backend/auth: redo OAuth flow and "finish" DM auth flow

2025-06-16 18:29:08 +00:00 · 2019-03-19 20:25:38 -05:00 · 2019-03-19 20:25:38 -05:00 · ff67bc3f1b
commit ff67bc3f1b
parent 1b8d90b24b
4 changed files with 167 additions and 12 deletions
--- a/services/discord.js
+++ b/services/discord.js
@ -11,6 +11,7 @@ import {
  type Collection,
  Client
 } from 'discord.js'
+import type { AuthTokens } from './auth'

 export type UserPartial = {
  id: string,
@ -46,6 +47,7 @@ class DiscordService extends Service {
    super(ctx)
    this.appUrl = ctx.config.appUrl

+    this.oauthCallback = `${this.appUrl}/api/oauth/callback`
    this.botCallback = `${this.appUrl}/api/oauth/bot/callback`
    this.rootUsers = new Set((process.env.ROOT_USERS || '').split(','))

@ -132,7 +134,7 @@ class DiscordService extends Service {
  }

  // oauth step 2 flow, grab the auth token via code
-  async getAuthToken (code: string) {
+  async getAuthToken (code: string): Promise<AuthTokens> {
    const url = 'https://discordapp.com/api/oauth2/token'
    try {
      const rsp =
@ -154,7 +156,7 @@ class DiscordService extends Service {
    }
  }

-  async getUser (authToken?: string): Promise<UserPartial> {
+  async getUserFromToken (authToken?: string): Promise<UserPartial> {
    const url = 'https://discordapp.com/api/v6/users/@me'
    try {
      if (authToken == null || authToken === '') {
@ -186,6 +188,50 @@ class DiscordService extends Service {
    }
  }

+  async refreshOAuth ({ refreshToken }: { refreshToken: string }): Promise<AuthTokens> {
+    const url = 'https://discordapp.com/api/oauth2/token'
+    try {
+      const rsp =
+        await superagent
+          .post(url)
+          .set('Content-Type', 'application/x-www-form-urlencoded')
+          .send({
+            client_id: this.clientId,
+            client_secret: this.clientSecret,
+            grant_type: 'refresh_token',
+            refresh_token: refreshToken,
+            redirect_uri: this.oauthCallback
+          })
+
+      return rsp.body
+    } catch (e) {
+      this.log.error('refreshOAuth failed', e)
+      throw e
+    }
+  }
+
+  async revokeOAuth ({ accessToken }: { accessToken: string }) {
+    const url = 'https://discordapp.com/api/oauth2/token/revoke'
+    try {
+      const rsp =
+        await superagent
+          .post(url)
+          .set('Content-Type', 'application/x-www-form-urlencoded')
+          .send({
+            client_id: this.clientId,
+            client_secret: this.clientSecret,
+            grant_type: 'access_token',
+            token: accessToken,
+            redirect_uri: this.oauthCallback
+          })
+
+      return rsp.body
+    } catch (e) {
+      this.log.error('revokeOAuth failed', e)
+      throw e
+    }
+  }
+
  // on sign out, we revoke the token we had.
  // async revokeAuthToken (code, state) {
  //   const url = 'https://discordapp.com/api/oauth2/revoke'