25 changed files with 8 additions and 785 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -30,7 +30,6 @@
        "get-stream": "^6.0.1",
        "h3": "^1.12.0",
        "heatsync": "^2.5.3",
        "lru-cache": "^10.4.3",
        "minimist": "^1.2.8",
        "node-fetch": "^2.6.7",
        "prettier-bytes": "^1.0.4",
@ -2132,6 +2131,7 @@
      "version": "10.4.3",
      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
      "dev": true,
      "license": "ISC"
    },
    "node_modules/make-dir": {
--- a/package.json
+++ b/package.json
@ -39,7 +39,6 @@
    "get-stream": "^6.0.1",
    "h3": "^1.12.0",
    "heatsync": "^2.5.3",
    "lru-cache": "^10.4.3",
    "minimist": "^1.2.8",
    "node-fetch": "^2.6.7",
    "prettier-bytes": "^1.0.4",
--- a/readme.md
+++ b/readme.md
@ -189,7 +189,6 @@ Total transitive production dependencies: 147
 * (0) get-stream: Only needed if content_length_workaround is true.
 * (1) heatsync: Module hot-reloader that I trust.
 * (1) js-yaml: Will be removed in the future after registration.yaml is converted to JSON.
 * (0) lru-cache: For holding unused nonce in memory and letting them be overwritten later if never used.
 * (0) minimist: It's already pulled in by better-sqlite3->prebuild-install.
 * (3) node-fetch@2: I like it and it does what I want. Version 2 is used because version 3 is ESM-only.
 * (0) prettier-bytes: It does what I want and has no dependencies.
--- a/scripts/seed.js
+++ b/scripts/seed.js
@ -38,7 +38,6 @@ const passthrough = require("../src/passthrough")
 const db = new sqlite("ooye.db")
 const migrate = require("../src/db/migrate")
 /** @type {import("heatsync").default} */ // @ts-ignore
 const sync = new HeatSync({watchFS: false})
 Object.assign(passthrough, {sync, db})
@ -167,28 +166,8 @@ async function validateHomeserverOrigin(serverUrlPrompt, url) {
 				}
 			}
 		})
 		console.log("What is your Discord client secret?")
 		/** @type {{discord_client_secret: string}} */
 		const clientSecretResponse = await prompt({
 			type: "input",
 			name: "discord_client_secret",
 			message: "Client secret"
 		})
 		const template = getTemplateRegistration()
-		reg = {
+		reg = {...template, url: bridgeOriginResponse.bridge_origin, ooye: {...template.ooye, ...serverNameResponse, ...bridgeOriginResponse, server_origin: serverOrigin, ...discordTokenResponse}}
 			...template,
 			url: bridgeOriginResponse.bridge_origin,
 			ooye: {
 				...template.ooye,
 				...serverNameResponse,
 				...bridgeOriginResponse,
 				server_origin: serverOrigin,
 				...discordTokenResponse,
 				...clientSecretResponse
 			}
 		}
 		registration.reg = reg
 		checkRegistration(reg)
 		writeRegistration(reg)
--- a/scripts/start-server.js
+++ b/scripts/start-server.js
@ -1,42 +0,0 @@
 #!/usr/bin/env node
 // @ts-check
 const {createServer} = require("http")
 const EventEmitter = require("events")
 const {createApp, createRouter, toNodeListener} = require("h3")
 const sqlite = require("better-sqlite3")
 const migrate = require("../src/db/migrate")
 const HeatSync = require("heatsync")
 const {reg} = require("../src/matrix/read-registration")
 const passthrough = require("../src/passthrough")
 const db = new sqlite("ooye.db")
 /** @type {import("heatsync").default} */ // @ts-ignore
 const sync = new HeatSync()
 Object.assign(passthrough, {sync, db})
 const DiscordClient = require("../src/d2m/discord-client")
 const discord = new DiscordClient(reg.ooye.discord_token, "half")
 passthrough.discord = discord
 const app = createApp()
 const router = createRouter()
 app.use(router)
 const server = createServer(toNodeListener(app))
 server.listen(reg.socket || new URL(reg.url).port)
 const as = Object.assign(new EventEmitter(), {app, router, server}) // @ts-ignore
 passthrough.as = as
 const orm = sync.require("../src/db/orm")
 passthrough.from = orm.from
 passthrough.select = orm.select
 ;(async () => {
 	await migrate.migrate(db)
 	await discord.cloud.connect()
 	console.log("Discord gateway started")
 	sync.require("../src/web/server")
 })()
--- a/src/d2m/actions/expression.js
+++ b/src/d2m/actions/expression.js
@ -30,7 +30,7 @@ async function emojisToState(emojis) {
 			}
 			db.prepare("INSERT OR IGNORE INTO emoji (emoji_id, name, animated, mxc_url) VALUES (?, ?, ?, ?)").run(emoji.id, emoji.name, +!!emoji.animated, url)
 		}).catch(e => {
-			if (e.data?.errcode === "M_TOO_LARGE") { // Very unlikely to happen. Only possible for 3x-series emojis uploaded shortly after animated emojis were introduced, when there was no 256 KB size limit.
+			if (e.data.errcode === "M_TOO_LARGE") { // Very unlikely to happen. Only possible for 3x-series emojis uploaded shortly after animated emojis were introduced, when there was no 256 KB size limit.
 				return
 			}
 			console.error(`Trying to handle emoji ${emoji.name} (${emoji.id}), but...`)
--- a/src/d2m/discord-client.js
+++ b/src/d2m/discord-client.js
@ -6,7 +6,7 @@ const { Client: CloudStorm } = require("cloudstorm")
 const passthrough = require("../passthrough")
 const { sync } = passthrough
-/** @type {import("./discord-packets")} */
+/** @type {typeof import("./discord-packets")} */
 const discordPackets = sync.require("./discord-packets")
 class DiscordClient {
--- a/src/db/migrations/0014-add-guild-autocreate.sql
+++ b/src/db/migrations/0014-add-guild-autocreate.sql
@ -1,5 +0,0 @@
 BEGIN TRANSACTION;
 ALTER TABLE guild_space ADD COLUMN autocreate INTEGER NOT NULL DEFAULT 1;
 COMMIT;
--- a/src/db/orm-defs.d.ts
+++ b/src/db/orm-defs.d.ts
@ -31,7 +31,6 @@ export type Models = {
 		guild_id: string
 		space_id: string
 		privacy_level: number
 		autocreate: number
 	}
 	lottie: {
--- a/src/db/orm.js
+++ b/src/db/orm.js
@ -15,13 +15,8 @@ function select(table, cols, where = {}, e = "") {
 	if (!Array.isArray(cols)) cols = [cols]
 	const parameters = []
 	const wheres = Object.entries(where).map(([col, value]) => {
-		if (Array.isArray(value)) {
+		parameters.push(value)
-			parameters.push(...value)
+		return `"${col}" = ?`
 			return `"${col}" IN (` + Array(value.length).fill("?").join(", ") + ")"
 		} else {
 			parameters.push(value)
 			return `"${col}" = ?`
 		}
 	})
 	const whereString = wheres.length ? " WHERE " + wheres.join(" AND ") : ""
 	/** @type {U.Prepared<Pick<U.Models[Table], Col>>} */
--- a/src/discord/utils.js
+++ b/src/discord/utils.js
@ -5,13 +5,6 @@ const assert = require("assert").strict
 const {reg} = require("../matrix/read-registration")
 const {db} = require("../passthrough")
 /** @type {import("xxhash-wasm").XXHashAPI} */ // @ts-ignore
 let hasher = null
 // @ts-ignore
 require("xxhash-wasm")().then(h => hasher = h)
 const EPOCH = 1420070400000
 /**
@ -130,9 +123,6 @@ function timestampToSnowflakeInexact(timestamp) {
 function getPublicUrlForCdn(url) {
 	const match = url.match(/https:\/\/(cdn|media)\.discordapp\.(?:com|net)\/attachments\/([0-9]+)\/([0-9]+)\/([-A-Za-z0-9_.,]+)/)
 	if (!match) return url
 	const unsignedHash = hasher.h64(match[3]) // attachment ID
 	const signedHash = unsignedHash - 0x8000000000000000n // shifting down to signed 64-bit range
 	db.prepare("INSERT OR IGNORE INTO media_proxy (permitted_hash) VALUES (?)").run(signedHash)
 	return `${reg.ooye.bridge_origin}/download/discord${match[1]}/${match[2]}/${match[3]}/${match[4]}`
 }
--- a/src/types.d.ts
+++ b/src/types.d.ts
@ -24,7 +24,6 @@ export type AppServiceRegistrationConfig = {
 		server_origin: string
 		bridge_origin: string
 		discord_token: string
 		discord_client_secret: string
 		content_length_workaround: boolean
 		include_user_id_in_mxid: boolean
 		invite: string[]
--- a/src/web/pug-sync.js
+++ b/src/web/pug-sync.js
@ -1,78 +0,0 @@
 // @ts-check
 const assert = require("assert/strict")
 const fs = require("fs")
 const {join} = require("path")
 const h3 = require("h3")
 const {defineEventHandler, defaultContentType, setResponseStatus, useSession, getQuery} = h3
 const {compileFile} = require("@cloudrac3r/pug")
 const {as} = require("../passthrough")
 const {reg} = require("../matrix/read-registration")
 // Pug
 let globals = {}
 /** @type {Map<string, (event: import("h3").H3Event, locals: Record<string, any>) => Promise<string>>} */
 const pugCache = new Map()
 function addGlobals(obj) {
 	Object.assign(globals, obj)
 }
 /**
 * @param {import("h3").H3Event} event
 * @param {string} filename
 * @param {Record<string, any>} locals
 */
 function render(event, filename, locals) {
 	const path = join(__dirname, "pug", filename)
 	function compile() {
 		try {
 			const template = compileFile(path, {})
 			pugCache.set(path, async (event, locals) => {
 				defaultContentType(event, "text/html; charset=utf-8")
 				const session = await useSession(event, {password: reg.as_token})
 				return template(Object.assign({},
 					getQuery(event), // Query parameters can be easily accessed on the top level but don't allow them to overwrite anything
 					globals, // Globals
 					locals, // Explicit locals overwrite globals in case we need to DI something
 					{session} // Session is always session because it has to be trusted
 				))
 			})
 		} catch (e) {
 			pugCache.set(path, async (event) => {
 				setResponseStatus(event, 500, "Internal Template Error")
 				defaultContentType(event, "text/plain")
 				return e.toString()
 			})
 		}
 	}
 	if (!pugCache.has(path)) {
 		compile()
 		fs.watch(path, {persistent: false}, compile)
 		fs.watch(join(__dirname, "pug", "includes"), {persistent: false}, compile)
 	}
 	const cb = pugCache.get(path)
 	assert(cb)
 	return cb(event, locals)
 }
 /**
 * @param {import("h3").Router} router
 * @param {string} url
 * @param {string} filename
 */
 function createRoute(router, url, filename) {
 	router.get(url, defineEventHandler(async event => {
 		return render(event, filename, {})
 	}))
 }
 module.exports.addGlobals = addGlobals
 module.exports.render = render
 module.exports.createRoute = createRoute
--- a/src/web/pug/guild.pug
+++ b/src/web/pug/guild.pug
@ -1,159 +0,0 @@
 extends includes/template.pug
 mixin badge-readonly
  .s-badge.s-badge__xs.s-badge__icon.s-badge__muted
    != icons.Icons.IconEyeSm
    | Read-only
 mixin badge-private
  .s-badge.s-badge__xs.s-badge__icon.s-badge__warning
    != icons.Icons.IconLockSm
    | Private
 mixin discord(channel, radio=false)
  - let permissions = dUtils.getPermissions([], discord.guilds.get(channel.guild_id).roles, "", channel.permission_overwrites)
  .s-user-card.s-user-card__small
    if !dUtils.hasPermission(permissions, DiscordTypes.PermissionFlagsBits.ViewChannel)
      != icons.Icons.IconLock
    else if channel.type === 5
      != icons.Icons.IconBullhorn
    else if channel.type === 2
      != icons.Icons.IconPhone
    else if channel.type === 11 || channel.type === 12
      != icons.Icons.IconCollection
    else
      include includes/hash.svg
    .s-user-card--info.ws-nowrap
      if radio
        = channel.name
      else
        .s-user-card--link.fs-body1
          a(href=`https://discord.com/channels/${channel.guild_id}/${channel.id}`)= channel.name
      if channel.parent_id
        .s-user-card--location= discord.channels.get(channel.parent_id).name
      if !dUtils.hasPermission(permissions, DiscordTypes.PermissionFlagsBits.ViewChannel)
        +badge-private
      else if !dUtils.hasPermission(permissions, DiscordTypes.PermissionFlagsBits.SendMessages)
        +badge-readonly
 mixin matrix(row, radio=false, badge="")
  .s-user-card.s-user-card__small
    != icons.Icons.IconMessage
    .s-user-card--info.ws-nowrap
      if radio
        = row.nick || row.name
      else
        .s-user-card--link.fs-body1
          a(href=`https://matrix.to/#/${row.room_id}`)= row.nick || row.name
 block body
  if !guild_id && session.data.managedGuilds
    .s-empty-state.wmx4.p48
      != icons.Spots.SpotEmptyXL
      p Select a server from the top right corner to continue.
      p If the server you're looking for isn't there, try #[a(href="/oauth?action=add") logging in again.]
  else if !session.data.managedGuilds
    .s-empty-state.wmx4.p48
      != icons.Spots.SpotEmptyXL
      p You need to log in to manage your servers.
      a.s-btn.s-btn__icon.s-btn__filled(href="/oauth")
        != icons.Icons.IconDiscord
        = ` Log in with Discord`
  else if !discord.guilds.has(guild_id) || !session.data.managedGuilds || !session.data.managedGuilds.includes(guild_id)
    .s-empty-state.wmx4.p48
      != icons.Spots.SpotAlertXL
      p Either the selected server doesn't exist, or you don't have the Manage Server permission on Discord.
      p If you've checked your permissions, try #[a(href="/oauth") logging in again.]
  else
    - let guild = discord.guilds.get(guild_id)
    .s-page-title.mb24
      h1.s-page-title--header= guild.name
    .d-flex.g16
      .fl-grow1
        h2.fs-headline1 Invite a Matrix user
        form.d-grid.g-af-column.gy4.gx8.jc-start(method="post" action="/api/invite" style="grid-template-rows: repeat(2, auto)")
          label.s-label(for="mxid") Matrix ID
          input.fl-grow1.s-input.wmx3#mxid(name="mxid" required placeholder="@user:example.org")
          label.s-label(for="permissions") Permissions
          .s-select
            select#permissions(name="permissions")
              option(value="default") Default
              option(value="moderator") Moderator
          input(type="hidden" name="guild_id" value=guild_id)
          .grid--row-start2
            button.s-btn.s-btn__filled.htmx-indicator Invite
      div
        -
          let size = 105
          let src = new URL(`https://api.qrserver.com/v1/create-qr-code/?qzone=1&format=svg&size=${size}x${size}`)
          src.searchParams.set("data", `https://bridge.cadence.moe/invite?nonce=${nonce}`)
        img(width=size height=size src=src.toString())
    h2.mt48.fs-headline1 Linked channels
    -
      function getPosition(channel) {
        let position = 0
        let looking = channel
        while (looking.parent_id) {
          looking = discord.channels.get(looking.parent_id)
          position = looking.position * 1000
        }
        if (channel.position) position += channel.position
        return position
      }
      let channelIDs = discord.guildChannelMap.get(guild_id)
      let linkedChannels = select("channel_room", ["channel_id", "room_id", "name", "nick"], {channel_id: channelIDs}).all()
      let linkedChannelsWithDetails = linkedChannels.map(c => ({channel: discord.channels.get(c.channel_id), ...c})).filter(c => c.channel)
      let linkedChannelIDs = linkedChannelsWithDetails.map(c => c.channel_id)
      linkedChannelsWithDetails.sort((a, b) => getPosition(a.channel) - getPosition(b.channel))
      let unlinkedChannelIDs = channelIDs.filter(c => !linkedChannelIDs.includes(c))
      let unlinkedChannels = unlinkedChannelIDs.map(c => discord.channels.get(c)).filter(c => [0, 5].includes(c.type))
      unlinkedChannels.sort((a, b) => getPosition(a) - getPosition(b))
    .s-card.bs-sm.p0
      .s-table-container
        table.s-table.s-table__bx-simple
          each row in linkedChannelsWithDetails
            tr
              td.w40: +discord(row.channel)
              td.p2: button.s-btn.s-btn__muted.s-btn__xs!= icons.Icons.IconLinkSm
              td: +matrix(row)
          else
            tr
              td(colspan="3")
                .s-empty-state No channels linked between Discord and Matrix yet...
    h3.mt32.fs-category Auto-create
    .s-card
      form.d-flex.ai-center.g8
        label.s-label.fl-grow1(for="autocreate")
          | Create new Matrix rooms automatically
          p.s-description If you want, OOYE can automatically create new Matrix rooms and link them when a new Discord channel is spoken in.
        - let value = select("guild_space", "autocreate", {guild_id}).pluck().get()
        input(type="hidden" name="guild_id" value=guild_id)
        input.s-toggle-switch.order-last#autocreate(name="autocreate" type="checkbox" hx-post="/api/autocreate" hx-indicator="#autocreate-loading" hx-disabled-elt="this" checked=value)
        .is-loading#autocreate-loading
    h3.mt32.fs-category Manually link channels
    form.d-flex.g16.ai-start(method="post" action="/api/link")
      .fl-grow2.s-btn-group.fd-column.w40
        each channel in unlinkedChannels
          input.s-btn--radio(type="radio" name="discord" id=channel.id value=channel.id)
          label.s-btn.s-btn__muted.ta-left.truncate(for=channel.id)
            +discord(channel, true, "Announcement")
        else
          .s-empty-state.p8 All Discord channels are linked.
      .fl-grow1.s-btn-group.fd-column.w30
        .s-empty-state.p8 I don't know how to get the Matrix room list yet...
      div
        button.s-btn.s-btn__icon.s-btn__filled
          != icons.Icons.IconLink
          = ` Connect`
--- a/src/web/pug/home.pug
+++ b/src/web/pug/home.pug
@ -1,24 +0,0 @@
 extends includes/template.pug
 block body
  .s-page-title.mb24
    h1.s-page-title--header Bridge a Discord server
  .d-grid.grid__2.g24
    .s-card.bs-md.d-flex.fd-column
      h2 Easy mode
      p Add the bot to your Discord server.
      p It will automatically create new Matrix rooms for you.
      .fl-grow1
      a.s-btn.s-btn__filled.s-btn__icon(href="/oauth?action=add")
        != icons.Icons.IconPlus
        = ` Add to server`
    .s-card.bs-md.d-flex.fd-column
      h2 Self-service
      p OOYE will link an existing Discord server and Matrix space together.
      p Choose this option if you already have a community set up on Matrix.
      p Or, choose this if you're migrating from a different bridge.
      .fl-grow1
      a.s-btn.s-btn__outlined.s-btn__icon(href="/oauth?action=add-self-service")
        != icons.Icons.IconUnorderedList
        = ` Set up self-service`
--- a/src/web/pug/includes/hash.svg
+++ b/src/web/pug/includes/hash.svg
@ -1,46 +0,0 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
   aria-hidden="true"
   class="svg-icon iconItalic"
   width="18"
   height="18"
   viewBox="0 0 18 18"
   version="1.1"
   id="svg1"
   sodipodi:docname="hash.svg"
   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25)"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:svg="http://www.w3.org/2000/svg">
  <defs
     id="defs1" />
  <path
     style="opacity:1;stroke-width:24.2222;stroke-linecap:square;paint-order:stroke fill markers"
     d="m 13.949463,2.0417087 c 0,0 0.664304,0.00704 0.854464,0.00134 0.19016,-0.0057 0.924873,0.2384962 0.57664,0.9863413 -0.288846,0.6203095 -5.045042,11.035358 -5.4783833,11.984378 -0.4333415,0.949021 -0.7881247,0.945761 -1.3553087,0.945761 -0.567184,0 -0.3175392,0 -0.734375,0 -0.4168358,0 -0.7985231,-0.467356 -0.5770328,-0.951217 C 7.4569576,14.524452 12.479729,3.5512928 12.725807,3.0070042 13.022379,2.3510304 13.336114,2.0361844 13.949463,2.0417087 Z"
     id="path4"
     sodipodi:nodetypes="czszzzzsc" />
  <rect
     style="opacity:1;stroke-width:27.7591;stroke-linecap:square;paint-order:stroke fill markers"
     id="rect4"
     width="11.987322"
     height="2"
     x="2.002677"
     y="11.007812"
     rx="1"
     ry="1" />
  <rect
     style="opacity:1;stroke-width:27.7591;stroke-linecap:square;paint-order:stroke fill markers"
     id="rect5"
     width="11.987322"
     height="2"
     x="4.0100012"
     y="5.007813"
     rx="1"
     ry="1" />
  <path
     style="opacity:1;stroke-width:24.2222;stroke-linecap:square;paint-order:stroke fill markers"
     d="m 9.1764922,2.0417087 c 0,0 0.664304,0.00704 0.8544638,0.00134 0.19016,-0.0057 0.924873,0.2384962 0.57664,0.9863413 -0.288846,0.6203095 -5.0450418,11.035358 -5.4783831,11.984378 -0.4333415,0.949021 -0.7881247,0.945761 -1.3553087,0.945761 -0.567184,0 -0.3175392,0 -0.734375,0 -0.4168358,0 -0.7985231,-0.467356 -0.5770328,-0.951217 C 2.6839868,14.524452 7.7067582,3.5512928 7.9528362,3.0070042 8.2494082,2.3510304 8.5631432,2.0361844 9.1764922,2.0417087 Z"
     id="path1"
     sodipodi:nodetypes="czszzzzsc" />
 </svg>
--- a/src/web/pug/includes/template.pug
+++ b/src/web/pug/includes/template.pug
@ -1,66 +0,0 @@
 mixin guild(guild)
  span.s-avatar.s-avatar__32.s-user-card--avatar
    if guild.icon
      img.s-avatar--image(src=`https://cdn.discordapp.com/icons/${guild.id}/${guild.icon}.png?size=32`)
    else
      .s-avatar--letter.bg-silver-400.bar-md(aria-hidden="true")= guild.name[0]
  .s-user-card--info.ai-start
    strong= guild.name
    ul.s-user-card--awards
      li #{discord.guildChannelMap.get(guild.id).filter(c => [0, 5, 15, 16].includes(discord.channels.get(c).type)).length} channels
 doctype html
 html(lang="en")
  head
    title Out Of Your Element
    link(rel="stylesheet" type="text/css" href="/static/stacks.min.css")
    <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 80%22><text y=%22.83em%22 font-size=%2283%22>💬</text></svg>">
    meta(name="htmx-config" content='{"indicatorClass":"is-loading"}')
    style.
      .themed {
        --theme-base-primary-color-h: 266;
        --theme-base-primary-color-s: 53%;
        --theme-base-primary-color-l: 63%;
        --theme-dark-primary-color-h: 266;
        --theme-dark-primary-color-s: 53%;
        --theme-dark-primary-color-l: 63%;
      }
  body.themed.theme-system
    header.s-topbar
      .s-topbar--skip-link(href="#content") Skip to main content
      .s-topbar--container.wmx9
        a.s-topbar--logo(href="/")
          img.s-avatar.s-avatar__32(src="/icon.png")
        nav.s-topbar--navigation
          ul.s-topbar--content
            li.ps-relative
              if !session.data.managedGuilds || session.data.managedGuilds.length === 0
                a.s-btn.s-btn__icon.as-center(href="/oauth")
                  != icons.Icons.IconDiscord
                  = ` Log in`
              else if guild_id && session.data.managedGuilds.includes(guild_id) && discord.guilds.has(guild_id)
                button.s-topbar--item.s-btn.s-btn__muted.s-user-card(popovertarget="guilds")
                  +guild(discord.guilds.get(guild_id))
              else if session.data.managedGuilds
                button.s-topbar--item.s-btn.s-btn__muted.s-btn__dropdown.pr24.s-user-card.s-label(popovertarget="guilds")
                  | Your servers
              #guilds(popover data-popper-placement="bottom" style="display: revert; width: revert;").s-popover.overflow-visible
                .s-popover--arrow.s-popover--arrow__tc
                .s-popover--content.overflow-y-auto.overflow-x-hidden
                  ul.s-menu(role="menu")
                    each guild in (session.data.managedGuilds || []).map(id => discord.guilds.get(id)).filter(g => g)
                      li(role="menuitem")
                        a.s-topbar--item.s-user-card.d-flex.p4(href=`/guild?guild_id=${guild.id}`)
                          +guild(guild)
    .mx-auto.w100.wmx9.py24#content
      block body
    script.
      document.querySelectorAll("[popovertarget]").forEach(e => {
        e.addEventListener("click", () => {
          const rect = e.getBoundingClientRect()
          const t = `:popover-open { position: absolute; top: ${Math.floor(rect.bottom)}px; left: ${Math.floor(rect.left + rect.width / 2)}px; width: ${Math.floor(rect.width)}px; transform: translateX(-50%); box-sizing: content-box; margin: 0 }`
          // console.log(t)
          document.styleSheets[0].insertRule(t)
        })
      })
    script(src="/static/htmx.min.js")
--- a/src/web/pug/invite.pug
+++ b/src/web/pug/invite.pug
@ -1,32 +0,0 @@
 extends includes/template.pug
 block body
  if !isValid
    .s-empty-state.wmx4.p48
      != icons.Spots.SpotAlertXL
      p This QR code has expired.
      p Refresh the guild management page to generate a new one.
  else
    - let guild = discord.guilds.get(guild_id)
    .s-page-title.mb24
      h1.s-page-title--header= guild.name
    .d-flex.g16
      .fl-grow1
        h2.fs-headline1 Invite a Matrix user
        form.d-flex.gy16.fd-column(method="post" action="/api/invite" style="grid-template-rows: repeat(2, auto)")
          .d-flex.gy4.fd-column
            label.s-label(for="mxid") Matrix ID
            input.fl-grow1.s-input.wmx3#mxid(name="mxid" required placeholder="@user:example.org")
          .d-flex.gy4.fd-column
            label.s-label(for="permissions") Permissions
            .s-select
              select#permissions(name="permissions")
                option(value="default") Default
                option(value="moderator") Moderator
          input(type="hidden" name="nonce" value=nonce)
          div
            button.s-btn.s-btn__filled.htmx-indicator Invite
--- a/src/web/pug/ok.pug
+++ b/src/web/pug/ok.pug
@ -1,6 +0,0 @@
 extends includes/template.pug
 block body
  .ta-center.wmx5.p48.mx-auto
    != icons.Spots.SpotApproveXL
    p.mt24.fs-body2= msg
--- a/src/web/routes/download-discord.js
+++ b/src/web/routes/download-discord.js
@ -4,11 +4,6 @@ const assert = require("assert/strict")
 const {defineEventHandler, getValidatedRouterParams, sendRedirect, createError} = require("h3")
 const {z} = require("zod")
 /** @type {import("xxhash-wasm").XXHashAPI} */ // @ts-ignore
 let hasher = null
 // @ts-ignore
 require("xxhash-wasm")().then(h => hasher = h)
 const {discord, as, select} = require("../../passthrough")
 const schema = {
@ -36,10 +31,7 @@ function defineMediaProxyHandler(domain) {
 	return defineEventHandler(async event => {
 		const params = await getValidatedRouterParams(event, schema.params.parse)
-		const unsignedHash = hasher.h64(params.attachment_id)
+		const row = select("channel_room", "channel_id", {channel_id: params.channel_id}).get()
 		const signedHash = unsignedHash - 0x8000000000000000n // shifting down to signed 64-bit range
 		const row = select("media_proxy", "permitted_hash", {permitted_hash: signedHash}).get()
 		if (row == null) {
 			throw createError({
 				status: 403,
--- a/src/web/routes/guild-settings.js
+++ b/src/web/routes/guild-settings.js
@ -1,23 +0,0 @@
 // @ts-check
 const {z} = require("zod")
 const {defineEventHandler, sendRedirect, useSession, createError, readValidatedBody} = require("h3")
 const {as, db} = require("../../passthrough")
 const {reg} = require("../../matrix/read-registration")
 const schema = {
 	autocreate: z.object({
 		guild_id: z.string(),
 		autocreate: z.string().optional()
 	})
 }
 as.router.post("/api/autocreate", defineEventHandler(async event => {
 	const parsedBody = await readValidatedBody(event, schema.autocreate.parse)
 	const session = await useSession(event, {password: reg.as_token})
 	if (!(session.data.managedGuilds || []).includes(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
 	db.prepare("UPDATE guild_space SET autocreate = ? WHERE guild_id = ?").run(+!!parsedBody.autocreate, parsedBody.guild_id)
 	return sendRedirect(event, `/guild?guild_id=${parsedBody.guild_id}`, 302)
 }))
--- a/src/web/routes/invite.js
+++ b/src/web/routes/invite.js
@ -1,99 +0,0 @@
 // @ts-check
 const assert = require("assert/strict")
 const {z} = require("zod")
 const {defineEventHandler, sendRedirect, useSession, createError, getValidatedQuery, readValidatedBody} = require("h3")
 const {randomUUID} = require("crypto")
 const {LRUCache} = require("lru-cache")
 const {discord, as, sync, select} = require("../../passthrough")
 /** @type {import("../pug-sync")} */
 const pugSync = sync.require("../pug-sync")
 const {reg} = require("../../matrix/read-registration")
 /** @type {import("../../matrix/api")} */
 const api = sync.require("../../matrix/api")
 const schema = {
 	guild: z.object({
 		guild_id: z.string().optional()
 	}),
 	invite: z.object({
 		mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/),
 		permissions: z.enum(["default", "moderator"]),
 		guild_id: z.string().optional(),
 		nonce: z.string().optional()
 	}),
 	inviteNonce: z.object({
 		nonce: z.string()
 	})
 }
 /** @type {LRUCache<string, string>} nonce to guild id */
 const validNonce = new LRUCache({max: 200})
 as.router.get("/guild", defineEventHandler(async event => {
 	const {guild_id} = await getValidatedQuery(event, schema.guild.parse)
 	const nonce = randomUUID()
 	if (guild_id) {
 		// Security note: the nonce alone is valid for updating the guild
 		// We have not verified the user has sufficient permissions in the guild at generation time
 		// These permissions are checked later during page rendering and the generated nonce is only revealed if the permissions are sufficient
 		validNonce.set(nonce, guild_id)
 	}
 	return pugSync.render(event, "guild.pug", {nonce})
 }))
 as.router.get("/invite", defineEventHandler(async event => {
 	const {nonce} = await getValidatedQuery(event, schema.inviteNonce.parse)
 	const isValid = validNonce.has(nonce)
 	const guild_id = validNonce.get(nonce)
 	const guild = discord.guilds.get(guild_id || "")
 	return pugSync.render(event, "invite.pug", {isValid, nonce, guild_id, guild})
 }))
 as.router.post("/api/invite", defineEventHandler(async event => {
 	const parsedBody = await readValidatedBody(event, schema.invite.parse)
 	const session = await useSession(event, {password: reg.as_token})
 	// Check guild ID or nonce
 	if (parsedBody.guild_id) {
 		var guild_id = parsedBody.guild_id
 		if (!(session.data.managedGuilds || []).includes(guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't invite users to a guild you don't have Manage Server permissions in"})
 	} else if (parsedBody.nonce) {
 		if (!validNonce.has(parsedBody.nonce)) throw createError({status: 403, message: "Nonce expired", data: "Nonce means number-used-once, and, well, you tried to use it twice..."})
 		let ok = validNonce.get(parsedBody.nonce)
 		assert(ok)
 		var guild_id = ok
 		validNonce.delete(parsedBody.nonce)
 	} else {
 		throw createError({status: 400, message: "Missing guild ID", data: "Passing a guild ID or a nonce is required."})
 	}
 	// Check guild is bridged
 	const spaceID = select("guild_space", "space_id", {guild_id: guild_id}).pluck().get()
 	if (!spaceID) throw createError({status: 428, message: "Server not bridged", data: "You can only invite Matrix users to servers that are bridged to Matrix."})
 	// Check for existing invite to the space
 	let spaceMember
 	try {
 		spaceMember = await api.getStateEvent(spaceID, "m.room.member", parsedBody.mxid)
 	} catch (e) {}
 	if (spaceMember && (spaceMember.membership === "invite" || spaceMember.membership === "join")) {
 		return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
 	}
 	// Invite
 	await api.inviteToRoom(spaceID, parsedBody.mxid)
 	// Permissions
 	if (parsedBody.permissions === "moderator") {
 		await api.setUserPowerCascade(spaceID, parsedBody.mxid, 50)
 	}
 	if (parsedBody.guild_id) {
 		return sendRedirect(event, `/guild?guild_id=${guild_id}`, 302)
 	} else {
 		return sendRedirect(event, "/ok?msg=User has been invited.", 302)
 	}
 }))
--- a/src/web/routes/oauth.js
+++ b/src/web/routes/oauth.js
@ -1,92 +0,0 @@
 // @ts-check
 const {z} = require("zod")
 const {randomUUID} = require("crypto")
 const {defineEventHandler, getValidatedQuery, sendRedirect, getQuery, useSession, createError} = require("h3")
 const {SnowTransfer} = require("snowtransfer")
 const DiscordTypes = require("discord-api-types/v10")
 const fetch = require("node-fetch")
 const {as} = require("../../passthrough")
 const {id} = require("../../../addbot")
 const {reg} = require("../../matrix/read-registration")
 const redirect_uri = `${reg.ooye.bridge_origin}/oauth`
 const schema = {
 	first: z.object({
 		action: z.string().optional()
 	}),
 	code: z.object({
 		state: z.string(),
 		code: z.string(),
 		guild_id: z.string().optional()
 	}),
 	token: z.object({
 		token_type: z.string(),
 		access_token: z.string(),
 		expires_in: z.number({coerce: true}),
 		refresh_token: z.string(),
 		scope: z.string()
 	})
 }
 as.router.get("/oauth", defineEventHandler(async event => {
 	const session = await useSession(event, {password: reg.as_token})
 	let scope = "guilds"
 	const parsedFirstQuery = await getValidatedQuery(event, schema.first.safeParse)
 	if (parsedFirstQuery.data?.action === "add") {
