: String, // Resolved from ai_handle at runtime
model: String, model: String,
system_prompt: String, system_prompt: String,
#[allow(dead_code)]
bsky_api: String, bsky_api: String,
num_predict: Option<i32>, num_predict: Option<i32>,
network: NetworkConfig,
} }
impl Default for AiConfig { impl Default for AiConfig {
fn default() -> Self { fn default() -> Self {
let default_network = get_network_config("bsky.social");
Self { Self {
blog_host: "https://syui.ai".to_string(), blog_host: "https://syui.ai".to_string(),
ollama_host: "https://ollama.syui.ai".to_string(), ollama_host: "https://ollama.syui.ai".to_string(),
ai_did: "did:plc:4hqjfn7m6n5hno3doamuhgef".to_string(), ai_handle: "yui.syui.ai".to_string(),
ai_did: "did:plc:4hqjfn7m6n5hno3doamuhgef".to_string(), // Fallback DID
model: "gemma3:4b".to_string(), model: "gemma3:4b".to_string(),
system_prompt: "あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。相手のことが大好きで、ときどき甘えたり、照れたりします。でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。".to_string(), system_prompt: "あなたは6歳の女の子アイです。明るく元気で、ちょっとおっちょこちょい。自分のことは「アイ」って呼びます。白と金のワンピース姿。相手のことが大好きで、ときどき甘えたり、照れたりします。でも、宇宙とかAIとか、難しい話にもすっごく詳しいの。専門的なことも、がんばって子どもっぽく教えようとします。不思議な力を持っています。小さい物質のことをよく知っているようです。".to_string(),
bsky_api: "https://public.api.bsky.app".to_string(), bsky_api: default_network.bsky_api.clone(),
num_predict: None, num_predict: None,
network: default_network,
} }
} }
} }
@ -178,7 +221,14 @@ fn load_ai_config_from_project() -> Result<AiConfig> {
.unwrap_or("https://ollama.syui.ai") .unwrap_or("https://ollama.syui.ai")
.to_string(); .to_string();
let ai_did = ai_config // Read AI handle (preferred) or fallback to AI DID
let ai_handle = ai_config
.and_then(|ai| ai.get("ai_handle"))
.and_then(|v| v.as_str())
.unwrap_or("yui.syui.ai")
.to_string();
let fallback_ai_did = ai_config
.and_then(|ai| ai.get("ai_did")) .and_then(|ai| ai.get("ai_did"))
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("did:plc:4hqjfn7m6n5hno3doamuhgef") .unwrap_or("did:plc:4hqjfn7m6n5hno3doamuhgef")
@ -201,25 +251,50 @@ fn load_ai_config_from_project() -> Result<AiConfig> {
.and_then(|v| v.as_integer()) .and_then(|v| v.as_integer())
.map(|v| v as i32); .map(|v| v as i32);
// Extract OAuth config for bsky_api // Extract OAuth config to determine network
let oauth_config = config.get("oauth").and_then(|v| v.as_table()); let oauth_config = config.get("oauth").and_then(|v| v.as_table());
let bsky_api = oauth_config let pds = oauth_config
.and_then(|oauth| oauth.get("bsky_api")) .and_then(|oauth| oauth.get("pds"))
.and_then(|v| v.as_str()) .and_then(|v| v.as_str())
.unwrap_or("https://public.api.bsky.app") .unwrap_or("bsky.social")
.to_string(); .to_string();
// Get network configuration based on PDS
let network = get_network_config(&pds);
let bsky_api = network.bsky_api.clone();
Ok(AiConfig { Ok(AiConfig {
blog_host, blog_host,
ollama_host, ollama_host,
ai_did, ai_handle,
ai_did: fallback_ai_did, // Will be resolved from handle at runtime
model, model,
system_prompt, system_prompt,
bsky_api, bsky_api,
num_predict, num_predict,
network,
}) })
} }
// Async version of load_ai_config_from_project that resolves handles to DIDs
#[allow(dead_code)]
async fn load_ai_config_with_did_resolution() -> Result<AiConfig> {
let mut ai_config = load_ai_config_from_project()?;
// Resolve AI handle to DID
match resolve_handle(&ai_config.ai_handle, &ai_config.network).await {
Ok(resolved_did) => {
ai_config.ai_did = resolved_did;
