Discord/GitHub account linking

Refresh.Common/Extensions/HttpContentExtensions.cs

@@ -0,0 +1,20 @@
+using System.Xml;
+using System.Xml.Serialization;
+using Newtonsoft.Json;
+
+namespace Refresh.Common.Extensions;
+
+public static class HttpContentExtensions
+{
+    public static T ReadAsXml<T>(this HttpContent content)
+    {
+        XmlSerializer serializer = new(typeof(T));
+
+        return (T)serializer.Deserialize(new XmlTextReader(content.ReadAsStream()))!;
+    }
+
+    public static T? ReadAsJson<T>(this HttpContent content)
+    {
+        return JsonConvert.DeserializeObject<T>(content.ReadAsStringAsync().Result);
+    }
+}

Refresh.Common/Extensions/NameValueCollectionExtensions.cs

@@ -0,0 +1,35 @@
+using System.Collections.Specialized;
+using System.Text;
+using System.Web;
+
+namespace Refresh.Common.Extensions;
+
+public static class NameValueCollectionExtensions
+{
+    public static string ToQueryString(this NameValueCollection queryParams)
+    {
+        StringBuilder builder = new();
+
+        if (queryParams.Count == 0)
+            return string.Empty;
+
+        builder.Append('?');
+        for (int i = 0; i < queryParams.Count; i++)
+        {
+            string? key = queryParams.GetKey(i);
+            string? val = queryParams.Get(i);
+
+            if (key == null)
+                continue;
+
+            builder.Append(HttpUtility.UrlEncode(key));
+            builder.Append('=');
+            if(val != null)
+                builder.Append(HttpUtility.UrlEncode(val));
+
+            builder.Append('&');
+        }
+
+        return builder.ToString();
+    }
+}

Refresh.Common/Helpers/CryptoHelper.cs

@@ -0,0 +1,16 @@
+using System.Security.Cryptography;
+
+namespace Refresh.Common.Helpers;
+
+public static class CryptoHelper
+{
+    public static string GetRandomBase64String(int length)
+    {
+        byte[] tokenData = new byte[length];
+
+        using RandomNumberGenerator rng = RandomNumberGenerator.Create();
+        rng.GetBytes(tokenData);
+
+        return Convert.ToBase64String(tokenData);
+    }
+}

Refresh.GameServer/Configuration/IntegrationConfig.cs

@@ -7,7 +7,7 @@ namespace Refresh.GameServer.Configuration;
 /// </summary>
 public class IntegrationConfig : Config
 {
-    public override int CurrentConfigVersion => 6;
+    public override int CurrentConfigVersion => 9;
     public override int Version { get; set; }
     protected override void Migrate(int oldVer, dynamic oldConfig)
     {
@@ -38,6 +38,50 @@ protected override void Migrate(int oldVer, dynamic oldConfig)
     public string DiscordNickname { get; set; } = "Refresh";
     public string DiscordAvatarUrl { get; set; } = "https://raw.githubusercontent.com/LittleBigRefresh/Branding/main/icons/refresh_512x.png";
 
+    #endregion
+
+    #region Discord OAuth
+
+    /// <summary>
+    /// Whether to enable discord OAuth support for account linking
+    /// </summary>
+    public bool DiscordOAuthEnabled { get; set; }
+
+    /// <summary>
+    /// The redirect URL to use for Discord OAuth requests, ex. `https://lbp.littlebigrefresh.com/api/v3/oauth/authenticate`
+    /// </summary>
+    public string DiscordOAuthRedirectUrl { get; set; } = "http://localhost:10061/api/v3/oauth/authenticate";
+    /// <summary>
+    /// The client ID of the OAuth application
+    /// </summary>
+    public string DiscordOAuthClientId { get; set; } = "";
+    /// <summary>
+    /// The client secret of the OAuth application
+    /// </summary>
+    public string DiscordOAuthClientSecret { get; set; } = "";
+
+    #endregion
+
+    #region GitHub OAuth
+
+    /// <summary>
+    /// Whether to enable GitHub OAuth support for account linking
+    /// </summary>
+    public bool GitHubOAuthEnabled { get; set; }
+
+    /// <summary>
+    /// The redirect URL to use for GitHub OAuth requests, ex. `https://lbp.littlebigrefresh.com/api/v3/oauth/authenticate`
+    /// </summary>
+    public string GitHubOAuthRedirectUrl { get; set; } = "http://localhost:10061/api/v3/oauth/authenticate";
+    /// <summary>
+    /// The client ID of the OAuth application
+    /// </summary>
+    public string GitHubOAuthClientId { get; set; } = "";
+    /// <summary>
+    /// The client secret of the OAuth application
+    /// </summary>
+    public string GitHubOAuthClientSecret { get; set; } = "";
+
     #endregion
 
