miniflare init

2025-06-17 09:59:10 +00:00 · 2022-01-27 16:54:37 -05:00 · 2022-01-27 16:54:37 -05:00 · 688954a2e0
commit 688954a2e0
parent 8c07ed3123
52 changed files with 898 additions and 25 deletions
--- a/packages/api/old-src/handlers/bot-join.ts
+++ b/packages/api/old-src/handlers/bot-join.ts
@ -0,0 +1,40 @@
+import { Bounce } from '../utils/bounce';
+import { botClientID } from '../utils/config';
+
+const validGuildID = /^[0-9]+$/;
+
+type URLParams = {
+  clientID: string;
+  permissions: number;
+  guildID?: string;
+  scopes: string[];
+};
+
+const buildURL = (params: URLParams) => {
+  let url = `https://discord.com/api/oauth2/authorize?client_id=${
+    params.clientID
+  }&scope=${params.scopes.join('%20')}&permissions=${params.permissions}`;
+
+  if (params.guildID) {
+    url += `&guild_id=${params.guildID}&disable_guild_select=true`;
+  }
+
+  return url;
+};
+
+export const BotJoin = (request: Request): Response => {
+  let guildID = new URL(request.url).searchParams.get('guild') || '';
+
+  if (guildID && !validGuildID.test(guildID)) {
+    guildID = '';
+  }
+
+  return Bounce(
+    buildURL({
+      clientID: botClientID,
+      permissions: 268435456,
+      guildID,
+      scopes: ['bot', 'applications.commands'],
+    })
+  );
+};
--- a/packages/api/old-src/handlers/clear-guild-cache.ts
+++ b/packages/api/old-src/handlers/clear-guild-cache.ts
@ -0,0 +1,18 @@
+import { asEditor, getGuild, GuildRateLimiterKey } from '../utils/guild';
+import { notFound, ok } from '../utils/responses';
+
+export const ClearGuildCache = asEditor(
+  {
+    rateLimitKey: GuildRateLimiterKey.cacheClear,
+    rateLimitTimeoutSeconds: 60 * 5,
+  },
+  (session, { guildID }) =>
+    async (request: Request): Promise<Response> => {
+      const result = await getGuild(guildID, { skipCachePull: true });
+      if (!result) {
+        return notFound();
+      }
+
+      return ok();
+    }
+);
--- a/packages/api/old-src/handlers/get-picker-data.ts
+++ b/packages/api/old-src/handlers/get-picker-data.ts
@ -0,0 +1,64 @@
+import { memberPassesAccessControl } from '@roleypoly/api/utils/access-control';
+import { accessControlViolation } from '@roleypoly/api/utils/responses';
+import { DiscordUser, GuildSlug, PresentableGuild, SessionData } from '@roleypoly/types';
+import { respond } from '@roleypoly/worker-utils';
+import { withSession } from '../utils/api-tools';
+import { getGuild, getGuildData, getGuildMember } from '../utils/guild';
+
+const fail = () => respond({ error: 'guild not found' }, { status: 404 });
+
+export const GetPickerData = withSession(
+  (session: SessionData) =>
+    async (request: Request): Promise<Response> => {
+      const url = new URL(request.url);
+      const [, , guildID] = url.pathname.split('/');
+
+      if (!guildID) {
+        return respond({ error: 'missing guild id' }, { status: 400 });
+      }
+
+      const { id: userID } = session.user as DiscordUser;
+      const guilds = session.guilds as GuildSlug[];
+
+      // Save a Discord API request by checking if this user is a member by session first
+      const checkGuild = guilds.find((guild) => guild.id === guildID);
+      if (!checkGuild) {
+        return fail();
+      }
+
+      const guild = await getGuild(guildID, {
+        skipCachePull: url.searchParams.has('__no_cache'), // TODO: rate limit this
+      });
+      if (!guild) {
+        return fail();
+      }
+
+      const memberP = getGuildMember({
+        serverID: guildID,
+        userID,
+      });
+
+      const guildDataP = getGuildData(guildID);
+
+      const [guildData, member] = await Promise.all([guildDataP, memberP]);
+      if (!member) {
+        return fail();
+      }
+
+      if (!memberPassesAccessControl(checkGuild, member, guildData.accessControl)) {
+        return accessControlViolation();
+      }
+
+      const presentableGuild: PresentableGuild = {
