feat(dashboard): actual settings page

can't save yet though, still have to deal with cors

Author: ToastedDev

api/package.json

@@ -1,23 +1,23 @@
 {
-    "name": "@chatr/api",
-    "type": "module",
-    "version": "0.1.0",
-    "scripts": {
-        "dev": "bun with-env bun --watch src/index.ts --dev",
-        "with-env": "dotenv -e ../.env --"
-    },
-    "dependencies": {
-        "cors": "^2.8.5",
-        "cron": "^3.1.7",
-        "express": "^4.19.2",
-        "jsonwebtoken": "^9.0.2",
-        "mysql2": "^3.10.3"
-    },
-    "devDependencies": {
-        "@types/bun": "latest",
-        "@types/cors": "^2.8.17",
-        "@types/express": "^4.17.21",
-        "@types/jsonwebtoken": "^9.0.7",
-        "dotenv-cli": "^7.4.2"
-    }
-}
+  "name": "@chatr/api",
+  "type": "module",
+  "version": "0.1.0",
+  "scripts": {
+    "dev": "bun with-env bun --watch src/index.ts --dev",
+    "with-env": "dotenv -e ../.env --"
+  },
+  "dependencies": {
+    "cors": "^2.8.5",
+    "cron": "^3.1.7",
+    "express": "^4.19.2",
+    "jsonwebtoken": "^9.0.2",
+    "mysql2": "^3.10.3"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "@types/cors": "^2.8.17",
+    "@types/express": "^4.17.21",
+    "@types/jsonwebtoken": "^9.0.7",
+    "dotenv-cli": "^7.4.2"
+  }
+}

api/src/db/queries/guilds.ts

@@ -5,7 +5,7 @@ import { pool } from "..";
 export interface Guild {
     id: string;
     name: string;
-    icon: string;
+    icon?: string;
     members: number;
     cooldown: number;
     updates_enabled: 0 | 1;

api/src/db/queries/oauth-users.ts

@@ -12,6 +12,15 @@ export interface OAuthUser {
     expires_at: Date;
 }
 
+export type OAuthUserWithoutTokens = Without<
+    OAuthUser,
+    "access_token" | "refresh_token" | "expires_at"
+>;
+
+type Without<T, K> = {
+    [L in keyof T]: L extends K ? undefined : T[L];
+};
+
 export function getOAuthUser(
     id: string
 ): Promise<[QueryError, null] | [null, OAuthUser]> {

api/src/index.ts

@@ -834,129 +834,159 @@ app.get("/auth/callback", async (req, res) => {
     res.redirect(`${WEBSITE_URL}/dashboard`);
 });
 
-app.get(
-    "/auth/user",
+const userRouter = express.Router();
+
+userRouter.use(
     cors({
         origin: ["http://localhost:56413", "https://chatr.fun"],
         credentials: true,
-    }),
-    async (req, res) => {
-        const user = await getUserFromRequest(req);
+    })
+);
+
+userRouter.get("/", async (req, res) => {
+    const user = await getUserFromRequest(req);
+
+    if (!user) return res.status(401).json({ message: "Unauthorized" });
 
-        if (!user) return res.status(401).json({ message: "Unauthorized" });
+    res.json({
+        ...user,
+        access_token: undefined,
+        refresh_token: undefined,
+        expires_at: undefined,
+    });
+});
 
-        res.json(user);
+userRouter.delete("/", async (req, res) => {
+    if (!(await getUserFromRequest(req))) {
+        return res.status(401).json({ message: "Unauthorized" });
     }
-);
 
