api/controllers/AuthController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import { User } from "@prisma/client";
import bcrypt from "bcrypt";
import { add } from "date-fns";
import { ActionRowBuilder, ButtonBuilder, ButtonStyle, EmbedBuilder, escapeMarkdown } from "discord.js";
import jwt from "jsonwebtoken";
import { randomInt } from "node:crypto";
import { request as undiciRequest } from "undici";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { Validate } from "../../decorators/Validate";
import { safeUserFetch } from "../../utils/fetch";
import { logError } from "../../utils/logger";
import Controller from "../Controller";
import Request from "../Request";
import Response from "../Response";

export default class AuthController extends Controller {
    private async genToken(user: User) {
        if (!user.token || (user.token && user.tokenExpiresAt && user.tokenExpiresAt.getTime() <= Date.now())) {
            user.token = jwt.sign(
                {
                    userId: user.id,
                    random: Math.round(Math.random() * 2000)
                },
                process.env.JWT_SECRET!,
                {
                    expiresIn: "2 days",
                    issuer: process.env.JWT_ISSUER ?? "SudoBot",
                    subject: "Temporary API token for authenticated user"
                }
            );

            user.tokenExpiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 2);

            await this.client.prisma.user.updateMany({
                where: {
                    id: user.id
                },
                data: {
                    token: user.token,
                    tokenExpiresAt: user.tokenExpiresAt
                }
            });
        }
    }

    @Action("POST", "/auth/recovery_token")
    @Validate(
        z.object({
            username: z.string(),
            code: z.number()
        })
    )
    public async recoveryToken(request: Request) {
        const { username, code } = request.parsedBody ?? {};

        const user = await this.client.prisma.user.findFirst({
            where: {
                username: username.trim(),
                recoveryCode: code.toString().trim()
            }
        });

        if (!user) {
            return new Response({
                status: 403,
                body: {
                    error: "Invalid username or code provided"
                }
            });
        }

        try {
            jwt.verify(user.recoveryToken!, process.env.JWT_SECRET!, {
                issuer: process.env.JWT_ISSUER ?? "SudoBot",
                subject: "Temporary recovery token",
                complete: true
            });
        } catch (e) {
            logError(e);

            return new Response({
                status: 403,
                body: {
                    error: "Invalid username or code provided"
                }
            });
        }

        if ((user.recoveryTokenExpiresAt?.getTime() ?? Date.now()) <= Date.now()) {
            return new Response({
                status: 400,
                body: {
                    error: "This account recovery request has expired"
                }
            });
        }

        await this.client.prisma.user.updateMany({
            where: {
                id: user.id
            },
            data: {
                recoveryCode: null
            }
        });

        return { success: true, token: user.recoveryToken };
    }

    @Action("POST", "/auth/reset")
    @Validate(
        z.object({
            username: z.string(),
            token: z.string(),
            new_password: z.string()
        })
    )
    public async reset(request: Request) {
        const { username, token, new_password } = request.parsedBody ?? {};

        const user = await this.client.prisma.user.findFirst({
            where: {
                username: username.trim(),
                recoveryToken: token.trim()
            }
        });

        if (!user) {
            return new Response({
                status: 403,
                body: {
                    error: "Invalid username or token provided"
                }
            });
        }

        try {
            jwt.verify(user.recoveryToken!, process.env.JWT_SECRET!, {
                issuer: process.env.JWT_ISSUER ?? "SudoBot",
                subject: "Temporary recovery token",
                complete: true
            });
        } catch (e) {
            logError(e);

            return new Response({
                status: 403,
                body: {
                    error: "Invalid username or token provided"
                }
            });
        }

        if ((user.recoveryTokenExpiresAt?.getTime() ?? Date.now()) <= Date.now()) {
            return new Response({
                status: 400,
                body: {
                    error: "This account recovery request has expired"
                }
            });
        }

        await this.client.prisma.user.updateMany({
            where: {
                id: user.id
            },
            data: {
                recoveryAttempts: 0,
                recoveryToken: null,
                recoveryTokenExpiresAt: null,
                password: bcrypt.hashSync(new_password, bcrypt.genSaltSync(10)),
                token: null,
                tokenExpiresAt: null,
                recoveryCode: null
            }
        });

