~edwargix/git.sr.ht: Update to use core.sr.ht's get_origin

4 files changed, 18 insertions(+), 5 deletions(-)

M config.example.ini
M gitsrht-keys
M gitsrht/service.py
M gitsrht/templates/index.html

M config.example.ini => config.example.ini +11 -0

@@ 40,6 40,17 @@ pgp-privkey=
 pgp-pubkey=
 pgp-key-id=
 
+[webhooks]
+#
+# base64-encoded Ed25519 key for signing webhook payloads. This should be
+# consistent for all *.sr.ht sites, as we'll use this key to verify signatures
+# from other sites in your network.
+#
+# Use the srht-webhook-keygen command to generate a key.
+#
+# If omitted, webhook payloads are unsigned.
+private-key=
+
 [git.sr.ht]
 # 
 # URL git.sr.ht is being served at (protocol://domain)

M gitsrht-keys => gitsrht-keys +2 -2

@@ 3,7 3,7 @@ import os
 import sys
 import requests
 from srht.api import get_results
-from srht.config import cfg
+from srht.config import cfg, get_origin
 from srht.database import DbSession
 db = DbSession(cfg("git.sr.ht", "connection-string"))
 from gitsrht.types import User, SSHKey


@@ 18,7 18,7 @@ user = (User.query.join(SSHKey)
         .filter(SSHKey.key.ilike(f"%{b64key}%"))).one_or_none()
 if not user:
     # Fall back to meta.sr.ht first
-    meta_origin = cfg("meta.sr.ht", "origin")
+    meta_origin = get_origin("meta.sr.ht")
     r = requests.get(f"{meta_origin}/api/ssh-key/{b64key}")
     if r.status_code == 200:
         username = r.json()["owner"]["name"]

M gitsrht/service.py => gitsrht/service.py +4 -2

@@ 1,15 1,16 @@
 from flask import Blueprint, request, url_for
 from gitsrht.types import User, OAuthToken, SSHKey
+from scmsrht.oauth import delegated_scopes as scm_scopes
 from srht.api import get_results
 from srht.database import db
-from srht.config import cfg
+from srht.config import cfg, get_origin
 from srht.flask import csrf_bypass
 from srht.oauth import AbstractOAuthService
 import json
 import requests
 
 origin = cfg("git.sr.ht", "origin")
-meta_origin = cfg("meta.sr.ht", "origin")
+meta_origin = get_origin("meta.sr.ht")
 client_id = cfg("git.sr.ht", "oauth-client-id")
 client_secret = cfg("git.sr.ht", "oauth-client-secret")
 builds_client_id = cfg("builds.sr.ht", "oauth-client-id", default=None)


@@ 20,6 21,7 @@ class GitOAuthService(AbstractOAuthService):
                 required_scopes=["profile", "keys"] + ([
                     "{}/jobs:write".format(builds_client_id)
                 ] if builds_client_id else []),
+                delegated_scopes=scm_scopes,
                 token_class=OAuthToken, user_class=User)
 
     def ensure_user_sshkey(self, user, meta_key):

M gitsrht/templates/index.html => gitsrht/templates/index.html +1 -1

@@ 23,7 23,7 @@
       </ul>
       <a
         class="btn btn-primary"
-        href="{{cfg("meta.sr.ht", "origin")}}/register"
+        href="{{get_origin("meta.sr.ht", external=True)}}/register"
       >Register here {{icon('caret-right')}}</a>
       or
       <a href="{{oauth_url}}">