Skip to content

Commit

Permalink
Merge pull request #36 from caravanapp-ca/fix/auth-attempt-2
Browse files Browse the repository at this point in the history 
Attempt 2 at fixing authentication
  • Loading branch information
@quinnturner
quinnturner committed May 31, 2020
2 parents 7b7cd12 + 509870a commit db5c1f5
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 61 deletions.
3 changes: 3 additions & 0 deletions packages/web-api/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,11 @@
"dotenv": "^8.2.0",
"express": "^4.17.1",
"express-validator": "^6.4.0",
"form-data": "^3.0.0",
"fuse.js": "^3.4.5",
"helmet": "^3.22.0",
"mongoose": "^5.9.3",
"node-fetch": "^2.6.0",
"slugify": "^1.4.0",
"uuid": "^7.0.2"
},
Expand All @@ -58,6 +60,7 @@
"@types/jest": "^25.1.4",
"@types/mongoose": "^5.7.3",
"@types/node": "^12.12.34",
"@types/node-fetch": "^2.5.7",
"@types/uuid": "^7.0.2",
"@types/ws": "^7.2.3",
"@typescript-eslint/eslint-plugin": "^2.27.0",
Expand Down
13 changes: 7 additions & 6 deletions packages/web-api/src/routes/authRoutes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,9 +113,10 @@ router.get('/discord/callback', async (req, res) => {
);
return;
}
let tokenResponseData = (
await ReadingDiscordBot.getToken(code, req.headers.host)
).data;
let tokenResponseData = await ReadingDiscordBot.getToken(
code,
req.headers.host
);

if (tokenResponseData.error) {
const encodedErrorMessage = encodeURIComponent(
Expand Down Expand Up @@ -265,9 +266,9 @@ router.get('/discord/callback', async (req, res) => {
`Refreshing access token for user {id: ${userDoc.id}, discordId: ${userDoc.discordId}}`
);
// Update the response data and new token to be later saved
tokenResponseData = (
await ReadingDiscordBot.refreshAccessToken(refreshToken)
).data;
tokenResponseData = await ReadingDiscordBot.refreshAccessToken(
refreshToken
);
accessToken = tokenResponseData.access_token;
}

Expand Down
82 changes: 27 additions & 55 deletions packages/web-api/src/services/discord.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import axios from 'axios';
import btoa from 'btoa';
import Discord, { TextChannel } from 'discord.js';
import FormData from 'form-data';
import fetch from 'node-fetch';

import { UserDoc } from '@caravanapp/mongo';
import { ReferralTier } from '@caravanapp/types';
Expand Down Expand Up @@ -38,10 +40,7 @@ const DiscordOAuth2Url = (state: string, host: string) => {
const redirectUri = getDiscordRedirectUri(host);
return `${DiscordApiUrl}/oauth2/authorize?client_id=${DiscordClientId}&redirect_uri=${redirectUri}&response_type=code&scope=${DiscordPermissionsParam}&state=${state}`;
};
const GetDiscordTokenCallbackUri = () => `${DiscordApiUrl}/v6/oauth2/token`;

const GetDiscordTokenRefreshCallbackUri = () =>
`${DiscordApiUrl}/v6/oauth2/token`;
const DISCORD_TOKEN_URI = `${DiscordApiUrl}/oauth2/token`;

interface DiscordUserResponseData {
id: string;
Expand Down Expand Up @@ -100,59 +99,34 @@ const ReadingDiscordBot = (() => {
},

getToken: async (code: string, host: string) => {
const tokenUri = GetDiscordTokenCallbackUri();
const redirectUri = getDiscordRedirectUri(host) || DiscordRedirectUri;
const body = {
// eslint-disable-next-line @typescript-eslint/camelcase
client_id: DiscordClientId,
// eslint-disable-next-line @typescript-eslint/camelcase
client_secret: DiscordClientSecret,
// eslint-disable-next-line @typescript-eslint/camelcase
grant_type: 'authorization_code',
code,
// eslint-disable-next-line @typescript-eslint/camelcase
redirect_uri: redirectUri,
scope: DiscordPermissionsSpaceDelimited,
};
const config = {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
};
const tokenResponse = await axios.post<OAuth2TokenResponseData>(
tokenUri,
body,
config
);
return tokenResponse;
const data = new FormData();
data.append('client_id', DiscordClientId);
data.append('client_secret', DiscordClientSecret);
data.append('grant_type', 'authorization_code');
data.append('redirect_uri', redirectUri);
data.append('scope', DiscordPermissionsSpaceDelimited);
data.append('code', code);
const response = await fetch(DISCORD_TOKEN_URI, {
method: 'POST',
body: data,
}).then(res => res.json() as Promise<OAuth2TokenResponseData>);
return response;
},

refreshAccessToken: async (refreshToken: string) => {
const refreshTokenUri = GetDiscordTokenRefreshCallbackUri();
// ?client_id=${DiscordClientId}&client_secret=${DiscordClientSecret}&grant_type=refresh_token&refresh_token=${refreshToken}&redirect_uri=${DiscordRedirectUri}&scope=${DiscordPermissionsParam}
const body = {
// eslint-disable-next-line @typescript-eslint/camelcase
client_id: DiscordClientId,
// eslint-disable-next-line @typescript-eslint/camelcase
client_secret: DiscordClientSecret,
// eslint-disable-next-line @typescript-eslint/camelcase
grant_type: 'refresh_token',
refreshToken,
// eslint-disable-next-line @typescript-eslint/camelcase
redirect_uri: DiscordRedirectUri,
scope: DiscordPermissionsSpaceDelimited,
};
const config = {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
};
const tokenResponse = await axios.post<OAuth2TokenResponseData>(
refreshTokenUri,
body,
config
);
return tokenResponse;
const data = new FormData();
data.append('client_id', DiscordClientId);
data.append('client_secret', DiscordClientSecret);
data.append('grant_type', 'refresh_token');
data.append('refresh_token', refreshToken);
data.append('redirect_uri', DiscordRedirectUri);
data.append('scope', DiscordPermissionsSpaceDelimited);
const response = await fetch(DISCORD_TOKEN_URI, {
method: 'POST',
body: data,
}).then(res => res.json() as Promise<OAuth2TokenResponseData>);
return response;
},
};
})();
Expand Down Expand Up @@ -264,7 +238,5 @@ export {
DiscordClientSecret,
DiscordOAuth2Url,
DiscordUserResponseData,
GetDiscordTokenCallbackUri,
GetDiscordTokenRefreshCallbackUri,
OAuth2TokenResponseData,
};
8 changes: 8 additions & 0 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2645,6 +2645,14 @@
"@types/mongodb" "*"
"@types/node" "*"

"@types/node-fetch@^2.5.7":
version "2.5.7"
resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.5.7.tgz#20a2afffa882ab04d44ca786449a276f9f6bbf3c"
integrity sha512-o2WVNf5UhWRkxlf6eq+jMZDu7kjgpgJfl4xVNlvryc95O/6F2ld8ztKX+qu+Rjyet93WAWm5LjeX9H5FGkODvw==
dependencies:
"@types/node" "*"
form-data "^3.0.0"

"@types/node@*", "@types/node@>= 8":
version "13.11.1"
resolved "https://registry.yarnpkg.com/@types/node/-/node-13.11.1.tgz#49a2a83df9d26daacead30d0ccc8762b128d53c7"
Expand Down

0 comments on commit db5c1f5

Please sign in to comment.