From 7d450aa2a802cfb2b66758bbdbbff48a27193d84 Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Fri, 13 Feb 2026 13:42:07 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat(bot-services):=20add=20Matrix-?=
 =?UTF-8?q?SSO-Link=20for=20persistent=20login?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After successful !login, the bot now stores a persistent link between
the Matrix user ID and the Mana account in mana-core-auth. This allows
the bot to auto-authenticate users in the future without requiring
another !login command.

Changes:
- Add createMatrixUserLink() method to SessionService
- Call link creation after successful login
- Add MANA_CORE_SERVICE_KEY to todo and calendar bot docker config

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 docker-compose.macmini.yml                    |  2 +
 .../src/session/session.service.ts            | 38 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/docker-compose.macmini.yml b/docker-compose.macmini.yml
index 93e1ac2af..d8921f15f 100644
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@@ -783,6 +783,7 @@ services:
       REDIS_HOST: redis
       REDIS_PASSWORD: ${REDIS_PASSWORD:-redis123}
       MANA_CORE_AUTH_URL: http://mana-auth:3001
+      MANA_CORE_SERVICE_KEY: ${MANA_CORE_SERVICE_KEY}
       TODO_BACKEND_URL: http://todo-backend:3031
       MATRIX_HOMESERVER_URL: http://synapse:8008
       MATRIX_ACCESS_TOKEN: ${MATRIX_TODO_BOT_TOKEN}
@@ -815,6 +816,7 @@ services:
       REDIS_HOST: redis
       REDIS_PASSWORD: ${REDIS_PASSWORD:-redis123}
       MANA_CORE_AUTH_URL: http://mana-auth:3001
+      MANA_CORE_SERVICE_KEY: ${MANA_CORE_SERVICE_KEY}
       CALENDAR_BACKEND_URL: http://calendar-backend:3032
       MATRIX_HOMESERVER_URL: http://synapse:8008
       MATRIX_ACCESS_TOKEN: ${MATRIX_CALENDAR_BOT_TOKEN}
diff --git a/packages/bot-services/src/session/session.service.ts b/packages/bot-services/src/session/session.service.ts
index 800426957..629390450 100644
--- a/packages/bot-services/src/session/session.service.ts
+++ b/packages/bot-services/src/session/session.service.ts
@@ -221,6 +221,9 @@ export class SessionService {
 
 			await this.storeSession(matrixUserId, session);
 
+			// Store persistent link in mana-core-auth for future auto-login
+			await this.createMatrixUserLink(matrixUserId, token, email);
+
 			this.logger.log(`User ${matrixUserId} logged in as ${email}`);
 			return { success: true, email };
 		} catch (error) {
@@ -232,6 +235,41 @@ export class SessionService {
 		}
 	}
 
+	/**
+	 * Create a persistent link between Matrix user ID and Mana account
+	 *
+	 * This allows the bot to auto-authenticate the user in the future
+	 * without requiring another !login command.
+	 */
+	private async createMatrixUserLink(
+		matrixUserId: string,
+		token: string,
+		email: string
+	): Promise<void> {
+		try {
+			const response = await fetch(`${this.authUrl}/api/v1/auth/matrix-user-links`, {
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json',
+					Authorization: `Bearer ${token}`,
+				},
+				body: JSON.stringify({ matrixUserId, email }),
+			});
+
+			if (response.ok) {
+				this.logger.log(`Matrix-SSO-Link: created link for ${matrixUserId}`);
+			} else {
+				// Non-critical - log but don't fail the login
+				this.logger.debug(
+					`Matrix-SSO-Link: failed to create link for ${matrixUserId}: ${response.status}`
+				);
+			}
+		} catch (error) {
+			// Non-critical - log but don't fail the login
+			this.logger.debug(`Matrix-SSO-Link: error creating link for ${matrixUserId}: ${error}`);
+		}
+	}
+
 	/**
 	 * Logout a Matrix user
 	 */