feat: migrate auth method from YouTube to Discord

Author: uetchy

.dockerignore

@@ -10,3 +10,4 @@ node_modules
 /src/**/*.test.ts
 /tmp
 /data
+*.tsbuildinfo

CONTRIBUTING.md

@@ -3,15 +3,15 @@
 ## Development Guide
 
 ```bash
-git clone https://github.com/holodata/shipid.git && cd shipid
+git clone https://github.com/holodata/ShipID.git && cd ShipID
 npm install
 cp .env.placeholder .env
 vim .env
 npm run devcontainer
 
 ```
 
-## Release Guide (Maintainers only)
+## Deploy Guide (Maintainers only)
 
 ```bash
 git pull
@@ -29,7 +29,6 @@ db.createUser({
 ## References
 
 - [discord.js](https://discord.js.org/#/docs/main/stable/general/welcome)
-- [discordjs-bot-guide/roles.md at master · AnIdiotsGuide/discordjs-bot-guide](https://github.com/AnIdiotsGuide/discordjs-bot-guide/blob/master/understanding/roles.md)
-- [googleapis/google-api-nodejs-client](https://github.com/googleapis/google-api-nodejs-client)
-- [Server Onboarding - Gentei](https://docs.member-gentei.tindabox.net/Discord/server-onboarding)
-
+- [Discord.js Guide](https://discordjs.guide/#before-you-begin)
+- [discordjs-bot-guide/roles.md](https://github.com/AnIdiotsGuide/discordjs-bot-guide/blob/master/understanding/roles.md)
+- [Gentei](https://docs.member-gentei.tindabox.net/Discord/server-onboarding)

Dockerfile

@@ -7,4 +7,4 @@ RUN yarn install --frozen-lockfile
 COPY . .
 RUN yarn build
 
-CMD ["node", "./lib/server.js"]
+CMD ["node", "./lib/server.js"]

README.md

@@ -2,8 +2,9 @@
 
 # ShipID
 
-A Discord bot provides automated YouTube membership verification and role assignment services on your server.
+> A fully-automated YouTube membership verification & role-assignment bot for Discord
 
-> Under development stage. Join our Discord server for the further info.
+> Under development stage. Join our Discord server for participating in dev process.
 
-**ShipID** is inspired by [Gentei](https://github.com/member-gentei/member-gentei) project. As a way to verify a user's membership, we are relying on the vast amount of live chat collected by our [Honeybee](https://github.com/holodata/honeybee) cluster. Therefore, minimal permissions are sufficient to check a user's YouTube account (we only ask for `youtube.read` scope).
+**ShipID** is inspired by [Gentei](https://github.com/member-gentei/member-gentei) project.
+As a way to verify a user's membership, we are relying on the vast amount of live chat collected by our [Honeybee](https://github.com/holodata/honeybee), and video comments as a backup strategy.

package.json

@@ -1,15 +1,17 @@
 {
   "name": "shipid",
-  "description": "YouTube Membership Verification Bot for Discord",
+  "description": "Fully-automated YouTube Membership Verification Bot",
   "version": "0.0.0",
   "author": "Yasuaki Uechi <[email protected]> (https://uechi.io/)",
   "scripts": {
     "build": "tsc",
-    "clean": "shx rm -rf lib",
+    "clean": "shx rm -rf lib && docker-compose down --rmi local",
+    "deploy-commands": "ts-node src/modules/discord/deploy-commands.ts",
     "dev": "run-p dev:*",
     "dev:server": "nodemon -w lib .",
     "dev:tsc": "tsc -w",
-    "devcontainer": "docker-compose -f docker-compose.development.yml up",
+    "devcontainer": "docker-compose -f docker-compose.development.yml up | grep -v mongo_1",
+    "predevcontainer": "npm run deploy-commands",
     "prepare": "husky install",
     "start": "node .",
     "test": "jest"
@@ -23,31 +25,30 @@
     "@discordjs/rest": "^0.1.0-canary.0",
     "@typegoose/typegoose": "^8.2.0",
     "debug": "^4.3.2",
-    "discord-api-types": "^0.23.1",
+    "discord-api-types": "^0.22.0",
     "discord.js": "^13.1.0",
     "express": "^4.17.1",
-    "googleapis": "^85.0.0",
     "jsonwebtoken": "^8.5.1",
     "luxon": "^2.0.2",
