From 3ae6b6205d4af10d319fc846c2fa06bb095d033c Mon Sep 17 00:00:00 2001 From: Isaac Date: Sun, 21 Jan 2024 01:48:00 +0000 Subject: [PATCH] update & fix http stuff --- package.json | 8 ++-- pnpm-lock.yaml | 73 ++++++++++++++++++++----------------- src/http.js | 21 ++++++----- src/routes/auth/callback.js | 23 ++++++++---- 4 files changed, 69 insertions(+), 56 deletions(-) diff --git a/package.json b/package.json index 52bc213b6..9261c157d 100644 --- a/package.json +++ b/package.json @@ -49,15 +49,15 @@ "@eartharoid/dbf": "^0.4.1", "@eartharoid/dtf": "^2.0.1", "@eartharoid/i18n": "^1.2.1", - "@fastify/cookie": "^9.1.0", - "@fastify/jwt": "^7.2.2", - "@fastify/oauth2": "^7.5.0", + "@fastify/cookie": "^9.3.1", + "@fastify/jwt": "^8.0.0", + "@fastify/oauth2": "^7.8.0", "@prisma/client": "^4.16.1", "boxen": "^7.1.0", "cryptr": "^6.2.0", "discord.js": "^14.11.0", "dotenv": "^16.0.3", - "fastify": "^4.24.2", + "fastify": "^4.25.2", "figlet": "^1.6.0", "fs-extra": "^10.1.0", "keyv": "^4.5.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index dea8e10d5..61f0bac26 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -18,14 +18,14 @@ dependencies: specifier: ^1.2.1 version: 1.2.1 '@fastify/cookie': - specifier: ^9.1.0 - version: 9.1.0 + specifier: ^9.3.1 + version: 9.3.1 '@fastify/jwt': - specifier: ^7.2.2 - version: 7.2.2 + specifier: ^8.0.0 + version: 8.0.0 '@fastify/oauth2': - specifier: ^7.5.0 - version: 7.5.0 + specifier: ^7.8.0 + version: 7.8.0 '@prisma/client': specifier: ^4.16.1 version: 4.16.2(prisma@4.16.2) @@ -42,8 +42,8 @@ dependencies: specifier: ^16.0.3 version: 16.3.1 fastify: - specifier: ^4.24.2 - version: 4.24.2 + specifier: ^4.25.2 + version: 4.25.2 figlet: specifier: ^1.6.0 version: 1.6.0 @@ -99,7 +99,7 @@ optionalDependencies: version: 4.0.7 erlpack: specifier: github:discord/erlpack - version: github.com/discord/erlpack/cbe76be04c2210fc9cb6ff95910f0937c1011d04 + version: github.com/discord/erlpack/b25ebd51ae4c097bd7f756fd4e1c841b61bfe50b utf-8-validate: specifier: ^5.0.10 version: 5.0.10 @@ -509,10 +509,10 @@ packages: engines: {node: '>=14'} dev: false - /@fastify/cookie@9.1.0: - resolution: {integrity: sha512-w/LlQjj7cmYlQNhEKNm4jQoLkFXCL73kFu1Jy3aL7IFbYEojEKur0f7ieCKUxBBaU65tpaWC83UM8xW7AzY6uw==} + /@fastify/cookie@9.3.1: + resolution: {integrity: sha512-h1NAEhB266+ZbZ0e9qUE6NnNR07i7DnNXWG9VbbZ8uC6O/hxHpl+Zoe5sw1yfdZ2U6XhToUGDnzQtWJdCaPwfg==} dependencies: - cookie: 0.5.0 + cookie-signature: 1.2.1 fastify-plugin: 4.5.1 dev: false @@ -520,10 +520,6 @@ packages: resolution: {integrity: sha512-J8TOSBq3SoZbDhM9+R/u77hP93gz/rajSA+K2kGyijPpORPWUXHUpTaleoj+92As0S9uPRP7Oi8IqMf0u+ro6A==} dev: false - /@fastify/error@3.3.0: - resolution: {integrity: sha512-dj7vjIn1Ar8sVXj2yAXiMNCJDmS9MQ9XMlIecX2dIzzhjSHCyKo4DdXjXMs7wKW2kj6yvVRSpuQjOZ3YLrh56w==} - dev: false - /@fastify/error@3.4.0: resolution: {integrity: sha512-e/mafFwbK3MNqxUcFBLgHhgxsF8UT1m8aj0dAlqEa2nJEgPsRtpHTZ3ObgrgkZ2M1eJHPTwgyUl/tXkvabsZdQ==} dev: false @@ -534,20 +530,20 @@ packages: fast-json-stringify: 5.8.0 dev: false - /@fastify/jwt@7.2.2: - resolution: {integrity: sha512-ZF0lyEjEIJnwqe0zjeSQkjfpAIrKdZfhTwUM+Z74NFEN+WodDi12cjABFPm2CrI8jtc4KInytSA74bN2jJ0MGQ==} + /@fastify/jwt@8.0.0: + resolution: {integrity: sha512-pJHjmZaokteZFMbsVVt7pbyJpbDogTnpl/aD7eR3vLOPgfktp4k4gUM6cd7RtjL/Ol1qDwL5mup+vdNlZI3K0Q==} dependencies: - '@fastify/error': 3.3.0 + '@fastify/error': 3.4.0 '@lukeed/ms': 2.0.1 - fast-jwt: 3.3.1 + fast-jwt: 3.3.2 fastify-plugin: 4.5.1 steed: 1.1.3 dev: false - /@fastify/oauth2@7.5.0: - resolution: {integrity: sha512-SxMRLekUT1FgE+PjGuiA0U9Z+v3Y35U26aJ8+/abat2YhffaI1YL1b1GQhrpePSDD/g720PkGK+epcklKyCcwg==} + /@fastify/oauth2@7.8.0: + resolution: {integrity: sha512-piQldGFUfAH0+SXM7Cw6hlanFmYnTWYtDC3EcbxNiQedAbr9SbGNxJynTHsvyKzRO7dupdxIdWA81k1egxKftQ==} dependencies: - '@fastify/cookie': 9.1.0 + '@fastify/cookie': 9.3.1 fastify-plugin: 4.5.1 simple-oauth2: 5.0.0 transitivePeerDependencies: @@ -1443,6 +1439,11 @@ packages: through2: 4.0.2 dev: true + /cookie-signature@1.2.1: + resolution: {integrity: sha512-78KWk9T26NhzXtuL26cIJ8/qNHANyJ/ZYrmEXFzUmhZdjpBv+DlWlOANRTGBt48YcyslsLrj0bMLFTmXvLRCOw==} + engines: {node: '>=6.6.0'} + dev: false + /cookie@0.5.0: resolution: {integrity: sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==} engines: {node: '>= 0.6'} @@ -1851,8 +1852,8 @@ packages: rfdc: 1.3.0 dev: false - /fast-jwt@3.3.1: - resolution: {integrity: sha512-1YuuIJeh1hEvfcYDe89P2oGACWI5hd2GadRDKHalSxkc1Z0z8I6yzuVK6SF15sW09QZngTV6d7g4+TFL9bvs5A==} + /fast-jwt@3.3.2: + resolution: {integrity: sha512-H+JYxaFy2LepiC1AQWM/2hzKlQOWaWUkEnu/yebhYu4+ameb3qG77WiRZ1Ct6YBk6d/ESsNguBfTT5+q0XMtKg==} engines: {node: '>=16 <22'} dependencies: '@lukeed/ms': 2.0.1 @@ -1891,8 +1892,8 @@ packages: resolution: {integrity: sha512-stRHYGeuqpEZTL1Ef0Ovr2ltazUT9g844X5z/zEBFLG8RYlpDiOCIG+ATvYEp+/zmc7sN29mcIMp8gvYplYPIQ==} dev: false - /fastify@4.24.2: - resolution: {integrity: sha512-V/7fdhFas7HoAyjD8ha8wPCeiRLUzPgwwM5dSSUx/eBUv7GvG61YzjggqOchMOsa7Sw32MNN4uCCoFrl+9ccJA==} + /fastify@4.25.2: + resolution: {integrity: sha512-SywRouGleDHvRh054onj+lEZnbC1sBCLkR0UY3oyJwjD4BdZJUrxBqfkfCaqn74pVCwBaRHGuL3nEWeHbHzAfw==} dependencies: '@fastify/ajv-compiler': 3.5.0 '@fastify/error': 3.4.0 @@ -1903,8 +1904,8 @@ packages: fast-json-stringify: 5.8.0 find-my-way: 7.7.0 light-my-request: 5.11.0 - pino: 8.16.0 - process-warning: 2.2.0 + pino: 8.17.2 + process-warning: 3.0.0 proxy-addr: 2.0.7 rfdc: 1.3.0 secure-json-parse: 2.7.0 @@ -3140,8 +3141,8 @@ packages: resolution: {integrity: sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==} dev: false - /pino@8.16.0: - resolution: {integrity: sha512-UUmvQ/7KTZt/vHjhRrnyS7h+J7qPBQnpG80V56xmIC+o9IqYmQOw/UIny9S9zYDfRBR0ClouCr464EkBMIT7Fw==} + /pino@8.17.2: + resolution: {integrity: sha512-LA6qKgeDMLr2ux2y/YiUt47EfgQ+S9LznBWOJdN3q1dx2sv0ziDLUBeVpyVv17TEcGCBuWf0zNtg3M5m1NhhWQ==} hasBin: true dependencies: atomic-sleep: 1.0.0 @@ -3149,7 +3150,7 @@ packages: on-exit-leak-free: 2.1.0 pino-abstract-transport: 1.1.0 pino-std-serializers: 6.2.2 - process-warning: 2.2.0 + process-warning: 3.0.0 quick-format-unescaped: 4.0.4 real-require: 0.2.0 safe-stable-stringify: 2.4.3 @@ -3196,6 +3197,10 @@ packages: resolution: {integrity: sha512-/1WZ8+VQjR6avWOgHeEPd7SDQmFQ1B5mC1eRXsCm5TarlNmx/wCsa5GEaxGm05BORRtyG/Ex/3xq3TuRvq57qg==} dev: false + /process-warning@3.0.0: + resolution: {integrity: sha512-mqn0kFRl0EoqhnL0GQ0veqFHyIN1yig9RHh/InzORTUiZHFRAur+aMtRkELNwGs9aNwKS6tg/An4NYBPGwvtzQ==} + dev: false + /process@0.11.10: resolution: {integrity: sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==} engines: {node: '>= 0.6.0'} @@ -4180,8 +4185,8 @@ packages: dev: false optional: true - github.com/discord/erlpack/cbe76be04c2210fc9cb6ff95910f0937c1011d04: - resolution: {tarball: https://codeload.github.com/discord/erlpack/tar.gz/cbe76be04c2210fc9cb6ff95910f0937c1011d04} + github.com/discord/erlpack/b25ebd51ae4c097bd7f756fd4e1c841b61bfe50b: + resolution: {tarball: https://codeload.github.com/discord/erlpack/tar.gz/b25ebd51ae4c097bd7f756fd4e1c841b61bfe50b} name: erlpack version: 0.1.3 requiresBuild: true diff --git a/src/http.js b/src/http.js index 82cb7fc11..654f939c9 100644 --- a/src/http.js +++ b/src/http.js @@ -25,17 +25,18 @@ module.exports = async client => { fastify.states = new Map(); fastify.register(oauth, { callbackUri: `${process.env.HTTP_EXTERNAL}/auth/callback`, - checkStateFunction: (req, callback) => { - // if (fastify.states.has(req.query.state)) { - // callback(); - // return; - // } - console.log(req.session) - if (req.query.state === req.session.state) { - callback(); - return; + // checkStateFunction: (req, callback) => { + // if (req.query.state === req.cookies['oauth2-redirect-state']) { + // callback(); + // return; + // } + // callback(new Error('Invalid state')); + // }, + checkStateFunction: async req => { + if (req.query.state !== req.cookies['oauth2-redirect-state']) { + throw new Error('Invalid state'); } - callback(new Error('Invalid state')); + return true; }, credentials: { auth: oauth.DISCORD_CONFIGURATION, diff --git a/src/routes/auth/callback.js b/src/routes/auth/callback.js index 12c0622b3..6205c8121 100644 --- a/src/routes/auth/callback.js +++ b/src/routes/auth/callback.js @@ -2,18 +2,25 @@ const { domain } = require('../../lib/http'); module.exports.get = () => ({ handler: async function (req, res) { // MUST NOT use arrow function syntax - const { - access_token: accessToken, - expires_in: expiresIn, - } = await this.discord.getAccessTokenFromAuthorizationCodeFlow(req); + const data = await (await fetch('https://discord.com/api/oauth2/token', { + body: new URLSearchParams({ + client_id: req.routeOptions.config.client.user.id, + client_secret: process.env.DISCORD_SECRET, + code: req.query.code, + grant_type: 'authorization_code', + redirect_uri: `${process.env.HTTP_EXTERNAL}/auth/callback`, + }).toString(), + headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, + method: 'POST', + })).json(); const redirect = this.states.get(req.query.state) || '/'; this.states.delete(req.query.state); - const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${accessToken}` } })).json(); + const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${data.access_token}` } })).json(); const token = this.jwt.sign({ - accessToken, + accessToken: data.access_token, avatar: user.avatar, discriminator: user.discriminator, - expiresAt: Date.now() + (expiresIn * 1000), + expiresAt: Date.now() + (data.expires_in * 1000), id: user.id, locale: user.locale, username: user.username, @@ -21,7 +28,7 @@ module.exports.get = () => ({ res.setCookie('token', token, { domain, httpOnly: true, - maxAge: expiresIn, + maxAge: data.expires_in, path: '/', sameSite: 'Lax', secure: false,