     #region AIPI

Refresh.GameServer/Database/GameDatabaseContext.OAuth.cs

@@ -0,0 +1,98 @@
+using Refresh.Common.Helpers;
+using Refresh.GameServer.Time;
+using Refresh.GameServer.Types.OAuth;
+using Refresh.GameServer.Types.OAuth.Discord;
+using Refresh.GameServer.Types.UserData;
+using OAuthRequest = Refresh.GameServer.Types.OAuth.OAuthRequest;
+
+namespace Refresh.GameServer.Database;
+
+public partial class GameDatabaseContext // oauth
+{
+    public string CreateOAuthRequest(GameUser user, IDateTimeProvider timeProvider, OAuthProvider provider)
+    {
+        string state = CryptoHelper.GetRandomBase64String(128);
+
+        this.Write(() =>
+        {
+            this.OAuthRequests.Add(new OAuthRequest
+            {
+                User = user,
+                State = state,
+                ExpiresAt = timeProvider.Now + TimeSpan.FromHours(1), // 1 hour expiry
+                Provider = provider,
+            });
+        });
+
+        return state;
+    }
+
+    /// <summary>
+    /// Returns the OAuthProvider used in a request
+    /// </summary>
+    /// <param name="state">The OAuth request state</param>
+    /// <returns>The provider, or null if no request was found with that state</returns>
+    public OAuthProvider? OAuthGetProviderForRequest(string state) 
+        => this.OAuthRequests.FirstOrDefault(d => d.State == state)?.Provider;
+
+    public GameUser SaveOAuthToken(string state, OAuth2AccessTokenResponse tokenResponse, IDateTimeProvider timeProvider, OAuthProvider provider)
+    {
+        OAuthRequest request = this.OAuthRequests.First(d => d.State == state);
+        GameUser user = request.User;
+
+        this.Write(() =>
+        {
+            OAuthTokenRelation? relation = this.OAuthTokenRelations.FirstOrDefault(d => d.User == request.User && d._Provider == (int)provider);
+            if (relation == null)
+            {
+                this.OAuthTokenRelations.Add(relation = new OAuthTokenRelation
+                {
+                    User = request.User,
+                    Provider = request.Provider,
+                });
+            }
+
+            this.UpdateOAuthToken(relation, tokenResponse, timeProvider);
+
+            this.OAuthRequests.Remove(request);
+        });
+
+        return user;
+    }
+
+    public void UpdateOAuthToken(OAuthTokenRelation token, OAuth2AccessTokenResponse tokenResponse, IDateTimeProvider timeProvider)
+    {
+        this.Write(() =>
+        {
+            token.AccessToken = tokenResponse.AccessToken;
+            token.RefreshToken = tokenResponse.RefreshToken;
+            // If we don't have a revocation date, then we assume it never expires, and will just handle a revoked token at request time
+            token.AccessTokenRevocationTime = tokenResponse.ExpiresIn == null ? DateTimeOffset.MaxValue : timeProvider.Now + TimeSpan.FromSeconds(tokenResponse.ExpiresIn.Value);
+        });
+    }
+
+    public OAuthTokenRelation? GetOAuthTokenFromUser(GameUser user, OAuthProvider provider) 
+        => this.OAuthTokenRelations.FirstOrDefault(d => d.User == user && d._Provider == (int)provider);
+
+    public int RemoveAllExpiredOAuthRequests(IDateTimeProvider timeProvider)
+    {
+        IQueryable<OAuthRequest> expired = this.OAuthRequests.Where(d => d.ExpiresAt < timeProvider.Now);
+
+        int removed = expired.Count();
+
+        this.Write(() =>
+        {
+            this.OAuthRequests.RemoveRange(expired);
+        });
+
+        return removed;
+    }
+
+    public void RevokeOAuthToken(OAuthTokenRelation token)
+    {
+        this.Write(() =>
+        {
+            this.OAuthTokenRelations.Remove(token);
+        });
+    }
+}

