diff options
Diffstat (limited to 'src/api/routes/oauth2/authorize.ts')
| -rw-r--r-- | src/api/routes/oauth2/authorize.ts | 142 |
1 files changed, 82 insertions, 60 deletions
diff --git a/src/api/routes/oauth2/authorize.ts b/src/api/routes/oauth2/authorize.ts index e4c2e986..6374972e 100644 --- a/src/api/routes/oauth2/authorize.ts +++ b/src/api/routes/oauth2/authorize.ts @@ -1,17 +1,24 @@ import { Router, Request, Response } from "express"; import { route } from "@fosscord/api"; -import { ApiError, Application, ApplicationAuthorizeSchema, getPermission, DiscordApiErrors, Member, Permissions, User, getRights, Rights, MemberPrivateProjection } from "@fosscord/util"; +import { + ApiError, + Application, + ApplicationAuthorizeSchema, + getPermission, + DiscordApiErrors, + Member, + Permissions, + User, + getRights, + Rights, + MemberPrivateProjection, +} from "@fosscord/util"; const router = Router(); // TODO: scopes, other oauth types router.get("/", route({}), async (req: Request, res: Response) => { - const { - client_id, - scope, - response_type, - redirect_url, - } = req.query; + const { client_id, scope, response_type, redirect_url } = req.query; const app = await Application.findOne({ where: { @@ -33,7 +40,7 @@ router.get("/", route({}), async (req: Request, res: Response) => { id: req.user_id, bot: false, }, - select: ["id", "username", "avatar", "discriminator", "public_flags"] + select: ["id", "username", "avatar", "discriminator", "public_flags"], }); const guilds = await Member.find({ @@ -44,21 +51,23 @@ router.get("/", route({}), async (req: Request, res: Response) => { }, relations: ["guild", "roles"], //@ts-ignore - select: ["guild.id", "guild.name", "guild.icon", "guild.mfa_level", "guild.owner_id", "roles.id"] + // prettier-ignore + select: ["guild.id", "guild.name", "guild.icon", "guild.mfa_level", "guild.owner_id", "roles.id"], }); - const guildsWithPermissions = guilds.map(x => { - const perms = x.guild.owner_id === user.id - ? new Permissions(Permissions.FLAGS.ADMINISTRATOR) - : Permissions.finalPermission({ - user: { - id: user.id, - roles: x.roles?.map(x => x.id) || [], - }, - guild: { - roles: x?.roles || [], - } - }); + const guildsWithPermissions = guilds.map((x) => { + const perms = + x.guild.owner_id === user.id + ? new Permissions(Permissions.FLAGS.ADMINISTRATOR) + : Permissions.finalPermission({ + user: { + id: user.id, + roles: x.roles?.map((x) => x.id) || [], + }, + guild: { + roles: x?.roles || [], + }, + }); return { id: x.guild.id, @@ -75,7 +84,7 @@ router.get("/", route({}), async (req: Request, res: Response) => { id: user.id, username: user.username, avatar: user.avatar, - avatar_decoration: null, // TODO + avatar_decoration: null, // TODO discriminator: user.discriminator, public_flags: user.public_flags, }, @@ -87,7 +96,7 @@ router.get("/", route({}), async (req: Request, res: Response) => { summary: app.summary, type: app.type, hook: app.hook, - guild_id: null, // TODO support guilds + guild_id: null, // TODO support guilds bot_public: app.bot_public, bot_require_code_grant: app.bot_require_code_grant, verify_key: app.verify_key, @@ -97,50 +106,63 @@ router.get("/", route({}), async (req: Request, res: Response) => { id: bot.id, username: bot.username, avatar: bot.avatar, - avatar_decoration: null, // TODO + avatar_decoration: null, // TODO discriminator: bot.discriminator, public_flags: bot.public_flags, bot: true, - approximated_guild_count: 0, // TODO + approximated_guild_count: 0, // TODO }, authorized: false, }); }); -router.post("/", route({ body: "ApplicationAuthorizeSchema" }), async (req: Request, res: Response) => { - const body = req.body as ApplicationAuthorizeSchema; - const { - client_id, - scope, - response_type, - redirect_url - } = req.query; - - // TODO: captcha verification - // TODO: MFA verification - - const perms = await getPermission(req.user_id, body.guild_id, undefined, { member_relations: ["user"] }); - // getPermission cache won't exist if we're owner - if (Object.keys(perms.cache || {}).length > 0 && perms.cache.member!.user.bot) throw DiscordApiErrors.UNAUTHORIZED; - perms.hasThrow("MANAGE_GUILD"); - - const app = await Application.findOne({ - where: { - id: client_id as string, - }, - relations: ["bot"], - }); - - // TODO: use DiscordApiErrors - // findOneOrFail throws code 404 - if (!app) throw new ApiError("Unknown Application", 10002, 404); - if (!app.bot) throw new ApiError("OAuth2 application does not have a bot", 50010, 400); - - await Member.addToGuild(app.id, body.guild_id); - - return res.json({ - location: "/oauth2/authorized", // redirect URL - }); -}); +router.post( + "/", + route({ body: "ApplicationAuthorizeSchema" }), + async (req: Request, res: Response) => { + const body = req.body as ApplicationAuthorizeSchema; + const { client_id, scope, response_type, redirect_url } = req.query; + + // TODO: captcha verification + // TODO: MFA verification + + const perms = await getPermission( + req.user_id, + body.guild_id, + undefined, + { member_relations: ["user"] }, + ); + // getPermission cache won't exist if we're owner + if ( + Object.keys(perms.cache || {}).length > 0 && + perms.cache.member!.user.bot + ) + throw DiscordApiErrors.UNAUTHORIZED; + perms.hasThrow("MANAGE_GUILD"); + + const app = await Application.findOne({ + where: { + id: client_id as string, + }, + relations: ["bot"], + }); + + // TODO: use DiscordApiErrors + // findOneOrFail throws code 404 + if (!app) throw new ApiError("Unknown Application", 10002, 404); + if (!app.bot) + throw new ApiError( + "OAuth2 application does not have a bot", + 50010, + 400, + ); + + await Member.addToGuild(app.id, body.guild_id); + + return res.json({ + location: "/oauth2/authorized", // redirect URL + }); + }, +); export default router; |