+        id: guildID,
+        guild: checkGuild,
+        roles: guild.roles,
+        member: {
+          roles: member.roles,
+        },
+        data: guildData,
+      };
+
+      return respond(presentableGuild);
+    }
+);
--- a/packages/api/old-src/handlers/get-session.ts
+++ b/packages/api/old-src/handlers/get-session.ts
@ -0,0 +1,13 @@
+import { SessionData } from '@roleypoly/types';
+import { respond } from '@roleypoly/worker-utils';
+import { withSession } from '../utils/api-tools';
+
+export const GetSession = withSession((session?: SessionData) => (): Response => {
+  const { user, guilds, sessionID } = session || {};
+
+  return respond({
+    user,
+    guilds,
+    sessionID,
+  });
+});
--- a/packages/api/old-src/handlers/get-slug.ts
+++ b/packages/api/old-src/handlers/get-slug.ts
@ -0,0 +1,40 @@
+import { GuildSlug } from '@roleypoly/types';
+import { respond } from '@roleypoly/worker-utils';
+import { getGuild } from '../utils/guild';
+
+export const GetSlug = async (request: Request): Promise<Response> => {
+  const reqURL = new URL(request.url);
+  const [, , serverID] = reqURL.pathname.split('/');
+
+  if (!serverID) {
+    return respond(
+      {
+        error: 'missing server ID',
+      },
+      {
+        status: 400,
+      }
+    );
+  }
+
+  const guild = await getGuild(serverID);
+  if (!guild) {
+    return respond(
+      {
+        error: 'guild not found',
+      },
+      {
+        status: 404,
+      }
+    );
+  }
+
+  const { id, name, icon } = guild;
+  const guildSlug: GuildSlug = {
+    id,
+    name,
+    icon,
+    permissionLevel: 0,
+  };
+  return respond(guildSlug);
+};
--- a/packages/api/old-src/handlers/interactions-pick-role.ts
+++ b/packages/api/old-src/handlers/interactions-pick-role.ts
@ -0,0 +1,104 @@
+import { CategoryType, Member, RoleSafety } from '@roleypoly/types';
+import { AuthType, discordFetch, respond } from '@roleypoly/worker-utils';
+import { difference, keyBy } from 'lodash';
+import { interactionsEndpoint } from '../utils/api-tools';
+import { botToken } from '../utils/config';
+import {
+  getGuild,
+  getGuildData,
+  getGuildMember,
+  updateGuildMember,
+} from '../utils/guild';
+import { conflict, invalid, notAuthenticated, notFound, ok } from '../utils/responses';
+
+export const InteractionsPickRole = interactionsEndpoint(
+  async (request: Request): Promise<Response> => {
+    const mode = request.method === 'PUT' ? 'add' : 'remove';
+    const reqURL = new URL(request.url);
+    const [, , guildID, userID, roleID] = reqURL.pathname.split('/');
+    if (!guildID || !userID || !roleID) {
+      return invalid();
+    }
+
+    const guildP = getGuild(guildID);
+    const guildDataP = getGuildData(guildID);
+    const guildMemberP = getGuildMember(
+      { serverID: guildID, userID },
+      { skipCachePull: true }
+    );
+
+    const [guild, guildData, guildMember] = await Promise.all([
+      guildP,
+      guildDataP,
+      guildMemberP,
+    ]);
+
+    if (!guild || !guildData || !guildMember) {
+      return notFound();
+    }
+
+    let memberRoles = guildMember.roles;
+
+    if (
+      (mode === 'add' && memberRoles.includes(roleID)) ||
+      (mode !== 'add' && !memberRoles.includes(roleID))
+    ) {
+      return conflict();
+    }
+
+    const roleMap = keyBy(guild.roles, 'id');
+
+    const category = guildData.categories.find((category) =>
+      category.roles.includes(roleID)
+    );
+    // No category? illegal.
+    if (!category) {
+      return notFound();
+    }
+
+    // Category is hidden, this is illegal
+    if (category.hidden) {
+      return notFound();
+    }
+
+    // Role is unsafe, super illegal.
+    if (roleMap[roleID].safety !== RoleSafety.Safe) {
+      return notAuthenticated();
+    }
+
+    // In add mode, if the category is a single-mode, remove the other roles in the category.
