diff --git a/package-lock.json b/package-lock.json index d7bddfd..09f89f6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,8 @@ "ansi-colors": "^4.1.3", "better-sqlite3": "^11.1.2", "chunk-text": "^2.0.1", - "cloudstorm": "^0.10.10", + "cloudstorm": "^0.11.2", + "discord-api-types": "^0.37.119", "domino": "^2.1.6", "enquirer": "^2.4.1", "entities": "^5.0.0", @@ -35,7 +36,7 @@ "minimist": "^1.2.8", "prettier-bytes": "^1.0.4", "sharp": "^0.33.4", - "snowtransfer": "^0.10.5", + "snowtransfer": "^0.11.0", "stream-mime-type": "^1.0.2", "try-to-catch": "^3.0.1", "uqr": "^0.1.2", @@ -47,7 +48,6 @@ "@types/node": "^18.16.0", "c8": "^10.1.2", "cross-env": "^7.0.3", - "discord-api-types": "^0.37.60", "supertape": "^10.4.0" }, "engines": { @@ -1411,16 +1411,15 @@ } }, "node_modules/cloudstorm": { - "version": "0.10.11", - "resolved": "https://registry.npmjs.org/cloudstorm/-/cloudstorm-0.10.11.tgz", - "integrity": "sha512-A3lN0o404la7ryWIxN73gW2ehC0RO4h0yCA2grtOtPh8rNTd6+R2U4llyJlb61HlyOFrEVJ7AbOoFblVSmkrtw==", - "license": "MIT", + "version": "0.11.2", + "resolved": "https://registry.npmjs.org/cloudstorm/-/cloudstorm-0.11.2.tgz", + "integrity": "sha512-LuKey+nTp5fEGH5TdCxCUWSG1VMcXKV57rsFvGi/XLpdPT1LUTlc5TmCONAaKzy2uZFJm9EG+iIB2Vq+uBqgog==", "dependencies": { - "discord-api-types": "^0.37.98", - "snowtransfer": "^0.10.7" + "discord-api-types": "^0.37.119", + "snowtransfer": "^0.11.0" }, "engines": { - "node": ">=14.8.0" + "node": ">=16.15.0" } }, "node_modules/color": { @@ -1599,10 +1598,9 @@ } }, "node_modules/discord-api-types": { - "version": "0.37.101", - "resolved": "https://registry.npmjs.org/discord-api-types/-/discord-api-types-0.37.101.tgz", - "integrity": "sha512-2wizd94t7G3A8U5Phr3AiuL4gSvhqistDwWnlk1VLTit8BI1jWUncFqFQNdPbHqS3661+Nx/iEyIwtVjPuBP3w==", - "license": "MIT" + "version": "0.37.119", + "resolved": "https://registry.npmjs.org/discord-api-types/-/discord-api-types-0.37.119.tgz", + "integrity": "sha512-WasbGFXEB+VQWXlo6IpW3oUv73Yuau1Ig4AZF/m13tXcTKnMpc/mHjpztIlz4+BM9FG9BHQkEXiPto3bKduQUg==" }, "node_modules/doctypes": { "version": "1.1.0", @@ -2714,16 +2712,14 @@ } }, "node_modules/snowtransfer": { - "version": "0.10.7", - "resolved": "https://registry.npmjs.org/snowtransfer/-/snowtransfer-0.10.7.tgz", - "integrity": "sha512-lXUYp6jOou0DI8uFl3Dh78KD1gVa3dNbUt2TK6RW39mHenAR6XpoPoydUNXCWvdxi6uGU6zQ1yNICZpKjF6wMA==", - "license": "MIT", + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/snowtransfer/-/snowtransfer-0.11.0.tgz", + "integrity": "sha512-07rvRnCtXdL/E3PmKTS/zHVlIIIWizKh7YzsUxN2bmX1Fr5odFgZ08J0/dE1YL6XmsbpmEB2r4LBAfdCGzKs7w==", "dependencies": { - "discord-api-types": "^0.37.98", - "undici": "^6.19.8" + "discord-api-types": "^0.37.119" }, "engines": { - "node": ">=14.18.0" + "node": ">=16.15.0" } }, "node_modules/source-map": { @@ -3143,15 +3139,6 @@ "integrity": "sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q==", "license": "MIT" }, - "node_modules/undici": { - "version": "6.21.1", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.21.1.tgz", - "integrity": "sha512-q/1rj5D0/zayJB2FraXdaWxbhWiNKDvu8naDT2dl1yTlvJp4BLtOcp2a5BvgGNQpYYJzau7tf1WgKv3b+7mqpQ==", - "license": "MIT", - "engines": { - "node": ">=18.17" - } - }, "node_modules/undici-types": { "version": "5.26.5", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", diff --git a/package.json b/package.json index 24555a3..12ac82a 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,8 @@ "ansi-colors": "^4.1.3", "better-sqlite3": "^11.1.2", "chunk-text": "^2.0.1", - "cloudstorm": "^0.10.10", + "cloudstorm": "^0.11.2", + "discord-api-types": "^0.37.119", "domino": "^2.1.6", "enquirer": "^2.4.1", "entities": "^5.0.0", @@ -44,7 +45,7 @@ "minimist": "^1.2.8", "prettier-bytes": "^1.0.4", "sharp": "^0.33.4", - "snowtransfer": "^0.10.5", + "snowtransfer": "^0.11.0", "stream-mime-type": "^1.0.2", "try-to-catch": "^3.0.1", "uqr": "^0.1.2", @@ -56,7 +57,6 @@ "@types/node": "^18.16.0", "c8": "^10.1.2", "cross-env": "^7.0.3", - "discord-api-types": "^0.37.60", "supertape": "^10.4.0" }, "scripts": { diff --git a/readme.md b/readme.md index 2fa64a4..eea0ada 100644 --- a/readme.md +++ b/readme.md @@ -164,7 +164,7 @@ To get into the rooms on your Matrix account, use the `/invite [your mxid here]` ## Dependency justification -Total transitive production dependencies: 144 +Total transitive production dependencies: 143 ### 🦕 @@ -188,6 +188,7 @@ Total transitive production dependencies: 144 * (0) ansi-colors: Helps with interactive prompting for the initial setup, and it's already pulled in by enquirer. * (1) chunk-text: It does what I