 		scope = "bot+guilds"
 		await session.update({selfService: false})
 	} else if (parsedFirstQuery.data?.action === "add-self-service") {
 		scope = "bot+guilds"
 		await session.update({selfService: true})
 	}
 	async function tryAgain() {
 		const newState = randomUUID()
 		await session.update({state: newState})
 		return sendRedirect(event, `https://discord.com/oauth2/authorize?client_id=${id}&scope=${scope}&permissions=1610883072&response_type=code&redirect_uri=${redirect_uri}&state=${newState}`)
 	}
 	const parsedQuery = await getValidatedQuery(event, schema.code.safeParse)
 	if (!parsedQuery.success) return tryAgain()
 	const savedState = session.data.state
 	if (!savedState) throw createError({status: 400, message: "Missing state", data: "Missing saved state parameter. Please try again, and make sure you have cookies enabled."})
 	if (savedState != parsedQuery.data.state) return tryAgain()
 	const res = await fetch("https://discord.com/api/oauth2/token", {
 		method: "post",
 		body: new URLSearchParams({
 			grant_type: "authorization_code",
 			client_id: id,
 			client_secret: reg.ooye.discord_client_secret,
 			redirect_uri,
 			code: parsedQuery.data.code
 		})
 	})
 	const root = await res.json()
 	const parsedToken = schema.token.safeParse(root)
 	if (!res.ok || !parsedToken.success) {
 		throw createError({status: 502, message: "Invalid token response", data: `Discord completed OAuth, but returned this instead of an OAuth access token: ${JSON.stringify(root)}`})
 	}
 	const client = new SnowTransfer(`Bearer ${parsedToken.data.access_token}`)
 	try {
 		const guilds = await client.user.getGuilds()
 		const managedGuilds = guilds.filter(g => BigInt(g.permissions) & DiscordTypes.PermissionFlagsBits.ManageGuild).map(g => g.id)
 		await session.update({managedGuilds})
 	} catch (e) {
 		throw createError({status: 502, message: "API call failed", data: e.message})
 	}
 	if (parsedQuery.data.guild_id) {
 		// TODO: we probably need to create a matrix space and database entry immediately here so that self-service settings apply and so matrix users can be invited
 		return sendRedirect(event, `/guild?guild_id=${parsedQuery.data.guild_id}`, 302)
 	}
 	return sendRedirect(event, "/", 302)
 }))
--- a/src/web/server.js
+++ b/src/web/server.js
@ -1,62 +1,6 @@
 // @ts-check
-const fs = require("fs")
+const {sync, as} = require("../passthrough")
 const {join} = require("path")
 const h3 = require("h3")
 const {defineEventHandler, defaultContentType, getRequestHeader, setResponseHeader, setResponseStatus, useSession, getQuery, handleCacheHeaders} = h3
 const icons = require("@stackoverflow/stacks-icons")
 const DiscordTypes = require("discord-api-types/v10")
 const dUtils = require("../discord/utils")
 const {sync, discord, as, select} = require("../passthrough")
 /** @type {import("./pug-sync")} */
 const pugSync = sync.require("./pug-sync")
 const {id} = require("../../addbot")
 // Pug
 pugSync.addGlobals({id, h3, discord, select, DiscordTypes, dUtils, icons})
 pugSync.createRoute(as.router, "/", "home.pug")
 pugSync.createRoute(as.router, "/ok", "ok.pug")
 // Routes
 sync.require("./routes/download-matrix")
 sync.require("./routes/download-discord")
 sync.require("./routes/invite")
 sync.require("./routes/guild-settings")
 sync.require("./routes/oauth")
 // Files
 function compressResponse(event, response) {
 	if (!getRequestHeader(event, "accept-encoding")?.includes("gzip")) return
 	if (typeof response.body !== "string") return
 	/** @type {ReadableStream} */ // @ts-ignore
 	const stream = new Response(response.body).body
 	setResponseHeader(event, "content-encoding", "gzip")
 	response.body = stream.pipeThrough(new CompressionStream("gzip"))
 }
 as.router.get("/static/stacks.min.css", defineEventHandler({
 	onBeforeResponse: compressResponse,
 	handler: async event => {
 		handleCacheHeaders(event, {maxAge: 86400})
 		defaultContentType(event, "text/css")
 		return fs.promises.readFile(require.resolve("@stackoverflow/stacks/dist/css/stacks.css"), "utf-8")
 	}
 }))
 as.router.get("/static/htmx.min.js", defineEventHandler({
 	onBeforeResponse: compressResponse,
 	handler: async event => {
 		handleCacheHeaders(event, {maxAge: 86400})
 		defaultContentType(event, "text/javascript")
 		return fs.promises.readFile(join(__dirname, "static", "htmx.min.js"), "utf-8")
 	}
 }))
 as.router.get("/icon.png", defineEventHandler(event => {
 	handleCacheHeaders(event, {maxAge: 86400})
 	return fs.promises.readFile(join(__dirname, "../../docs/img/icon.png"))
 }))
--- a/src/web/static/htmx.min.js
+++ b/src/web/static/htmx.min.js