lerna: split up bulk of packages

packages/roleypoly-server/rpc/_autoloader.js

@@ -0,0 +1,59 @@
+// @flow
+import logger from '../logger'
+import glob from 'glob'
+import path from 'path'
+import { type AppContext } from '../Roleypoly'
+
+const log = logger(__filename)
+const PROD: boolean = process.env.NODE_ENV === 'production'
+
+export default (ctx: AppContext, forceClear: ?boolean = false): {
+  [rpc: string]: Function
+} => {
+  let map = {}
+  const apis = glob.sync(`./rpc/**/!(index).js`)
+  log.debug('found rpcs', apis)
+
+  for (let a of apis) {
+    const filename = path.basename(a)
+    const dirname = path.dirname(a)
+
+    const pathname = a.replace('rpc/', '')
+    delete require.cache[require.resolve(pathname)]
+
+    // internal stuff
+    if (filename.startsWith('_')) {
+      log.debug(`skipping ${a}`)
+      continue
+    }
+
+    if (dirname === 'client') {
+      log.debug(`skipping ${a}`)
+      continue
+    }
+
+    // testing only
+    if (filename.endsWith('_test.js') && PROD) {
+      log.debug(`skipping ${a}`)
+      continue
+    }
+
+    log.debug(`mounting ${a}`)
+    try {
+      const r = require(pathname)
+      let o = r
+      if (o.default) {
+        o = r.default
+      }
+
+      map = {
+        ...map,
+        ...o(ctx)
+      }
+    } catch (e) {
+      log.error(`couldn't mount ${a}`, e)
+    }
+  }
+
+  return map
+}

packages/roleypoly-server/rpc/_error.js

@@ -0,0 +1,15 @@
+class RPCError extends Error {
+  constructor (msg, code, ...extra) {
+    super(msg)
+    this.code = code
+    this.extra = extra
+  }
+
+  static fromResponse (body, status) {
+    const e = new RPCError(body.msg, status)
+    e.remoteStack = body.trace
+    return e
+  }
+}
+
+module.exports = RPCError

packages/roleypoly-server/rpc/_security.js

@@ -0,0 +1,158 @@
+// @flow
+import { type AppContext } from '../Roleypoly'
+import { type Context } from 'koa'
+import RPCError from './_error'
+
+import logger from '../logger'
+const log = logger(__filename)
+
+const PermissionError = new RPCError('User does not have permission to call this RPC.', 403)
+
+const logFacts = (
+  ctx: Context,
+  extra: { [x:string]: any } = {}
+) => ({
+  fn: (ctx.request.body: any).fn,
+  ip: ctx.ip,
+  user: ctx.session.userId,
+  ...extra
+})
+
+export const authed = (
+  $: AppContext,
+  fn: (ctx: Context, ...args: any[]) => any,
+  silent: boolean = false
+) => async (
+  ctx: Context,
+  ...args: any[]
+) => {
+  if (await $.auth.isLoggedIn(ctx)) {
+    return fn(ctx, ...args)
+  }
+
+  if ($.config.dev) {
+    log.debug('authed failed')
+    throw new RPCError('User is not logged in', 403)
+  }
+
+  if (!silent) {
+    log.info('RPC call authed check fail', logFacts(ctx))
+  }
+
+  throw PermissionError
+}
+
+export const root = (
+  $: AppContext,
+  fn: (ctx: Context, ...args: any[]) => any,
+  silent: boolean = false
+) => authed($, (
+  ctx: Context,
+  ...args: any[]
+) => {
+  if ($.discord.isRoot(ctx.session.userId)) {
+    return fn(ctx, ...args)
+  }
+
+  if ($.config.dev) {
+    log.debug('root failed')
+    throw new RPCError('User is not root', 403)
+  }
+
+  if (!silent) {
+    log.info('RPC call root check fail', logFacts(ctx))
+  }
+
+  throw PermissionError
+})
+
+export const manager = (
+  $: AppContext,
+  fn: (ctx: Context, server: string, ...args: any[]) => any,
+  silent: boolean = false
+) => member($, (
+  ctx: Context,
+  server: string,
+  ...args: any[]
+) => {
+  if ($.discord.canManageRoles(server, ctx.session.userId)) {
+    return fn(ctx, server, ...args)
+  }
+
+  if ($.config.dev) {
+    log.debug('manager failed')
+    throw new RPCError('User is not a role manager', 403)
+  }
+
+  if (!silent) {
+    log.info('RPC call manager check fail', logFacts(ctx, { server }))
+  }
+
+  throw PermissionError
+})
+
+export const member = (
+  $: AppContext,
+  fn: (ctx: Context, server: string, ...args: any[]) => any,
+  silent: boolean = false
+) => authed($, (
+  ctx: Context,
+  server: string,
+  ...args: any[]
+) => {
+  if ($.discord.isMember(server, ctx.session.userId)) {
+    return fn(ctx, server, ...args)
+  }
+
+  if ($.config.dev) {
+    log.debug('member failed')
+    throw new RPCError('User is not a member of this server', 403)
+  }
+
+  if (!silent) {
+    log.info('RPC call member check fail', logFacts(ctx, { server }))
+  }
+
+  throw PermissionError
+})
+
+export const any = (
+  $: AppContext,
+  fn: (ctx: Context, ...args: any[]) => any,
+  silent: boolean = false
+) => (...args: any) => fn(...args)
+
+type Handler = (ctx: Context, ...args: any[]) => any
+type Strategy = (
+  $: AppContext,
+  fn: Handler,
+  silent?: boolean
+) => any
+type StrategyPair = [ Strategy, Handler ]
+
+/**
+ * Weird func but ok -- test that a strategy doesn't fail, and run the first that doesn't.
+ */
+export const decide = (
+  $: AppContext,
+  ...strategies: StrategyPair[]
+) => async (...args: any) => {
+  for (let [ strat, handler ] of strategies) {
+    if (strat === null) {
+      strat = any
+    }
+
+    try {
+      return await strat($, handler, true)(...args)
+    } catch (e) {
+      continue
+    }
+  }
+
+  // if we reach the end, just throw
+  if ($.config.dev) {
+    log.info('decide failed for', strategies.map(v => v[0].name))
+  }
+
+  throw PermissionError
+}

