OAuth (#22)

* add metadata

* test pages action

* initial oauth flow

* update scope

* login in settings

* remove session from plugin class

* remove oauth modal

* add session store / refactor

handle missing block text

* render before done fetching feed

* initila work for redirect to obsidian uri scheme

* switch back to browser client

* cleanup storing session/agent

* cleanup

* better html page

* better settings layout

Author: treethought

.github/workflows/deploy_static.yml

@@ -0,0 +1,42 @@
+name: Deploy static content to Pages
+
+on:
+  push:
+    tags:
+      - "*"
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+      - name: Prepare static files
+        run: |
+          mkdir -p _site
+          cp client-metadata.json _site/
+          cp oauth-callback.html _site/
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: '_site'
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/lint.yml

@@ -1,26 +1,37 @@
 name: Bun build
 
 on:
-    push:
-        branches: ["**"]
-    pull_request:
-        branches: ["**"]
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: ["**"]
 
-jobs:
-    build:
-        runs-on: ubuntu-latest
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
 
-        strategy:
-            matrix:
-                bun-version: [latest]
+jobs:
+  build:
+    runs-on: ubuntu-latest
 
-        steps:
-            - uses: actions/checkout@v4
-            - name: Setup Bun ${{ matrix.bun-version }}
-              uses: oven-sh/setup-bun@v2
-              with:
-                  bun-version: ${{ matrix.bun-version }}
-            - run: bun install --frozen-lockfile
-            - run: bun run build --if-present
-            - run: bun run lint
+    strategy:
+      matrix:
+        bun-version: [latest]
 
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Bun ${{ matrix.bun-version }}
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: ${{ matrix.bun-version }}
+      - run: bun install --frozen-lockfile
+      - run: bun run build --if-present
+      - run: bun run lint

bun.lock

@@ -0,0 +1,14 @@
+{
+	"client_id": "https://treethought.github.io/obsidian-atmosphere/client-metadata.json",
+	"client_name": "obsidian-atmosphere",
+	"client_uri": "https://treethought.github.io/obsidian-atmosphere",
+	"redirect_uris": [
+		"https://treethought.github.io/obsidian-atmosphere/oauth-callback.html"
+	],
+	"scope": "atproto include:at.margin.authFull repo:site.standard.document repo:network.cosmik.card repo:network.cosmik.collection repo:network.cosmik.collectionLink",
+	"grant_types": ["authorization_code", "refresh_token"],
+	"response_types": ["code"],
+	"token_endpoint_auth_method": "none",
+	"application_type": "native",
+	"dpop_bound_access_tokens": true
+}

client-metadata.json

@@ -3,7 +3,7 @@ import process from "process";
 import { builtinModules } from 'node:module';
 
 const banner =
-`/*
+	`/*
 THIS IS A GENERATED/BUNDLED FILE BY ESBUILD
 if you want to view the source, please visit the github repository of this plugin
 */

esbuild.config.mjs

@@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="UTF-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+	<title>Atmosphere OAuth - Redirecting...</title>
+	<style>
+		* {
+			margin: 0;
+			padding: 0;
+			box-sizing: border-box;
+		}
+		body {
+			font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+			display: flex;
+			align-items: center;
+			justify-content: center;
+			min-height: 100vh;
+			background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+			padding: 1rem;
+		}
+		.container {
+			text-align: center;
+			padding: 3rem 2rem;
+			background: white;
+			border-radius: 16px;
+			box-shadow: 0 20px 60px rgba(0,0,0,0.3);
+			max-width: 500px;
+			width: 100%;
+		}
+		h1 {
+			color: #667eea;
+			margin: 0 0 1rem 0;
+			font-size: 1.75rem;
+			font-weight: 600;
+		}
+		.spinner {
+			margin: 2rem auto;
+			width: 50px;
+			height: 50px;
+			border: 4px solid #f3f3f3;
+			border-top: 4px solid #667eea;
+			border-radius: 50%;
+			animation: spin 1s linear infinite;
+		}
+		@keyframes spin {
+			0% { transform: rotate(0deg); }
+			100% { transform: rotate(360deg); }
+		}
+		p {
+			color: #6b7280;
+			margin: 1rem 0;
+			line-height: 1.6;
+		}
+		.manual-link {
+			margin-top: 2rem;
+			padding: 1rem;
+			background: #f9fafb;
+			border-radius: 8px;
+			border: 1px solid #e5e7eb;
+			display: none;
+		}
+		.manual-link.show {
+			display: block;
+		}
+		.link-text {
+			word-break: break-all;
+			font-family: monospace;
+			font-size: 0.85rem;
+			color: #374151;
+			padding: 0.5rem;
+			background: white;
+			border-radius: 4px;
+			margin-top: 0.5rem;
+		}
+		button {
+			margin-top: 1rem;
+			padding: 0.75rem 1.5rem;
+			background: #667eea;
+			color: white;
+			border: none;
+			border-radius: 8px;
+			font-size: 1rem;
+			font-weight: 500;
+			cursor: pointer;
+			transition: background 0.2s;
+		}
+		button:hover {
+			background: #5568d3;
+		}
+	</style>
+</head>
+<body>
+	<div class="container">
+		<h1>✅ Authentication Successful!</h1>
+		<div class="spinner"></div>
+		<p id="status">Redirecting to Obsidian...</p>
+		<div class="manual-link" id="manual-link">
+			<p>If Obsidian doesn't open automatically:</p>
+			<p style="font-size: 0.9rem; margin-bottom: 0.5rem;">1. Copy the link below</p>
+			<div class="link-text" id="link-text"></div>
+			<button onclick="copyLink()">Copy Link</button>
+			<p style="font-size: 0.9rem; margin-top: 1rem;">2. Open Obsidian and paste it in your browser</p>
+		</div>
+	</div>
+
+	<script>
+		(function() {
+			try {
+				// extract OAuth parameters from URL hash (not search string)
+				const params = new URLSearchParams(window.location.hash.slice(1));
+
+				const obsidianUri = `obsidian://atmosphere-oauth?${params.toString()}`;
+
+				// store the URI for manual copy
+				document.getElementById('link-text').textContent = obsidianUri;
+
+				window.location.href = obsidianUri;
+
+				setTimeout(function() {
+					const spinner = document.querySelector('.spinner');
+					if (spinner) spinner.style.display = 'none';
+
+					// Show success message
+					document.querySelector('h1').textContent = '✅ Redirected!';
+					document.getElementById('status').textContent = 'Return to Obsidian to complete login.';
+
+					setTimeout(function() {
+						try {
+							window.close();
+						} catch (e) {
+							document.getElementById('status').textContent = 'You can close this window now.';
+						}
+					}, 500);
+				}, 500);
+
+				// show manual instructions after a longer delay if still open
+				setTimeout(function() {
+					document.getElementById('manual-link').classList.add('show');
+				}, 3000);
+
+			} catch (error) {
+				console.error('Redirect error:', error);
+				document.querySelector('.spinner').style.display = 'none';
+				document.getElementById('status').textContent = 'An error occurred during redirect';
+				document.getElementById('manual-link').classList.add('show');
+			}
+		})();
+
+		function copyLink() {
+			const linkText = document.getElementById('link-text').textContent;
+			navigator.clipboard.writeText(linkText).then(function() {
+				const btn = event.target;
+				btn.textContent = '✓ Copied!';
+				setTimeout(function() {
+					btn.textContent = 'Copy Link';
+				}, 2000);
+			}).catch(function(err) {
+				console.error('Failed to copy:', err);
+				alert('Failed to copy. Please select and copy the link manually.');
+			});
+		}
+	</script>
+</body>
+</html>