println!("🔍 Resolved AI handle '{}' to DID: {}", ai_config.ai_handle, ai_config.ai_did);
}
Err(e) => {
println!("⚠️ Failed to resolve AI handle '{}': {}. Using fallback DID.", ai_config.ai_handle, e);
}
}
Ok(ai_config)
}
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
struct JetstreamMessage { struct JetstreamMessage {
collection: Option<String>, collection: Option<String>,
@ -517,7 +592,8 @@ async fn handle_message(text: &str, config: &mut AuthConfig) -> Result<()> {
println!(" 👤 Author DID: {}", did); println!(" 👤 Author DID: {}", did);
// Resolve handle // Resolve handle
match resolve_handle(did).await { let ai_config = load_ai_config_from_project().unwrap_or_default();
match resolve_handle(did, &ai_config.network).await {
Ok(handle) => { Ok(handle) => {
println!(" 🏷️ Handle: {}", handle.cyan()); println!(" 🏷️ Handle: {}", handle.cyan());
@ -538,11 +614,37 @@ async fn handle_message(text: &str, config: &mut AuthConfig) -> Result<()> {
Ok(()) Ok(())
} }
async fn resolve_handle(did: &str) -> Result<String> { async fn resolve_handle(did: &str, _network: &NetworkConfig) -> Result<String> {
let client = reqwest::Client::new(); let client = reqwest::Client::new();
// Use default bsky API for handle resolution
let url = format!("https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor={}", // First try to resolve PDS from DID using com.atproto.repo.describeRepo
urlencoding::encode(did)); let pds_endpoints = ["https://bsky.social", "https://syu.is"];
let mut resolved_pds = None;
for pds in &pds_endpoints {
let describe_url = format!("{}/xrpc/com.atproto.repo.describeRepo?repo={}", pds, urlencoding::encode(did));
if let Ok(response) = client.get(&describe_url).send().await {
if response.status().is_success() {
if let Ok(data) = response.json::<Value>().await {
if let Some(services) = data["didDoc"]["service"].as_array() {
if let Some(pds_service) = services.iter().find(|s|
s["id"] == "#atproto_pds" || s["type"] == "AtprotoPersonalDataServer"
) {
if let Some(endpoint) = pds_service["serviceEndpoint"].as_str() {
resolved_pds = Some(get_network_config_from_pds(endpoint));
break;
}
}
}
}
}
}
}
// Use resolved PDS or fallback to Bluesky
let network_config = resolved_pds.unwrap_or_else(|| get_network_config("bsky.social"));
let url = format!("{}/xrpc/app.bsky.actor.getProfile?actor={}",
network_config.bsky_api, urlencoding::encode(did));
let response = client.get(&url).send().await?; let response = client.get(&url).send().await?;
@ -557,6 +659,26 @@ async fn resolve_handle(did: &str) -> Result<String> {
Ok(handle.to_string()) Ok(handle.to_string())
} }
// Helper function to get network config from PDS endpoint
fn get_network_config_from_pds(pds_endpoint: &str) -> NetworkConfig {
if pds_endpoint.contains("syu.is") {
NetworkConfig {
pds_api: pds_endpoint.to_string(),
plc_api: "https://plc.syu.is".to_string(),
bsky_api: "https://bsky.syu.is".to_string(),
web_url: "https://web.syu.is".to_string(),
}
} else {
// Default to Bluesky infrastructure
NetworkConfig {
pds_api: pds_endpoint.to_string(),
plc_api: "https://plc.directory".to_string(),
bsky_api: "https://public.api.bsky.app".to_string(),
web_url: "https://bsky.app".to_string(),
}
}
}
async fn update_user_list(config: &mut AuthConfig, did: &str, handle: &str) -> Result<()> { async fn update_user_list(config: &mut AuthConfig, did: &str, handle: &str) -> Result<()> {
// Get current user list // Get current user list