-app.post(
-    "/auth/logout",
-    cors({
-        origin: ["http://localhost:56413", "https://chatr.fun"],
-        credentials: true,
-    }),
-    async (req, res) => {
-        if (!(await getUserFromRequest(req))) {
-            return res.status(401).json({ message: "Unauthorized" });
+    res.clearCookie("token");
+
+    return res.sendStatus(200);
+});
+
+app.use("/user/me", userRouter);
+
+app.get("/auth/user/guilds", async (req, res) => {
+    const user = await getUserFromRequest(req);
+
+    if (!user) return res.status(401).json({ message: "Unauthorized" });
+
+    const botGuildsResponse = await fetch(
+        "https://discord.com/api/users/@me/guilds",
+        {
+            headers: {
+                Authorization: `Bot ${process.env.DISCORD_TOKEN_DEV ?? process.env.DISCORD_TOKEN}`,
+            },
+        }
+    );
+    const botGuilds = await botGuildsResponse.json();
+
+    const [err, accessToken] = await getAccessToken(user);
+
+    if (err) return res.status(500).json({ message: err });
+
+    const userGuildsResponse = await fetch(
+        "https://discord.com/api/users/@me/guilds",
+        {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+            },
         }
+    );
+    const userGuilds = await userGuildsResponse.json();
 
-        res.clearCookie("token");
+    const filteredGuilds = userGuilds.filter(
+        (guild: any) => guild.owner || (guild.permissions & 0x20) === 0x20
+    );
 
-        return res.sendStatus(200);
-    }
-);
+    res.json(
+        filteredGuilds
+            .map((guild: any) => ({
+                ...guild,
+                icon: guild.icon
+                    ? `https://cdn.discordapp.com/icons/${guild.id}/${guild.icon}.webp`
+                    : null,
+                botIsInGuild: botGuilds.some(
+                    (botGuild: any) => botGuild.id === guild.id
+                ),
+            }))
+            .sort((a: any, b: any) => {
+                if (a.botIsInGuild === b.botIsInGuild) {
+                    return a.name.localeCompare(b.name);
+                }
 
-app.get(
-    "/auth/user/guilds",
+                return Number(b.botIsInGuild) - Number(a.botIsInGuild);
+            })
+    );
+});
+
+app.options(
+    "/auth/update-guild",
+    cors({
+        origin: ["http://localhost:56413", "https://chatr.fun"],
+        credentials: true,
+    })
+);
+app.put(
+    "/auth/update-guild",
     cors({
         origin: ["http://localhost:56413", "https://chatr.fun"],
         credentials: true,
     }),
     async (req, res) => {
-        const user = await getUserFromRequest(req);
-
-        if (!user) return res.status(401).json({ message: "Unauthorized" });
+        if (!(await getUserFromRequest(req)))
+            return res.status(401).json({ message: "Unauthorized" });
 
-        let accessToken = user.access_token;
+        const body = req.body;
+        const { guild } = req.body;
 
-        if (new Date().getTime() > user.expires_at.getTime()) {
-            const body = new URLSearchParams();
+        if (!guild) return res.status(400).json({ message: "Illegal request" });
 
-            body.append("client_id", process.env.DISCORD_CLIENT_ID!);
-            body.append("client_secret", process.env.DISCORD_CLIENT_SECRET!);
-            body.append("grant_type", "refresh_token");
-            body.append("refresh_token", user.refresh_token);
-            body.append("scope", "identify guilds");
+        if (body.cooldown) {
+            await setCooldown(guild, body.cooldown);
+        }
 
-            const tokenResponse = await fetch(
-                "https://discord.com/api/oauth2/token",
-                {
-                    method: "POST",
-                    body,
-                    headers: {
-                        "Content-Type": "application/x-www-form-urlencoded",
-                    },
-                }
-            );
+        if (body.updates.enabled === true) {
+            await enableUpdates(guild);
+        } else if (body.updates.enabled === false) {
+            await disableUpdates(guild);
+        }
 
-            if (tokenResponse.status !== 200) {
-                console.error("Error fetching token:", tokenResponse);
+        if (body.updates.channel) {
+            await setUpdatesChannel(guild, body.updates.channel);
+        }
 
