1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
import "dotenv/config";
import express, { Request, Response } from "express";
import cookieParser from "cookie-parser";
import { initDatabase, generateToken, User, Config } from "@fosscord/util";
import path from "path";
import fetch from "node-fetch";
// apparently dirname doesn't exist in modules, nice
/* https://stackoverflow.com/a/62892482 */
import { fileURLToPath } from "url";
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const app = express();
app.use(cookieParser());
const port = process.env.PORT;
class Discord {
static getAccessToken = async (req: Request, res: Response) => {
const { code } = req.query;
const body = new URLSearchParams(Object.entries({
client_id: process.env.DISCORD_CLIENT_ID as string,
client_secret: process.env.DISCORD_SECRET as string,
redirect_uri: process.env.DISCORD_REDIRECT as string,
code: code as string,
grant_type: "authorization_code",
})).toString();
const resp = await fetch("https://discord.com/api/oauth2/token", {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body: body
});
const json = await resp.json() as any;
if (json.error) return null;
return {
access_token: json.access_token,
token_type: json.token_type,
expires_in: json.expires_in,
refresh_token: json.refresh_token,
scope: json.scope,
};
};
static getUserDetails = async (token: string) => {
const resp = await fetch("https://discord.com/api/users/@me", {
headers: {
"Authorization": `Bearer ${token}`,
}
});
const json = await resp.json() as any;
if (!json.username || !json.email) return null; // eh, deal with bad code later
return {
id: json.id,
email: json.email,
username: json.username,
};
};
}
const handlers: { [key: string]: any; } = {
"discord": Discord,
};
app.get("/oauth/:type", async (req, res) => {
const { type } = req.params;
const handler = handlers[type];
if (!type || !handler) return res.sendStatus(400);
const data = await handler.getAccessToken(req, res);
if (!data) return res.sendStatus(500);
const details = await handler.getUserDetails(data.access_token);
if (!details) return res.sendStatus(500);
// temp dirty solution
const whitelist = [
"226230010132824066", // maddyunderstars
"84022289024159744", // arcane
"841745750576726057", // gold
"398941530053672962", // erkinalp
"682572949219180547", // cyber
"920388642604732456", // aaron
];
if (whitelist.indexOf(details.id) === -1) return res.sendStatus(403);
let user = await User.findOne({ where: { email: details.email } });
if (!user) {
user = await User.register({
email: details.email,
username: details.username,
req
});
}
const token = await generateToken(user.id);
res.cookie("token", token);
res.sendFile(path.join(__dirname, "../public/login.html"));
});
// not actually needed but whatever
app.get("/app", (req, res) => res.sendStatus(200));
app.get("*", (req, res) => {
res.sendFile(path.join(__dirname, "../public/login.html"));
});
(async () => {
await initDatabase();
await Config.init();
app.listen(port, () => {
console.log(`Listening on port ${port}`);
});
})();
|
