From d4112c425267156e97d1074548aaa320b295932b Mon Sep 17 00:00:00 2001
From: Kata <git@kat.cafe>
Date: Sun, 14 Apr 2019 12:59:54 -0500
Subject: [PATCH] [rpc/auth] add bot login/logout calls

---
 packages/roleypoly-server/rpc/auth.js         | 16 ++++++++++-
 packages/roleypoly-server/services/auth.js    | 27 ++++++++++++++++++-
 packages/roleypoly-server/services/discord.js |  9 +++++++
 3 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/packages/roleypoly-server/rpc/auth.js b/packages/roleypoly-server/rpc/auth.js
index 471a4e3..2a74363 100644
--- a/packages/roleypoly-server/rpc/auth.js
+++ b/packages/roleypoly-server/rpc/auth.js
@@ -1,6 +1,7 @@
 // @flow
 import { type AppContext } from '../Roleypoly'
 import { type Context } from 'koa'
+import { bot } from './_security'
 
 export default ($: AppContext) => ({
   async checkAuthChallenge (ctx: Context, text: string): Promise<boolean> {
@@ -12,5 +13,18 @@ export default ($: AppContext) => ({
     $.auth.injectSessionFromChallenge(ctx, chall)
     $.auth.deleteDMChallenge(chall)
     return true
-  }
+  },
+
+  issueAuthChallenge: bot($, (ctx: Context, userId: string) => {
+    return $.discord.issueChallenge(userId)
+  }),
+
+  botPing: bot($, () => {
+    return true
+  }),
+
+  removeUserSessions: bot($, async (ctx: Context, userId: string) => {
+    await $.auth.clearUserSessions(userId)
+    return true
+  })
 })
diff --git a/packages/roleypoly-server/services/auth.js b/packages/roleypoly-server/services/auth.js
index ca3b0e4..42edb7a 100644
--- a/packages/roleypoly-server/services/auth.js
+++ b/packages/roleypoly-server/services/auth.js
@@ -21,7 +21,7 @@ export type AuthTokens = {
 }
 
 export default class AuthService extends Service {
-  M: { AuthChallenge: any }
+  M: { AuthChallenge: any, Session: any }
   monikerGen = moniker.generator([ moniker.adjective, moniker.adjective, moniker.noun ], { glue: ' ' })
   constructor (ctx: AppContext) {
     super(ctx)
@@ -30,6 +30,7 @@ export default class AuthService extends Service {
 
   async isLoggedIn (ctx: Context, { refresh = false }: { refresh: boolean } = {}) {
     const { userId, expiresAt, authType } = ctx.session
+    this.log.debug('isLoggedIn session', ctx.session)
     if (userId == null) {
       this.log.debug('isLoggedIn failed, no userId', ctx.session)
       return false
@@ -54,6 +55,14 @@ export default class AuthService extends Service {
   }
 
   async createDMChallenge (userId: string): Promise<DMChallenge> {
+    if (userId == null || userId === '') {
+      throw new Error('userId was not set')
+    }
+
+    if (await this.ctx.discord.isValidUser(userId) === false) {
+      throw new Error('userId was not a valid user')
+    }
+
     const out: DMChallenge = {
       userId,
       human: this.monikerGen.choose(),
@@ -88,10 +97,13 @@ export default class AuthService extends Service {
 
   injectSessionFromChallenge (ctx: Context, chall: DMChallenge) {
     ctx.session = {
+      ...ctx.session,
       userId: chall.userId,
       authType: 'dm',
       expiresAt: Date.now() + 1000 * 60 * 60 * 24
     }
+
+    this.log.debug('new session', ctx.session)
   }
 
   injectSessionFromOAuth (ctx: Context, tokens: AuthTokens, userId: string) {
@@ -104,4 +116,17 @@ export default class AuthService extends Service {
       refreshToken
     }
   }
+
+  async clearUserSessions (userId: string) {
+    // get all sessions but also revoke any oauth tokens.
+    const sessions = await this.M.Session.findAll({ where: { data: { userId } } })
+
+    for (let session of sessions) {
+      if (session.data.authType === 'oauth') {
+        await this.ctx.discord.revokeOAuth({ accessToken: session.data.accessToken })
+      }
+
+      await session.destroy()
+    }
+  }
 }
diff --git a/packages/roleypoly-server/services/discord.js b/packages/roleypoly-server/services/discord.js
index e41f597..e072443 100644
--- a/packages/roleypoly-server/services/discord.js
+++ b/packages/roleypoly-server/services/discord.js
@@ -321,4 +321,13 @@ export default class DiscordService extends Service {
   isMember (server: string, user: string): boolean {
     return this.gm(server, user) != null
   }
+
+  async isValidUser (user: string): Promise<boolean> {
+    const u = await this.fetcher.getUser(user)
+    if (u != null) {
+      return true
+    }
+
+    return false
+  }
 }