From b8251b67b5e69e01b0a5a6516986da62e12576c9 Mon Sep 17 00:00:00 2001
From: Regalijan <r@regalijan.com>
Date: Wed, 22 Nov 2023 22:47:40 -0500
Subject: [PATCH] Create data transfer verify endpoint

---
 functions/api/data-transfers/verify.ts | 94 ++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 functions/api/data-transfers/verify.ts

diff --git a/functions/api/data-transfers/verify.ts b/functions/api/data-transfers/verify.ts
new file mode 100644
index 0000000..509651c
--- /dev/null
+++ b/functions/api/data-transfers/verify.ts
@@ -0,0 +1,94 @@
+import { jsonError } from "../../common.js";
+import { getBanList } from "../../roblox-open-cloud.js";
+
+export async function onRequestGet(context: RequestContext) {
+  const code = new URL(context.request.url).searchParams.get("code");
+
+  if (!code) return jsonError("Missing code", 400);
+
+  const dataTransferData = (await context.env.DATA.get(
+    `datatransfer_${context.data.data_transfer_id}`,
+    { type: "json" },
+  )) as { [k: string]: any } | null;
+
+  if (!dataTransferData)
+    return jsonError("No transfer exists with that ID", 404);
+
+  const exchangeReq = await fetch("https://apis.roblox.com/oauth/v1/token", {
+    body: `code=${code}&grant_type=authorization_code`,
+    headers: {
+      authorization: `Basic ${
+        btoa(context.env.ROBLOX_OAUTH_ID) +
+        ":" +
+        context.env.ROBLOX_OAUTH_SECRET
+      }`,
+      "content-type": "application/x-www-form-urlencoded",
+    },
+    method: "POST",
+  });
+
+  if (!exchangeReq.ok) return jsonError("Failed to redeem code", 500);
+
+  const { id_token } = (await exchangeReq.json()) as { id_token: string };
+
+  const { name, preferred_username, sub } = JSON.parse(
+    atob(id_token.replaceAll("-", "+").replaceAll("_", "/")),
+  );
+
+  if (!preferred_username) return jsonError("Username missing", 500);
+
+  const userObj = {
+    displayName: name,
+    id: parseInt(sub),
+    name: preferred_username,
+  };
+
+  let redirectLocation = "/data-transfer/complete";
+
+  if (dataTransferData.oldUser) {
+    let banList;
+
+    try {
+      banList = (await getBanList(context)) as {
+        [k: string]: { BanType: number };
+      };
+    } catch {
+      return jsonError("Failed to create data transfer request", 500);
+    }
+
+    if (banList[userObj.id].BanType)
+      return new Response(null, {
+        headers: {
+          location: redirectLocation,
+        },
+        status: 302,
+      });
+
+    dataTransferData.newUser = userObj;
+
+    await fetch(
+      `https://api.trello.com/1/cards?key=${context.env.TRELLO_API_KEY}&token=${context.env.TRELLO_API_TOKEN}`,
+      {
+        body: JSON.stringify({
+          desc: `${dataTransferData.oldUser.name} -> ${userObj.name}\n${dataTransferData.oldUser.id} -> ${userObj.id}\nNO MODMAIL TICKET - WEBSITE FORM SUBMISSION`,
+          idList: context.env.TRELLO_LIST_ID,
+          name: `${dataTransferData.oldUser.name} | Data Transfer`,
+        }),
+        headers: {
+          "content-type": "application/json",
+        },
+        method: "POST",
+      },
+    );
+  } else {
+    dataTransferData.oldUser = userObj;
+    redirectLocation = "/data-transfer/destination-account";
+  }
+
+  return new Response(null, {
+    headers: {
+      location: redirectLocation,
+    },
+    status: 302,
+  });
+}