Authenticate Bluesky users when they upload photos

SeattleCarsInBikeLanes.Tests/SeattleCarsInBikeLanes.Tests.csproj

@@ -16,7 +16,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="Moq.Contrib.HttpClient" Version="1.4.0" />
     <PackageReference Include="xunit" Version="2.9.2" />

SeattleCarsInBikeLanes/Controllers/AdminPageController.cs

@@ -1592,10 +1592,19 @@ public FinalizedPhotoUploadWithSasUriMetadata(int numberOfCars,
                 string? twitterAccessToken = null,
                 string? mastodonEndpoint = null,
                 string? mastodonUsername = null,
+                string? mastodonFullUsername = null,
                 string? mastodonAccessToken = null,
                 string? blueskyHandle = null,
+                string? blueskyUserDid = null,
+                string? blueskyUserKeyId = null,
+                string? blueskyUserPrivateKey = null,
+                string? blueskyUserBaseUrl = null,
+                string? blueskyUserAccessToken = null,
                 string? threadsUsername = null,
-                string? threadsAccessToken = null) :
+                string? threadsAccessToken = null,
+                string? twitterLink = null,
+                string? blueskyAdminDid = null,
+                string? blueskyAccessJwt = null) :
                 base(numberOfCars,
                     photoId,
                     submissionId,
@@ -1616,10 +1625,19 @@ public FinalizedPhotoUploadWithSasUriMetadata(int numberOfCars,
                     twitterAccessToken,
                     mastodonEndpoint,
                     mastodonUsername,
+                    mastodonFullUsername,
                     mastodonAccessToken,
                     blueskyHandle,
+                    blueskyUserDid,
+                    blueskyUserKeyId,
+                    blueskyUserPrivateKey,
+                    blueskyUserBaseUrl,
+                    blueskyUserAccessToken,
                     threadsUsername,
-                    threadsAccessToken)
+                    threadsAccessToken,
+                    twitterLink,
+                    blueskyAdminDid,
+                    blueskyAccessJwt)
             {
             }
         }

SeattleCarsInBikeLanes/Controllers/UploadController.cs

@@ -3,6 +3,7 @@
 using Azure.Maps.Search;
 using Azure.Maps.Search.Models;
 using Azure.Storage.Blobs;
+using golf1052.atproto.net;
 using golf1052.Mastodon;
 using golf1052.Mastodon.Models.Accounts;
 using ImageMagick;
@@ -338,13 +339,31 @@ public async Task<IActionResult> FinalizeUpload([FromBody] List<FinalizedPhotoUp
                         }
                     }
                 }
+
+                bool? verifiedBlueskyUser = await VerifyBlueskyUser(metadata);
+                if (verifiedBlueskyUser.HasValue && !verifiedBlueskyUser.Value)
+                {
+                    logger.LogWarning("Failed to verify Bluesky user.");
+                    foreach (var d in data)
+                    {
+                        d.BlueskySubmittedBy = "Submission";
+                        d.Attribute = false;
+                        d.BlueskyHandle = null;
+                        d.BlueskyUserDid = null;
+                    }
+                }
             }
 
             foreach (var d in data)
             {
+                // Clear all tokens and other sensitive info before saving to Azure
                 d.TwitterAccessToken = null;
                 d.MastodonAccessToken = null;
                 d.ThreadsAccessToken = null;
+                d.BlueskyUserKeyId = null;
+                d.BlueskyUserPrivateKey = null;
+                d.BlueskyUserBaseUrl = null;
+                d.BlueskyUserAccessToken = null;
 
                 string randomFileName = d.PhotoId;
                 BlobClient photoBlobClient = blobContainerClient.GetBlobClient($"{InitialUploadPrefix}{randomFileName}.jpeg");
@@ -364,6 +383,38 @@ await slackbotProvider.SendSlackMessage($"New submission. {metadata.NumberOfCars
             return NoContent();
         }
 