        const discordUser = await safeUserFetch(this.client, user.discordId);

        await discordUser
            ?.send({
                embeds: [
                    new EmbedBuilder({
                        author: {
                            name: "Account Successfully Recovered",
                            icon_url: this.client.user?.displayAvatarURL()
                        },
                        color: 0x007bff,
                        description: `Hey ${escapeMarkdown(
                            discordUser.username
                        )},\n\nYour SudoBot Account was recovered and the password was reset. You've been automatically logged out everywhere you were logged in before.\n\nCheers,\nSudoBot Developers`,
                        footer: {
                            text: "Recovery succeeded"
                        }
                    }).setTimestamp()
                ],
                components: [
                    new ActionRowBuilder<ButtonBuilder>().addComponents(
                        new ButtonBuilder()
                            .setStyle(ButtonStyle.Link)
                            .setLabel("Log into your account")
                            .setURL(`${process.env.FRONTEND_URL}/login`)
                    )
                ]
            })
            .catch(logError);

        return {
            success: true,
            message: "Successfully completed account recovery"
        };
    }

    @Action("POST", "/auth/recovery")
    @Validate(
        z.object({
            username: z.string()
        })
    )
    public async recovery(request: Request) {
        const { username } = request.parsedBody ?? {};

        const user = await this.client.prisma.user.findFirst({
            where: {
                username: username.trim()
            }
        });

        if (!user) {
            return new Response({
                status: 403,
                body: {
                    error: "Invalid username provided"
                }
            });
        }

        if (
            user.recoveryToken &&
            user.recoveryTokenExpiresAt &&
            user.recoveryTokenExpiresAt.getTime() > Date.now() &&
            user.recoveryAttempts >= 2
        ) {
            return new Response({
                status: 429,
                body: {
                    error: "This account is already awaiting for recovery"
                }
            });
        }

        const recoveryToken = jwt.sign(
            {
                type: "pwdreset",
                userId: user.id
            },
            process.env.JWT_SECRET!,
            {
                expiresIn: "2 days",
                issuer: process.env.JWT_ISSUER ?? "SudoBot",
                subject: "Temporary recovery token"
            }
        );

        const recoveryTokenExpiresAt = add(new Date(), {
            days: 2
        });

        const recoveryCode = randomInt(10000, 99999).toString();

        await this.client.prisma.user.updateMany({
            where: {
                id: user.id
            },
            data: {
                recoveryAttempts: {
                    increment: 1
                },
                recoveryToken,
                recoveryTokenExpiresAt,
                recoveryCode
            }
        });

        const discordUser = await safeUserFetch(this.client, user.discordId);

        await discordUser
            ?.send({
                embeds: [
                    new EmbedBuilder({
                        author: {
                            name: "Account Recovery Request",
                            icon_url: this.client.user?.displayAvatarURL()
                        },
                        color: 0x007bff,
                        description: `Hey ${escapeMarkdown(
                            discordUser.username
                        )},\n\nWe've received a recovery request for your SudoBot Account. Your recovery code is:\n\n# ${recoveryCode}\n\nAlternatively, click the button at the bottom to reset your account's password.\nIf you haven't requested this, feel free to ignore this DM.\n\nCheers,\nSudoBot Developers`,
                        footer: {
                            text: "This account recovery request will be valid for the next 48 hours"
                        }
                    }).setTimestamp()
                ],
                components: [
                    new ActionRowBuilder<ButtonBuilder>().addComponents(
                        new ButtonBuilder()
                            .setStyle(ButtonStyle.Link)
                            .setLabel("Reset your password")
                            .setURL(
                                `${process.env.FRONTEND_URL}/account/reset?u=${encodeURIComponent(
                                    user.username
                                )}&t=${encodeURIComponent(recoveryToken)}`
                            )
                    )
                ]
            })
            .catch(logError);

        return {
            success: true,
            message: "Successfully initiated account recovery"
        };
    }

