api/controllers/AuthController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import { User } from "@prisma/client";
import bcrypt from "bcrypt";
import jwt from "jsonwebtoken";
import { request as undiciRequest } from "undici";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { Validate } from "../../decorators/Validate";
import { safeUserFetch } from "../../utils/fetch";
import Controller from "../Controller";
import Request from "../Request";
import Response from "../Response";

export default class AuthController extends Controller {
    private async genToken(user: User) {
        if (!user.token || (user.token && user.tokenExpiresAt && user.tokenExpiresAt.getTime() <= Date.now())) {
            user.token = jwt.sign(
                {
                    userId: user.id,
                    random: Math.round(Math.random() * 2000)
                },
                process.env.JWT_SECRET!,
                {
                    expiresIn: "2 days",
                    issuer: process.env.JWT_ISSUER ?? "SudoBot",
                    subject: "Temporary API token for authenticated user"
                }
            );

            user.tokenExpiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 2);

            await this.client.prisma.user.updateMany({
                where: {
                    id: user.id
                },
                data: {
                    token: user.token,
                    tokenExpiresAt: user.tokenExpiresAt
                }
            });
        }
    }

    @Action("POST", "/auth/login")
    @Validate(
        z.object({
            username: z.string(),
            password: z.string()
        })
    )
    public async login(request: Request) {
        const { username, password } = request.parsedBody ?? {};

        const user = await this.client.prisma.user.findFirst({
            where: {
                username: username.trim()
            }
        });

        if (!user || !bcrypt.compareSync(password.trim(), user.password)) {
            return new Response({
                status: 403,
                body: {
                    error: "Invalid login credentials"
                }
            });
        }

        await this.genToken(user);

        const guilds = [];
        const discordUser = await safeUserFetch(this.client, user.discordId);

        for (const id of user.guilds) {
            const guild = this.client.guilds.cache.get(id);

            if (guild) {
                guilds.push({
                    id: guild.id,
                    name: guild.name,
                    iconURL: guild.iconURL() ?? undefined
                });
            }
        }

        return {
            message: "Login successful",
            user: {
                id: user.id,
                avatarURL: discordUser?.displayAvatarURL(),
                username: user.username,
                name: user.name,
                discordId: user.discordId,
                guilds,
                token: user.token,
                tokenExpiresAt: user.tokenExpiresAt,
                createdAt: user.createdAt
            }
        };
    }

    @Action("POST", "/auth/discord")
    @Validate(
        z.object({
            code: z.string()
        })
    )
    async discord(request: Request) {
        const { parsedBody } = request;

        try {
            const tokenResponseData = await undiciRequest("https://discord.com/api/oauth2/token", {
                method: "POST",
                body: new URLSearchParams({
                    client_id: process.env.CLIENT_ID!,
                    client_secret: process.env.CLIENT_SECRET!,
                    code: parsedBody.code,
                    grant_type: "authorization_code",
                    redirect_uri: `${process.env.DISCORD_OAUTH2_REDIRECT_URI}`,
                    scope: "identify"
                }).toString(),
                headers: {
                    "Content-Type": "application/x-www-form-urlencoded"
                }
            });

            const oauthData = <any>await tokenResponseData.body.json();
            console.log(oauthData);

            if (oauthData?.error) {
                throw new Error(`${oauthData?.error}: ${oauthData?.error_description}`);
            }

            const userResponse = await undiciRequest("https://discord.com/api/users/@me", {
                headers: {
                    authorization: `${oauthData.token_type} ${oauthData.access_token}`
                }
            });

            const userData = <any>await userResponse.body.json();

            if (userData?.error) {
                throw new Error(`${userData?.error}: ${userData?.error_description}`);
            }

            console.log(userData);

            const avatarURL = `https://cdn.discordapp.com/avatars/${encodeURIComponent(userData.id)}/${encodeURIComponent(
                userData.avatar
            )}.${userData.avatar.startsWith("a_") ? "gif" : "webp"}?size=512`;

            const user = await this.client.prisma.user.findFirst({
                where: {
                    discordId: userData.id
                }
            });

            if (!user) {
                return new Response({ status: 400, body: "Access denied, no such user found" });
            }

            await this.genToken(user);

            const guilds = [];

            for (const id of user.guilds) {
                const guild = this.client.guilds.cache.get(id);

                if (guild) {
                    guilds.push({
                        id: guild.id,
                        name: guild.name,
                        iconURL: guild.iconURL() ?? undefined
                    });
                }
            }