want. * (0) cloudstorm: Discord gateway library with bring-your-own-caching that I trust. +* (0) discord-api-types: Bitfields needed at runtime and types needed for development. * (0) domino: DOM implementation that's already pulled in by turndown. * (1) enquirer: Interactive prompting for the initial setup rather than forcing users to edit YAML non-interactively. * (0) entities: Looks fine. No dependencies. @@ -198,7 +199,7 @@ Total transitive production dependencies: 144 * (0) lru-cache: For holding unused nonce in memory and letting them be overwritten later if never used. * (0) minimist: It's already pulled in by better-sqlite3->prebuild-install. * (0) prettier-bytes: It does what I want and has no dependencies. -* (2) snowtransfer: Discord API library with bring-your-own-caching that I trust. +* (0) snowtransfer: Discord API library with bring-your-own-caching that I trust. * (0) try-to-catch: Not strictly necessary, but it's already pulled in by supertape, so I may as well. * (0) uqr: QR code SVG generator. Used on the website to scan in an invite link. * (0) xxhash-wasm: Used where cryptographically secure hashing is not required. diff --git a/scripts/setup.js b/scripts/setup.js index 1174861..4ac6f84 100644 --- a/scripts/setup.js +++ b/scripts/setup.js @@ -180,7 +180,7 @@ function defineEchoHandler() { process.stdout.write(magenta(" checking, please wait...")) try { snow = new SnowTransfer(token) - client = await snow.requestHandler.request(`/applications/@me`, {}, "get") + client = await snow.requestHandler.request(`/applications/@me`, {}, "get", "json") return true } catch (e) { return e.message @@ -197,7 +197,7 @@ function defineEchoHandler() { message: "Press Enter when you've enabled them", validate: async token => { process.stdout.write(magenta("checking, please wait...")) - client = await snow.requestHandler.request(`/applications/@me`, {}, "get") + client = await snow.requestHandler.request(`/applications/@me`, {}, "get", "json") if (client.flags & mandatoryIntentFlags) { return true } else { @@ -225,7 +225,7 @@ function defineEchoHandler() { message: "Press Enter when you've added it", validate: async token => { process.stdout.write(magenta("checking, please wait...")) - client = await snow.requestHandler.request(`/applications/@me`, {}, "get") + client = await snow.requestHandler.request(`/applications/@me`, {}, "get", "json") if (client.redirect_uris.includes(expectedUri)) { return true } else { diff --git a/src/web/routes/oauth.js b/src/web/routes/oauth.js index ed0da8a..ace7b72 100644 --- a/src/web/routes/oauth.js +++ b/src/web/routes/oauth.js @@ -3,11 +3,11 @@ const {z} = require("zod") const {randomUUID} = require("crypto") const {defineEventHandler, getValidatedQuery, sendRedirect, createError} = require("h3") -const {SnowTransfer} = require("snowtransfer") +const {SnowTransfer, tokenless} = require("snowtransfer") const DiscordTypes = require("discord-api-types/v10") const getRelativePath = require("get-relative-path") -const {as, db, sync} = require("../../passthrough") +const {discord, as, db, sync} = require("../../passthrough") const {id} = require("../../../addbot") /** @type {import("../auth")} */ const auth = sync.require("../auth") @@ -59,21 +59,10 @@ as.router.get("/oauth", defineEventHandler(async event => { if (!savedState) throw createError({status: 400, message: "Missing state", data: "Missing saved state parameter. Please try again, and make sure you have cookies enabled."}) if (savedState != parsedQuery.data.state) return tryAgain() - const res = await fetch("https://discord.com/api/oauth2/token", { - method: "post", - body: new URLSearchParams({ - grant_type: "authorization_code", - client_id: id, - client_secret: reg.ooye.discord_client_secret, - redirect_uri, - code: parsedQuery.data.code - }) - }) - const root = await res.json() - - const parsedToken = schema.token.safeParse(root) - if (!res.ok || !parsedToken.success) { - throw createError({status: 502, message: "Invalid token response", data: `Discord completed OAuth, but returned this instead of an OAuth access token: ${JSON.stringify(root)}`}) + const oauthResult = await tokenless.getOauth2Token(id, redirect_uri, reg.ooye.discord_client_secret, parsedQuery.data.code) + const parsedToken = schema.token.safeParse(oauthResult) + if (!parsedToken.success) { + throw createError({status: 502, message: "Invalid token response", data: `Discord completed OAuth, but returned this instead of an OAuth access token: ${JSON.stringify(oauthResult)}`}) } const userID = Buffer.from(parsedToken.data.access_token.split(".")[0], "base64").toString()