+        public async Task<bool?> VerifyBlueskyUser(FinalizedPhotoUploadMetadata metadata)
+        {
+            if (!string.IsNullOrWhiteSpace(metadata.BlueskyHandle) &&
+                !string.IsNullOrWhiteSpace(metadata.BlueskyUserDid) &&
+                !string.IsNullOrWhiteSpace(metadata.BlueskyUserKeyId) &&
+                !string.IsNullOrWhiteSpace(metadata.BlueskyUserPrivateKey) &&
+                !string.IsNullOrWhiteSpace(metadata.BlueskyUserBaseUrl) &&
+                !string.IsNullOrWhiteSpace(metadata.BlueskyUserAccessToken))
+            {
+                AtProtoOAuthClient blueskyClient = new AtProtoOAuthClient(metadata.BlueskyUserDid,
+                    metadata.BlueskyUserKeyId,
+                    metadata.BlueskyUserPrivateKey,
+                    metadata.BlueskyUserBaseUrl,
+                    metadata.BlueskyUserAccessToken);
+                try
+                {
+                    var profile = await blueskyClient.GetProfile();
+                    return profile.Handle == metadata.BlueskyHandle &&
+                        profile.Did == metadata.BlueskyUserDid;
+                }
+                catch (Exception ex)
+                {
+                    logger.LogError(ex, "Failed to verify Bluesky user.");
+                    return false;
+                }
+            }
+            else
+            {
+                return null;
+            }
+        }
+
         private DateTime? GetPhotoDate(string path)
         {
             try

SeattleCarsInBikeLanes/SeattleCarsInBikeLanes.csproj

@@ -19,7 +19,7 @@
     <PackageReference Include="Azure.Maps.Search" Version="1.0.0-beta.4" />
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
     <PackageReference Include="Azure.Storage.Blobs" Version="12.22.1" />
-    <PackageReference Include="golf1052.atproto.net" Version="0.3.0" />
+    <PackageReference Include="golf1052.atproto.net" Version="0.4.0" />
     <PackageReference Include="golf1052.Mastodon" Version="0.7.1" />
     <PackageReference Include="golf1052.ThreadsAPI" Version="0.2.0" />
     <PackageReference Include="HtmlAgilityPack" Version="1.11.67" />

SeattleCarsInBikeLanes/Storage/Models/FinalizedPhotoUploadMetadata.cs

@@ -18,6 +18,10 @@ public class FinalizedPhotoUploadMetadata : AbstractPhotoUploadMetadata
         public string? MastodonAccessToken { get; set; }
         public string? BlueskyHandle { get; set; }
         public string? BlueskyUserDid { get; set; }
+        public string? BlueskyUserKeyId { get; set; }
+        public string? BlueskyUserPrivateKey { get; set; }
+        public string? BlueskyUserBaseUrl { get; set; }
+        public string? BlueskyUserAccessToken { get; set; }
         public string? ThreadsUsername { get; set; }
         public string? ThreadsAccessToken { get; set; }
         public bool UserSpecifiedDateTime { get; set; }
@@ -56,6 +60,10 @@ public FinalizedPhotoUploadMetadata(int? numberOfCars,
             string? mastodonAccessToken = null,
             string? blueskyHandle = null,
             string? blueskyUserDid = null,
+            string? blueskyUserKeyId = null,
+            string? blueskyUserPrivateKey = null,
+            string? blueskyUserBaseUrl = null,
+            string? blueskyUserAccessToken = null,
             string? threadsUsername = null,
             string? threadsAccessToken = null,
             string? twitterLink = null,
@@ -85,6 +93,10 @@ public FinalizedPhotoUploadMetadata(int? numberOfCars,
             MastodonAccessToken = mastodonAccessToken;
             BlueskyHandle = blueskyHandle;
             BlueskyUserDid = blueskyUserDid;
+            BlueskyUserKeyId = blueskyUserKeyId;
+            BlueskyUserPrivateKey = blueskyUserPrivateKey;
+            BlueskyUserBaseUrl = blueskyUserBaseUrl;
+            BlueskyUserAccessToken = blueskyUserAccessToken;
             ThreadsUsername = threadsUsername;
             ThreadsAccessToken = threadsAccessToken;
             TwitterLink = twitterLink;

SeattleCarsInBikeLanes/package.json

@@ -8,7 +8,7 @@
   "author": "golf1052",
   "license": "MIT",
   "dependencies": {
-    "@atproto/oauth-client-browser": "^0.3.1",
+    "@atproto/oauth-client-browser": "https://gitpkg.vercel.app/golf1052/atproto/packages/oauth/oauth-client-browser/testdist?main",
     "luxon": "^3.5.0"
   },
   "devDependencies": {

SeattleCarsInBikeLanes/wwwroot/js/index.js

@@ -562,6 +562,10 @@ function initUpload2LegendHtml(metadatas) {
                         d.attribute = true;
                         d.blueskyHandle = window.blueskyHandle;
                         d.blueskyUserDid = window.blueskyUserDid;
+                        d.blueskyUserKeyId = window.blueskyAuthInfo.keyId;
+                        d.blueskyUserPrivateKey = window.blueskyAuthInfo.privateKey;
+                        d.blueskyUserBaseUrl = window.blueskyPds;
+                        d.blueskyUserAccessToken = window.blueskyAuthInfo.accessToken;
                     }
                 }
             }