            return {
                message: "Login successful",
                user: {
                    id: user.id,
                    avatarURL,
                    username: user.username,
                    name: user.name,
                    discordId: user.discordId,
                    guilds,
                    token: user.token,
                    tokenExpiresAt: user.tokenExpiresAt,
                    createdAt: user.createdAt
                }
            };
        } catch (error) {
            console.error(error);
            return new Response({ status: 400, body: "Invalid oauth2 grant code" });
        }
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import { User } from "@prisma/client";
21			import bcrypt from "bcrypt";
22			import jwt from "jsonwebtoken";
23			import { request as undiciRequest } from "undici";
24			import { z } from "zod";
25			import { Action } from "../../decorators/Action";
26			import { Validate } from "../../decorators/Validate";
27			import { safeUserFetch } from "../../utils/fetch";
28			import Controller from "../Controller";
29			import Request from "../Request";
30			import Response from "../Response";
31
32			export default class AuthController extends Controller {
33			private async genToken(user: User) {
34			if (!user.token \|\| (user.token && user.tokenExpiresAt && user.tokenExpiresAt.getTime() <= Date.now())) {
35			user.token = jwt.sign(
36			{
37			userId: user.id,
38			random: Math.round(Math.random() * 2000)
39			},
40			process.env.JWT_SECRET!,
41			{
42			expiresIn: "2 days",
43			issuer: process.env.JWT_ISSUER ?? "SudoBot",
44			subject: "Temporary API token for authenticated user"
45			}
46			);
47
48			user.tokenExpiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 2);
49
50			await this.client.prisma.user.updateMany({
51			where: {
52			id: user.id
53			},
54			data: {
55			token: user.token,
56			tokenExpiresAt: user.tokenExpiresAt
57			}
58			});
59			}
60			}
61
62			@Action("POST", "/auth/login")
63			@Validate(
64			z.object({
65			username: z.string(),
66			password: z.string()
67			})
68			)
69			public async login(request: Request) {
70			const { username, password } = request.parsedBody ?? {};
71
72			const user = await this.client.prisma.user.findFirst({
73			where: {
74			username: username.trim()
75			}
76			});
77
78			if (!user \|\| !bcrypt.compareSync(password.trim(), user.password)) {
79			return new Response({
80			status: 403,
81			body: {
82			error: "Invalid login credentials"
83			}
84			});
85			}
86
87			await this.genToken(user);
88
89			const guilds = [];
90			const discordUser = await safeUserFetch(this.client, user.discordId);
91
92			for (const id of user.guilds) {
93			const guild = this.client.guilds.cache.get(id);
94
95			if (guild) {
96			guilds.push({
97			id: guild.id,
98			name: guild.name,
99			iconURL: guild.iconURL() ?? undefined
100			});
101			}
102			}
103
104			return {
105			message: "Login successful",
106			user: {
107			id: user.id,
108			avatarURL: discordUser?.displayAvatarURL(),
109			username: user.username,
110			name: user.name,
111			discordId: user.discordId,
112			guilds,
113			token: user.token,
114			tokenExpiresAt: user.tokenExpiresAt,
115			createdAt: user.createdAt
116			}
117			};
118			}
119
120			@Action("POST", "/auth/discord")
121			@Validate(
122			z.object({
123			code: z.string()
124			})
125			)
126			async discord(request: Request) {
127			const { parsedBody } = request;
128
129			try {
130			const tokenResponseData = await undiciRequest("https://discord.com/api/oauth2/token", {
131			method: "POST",
132			body: new URLSearchParams({
133			client_id: process.env.CLIENT_ID!,
134			client_secret: process.env.CLIENT_SECRET!,
135			code: parsedBody.code,
136			grant_type: "authorization_code",
137			redirect_uri: `${process.env.DISCORD_OAUTH2_REDIRECT_URI}`,
138			scope: "identify"
139			}).toString(),
140			headers: {
141			"Content-Type": "application/x-www-form-urlencoded"
142			}
143			});
144
145			const oauthData = <any>await tokenResponseData.body.json();
146			console.log(oauthData);
147
148			if (oauthData?.error) {
149			throw new Error(`${oauthData?.error}: ${oauthData?.error_description}`);
150			}
151
152			const userResponse = await undiciRequest("https://discord.com/api/users/@me", {
153			headers: {
154			authorization: `${oauthData.token_type} ${oauthData.access_token}`
155			}
156			});
157
158			const userData = <any>await userResponse.body.json();
159
160			if (userData?.error) {
161			throw new Error(`${userData?.error}: ${userData?.error_description}`);
162			}
163
164			console.log(userData);
165
166			const avatarURL = `https://cdn.discordapp.com/avatars/${encodeURIComponent(userData.id)}/${encodeURIComponent(
167			userData.avatar
168			)}.${userData.avatar.startsWith("a_") ? "gif" : "webp"}?size=512`;
169
170			const user = await this.client.prisma.user.findFirst({
171			where: {
172			discordId: userData.id
173			}
174			});
175
176			if (!user) {
177			return new Response({ status: 400, body: "Access denied, no such user found" });
178			}
179
180			await this.genToken(user);
181
182			const guilds = [];
183
184			for (const id of user.guilds) {
185			const guild = this.client.guilds.cache.get(id);
186
187			if (guild) {
188			guilds.push({
189			id: guild.id,
190			name: guild.name,
191			iconURL: guild.iconURL() ?? undefined
192			});
193			}
194			}
195
196			return {
197			message: "Login successful",
198			user: {
199			id: user.id,
200			avatarURL,
201			username: user.username,
202			name: user.name,
203			discordId: user.discordId,
204			guilds,
205			token: user.token,
206			tokenExpiresAt: user.tokenExpiresAt,
207			createdAt: user.createdAt
208			}
209			};
210			} catch (error) {
211			console.error(error);
212			return new Response({ status: 400, body: "Invalid oauth2 grant code" });
213			}
214			}
215			}