-    "moment": "^2.29.1",
-    "mongoose": "5.10.18",
+    "mongoose": "~5.13.8",
+    "node-fetch": "2",
     "node-schedule": "^2.0.0"
   },
   "devDependencies": {
     "@types/debug": "^4.1.7",
     "@types/express": "^4.17.13",
     "@types/jest": "^27.0.1",
     "@types/jsonwebtoken": "^8.5.5",
-    "@types/luxon": "^2.0.3",
-    "@types/mongoose": "~5.10.2",
-    "@types/node": "^16.9.1",
+    "@types/luxon": "^2.0.2",
+    "@types/node": "^16.7.8",
+    "@types/node-fetch": "2",
     "@types/node-schedule": "^1.3.2",
     "husky": "^7.0.2",
-    "jest": "^27.1.1",
-    "masterchat": "^0.9.0",
+    "jest": "^27.1.0",
+    "masterchat": "^0.8.0",
     "nodemon": "^2.0.12",
     "npm-run-all": "^4.1.5",
-    "prettier": "^2.4.0",
+    "prettier": "^2.3.2",
     "pretty-quick": "^3.1.1",
     "shx": "^0.3.3",
     "ts-jest": "^27.0.5",
@@ -63,9 +64,6 @@
     "url": "https://github.com/holodata/shipid/issues"
   },
   "license": "Apache-2.0",
-  "keywords": [
-    "shipid"
-  ],
   "engines": {
     "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
   },

src/constants.ts

@@ -2,25 +2,23 @@ import assert from "assert";
 
 export const isDev = process.env.NODE_ENV !== "production";
 
-export const PREFIX = process.env.BOT_PREFIX || "!sid";
+export const DISCORD_CLIENT_ID = process.env.DISCORD_CLIENT_ID!;
+assert(DISCORD_CLIENT_ID, "DISCORD_TOKEN is missing");
+
+export const DISCORD_CLIENT_SECRET = process.env.DISCORD_CLIENT_SECRET!;
+assert(DISCORD_CLIENT_SECRET, "DISCORD_TOKEN is missing");
 
 export const DISCORD_TOKEN = process.env.DISCORD_TOKEN!;
 assert(DISCORD_TOKEN, "DISCORD_TOKEN is missing");
 
 export const MONGODB_URL = process.env.MONGODB_URL!;
-// assert(MONGODB_URL, "MONGODB_URL is missing");
-
-export const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID!;
-assert(GOOGLE_CLIENT_ID, "GOOGLE_CLIENT_ID is missing");
-
-export const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET!;
-assert(GOOGLE_CLIENT_SECRET, "GOOGLE_CLIENT_SECRET is missing");
+if (!isDev) assert(MONGODB_URL, "MONGODB_URL is missing");
 
 export const JWT_SECRET = process.env.JWT_SECRET!;
 assert(JWT_SECRET);
 
 export const HB_MONGO_URI = process.env.HB_MONGO_URI!;
-assert(HB_MONGO_URI);
+if (!isDev) assert(HB_MONGO_URI);
 
 export const PORT = Number(process.env.PORT || 3000);
 

src/db.ts

@@ -1,7 +1,6 @@
-import UserModel, { User } from "./models/user";
 import GuildModel from "./models/guild";
+import UserModel, { User } from "./models/user";
 import VerificationModel, { Status } from "./models/verification";
-import { Membership } from "masterchat";
 
 export async function getUserByDiscordId(discordId: string) {
   return await UserModel.findOne({ discordId });

src/models/verification.ts

@@ -1,4 +1,3 @@
-import { Membership } from "masterchat";
 import mongoose, { Schema } from "mongoose";
 import { User } from "./user";
 

src/auth.ts src/modules/auth.ts

@@ -0,0 +1,173 @@
+import { APIConnection } from "discord-api-types";
+import { Request, Response, Router } from "express";
+import jwt from "jsonwebtoken";
+import fetch from "node-fetch";
+import { JWT_SECRET } from "../../constants";
+import { createOrUpdateUser } from "../../db";
+import { log } from "../../util";
+import { JwtToken } from "../auth";
+
+const DISCORD_AUTHORIZE_URL = "https://discord.com/api/oauth2/authorize";
+const DISCORD_TOKEN_URL = "https://discord.com/api/oauth2/token";
+
+function renderHTML(res: Response, content: string) {
+  res.contentType("html");
+  res.end(`<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ShipID</title>
+<style>
+html, body {
+  height: 100%;
+  font-family: sans-serif;
+  flex-direction: column;
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  text-align: center;
