feat: login and guild API controllers

Author: virtual-designer

.vscode/settings.json

@@ -83,5 +83,14 @@
         "blazebuild": "Project"
     },
     "typescript.preferences.importModuleSpecifier": "non-relative",
-    "eslint.experimental.useFlatConfig": true
+    "eslint.experimental.useFlatConfig": true,
+    "editor.inlayHints.enabled": "on",
+    "typescript.inlayHints.enumMemberValues.enabled": true,
+    "typescript.inlayHints.parameterNames.enabled": "all",
+    "typescript.inlayHints.functionLikeReturnTypes.enabled": true,
+    "typescript.inlayHints.parameterNames.suppressWhenArgumentMatchesName": true,
+    "typescript.inlayHints.parameterTypes.enabled": true,
+    "typescript.inlayHints.variableTypes.enabled": true,
+    "typescript.inlayHints.propertyDeclarationTypes.enabled": true,
+    "typescript.inlayHints.variableTypes.suppressWhenTypeMatchesName": true,
 }

package.json

@@ -88,7 +88,7 @@
     "googleapis": "^126.0.1",
     "jpeg-js": "^0.4.4",
     "json5": "^2.2.3",
-    "jsonwebtoken": "^9.0.1",
+    "jsonwebtoken": "^9.0.2",
     "module-alias": "^2.2.3",
     "nsfwjs": "^3.0.0",
     "pm2": "^5.3.1",

prisma/schema.prisma

@@ -157,6 +157,25 @@ model AfkEntry {
     @@map("afk_entries")
 }
 
+model User {
+    id                     Int       @id @default(autoincrement())
+    name                   String?
+    username               String
+    discordId              String
+    guilds                 String[]  @default([])
+    password               String
+    token                  String?
+    recoveryToken          String?
+    recoveryCode           String?
+    recoveryAttempts       Int       @default(0)
+    recoveryTokenExpiresAt DateTime?
+    createdAt              DateTime  @default(now())
+    tokenExpiresAt         DateTime?
+    updatedAt              DateTime  @default(now()) @updatedAt
+
+    @@map("users")
+}
+
 // The following models were used in the previous version of the bot and are no longer used.
 // They are kept here for reference and will be removed in the future.
 
@@ -210,25 +229,6 @@ model ReactionRole {
     @@map("reaction_roles")
 }
 
-model User {
-    id                     Int       @id @default(autoincrement())
-    name                   String?
-    username               String
-    discordId              String
-    guilds                 String[]  @default([])
-    password               String
-    token                  String?
-    recoveryToken          String?
-    recoveryCode           String?
-    recoveryAttempts       Int       @default(0)
-    recoveryTokenExpiresAt DateTime?
-    createdAt              DateTime  @default(now())
-    tokenExpiresAt         DateTime?
-    updatedAt              DateTime  @default(now()) @updatedAt
-
-    @@map("users")
-}
-
 model BoostRoleEntries {
     id        Int      @id @default(autoincrement())
     role_id   String

src/framework/typescript/api/http/Controller.ts

@@ -17,10 +17,19 @@
  * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
  */
 
+import Response from "@framework/api/http/Response";
 import Application from "../../app/Application";
-import CanBind from "../../container/CanBind";
 
-@CanBind
 export default abstract class Controller {
-    public constructor(protected readonly application: Application) {}
+    public constructor(
+        @((..._: unknown[]) => undefined) protected readonly application: Application
+    ) {}
+
+    protected error(status: number, body?: unknown, headers?: Record<string, string>) {
+        return new Response({
+            status,
+            body,
+            headers
+        });
+    }
 }

src/framework/typescript/api/middleware/GuildAccessControl.ts

@@ -17,6 +17,7 @@
  * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
  */
 
+import { APIErrorCode } from "@main/types/APIErrorCode";
 import type { NextFunction, Response } from "express";
 import type Request from "../http/Request";
 
@@ -27,15 +28,17 @@ export default async function GuildAccessControl(
 ) {
     if (!request.params.guild) {
         response.status(401).send({
-            error: "Cannot authorize access without a Guild ID."
+            error: "Cannot authorize access without a Guild ID.",
+            code: APIErrorCode.RestrictedGuildAccess
         });
 
         return;
     }
 
     if (!request.user?.guilds.includes(request.params.guild)) {
         response.status(403).send({
-            error: "Access denied."
+            error: "Access denied.",
+            code: APIErrorCode.RestrictedGuildAccess
         });
 
         return;

src/framework/typescript/api/middleware/RequireAuthMiddleware.ts

@@ -17,6 +17,7 @@
  * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
  */
 
+import { APIErrorCode } from "@main/types/APIErrorCode";
 import type { NextFunction, Response } from "express";
 import jwt from "jsonwebtoken";
 import type Application from "../../app/Application";
@@ -31,7 +32,8 @@ export default async function RequireAuthMiddleware(
 ) {
     if (!request.headers.authorization) {
         response.status(401).json({
-            error: "No authorization header found in the request"
+            error: "No authorization header found in the request",
+            code: APIErrorCode.Unauthorized
         });
 
         return;
@@ -41,7 +43,8 @@ export default async function RequireAuthMiddleware(
 
     if (type.toLowerCase() !== "bearer") {
         response.status(401).json({
-            error: "Only bearer tokens are supported"
+            error: "Only bearer tokens are supported",
+            code: APIErrorCode.Unauthorized
         });
 
         return;
@@ -88,7 +91,8 @@ export default async function RequireAuthMiddleware(
         application.logger.debug(e);
 
         response.status(401).json({
-            error: "Invalid API token"
+            error: "Invalid API token",
+            code: APIErrorCode.Unauthorized
         });
 
         return;

src/main/typescript/api/controllers/AuthController.ts

@@ -0,0 +1,117 @@
+/**
+ * This file is part of SudoBot.
+ *
+ * Copyright (C) 2021-2023 OSN Developers.
+ *
+ * SudoBot is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * SudoBot is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Action } from "@framework/api/decorators/Action";
+import { Validate } from "@framework/api/decorators/Validate";
+import Controller from "@framework/api/http/Controller";
+import type Request from "@framework/api/http/Request";
+import Response from "@framework/api/http/Response";
+import { Inject } from "@framework/container/Inject";
+import { fetchUser } from "@framework/utils/entities";
+import AuthService from "@main/services/AuthService";
+import { APIErrorCode } from "@main/types/APIErrorCode";
+import { APIGuild, User } from "discord.js";
+import { z } from "zod";
+
+class AuthController extends Controller {
+    @Inject()
+    private readonly authService!: AuthService;
+
+    private readonly linkedUserCache = new Map<number, User>();
+    private linkedUserCacheTimeout: ReturnType<typeof setTimeout> | null = null;
+
+    @Action("POST", "/login")
+    @Validate(
+        z.object({
+            username: z.string().min(3).max(32),
+            password: z.string().min(1).max(64)
+        })
+    )
+    public async login(request: Request) {
+        const { username, password } = request.body;
+
+        const result = await this.authService.authenticate({
+            username,
+            password
+        });
+
+        if (!result.success) {
+            return new Response({
+                status: 400,
+                body: {
+                    success: false,
+                    message: "Invalid credentials",
+                    code: APIErrorCode.InvalidCredentials
+                }
+            });
+        }
+
+        const { user } = result;
+        const discordUser =
+            this.linkedUserCache.get(user.id) ??
+            (await fetchUser(this.application.client, user.discordId));
+
+        if (!discordUser) {
+            return new Response({
+                status: 403,
+                body: {
+                    success: false,
+                    message: "This account is disabled. Please contact an administrator.",
+                    code: APIErrorCode.AccountDisabled
+                }
+            });
+        }
+
+        this.linkedUserCache.set(user.id, discordUser);
+
+        if (!this.linkedUserCacheTimeout) {
+            this.linkedUserCacheTimeout = setTimeout(
+                () => {
+                    this.linkedUserCache.clear();
+                    this.linkedUserCacheTimeout = null;
+                },
+                1000 * 60 * 2
+            );
+        }
+
+        const guilds: APIGuild[] = [];
+
+        for (const guild of this.application.client.guilds.cache.values()) {
+            if (user.guilds.includes(guild.id)) {
+                guilds.push(guild.toJSON() as APIGuild);
+            }
+        }
+
+        return {
+            success: true,
+            user: {
+                id: user.id,
+                name: user.name ?? undefined,
+                username: user.username,
+                discordId: user.discordId,
+                avatar: discordUser.displayAvatarURL()
+            },
+            token: user.token,
+            expires: user.tokenExpiresAt?.getTime(),
+            guilds
+        };
+    }
+}
+
+export default AuthController;

src/main/typescript/api/controllers/GuildController.ts

@@ -0,0 +1,68 @@
+/**
+ * This file is part of SudoBot.
+ *
+ * Copyright (C) 2021-2023 OSN Developers.
+ *
+ * SudoBot is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * SudoBot is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Action } from "@framework/api/decorators/Action";
+import { EnableGuildAccessControl } from "@framework/api/decorators/EnableGuildAccessControl";
+import { RequireAuth } from "@framework/api/decorators/RequireAuth";
+import Controller from "@framework/api/http/Controller";
+import type Request from "@framework/api/http/Request";
+import { APIErrorCode } from "@main/types/APIErrorCode";
+
+class GuildController extends Controller {
+    @Action("GET", "/guilds/:guild")
+    @RequireAuth()
+    @EnableGuildAccessControl()
+    public async view(request: Request) {
+        const { id } = request.params;
+        const guild = this.application.client.guilds.cache.get(id);
+
+        if (!guild) {
+            return this.error(404, {
+                message: "Guild not found.",
+                code: APIErrorCode.None
+            });
+        }
+
+        return {
+            id: guild.id,
+            name: guild.name,
+            icon: guild.icon
+        };
+    }
+
+    @Action("GET", "/guilds")
+    @RequireAuth()
+    public async index(request: Request) {
+        const guilds = [];
+
+        for (const guild of this.application.client.guilds.cache.values()) {
+            if (request.user?.guilds.includes(guild.id)) {
+                guilds.push({
+                    id: guild.id,
+                    name: guild.name,
+                    icon: guild.icon
+                });
+            }
+        }
+
+        return guilds;
+    }
+}
+
+export default GuildController;

src/main/typescript/api/controllers/MainController.ts

@@ -19,12 +19,10 @@
 
 import { Action } from "@framework/api/decorators/Action";
 import Controller from "@framework/api/http/Controller";
-import CanBind from "@framework/container/CanBind";
 import { Inject } from "@framework/container/Inject";
 import ConfigurationManager from "../../services/ConfigurationManager";
 
-@CanBind
-export default class MainController extends Controller {
+class MainController extends Controller {
     @Inject()
     protected readonly configManager!: ConfigurationManager;
 
@@ -47,3 +45,5 @@ export default class MainController extends Controller {
         };
     }
 }
+
+export default MainController;

src/main/typescript/core/DiscordKernel.ts

@@ -78,6 +78,7 @@ class DiscordKernel extends Kernel {
         "@services/ChannelLockManager",
         "@services/ReactionRoleService",
         "@services/AFKService",
+        "@services/AuthService",
         "@services/ImageRecognitionService",
         "@services/DirectiveParsingService",
         "@root/framework/typescript/api/APIServer"