packages/roleypoly-server/rpc/auth.js

@@ -0,0 +1,16 @@
+// @flow
+import { type AppContext } from '../Roleypoly'
+import { type Context } from 'koa'
+
+export default ($: AppContext) => ({
+  async checkAuthChallenge (ctx: Context, text: string): Promise<boolean> {
+    const chall = await $.auth.fetchDMChallenge({ human: text.toLowerCase() })
+    if (chall == null) {
+      return false
+    }
+
+    $.auth.injectSessionFromChallenge(ctx, chall)
+    $.auth.deleteDMChallenge(chall)
+    return true
+  }
+})

packages/roleypoly-server/rpc/index.js

@@ -0,0 +1,143 @@
+// @flow
+import logger from '../logger'
+import fnv from 'fnv-plus'
+import autoloader from './_autoloader'
+import RPCError from './_error'
+import type Roleypoly, { Router } from '../Roleypoly'
+import type { Context } from 'koa'
+const log = logger(__filename)
+
+export type RPCIncoming = {
+  fn: string,
+  args: any[]
+}
+
+export type RPCOutgoing = {
+  hash: string,
+  response: any
+}
+
+export default class RPCServer {
+  ctx: Roleypoly
+
+  rpcMap: {
+    [rpc: string]: Function
+  }
+
+  mapHash: string
+  rpcCalls: { name: string, args: number }[]
+
+  constructor (ctx: Roleypoly) {
+    this.ctx = ctx
+    this.reload()
+    ctx.addRouteHook(this.hookRoutes)
+  }
+
+  reload () {
+    // actual function map
+    this.rpcMap = autoloader(this.ctx.ctx)
+
+    // hash of the map
+    // used for known-reloads in the client.
+    this.mapHash = fnv.hash(Object.keys(this.rpcMap)).str()
+
+    // call map for the client.
+    this.rpcCalls = Object.keys(this.rpcMap).map(fn => ({ name: fn, args: 0 }))
+  }
+
+  hookRoutes = (router: Router) => {
+    // RPC call reporter.
+    // this is NEVER called in prod.
+    // it is used to generate errors if RPC calls don't exist or are malformed in dev.
+    router.get('/api/_rpc', async (ctx: Context) => {
+      ctx.body = ({
+        hash: this.mapHash,
+        available: this.rpcCalls
+      }: any)
+      ctx.status = 200
+      return true
+    })
+
+    router.post('/api/_rpc', this.handleRPC)
+  }
+
+  handleRPC = async (ctx: Context) => {
+    // handle an impossible situation
+    if (!(ctx.request.body instanceof Object)) {
+      return this.rpcError(ctx, null, new RPCError('RPC format was very incorrect.', 400))
+    }
+
+    // check if RPC exists
+    const { fn, args } = (ctx.request.body: RPCIncoming)
+
+    if (!(fn in this.rpcMap)) {
+      return this.rpcError(ctx, null, new RPCError(`RPC call ${fn}(...) not found.`, 404))
+    }
+
+    const call = this.rpcMap[fn]
+
+    // if call.length (which is the solid args list)
+    // is longer than args, we have too little to call the function.
+    // if (args.length < call.length) {
+    //   return this.rpcError(ctx, null, new RPCError(`RPC call ${fn}() with ${args.length} arguments does not exist.`, 400))
+    // }
+
+    try {
+      const response = await call(ctx, ...args)
+
+      ctx.body = {
+        hash: this.mapHash,
+        response
+      }
+
+      ctx.status = 200
+    } catch (err) {
+      return this.rpcError(ctx, 'RPC call errored', err, 500)
+    }
+  }
+
+  /**
+   * For internally called stuff, such as from a bot shard.
+   */
+  async call (fn: string, ...args: any[]) {
+    if (!(fn in this.rpcMap)) {
+      throw new RPCError(`RPC call ${fn}(...) not found.`, 404)
+    }
+
+    const call = this.rpcMap[fn]
+    return call(...args)
+  }
+
+  rpcError (ctx: Context & {body: any}, msg: ?string, err: ?Error = null, code: ?number = null) {
+    // log.error('rpc error', { msg, err })
+
+    ctx.body = {
+      msg: err?.message || msg,
+      error: true
+    }
+
+    ctx.status = code || 500
+    if (err != null) {
+      if (err instanceof RPCError || err.constructor.name === 'RPCError') {
+        // $FlowFixMe
+        ctx.status = err.code
+        console.log(err.code)
+      }
+    }
+
+    // if (err != null && err.constructor.name === 'RPCError') {
+    //   console.log({ status: err.code })
+    //   // this is one of our own errors, so we have a lot of data on this.
+    //   ctx.status = err.code // || code || 500
+    //   ctx.body.msg = `${err.message || msg || 'RPC Error'}`
+    // } else {
+    //   if (msg == null && err != null) {
+    //     ctx.body.msg = err.message
+    //   }
+
+    //   // if not, just play cloudflare, say something was really weird, and move on.
+    //   ctx.status = code || 520
+    //   ctx.message = 'Unknown Error'
+    // }
+  }
+}

