Upload web code

package-lock.json

@@ -30,6 +30,7 @@
         "get-stream": "^6.0.1",
         "h3": "^1.12.0",
         "heatsync": "^2.5.3",
+        "lru-cache": "^10.4.3",
         "minimist": "^1.2.8",
         "node-fetch": "^2.6.7",
         "prettier-bytes": "^1.0.4",
@@ -2131,7 +2132,6 @@
       "version": "10.4.3",
       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
       "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
-      "dev": true,
       "license": "ISC"
     },
     "node_modules/make-dir": {

package.json

@@ -39,6 +39,7 @@
     "get-stream": "^6.0.1",
     "h3": "^1.12.0",
     "heatsync": "^2.5.3",
+    "lru-cache": "^10.4.3",
     "minimist": "^1.2.8",
     "node-fetch": "^2.6.7",
     "prettier-bytes": "^1.0.4",

readme.md

@@ -189,6 +189,7 @@ Total transitive production dependencies: 147
 * (0) get-stream: Only needed if content_length_workaround is true.
 * (1) heatsync: Module hot-reloader that I trust.
 * (1) js-yaml: Will be removed in the future after registration.yaml is converted to JSON.
+* (0) lru-cache: For holding unused nonce in memory and letting them be overwritten later if never used.
 * (0) minimist: It's already pulled in by better-sqlite3->prebuild-install.
 * (3) node-fetch@2: I like it and it does what I want. Version 2 is used because version 3 is ESM-only.
 * (0) prettier-bytes: It does what I want and has no dependencies.

scripts/seed.js

@@ -38,6 +38,7 @@ const passthrough = require("../src/passthrough")
 const db = new sqlite("ooye.db")
 const migrate = require("../src/db/migrate")
 
+/** @type {import("heatsync").default} */ // @ts-ignore
 const sync = new HeatSync({watchFS: false})
 
 Object.assign(passthrough, {sync, db})
@@ -166,8 +167,28 @@ async function validateHomeserverOrigin(serverUrlPrompt, url) {
 				}
 			}
 		})
+
+		console.log("What is your Discord client secret?")
+		/** @type {{discord_client_secret: string}} */
+		const clientSecretResponse = await prompt({
+			type: "input",
+			name: "discord_client_secret",
+			message: "Client secret"
+		})
+
 		const template = getTemplateRegistration()
-		reg = {...template, url: bridgeOriginResponse.bridge_origin, ooye: {...template.ooye, ...serverNameResponse, ...bridgeOriginResponse, server_origin: serverOrigin, ...discordTokenResponse}}
+		reg = {
+			...template,
+			url: bridgeOriginResponse.bridge_origin,
+			ooye: {
+				...template.ooye,
+				...serverNameResponse,
+				...bridgeOriginResponse,
+				server_origin: serverOrigin,
+				...discordTokenResponse,
+				...clientSecretResponse
+			}
+		}
 		registration.reg = reg
 		checkRegistration(reg)
 		writeRegistration(reg)

scripts/start-server.js

@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+// @ts-check
+
+const {createServer} = require("http")
+const EventEmitter = require("events")
+const {createApp, createRouter, toNodeListener} = require("h3")
+const sqlite = require("better-sqlite3")
+const migrate = require("../src/db/migrate")
+const HeatSync = require("heatsync")
+
+const {reg} = require("../src/matrix/read-registration")
+const passthrough = require("../src/passthrough")
+const db = new sqlite("ooye.db")
+
+/** @type {import("heatsync").default} */ // @ts-ignore
+const sync = new HeatSync()
+
+Object.assign(passthrough, {sync, db})
+
+const DiscordClient = require("../src/d2m/discord-client")
+
+const discord = new DiscordClient(reg.ooye.discord_token, "half")
+passthrough.discord = discord
+
+const app = createApp()
+const router = createRouter()
+app.use(router)
+const server = createServer(toNodeListener(app))
+server.listen(reg.socket || new URL(reg.url).port)
+const as = Object.assign(new EventEmitter(), {app, router, server}) // @ts-ignore
+passthrough.as = as
+
+const orm = sync.require("../src/db/orm")
+passthrough.from = orm.from
+passthrough.select = orm.select
+
+;(async () => {
+	await migrate.migrate(db)
+	await discord.cloud.connect()
+	console.log("Discord gateway started")
+	sync.require("../src/web/server")
+})()

src/d2m/discord-client.js

@@ -6,7 +6,7 @@ const { Client: CloudStorm } = require("cloudstorm")
 const passthrough = require("../passthrough")
 const { sync } = passthrough
 
-/** @type {typeof import("./discord-packets")} */
+/** @type {import("./discord-packets")} */
 const discordPackets = sync.require("./discord-packets")
 
 class DiscordClient {

src/db/migrations/0014-add-guild-autocreate.sql

@@ -0,0 +1,5 @@
+BEGIN TRANSACTION;
+
+ALTER TABLE guild_space ADD COLUMN autocreate INTEGER NOT NULL DEFAULT 1;
+
+COMMIT;

src/db/orm-defs.d.ts

@@ -31,6 +31,7 @@ export type Models = {
 		guild_id: string
 		space_id: string
 		privacy_level: number
+		autocreate: number
 	}
 
 	lottie: {

src/db/orm.js

@@ -15,8 +15,13 @@ function select(table, cols, where = {}, e = "") {
 	if (!Array.isArray(cols)) cols = [cols]
 	const parameters = []
 	const wheres = Object.entries(where).map(([col, value]) => {
+		if (Array.isArray(value)) {
+			parameters.push(...value)
+			return `"${col}" IN (` + Array(value.length).fill("?").join(", ") + ")"
+		} else {
 			parameters.push(value)
 			return `"${col}" = ?`
+		}
 	})
 	const whereString = wheres.length ? " WHERE " + wheres.join(" AND ") : ""
 	/** @type {U.Prepared<Pick<U.Models[Table], Col>>} */

src/types.d.ts

@@ -24,6 +24,7 @@ export type AppServiceRegistrationConfig = {
 		server_origin: string
 		bridge_origin: string
 		discord_token: string
+		discord_client_secret: string
 		content_length_workaround: boolean
 		include_user_id_in_mxid: boolean
 		invite: string[]

src/web/pug-sync.js

@@ -0,0 +1,78 @@
+// @ts-check
+
+const assert = require("assert/strict")
+const fs = require("fs")
+const {join} = require("path")
+const h3 = require("h3")
+const {defineEventHandler, defaultContentType, setResponseStatus, useSession, getQuery} = h3
+const {compileFile} = require("@cloudrac3r/pug")
+
+const {as} = require("../passthrough")
+const {reg} = require("../matrix/read-registration")
+
+// Pug
+
+let globals = {}
+
+/** @type {Map<string, (event: import("h3").H3Event, locals: Record<string, any>) => Promise<string>>} */
+const pugCache = new Map()
+
+function addGlobals(obj) {
+	Object.assign(globals, obj)
+}
+
+/**
+ * @param {import("h3").H3Event} event
+ * @param {string} filename
+ * @param {Record<string, any>} locals
+ */
+function render(event, filename, locals) {
+	const path = join(__dirname, "pug", filename)
+
+	function compile() {
+		try {
+			const template = compileFile(path, {})
+			pugCache.set(path, async (event, locals) => {
+				defaultContentType(event, "text/html; charset=utf-8")
+				const session = await useSession(event, {password: reg.as_token})
+				return template(Object.assign({},
+					getQuery(event), // Query parameters can be easily accessed on the top level but don't allow them to overwrite anything
+					globals, // Globals
+					locals, // Explicit locals overwrite globals in case we need to DI something
+					{session} // Session is always session because it has to be trusted
+				))
+			})
+		} catch (e) {
+			pugCache.set(path, async (event) => {
+				setResponseStatus(event, 500, "Internal Template Error")
+				defaultContentType(event, "text/plain")
+				return e.toString()
+			})
+		}
+	}
+
+	if (!pugCache.has(path)) {
+		compile()
+		fs.watch(path, {persistent: false}, compile)
+		fs.watch(join(__dirname, "pug", "includes"), {persistent: false}, compile)
+	}
+
+	const cb = pugCache.get(path)
+	assert(cb)
+	return cb(event, locals)
+}
+
+/**
+ * @param {import("h3").Router} router
+ * @param {string} url
+ * @param {string} filename
+ */
+function createRoute(router, url, filename) {
+	router.get(url, defineEventHandler(async event => {
+		return render(event, filename, {})
+	}))
+}
+
+module.exports.addGlobals = addGlobals
+module.exports.render = render
+module.exports.createRoute = createRoute

src/web/pug/guild.pug

@@ -0,0 +1,159 @@
+extends includes/template.pug
+
+mixin badge-readonly
+  .s-badge.s-badge__xs.s-badge__icon.s-badge__muted
+    != icons.Icons.IconEyeSm
+    | Read-only
+
+mixin badge-private
+  .s-badge.s-badge__xs.s-badge__icon.s-badge__warning
+    != icons.Icons.IconLockSm
+    | Private
+
+mixin discord(channel, radio=false)
+  - let permissions = dUtils.getPermissions([], discord.guilds.get(channel.guild_id).roles, "", channel.permission_overwrites)
+  .s-user-card.s-user-card__small
+    if !dUtils.hasPermission(permissions, DiscordTypes.PermissionFlagsBits.ViewChannel)
+      != icons.Icons.IconLock
+    else if channel.type === 5
+      != icons.Icons.IconBullhorn
+    else if channel.type === 2
+      != icons.Icons.IconPhone
+    else if channel.type === 11 || channel.type === 12
+      != icons.Icons.IconCollection
+    else
+      include includes/hash.svg
+    .s-user-card--info.ws-nowrap
+      if radio
+        = channel.name
+      else
+        .s-user-card--link.fs-body1
+          a(href=`https://discord.com/channels/${channel.guild_id}/${channel.id}`)= channel.name
+      if channel.parent_id
+        .s-user-card--location= discord.channels.get(channel.parent_id).name
+      if !dUtils.hasPermission(permissions, DiscordTypes.PermissionFlagsBits.ViewChannel)
+        +badge-private
+      else if !dUtils.hasPermission(permissions, DiscordTypes.PermissionFlagsBits.SendMessages)
+        +badge-readonly
+
+mixin matrix(row, radio=false, badge="")
+  .s-user-card.s-user-card__small
+    != icons.Icons.IconMessage
+    .s-user-card--info.ws-nowrap
+      if radio
+        = row.nick || row.name
+      else
+        .s-user-card--link.fs-body1
+          a(href=`https://matrix.to/#/${row.room_id}`)= row.nick || row.name
+
+block body
+  if !guild_id && session.data.managedGuilds
+    .s-empty-state.wmx4.p48
+      != icons.Spots.SpotEmptyXL
+      p Select a server from the top right corner to continue.
+      p If the server you're looking for isn't there, try #[a(href="/oauth?action=add") logging in again.]
+
+  else if !session.data.managedGuilds
+    .s-empty-state.wmx4.p48
+      != icons.Spots.SpotEmptyXL
+      p You need to log in to manage your servers.
+      a.s-btn.s-btn__icon.s-btn__filled(href="/oauth")
+        != icons.Icons.IconDiscord
+        = ` Log in with Discord`
+
+  else if !discord.guilds.has(guild_id) || !session.data.managedGuilds || !session.data.managedGuilds.includes(guild_id)
+    .s-empty-state.wmx4.p48
+      != icons.Spots.SpotAlertXL
+      p Either the selected server doesn't exist, or you don't have the Manage Server permission on Discord.
+      p If you've checked your permissions, try #[a(href="/oauth") logging in again.]
+
+  else
+    - let guild = discord.guilds.get(guild_id)
+
+    .s-page-title.mb24
+      h1.s-page-title--header= guild.name
+
+    .d-flex.g16
+      .fl-grow1
+        h2.fs-headline1 Invite a Matrix user
+
+        form.d-grid.g-af-column.gy4.gx8.jc-start(method="post" action="/api/invite" style="grid-template-rows: repeat(2, auto)")
+          label.s-label(for="mxid") Matrix ID
+          input.fl-grow1.s-input.wmx3#mxid(name="mxid" required placeholder="@user:example.org")
+          label.s-label(for="permissions") Permissions
+          .s-select
+            select#permissions(name="permissions")
+              option(value="default") Default
+              option(value="moderator") Moderator
+          input(type="hidden" name="guild_id" value=guild_id)
+          .grid--row-start2
+            button.s-btn.s-btn__filled.htmx-indicator Invite
+      div
+        -
+          let size = 105
+          let src = new URL(`https://api.qrserver.com/v1/create-qr-code/?qzone=1&format=svg&size=${size}x${size}`)
+          src.searchParams.set("data", `https://bridge.cadence.moe/invite?nonce=${nonce}`)
+        img(width=size height=size src=src.toString())
+
+    h2.mt48.fs-headline1 Linked channels
+
+    -
+      function getPosition(channel) {
+        let position = 0
+        let looking = channel
+        while (looking.parent_id) {
+          looking = discord.channels.get(looking.parent_id)
+          position = looking.position * 1000
+        }
+        if (channel.position) position += channel.position
+        return position
+      }
+      let channelIDs = discord.guildChannelMap.get(guild_id)
+
+      let linkedChannels = select("channel_room", ["channel_id", "room_id", "name", "nick"], {channel_id: channelIDs}).all()
+      let linkedChannelsWithDetails = linkedChannels.map(c => ({channel: discord.channels.get(c.channel_id), ...c})).filter(c => c.channel)
+      let linkedChannelIDs = linkedChannelsWithDetails.map(c => c.channel_id)
+      linkedChannelsWithDetails.sort((a, b) => getPosition(a.channel) - getPosition(b.channel))
+
+      let unlinkedChannelIDs = channelIDs.filter(c => !linkedChannelIDs.includes(c))
+      let unlinkedChannels = unlinkedChannelIDs.map(c => discord.channels.get(c)).filter(c => [0, 5].includes(c.type))
+      unlinkedChannels.sort((a, b) => getPosition(a) - getPosition(b))
+    .s-card.bs-sm.p0
+      .s-table-container
+        table.s-table.s-table__bx-simple
+          each row in linkedChannelsWithDetails
+            tr
+              td.w40: +discord(row.channel)
+              td.p2: button.s-btn.s-btn__muted.s-btn__xs!= icons.Icons.IconLinkSm
+              td: +matrix(row)
+          else
+            tr
+              td(colspan="3")
+                .s-empty-state No channels linked between Discord and Matrix yet...
+
+    h3.mt32.fs-category Auto-create
+    .s-card
+      form.d-flex.ai-center.g8
+        label.s-label.fl-grow1(for="autocreate")
+          | Create new Matrix rooms automatically
+          p.s-description If you want, OOYE can automatically create new Matrix rooms and link them when a new Discord channel is spoken in.
+        - let value = select("guild_space", "autocreate", {guild_id}).pluck().get()
+        input(type="hidden" name="guild_id" value=guild_id)
+        input.s-toggle-switch.order-last#autocreate(name="autocreate" type="checkbox" hx-post="/api/autocreate" hx-indicator="#autocreate-loading" hx-disabled-elt="this" checked=value)
+        .is-loading#autocreate-loading
+
+    h3.mt32.fs-category Manually link channels
+    form.d-flex.g16.ai-start(method="post" action="/api/link")
+      .fl-grow2.s-btn-group.fd-column.w40
+        each channel in unlinkedChannels
+          input.s-btn--radio(type="radio" name="discord" id=channel.id value=channel.id)
+          label.s-btn.s-btn__muted.ta-left.truncate(for=channel.id)
+            +discord(channel, true, "Announcement")
+        else
+          .s-empty-state.p8 All Discord channels are linked.
+      .fl-grow1.s-btn-group.fd-column.w30
+        .s-empty-state.p8 I don't know how to get the Matrix room list yet...
+      div
+        button.s-btn.s-btn__icon.s-btn__filled
+          != icons.Icons.IconLink
+          = ` Connect`

src/web/pug/home.pug

@@ -0,0 +1,24 @@
+extends includes/template.pug
+
+block body
+  .s-page-title.mb24
+    h1.s-page-title--header Bridge a Discord server
+
+  .d-grid.grid__2.g24
+    .s-card.bs-md.d-flex.fd-column
+      h2 Easy mode
+      p Add the bot to your Discord server.
+      p It will automatically create new Matrix rooms for you.
+      .fl-grow1
+      a.s-btn.s-btn__filled.s-btn__icon(href="/oauth?action=add")
+        != icons.Icons.IconPlus
+        = ` Add to server`
+    .s-card.bs-md.d-flex.fd-column
+      h2 Self-service
+      p OOYE will link an existing Discord server and Matrix space together.
+      p Choose this option if you already have a community set up on Matrix.
+      p Or, choose this if you're migrating from a different bridge.
+      .fl-grow1
+      a.s-btn.s-btn__outlined.s-btn__icon(href="/oauth?action=add-self-service")
+        != icons.Icons.IconUnorderedList
+        = ` Set up self-service`

src/web/pug/includes/hash.svg

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   aria-hidden="true"
+   class="svg-icon iconItalic"
+   width="18"
+   height="18"
+   viewBox="0 0 18 18"
+   version="1.1"
+   id="svg1"
+   sodipodi:docname="hash.svg"
+   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs1" />
+  <path
+     style="opacity:1;stroke-width:24.2222;stroke-linecap:square;paint-order:stroke fill markers"
+     d="m 13.949463,2.0417087 c 0,0 0.664304,0.00704 0.854464,0.00134 0.19016,-0.0057 0.924873,0.2384962 0.57664,0.9863413 -0.288846,0.6203095 -5.045042,11.035358 -5.4783833,11.984378 -0.4333415,0.949021 -0.7881247,0.945761 -1.3553087,0.945761 -0.567184,0 -0.3175392,0 -0.734375,0 -0.4168358,0 -0.7985231,-0.467356 -0.5770328,-0.951217 C 7.4569576,14.524452 12.479729,3.5512928 12.725807,3.0070042 13.022379,2.3510304 13.336114,2.0361844 13.949463,2.0417087 Z"
+     id="path4"
+     sodipodi:nodetypes="czszzzzsc" />
+  <rect
+     style="opacity:1;stroke-width:27.7591;stroke-linecap:square;paint-order:stroke fill markers"
+     id="rect4"
+     width="11.987322"
+     height="2"
+     x="2.002677"
+     y="11.007812"
+     rx="1"
+     ry="1" />
+  <rect
+     style="opacity:1;stroke-width:27.7591;stroke-linecap:square;paint-order:stroke fill markers"
+     id="rect5"
+     width="11.987322"
+     height="2"
+     x="4.0100012"
+     y="5.007813"
+     rx="1"
+     ry="1" />
+  <path
+     style="opacity:1;stroke-width:24.2222;stroke-linecap:square;paint-order:stroke fill markers"
+     d="m 9.1764922,2.0417087 c 0,0 0.664304,0.00704 0.8544638,0.00134 0.19016,-0.0057 0.924873,0.2384962 0.57664,0.9863413 -0.288846,0.6203095 -5.0450418,11.035358 -5.4783831,11.984378 -0.4333415,0.949021 -0.7881247,0.945761 -1.3553087,0.945761 -0.567184,0 -0.3175392,0 -0.734375,0 -0.4168358,0 -0.7985231,-0.467356 -0.5770328,-0.951217 C 2.6839868,14.524452 7.7067582,3.5512928 7.9528362,3.0070042 8.2494082,2.3510304 8.5631432,2.0361844 9.1764922,2.0417087 Z"
+     id="path1"
+     sodipodi:nodetypes="czszzzzsc" />
+</svg>

src/web/pug/includes/template.pug

@@ -0,0 +1,66 @@
+mixin guild(guild)
+  span.s-avatar.s-avatar__32.s-user-card--avatar
+    if guild.icon
+      img.s-avatar--image(src=`https://cdn.discordapp.com/icons/${guild.id}/${guild.icon}.png?size=32`)
+    else
+      .s-avatar--letter.bg-silver-400.bar-md(aria-hidden="true")= guild.name[0]
+  .s-user-card--info.ai-start
+    strong= guild.name
+    ul.s-user-card--awards
+      li #{discord.guildChannelMap.get(guild.id).filter(c => [0, 5, 15, 16].includes(discord.channels.get(c).type)).length} channels
+
+doctype html
+html(lang="en")
+  head
+    title Out Of Your Element
+    link(rel="stylesheet" type="text/css" href="/static/stacks.min.css")
+    <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 80%22><text y=%22.83em%22 font-size=%2283%22>💬</text></svg>">
+    meta(name="htmx-config" content='{"indicatorClass":"is-loading"}')
+    style.
+      .themed {
+        --theme-base-primary-color-h: 266;
+        --theme-base-primary-color-s: 53%;
+        --theme-base-primary-color-l: 63%;
+        --theme-dark-primary-color-h: 266;
+        --theme-dark-primary-color-s: 53%;
+        --theme-dark-primary-color-l: 63%;
+      }
+  body.themed.theme-system
+    header.s-topbar
+      .s-topbar--skip-link(href="#content") Skip to main content
+      .s-topbar--container.wmx9
+        a.s-topbar--logo(href="/")
+          img.s-avatar.s-avatar__32(src="/icon.png")
+        nav.s-topbar--navigation
+          ul.s-topbar--content
+            li.ps-relative
+              if !session.data.managedGuilds || session.data.managedGuilds.length === 0
+                a.s-btn.s-btn__icon.as-center(href="/oauth")
+                  != icons.Icons.IconDiscord
+                  = ` Log in`
+              else if guild_id && session.data.managedGuilds.includes(guild_id) && discord.guilds.has(guild_id)
+                button.s-topbar--item.s-btn.s-btn__muted.s-user-card(popovertarget="guilds")
+                  +guild(discord.guilds.get(guild_id))
+              else if session.data.managedGuilds
+                button.s-topbar--item.s-btn.s-btn__muted.s-btn__dropdown.pr24.s-user-card.s-label(popovertarget="guilds")
+                  | Your servers
+              #guilds(popover data-popper-placement="bottom" style="display: revert; width: revert;").s-popover.overflow-visible
+                .s-popover--arrow.s-popover--arrow__tc
+                .s-popover--content.overflow-y-auto.overflow-x-hidden
+                  ul.s-menu(role="menu")
+                    each guild in (session.data.managedGuilds || []).map(id => discord.guilds.get(id)).filter(g => g)
+                      li(role="menuitem")
+                        a.s-topbar--item.s-user-card.d-flex.p4(href=`/guild?guild_id=${guild.id}`)
+                          +guild(guild)
+    .mx-auto.w100.wmx9.py24#content
+      block body
+    script.
+      document.querySelectorAll("[popovertarget]").forEach(e => {
+        e.addEventListener("click", () => {
+          const rect = e.getBoundingClientRect()
+          const t = `:popover-open { position: absolute; top: ${Math.floor(rect.bottom)}px; left: ${Math.floor(rect.left + rect.width / 2)}px; width: ${Math.floor(rect.width)}px; transform: translateX(-50%); box-sizing: content-box; margin: 0 }`
+          // console.log(t)
+          document.styleSheets[0].insertRule(t)
+        })
+      })
+    script(src="/static/htmx.min.js")

src/web/pug/invite.pug

@@ -0,0 +1,32 @@
+extends includes/template.pug
+
+block body
+  if !isValid
+    .s-empty-state.wmx4.p48
+      != icons.Spots.SpotAlertXL
+      p This QR code has expired.
+      p Refresh the guild management page to generate a new one.
+
+  else
+    - let guild = discord.guilds.get(guild_id)
+
+    .s-page-title.mb24
+      h1.s-page-title--header= guild.name
+
+    .d-flex.g16
+      .fl-grow1
+        h2.fs-headline1 Invite a Matrix user
+
+        form.d-flex.gy16.fd-column(method="post" action="/api/invite" style="grid-template-rows: repeat(2, auto)")
+          .d-flex.gy4.fd-column
+            label.s-label(for="mxid") Matrix ID
+            input.fl-grow1.s-input.wmx3#mxid(name="mxid" required placeholder="@user:example.org")
+          .d-flex.gy4.fd-column
+            label.s-label(for="permissions") Permissions
+            .s-select
+              select#permissions(name="permissions")
+                option(value="default") Default
+                option(value="moderator") Moderator
+          input(type="hidden" name="nonce" value=nonce)
+          div
+            button.s-btn.s-btn__filled.htmx-indicator Invite

src/web/pug/ok.pug

@@ -0,0 +1,6 @@
+extends includes/template.pug
+
+block body
+  .ta-center.wmx5.p48.mx-auto
+    != icons.Spots.SpotApproveXL
+    p.mt24.fs-body2= msg

src/web/routes/guild-settings.js

@@ -0,0 +1,23 @@
+// @ts-check
+
+const {z} = require("zod")
+const {defineEventHandler, sendRedirect, useSession, createError, readValidatedBody} = require("h3")
+
+const {as, db} = require("../../passthrough")
+const {reg} = require("../../matrix/read-registration")
+
+const schema = {
+	autocreate: z.object({
+		guild_id: z.string(),
+		autocreate: z.string().optional()
+	})
+}
+
+as.router.post("/api/autocreate", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.autocreate.parse)
+	const session = await useSession(event, {password: reg.as_token})
+	if (!(session.data.managedGuilds || []).includes(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
+
+	db.prepare("UPDATE guild_space SET autocreate = ? WHERE guild_id = ?").run(+!!parsedBody.autocreate, parsedBody.guild_id)
+	return sendRedirect(event, `/guild?guild_id=${parsedBody.guild_id}`, 302)
+}))

src/web/routes/invite.js

@@ -0,0 +1,99 @@
+// @ts-check
+
+const assert = require("assert/strict")
+const {z} = require("zod")
+const {defineEventHandler, sendRedirect, useSession, createError, getValidatedQuery, readValidatedBody} = require("h3")
+const {randomUUID} = require("crypto")
+const {LRUCache} = require("lru-cache")
+
+const {discord, as, sync, select} = require("../../passthrough")
+/** @type {import("../pug-sync")} */
+const pugSync = sync.require("../pug-sync")
+const {reg} = require("../../matrix/read-registration")
+
+/** @type {import("../../matrix/api")} */
+const api = sync.require("../../matrix/api")
+
+const schema = {
+	guild: z.object({
+		guild_id: z.string().optional()
+	}),
+	invite: z.object({
+		mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/),
+		permissions: z.enum(["default", "moderator"]),
+		guild_id: z.string().optional(),
+		nonce: z.string().optional()
+	}),
+	inviteNonce: z.object({
+		nonce: z.string()
+	})
+}
+
+/** @type {LRUCache<string, string>} nonce to guild id */
+const validNonce = new LRUCache({max: 200})
+
+as.router.get("/guild", defineEventHandler(async event => {
+	const {guild_id} = await getValidatedQuery(event, schema.guild.parse)
+	const nonce = randomUUID()
+	if (guild_id) {
+		// Security note: the nonce alone is valid for updating the guild
+		// We have not verified the user has sufficient permissions in the guild at generation time
+		// These permissions are checked later during page rendering and the generated nonce is only revealed if the permissions are sufficient
+		validNonce.set(nonce, guild_id)
+	}
+	return pugSync.render(event, "guild.pug", {nonce})
+}))
+
+as.router.get("/invite", defineEventHandler(async event => {
+	const {nonce} = await getValidatedQuery(event, schema.inviteNonce.parse)
+	const isValid = validNonce.has(nonce)
+	const guild_id = validNonce.get(nonce)
+	const guild = discord.guilds.get(guild_id || "")
+	return pugSync.render(event, "invite.pug", {isValid, nonce, guild_id, guild})
+}))
+
+as.router.post("/api/invite", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.invite.parse)
+	const session = await useSession(event, {password: reg.as_token})
+
+	// Check guild ID or nonce
+	if (parsedBody.guild_id) {
+		var guild_id = parsedBody.guild_id
+		if (!(session.data.managedGuilds || []).includes(guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't invite users to a guild you don't have Manage Server permissions in"})
+	} else if (parsedBody.nonce) {
+		if (!validNonce.has(parsedBody.nonce)) throw createError({status: 403, message: "Nonce expired", data: "Nonce means number-used-once, and, well, you tried to use it twice..."})
+		let ok = validNonce.get(parsedBody.nonce)
+		assert(ok)
+		var guild_id = ok
+		validNonce.delete(parsedBody.nonce)
+	} else {
+		throw createError({status: 400, message: "Missing guild ID", data: "Passing a guild ID or a nonce is required."})
+	}
+
+	// Check guild is bridged
+	const spaceID = select("guild_space", "space_id", {guild_id: guild_id}).pluck().get()
+	if (!spaceID) throw createError({status: 428, message: "Server not bridged", data: "You can only invite Matrix users to servers that are bridged to Matrix."})
+
+	// Check for existing invite to the space
+	let spaceMember
+	try {
+		spaceMember = await api.getStateEvent(spaceID, "m.room.member", parsedBody.mxid)
+	} catch (e) {}
+	if (spaceMember && (spaceMember.membership === "invite" || spaceMember.membership === "join")) {
+		return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
+	}
+
+	// Invite
+	await api.inviteToRoom(spaceID, parsedBody.mxid)
+
+	// Permissions
+	if (parsedBody.permissions === "moderator") {
+		await api.setUserPowerCascade(spaceID, parsedBody.mxid, 50)
+	}
+
+	if (parsedBody.guild_id) {
+		return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
+	} else {
+		return sendRedirect(event, "/ok?msg=User has been invited.", 302)
+	}
+}))

