
232 lines
6.7 KiB
Raw Normal View History

2023-11-17 21:11:50 +01:00
import express from 'express';
2023-11-19 22:11:55 +01:00
import { engine } from 'express-handlebars';
2023-11-17 21:11:50 +01:00
import * as log from './lib/log';
2023-11-19 21:28:31 +01:00
import { CustomItem, Session, db } from './lib/db';
2023-11-18 00:55:39 +01:00
import { defaultItems } from './lib/rpg/items';
2023-11-19 22:16:55 +01:00
import { APIPartialGuild, APIUser, CDN, Client, RESTPostOAuth2AccessTokenResult, RESTPostOAuth2AccessTokenURLEncodedData, RESTPostOAuth2RefreshTokenURLEncodedData, Routes } from 'discord.js';
2023-11-19 21:28:31 +01:00
import got from 'got';
import uid from 'uid-safe';
import { Cookie, parse } from 'tough-cookie';
import { IncomingHttpHeaders } from 'http';
const DISCORD_ENDPOINT = 'https://discord.com/api/v10';
const UID_BYTE_LENGTH = 18;
2023-11-20 02:37:18 +01:00
const UID_STRING_LENGTH = 24; // why?
2023-11-19 21:28:31 +01:00
const COOKIE_EXPIRES = 1_000 * 60 * 60 * 24 * 365;
async function getSessionString(cookieStr: string) {
const cookies = cookieStr.split('; ').map(s => parse(s)!).filter(c => c !== null);
const sessionCookie = cookies.find(c => c.key === COOKIE_KEY);
2023-11-20 02:37:18 +01:00
if (!sessionCookie || sessionCookie.value.length !== UID_STRING_LENGTH) {
2023-11-19 21:28:31 +01:00
return await uid(UID_BYTE_LENGTH);
} else {
return sessionCookie.value;
2023-11-20 02:37:18 +01:00
async function setSession(sessionId: string, sessionData: Omit<Session, 'id'>) {
2023-11-19 21:28:31 +01:00
const session = await db<Session>('sessions')
2023-11-20 02:37:18 +01:00
.where('id', sessionId)
2023-11-19 21:28:31 +01:00
2023-11-20 02:37:18 +01:00
if (session) {
await db<Session>('sessions')
.where('id', sessionId)
} else {
await db<Session>('sessions')
.insert({id: sessionId, ...sessionData})
2023-11-19 21:28:31 +01:00
2023-11-20 02:37:18 +01:00
async function getToken(bot: Client, code: string) {
try {
return await got.post(DISCORD_ENDPOINT + Routes.oauth2TokenExchange(), {
form: {
client_id: bot.config.clientId,
client_secret: bot.config.clientSecret,
grant_type: 'authorization_code',
redirect_uri: bot.config.siteURL,
} satisfies RESTPostOAuth2AccessTokenURLEncodedData
// if you're looking to change this then you are blissfully unaware of the past
// and have learnt 0 lessons
}).json() as RESTPostOAuth2AccessTokenResult
} catch(err) {
2023-11-19 21:28:31 +01:00
2023-11-20 02:37:18 +01:00
async function refreshToken(bot: Client, sessionId: string, refreshToken: string) {
2023-11-19 21:28:31 +01:00
let resp;
try {
resp = await got.post(DISCORD_ENDPOINT + Routes.oauth2TokenExchange(), {
form: {
client_id: bot.config.clientId,
client_secret: bot.config.clientSecret,
grant_type: 'refresh_token',
2023-11-20 02:37:18 +01:00
refresh_token: refreshToken,
2023-11-19 21:28:31 +01:00
} satisfies RESTPostOAuth2RefreshTokenURLEncodedData
}).json() as RESTPostOAuth2AccessTokenResult;
} catch(err) {
const sessionData = {
tokenType: resp.token_type,
accessToken: resp.access_token,
refreshToken: resp.refresh_token,
expiresAt: Date.now() + resp.expires_in * 1000,
return (await db<Session>('sessions')
2023-11-20 02:37:18 +01:00
.where('id', sessionId)
2023-11-19 21:28:31 +01:00
2023-11-17 21:11:50 +01:00
2023-11-20 02:37:18 +01:00
function updateCookie(res: express.Response, sessionId: string) {
const cookie = new Cookie({
value: sessionId,
expires: new Date(Date.now() + COOKIE_EXPIRES),
sameSite: 'strict'
res.setHeader('Set-Cookie', cookie.toString());
