From 5db1df733b8dddab18c268a59925e883b5d2018b Mon Sep 17 00:00:00 2001 From: regalijan Date: Thu, 19 Oct 2023 16:50:34 -0400 Subject: [PATCH] Finish data transfer creation endpoint --- functions/api/data-transfers/create.ts | 90 +++++++++++++++++++++++--- 1 file changed, 80 insertions(+), 10 deletions(-) diff --git a/functions/api/data-transfers/create.ts b/functions/api/data-transfers/create.ts index 85eb574..48c87bd 100644 --- a/functions/api/data-transfers/create.ts +++ b/functions/api/data-transfers/create.ts @@ -3,8 +3,11 @@ export async function onRequestPost(context: RequestContext) { if ( typeof has_access !== "boolean" || - has_access && typeof cookie !== "string" || - has_access && !cookie.match(/_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/) + (has_access && typeof cookie !== "string") || + (has_access && + !cookie.match( + /_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/, + )) ) return new Response('{"error":"Invalid request"}', { headers: { @@ -13,24 +16,91 @@ export async function onRequestPost(context: RequestContext) { status: 400, }); - const id = (context.request.headers.get("cf-ray")?.split("-")[0] as string) + Date.now().toString() + crypto.randomUUID().replaceAll("-", ""); + const id = + (context.request.headers.get("cf-ray")?.split("-")[0] as string) + + Date.now().toString() + + crypto.randomUUID().replaceAll("-", ""); - if (!has_access) { + if (has_access) { + await context.env.DATA.put(`datatransfer_${id}`, "{}", { + expirationTtl: 1800, + }); + + const host = context.request.headers.get("Host") as string; + return new Response( + `{"url":"https://apis.roblox.com/oauth/v1/authorize?client_id=${ + context.env.ROBLOX_OAUTH_CLIENT_ID + }&redirect_uri=${encodeURIComponent( + `http${host.startsWith( + "localhost" ? "" : "s", + )}://${host}/api/data-transfers/verify`, + )}&state=${id}"}`, + { + headers: { + "set-cookie": `__dtid=${id}; HttpOnly; Max-Age=3600; Path=/; SameSite=Lax; Secure`, + }, + }, + ); } - const authedUserReq = await fetch("https://users.roblox.com/v1/users/authenticated", { - headers: { - cookie: `.ROBLOSECURITY=${cookie}`, + + const authedUserReq = await fetch( + "https://users.roblox.com/v1/users/authenticated", + { + headers: { + cookie: `.ROBLOSECURITY=${cookie}`, + }, }, - }); + ); if (!authedUserReq.ok) return new Response('{"error":"Cookie is invalid"}', { headers: { "content-type": "application/json", }, - status: 400 + status: 400, }); - const authedUser: { id: number, name: string } = await authedUserReq.json(); + const authedUser: { id: number; name: string } = await authedUserReq.json(); + + const createCardReq = await fetch( + `https://api.trello.com/1/cards?key=${context.env.TRELLO_API_KEY}&token=${context.env.TRELLO_API_TOKEN}`, + { + body: JSON.stringify({ + desc: `Old account: ${authedUser.name} (${authedUser.id})`, + idList: "5fbd440cd30b6377f959e244", + name: `${authedUser.name} | Data Transfer`, + }), + headers: { + accept: "application/json", + "content-type": "application/json", + }, + method: "POST", + }, + ); + + if (!createCardReq.ok) + return new Response('{"error":"Failed to create entry"}', { + headers: { + "content-type": "application/json", + }, + status: 500, + }); + + await context.env.DATA.put( + `datatransfer_${id}`, + JSON.stringify({ + oldUser: authedUser, + }), + { + expirationTtl: 900, + }, + ); + + return new Response(null, { + headers: { + location: `/data-transfer/${id}`, + }, + status: 201, + }); }