Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OAuth2 authorize bot flow

Browse Source
This commit is contained in:
Madeline 2022-12-24 18:55:14 +11:00
parent 35938556fe
commit a02f929d34
5 changed files with 744 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
assets/preload-plugins/oauth2.js Normal file
View File

@ -0,0 +1,9 @@
// Fixes /oauth2 endpoints not requesting a CSS file
if (location.pathname.startsWith("/oauth2/")) {
const link = document.createElement("link");
link.rel = "stylesheet"
link.type = "text/css"
link.href = "/assets/40532.f7b1e10347ef10e790ac.css"
document.head.appendChild(link)
}

580
assets/schemas.json
View File

@ -26795,6 +26795,586 @@
},
"$schema": "http://json-schema.org/draft-07/schema#"
},
"ApplicationAuthorizeSchema": {
"type": "object",
"properties": {
"authorize": {
"type": "boolean"
},
"guild_id": {
"type": "string"
},
"permissions": {
"type": "string"
},
"captcha_key": {
"type": "string"
},
"code": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"authorize",
"guild_id",
"permissions"
],
"definitions": {
"ChannelPermissionOverwriteType": {
"enum": [
0,
1,
2
],
"type": "number"
},
"Embed": {
"type": "object",
"properties": {
"title": {
"type": "string"
},
"type": {
"enum": [
"article",
"gifv",
"image",
"link",
"rich",
"video"
],
"type": "string"
},
"description": {
"type": "string"
},
"url": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"color": {
"type": "integer"
},
"footer": {
"type": "object",
"properties": {
"text": {
"type": "string"
},
"icon_url": {
"type": "string"
},
"proxy_icon_url": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"text"
]
},
"image": {
"$ref": "#/definitions/EmbedImage"
},
"thumbnail": {
"$ref": "#/definitions/EmbedImage"
},
"video": {
"$ref": "#/definitions/EmbedImage"
},
"provider": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"url": {
"type": "string"
}
},
"additionalProperties": false
},
"author": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"url": {
"type": "string"
},
"icon_url": {
"type": "string"
},
"proxy_icon_url": {
"type": "string"
}
},
"additionalProperties": false
},
"fields": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
},
"inline": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"name",
"value"
]
}
}
},
"additionalProperties": false
},
"EmbedImage": {
"type": "object",
"properties": {
"url": {
"type": "string"
},
"proxy_url": {
"type": "string"
},
"height": {
"type": "integer"
},
"width": {
"type": "integer"
}
},
"additionalProperties": false
},
"ChannelModifySchema": {
"type": "object",
"properties": {
"name": {
"maxLength": 100,
"type": "string"
},
"type": {
"enum": [
0,
1,
10,
11,
12,
13,
14,
15,
2,
255,
3,
33,
34,
35,
4,
5,
6,
64,
7,
8,
9
],
"type": "number"
},
"topic": {
"type": "string"
},
"icon": {
"type": [
"null",
"string"
]
},
"bitrate": {
"type": "integer"
},
"user_limit": {
"type": "integer"
},
"rate_limit_per_user": {
"type": "integer"
},
"position": {
"type": "integer"
},
"permission_overwrites": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"type": {
"$ref": "#/definitions/ChannelPermissionOverwriteType"
},
"allow": {
"type": "string"
},
"deny": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"allow",
"deny",
"id",
"type"
]
}
},
"parent_id": {
"type": "string"
},
"id": {
"type": "string"
},
"nsfw": {
"type": "boolean"
},
"rtc_region": {
"type": "string"
},
"default_auto_archive_duration": {
"type": "integer"
},
"default_reaction_emoji": {
"type": [
"null",
"string"
]
},
"flags": {
"type": "integer"
},
"default_thread_rate_limit_per_user": {
"type": "integer"
},
"video_quality_mode": {
"type": "integer"
}
},
"additionalProperties": false
},
"ActivitySchema": {
"type": "object",
"properties": {
"afk": {
"type": "boolean"
},
"status": {
"$ref": "#/definitions/Status"
},
"activities": {
"type": "array",
"items": {
"$ref": "#/definitions/Activity"
}
},
"since": {
"type": "integer"
}
},
"additionalProperties": false,
"required": [
"status"
]
},
"Status": {
"enum": [
"dnd",
"idle",
"invisible",
"offline",
"online"
],
"type": "string"
},
"Activity": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"type": {
"$ref": "#/definitions/ActivityType"
},
"url": {
"type": "string"
},
"created_at": {
"type": "integer"
},
"timestamps": {
"type": "object",
"properties": {
"start": {
"type": "integer"
},
"end": {
"type": "integer"
}
},
"additionalProperties": false,
"required": [
"end",
"start"
]
},
"application_id": {
"type": "string"
},
"details": {
"type": "string"
},
"state": {
"type": "string"
},
"emoji": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"id": {
"type": "string"
},
"animated": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"animated",
"name"
]
},
"party": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"size": {
"type": "array",
"items": [
{
"type": "integer"
}
],
"minItems": 1,
"maxItems": 1
}
},
"additionalProperties": false
},
"assets": {
"type": "object",
"properties": {
"large_image": {
"type": "string"
},
"large_text": {
"type": "string"
},
"small_image": {
"type": "string"
},
"small_text": {
"type": "string"
}
},
"additionalProperties": false
},
"secrets": {
"type": "object",
"properties": {
"join": {
"type": "string"
},
"spectate": {
"type": "string"
},
"match": {
"type": "string"
}
},
"additionalProperties": false
},
"instance": {
"type": "boolean"
},
"flags": {
"type": "string"
},
"id": {
"type": "string"
},
"sync_id": {
"type": "string"
},
"metadata": {
"type": "object",
"properties": {
"context_uri": {
"type": "string"
},
"album_id": {
"type": "string"
},
"artist_ids": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"album_id",
"artist_ids"
]
},
"session_id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"flags",
"name",
"session_id",
"type"
]
},
"ActivityType": {
"enum": [
0,
1,
2,
4,
5
],
"type": "number"
},
"Record<string,[number,number][]>": {
"type": "object",
"additionalProperties": false
},
"CustomStatus": {
"type": "object",
"properties": {
"emoji_id": {
"type": "string"
},
"emoji_name": {
"type": "string"
},
"expires_at": {
"type": "integer"
},
"text": {
"type": "string"
}
},
"additionalProperties": false
},
"FriendSourceFlags": {
"type": "object",
"properties": {
"all": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"all"
]
},
"GuildFolder": {
"type": "object",
"properties": {
"color": {
"type": "integer"
},
"guild_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"id": {
"type": "integer"
},
"name": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"color",
"guild_ids",
"id",
"name"
]
},
"Partial<ChannelOverride>": {
"type": "object",
"properties": {
"message_notifications": {
"type": "integer"
},
"mute_config": {
"$ref": "#/definitions/MuteConfig"
},
"muted": {
"type": "boolean"
},
"channel_id": {
"type": [
"null",
"string"
]
}
},
"additionalProperties": false
},
"MuteConfig": {
"type": "object",
"properties": {
"end_time": {
"type": "integer"
},
"selected_time_window": {
"type": "integer"
}
},
"additionalProperties": false,
"required": [
"end_time",
"selected_time_window"
]
}
},
"$schema": "http://json-schema.org/draft-07/schema#"
},
"ActivitySchema": {
"$ref": "#/definitions/ActivitySchema",
"definitions": {

146
src/api/routes/oauth2/authorize.ts Normal file
View File

@ -0,0 +1,146 @@
import { Router, Request, Response } from "express";
import { route } from "@fosscord/api";
import { ApiError, Application, ApplicationAuthorizeSchema, getPermission, DiscordApiErrors, Member, Permissions, User, getRights, Rights, MemberPrivateProjection } from "@fosscord/util";
const router = Router();
// TODO: scopes, other oauth types
router.get("/", route({}), async (req: Request, res: Response) => {
const {
client_id,
scope,
response_type,
redirect_url,
} = req.query;
const app = await Application.findOne({
where: {
id: client_id as string,
},
relations: ["bot"],
});
// TODO: use DiscordApiErrors
// findOneOrFail throws code 404
if (!app) throw DiscordApiErrors.UNKNOWN_APPLICATION;
if (!app.bot) throw DiscordApiErrors.OAUTH2_APPLICATION_BOT_ABSENT;
const bot = app.bot;
delete app.bot;
const user = await User.findOneOrFail({
where: {
id: req.user_id,
bot: false,
},
select: ["id", "username", "avatar", "discriminator", "public_flags"]
});
const guilds = await Member.find({
where: {
user: {
id: req.user_id,
},
},
relations: ["guild", "roles"],
//@ts-ignore
select: ["guild.id", "guild.name", "guild.icon", "guild.mfa_level", "guild.owner_id", "roles.id"]
});
const guildsWithPermissions = guilds.map(x => {
const perms = x.guild.owner_id === user.id
? new Permissions(Permissions.FLAGS.ADMINISTRATOR)
: Permissions.finalPermission({
user: {
id: user.id,
roles: x.roles?.map(x => x.id) || [],
},
guild: {
roles: x?.roles || [],
}
});
return {
id: x.guild.id,
name: x.guild.name,
icon: x.guild.icon,
mfa_level: x.guild.mfa_level,
permissions: perms.bitfield.toString(),
};
});
return res.json({
guilds: guildsWithPermissions,
user: {
id: user.id,
username: user.username,
avatar: user.avatar,
avatar_decoration: null, // TODO
discriminator: user.discriminator,
public_flags: user.public_flags,
},
application: {
id: app.id,
name: app.name,
icon: app.icon,
description: app.description,
summary: app.summary,
type: app.type,
hook: app.hook,
guild_id: null, // TODO support guilds
bot_public: app.bot_public,
bot_require_code_grant: app.bot_require_code_grant,
verify_key: app.verify_key,
flags: app.flags,
},
bot: {
id: bot.id,
username: bot.username,
avatar: bot.avatar,
avatar_decoration: null, // TODO
discriminator: bot.discriminator,
public_flags: bot.public_flags,
bot: true,
approximated_guild_count: 0, // TODO
},
authorized: false,
});
});
router.post("/", route({ body: "ApplicationAuthorizeSchema" }), async (req: Request, res: Response) => {
const body = req.body as ApplicationAuthorizeSchema;
const {
client_id,
scope,
response_type,
redirect_url
} = req.query;
// TODO: captcha verification
// TODO: MFA verification
const perms = await getPermission(req.user_id, body.guild_id, undefined, { member_relations: ["user"] });
// getPermission cache won't exist if we're owner
if (Object.keys(perms.cache || {}).length > 0 && perms.cache.member!.user.bot) throw DiscordApiErrors.UNAUTHORIZED;
perms.hasThrow("MANAGE_GUILD");
const app = await Application.findOne({
where: {
id: client_id as string,
},
relations: ["bot"],
});
// TODO: use DiscordApiErrors
// findOneOrFail throws code 404
if (!app) throw new ApiError("Unknown Application", 10002, 404);
if (!app.bot) throw new ApiError("OAuth2 application does not have a bot", 50010, 400);
await Member.addToGuild(app.id, body.guild_id);
return res.json({
location: "/oauth2/authorized", // redirect URL
});
});
export default router;

7
src/util/schemas/ApplicationAuthorizeSchema.ts Normal file
View File

@ -0,0 +1,7 @@
export interface ApplicationAuthorizeSchema {
authorize: boolean;
guild_id: string;
permissions: string;
captcha_key?: string;
code?: string; // 2fa code
}

1
src/util/schemas/index.ts
View File

@ -59,3 +59,4 @@ export * from "./UserSettingsSchema";
export * from "./BotModifySchema";
export * from "./ApplicationModifySchema";
export * from "./ApplicationCreateSchema";
export * from "./ApplicationAuthorizeSchema";