out-of-your-element/src/web/routes/invite.js

// @ts-check

const assert = require("assert/strict")
const {z} = require("zod")
const {defineEventHandler, sendRedirect, useSession, createError, getValidatedQuery, readValidatedBody} = require("h3")
const {randomUUID} = require("crypto")
const {LRUCache} = require("lru-cache")

const {discord, as, sync, select} = require("../../passthrough")
/** @type {import("../pug-sync")} */
const pugSync = sync.require("../pug-sync")
/** @type {import("../../d2m/actions/create-space")} */
const createSpace = sync.require("../../d2m/actions/create-space")
const {reg} = require("../../matrix/read-registration")

/** @type {import("../../matrix/api")} */
const api = sync.require("../../matrix/api")

const schema = {
	guild: z.object({
		guild_id: z.string().optional()
	}),
	invite: z.object({
		mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/),
		permissions: z.enum(["default", "moderator"]),
		guild_id: z.string().optional(),
		nonce: z.string().optional()
	}),
	inviteNonce: z.object({
		nonce: z.string()
	})
}

/** @type {LRUCache<string, string>} nonce to guild id */
const validNonce = new LRUCache({max: 200})

as.router.get("/guild", defineEventHandler(async event => {
	const {guild_id} = await getValidatedQuery(event, schema.guild.parse)
	const nonce = randomUUID()
	if (guild_id) {
		// Security note: the nonce alone is valid for updating the guild
		// We have not verified the user has sufficient permissions in the guild at generation time
		// These permissions are checked later during page rendering and the generated nonce is only revealed if the permissions are sufficient
		validNonce.set(nonce, guild_id)
	}
	return pugSync.render(event, "guild.pug", {nonce})
}))

as.router.get("/invite", defineEventHandler(async event => {
	const {nonce} = await getValidatedQuery(event, schema.inviteNonce.parse)
	const isValid = validNonce.has(nonce)
	const guild_id = validNonce.get(nonce)
	const guild = discord.guilds.get(guild_id || "")
	return pugSync.render(event, "invite.pug", {isValid, nonce, guild_id, guild})
}))

as.router.post("/api/invite", defineEventHandler(async event => {
	const parsedBody = await readValidatedBody(event, schema.invite.parse)
	const session = await useSession(event, {password: reg.as_token})

	// Check guild ID or nonce
	if (parsedBody.guild_id) {
		var guild_id = parsedBody.guild_id
		if (!(session.data.managedGuilds || []).includes(guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't invite users to a guild you don't have Manage Server permissions in"})
	} else if (parsedBody.nonce) {
		if (!validNonce.has(parsedBody.nonce)) throw createError({status: 403, message: "Nonce expired", data: "Nonce means number-used-once, and, well, you tried to use it twice..."})
		let ok = validNonce.get(parsedBody.nonce)
		assert(ok)
		var guild_id = ok
		validNonce.delete(parsedBody.nonce)
	} else {
		throw createError({status: 400, message: "Missing guild ID", data: "Passing a guild ID or a nonce is required."})
	}

	// Check guild is bridged
	const guild = discord.guilds.get(guild_id)
	assert(guild)
	const spaceID = await createSpace.ensureSpace(guild)

	// Check for existing invite to the space
	let spaceMember
	try {
		spaceMember = await api.getStateEvent(spaceID, "m.room.member", parsedBody.mxid)
	} catch (e) {}

	if (!spaceMember || spaceMember.membership !== "invite" || spaceMember.membership !== "join") {
		// Invite
		await api.inviteToRoom(spaceID, parsedBody.mxid)
	}

	// Permissions
	if (parsedBody.permissions === "moderator") {
		await api.setUserPowerCascade(spaceID, parsedBody.mxid, 50)
	}

	if (parsedBody.guild_id) {
		return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
	} else {
		return sendRedirect(event, "/ok?msg=User has been invited.", 302)
	}
}))