packages/roleypoly-server/rpc/rpc_test.js

@@ -0,0 +1,23 @@
+// @flow
+import { type AppContext } from '../Roleypoly'
+import { type Context } from 'koa'
+import * as secureAs from './_security'
+export default ($: AppContext) => ({
+  // i want RPC to be *dead* simple.
+  // probably too simple.
+  hello (_: Context, hello: string) {
+    return `hello, ${hello} and all who inhabit it`
+  },
+
+  testJSON (_: Context, inobj: {}) {
+    return inobj
+  },
+
+  testDecide: secureAs.decide($,
+    [ secureAs.root, () => { return 'root' } ],
+    [ secureAs.manager, () => { return 'manager' } ],
+    [ secureAs.member, () => { return 'member' } ],
+    [ secureAs.authed, () => { return 'authed' } ],
+    [ secureAs.any, () => { return 'guest' } ]
+  )
+})

packages/roleypoly-server/rpc/servers.js

@@ -0,0 +1,48 @@
+// @flow
+import { type AppContext } from '../Roleypoly'
+import { type Context } from 'koa'
+import { type Guild } from 'eris'
+import * as secureAs from './_security'
+
+export default ($: AppContext) => ({
+
+  rootGetAllServers: secureAs.root($, (ctx: Context) => {
+    return $.discord.client.guilds.map<{
+      url: string,
+      name: string,
+      members: number,
+      roles: number
+    }>((g: Guild) => ({ url: `${$.config.appUrl}/s/${g.id}`, name: g.name, members: g.memberCount, roles: g.roles.size }))
+  }),
+
+  getServerSlug (ctx: Context, id: string) {
+    const srv = $.discord.client.guilds.get(id)
+    if (srv == null) {
+      return null
+    }
+
+    return $.P.serverSlug(srv)
+  },
+
+  getServer: secureAs.member($, (ctx: Context, id: string) => {
+    const { userId } = (ctx.session: { userId: string })
+
+    const srv = $.discord.client.guilds.get(id)
+    if (srv == null) {
+      return { err: 'not_found' }
+    }
+
+    let gm
+    if (srv.members.has(userId)) {
+      gm = $.discord.gm(id, userId)
+    } else if ($.discord.isRoot(userId)) {
+      gm = $.discord.fakeGm({ id: userId })
+    }
+
+    if (gm == null) {
+      return { err: 'not_found' }
+    }
+
+    return $.P.presentableServer(srv, gm)
+  })
+})

packages/roleypoly-server/rpc/user.js

@@ -0,0 +1,16 @@
+// @flow
+import { type AppContext } from '../Roleypoly'
+import { type Context } from 'koa'
+import * as secureAs from './_security'
+
+export default ($: AppContext) => ({
+
+  getCurrentUser: secureAs.authed($, async (ctx: Context) => {
+    return await $.discord.getUserPartial(ctx.session.userId)
+  }),
+
+  isRoot: secureAs.root($, () => {
+    return true
+  })
+
+})