Refresh.GameServer/Database/GameDatabaseContext.Tokens.cs

@@ -1,5 +1,6 @@
 using System.Security.Cryptography;
 using JetBrains.Annotations;
+using Refresh.Common.Helpers;
 using Refresh.GameServer.Authentication;
 using Refresh.GameServer.Types.UserData;
 
@@ -23,16 +24,6 @@ static GameDatabaseContext()
         GameCookieLength = (int)Math.Floor((MaxGameCookieLength - GameCookieHeader.Length - MaxBase64Padding) * 3 / 4.0);
     }
 
-    private static string GetTokenString(int length)
-    {
-        byte[] tokenData = new byte[length];
-
-        using RandomNumberGenerator rng = RandomNumberGenerator.Create();
-        rng.GetBytes(tokenData);
-
-        return Convert.ToBase64String(tokenData);
-    }
-
     public Token GenerateTokenForUser(GameUser user, TokenType type, TokenGame game, TokenPlatform platform, string ipAddress, int tokenExpirySeconds = DefaultTokenExpirySeconds)
     {
         // TODO: JWT (JSON Web Tokens) for TokenType.Api
@@ -42,7 +33,7 @@ public Token GenerateTokenForUser(GameUser user, TokenType type, TokenGame game,
         Token token = new()
         {
             User = user,
-            TokenData = GetTokenString(cookieLength),
+            TokenData = CryptoHelper.GetRandomBase64String(cookieLength),
             TokenType = type,
             TokenGame = game,
             TokenPlatform = platform,

Refresh.GameServer/Database/GameDatabaseContext.Users.cs

@@ -203,6 +203,9 @@ public void UpdateUserData(GameUser user, ApiUpdateUserRequest data)
 
             if (data.ShowModdedContent != null)
                 user.ShowModdedContent = data.ShowModdedContent.Value;
+
+            if (data.DiscordProfileVisibility != null)
+                user.DiscordProfileVisibility = data.DiscordProfileVisibility.Value;
         });
     }
 

Refresh.GameServer/Database/GameDatabaseContext.cs

@@ -12,12 +12,15 @@
 using Refresh.GameServer.Types.Contests;
 using Refresh.GameServer.Types.Levels;
 using Refresh.GameServer.Types.Notifications;
+using Refresh.GameServer.Types.OAuth;
+using Refresh.GameServer.Types.OAuth.Discord;
 using Refresh.GameServer.Types.Photos;
 using Refresh.GameServer.Types.Playlists;
 using Refresh.GameServer.Types.Relations;
 using Refresh.GameServer.Types.Reviews;
 using Refresh.GameServer.Types.UserData;
 using Refresh.GameServer.Types.UserData.Leaderboard;
+using OAuthRequest = Refresh.GameServer.Types.OAuth.OAuthRequest;
 
 namespace Refresh.GameServer.Database;
 
@@ -61,6 +64,8 @@ public partial class GameDatabaseContext : RealmDatabaseContext
     private RealmDbSet<GamePlaylist> GamePlaylists => new(this._realm);
     private RealmDbSet<LevelPlaylistRelation> LevelPlaylistRelations => new(this._realm);
     private RealmDbSet<SubPlaylistRelation> SubPlaylistRelations => new(this._realm);
+    private RealmDbSet<OAuthRequest> OAuthRequests => new(this._realm);
+    private RealmDbSet<OAuthTokenRelation> OAuthTokenRelations => new(this._realm);
 
