mirror of
https://github.com/roleypoly/roleypoly-v1.git
synced 2025-06-16 10:19:10 +00:00
backend/auth: redo OAuth flow and "finish" DM auth flow
This commit is contained in:
parent
1b8d90b24b
commit
ff67bc3f1b
4 changed files with 167 additions and 12 deletions
|
|
@ -3,6 +3,8 @@ import Service from './Service'
|
|||
import nanoid from 'nanoid'
|
||||
import moniker from 'moniker'
|
||||
import type { AppContext } from '../Roleypoly'
|
||||
import type { Context } from 'koa'
|
||||
// import type { UserPartial } from './discord'
|
||||
// import type { Models } from '../models'
|
||||
|
||||
export type DMChallenge = {
|
||||
|
|
@ -12,6 +14,12 @@ export type DMChallenge = {
|
|||
issuedAt: Date
|
||||
}
|
||||
|
||||
export type AuthTokens = {
|
||||
access_token: string,
|
||||
refresh_token: string,
|
||||
expires_in: string
|
||||
}
|
||||
|
||||
export default class AuthService extends Service {
|
||||
M: { AuthChallenge: any }
|
||||
monikerGen = moniker.generator([ moniker.adjective, moniker.adjective, moniker.noun ], { glue: ' ' })
|
||||
|
|
@ -20,6 +28,26 @@ export default class AuthService extends Service {
|
|||
this.M = ctx.M
|
||||
}
|
||||
|
||||
async isLoggedIn (ctx: Context, { refresh = false }: { refresh: boolean } = {}) {
|
||||
const { userId, expiresAt, authType } = ctx.session
|
||||
if (userId == null) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (expiresAt < Date.now()) {
|
||||
if (refresh && authType === 'oauth') {
|
||||
const tokens = await this.ctx.discord.refreshOAuth(ctx.session)
|
||||
this.injectSessionFromOAuth(ctx, tokens, userId)
|
||||
return true
|
||||
}
|
||||
|
||||
ctx.session = null // reset session as well
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
async createDMChallenge (userId: string): Promise<DMChallenge> {
|
||||
const out: DMChallenge = {
|
||||
userId,
|
||||
|
|
@ -48,4 +76,27 @@ export default class AuthService extends Service {
|
|||
|
||||
return challenge
|
||||
}
|
||||
|
||||
deleteDMChallenge (input: DMChallenge) {
|
||||
return this.M.AuthChallenge.destroy({ where: { magic: input.magic } })
|
||||
}
|
||||
|
||||
injectSessionFromChallenge (ctx: Context, chall: DMChallenge) {
|
||||
ctx.session = {
|
||||
userId: chall.userId,
|
||||
authType: 'dm',
|
||||
expiresAt: Date.now() + 1000 * 60 * 60 * 24
|
||||
}
|
||||
}
|
||||
|
||||
injectSessionFromOAuth (ctx: Context, tokens: AuthTokens, userId: string) {
|
||||
const { expires_in: expiresIn, access_token: accessToken, refresh_token: refreshToken } = tokens
|
||||
ctx.session = {
|
||||
userId,
|
||||
authType: 'oauth',
|
||||
expiresAt: Date.now() + expiresIn,
|
||||
accessToken,
|
||||
refreshToken
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import {
|
|||
type Collection,
|
||||
Client
|
||||
} from 'discord.js'
|
||||
import type { AuthTokens } from './auth'
|
||||
|
||||
export type UserPartial = {
|
||||
id: string,
|
||||
|
|
@ -46,6 +47,7 @@ class DiscordService extends Service {
|
|||
super(ctx)
|
||||
this.appUrl = ctx.config.appUrl
|
||||
|
||||
this.oauthCallback = `${this.appUrl}/api/oauth/callback`
|
||||
this.botCallback = `${this.appUrl}/api/oauth/bot/callback`
|
||||
this.rootUsers = new Set((process.env.ROOT_USERS || '').split(','))
|
||||
|
||||
|
|
@ -132,7 +134,7 @@ class DiscordService extends Service {
|
|||
}
|
||||
|
||||
// oauth step 2 flow, grab the auth token via code
|
||||
async getAuthToken (code: string) {
|
||||
async getAuthToken (code: string): Promise<AuthTokens> {
|
||||
const url = 'https://discordapp.com/api/oauth2/token'
|
||||
try {
|
||||
const rsp =
|
||||
|
|
@ -154,7 +156,7 @@ class DiscordService extends Service {
|
|||
}
|
||||
}
|
||||
|
||||
async getUser (authToken?: string): Promise<UserPartial> {
|
||||
async getUserFromToken (authToken?: string): Promise<UserPartial> {
|
||||
const url = 'https://discordapp.com/api/v6/users/@me'
|
||||
try {
|
||||
if (authToken == null || authToken === '') {
|
||||
|
|
@ -186,6 +188,50 @@ class DiscordService extends Service {
|
|||
}
|
||||
}
|
||||
|
||||
async refreshOAuth ({ refreshToken }: { refreshToken: string }): Promise<AuthTokens> {
|
||||
const url = 'https://discordapp.com/api/oauth2/token'
|
||||
try {
|
||||
const rsp =
|
||||
await superagent
|
||||
.post(url)
|
||||
.set('Content-Type', 'application/x-www-form-urlencoded')
|
||||
.send({
|
||||
client_id: this.clientId,
|
||||
client_secret: this.clientSecret,
|
||||
grant_type: 'refresh_token',
|
||||
refresh_token: refreshToken,
|
||||
redirect_uri: this.oauthCallback
|
||||
})
|
||||
|
||||
return rsp.body
|
||||
} catch (e) {
|
||||
this.log.error('refreshOAuth failed', e)
|
||||
throw e
|
||||
}
|
||||
}
|
||||
|
||||
async revokeOAuth ({ accessToken }: { accessToken: string }) {
|
||||
const url = 'https://discordapp.com/api/oauth2/token/revoke'
|
||||
try {
|
||||
const rsp =
|
||||
await superagent
|
||||
.post(url)
|
||||
.set('Content-Type', 'application/x-www-form-urlencoded')
|
||||
.send({
|
||||
client_id: this.clientId,
|
||||
client_secret: this.clientSecret,
|
||||
grant_type: 'access_token',
|
||||
token: accessToken,
|
||||
redirect_uri: this.oauthCallback
|
||||
})
|
||||
|
||||
return rsp.body
|
||||
} catch (e) {
|
||||
this.log.error('revokeOAuth failed', e)
|
||||
throw e
|
||||
}
|
||||
}
|
||||
|
||||
// on sign out, we revoke the token we had.
|
||||
// async revokeAuthToken (code, state) {
|
||||
// const url = 'https://discordapp.com/api/oauth2/revoke'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue