apps/api/src/routes/auth.ts (view raw)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
import type { Error, ProvisionalTokenResponse } from "@purrkit/types";
import config, { IS_PROD } from "@stealth-developers/config";
import db, { getActor, sessions, upsertUser } from "@stealth-developers/db";
import Elysia, { t } from "elysia";
import { createClient } from "../discord";
import { CLIENT_ID, CLIENT_SECRET, FRONTEND_URL, REDIRECT_URI } from "../lib/constants";
const SCOPES = {
regular: ["identify", "guilds"],
widgets: ["sdk.social_layer", "sdk.social_layer_presence", "openid"],
};
export const authRoutes = new Elysia().group("/auth", (app) =>
app
.get(
"/login",
({ query: { actorId }, redirect }) => {
const isWidgetFlow = !!actorId;
const scopes = isWidgetFlow ? SCOPES.widgets : SCOPES.regular;
let redirectUri = `https://discord.com/oauth2/authorize?client_id=${CLIENT_ID}&response_type=code&redirect_uri=${encodeURIComponent(REDIRECT_URI)}&scope=${encodeURIComponent(scopes.join(" "))}`;
if (isWidgetFlow) redirectUri += `&state=${encodeURIComponent(actorId)}`;
return redirect(redirectUri, 302);
},
{
tags: ["auth"],
query: t.Object({
actorId: t.Optional(t.String()),
}),
},
)
.get(
"/callback",
async ({ query: { code, state }, cookie: { session_id }, redirect }) => {
if (!session_id) throw new Error("No session ID");
const params = new URLSearchParams({
code,
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
grant_type: "authorization_code",
redirect_uri: REDIRECT_URI,
});
if (state) {
const actor = await getActor(Number(state));
if (!actor) throw new Error("Actor not found");
if (!actor.robloxId) throw new Error("Actor does not have a linked Roblox account");
const botToken = config.discord.token;
if (!botToken) throw new Error("config.discord.token is not defined");
const provisionResponse = await fetch(
"https://discord.com/api/v10/partner-sdk/token/bot",
{
method: "POST",
headers: {
Authorization: `Bot ${botToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
external_user_id: actor.robloxId,
}),
},
);
if (!provisionResponse.ok) {
const responseText = await provisionResponse.text();
let isNonProvisional = false;
try {
const provisionErrorData = JSON.parse(responseText) as {
code?: number;
message?: string;
};
if (provisionErrorData.code === 530010) {
isNonProvisional = true;
}
} catch {}
if (!isNonProvisional)
throw new Error(`Provisional account creation failed: ${responseText}`);
} else {
const provisionData = (await provisionResponse.json()) as { access_token: string };
params.append("external_auth_type", "DISCORD_BOT_ISSUED_ACCESS_TOKEN");
params.append("external_auth_token", provisionData.access_token);
}
}
const tokenResponse = await fetch("https://discord.com/api/oauth2/token", {
method: "POST",
body: params,
headers: { "Content-Type": "application/x-www-form-urlencoded" },
});
const tokenData = (await tokenResponse.json()) as Error | ProvisionalTokenResponse;
if ("code" in tokenData) throw new Error(tokenData.message);
const client = createClient(`${tokenData.token_type} ${tokenData.access_token}`);
const userRes = await client.users.me.get();
if (!userRes.ok) throw new Error(userRes.data.message);
const userData = userRes.data;
const upsertedUser = await upsertUser({
avatar: userData.avatar,
username: userData.username,
displayName: userData.global_name,
id: userData.id,
});
if (!upsertedUser) throw new Error("Failed to upsert user");
const sessionId = crypto.randomUUID();
const expiresAt = new Date().getTime() + tokenData.expires_in * 1_000;
await db.insert(sessions).values({
id: sessionId,
userId: upsertedUser.id,
accessToken: tokenData.access_token,
refreshToken: tokenData.refresh_token!,
scope: tokenData.scope,
tokenType: tokenData.token_type,
createdAt: new Date(),
expiresAt: new Date(expiresAt),
});
session_id.set({
value: sessionId,
httpOnly: true,
path: "/",
secure: IS_PROD,
sameSite: "lax",
expires: new Date(expiresAt),
});
return redirect(FRONTEND_URL);
},
{
tags: ["auth"],
query: t.Object({
code: t.String(),
state: t.Optional(t.String()),
}),
},
),
);
|