zeppelin/src/api/auth.ts

import express, { Request, Response } from "express";
import passport from "passport";
import OAuth2Strategy from "passport-oauth2";
import CustomStrategy from "passport-custom";
import { DashboardLogins, DashboardLoginUserData } from "../data/DashboardLogins";
import pick from "lodash.pick";
import https from "https";

const DISCORD_API_URL = "https://discordapp.com/api";

function simpleDiscordAPIRequest(bearerToken, path): Promise<any> {
  return new Promise((resolve, reject) => {
    const request = https.get(
      `${DISCORD_API_URL}/${path}`,
      {
        headers: {
          Authorization: `Bearer ${bearerToken}`,
        },
      },
      res => {
        if (res.statusCode !== 200) {
          reject(new Error(`Discord API error ${res.statusCode}`));
          return;
        }

        res.on("data", data => resolve(JSON.parse(data)));
      },
    );

    request.on("error", err => reject(err));
  });
}

export function initAuth(app: express.Express) {
  app.use(passport.initialize());

  if (!process.env.CLIENT_ID) {
    throw new Error("Auth: CLIENT ID missing");
  }

  if (!process.env.CLIENT_SECRET) {
    throw new Error("Auth: CLIENT SECRET missing");
  }

  if (!process.env.OAUTH_CALLBACK_URL) {
    throw new Error("Auth: OAUTH CALLBACK URL missing");
  }

  if (!process.env.DASHBOARD_URL) {
    throw new Error("DASHBOARD_URL missing!");
  }

  passport.serializeUser((user, done) => done(null, user));
  passport.deserializeUser((user, done) => done(null, user));

  const dashboardLogins = new DashboardLogins();

  // Initialize API tokens
  passport.use(
    "api-token",
    new CustomStrategy(async (req, cb) => {
      const apiKey = req.header("X-Api-Key");
      if (!apiKey) return cb();

      const userId = await dashboardLogins.getUserIdByApiKey(apiKey);
      if (userId) {
        return cb(null, { userId });
      }

      cb();
    }),
  );

  // Initialize OAuth2 for Discord login
  passport.use(
    new OAuth2Strategy(
      {
        authorizationURL: "https://discordapp.com/api/oauth2/authorize",
        tokenURL: "https://discordapp.com/api/oauth2/token",
        clientID: process.env.CLIENT_ID,
        clientSecret: process.env.CLIENT_SECRET,
        callbackURL: process.env.OAUTH_CALLBACK_URL,
        scope: ["identify"],
      },
      async (accessToken, refreshToken, profile, cb) => {
        const user = await simpleDiscordAPIRequest(accessToken, "users/@me");
        const userData = pick(user, ["username", "discriminator", "avatar"]) as DashboardLoginUserData;
        const apiKey = await dashboardLogins.addLogin(user.id, userData);
        // TODO: Revoke access token, we don't need it anymore
        console.log("done, calling cb with", apiKey);
        cb(null, { apiKey });
      },
    ),
  );

  app.get("/auth/login", passport.authenticate("oauth2"));
  app.get(
    "/auth/oauth-callback",
    passport.authenticate("oauth2", { failureRedirect: "/", session: false }),
    (req, res) => {
      console.log("redirecting to a non-existent page haHAA");
      res.redirect(`${process.env.DASHBOARD_URL}/login-callback/?apiKey=${req.user.apiKey}`);
    },
  );
  app.post("/auth/validate-key", async (req: Request, res: Response) => {
    const key = req.params.key || req.query.key;
    if (!key) {
      return res.status(400).json({ error: "No key supplied" });
    }

    const userId = await dashboardLogins.getUserIdByApiKey(key);
    if (!userId) {
      return res.json({ valid: false });
    }

    res.json({ valid: true });
  });
}

export function requireAPIToken(router: express.Router) {
  router.use(passport.authenticate("api-token", { failWithError: true }), (err, req, res, next) => {
    return res.json({ error: err.message });
  });
}
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`import express, { Request, Response } from "express";`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`import passport from "passport";`
			`import OAuth2Strategy from "passport-oauth2";`
			`import CustomStrategy from "passport-custom";`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`import { DashboardLogins, DashboardLoginUserData } from "../data/DashboardLogins";`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`import pick from "lodash.pick";`
			`import https from "https";`

