api/controllers/AuthController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import { User } from "@prisma/client";
import bcrypt from "bcrypt";
import jwt from "jsonwebtoken";
import { request as undiciRequest } from "undici";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { Validate } from "../../decorators/Validate";
import { safeUserFetch } from "../../utils/fetch";
import Controller from "../Controller";
import Request from "../Request";
import Response from "../Response";

export default class AuthController extends Controller {
    private async genToken(user: User) {
        if (!user.token || (user.token && user.tokenExpiresAt && user.tokenExpiresAt.getTime() <= Date.now())) {
            user.token = jwt.sign(
                {
                    userId: user.id,
                    random: Math.round(Math.random() * 2000)
                },
                process.env.JWT_SECRET!,
                {
                    expiresIn: "2 days",
                    issuer: process.env.JWT_ISSUER ?? "SudoBot",
                    subject: "Temporary API token for authenticated user"
                }
            );

            user.tokenExpiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 2);

            await this.client.prisma.user.updateMany({
                where: {
                    id: user.id
                },
                data: {
                    token: user.token,
                    tokenExpiresAt: user.tokenExpiresAt
                }
            });
        }
    }

    @Action("POST", "/auth/login")
    @Validate(
        z.object({
            username: z.string(),
            password: z.string()
        })
    )
    public async login(request: Request) {
        const { username, password } = request.parsedBody ?? {};

        const user = await this.client.prisma.user.findFirst({
            where: {
                username: username.trim()
            }
        });

        if (!user || !bcrypt.compareSync(password.trim(), user.password)) {
            return new Response({
                status: 403,
                body: {
                    error: "Invalid login credentials"
                }
            });
        }

        await this.genToken(user);

        const guilds = [];
        const discordUser = await safeUserFetch(this.client, user.discordId);

        for (const id of user.guilds) {
            const guild = this.client.guilds.cache.get(id);

            if (guild) {
                guilds.push({
                    id: guild.id,
                    name: guild.name,
                    iconURL: guild.iconURL() ?? undefined
                });
            }
        }

        return {
            message: "Login successful",
            user: {
                id: user.id,
                avatarURL: discordUser?.displayAvatarURL(),
                username: user.username,
                name: user.name,
                discordId: user.discordId,
                guilds,
                token: user.token,
                tokenExpiresAt: user.tokenExpiresAt,
                createdAt: user.createdAt
            }
        };
    }

    @Action("POST", "/auth/discord")
    @Validate(
        z.object({
            code: z.string()
        })
    )
    async discord(request: Request) {
        const { parsedBody } = request;

        try {
            const tokenResponseData = await undiciRequest("https://discord.com/api/oauth2/token", {
                method: "POST",
                body: new URLSearchParams({
                    client_id: process.env.CLIENT_ID!,
                    client_secret: process.env.CLIENT_SECRET!,
                    code: parsedBody.code,
                    grant_type: "authorization_code",
                    redirect_uri: `${process.env.DISCORD_OAUTH2_REDIRECT_URI}`,
                    scope: "identify"
                }).toString(),
                headers: {
                    "Content-Type": "application/x-www-form-urlencoded"
                }
            });

            const oauthData = <any>await tokenResponseData.body.json();
            console.log(oauthData);

            if (oauthData?.error) {
                throw new Error(`${oauthData?.error}: ${oauthData?.error_description}`);
            }

            const userResponse = await undiciRequest("https://discord.com/api/users/@me", {
                headers: {
                    authorization: `${oauthData.token_type} ${oauthData.access_token}`
                }
            });

            const userData = <any>await userResponse.body.json();

            if (userData?.error) {
                throw new Error(`${userData?.error}: ${userData?.error_description}`);
            }

            console.log(userData);

            const avatarURL = `https://cdn.discordapp.com/avatars/${encodeURIComponent(userData.id)}/${encodeURIComponent(
                userData.avatar
            )}.${userData.avatar.startsWith("a_") ? "gif" : "webp"}?size=512`;

            const user = await this.client.prisma.user.findFirst({
                where: {
                    discordId: userData.id
                }
            });

            if (!user) {
                return new Response({ status: 400, body: "Access denied, no such user found" });
            }

            await this.genToken(user);

            const guilds = [];

            for (const id of user.guilds) {
                const guild = this.client.guilds.cache.get(id);

                if (guild) {
                    guilds.push({
                        id: guild.id,
                        name: guild.name,
                        iconURL: guild.iconURL() ?? undefined
                    });
                }
            }

