Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
car-crushers-portal/functions/api/auth/session.ts
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
144 lines (116 sloc)
3.96 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import GetPermissions from "../../permissions.js"; | |
| import { jsonError } from "../../common.js"; | |
| import tokenPrefixes from "../../../data/token_prefixes.json"; | |
| async function generateTokenHash(token: string): Promise<string> { | |
| const hash = await crypto.subtle.digest( | |
| "SHA-512", | |
| new TextEncoder().encode(token), | |
| ); | |
| return btoa(String.fromCharCode(...new Uint8Array(hash))) | |
| .replace(/\+/g, "-") | |
| .replace(/\//g, "_") | |
| .replace(/=/g, ""); | |
| } | |
| export async function onRequestDelete(context: RequestContext) { | |
| const cookies = context.request.headers.get("cookie")?.split("; "); | |
| if (!cookies) return jsonError("Not logged in", 401); | |
| for (const cookie of cookies) { | |
| const [name, value] = cookie.split("="); | |
| if (name !== "_s") continue; | |
| await context.env.DATA.delete(`auth_${await generateTokenHash(value)}`); | |
| return new Response(null, { | |
| headers: { | |
| "clear-site-data": '"cookies"', | |
| }, | |
| status: 204, | |
| }); | |
| } | |
| } | |
| export async function onRequestGet(context: RequestContext) { | |
| const { host, protocol, searchParams } = new URL(context.request.url); | |
| const code = searchParams.get("code"); | |
| const state = searchParams.get("state"); | |
| if (!code) return jsonError("Missing code", 400); | |
| if (!state) return jsonError("Missing state", 400); | |
| const stateRedirect = await context.env.DATA.get(`state_${state}`); | |
| if (!stateRedirect) return jsonError("Invalid state", 400); | |
| const tokenReq = await fetch("https://discord.com/api/oauth2/token", { | |
| body: new URLSearchParams({ | |
| code, | |
| grant_type: "authorization_code", | |
| redirect_uri: `${protocol}//${host}/api/auth/session`, | |
| }).toString(), | |
| headers: { | |
| authorization: `Basic ${btoa( | |
| context.env.DISCORD_ID + ":" + context.env.DISCORD_SECRET, | |
| )}`, | |
| "content-type": "application/x-www-form-urlencoded", | |
| }, | |
| method: "POST", | |
| }); | |
| if (!tokenReq.ok) { | |
| console.log(await tokenReq.text()); | |
| return jsonError("Failed to redeem code", 500); | |
| } | |
| const tokenData: { | |
| access_token: string; | |
| expires_in: number; | |
| refresh_token: string; | |
| scope: string; | |
| token_type: string; | |
| } = await tokenReq.json(); | |
| if (tokenData.scope.search("guilds.members.read") === -1) | |
| return jsonError("Do not touch the scopes!", 400); | |
| let userData: { [k: string]: any } = { | |
| ...tokenData, | |
| refresh_at: Date.now() + tokenData.expires_in * 1000 - 86400000, | |
| }; | |
| const userReq = await fetch("https://discord.com/api/v10/users/@me", { | |
| headers: { | |
| authorization: `Bearer ${tokenData.access_token}`, | |
| }, | |
| }); | |
| if (!userReq.ok) { | |
| console.log(await userReq.text()); | |
| return jsonError("Failed to retrieve user", 500); | |
| } | |
| const apiUser: { [k: string]: any } = await userReq.json(); | |
| userData = { | |
| ...userData, | |
| ...apiUser, | |
| }; | |
| const serverMemberReq = await fetch( | |
| "https://discord.com/api/v10/users/@me/guilds/242263977986359297/member", | |
| { | |
| headers: { | |
| authorization: `Bearer ${tokenData.access_token}`, | |
| }, | |
| }, | |
| ); | |
| const memberData: { [k: string]: any } = await serverMemberReq.json(); | |
| if (serverMemberReq.ok) { | |
| userData.permissions = await GetPermissions(userData.id, memberData.roles); | |
| userData.roles = memberData.roles; | |
| } else { | |
| userData.permissions = await GetPermissions(userData.id); | |
| } | |
| const selectedTokenStart = | |
| tokenPrefixes[Math.round(Math.random() * (tokenPrefixes.length - 1))] + "_"; | |
| const authToken = | |
| selectedTokenStart + | |
| `${crypto.randomUUID()}${crypto.randomUUID()}${crypto.randomUUID()}${crypto.randomUUID()}`.replaceAll( | |
| "-", | |
| "", | |
| ); | |
| const tokenHash = await generateTokenHash(authToken); | |
| await context.env.DATA.put(`auth_${tokenHash}`, JSON.stringify(userData), { | |
| expirationTtl: tokenData.expires_in, | |
| }); | |
| return new Response(null, { | |
| headers: { | |
| location: stateRedirect, | |
| "set-cookie": `_s=${authToken}; HttpOnly; Max-Age=${tokenData.expires_in}; Path=/; SameSite=Lax; Secure`, | |
| }, | |
| status: 302, | |
| }); | |
| } |