+    if (mode === 'add' && category.type === CategoryType.Single) {
+      memberRoles = difference(memberRoles, category.roles);
+    }
+
+    if (mode === 'add') {
+      memberRoles = [...memberRoles, roleID];
+    } else {
+      memberRoles = memberRoles.filter((id) => id !== roleID);
+    }
+
+    const patchMemberRoles = await discordFetch<Member>(
+      `/guilds/${guildID}/members/${userID}`,
+      botToken,
+      AuthType.Bot,
+      {
+        method: 'PATCH',
+        headers: {
+          'content-type': 'application/json',
+          'x-audit-log-reason': `Picked their roles via slash command`,
+        },
+        body: JSON.stringify({
+          roles: memberRoles,
+        }),
+      }
+    );
+
+    if (!patchMemberRoles) {
+      return respond({ error: 'discord rejected the request' }, { status: 500 });
+    }
+
+    await updateGuildMember({ serverID: guildID, userID });
+
+    return ok();
+  }
+);
--- a/packages/api/old-src/handlers/interactions-pickable-roles.ts
+++ b/packages/api/old-src/handlers/interactions-pickable-roles.ts
@ -0,0 +1,33 @@
+import { Category, CategorySlug } from '@roleypoly/types';
+import { respond } from '@roleypoly/worker-utils';
+import { interactionsEndpoint } from '../utils/api-tools';
+import { getGuildData } from '../utils/guild';
+import { notFound } from '../utils/responses';
+
+export const InteractionsPickableRoles = interactionsEndpoint(
+  async (request: Request): Promise<Response> => {
+    const reqURL = new URL(request.url);
+    const [, , serverID] = reqURL.pathname.split('/');
+
+    const guildData = await getGuildData(serverID);
+    if (!guildData) {
+      return notFound();
+    }
+
+    const roleMap: Record<Category['name'], CategorySlug> = {};
+
+    for (let category of guildData.categories) {
+      if (category.hidden) {
+        continue;
+      }
+
+      // TODO: role safety?
+      roleMap[category.name] = {
+        roles: category.roles,
+        type: category.type,
+      };
+    }
+
+    return respond(roleMap);
+  }
+);
--- a/packages/api/old-src/handlers/login-bounce.ts
+++ b/packages/api/old-src/handlers/login-bounce.ts
@ -0,0 +1,34 @@
+import { StateSession } from '@roleypoly/types';
+import { getQuery } from '@roleypoly/worker-utils';
+import { isAllowedCallbackHost, setupStateSession } from '../utils/api-tools';
+import { Bounce } from '../utils/bounce';
+import { apiPublicURI, botClientID } from '../utils/config';
+
+type URLParams = {
+  clientID: string;
+  redirectURI: string;
+  state: string;
+};
+
+const buildURL = (params: URLParams) =>
+  `https://discord.com/api/oauth2/authorize?client_id=${
+    params.clientID
+  }&response_type=code&scope=identify%20guilds&prompt=none&redirect_uri=${encodeURIComponent(
+    params.redirectURI
+  )}&state=${params.state}`;
+
+export const LoginBounce = async (request: Request): Promise<Response> => {
+  const stateSessionData: StateSession = {};
+
+  const { cbh: callbackHost } = getQuery(request);
+  if (callbackHost && isAllowedCallbackHost(callbackHost)) {
+    stateSessionData.callbackHost = callbackHost;
+  }
+
+  const state = await setupStateSession(stateSessionData);
+
+  const redirectURI = `${apiPublicURI}/login-callback`;
+  const clientID = botClientID;
+
+  return Bounce(buildURL({ state, redirectURI, clientID }));
+};
--- a/packages/api/old-src/handlers/login-callback.ts
+++ b/packages/api/old-src/handlers/login-callback.ts
@ -0,0 +1,160 @@
+import {
+  AuthTokenResponse,
+  DiscordUser,
+  GuildSlug,
+  SessionData,
+  StateSession,
+} from '@roleypoly/types';
+import {
+  AuthType,
+  discordAPIBase,
+  discordFetch,
+  userAgent,
+} from '@roleypoly/worker-utils';
+import KSUID from 'ksuid';