            return {
                message: "Login successful",
                user: {
                    id: user.id,
                    avatarURL,
                    username: user.username,
                    name: user.name,
                    discordId: user.discordId,
                    guilds,
                    token: user.token,
                    tokenExpiresAt: user.tokenExpiresAt,
                    createdAt: user.createdAt
                }
            };
        } catch (error) {
            console.error(error);
            return new Response({ status: 400, body: "Invalid oauth2 grant code" });
        }
    }
}
1	/**
2	* This file is part of SudoBot.
3	*
4	* Copyright (C) 2021-2023 OSN Developers.
5	*
6	* SudoBot is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU Affero General Public License as published by
8	* the Free Software Foundation, either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* SudoBot is distributed in the hope that it will be useful, but
12	* WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU Affero General Public License for more details.
15	*
16	* You should have received a copy of the GNU Affero General Public License
17	* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18	*/
19
20	import { User } from "@prisma/client";
21	import bcrypt from "bcrypt";
22	import jwt from "jsonwebtoken";
23	import { request as undiciRequest } from "undici";
24	import { z } from "zod";
25	import { Action } from "../../decorators/Action";
26	import { Validate } from "../../decorators/Validate";
27	import { safeUserFetch } from "../../utils/fetch";
28	import Controller from "../Controller";
29	import Request from "../Request";
30	import Response from "../Response";
31
32	export default class AuthController extends Controller {
33	private async genToken(user: User) {
34	if (!user.token \|\| (user.token && user.tokenExpiresAt && user.tokenExpiresAt.getTime() <= Date.now())) {
35	user.token = jwt.sign(
36	{
37	userId: user.id,
38	random: Math.round(Math.random() * 2000)
39	},
40	process.env.JWT_SECRET!,
41	{
42	expiresIn: "2 days",
43	issuer: process.env.JWT_ISSUER ?? "SudoBot",
44	subject: "Temporary API token for authenticated user"
45	}
46	);
47
48	user.tokenExpiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 2);
49
50	await this.client.prisma.user.updateMany({
51	where: {
52	id: user.id
53	},
54	data: {
55	token: user.token,
56	tokenExpiresAt: user.tokenExpiresAt
57	}
58	});
59	}
60	}
61
62	@Action("POST", "/auth/login")
63	@Validate(
64	z.object({
65	username: z.string(),
66	password: z.string()
67	})
68	)
69	public async login(request: Request) {
70	const { username, password } = request.parsedBody ?? {};
71
72	const user = await this.client.prisma.user.findFirst({
73	where: {
74	username: username.trim()
75	}
76	});
77
78	if (!user \|\| !bcrypt.compareSync(password.trim(), user.password)) {
79	return new Response({
80	status: 403,
81	body: {
82	error: "Invalid login credentials"
83	}
84	});
85	}
86
87	await this.genToken(user);
88
89	const guilds = [];
90	const discordUser = await safeUserFetch(this.client, user.discordId);
91
92	for (const id of user.guilds) {
93	const guild = this.client.guilds.cache.get(id);
94
95	if (guild) {
96	guilds.push({
97	id: guild.id,
98	name: guild.name,
99	iconURL: guild.iconURL() ?? undefined
100	});
101	}
102	}
103
104	return {
105	message: "Login successful",
106	user: {
107	id: user.id,
108	avatarURL: discordUser?.displayAvatarURL(),
109	username: user.username,
110	name: user.name,
111	discordId: user.discordId,
112	guilds,
113	token: user.token,
114	tokenExpiresAt: user.tokenExpiresAt,
115	createdAt: user.createdAt
116	}
117	};
118	}
119
120	@Action("POST", "/auth/discord")
121	@Validate(
122	z.object({
123	code: z.string()
124	})
125	)
126	async discord(request: Request) {
127	const { parsedBody } = request;
128
129	try {
130	const tokenResponseData = await undiciRequest("https://discord.com/api/oauth2/token", {
131	method: "POST",
132	body: new URLSearchParams({
133	client_id: process.env.CLIENT_ID!,
134	client_secret: process.env.CLIENT_SECRET!,
135	code: parsedBody.code,
136	grant_type: "authorization_code",
137	redirect_uri: `${process.env.DISCORD_OAUTH2_REDIRECT_URI}`,
138	scope: "identify"
139	}).toString(),
140	headers: {
141	"Content-Type": "application/x-www-form-urlencoded"
142	}
143	});
144
145	const oauthData = <any>await tokenResponseData.body.json();
146	console.log(oauthData);
147
148	if (oauthData?.error) {
149	throw new Error(`${oauthData?.error}: ${oauthData?.error_description}`);
150	}
151
152	const userResponse = await undiciRequest("https://discord.com/api/users/@me", {
153	headers: {
154	authorization: `${oauthData.token_type} ${oauthData.access_token}`
155	}
156	});
157
158	const userData = <any>await userResponse.body.json();
159
160	if (userData?.error) {
161	throw new Error(`${userData?.error}: ${userData?.error_description}`);
162	}
163
164	console.log(userData);
165
166	const avatarURL = `https://cdn.discordapp.com/avatars/${encodeURIComponent(userData.id)}/${encodeURIComponent(
167	userData.avatar
168	)}.${userData.avatar.startsWith("a_") ? "gif" : "webp"}?size=512`;
169
170	const user = await this.client.prisma.user.findFirst({
171	where: {
172	discordId: userData.id
173	}
174	});
175
176	if (!user) {
177	return new Response({ status: 400, body: "Access denied, no such user found" });
178	}
179
180	await this.genToken(user);
181
182	const guilds = [];
183
184	for (const id of user.guilds) {
185	const guild = this.client.guilds.cache.get(id);
186
187	if (guild) {
188	guilds.push({
189	id: guild.id,
190	name: guild.name,
191	iconURL: guild.iconURL() ?? undefined
192	});
193	}
194	}
195
196	return {
197	message: "Login successful",
198	user: {
199	id: user.id,
200	avatarURL,
201	username: user.username,
202	name: user.name,
203	discordId: user.discordId,
204	guilds,
205	token: user.token,
206	tokenExpiresAt: user.tokenExpiresAt,
207	createdAt: user.createdAt
208	}
209	};
210	} catch (error) {
211	console.error(error);
212	return new Response({ status: 400, body: "Invalid oauth2 grant code" });
213	}
214	}
215	}