Skip to content

Commit

Permalink
cleaned up login and session code
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dragon1320
Dragon1320 committed Jun 28, 2018
1 parent 3a930ea commit 6a232a0
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 122 deletions.
2 changes: 1 addition & 1 deletion src/web/middlewares/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ const authAdmin = (req, res, next) => {
.then(user_doc => {

if (user_doc.admin === false) {
return res.json({ status: 403, message: "Forbidden", error: "Your are not authorised to access this path" });
return res.json({ status: 403, message: "Forbidden", error: "You are not authorised to access this path" });
}

req.user = user_doc
Expand Down
202 changes: 81 additions & 121 deletions src/web/routes/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,160 +43,120 @@ router.get("/auth/discord", async (req, res) => {
}

if (session_doc !== undefined && session_doc.complete === true) {

return res.redirect("/dashboard");
}

const nonce = crypto.randomBytes(20).toString("hex");

const session = new schemas.SessionSchema({
nocne
nonce
});

let new_session_doc;
try {

session.save()
new_session_doc = await session.save();
} catch(error) {

apiLogger.error(error);
res.json({ status: 401, message: "Unauthorized", error });
}

/*
let session_doc = null;
if (req.cookies !== undefined && req.cookies.session !== undefined) {
session_doc = await fetchSession(req.cookies.session).catch(error => {
return null;
});
}
if (session_doc !== null && session_doc.complete === true) {
return res.redirect("/dashboard");
}
const nonce = crypto.randomBytes(20).toString("hex");
const session = new schemas.SessionSchema({
nonce
});
session
.save()
.then(session_doc => {
if (session_doc === null) {
return res.json({ status: 401, message: "Unauthorized", error: "Session doc not found after saving" });
}
res.cookie("session", jwt.sign({ id: session_doc._id }, config.jwt_secret));
res.redirect(`https://discordapp.com/api/oauth2/authorize?client_id=${config.discord_id}&redirect_uri=${encodeURIComponent(config.discord_redirect)}&response_type=code&scope=guilds%20identify&state=${nonce}`);
})
.catch(error => {
apiLogger.error(error);
res.json({ status: 401, message: "Unauthorized", error });
});
*/
res.cookie("session", jwt.sign({ id: new_session_doc._id }, config.jwt_secret));
res.redirect(`https://discordapp.com/api/oauth2/authorize?client_id=${config.discord_id}&redirect_uri=${encodeURIComponent(config.discord_redirect)}&response_type=code&scope=guilds%20identify&state=${nonce}`);
});

router.get("/auth/discord/callback", async (req, res) => {

let session_doc = null;
if (req.cookies !== undefined && req.cookies.session !== undefined) {
session_doc = await fetchSession(req.cookies.session).catch(error => {
return null;
});
}
let session_doc;
try {

session_doc = await fetchSession(req.cookies.session);
} catch(error) {

if (session_doc === null || session_doc.nonce === null) {
return res.json({ status: 401, message: "Unauthorized", error: "Error fetching session" });
apiLogger.error(error);
return res.json({ status: 401, message: "Unauthorized", error });
}

if (session_doc.nonce !== req.query.state) {
return res.json({ status: 401, message: "Unauthorized", error: "Login state was incorrect" });
}

axios({
let token_res;
try {

token_res = await axios({
method: "post",
url: `https://discordapp.com/api/oauth2/token?client_id=${config.discord_id}&client_secret=${config.discord_secret}&grant_type=authorization_code&code=${req.query.code}&redirect_uri=${encodeURIComponent(config.discord_redirect)}`,
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
})
.then(token_res => {

session_doc.discord.access_token = token_res.data.access_token;
session_doc.discord.token_type = token_res.data.token_type;
session_doc.discord.expires_in = token_res.data.expires_in;
session_doc.discord.refresh_token = token_res.data.refresh_token;
session_doc.discord.scope = token_res.data.scope;

axios({
method: "get",
url: "https://discordapp.com/api/v6/users/@me",
headers: {
"Authorization": `Bearer ${token_res.data.access_token}`
}
})
.then(user_res => {

session_doc.discord.id = user_res.data.id;
session_doc.nonce = null;
session_doc.complete = true;

session_doc
.save()
.then(session_doc => {
if (session_doc === null) {
return res.json({ status: 401, message: "Unauthorized", error: "Session doc not found after saving" });
}

schemas.UserSchema
.findOne({
discord_id: session_doc.discord.id
})
.then(user_doc => {
if (user_doc !== null) {

return res.redirect("/dashboard");
}

const new_user_doc = new schemas.UserSchema({
discord_id: session_doc.discord.id
});

new_user_doc
.save()
.then(new_user_doc => {
if (new_user_doc === null) {
return res.json({ status: 401, message: "Unauthorized", error: "User doc not found after saving" });
}

res.redirect("/dashboard");
})
.catch(error => {

res.json({ status: 401, message: "Unauthorized", error });
});
})
.catch(error => {

res.json({ status: 401, message: "Unauthorized", error });
});
})
.catch(error => {

res.json({ status: 401, message: "Unauthorized", error });
});
})
.catch(error => {

res.json({ status: 401, message: "Unauthorized", error });
});
})
.catch(error => {

res.json({ status: 401, message: "Unauthorized", error });
});
} catch(error) {

apiLogger.error(error);
return res.json({ status: 401, message: "Unauthorized", error });
}

let user_res;
try {

user_res = await axios({
method: "get",
url: "https://discordapp.com/api/v6/users/@me",
headers: {
"Authorization": `Bearer ${token_res.data.access_token}`
}
});
} catch(error) {

apiLogger.error(error);
return res.json({ status: 401, message: "Unauthorized", error });
}

let user_doc;
try {

user_doc = await schemas.UserSchema.findOne({ discord_id: user_res.data.id });
} catch(error) {

apiLogger.error(error);
return res.json({ status: 401, message: "Unauthorized", error });
}

if (user_doc === null) {

try {

user_doc = await new schemas.UserSchema({ discord_id: user_res.data.id }).save();
} catch(error) {

apiLogger.error(error);
return res.json({ status: 401, message: "Unauthorized", error });
}
}

session_doc.discord.access_token = token_res.data.access_token;
session_doc.discord.token_type = token_res.data.token_type;
session_doc.discord.expires_in = token_res.data.expires_in;
session_doc.discord.refresh_token = token_res.data.refresh_token;
session_doc.discord.scope = token_res.data.scope;

session_doc.discord.id = user_res.data.id;

session_doc.nonce = null;
session_doc.complete = true;

try {

await session_doc.save();
} catch(error) {

apiLogger.error(error);
return res.json({ status: 401, message: "Unauthorized", error });
}

res.redirect("/dashboard");
});

router.get("/", (req, res, next) => {
Expand Down

0 comments on commit 6a232a0

Please sign in to comment.