			`const DISCORD_API_URL = "https://discordapp.com/api";`

Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`function simpleDiscordAPIRequest(bearerToken, path): Promise<any> {`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`return new Promise((resolve, reject) => {`
			`const request = https.get(`
			`${DISCORD_API_URL}/${path}`,
			`{`
			`headers: {`
			Authorization: `Bearer ${bearerToken}`,
			`},`
			`},`
			`res => {`
			`if (res.statusCode !== 200) {`
			reject(new Error(`Discord API error ${res.statusCode}`));
			`return;`
			`}`

			`res.on("data", data => resolve(JSON.parse(data)));`
			`},`
			`);`

			`request.on("error", err => reject(err));`
			`});`
			`}`

Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`export function initAuth(app: express.Express) {`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`app.use(passport.initialize());`

			`if (!process.env.CLIENT_ID) {`
			`throw new Error("Auth: CLIENT ID missing");`
			`}`

			`if (!process.env.CLIENT_SECRET) {`
			`throw new Error("Auth: CLIENT SECRET missing");`
			`}`

			`if (!process.env.OAUTH_CALLBACK_URL) {`
			`throw new Error("Auth: OAUTH CALLBACK URL missing");`
			`}`

			`if (!process.env.DASHBOARD_URL) {`
			`throw new Error("DASHBOARD_URL missing!");`
			`}`

			`passport.serializeUser((user, done) => done(null, user));`
			`passport.deserializeUser((user, done) => done(null, user));`

			`const dashboardLogins = new DashboardLogins();`

			`// Initialize API tokens`
			`passport.use(`
			`"api-token",`
			`new CustomStrategy(async (req, cb) => {`
			`const apiKey = req.header("X-Api-Key");`
			`if (!apiKey) return cb();`

			`const userId = await dashboardLogins.getUserIdByApiKey(apiKey);`
			`if (userId) {`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`return cb(null, { userId });`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`}`

			`cb();`
			`}),`
			`);`

			`// Initialize OAuth2 for Discord login`
			`passport.use(`
			`new OAuth2Strategy(`
			`{`
			`authorizationURL: "https://discordapp.com/api/oauth2/authorize",`
			`tokenURL: "https://discordapp.com/api/oauth2/token",`
			`clientID: process.env.CLIENT_ID,`
			`clientSecret: process.env.CLIENT_SECRET,`
			`callbackURL: process.env.OAUTH_CALLBACK_URL,`
			`scope: ["identify"],`
			`},`
			`async (accessToken, refreshToken, profile, cb) => {`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`const user = await simpleDiscordAPIRequest(accessToken, "users/@me");`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`const userData = pick(user, ["username", "discriminator", "avatar"]) as DashboardLoginUserData;`
			`const apiKey = await dashboardLogins.addLogin(user.id, userData);`
			`// TODO: Revoke access token, we don't need it anymore`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`console.log("done, calling cb with", apiKey);`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`cb(null, { apiKey });`
			`},`
			`),`
			`);`

			`app.get("/auth/login", passport.authenticate("oauth2"));`
			`app.get(`
			`"/auth/oauth-callback",`
			`passport.authenticate("oauth2", { failureRedirect: "/", session: false }),`
			`(req, res) => {`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`console.log("redirecting to a non-existent page haHAA");`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			res.redirect(`${process.env.DASHBOARD_URL}/login-callback/?apiKey=${req.user.apiKey}`);
			`},`
			`);`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`app.post("/auth/validate-key", async (req: Request, res: Response) => {`
			`const key = req.params.key \|\| req.query.key;`
			`if (!key) {`
			`return res.status(400).json({ error: "No key supplied" });`
			`}`

			`const userId = await dashboardLogins.getUserIdByApiKey(key);`
			`if (!userId) {`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`return res.json({ valid: false });`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`}`

dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`res.json({ valid: true });`
			`});`
			`}`

			`export function requireAPIToken(router: express.Router) {`
			`router.use(passport.authenticate("api-token", { failWithError: true }), (err, req, res, next) => {`
			`return res.json({ error: err.message });`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`});`
Initial dashboard work (auth flow) 2019-05-26 00:13:42 +03:00			`}`