feat: add /pickable-roles and /pick-role basis

packages/api/utils/api-tools.ts

@@ -1,3 +1,4 @@
+import { notAuthenticated } from '@roleypoly/api/utils/responses';
 import {
   evaluatePermission,
   permissions as Permissions,
@@ -5,7 +6,12 @@ import {
 import { SessionData, UserGuildPermissions } from '@roleypoly/types';
 import { Handler, WrappedKVNamespace } from '@roleypoly/worker-utils';
 import KSUID from 'ksuid';
-import { allowedCallbackHosts, apiPublicURI, rootUsers } from './config';
+import {
+  allowedCallbackHosts,
+  apiPublicURI,
+  interactionsSharedKey,
+  rootUsers,
+} from './config';
 import { Sessions } from './kv';
 
 export const formData = (obj: Record<string, any>): string => {
@@ -157,3 +163,14 @@ export const isAllowedCallbackHost = (host: string): boolean => {
       null
   );
 };
+
+export const interactionsEndpoint =
+  (handler: Handler): Handler =>
+  async (request: Request): Promise<Response> => {
+    const authHeader = request.headers.get('authorization') || '';
+    if (authHeader !== `Shared ${interactionsSharedKey}`) {
+      return notAuthenticated();
+    }
+
+    return handler(request);
+  };

packages/api/utils/audit-log.ts

@@ -2,6 +2,7 @@ import { uiPublicURI } from '@roleypoly/api/utils/config';
 import {
   Category,
   DiscordUser,
+  Embed,
   GuildData,
   GuildDataUpdate,
   GuildSlug,
@@ -11,25 +12,10 @@ import { userAgent } from '@roleypoly/worker-utils';
 import deepEqual from 'deep-equal';
 import { sortBy, uniq } from 'lodash';
 
-type WebhookEmbed = {
-  fields: {
-    name: string;
-    value: string;
-    inline: boolean;
-  }[];
-  timestamp: string;
-  title: string;
-  color: number;
-  author?: {
-    name: string;
-    icon_url: string;
-  };
-};
-
 type WebhookPayload = {
   username: string;
   avatar_url: string;
-  embeds: WebhookEmbed[];
+  embeds: Embed[];
   provider: {
     name: string;
     url: string;
@@ -39,7 +25,7 @@ type WebhookPayload = {
 type ChangeHandler = (
   oldValue: GuildDataUpdate[keyof GuildDataUpdate],
   newValue: GuildData[keyof GuildDataUpdate]
-) => WebhookEmbed[];
+) => Embed[];
 
 const changeHandlers: Record<keyof GuildDataUpdate, ChangeHandler> = {
   message: (oldValue, newValue) => [

packages/api/utils/config.ts

@@ -13,3 +13,4 @@ export const apiPublicURI = safeURI(env('API_PUBLIC_URI'));
 export const rootUsers = list(env('ROOT_USERS'));
 export const allowedCallbackHosts = list(env('ALLOWED_CALLBACK_HOSTS'));
 export const importSharedKey = env('BOT_IMPORT_TOKEN');
+export const interactionsSharedKey = env('INTERACTIONS_SHARED_KEY');

packages/api/utils/responses.ts

@@ -20,3 +20,6 @@ export const rateLimited = () =>
 
 export const invalid = (obj: any = {}) =>
   respond({ err: 'client sent something invalid', data: obj }, { status: 400 });
+
+export const notAuthenticated = () =>
+  respond({ err: 'not authenticated' }, { status: 403 });