-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: use expiring links for discord login to protect from others…
… linking to your account.
- Loading branch information
Showing
7 changed files
with
128 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
import { BorshSchema, Component, type ExactLink, type PathSegment } from 'leaf-proto'; | ||
import { CommonMark } from 'leaf-proto/components'; | ||
import { instance_link, leafClient } from '.'; | ||
|
||
export const DISCORD_PREFIX: PathSegment = { String: 'discord_users' }; | ||
|
||
export class RauthyUserId extends Component { | ||
value: string = ''; | ||
constructor(s: string) { | ||
super(); | ||
this.value = s; | ||
} | ||
static componentName(): string { | ||
return 'RauthyUserId'; | ||
} | ||
static borshSchema(): BorshSchema { | ||
return BorshSchema.String; | ||
} | ||
static specification(): Component[] { | ||
return [new CommonMark('The Rauthy auth server user ID associated to this entity.')]; | ||
} | ||
} | ||
|
||
export function discordUserLinkById(id: string): ExactLink { | ||
return instance_link([DISCORD_PREFIX, { String: id }]); | ||
} | ||
|
||
export async function setDiscordUserRauthyId(discordId: string, rauthyId: string) { | ||
const discordLink = discordUserLinkById(discordId); | ||
leafClient.add_components(discordLink, [new RauthyUserId(rauthyId)]); | ||
} | ||
|
||
export async function getDiscordUserRauthyId(discordId: string): Promise<string | undefined> { | ||
const discordLink = discordUserLinkById(discordId); | ||
const ent = await leafClient.get_components(discordLink, [RauthyUserId]); | ||
return ent?.get(RauthyUserId)?.value; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
src/routes/(app)/connect/to/discord/[linkId]/+page.server.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
import { getSession } from '$lib/rauthy/server'; | ||
import { redirect, type ServerLoad, fail } from '@sveltejs/kit'; | ||
import { setDiscordUserRauthyId } from '$lib/leaf/discord.js'; | ||
import { getDiscordIdForLoginLink } from '$lib/discord_bot/index.js'; | ||
|
||
export const load: ServerLoad = async ({ params, fetch, request }) => { | ||
let { userInfo } = await getSession(fetch, request); | ||
if (!userInfo) { | ||
// TODO: hook up the login form so that it redirects back to this discord | ||
// authentication once you are logged in. | ||
return redirect(307, '/auth/v1/account'); | ||
} | ||
return { ...params }; | ||
}; | ||
|
||
export const actions = { | ||
default: async ({ fetch, request }) => { | ||
let { userInfo } = await getSession(fetch, request); | ||
if (!userInfo) { | ||
return fail(403, { error: 'You are not logged in' }); | ||
} | ||
const data = await request.formData(); | ||
const linkId = data.get('link_id')?.toString(); | ||
if (!linkId) return fail(400, { error: 'Missing link ID' }); | ||
const discordId = await getDiscordIdForLoginLink(linkId); | ||
if (!discordId) return fail(400, { error: 'The login link has expired.' }); | ||
|
||
await setDiscordUserRauthyId(discordId, userInfo.id); | ||
|
||
return { success: true }; | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<script lang="ts"> | ||
import type { PageData, ActionData } from './$types'; | ||
const { data, form }: { data: PageData; form: ActionData } = $props(); | ||
const linkId = data.linkId; | ||
</script> | ||
|
||
<main class="flex flex-col items-center"> | ||
<div class="card mt-8 max-w-[600px] p-4"> | ||
<h2 class="text-2xl font-bold">Connect to Discord</h2> | ||
<p class="my-4">Continuing will connect your Discord account to your Weird account.</p> | ||
<form method="post"> | ||
<input type="hidden" name="link_id" value={linkId} /> | ||
<div class="flex justify-end"> | ||
{#if form} | ||
<div class="p-7 text-xl"> | ||
{#if form.success} | ||
<p class="text-green-700">Successfully connected account. You may close this tab.</p> | ||
{:else if form.error} | ||
<p class="text-red-500">Error logging in: {form.error}</p> | ||
{/if} | ||
</div> | ||
{/if} | ||
|
||
{#if !form?.success} | ||
<button class="my-4 rounded bg-blue-500 px-4 py-2 font-bold text-white hover:bg-blue-700" | ||
>Grant Access</button | ||
> | ||
{/if} | ||
</div> | ||
</form> | ||
</div> | ||
</main> |
21 changes: 0 additions & 21 deletions
21
src/routes/(helper)/app/discord_bot_authenticator/+page.server.ts
This file was deleted.
Oops, something went wrong.
43 changes: 0 additions & 43 deletions
43
src/routes/(helper)/app/discord_bot_authenticator/+page.svelte
This file was deleted.
Oops, something went wrong.