+import {
+  formData,
+  getStateSession,
+  isAllowedCallbackHost,
+  parsePermissions,
+  resolveFailures,
+} from '../utils/api-tools';
+import { Bounce } from '../utils/bounce';
+import { apiPublicURI, botClientID, botClientSecret, uiPublicURI } from '../utils/config';
+import { Sessions } from '../utils/kv';
+
+const AuthErrorResponse = (extra?: string) =>
+  Bounce(
+    uiPublicURI +
+      `/machinery/error?error_code=authFailure${extra ? `&extra=${extra}` : ''}`
+  );
+
+export const LoginCallback = resolveFailures(
+  AuthErrorResponse,
+  async (request: Request): Promise<Response> => {
+    let bounceBaseUrl = uiPublicURI;
+
+    const query = new URL(request.url).searchParams;
+    const stateValue = query.get('state');
+
+    if (stateValue === null) {
+      return AuthErrorResponse('state missing');
+    }
+
+    try {
+      const state = KSUID.parse(stateValue);
+      const stateExpiry = state.date.getTime() + 1000 * 60 * 5;
+      const currentTime = Date.now();
+
+      if (currentTime > stateExpiry) {
+        return AuthErrorResponse('state expired');
+      }
+
+      const stateSession = await getStateSession<StateSession>(state.string);
+      if (
+        stateSession?.callbackHost &&
+        isAllowedCallbackHost(stateSession.callbackHost)
+      ) {
+        bounceBaseUrl = stateSession.callbackHost;
+      }
+    } catch (e) {
+      return AuthErrorResponse('state invalid');
+    }
+
+    const code = query.get('code');
+    if (!code) {
+      return AuthErrorResponse('code missing');
+    }
+
+    const tokenRequest = {
+      client_id: botClientID,
+      client_secret: botClientSecret,
+      grant_type: 'authorization_code',
+      redirect_uri: apiPublicURI + '/login-callback',
+      scope: 'identify guilds',
+      code,
+    };
+
+    const tokenFetch = await fetch(discordAPIBase + '/oauth2/token', {
+      method: 'POST',
+      headers: {
+        'content-type': 'application/x-www-form-urlencoded',
+        'user-agent': userAgent,
+      },
+      body: formData(tokenRequest),
+    });
+
+    const tokens = (await tokenFetch.json()) as AuthTokenResponse;
+
+    if (!tokens.access_token) {
+      return AuthErrorResponse('token response invalid');
+    }
+
+    const [sessionID, user, guilds] = await Promise.all([
+      KSUID.random(),
+      getUser(tokens.access_token),
+      getGuilds(tokens.access_token),
+    ]);
+
+    if (!user) {
+      return AuthErrorResponse('failed to fetch user');
+    }
+
+    const sessionData: SessionData = {
+      tokens,
+      sessionID: sessionID.string,
+      user,
+      guilds,
+    };
+
+    await Sessions.put(sessionID.string, sessionData, 60 * 60 * 6);
+
+    return Bounce(bounceBaseUrl + 'machinery/new-session/' + sessionID.string);
+  }
+);
+
+const getUser = async (accessToken: string): Promise<DiscordUser | null> => {
+  const user = await discordFetch<DiscordUser>(
+    '/users/@me',
+    accessToken,
+    AuthType.Bearer
+  );
+
+  if (!user) {
+    return null;
+  }
+
+  const { id, username, discriminator, bot, avatar } = user;
+
+  return { id, username, discriminator, bot, avatar };
+};
+
+type UserGuildsPayload = {
+  id: string;
+  name: string;
+  icon: string;
+  owner: boolean;
+  permissions: number;
+  features: string[];
+}[];
+
+const getGuilds = async (accessToken: string) => {
+  const guilds = await discordFetch<UserGuildsPayload>(
+    '/users/@me/guilds',
+    accessToken,
+    AuthType.Bearer
+  );
+
+  if (!guilds) {
+    return [];
+  }
+
+  const guildSlugs = guilds.map<GuildSlug>((guild) => ({
+    id: guild.id,
+    name: guild.name,
+    icon: guild.icon,
+    permissionLevel: parsePermissions(BigInt(guild.permissions), guild.owner),
+  }));
+
+  return guildSlugs;
+};
--- a/packages/api/old-src/handlers/revoke-session.ts
+++ b/packages/api/old-src/handlers/revoke-session.ts
@ -0,0 +1,28 @@
+import { SessionData } from '@roleypoly/types';
+import { discordAPIBase, respond, userAgent } from '@roleypoly/worker-utils';
+import { formData, withSession } from '../utils/api-tools';
+import { botClientID, botClientSecret } from '../utils/config';
+import { Sessions } from '../utils/kv';
+
+export const RevokeSession = withSession(
+  (session: SessionData) => async (request: Request) => {
+    const tokenRequest = {
+      token: session.tokens.access_token,
+      client_id: botClientID,
+      client_secret: botClientSecret,
+    };
+
+    await fetch(discordAPIBase + '/oauth2/token/revoke', {
+      method: 'POST',
+      headers: {
+        'content-type': 'application/x-www-form-urlencoded',
+        'user-agent': userAgent,
+      },
+      body: formData(tokenRequest),
+    });
+
+    await Sessions.delete(session.sessionID);
+
+    return respond({ ok: true });
+  }
+);
--- a/packages/api/old-src/handlers/sync-from-legacy.ts
+++ b/packages/api/old-src/handlers/sync-from-legacy.ts
@ -0,0 +1,23 @@
+import { asEditor, GuildRateLimiterKey } from '../utils/guild';
+import { fetchLegacyServer, transformLegacyGuild } from '../utils/import-from-legacy';
+import { GuildData } from '../utils/kv';
+import { notFound, ok } from '../utils/responses';
+
+export const SyncFromLegacy = asEditor(
+  {
+    rateLimitKey: GuildRateLimiterKey.legacyImport,
+    rateLimitTimeoutSeconds: 60 * 20,
+  },
+  (session, { guildID }) =>
+    async (request: Request): Promise<Response> => {
+      const legacyGuild = await fetchLegacyServer(guildID);
+      if (!legacyGuild) {
+        return notFound();
+      }
+
+      const newGuildData = transformLegacyGuild(legacyGuild);
+      await GuildData.put(guildID, newGuildData);
+
+      return ok();
+    }
+);
--- a/packages/api/old-src/handlers/update-guild.ts
+++ b/packages/api/old-src/handlers/update-guild.ts
@ -0,0 +1,51 @@
+import { sendAuditLog, validateAuditLogWebhook } from '@roleypoly/api/utils/audit-log';
+import { GuildDataUpdate, WebhookValidationStatus } from '@roleypoly/types';
+import { asEditor, getGuildData } from '../utils/guild';
+import { GuildData } from '../utils/kv';
+import { invalid, ok } from '../utils/responses';
+
+export const UpdateGuild = asEditor(
+  {},
+  (session, { guildID, guild }) =>
+    async (request: Request): Promise<Response> => {
+      const guildUpdate = (await request.json()) as GuildDataUpdate;
+
+      const oldGuildData = await getGuildData(guildID);
+      const newGuildData = {
+        ...oldGuildData,
+        ...guildUpdate,
+      };
+
+      if (oldGuildData.auditLogWebhook !== newGuildData.auditLogWebhook) {
+        try {
+          const validationStatus = await validateAuditLogWebhook(
+            guild,
+            newGuildData.auditLogWebhook
+          );
+
+          if (validationStatus !== WebhookValidationStatus.Ok) {
+            if (validationStatus === WebhookValidationStatus.NoneSet) {
+              newGuildData.auditLogWebhook = null;
+            } else {
+              return invalid({
+                what: 'webhookValidationStatus',
+                webhookValidationStatus: validationStatus,
+              });
+            }
+          }
+        } catch (e) {
+          invalid();
+        }
+      }
+
+      await GuildData.put(guildID, newGuildData);
+
+      try {
+        await sendAuditLog(oldGuildData, guildUpdate, session.user);
+      } catch (e) {
+        // Catching errors here because this isn't a critical task, and could simply fail due to operator error.
+      }
+
+      return ok();
+    }
+);
--- a/packages/api/old-src/handlers/update-roles.ts
+++ b/packages/api/old-src/handlers/update-roles.ts
@ -0,0 +1,142 @@
+import {
+  GuildData,
+  Member,
+  Role,
+  RoleSafety,
+  RoleTransaction,
+  RoleUpdate,
+  SessionData,
+  TransactionType,
+} from '@roleypoly/types';
+import { AuthType, discordFetch, respond } from '@roleypoly/worker-utils';
+import { difference, groupBy, keyBy, union } from 'lodash';
+import { withSession } from '../utils/api-tools';
+import { botToken, uiPublicURI } from '../utils/config';
+import {
+  getGuild,
+  getGuildData,
+  getGuildMember,
+  updateGuildMember,
+} from '../utils/guild';
+
+const notFound = () => respond({ error: 'guild not found' }, { status: 404 });
+
+export const UpdateRoles = withSession(
+  ({ guilds, user: { id: userID, username, discriminator } }: SessionData) =>
+    async (request: Request) => {
+      const updateRequest = (await request.json()) as RoleUpdate;
+      const url = new URL(request.url);
+      const [, , guildID] = url.pathname.split('/');
+
+      if (!guildID) {
+        return respond({ error: 'guild ID missing from URL' }, { status: 400 });
+      }
+
+      if (updateRequest.transactions.length === 0) {
+        return respond({ error: 'must have as least one transaction' }, { status: 400 });
+      }
+
+      const guildCheck = guilds.find((guild) => guild.id === guildID);
+      if (!guildCheck) {
+        return notFound();
+      }
+
+      const guild = await getGuild(guildID);
+      if (!guild) {
+        return notFound();
+      }
+
+      const guildMember = await getGuildMember(
+        { serverID: guildID, userID },
+        { skipCachePull: true }
+      );
+      if (!guildMember) {
+        return notFound();
+      }
+
+      const guildData = await getGuildData(guildID);
+
+      const newRoles = calculateNewRoles({
+        currentRoles: guildMember.roles,
+        guildRoles: guild.roles,
+        guildData,
+        updateRequest,
+      });
+
+      const patchMemberRoles = await discordFetch<Member>(
+        `/guilds/${guildID}/members/${userID}`,
+        botToken,
+        AuthType.Bot,
+        {
+          method: 'PATCH',
+          headers: {
+            'content-type': 'application/json',
+            'x-audit-log-reason': `Picked their roles via ${uiPublicURI}`,
+          },
+          body: JSON.stringify({
+            roles: newRoles,
+          }),
+        }
+      );
+
+      if (!patchMemberRoles) {
+        return respond({ error: 'discord rejected the request' }, { status: 500 });
+      }
+
+      const updatedMember: Member = {
+        roles: patchMemberRoles.roles,
+      };
+
+      // Delete the cache by re-pulling... might be dangerous :)
+      await updateGuildMember({ serverID: guildID, userID });
+
+      return respond(updatedMember);
+    }
+);
+
+const calculateNewRoles = ({
+  currentRoles,
+  guildData,
+  guildRoles,
+  updateRequest,
+}: {
+  currentRoles: string[];
+  guildRoles: Role[];
+  guildData: GuildData;
+  updateRequest: RoleUpdate;
+}): string[] => {
+  const roleMap = keyBy(guildRoles, 'id');
+
+  // These roles were ones changed between knownState (role picker page load/cache) and current (fresh from discord).
+  // We could cause issues, so we'll re-add them later.
+  // const diffRoles = difference(updateRequest.knownState, currentRoles);
+
+  // Only these are safe
+  const allSafeRoles = guildData.categories.reduce<string[]>(
+    (categorizedRoles, category) =>
+      !category.hidden
+        ? [
+            ...categorizedRoles,
+            ...category.roles.filter(
+              (roleID) => roleMap[roleID]?.safety === RoleSafety.Safe
+            ),
+          ]
+        : categorizedRoles,
+    []
+  );
+
+  const safeTransactions = updateRequest.transactions.filter((tx: RoleTransaction) =>
+    allSafeRoles.includes(tx.id)
+  );
+
+  const changesByAction = groupBy(safeTransactions, 'action');
+
+  const rolesToAdd = (changesByAction[TransactionType.Add] ?? []).map((tx) => tx.id);
+  const rolesToRemove = (changesByAction[TransactionType.Remove] ?? []).map(
+    (tx) => tx.id
+  );
+
+  const final = union(difference(currentRoles, rolesToRemove), rolesToAdd);
+
+  return final;
+};