    @Action("POST", "/auth/login")
    @Validate(
        z.object({
            username: z.string(),
            password: z.string()
        })
    )
    public async login(request: Request) {
        const { username, password } = request.parsedBody ?? {};

        const user = await this.client.prisma.user.findFirst({
            where: {
                username: username.trim()
            }
        });

        if (!user || !bcrypt.compareSync(password.trim(), user.password)) {
            return new Response({
                status: 403,
                body: {
                    error: "Invalid login credentials"
                }
            });
        }

        await this.genToken(user);

        const guilds = [];
        const discordUser = await safeUserFetch(this.client, user.discordId);

        for (const id of user.guilds) {
            const guild = this.client.guilds.cache.get(id);

            if (guild) {
                guilds.push({
                    id: guild.id,
                    name: guild.name,
                    iconURL: guild.iconURL() ?? undefined
                });
            }
        }

        return {
            message: "Login successful",
            user: {
                id: user.id,
                avatarURL: discordUser?.displayAvatarURL(),
                username: user.username,
                name: user.name,
                discordId: user.discordId,
                guilds,
                token: user.token,
                tokenExpiresAt: user.tokenExpiresAt,
                createdAt: user.createdAt
            }
        };
    }

    @Action("POST", "/auth/discord")
    @Validate(
        z.object({
            code: z.string()
        })
    )
    async discord(request: Request) {
        const { parsedBody } = request;

        try {
            const tokenResponseData = await undiciRequest("https://discord.com/api/oauth2/token", {
                method: "POST",
                body: new URLSearchParams({
                    client_id: process.env.CLIENT_ID!,
                    client_secret: process.env.CLIENT_SECRET!,
                    code: parsedBody.code,
                    grant_type: "authorization_code",
                    redirect_uri: `${process.env.DISCORD_OAUTH2_REDIRECT_URI}`,
                    scope: "identify"
                }).toString(),
                headers: {
                    "Content-Type": "application/x-www-form-urlencoded"
                }
            });

            const oauthData = <any>await tokenResponseData.body.json();
            console.log(oauthData);

            if (oauthData?.error) {
                throw new Error(`${oauthData?.error}: ${oauthData?.error_description}`);
            }

            const userResponse = await undiciRequest("https://discord.com/api/users/@me", {
                headers: {
                    authorization: `${oauthData.token_type} ${oauthData.access_token}`
                }
            });

            const userData = <any>await userResponse.body.json();

            if (userData?.error) {
                throw new Error(`${userData?.error}: ${userData?.error_description}`);
            }

            console.log(userData);

            const avatarURL = `https://cdn.discordapp.com/avatars/${encodeURIComponent(userData.id)}/${encodeURIComponent(
                userData.avatar
            )}.${userData.avatar.startsWith("a_") ? "gif" : "webp"}?size=512`;

            const user = await this.client.prisma.user.findFirst({
                where: {
                    discordId: userData.id
                }
            });

            if (!user) {
                return new Response({ status: 400, body: "Access denied, no such user found" });
            }

            await this.genToken(user);

            const guilds = [];

            for (const id of user.guilds) {
                const guild = this.client.guilds.cache.get(id);

                if (guild) {
                    guilds.push({
                        id: guild.id,
                        name: guild.name,
                        iconURL: guild.iconURL() ?? undefined
                    });
                }
            }