-                return res
-                    .status(500)
-                    .json({ message: "Internal server error" });
-            }
+        return res.sendStatus(204);
+    }
+);
 
-            const tokenData = await tokenResponse.json();
+// TODO: fetch from the bot itself using discord.js
+// (would allow us to do permission filtering)
+app.get("/channels/:guild", authMiddleware, async (req, res) => {
+    const { guild } = req.params;
 
-            accessToken = tokenData.access_token;
+    const channelsResponse = await fetch(
+        `https://discord.com/api/v10/guilds/${guild}/channels`,
+        {
+            headers: {
+                Authorization: `Bot ${process.env.DISCORD_TOKEN_DEV ?? process.env.DISCORD_TOKEN}`,
+            },
         }
+    );
+    const channelsData = await channelsResponse.json();
 
-        const botGuildsResponse = await fetch(
-            `https://discord.com/api/users/@me/guilds`,
-            {
-                headers: {
-                    Authorization: `Bot ${process.env.DISCORD_TOKEN_DEV ?? process.env.DISCORD_TOKEN}`,
-                },
-            }
-        );
-        const botGuilds = await botGuildsResponse.json();
-
-        const userGuildsResponse = await fetch(
-            `https://discord.com/api/users/@me/guilds`,
-            {
-                headers: {
-                    Authorization: `Bearer ${accessToken}`,
-                },
-            }
-        );
-        const userGuilds = await userGuildsResponse.json();
+    if (channelsData.code === 50007) {
+        return res.status(404).json({ message: "Guild not found" });
+    }
 
-        const filteredGuilds = userGuilds.filter(
-            (guild: any) => guild.owner || (guild.permissions & 0x20) === 0x20
-        );
+    const channels = channelsData
+        .filter((channel: any) => channel.type === 0)
+        .sort((a: any, b: any) => a.position - b.position);
 
-        res.json(
-            filteredGuilds
-                .map((guild: any) => ({
-                    ...guild,
-                    icon: guild.icon
-                        ? `https://cdn.discordapp.com/icons/${guild.id}/${guild.icon}.webp`
-                        : null,
-                    botIsInGuild: botGuilds.some(
-                        (botGuild: any) => botGuild.id === guild.id
-                    ),
-                }))
-                .sort((a: any, b: any) => {
-                    if (a.botIsInGuild === b.botIsInGuild) {
-                        return a.name.localeCompare(b.name);
-                    }
-
-                    return Number(b.botIsInGuild) - Number(a.botIsInGuild);
-                })
-        );
-    }
-);
+    res.json(channels);
+});
 
 app.get("/invite", (req, res) => {
     const guildId = req.query.guild_id;
@@ -1084,6 +1114,45 @@ async function getUserFromRequest(req: Request): Promise<OAuthUser | null> {
 
     return user;
 }
+
+async function getAccessToken(
+    user: OAuthUser
+): Promise<[string, null] | [null, string]> {
+    let accessToken = user.access_token;
+
+    if (new Date().getTime() > user.expires_at.getTime()) {
+        const body = new URLSearchParams();
+
+        body.append("client_id", process.env.DISCORD_CLIENT_ID!);
+        body.append("client_secret", process.env.DISCORD_CLIENT_SECRET!);
+        body.append("grant_type", "refresh_token");
+        body.append("refresh_token", user.refresh_token);
+        body.append("scope", "identify guilds");
+
+        const tokenResponse = await fetch(
+            "https://discord.com/api/oauth2/token",
+            {
+                method: "POST",
+                body,
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                },
+            }
+        );
+
+        if (tokenResponse.status !== 200) {
+            console.error("Error fetching token:", tokenResponse);
+
+            return ["Internal server error", null];
+        }
+
+        const tokenData = await tokenResponse.json();
+
+        accessToken = tokenData.access_token;
+    }
+
+    return [null, accessToken];
+}
 //#endregion
 
 // TODO: actually implement this in a real way