Add advanced scope management to authproto (#46)

* cool changes to authproto (add scopes)

* Add scopes example

* Polish one itty bitty test detail

* CI pls

* oops

* real package lock

Author: essential-randomness

.changeset/tired-lemons-authorize.md

@@ -0,0 +1,17 @@
+---
+"@fujocoded/authproto": minor
+---
+
+Add scoped login controls, an Authorize component for requesting extra
+permissions after login, and helpers for building ATProto permission scopes.
+
+## Breaking changes
+
+- Login and logout now default to returning users to the referring page instead
+  of `/`. Set `redirects.afterLogin` and `redirects.afterLogout` to `/` to keep
+  the old behavior.
+- `<Login />` no longer defaults the input placeholder to `handle.bsky.social`;
+  pass `placeholder="handle.bsky.social"` if you want that exact prompt.
+- `Astro.locals.loggedInUser` now includes a required `scopes` array. Update
+  tests, mocks, and custom local assignments to include `scopes: []` when no
+  grants are needed.

.github/workflows/scripts/first-release-publish.mjs

@@ -5,7 +5,9 @@ import { spawnSync } from "node:child_process";
 const npmToken = process.env.NODE_AUTH_TOKEN ?? process.env.NPM_TOKEN;
 
 if (!npmToken) {
-  console.error("NODE_AUTH_TOKEN or NPM_TOKEN is required for first package releases.");
+  console.error(
+    "NODE_AUTH_TOKEN or NPM_TOKEN is required for first package releases.",
+  );
   process.exit(1);
 }
 
@@ -109,12 +111,16 @@ for (const pkg of missingPackages) {
     process.exit(whoami.status ?? 1);
   }
 
-  const result = spawnSync("npm", ["publish", "--provenance", "--access", "public"], {
-    cwd: pkg.dir,
-    encoding: "utf8",
-    env: { ...process.env, NODE_AUTH_TOKEN: npmToken, NPM_TOKEN: npmToken },
-    stdio: ["inherit", "pipe", "pipe"],
-  });
+  const result = spawnSync(
+    "npm",
+    ["publish", "--provenance", "--access", "public"],
+    {
+      cwd: pkg.dir,
+      encoding: "utf8",
+      env: { ...process.env, NODE_AUTH_TOKEN: npmToken, NPM_TOKEN: npmToken },
+      stdio: ["inherit", "pipe", "pipe"],
+    },
+  );
 
   process.stdout.write(result.stdout);
   process.stderr.write(result.stderr);
@@ -133,7 +139,9 @@ for (const pkg of missingPackages) {
   process.stderr.write(tag.stderr);
 
   if (tag.status !== 0) {
-    console.error(`${pkg.name} was published, but git tag ${tagName} could not be created.`);
+    console.error(
+      `${pkg.name} was published, but git tag ${tagName} could not be created.`,
+    );
     process.exit(tag.status ?? 1);
   }