            return {
                message: "Login successful",
                user: {
                    id: user.id,
                    avatarURL,
                    username: user.username,
                    name: user.name,
                    discordId: user.discordId,
                    guilds,
                    token: user.token,
                    tokenExpiresAt: user.tokenExpiresAt,
                    createdAt: user.createdAt
                }
            };
        } catch (error) {
            console.error(error);
            return new Response({ status: 400, body: "Invalid oauth2 grant code" });
        }
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import { User } from "@prisma/client";
21			import bcrypt from "bcrypt";
22			import { add } from "date-fns";
23			import { ActionRowBuilder, ButtonBuilder, ButtonStyle, EmbedBuilder, escapeMarkdown } from "discord.js";
24			import jwt from "jsonwebtoken";
25			import { randomInt } from "node:crypto";
26			import { request as undiciRequest } from "undici";
27			import { z } from "zod";
28			import { Action } from "../../decorators/Action";
29			import { Validate } from "../../decorators/Validate";
30			import { safeUserFetch } from "../../utils/fetch";
31			import { logError } from "../../utils/logger";
32			import Controller from "../Controller";
33			import Request from "../Request";
34			import Response from "../Response";
35
36			export default class AuthController extends Controller {
37			private async genToken(user: User) {
38			if (!user.token \|\| (user.token && user.tokenExpiresAt && user.tokenExpiresAt.getTime() <= Date.now())) {
39			user.token = jwt.sign(
40			{
41			userId: user.id,
42			random: Math.round(Math.random() * 2000)
43			},
44			process.env.JWT_SECRET!,
45			{
46			expiresIn: "2 days",
47			issuer: process.env.JWT_ISSUER ?? "SudoBot",
48			subject: "Temporary API token for authenticated user"
49			}
50			);
51
52			user.tokenExpiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 2);
53
54			await this.client.prisma.user.updateMany({
55			where: {
56			id: user.id
57			},
58			data: {
59			token: user.token,
60			tokenExpiresAt: user.tokenExpiresAt
61			}
62			});
63			}
64			}
65
66			@Action("POST", "/auth/recovery_token")
67			@Validate(
68			z.object({
69			username: z.string(),
70			code: z.number()
71			})
72			)
73			public async recoveryToken(request: Request) {
74			const { username, code } = request.parsedBody ?? {};
75
76			const user = await this.client.prisma.user.findFirst({
77			where: {
78			username: username.trim(),
79			recoveryCode: code.toString().trim()
80			}
81			});
82
83			if (!user) {
84			return new Response({
85			status: 403,
86			body: {
87			error: "Invalid username or code provided"
88			}
89			});
90			}
91
92			try {
93			jwt.verify(user.recoveryToken!, process.env.JWT_SECRET!, {
94			issuer: process.env.JWT_ISSUER ?? "SudoBot",
95			subject: "Temporary recovery token",
96			complete: true
97			});
98			} catch (e) {
99			logError(e);
100
101			return new Response({
102			status: 403,
103			body: {
104			error: "Invalid username or code provided"
105			}
106			});
107			}
108
109			if ((user.recoveryTokenExpiresAt?.getTime() ?? Date.now()) <= Date.now()) {
110			return new Response({
111			status: 400,
112			body: {
113			error: "This account recovery request has expired"
114			}
115			});
116			}
117
118			await this.client.prisma.user.updateMany({
119			where: {
120			id: user.id
121			},
122			data: {
123			recoveryCode: null
124			}
125			});
126
127			return { success: true, token: user.recoveryToken };
128			}
129
130			@Action("POST", "/auth/reset")
131			@Validate(
132			z.object({
133			username: z.string(),
134			token: z.string(),
135			new_password: z.string()
136			})
137			)
138			public async reset(request: Request) {
139			const { username, token, new_password } = request.parsedBody ?? {};
140
141			const user = await this.client.prisma.user.findFirst({
142			where: {
143			username: username.trim(),
144			recoveryToken: token.trim()
145			}
146			});
147
148			if (!user) {
149			return new Response({
150			status: 403,
151			body: {
152			error: "Invalid username or token provided"
153			}
154			});
155			}
156
157			try {
158			jwt.verify(user.recoveryToken!, process.env.JWT_SECRET!, {
159			issuer: process.env.JWT_ISSUER ?? "SudoBot",
