+6 -47

api/v1/admin/admin.go

reviewed

··· 100 100 return 101 101 } 102 102 103 103 - // let's get an oauth token! 104 104 - req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/oauth2/token", discord.API_ENDPOINT), 105 105 - strings.NewReader(url.Values{ 106 106 - "client_id": {discord.CLIENT_ID}, 107 107 - "client_secret": {discord.CLIENT_SECRET}, 108 108 - "grant_type": {"authorization_code"}, 109 109 - "code": {code}, 110 110 - "redirect_uri": {discord.MY_REDIRECT_URI}, 111 111 - }.Encode())) 112 112 - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") 113 113 - 114 114 - res, err := http.DefaultClient.Do(req) 103 103 + auth_token, err := discord.GetOAuthTokenFromCode(code) 115 104 if err != nil { 116 116 - fmt.Printf("Failed to retrieve OAuth token: %s\n", err) 105 105 + fmt.Printf("Failed to retrieve discord access token: %s\n", err) 117 106 w.WriteHeader(500) 118 107 w.Write([]byte("Internal server error")) 119 108 return 120 109 } 121 110 122 122 - oauth := discord.AccessTokenResponse{} 123 123 - 124 124 - err = json.NewDecoder(res.Body).Decode(&oauth) 111 111 + discord_user, err := discord.GetDiscordUserFromAuth(auth_token) 125 112 if err != nil { 126 126 - fmt.Printf("Failed to parse OAuth response data from discord: %s\n", err) 113 113 + fmt.Printf("Failed to retrieve discord user information: %s\n", err) 127 114 w.WriteHeader(500) 128 115 w.Write([]byte("Internal server error")) 129 116 return 130 117 } 131 131 - res.Body.Close() 132 132 - 133 133 - discord_access_token := oauth.AccessToken 134 118 135 135 - // let's get authorisation information! 136 136 - req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/oauth2/@me", discord.API_ENDPOINT), nil) 137 137 - req.Header.Add("Authorization", "Bearer " + discord_access_token) 138 138 - 139 139 - res, err = http.DefaultClient.Do(req) 140 140 - if err != nil { 141 141 - fmt.Printf("Failed to retrieve discord auth information: %s\n", err) 142 142 - w.WriteHeader(500) 143 143 - w.Write([]byte("Internal server error")) 144 144 - return 145 145 - } 146 146 - 147 147 - auth_info := discord.AuthInfoResponse{} 148 148 - 149 149 - err = json.NewDecoder(res.Body).Decode(&auth_info) 150 150 - if err != nil { 151 151 - fmt.Printf("Failed to parse auth information from discord: %s\n", err) 152 152 - w.WriteHeader(500) 153 153 - w.Write([]byte("Internal server error")) 154 154 - return 155 155 - } 156 156 - res.Body.Close() 157 157 - 158 158 - discord_user_id := auth_info.User.Id 159 159 - 160 160 - if discord_user_id != ADMIN_ID_DISCORD { 119 119 + if discord_user.Id != ADMIN_ID_DISCORD { 161 120 // TODO: unauthorized user. revoke the token 162 121 w.WriteHeader(401) 163 122 w.Write([]byte("Unauthorized")) ··· 165 124 } 166 125 167 126 // login success! 168 168 - session := CreateSession(auth_info.User.Username) 127 127 + session := CreateSession(discord_user.Username) 169 128 sessions = append(sessions, &session) 170 129 171 130 cookie := http.Cookie{}

