
200 lines
5.9 KiB
Raw Normal View History

2021-08-16 04:40:56 +00:00
package website
import (
func DiscordOAuthCallback(c *RequestContext) ResponseData {
query := c.Req.URL.Query()
// Check the state
state := query.Get("state")
if state != c.CurrentSession.CSRFToken {
// CSRF'd!!!!
c.Logger.Warn().Str("userId", c.CurrentUser.Username).Msg("user failed Discord OAuth state validation - potential attack?")
res := c.Redirect("/", http.StatusSeeOther)
2021-08-28 17:07:45 +00:00
logoutUser(c, &res)
2021-08-16 04:40:56 +00:00
return res
2021-08-28 17:07:45 +00:00
// Check for error values and redirect back to user settings
if errCode := query.Get("error"); errCode != "" {
if errCode == "access_denied" {
// This occurs when the user cancels. Just go back to the profile page.
return c.Redirect(hmnurl.BuildUserSettings("discord"), http.StatusSeeOther)
} else {
return RejectRequest(c, "Failed to authenticate with Discord.")
2021-08-16 04:40:56 +00:00
2021-08-28 17:07:45 +00:00
// Do the actual token exchange
2021-08-16 04:40:56 +00:00
code := query.Get("code")
res, err := discord.ExchangeOAuthCode(c.Context(), code, hmnurl.BuildDiscordOAuthCallback())
2021-08-16 04:40:56 +00:00
if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to exchange Discord authorization code"))
2021-08-16 04:40:56 +00:00
expiry := time.Now().Add(time.Duration(res.ExpiresIn) * time.Second)
user, err := discord.GetCurrentUserAsOAuth(c.Context(), res.AccessToken)
if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to fetch Discord user info"))
2021-08-16 04:40:56 +00:00
2021-08-16 05:07:17 +00:00
// Add the role on Discord
2021-08-16 04:40:56 +00:00
err = discord.AddGuildMemberRole(c.Context(), user.ID, config.Config.Discord.MemberRoleID)
if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to add member role"))
2021-08-16 04:40:56 +00:00
2021-08-16 05:07:17 +00:00
// Add the user to our database
2021-08-16 04:40:56 +00:00
_, err = c.Conn.Exec(c.Context(),
INSERT INTO handmade_discorduser (username, discriminator, access_token, refresh_token, avatar, locale, userid, expiry, hmn_user_id)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)
if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to save new Discord user info"))
2021-08-16 04:40:56 +00:00
if c.CurrentUser.Status == models.UserStatusConfirmed {
_, err = c.Conn.Exec(c.Context(),
UPDATE auth_user
SET status = $1
WHERE id = $2
if err != nil {
c.Logger.Error().Err(err).Msg("failed to set user status to approved after linking discord account")
// NOTE(asaf): It's not worth failing the request over this, so we're not returning an error to the user.
return c.Redirect(hmnurl.BuildUserSettings("discord"), http.StatusSeeOther)
2021-08-16 04:40:56 +00:00
2021-08-16 05:07:17 +00:00
func DiscordUnlink(c *RequestContext) ResponseData {
tx, err := c.Conn.Begin(c.Context())
if err != nil {
defer tx.Rollback(c.Context())
iDiscordUser, err := db.QueryOne(c.Context(), tx, models.DiscordUser{},
SELECT $columns
FROM handmade_discorduser
WHERE hmn_user_id = $1
if err != nil {
if errors.Is(err, db.NotFound) {
return c.Redirect(hmnurl.BuildUserSettings("discord"), http.StatusSeeOther)
2021-08-16 05:07:17 +00:00
} else {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to get Discord user for unlink"))
2021-08-16 05:07:17 +00:00
discordUser := iDiscordUser.(*models.DiscordUser)
_, err = tx.Exec(c.Context(),
DELETE FROM handmade_discorduser
WHERE id = $1
if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete Discord user"))
2021-08-16 05:07:17 +00:00
err = tx.Commit(c.Context())
if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to commit Discord user delete"))
2021-08-16 05:07:17 +00:00
err = discord.RemoveGuildMemberRole(c.Context(), discordUser.UserID, config.Config.Discord.MemberRoleID)
if err != nil {
c.Logger.Warn().Err(err).Msg("failed to remove member role on unlink")
return c.Redirect(hmnurl.BuildUserSettings("discord"), http.StatusSeeOther)
func DiscordShowcaseBacklog(c *RequestContext) ResponseData {
iduser, err := db.QueryOne(c.Context(), c.Conn, models.DiscordUser{},
`SELECT $columns FROM handmade_discorduser WHERE hmn_user_id = $1`,
if errors.Is(err, db.NotFound) {
// Nothing to do
c.Logger.Warn().Msg("could not do showcase backlog because no discord user exists")
return c.Redirect(hmnurl.BuildUserProfile(c.CurrentUser.Username), http.StatusSeeOther)
} else if err != nil {
2021-08-28 12:21:03 +00:00
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to get discord user"))
duser := iduser.(*models.DiscordUser)
type messageIdQuery struct {
MessageID string `db:""`
iMsgIDs, err := db.Query(c.Context(), c.Conn, messageIdQuery{},
SELECT $columns
handmade_discordmessage AS msg
msg.user_id = $1
AND msg.channel_id = $2
if err != nil {
return c.ErrorResponse(http.StatusInternalServerError, err)
var msgIDs []string
for _, imsgId := range iMsgIDs {
msgIDs = append(msgIDs, imsgId.(*messageIdQuery).MessageID)
for _, msgID := range msgIDs {
interned, err := discord.FetchInternedMessage(c.Context(), c.Conn, msgID)
2022-02-07 12:21:40 +00:00
if err != nil && !errors.Is(err, db.NotFound) {
return c.ErrorResponse(http.StatusInternalServerError, err)
2022-02-07 12:21:40 +00:00
} else if err == nil {
// NOTE(asaf): Creating snippet even if the checkbox is off because the user asked us to.
err = discord.HandleSnippetForInternedMessage(c.Context(), c.Conn, interned, true)
if err != nil {
return c.ErrorResponse(http.StatusInternalServerError, err)
return c.Redirect(hmnurl.BuildUserProfile(c.CurrentUser.Username), http.StatusSeeOther)
2021-08-16 05:07:17 +00:00