Commit Graph

21 Commits

Author SHA1 Message Date
Asaf Gartner 8bc4b5a66c Added calendars 2024-01-28 19:12:59 +02:00
Asaf Gartner 65aab39432 Asset thumbnail backend 2023-05-17 22:34:55 +03:00
bvisness 0210a0784b Add Discord login (#106)
This leverages our existing Discord OAuth implementation. Any users with a linked Discord account will be able to log in immediately. When logging in, we request the `email` scope in addition to `identity`, so existing users will be prompted one time to accept the new permissions. On subsequent logins, Discord will skip the prompt.

When linking your Discord account to an existing HMN account, we continue to only request the `identity` scope, so we do not receive the user's Discord email.

Both login and linking go through the same Discord OAuth callback. All flows through the callback try to achieve the same end goal: a logged-in HMN user with a linked Discord account.

Linking works the same as it ever has. Login, however, is different because we do not have a session ID to use as the OAuth state. To account for this, I have added a `pending_login` table that stores a secure unique ID and the eventual destination URL. These pending logins expire after 10 minutes. When we receive the OAuth callback, we look up the pending login by the OAuth `state` and immediately delete it. The destination URL will be used to redirect the user to the right place.

If we have a `discord_user` entry for the OAuth'd Discord user, we immediately log the user into the associated HMN account. This is the typical login case. If we do not have a `discord_user`, but there is exactly one HMN user with the same email address as the Discord user, we will link the two accounts and log into the HMN account.

(It is possible for multiple HMN accounts to have the same email, because we don't have a uniqueness constraint there. We fail the login in this case rather than link to the wrong account.)

Finally, if no associated HMN user exists, a new one will be created. It will use the Discord user's username, email, and avatar. This user will have no password, but they can set or reset a password through the usual flows.

Co-authored-by: Ben Visness <bvisness@gmail.com>
Reviewed-on: hmn/hmn#106
2023-05-06 19:38:50 +00:00
bvisness e9d4300100 Rework requests and middleware (#57)
o boy

Resolves #10 (hopefully!)

Co-authored-by: Ben Visness <bvisness@gmail.com>
Reviewed-on: hmn/hmn#57
2022-06-24 21:38:11 +00:00
Ben Visness c1fa6cae13 Integrate Nick's local S3 server
Works like a charm!

Small tweak for clarity
2022-05-14 00:48:19 -05:00
Ben Visness 3a93aa93e9 Seed users (and rework a lot of user access to use new helpers) 2022-05-07 13:58:00 -05:00
Asaf Gartner 11dd75ad03 Twitch monitoring 2022-03-22 20:07:43 +02:00
Ben Visness 0184cd1625 Add admin utilities for adding projects 2021-11-11 15:59:05 -08:00
Ben Visness 16ae2188d1 Add background features to the Discord bot 2021-08-26 22:59:12 -05:00
Asaf Gartner c913b58e4c Added security timer middleware 2021-08-17 09:08:33 +03:00
Ben Visness 38a1188be7 Add Discord integration
Clean up several TODOs

Implement the full disconnect / resume flow

Detect zombied connections and restart

Implement the random delay on reconnect

Implement message sending!!

(with a goofy feedback loop on the echo bot)

Fix the feedback loop in the echo bot

Clean up the Discord gateway code

Many things are methods now to reduce the amount of explicit plumbing.
Connection handling should be a little more robust, and we have an
actual error handling strategy now.

Allow sending multiple Discord messages at once

Delete irrelevant tests

uhh, start rate limiting

Add per-route rate limiting

Add global rate limit handling

Handle context cancellation in Discord REST code

Allow changing buckets per route

Add the showcase rejection bot

Add library bot
2021-08-15 20:21:04 -05:00
Asaf Gartner 660f65ba95 Registration flow and email 2021-08-08 23:05:52 +03:00
Ben Visness 473255dbde Add pprof 2021-06-24 08:10:44 -05:00
Asaf Gartner 24c69b8157 Added performance monitoring 2021-04-26 09:56:49 +03:00
Asaf Gartner 470a0e4932 Moved min/max number of db connections to config file 2021-04-06 09:10:15 +03:00
Ben Visness 8929a5d749 Start porting landing page; rework db layer a bit 2021-03-30 22:55:19 -05:00
Ben Visness 8f2958594a Add a cron to delete expired sessions 2021-03-27 23:22:29 -05:00
Ben Visness 4fb161b3c6 Rework DB query stuff, use for projects 2021-03-21 15:38:37 -05:00
Ben Visness a4e2d625a3 Start migrating templates 2021-03-14 15:49:58 -05:00
Ben Visness b92adff355 Add first attempt at a middleware 2021-03-10 23:02:43 -06:00
Ben Visness 45763de9e6 Put Go stuff in the /src folder 2021-03-10 21:39:24 -06:00