src/web/routes/oauth.js

@@ -0,0 +1,92 @@
+// @ts-check
+
+const {z} = require("zod")
+const {randomUUID} = require("crypto")
+const {defineEventHandler, getValidatedQuery, sendRedirect, getQuery, useSession, createError} = require("h3")
+const {SnowTransfer} = require("snowtransfer")
+const DiscordTypes = require("discord-api-types/v10")
+const fetch = require("node-fetch")
+
+const {as} = require("../../passthrough")
+const {id} = require("../../../addbot")
+const {reg} = require("../../matrix/read-registration")
+
+const redirect_uri = `${reg.ooye.bridge_origin}/oauth`
+
+const schema = {
+	first: z.object({
+		action: z.string().optional()
+	}),
+	code: z.object({
+		state: z.string(),
+		code: z.string(),
+		guild_id: z.string().optional()
+	}),
+	token: z.object({
+		token_type: z.string(),
+		access_token: z.string(),
+		expires_in: z.number({coerce: true}),
+		refresh_token: z.string(),
+		scope: z.string()
+	})
+}
+
+as.router.get("/oauth", defineEventHandler(async event => {
+	const session = await useSession(event, {password: reg.as_token})
+	let scope = "guilds"
+
+	const parsedFirstQuery = await getValidatedQuery(event, schema.first.safeParse)
+	if (parsedFirstQuery.data?.action === "add") {
+		scope = "bot+guilds"
+		await session.update({selfService: false})
+	} else if (parsedFirstQuery.data?.action === "add-self-service") {
+		scope = "bot+guilds"
+		await session.update({selfService: true})
+	}
+
+	async function tryAgain() {
+		const newState = randomUUID()
+		await session.update({state: newState})
+		return sendRedirect(event, `https://discord.com/oauth2/authorize?client_id=${id}&scope=${scope}&permissions=1610883072&response_type=code&redirect_uri=${redirect_uri}&state=${newState}`)
+	}
+
+	const parsedQuery = await getValidatedQuery(event, schema.code.safeParse)
+	if (!parsedQuery.success) return tryAgain()
+
+	const savedState = session.data.state
+	if (!savedState) throw createError({status: 400, message: "Missing state", data: "Missing saved state parameter. Please try again, and make sure you have cookies enabled."})
+	if (savedState != parsedQuery.data.state) return tryAgain()
+
+	const res = await fetch("https://discord.com/api/oauth2/token", {
+		method: "post",
+		body: new URLSearchParams({
+			grant_type: "authorization_code",
+			client_id: id,
+			client_secret: reg.ooye.discord_client_secret,
+			redirect_uri,
+			code: parsedQuery.data.code
+		})
+	})
+	const root = await res.json()
+
+	const parsedToken = schema.token.safeParse(root)
+	if (!res.ok || !parsedToken.success) {
+		throw createError({status: 502, message: "Invalid token response", data: `Discord completed OAuth, but returned this instead of an OAuth access token: ${JSON.stringify(root)}`})
+	}
+
+	const client = new SnowTransfer(`Bearer ${parsedToken.data.access_token}`)
+	try {
+		const guilds = await client.user.getGuilds()
+		const managedGuilds = guilds.filter(g => BigInt(g.permissions) & DiscordTypes.PermissionFlagsBits.ManageGuild).map(g => g.id)
+		await session.update({managedGuilds})
+	} catch (e) {
+		throw createError({status: 502, message: "API call failed", data: e.message})
+	}
+
+	if (parsedQuery.data.guild_id) {
+		// TODO: we probably need to create a matrix space and database entry immediately here so that self-service settings apply and so matrix users can be invited
+		return sendRedirect(event, `/guild?guild_id=${parsedQuery.data.guild_id}`, 302)
+	}
+
+	return sendRedirect(event, "/", 302)
+}))

src/web/server.js

@@ -1,6 +1,62 @@
 // @ts-check
 
-const {sync, as} = require("../passthrough")
+const fs = require("fs")
+const {join} = require("path")
+const h3 = require("h3")
+const {defineEventHandler, defaultContentType, getRequestHeader, setResponseHeader, setResponseStatus, useSession, getQuery, handleCacheHeaders} = h3
+const icons = require("@stackoverflow/stacks-icons")
+const DiscordTypes = require("discord-api-types/v10")
+const dUtils = require("../discord/utils")
+
+const {sync, discord, as, select} = require("../passthrough")
+/** @type {import("./pug-sync")} */
+const pugSync = sync.require("./pug-sync")
+const {id} = require("../../addbot")
+
+// Pug
+
+pugSync.addGlobals({id, h3, discord, select, DiscordTypes, dUtils, icons})
+pugSync.createRoute(as.router, "/", "home.pug")
+pugSync.createRoute(as.router, "/ok", "ok.pug")
+
+// Routes
 
 sync.require("./routes/download-matrix")
 sync.require("./routes/download-discord")
+sync.require("./routes/invite")
+sync.require("./routes/guild-settings")
+sync.require("./routes/oauth")
+
+// Files
+
+function compressResponse(event, response) {
+	if (!getRequestHeader(event, "accept-encoding")?.includes("gzip")) return
+	if (typeof response.body !== "string") return
+	/** @type {ReadableStream} */ // @ts-ignore
+	const stream = new Response(response.body).body
+	setResponseHeader(event, "content-encoding", "gzip")
+	response.body = stream.pipeThrough(new CompressionStream("gzip"))
+}
+
+as.router.get("/static/stacks.min.css", defineEventHandler({
+	onBeforeResponse: compressResponse,
+	handler: async event => {
+		handleCacheHeaders(event, {maxAge: 86400})
+		defaultContentType(event, "text/css")
+		return fs.promises.readFile(require.resolve("@stackoverflow/stacks/dist/css/stacks.css"), "utf-8")
+	}
+}))
+
+as.router.get("/static/htmx.min.js", defineEventHandler({
+	onBeforeResponse: compressResponse,
+	handler: async event => {
+		handleCacheHeaders(event, {maxAge: 86400})
+		defaultContentType(event, "text/javascript")
+		return fs.promises.readFile(join(__dirname, "static", "htmx.min.js"), "utf-8")
+	}
+}))
+
+as.router.get("/icon.png", defineEventHandler(event => {
+	handleCacheHeaders(event, {maxAge: 86400})
+	return fs.promises.readFile(join(__dirname, "../../docs/img/icon.png"))
+}))