mirror of
https://gitdab.com/cadence/out-of-your-element.git
synced 2025-09-10 12:22:50 +02:00
Upload web code
This commit is contained in:
Cadence Ember
parent
1d2daf2504
commit
b6c23c30fb
22 changed files with 765 additions and 6 deletions
23
src/web/routes/guild-settings.js
Normal file
23
src/web/routes/guild-settings.js
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
// @ts-check
|
||||
|
||||
const {z} = require("zod")
|
||||
const {defineEventHandler, sendRedirect, useSession, createError, readValidatedBody} = require("h3")
|
||||
|
||||
const {as, db} = require("../../passthrough")
|
||||
const {reg} = require("../../matrix/read-registration")
|
||||
|
||||
const schema = {
|
||||
autocreate: z.object({
|
||||
guild_id: z.string(),
|
||||
autocreate: z.string().optional()
|
||||
})
|
||||
}
|
||||
|
||||
as.router.post("/api/autocreate", defineEventHandler(async event => {
|
||||
const parsedBody = await readValidatedBody(event, schema.autocreate.parse)
|
||||
const session = await useSession(event, {password: reg.as_token})
|
||||
if (!(session.data.managedGuilds || []).includes(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
|
||||
|
||||
db.prepare("UPDATE guild_space SET autocreate = ? WHERE guild_id = ?").run(+!!parsedBody.autocreate, parsedBody.guild_id)
|
||||
return sendRedirect(event, `/guild?guild_id=${parsedBody.guild_id}`, 302)
|
||||
}))
|
||||
99
src/web/routes/invite.js
Normal file
99
src/web/routes/invite.js
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
// @ts-check
|
||||
|
||||
const assert = require("assert/strict")
|
||||
const {z} = require("zod")
|
||||
const {defineEventHandler, sendRedirect, useSession, createError, getValidatedQuery, readValidatedBody} = require("h3")
|
||||
const {randomUUID} = require("crypto")
|
||||
const {LRUCache} = require("lru-cache")
|
||||
|
||||
const {discord, as, sync, select} = require("../../passthrough")
|
||||
/** @type {import("../pug-sync")} */
|
||||
const pugSync = sync.require("../pug-sync")
|
||||
const {reg} = require("../../matrix/read-registration")
|
||||
|
||||
/** @type {import("../../matrix/api")} */
|
||||
const api = sync.require("../../matrix/api")
|
||||
|
||||
const schema = {
|
||||
guild: z.object({
|
||||
guild_id: z.string().optional()
|
||||
}),
|
||||
invite: z.object({
|
||||
mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/),
|
||||
permissions: z.enum(["default", "moderator"]),
|
||||
guild_id: z.string().optional(),
|
||||
nonce: z.string().optional()
|
||||
}),
|
||||
inviteNonce: z.object({
|
||||
nonce: z.string()
|
||||
})
|
||||
}
|
||||
|
||||
/** @type {LRUCache<string, string>} nonce to guild id */
|
||||
const validNonce = new LRUCache({max: 200})
|
||||
|
||||
as.router.get("/guild", defineEventHandler(async event => {
|
||||
const {guild_id} = await getValidatedQuery(event, schema.guild.parse)
|
||||
const nonce = randomUUID()
|
||||
if (guild_id) {
|
||||
// Security note: the nonce alone is valid for updating the guild
|
||||
// We have not verified the user has sufficient permissions in the guild at generation time
|
||||
// These permissions are checked later during page rendering and the generated nonce is only revealed if the permissions are sufficient
|
||||
validNonce.set(nonce, guild_id)
|
||||
}
|
||||
return pugSync.render(event, "guild.pug", {nonce})
|
||||
}))
|
||||
|
||||
as.router.get("/invite", defineEventHandler(async event => {
|
||||
const {nonce} = await getValidatedQuery(event, schema.inviteNonce.parse)
|
||||
const isValid = validNonce.has(nonce)
|
||||
const guild_id = validNonce.get(nonce)
|
||||
const guild = discord.guilds.get(guild_id || "")
|
||||
return pugSync.render(event, "invite.pug", {isValid, nonce, guild_id, guild})
|
||||
}))
|
||||
|
||||
as.router.post("/api/invite", defineEventHandler(async event => {
|
||||
const parsedBody = await readValidatedBody(event, schema.invite.parse)
|
||||
const session = await useSession(event, {password: reg.as_token})
|
||||
|
||||
// Check guild ID or nonce
|
||||
if (parsedBody.guild_id) {
|
||||
var guild_id = parsedBody.guild_id
|
||||
if (!(session.data.managedGuilds || []).includes(guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't invite users to a guild you don't have Manage Server permissions in"})
|
||||
} else if (parsedBody.nonce) {
|
||||
if (!validNonce.has(parsedBody.nonce)) throw createError({status: 403, message: "Nonce expired", data: "Nonce means number-used-once, and, well, you tried to use it twice..."})
|
||||
let ok = validNonce.get(parsedBody.nonce)
|
||||
assert(ok)
|
||||
var guild_id = ok
|
||||
validNonce.delete(parsedBody.nonce)
|
||||
} else {
|
||||
throw createError({status: 400, message: "Missing guild ID", data: "Passing a guild ID or a nonce is required."})
|
||||
}
|
||||
|
||||
// Check guild is bridged
|
||||
const spaceID = select("guild_space", "space_id", {guild_id: guild_id}).pluck().get()
|
||||