+81 -20

discord/discord.go

reviewed

··· 1 1 package discord 2 2 3 3 + import ( 4 4 + "encoding/json" 5 5 + "errors" 6 6 + "fmt" 7 7 + "net/http" 8 8 + "net/url" 9 9 + "strings" 10 10 + ) 11 11 + 3 12 const API_ENDPOINT = "https://discord.com/api/v10" 4 13 const CLIENT_ID = "1268013769578119208" 14 14 + 5 15 // TODO: good GOD change this later please i beg you. we've already broken 6 16 // the rules by doing this at all 7 17 const CLIENT_SECRET = "JUEZnixhN7BxmLIHmbECiKETMP85VT0E" 8 18 const REDIRECT_URI = "https://discord.com/oauth2/authorize?client_id=1268013769578119208&response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fapi%2Fv1%2Fadmin%2Flogin&scope=identify" 19 19 + 9 20 // TODO: change before prod 10 21 const MY_REDIRECT_URI = "http://127.0.0.1:8080/api/v1/admin/login" 11 22 12 23 type ( 13 24 AccessTokenResponse struct { 14 14 - TokenType string `json:"token_type"` 15 15 - AccessToken string `json:"access_token"` 16 16 - ExpiresIn int `json:"expires_in"` 25 25 + TokenType string `json:"token_type"` 26 26 + AccessToken string `json:"access_token"` 27 27 + ExpiresIn int `json:"expires_in"` 17 28 RefreshToken string `json:"refresh_token"` 18 18 - Scope string `json:"scope"` 29 29 + Scope string `json:"scope"` 19 30 } 20 31 21 32 AuthInfoResponse struct { 22 33 Application struct { 23 23 - Id string 24 24 - Name string 25 25 - Icon string 26 26 - Description string 27 27 - Hook bool 28 28 - BotPublic bool 34 34 + Id string 35 35 + Name string 36 36 + Icon string 37 37 + Description string 38 38 + Hook bool 39 39 + BotPublic bool 29 40 botRequireCodeGrant bool 30 30 - VerifyKey bool 41 41 + VerifyKey bool 31 42 } 32 32 - Scopes []string 43 43 + Scopes []string 33 44 Expires string 34 34 - User struct { 35 35 - Id string 36 36 - Username string 37 37 - Avatar string 38 38 - Discriminator string 39 39 - GlobalName string 40 40 - PublicFlags int 41 41 - } 45 45 + User DiscordUser 46 46 + } 47 47 + 48 48 + DiscordUser struct { 49 49 + Id string 50 50 + Username string 51 51 + Avatar string 52 52 + Discriminator string 53 53 + GlobalName string 54 54 + PublicFlags int 42 55 } 43 56 ) 44 57 58 58 + func GetOAuthTokenFromCode(code string) (string, error) { 59 59 + // let's get an oauth token! 60 60 + req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/oauth2/token", API_ENDPOINT), 61 61 + strings.NewReader(url.Values{ 62 62 + "client_id": {CLIENT_ID}, 63 63 + "client_secret": {CLIENT_SECRET}, 64 64 + "grant_type": {"authorization_code"}, 65 65 + "code": {code}, 66 66 + "redirect_uri": {MY_REDIRECT_URI}, 67 67 + }.Encode())) 68 68 + req.Header.Add("Content-Type", "application/x-www-form-urlencoded") 69 69 + 70 70 + res, err := http.DefaultClient.Do(req) 71 71 + if err != nil { 72 72 + return "", errors.New(fmt.Sprintf("Failed while contacting discord API: %s", err)) 73 73 + } 74 74 + 75 75 + oauth := AccessTokenResponse{} 76 76 + 77 77 + err = json.NewDecoder(res.Body).Decode(&oauth) 78 78 + if err != nil { 79 79 + return "", errors.New(fmt.Sprintf("Failed to parse OAuth response data from discord: %s\n", err)) 80 80 + } 81 81 + res.Body.Close() 82 82 + 83 83 + return oauth.AccessToken, nil 84 84 + } 85 85 + 86 86 + func GetDiscordUserFromAuth(token string) (DiscordUser, error) { 87 87 + // let's get authorisation information! 88 88 + req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/oauth2/@me", API_ENDPOINT), nil) 89 89 + req.Header.Add("Authorization", "Bearer " + token) 90 90 + 91 91 + res, err := http.DefaultClient.Do(req) 92 92 + if err != nil { 93 93 + return DiscordUser{}, errors.New(fmt.Sprintf("Failed to retrieve discord auth information: %s\n", err)) 94 94 + } 95 95 + 96 96 + auth_info := AuthInfoResponse{} 97 97 + 98 98 + err = json.NewDecoder(res.Body).Decode(&auth_info) 99 99 + if err != nil { 100 100 + return DiscordUser{}, errors.New(fmt.Sprintf("Failed to parse auth information from discord: %s\n", err)) 101 101 + } 102 102 + defer res.Body.Close() 103 103 + 104 104 + return auth_info.User, nil 105 105 + }