feat: implement organization preview functionality

- Added `init_preview/2` function to create a new organization and user for preview contexts.
- Introduced `OrgPreviewCallbackController` to handle preview login and session management.
- Updated routing to include a new preview path and adjusted user authentication flow for preview contexts.
- Enhanced `UserAuth` with methods for signing and verifying preview codes.
- Updated `PreviewNav` to manage navigation for preview contexts effectively.
- Added tests for the new preview functionality and verification logic.

Author: zcesur

lib/algora/accounts/accounts.ex

@@ -413,8 +413,20 @@ defmodule Algora.Accounts do
 
   def get_last_context_user(%User{} = user) do
     case last_context(user) do
-      "personal" -> user
-      last_context -> get_user_by_handle(last_context)
+      "personal" ->
+        user
+
+      "preview/" <> ctx ->
+        case String.split(ctx, "/") do
+          [id, _repo_owner, _repo_name] -> get_user(id)
+          _ -> nil
+        end
+
+      "repo/" <> _repo_full_name ->
+        user
+
+      last_context ->
+        get_user_by_handle(last_context)
     end
   end
 

lib/algora/organizations/organizations.ex

@@ -3,9 +3,11 @@ defmodule Algora.Organizations do
   import Ecto.Query
 
   alias Algora.Accounts.User
+  alias Algora.Github.TokenPool
   alias Algora.Organizations.Member
   alias Algora.Organizations.Org
   alias Algora.Repo
+  alias Algora.Workspace
 
   def create_organization(params) do
     %User{type: :organization}
@@ -228,4 +230,31 @@ defmodule Algora.Organizations do
         where: c.client_id == ^org.id and c.contractor_id == u.id
     )
   end
+
+  def init_preview(repo_owner, repo_name) do
+    token = TokenPool.get_token()
+
+    {:ok, _repo} = Workspace.ensure_repository(token, repo_owner, repo_name)
+    {:ok, owner} = Workspace.ensure_user(token, repo_owner)
+
+    Repo.transact(fn repo ->
+      {:ok, org} =
+        repo.insert(%User{
+          type: :organization,
+          id: Nanoid.generate(),
+          display_name: owner.name,
+          avatar_url: owner.avatar_url,
+          last_context: "repo/#{repo_owner}/#{repo_name}"
+        })
+
+      {:ok, user} =
+        repo.insert(%User{
+          type: :individual,
+          id: Nanoid.generate(),
+          last_context: "preview/#{org.id}/#{repo_owner}/#{repo_name}"
+        })
+
+      {:ok, %{org: org, user: user}}
+    end)
+  end
 end

lib/algora_web/controllers/org_preview_callback_controller.ex

@@ -0,0 +1,39 @@
+defmodule AlgoraWeb.OrgPreviewCallbackController do
+  use AlgoraWeb, :controller
+
+  import Ecto.Query
+
+  alias Algora.Accounts.User
+  alias Algora.Repo
+
+  require Logger
+
+  def new(conn, %{"id" => id, "token" => token} = params) do
+    with {:ok, _login_token} <- AlgoraWeb.UserAuth.verify_preview_code(token, id),
+         {:ok, user} <-
+           Repo.fetch_one(
+             from u in User,
+               where: u.id == ^id,
+               where: is_nil(u.handle),
+               where: is_nil(u.provider_login)
+           ) do
+      conn =
+        if params["return_to"] do
+          put_session(conn, :user_return_to, String.trim_leading(params["return_to"], AlgoraWeb.Endpoint.url()))
+        else
+          conn
+        end
+
+      conn
+      |> put_flash(:info, "Welcome to Algora!")
+      |> AlgoraWeb.UserAuth.log_in_user(user)
+    else
+      {:error, reason} ->
+        Logger.debug("failed preview exchange #{inspect(reason)}")
+
+        conn
+        |> put_flash(:error, "Something went wrong. Please try again.")
+        |> redirect(to: "/")
+    end
+  end
+end

lib/algora_web/controllers/user_auth.ex

@@ -224,6 +224,14 @@ defmodule AlgoraWeb.UserAuth do
   defp maybe_store_return_to(conn), do: conn
 
   def signed_in_path_from_context("personal"), do: ~p"/home"
+
+  def signed_in_path_from_context("preview/" <> ctx) do
+    case String.split(ctx, "/") do
+      [_id, repo_owner, repo_name] -> ~p"/go/#{repo_owner}/#{repo_name}"
+      _ -> ~p"/home"
+    end
+  end
+
   def signed_in_path_from_context(org_handle), do: ~p"/org/#{org_handle}"
 
   def signed_in_path(%User{} = user) do
@@ -293,6 +301,28 @@ defmodule AlgoraWeb.UserAuth do
     end
   end
 
+  def sign_preview_code(payload) do
+    Phoenix.Token.sign(AlgoraWeb.Endpoint, login_code_salt(), payload, max_age: login_code_ttl())
+  end
+
+  def verify_preview_code(code, id) do
+    case Phoenix.Token.verify(AlgoraWeb.Endpoint, login_code_salt(), code, max_age: login_code_ttl()) do
+      {:ok, token_id} ->
+        if token_id == id do
+          {:ok, token_id}
+        else
+          {:error, :invalid_id}
+        end
+
+      {:error, reason} ->
+        {:error, reason}
+    end
+  end
+
+  def preview_path(id, token), do: ~p"/preview?id=#{id}&token=#{token}"
+
+  def preview_path(id, token, return_to), do: ~p"/preview?id=#{id}&token=#{token}&return_to=#{return_to}"
+
   def login_path(email, token), do: ~p"/callbacks/email/oauth?email=#{email}&token=#{token}"
 