async function getSession(bot: Client, headers: IncomingHttpHeaders) {
const cookie = headers['cookie'];
if (!cookie) return;
const sessionStr = await getSessionString(cookie);
const session = await db<Session>('sessions')
.where('id', sessionStr)
if (!session) return;
if (Date.now() < session.expiresAt) return session;
const newSession = refreshToken(bot, session.id, session.refreshToken);
2023-11-19 22:11:55 +01:00
export async function getUser(session: Session | undefined) {
if (!session) return null;
try {
return await got('https://discord.com/api/users/@me', {
headers: {
authorization: `${session.tokenType} ${session.accessToken}`
}).json() as APIUser;
} catch(err) {
return null;
2023-11-19 22:16:55 +01:00
export async function getGuilds(session: Session | undefined) {
if (!session) return null;
try {
return await got('https://discord.com/api/users/@me/guilds', {
headers: {
authorization: `${session.tokenType} ${session.accessToken}`
}).json() as APIPartialGuild[];
} catch(err) {
return null;
2023-11-19 22:11:55 +01:00
2023-11-18 13:49:50 +01:00
export async function startServer(bot: Client, port: number) {
2023-11-17 21:11:50 +01:00
const app = express();
2023-11-19 22:11:55 +01:00
const cdn = new CDN();
app.engine('handlebars', engine());
app.set('view engine', 'handlebars');
app.set('views', './views');
2023-11-17 21:11:50 +01:00
2023-11-18 00:55:39 +01:00
app.get('/api/items', async (req, res) => {
const guildID = req.query.guild;
let customItems : Partial<CustomItem>[];
if (guildID) {
customItems = await db<CustomItem>('customItems')
.select('emoji', 'name', 'id', 'description')
.where('guild', guildID)
} else {
customItems = [];
res.json([...defaultItems, ...customItems]);
2023-11-18 13:49:50 +01:00
app.get('/api/status', async (_, res) => {
guilds: bot.guilds.cache.size,
uptime: bot.uptime
2023-11-19 21:28:31 +01:00
app.get('/', async (req, res) => {
const code = req.query.code as string;
if (code) {
try {
2023-11-20 02:37:18 +01:00
const resp = await getToken(bot, code);
if (!resp) return res.status(400).send('Invalid code provided');
2023-11-19 21:28:31 +01:00
const sessionId = await getSessionString(decodeURIComponent(req.headers.cookie || ''));
2023-11-20 02:37:18 +01:00
setSession(sessionId, {
2023-11-19 21:28:31 +01:00
tokenType: resp.token_type,
accessToken: resp.access_token,
refreshToken: resp.refresh_token,
expiresAt: Date.now() + resp.expires_in * 1000,
2023-11-20 02:37:18 +01:00
updateCookie(res, sessionId);
2023-11-19 21:28:31 +01:00
return res.redirect('/profile');
} catch (err) {
return res.status(500);
2023-11-19 22:11:55 +01:00
const session = await getSession(bot, req.headers);
const user = await getUser(session);
res.render('home', {
signedIn: session !== undefined,
username: user?.global_name,
avatar: user?.avatar ? cdn.avatar(user.id, user.avatar, { size: 128 }) : null,
layout: false,
2023-11-19 21:28:31 +01:00
app.get('/profile', async (req, res) => {
const session = await getSession(bot, req.headers);
if (!session) return res.redirect(`https://discord.com/api/oauth2/authorize?client_id=${bot.config.clientId}&redirect_uri=${encodeURIComponent(bot.config.siteURL)}&response_type=code&scope=identify%20guilds`);
2023-11-19 22:11:55 +01:00
const user = await getUser(session);
2023-11-19 22:16:55 +01:00
const guilds = await getGuilds(session);
2023-11-19 21:28:31 +01:00
//res.sendFile('profile/index.html', { root: 'static/' });
2023-11-19 22:16:55 +01:00
2023-11-19 21:28:31 +01:00
2023-11-17 21:11:50 +01:00
app.listen(port, () => log.info(`web interface listening on ${port}`));