let current_users = get_current_user_list(config).await?; let current_users = get_current_user_list(config).await?;
@ -569,18 +691,36 @@ async fn update_user_list(config: &mut AuthConfig, did: &str, handle: &str) -> R
println!(" Adding new user to list: {}", handle.green()); println!(" Adding new user to list: {}", handle.green());
// Detect PDS // Detect PDS using proper resolution from DID
let pds = if handle.ends_with(".syu.is") { let client = reqwest::Client::new();
"https://syu.is" let pds_endpoints = ["https://bsky.social", "https://syu.is"];
} else { let mut detected_pds = "https://bsky.social".to_string(); // Default fallback
"https://bsky.social"
}; for pds in &pds_endpoints {
let describe_url = format!("{}/xrpc/com.atproto.repo.describeRepo?repo={}", pds, urlencoding::encode(did));
if let Ok(response) = client.get(&describe_url).send().await {
if response.status().is_success() {
if let Ok(data) = response.json::<Value>().await {
if let Some(services) = data["didDoc"]["service"].as_array() {
if let Some(pds_service) = services.iter().find(|s|
s["id"] == "#atproto_pds" || s["type"] == "AtprotoPersonalDataServer"
) {
if let Some(endpoint) = pds_service["serviceEndpoint"].as_str() {
detected_pds = endpoint.to_string();
break;
}
}
}
}
}
}
}
// Add new user // Add new user
let new_user = UserRecord { let new_user = UserRecord {
did: did.to_string(), did: did.to_string(),
handle: handle.to_string(), handle: handle.to_string(),
pds: pds.to_string(), pds: detected_pds,
}; };
let mut updated_users = current_users; let mut updated_users = current_users;
@ -891,7 +1031,8 @@ async fn poll_comments_periodically(mut config: AuthConfig) -> Result<()> {
println!(" 👤 Author DID: {}", did); println!(" 👤 Author DID: {}", did);
// Resolve handle and update user list // Resolve handle and update user list
match resolve_handle(&did).await { let ai_config = load_ai_config_from_project().unwrap_or_default();
match resolve_handle(&did, &ai_config.network).await {
Ok(handle) => { Ok(handle) => {
println!(" 🏷️ Handle: {}", handle.cyan()); println!(" 🏷️ Handle: {}", handle.cyan());
@ -1311,8 +1452,32 @@ fn extract_date_from_slug(slug: &str) -> String {
} }
async fn get_ai_profile(client: &reqwest::Client, ai_config: &AiConfig) -> Result<serde_json::Value> { async fn get_ai_profile(client: &reqwest::Client, ai_config: &AiConfig) -> Result<serde_json::Value> {
// Resolve AI's actual PDS first
let pds_endpoints = ["https://bsky.social", "https://syu.is"];
let mut network_config = get_network_config("bsky.social"); // Default fallback
for pds in &pds_endpoints {
let describe_url = format!("{}/xrpc/com.atproto.repo.describeRepo?repo={}", pds, urlencoding::encode(&ai_config.ai_did));
if let Ok(response) = client.get(&describe_url).send().await {
if response.status().is_success() {
if let Ok(data) = response.json::<Value>().await {
if let Some(services) = data["didDoc"]["service"].as_array() {
if let Some(pds_service) = services.iter().find(|s|
s["id"] == "#atproto_pds" || s["type"] == "AtprotoPersonalDataServer"
) {
if let Some(endpoint) = pds_service["serviceEndpoint"].as_str() {
network_config = get_network_config_from_pds(endpoint);
break;
}
}
}
}
}
}
}
let url = format!("{}/xrpc/app.bsky.actor.getProfile?actor={}", let url = format!("{}/xrpc/app.bsky.actor.getProfile?actor={}",
ai_config.bsky_api, urlencoding::encode(&ai_config.ai_did)); network_config.bsky_api, urlencoding::encode(&ai_config.ai_did));
let response = client let response = client
.get(&url) .get(&url)