160			subject: "Temporary recovery token",
161			complete: true
162			});
163			} catch (e) {
164			logError(e);
165
166			return new Response({
167			status: 403,
168			body: {
169			error: "Invalid username or token provided"
170			}
171			});
172			}
173
174			if ((user.recoveryTokenExpiresAt?.getTime() ?? Date.now()) <= Date.now()) {
175			return new Response({
176			status: 400,
177			body: {
178			error: "This account recovery request has expired"
179			}
180			});
181			}
182
183			await this.client.prisma.user.updateMany({
184			where: {
185			id: user.id
186			},
187			data: {
188			recoveryAttempts: 0,
189			recoveryToken: null,
190			recoveryTokenExpiresAt: null,
191			password: bcrypt.hashSync(new_password, bcrypt.genSaltSync(10)),
192			token: null,
193			tokenExpiresAt: null,
194			recoveryCode: null
195			}
196			});
197
198			const discordUser = await safeUserFetch(this.client, user.discordId);
199
200			await discordUser
201			?.send({
202			embeds: [
203			new EmbedBuilder({
204			author: {
205			name: "Account Successfully Recovered",
206			icon_url: this.client.user?.displayAvatarURL()
207			},
208			color: 0x007bff,
209			description: `Hey ${escapeMarkdown(
210			discordUser.username
211			)},\n\nYour SudoBot Account was recovered and the password was reset. You've been automatically logged out everywhere you were logged in before.\n\nCheers,\nSudoBot Developers`,
212			footer: {
213			text: "Recovery succeeded"
214			}
215			}).setTimestamp()
216			],
217			components: [
218			new ActionRowBuilder<ButtonBuilder>().addComponents(
219			new ButtonBuilder()
220			.setStyle(ButtonStyle.Link)
221			.setLabel("Log into your account")
222			.setURL(`${process.env.FRONTEND_URL}/login`)
223			)
224			]
225			})
226			.catch(logError);
227
228			return {
229			success: true,
230			message: "Successfully completed account recovery"
231			};
232			}
233
234			@Action("POST", "/auth/recovery")
235			@Validate(
236			z.object({
237			username: z.string()
238			})
239			)
240			public async recovery(request: Request) {
241			const { username } = request.parsedBody ?? {};
242
243			const user = await this.client.prisma.user.findFirst({
244			where: {
245			username: username.trim()
246			}
247			});
248
249			if (!user) {
250			return new Response({
251			status: 403,
252			body: {
253			error: "Invalid username provided"
254			}
255			});
256			}
257
258			if (
259			user.recoveryToken &&
260			user.recoveryTokenExpiresAt &&
261			user.recoveryTokenExpiresAt.getTime() > Date.now() &&
262			user.recoveryAttempts >= 2
263			) {
264			return new Response({
265			status: 429,
266			body: {
267			error: "This account is already awaiting for recovery"
268			}
269			});
270			}
271
272			const recoveryToken = jwt.sign(
273			{
274			type: "pwdreset",
275			userId: user.id
276			},
277			process.env.JWT_SECRET!,
278			{
279			expiresIn: "2 days",
280			issuer: process.env.JWT_ISSUER ?? "SudoBot",
281			subject: "Temporary recovery token"
282			}
283			);
284
285			const recoveryTokenExpiresAt = add(new Date(), {
286			days: 2
287			});
288
289			const recoveryCode = randomInt(10000, 99999).toString();
290
291			await this.client.prisma.user.updateMany({
292			where: {
293			id: user.id
294			},
295			data: {
296			recoveryAttempts: {
297			increment: 1
298			},
299			recoveryToken,
300			recoveryTokenExpiresAt,
301			recoveryCode
302			}
303			});
304
305			const discordUser = await safeUserFetch(this.client, user.discordId);
306
307			await discordUser
308			?.send({
309			embeds: [
310			new EmbedBuilder({
311			author: {
312			name: "Account Recovery Request",
313			icon_url: this.client.user?.displayAvatarURL()
314			},
315			color: 0x007bff,
316			description: `Hey ${escapeMarkdown(
317			discordUser.username
318			)},\n\nWe've received a recovery request for your SudoBot Account. Your recovery code is:\n\n# ${recoveryCode}\n\nAlternatively, click the button at the bottom to reset your account's password.\nIf you haven't requested this, feel free to ignore this DM.\n\nCheers,\nSudoBot Developers`,
319			footer: {
320			text: "This account recovery request will be valid for the next 48 hours"
321			}
322			}).setTimestamp()
323			],
324			components: [
325			new ActionRowBuilder<ButtonBuilder>().addComponents(
326			new ButtonBuilder()