   def login_path(email, token, return_to),

lib/algora_web/live/org/preview_nav.ex

@@ -1,37 +1,36 @@
 defmodule AlgoraWeb.Org.PreviewNav do
   @moduledoc false
   use Phoenix.Component
+  use AlgoraWeb, :verified_routes
 
   import Phoenix.LiveView
 
-  alias Algora.Accounts.User
-  alias Algora.Github.TokenPool
-  alias Algora.Workspace
+  alias Algora.Organizations
 
   def on_mount(:default, %{"repo_owner" => repo_owner, "repo_name" => repo_name}, _session, socket) do
-    token = TokenPool.get_token()
-    {:ok, _repo} = Workspace.ensure_repository(token, repo_owner, repo_name)
-    {:ok, user} = Workspace.ensure_user(token, repo_owner)
-
-    current_org = %User{
-      id: Ecto.UUID.generate(),
-      provider: "github",
-      provider_login: repo_owner,
-      name: user.name,
-      handle: user.handle,
-      avatar_url: user.avatar_url
-    }
-
-    {:cont,
-     socket
-     |> assign(:current_context, current_org)
-     |> assign(:all_contexts, [current_org])
-     |> assign(:new_bounty_form, to_form(%{"github_issue_url" => "", "amount" => ""}))
-     |> assign(:current_org, current_org)
-     |> assign(:current_user_role, :admin)
-     |> assign(:nav, nav_items(repo_owner, repo_name))
-     |> assign(:contacts, [])
-     |> attach_hook(:active_tab, :handle_params, &handle_active_tab_params/3)}
+    current_context = socket.assigns[:current_context]
+
+    if current_context && current_context.last_context == "repo/#{repo_owner}/#{repo_name}" do
+      {:cont,
+       socket
+       |> assign(:new_bounty_form, to_form(%{"github_issue_url" => "", "amount" => ""}))
+       |> assign(:current_org, current_context)
+       |> assign(:current_user_role, :admin)
+       |> assign(:nav, nav_items(repo_owner, repo_name))
+       |> assign(:contacts, [])
+       |> attach_hook(:active_tab, :handle_params, &handle_active_tab_params/3)}
+    else
+      case Organizations.init_preview(repo_owner, repo_name) do
+        {:ok, %{user: user, org: _org}} ->
+          token = AlgoraWeb.UserAuth.sign_preview_code(user.id)
+          path = AlgoraWeb.UserAuth.preview_path(user.id, token, ~p"/go/#{repo_owner}/#{repo_name}")
+
+          {:halt, redirect(socket, to: path)}
+
+        {:error, reason} ->
+          {:cont, put_flash(socket, :error, "Failed to initialize preview: #{inspect(reason)}")}
+      end
+    end
   end
 
   defp handle_active_tab_params(_params, _url, socket) do

lib/algora_web/router.ex

@@ -63,6 +63,7 @@ defmodule AlgoraWeb.Router do
     get "/a/:table_prefix/:activity_id", ActivityController, :get
     get "/auth/logout", OAuthCallbackController, :sign_out
     get "/tip", TipController, :create
+    get "/preview", OrgPreviewCallbackController, :new
 
     scope "/callbacks" do
       get "/stripe/refresh", StripeCallbackController, :refresh

test/algora/organizations_test.exs

@@ -187,4 +187,18 @@ defmodule Algora.OrganizationsTest do
       assert result3.org.handle == "piedpiperhq"
     end
   end
+
+  describe "init_preview/1" do
+    test "creates a new user and org if they don't exist" do
+      assert {:ok, %{user: user, org: org}} = Algora.Organizations.init_preview("acme", "repo")
+
+      assert is_nil(org.handle)
+      assert org.type == :organization
+      assert org.last_context == "repo/acme/repo"
+
+      assert is_nil(user.handle)
+      assert user.type == :individual
+      assert user.last_context == "preview/#{org.id}/acme/repo"
+    end
+  end
 end

test/algora_web/controllers/user_auth_test.exs

@@ -81,4 +81,47 @@ defmodule AlgoraWeb.UserAuthTest do
       assert {:error, :invalid} = UserAuth.verify_login_code("", "[email protected]")
     end
   end
+
+  describe "verify_preview_code/2" do
+    test "successfully verifies simple id token" do
+      id = "123"
+      code = UserAuth.sign_preview_code(id)
+
+      assert {:ok, result} = UserAuth.verify_preview_code(code, id)
+      assert result == id
+    end
+
+    test "rejects invalid id" do
+      id = "123"
+      code = UserAuth.sign_preview_code(id)
+
+      assert {:error, :invalid_id} = UserAuth.verify_preview_code(code, "wrong")
+    end
+
+    test "rejects tampered tokens" do
+      code = "tampered.token.here"
+      assert {:error, :invalid} = UserAuth.verify_preview_code(code, "123")
+    end
+
+    test "rejects expired tokens" do
+      id = "123"
+      original_config = Application.get_env(:algora, :login_code)
+      Application.put_env(:algora, :login_code, Keyword.put(original_config, :ttl, 1))
+
+      code = UserAuth.sign_preview_code(id)
+      Process.sleep(1500)
+
+      assert {:error, :expired} = UserAuth.verify_preview_code(code, id)
+
+      Application.put_env(:algora, :login_code, original_config)
+    end
+
+    test "handles nil input" do
+      assert {:error, :missing} = UserAuth.verify_preview_code(nil, "123")
+    end
+
+    test "handles empty string input" do
+      assert {:error, :invalid} = UserAuth.verify_preview_code("", "123")
+    end
+  end
 end