if (!spaceID) throw createError({status: 428, message: "Server not bridged", data: "You can only invite Matrix users to servers that are bridged to Matrix."})
|
||||
|
||||
// Check for existing invite to the space
|
||||
let spaceMember
|
||||
try {
|
||||
spaceMember = await api.getStateEvent(spaceID, "m.room.member", parsedBody.mxid)
|
||||
} catch (e) {}
|
||||
if (spaceMember && (spaceMember.membership === "invite" || spaceMember.membership === "join")) {
|
||||
return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
|
||||
}
|
||||
|
||||
// Invite
|
||||
await api.inviteToRoom(spaceID, parsedBody.mxid)
|
||||
|
||||
// Permissions
|
||||
if (parsedBody.permissions === "moderator") {
|
||||
await api.setUserPowerCascade(spaceID, parsedBody.mxid, 50)
|
||||
}
|
||||
|
||||
if (parsedBody.guild_id) {
|
||||
return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
|
||||
} else {
|
||||
return sendRedirect(event, "/ok?msg=User has been invited.", 302)
|
||||
}
|
||||
}))
|
||||
92
src/web/routes/oauth.js
Normal file
92
src/web/routes/oauth.js
Normal file
|
|
@ -0,0 +1,92 @@
|
|||
// @ts-check
|
||||
|
||||
const {z} = require("zod")
|
||||
const {randomUUID} = require("crypto")
|
||||
const {defineEventHandler, getValidatedQuery, sendRedirect, getQuery, useSession, createError} = require("h3")
|
||||
const {SnowTransfer} = require("snowtransfer")
|
||||
const DiscordTypes = require("discord-api-types/v10")
|
||||
const fetch = require("node-fetch")
|
||||
|
||||
const {as} = require("../../passthrough")
|
||||
const {id} = require("../../../addbot")
|
||||
const {reg} = require("../../matrix/read-registration")
|
||||
|
||||
const redirect_uri = `${reg.ooye.bridge_origin}/oauth`
|
||||
|
||||
const schema = {
|
||||
first: z.object({
|
||||
action: z.string().optional()
|
||||
}),
|
||||
code: z.object({
|
||||
state: z.string(),
|
||||
code: z.string(),
|
||||
guild_id: z.string().optional()
|
||||
}),
|
||||
token: z.object({
|
||||
token_type: z.string(),
|
||||
access_token: z.string(),
|
||||
expires_in: z.number({coerce: true}),
|
||||
refresh_token: z.string(),
|
||||
scope: z.string()
|
||||
})
|
||||
}
|
||||
|
||||
as.router.get("/oauth", defineEventHandler(async event => {
|
||||
const session = await useSession(event, {password: reg.as_token})
|
||||
let scope = "guilds"
|
||||
|
||||
const parsedFirstQuery = await getValidatedQuery(event, schema.first.safeParse)
|
||||
if (parsedFirstQuery.data?.action === "add") {
|
||||
scope = "bot+guilds"
|
||||
await session.update({selfService: false})
|
||||
} else if (parsedFirstQuery.data?.action === "add-self-service") {
|
||||
scope = "bot+guilds"
|
||||
await session.update({selfService: true})
|
||||
}
|
||||
|
||||
async function tryAgain() {
|
||||
const newState = randomUUID()
|
||||
await session.update({state: newState})
|
||||
return sendRedirect(event, `https://discord.com/oauth2/authorize?client_id=${id}&scope=${scope}&permissions=1610883072&response_type=code&redirect_uri=${redirect_uri}&state=${newState}`)
|
||||
}
|
||||
|
||||
const parsedQuery = await getValidatedQuery(event, schema.code.safeParse)
|
||||
if (!parsedQuery.success) return tryAgain()
|
||||
|
||||
const savedState = session.data.state
|
||||
if (!savedState) throw createError({status: 400, message: "Missing state", data: "Missing saved state parameter. Please try again, and make sure you have cookies enabled."})
|
||||
if (savedState != parsedQuery.data.state) return tryAgain()
|
||||
|
||||
const res = await fetch("https://discord.com/api/oauth2/token", {
|
||||
method: "post",
|
||||
body: new URLSearchParams({
|
||||
grant_type: "authorization_code",
|
||||
client_id: id,
|
||||
client_secret: reg.ooye.discord_client_secret,
|
||||
redirect_uri,
|
||||
code: parsedQuery.data.code
|
||||
})
|
||||
})
|
||||
const root = await res.json()
|
||||
|
||||
const parsedToken = schema.token.safeParse(root)
|
||||
if (!res.ok || !parsedToken.success) {
|
||||
throw createError({status: 502, message: "Invalid token response", data: `Discord completed OAuth, but returned this instead of an OAuth access token: ${JSON.stringify(root)}`})
|
||||
}
|
||||
|
||||
const client = new SnowTransfer(`Bearer ${parsedToken.data.access_token}`)
|
||||
try {
|
||||
const guilds = await client.user.getGuilds()
|
||||
const managedGuilds = guilds.filter(g => BigInt(g.permissions) & DiscordTypes.PermissionFlagsBits.ManageGuild).map(g => g.id)
|
||||
await session.update({managedGuilds})
|
||||
} catch (e) {
|
||||
throw createError({status: 502, message: "API call failed", data: e.message})
|
||||
}
|
||||
|
||||
if (parsedQuery.data.guild_id) {
|
||||
// TODO: we probably need to create a matrix space and database entry immediately here so that self-service settings apply and so matrix users can be invited
|
||||
return sendRedirect(event, `/guild?guild_id=${parsedQuery.data.guild_id}`, 302)
|
||||
}
|
||||
|
||||
return sendRedirect(event, "/", 302)
|
||||
}))
|
||||
Loading…
Add table
Add a link
Reference in a new issue