327			.setStyle(ButtonStyle.Link)
328			.setLabel("Reset your password")
329			.setURL(
330			`${process.env.FRONTEND_URL}/account/reset?u=${encodeURIComponent(
331			user.username
332			)}&t=${encodeURIComponent(recoveryToken)}`
333			)
334			)
335			]
336			})
337			.catch(logError);
338
339			return {
340			success: true,
341			message: "Successfully initiated account recovery"
342			};
343			}
344
345			@Action("POST", "/auth/login")
346			@Validate(
347			z.object({
348			username: z.string(),
349			password: z.string()
350			})
351			)
352			public async login(request: Request) {
353			const { username, password } = request.parsedBody ?? {};
354
355			const user = await this.client.prisma.user.findFirst({
356			where: {
357			username: username.trim()
358			}
359			});
360
361			if (!user \|\| !bcrypt.compareSync(password.trim(), user.password)) {
362			return new Response({
363			status: 403,
364			body: {
365			error: "Invalid login credentials"
366			}
367			});
368			}
369
370			await this.genToken(user);
371
372			const guilds = [];
373			const discordUser = await safeUserFetch(this.client, user.discordId);
374
375			for (const id of user.guilds) {
376			const guild = this.client.guilds.cache.get(id);
377
378			if (guild) {
379			guilds.push({
380			id: guild.id,
381			name: guild.name,
382			iconURL: guild.iconURL() ?? undefined
383			});
384			}
385			}
386
387			return {
388			message: "Login successful",
389			user: {
390			id: user.id,
391			avatarURL: discordUser?.displayAvatarURL(),
392			username: user.username,
393			name: user.name,
394			discordId: user.discordId,
395			guilds,
396			token: user.token,
397			tokenExpiresAt: user.tokenExpiresAt,
398			createdAt: user.createdAt
399			}
400			};
401			}
402
403			@Action("POST", "/auth/discord")
404			@Validate(
405			z.object({
406			code: z.string()
407			})
408			)
409			async discord(request: Request) {
410			const { parsedBody } = request;
411
412			try {
413			const tokenResponseData = await undiciRequest("https://discord.com/api/oauth2/token", {
414			method: "POST",
415			body: new URLSearchParams({
416			client_id: process.env.CLIENT_ID!,
417			client_secret: process.env.CLIENT_SECRET!,
418			code: parsedBody.code,
419			grant_type: "authorization_code",
420			redirect_uri: `${process.env.DISCORD_OAUTH2_REDIRECT_URI}`,
421			scope: "identify"
422			}).toString(),
423			headers: {
424			"Content-Type": "application/x-www-form-urlencoded"
425			}
426			});
427
428			const oauthData = <any>await tokenResponseData.body.json();
429			console.log(oauthData);
430
431			if (oauthData?.error) {
432			throw new Error(`${oauthData?.error}: ${oauthData?.error_description}`);
433			}
434
435			const userResponse = await undiciRequest("https://discord.com/api/users/@me", {
436			headers: {
437			authorization: `${oauthData.token_type} ${oauthData.access_token}`
438			}
439			});
440
441			const userData = <any>await userResponse.body.json();
442
443			if (userData?.error) {
444			throw new Error(`${userData?.error}: ${userData?.error_description}`);
445			}
446
447			console.log(userData);
448
449			const avatarURL = `https://cdn.discordapp.com/avatars/${encodeURIComponent(userData.id)}/${encodeURIComponent(
450			userData.avatar
451			)}.${userData.avatar.startsWith("a_") ? "gif" : "webp"}?size=512`;
452
453			const user = await this.client.prisma.user.findFirst({
454			where: {
455			discordId: userData.id
456			}
457			});
458
459			if (!user) {
460			return new Response({ status: 400, body: "Access denied, no such user found" });
461			}
462
463			await this.genToken(user);
464
465			const guilds = [];
466
467			for (const id of user.guilds) {
468			const guild = this.client.guilds.cache.get(id);
469
470			if (guild) {
471			guilds.push({
472			id: guild.id,
473			name: guild.name,
474			iconURL: guild.iconURL() ?? undefined
475			});
476			}
477			}
478
479			return {
480			message: "Login successful",
481			user: {
482			id: user.id,
483			avatarURL,
484			username: user.username,
485			name: user.name,
486			discordId: user.discordId,
487			guilds,
488			token: user.token,
489			tokenExpiresAt: user.tokenExpiresAt,
490			createdAt: user.createdAt
491			}
492			};
493			} catch (error) {
494			console.error(error);
495			return new Response({ status: 400, body: "Invalid oauth2 grant code" });
496			}
497			}
498			}