+}
+
+h1 {
+  font-size: 50pt;
+}
+
+</style>
+</head>
+<body>
+<h1>🚢 ShipID</h1>
+<p>${content}</p>
+</body>
+</html>`);
+}
+
+async function getConnections(token: string): Promise<APIConnection[]> {
+  const res = await fetch("https://discord.com/api/users/@me/connections", {
+    headers: { Authorization: `Bearer ${token}` },
+  });
+  if (res.status !== 200) throw new Error(res.statusText);
+  return await res.json();
+}
+
+export function createDiscordOAuthHandler({
+  clientId,
+  clientSecret,
+  redirectUri,
+}: {
+  clientId: string;
+  clientSecret: string;
+  redirectUri: string;
+}) {
+  function authorize(req: Request, res: Response) {
+    const state = req.query.state;
+    if (typeof state !== "string") {
+      return renderHTML(res.status(403), "no valid state found");
+    }
+    const params = {
+      response_type: "code",
+      client_id: clientId,
+      scope: "connections",
+      state,
+      redirect_uri: redirectUri,
+      prompt: "consent",
+    };
+    const authorizeUrl =
+      DISCORD_AUTHORIZE_URL + "?" + new URLSearchParams(params);
+    res.redirect(authorizeUrl);
+  }
+
+  async function getToken(code: string) {
+    const body = {
+      client_id: clientId,
+      client_secret: clientSecret,
+      grant_type: "authorization_code",
+      code: code,
+      redirect_uri: redirectUri,
+    };
+    const res = await fetch(DISCORD_TOKEN_URL, {
+      method: "POST",
+      body: new URLSearchParams(body),
+    });
+    return await res.json();
+  }
+
+  async function callback(req: Request, res: Response) {
+    const code = req.query.code;
+    if (typeof code !== "string") {
+      return renderHTML(res.status(403), "Invalid request");
+    }
+
+    // validate state
+    const state = req.query.state;
+    if (typeof state !== "string") {
+      return renderHTML(res.status(403), "Invalid state");
+    }
+
+    let id_token: JwtToken;
+    try {
+      id_token = jwt.verify(state, JWT_SECRET) as JwtToken;
+    } catch (err) {
+      return renderHTML(res.status(403), `Invalid state`);
+    }
+
+    if (Date.now() - id_token.iat > 1000 * 60 * 5) {
+      return renderHTML(
+        res.status(403),
+        `Your request has been expired. Try /verify again.`
+      );
+    }
+
+    // handle the code
+    const discordId = id_token.discordId;
+    console.log(discordId);
+
+    try {
+      const token = await getToken(code);
+
+      const connections = await getConnections(token.access_token);
+      const youtubeConnection = connections.find(
+        (conn) => conn.type === "youtube"
+      );
+      if (!youtubeConnection) {
+        // add YouTube to Discord account first!
+        return renderHTML(
+          res.status(403),
+          `Connect your YouTube account with Discord account first`
+        );
+      }
+
+      const channelName = youtubeConnection.name;
+      const youtubeChannelId = youtubeConnection.id;
+
+      // create user
+      const user = await createOrUpdateUser(discordId, {
+        youtubeChannelId,
+      });
+      log(channelName, user);
+
+      renderHTML(
+        res,
+        `Your YouTube account has successfully been confirmed. Return to Discord app and try \`/verify\` command again on the server where you want member-specific roles.`
+      );
+    } catch (err: any) {
+      if (err.code === "400") {
+        // invalid grant
+        return res.redirect("/discord/authorize");
+      }
+      console.log(err);
+      renderHTML(
+        res.status(500),
+        "Unexpected error has occurred. Ask admin (uetchy#1717)"
+      );
+    }
+  }
+
+  const router = Router();
+
+  router.get("/discord/authorize", authorize);
+  router.get("/discord/callback", callback);
+
+  return router;
+}