     internal GameDatabaseContext(IDateTimeProvider time)
     {

Refresh.GameServer/Database/GameDatabaseProvider.cs

@@ -12,11 +12,14 @@
 using Refresh.GameServer.Types.Contests;
 using Refresh.GameServer.Types.Levels.SkillRewards;
 using Refresh.GameServer.Types.Notifications;
+using Refresh.GameServer.Types.OAuth;
+using Refresh.GameServer.Types.OAuth.Discord;
 using Refresh.GameServer.Types.Relations;
 using Refresh.GameServer.Types.Reviews;
 using Refresh.GameServer.Types.UserData.Leaderboard;
 using Refresh.GameServer.Types.Photos;
 using Refresh.GameServer.Types.Playlists;
+using OAuthRequest = Refresh.GameServer.Types.OAuth.OAuthRequest;
 
 namespace Refresh.GameServer.Database;
 
@@ -34,7 +37,7 @@ protected GameDatabaseProvider(IDateTimeProvider time)
         this._time = time;
     }
 
-    protected override ulong SchemaVersion => 159;
+    protected override ulong SchemaVersion => 162;
 
     protected override string Filename => "refreshGameServer.realm";
 
@@ -86,6 +89,10 @@ protected GameDatabaseProvider(IDateTimeProvider time)
         typeof(GamePlaylist),
         typeof(LevelPlaylistRelation),
         typeof(SubPlaylistRelation),
+
+        // oauth
+        typeof(OAuthRequest),
+        typeof(OAuthTokenRelation),
     ];
 
     public override void Warmup()

Refresh.GameServer/Endpoints/ApiV3/ApiTypes/Errors/ApiNotFoundError.cs

@@ -21,7 +21,13 @@ public class ApiNotFoundError : ApiError
 
     public const string ContestMissingErrorWhen = "The contest could not be found";
     public static readonly ApiNotFoundError ContestMissingError = new(ContestMissingErrorWhen);
+
+    public const string OAuthTokenMissingErrorWhen = "An OAuth token for this user could not be found";
+    public static readonly ApiNotFoundError OAuthTokenMissingError = new(OAuthTokenMissingErrorWhen);
 
+    public const string OAuthProviderMissingErrorWhen = "The OAuth provider could not be found";
+    public static readonly ApiNotFoundError OAuthProviderMissingError = new(OAuthProviderMissingErrorWhen);
+
     private ApiNotFoundError() : base("The requested resource was not found", NotFound)
     {}
 

Refresh.GameServer/Endpoints/ApiV3/ApiTypes/Errors/ApiNotSupportedError.cs

@@ -0,0 +1,18 @@
+namespace Refresh.GameServer.Endpoints.ApiV3.ApiTypes.Errors;
+
+public class ApiNotSupportedError : ApiError
+{
+    public static readonly ApiNotSupportedError Instance = new();
+
+    public const string OAuthProviderTokenRevocationUnsupportedErrorWhen = "This OAuth provider does not support token revocation";
+    public static readonly ApiNotSupportedError OAuthProviderTokenRevocationUnsupportedError = new(OAuthProviderTokenRevocationUnsupportedErrorWhen);
+
+    public const string OAuthProviderDisabledErrorWhen = "The server does not have this OAuth provider enabled";
+    public static readonly ApiNotSupportedError OAuthProviderDisabledError = new(OAuthProviderDisabledErrorWhen);
+
+    private ApiNotSupportedError() : base("The server is not configured to support this endpoint.", NotImplemented)
+    {}
+
+    private ApiNotSupportedError(string message) : base(message, NotImplemented)
+    {}
+}

Refresh.GameServer/Endpoints/ApiV3/DataTypes/IApiResponse.cs

@@ -1,6 +1,3 @@
 namespace Refresh.GameServer.Endpoints.ApiV3.DataTypes;
 
-public interface IApiResponse
-{
-
-}
+public interface IApiResponse;

Refresh.GameServer/Endpoints/ApiV3/DataTypes/Request/ApiUpdateUserRequest.cs

@@ -20,4 +20,5 @@ public class ApiUpdateUserRequest
 
     public Visibility? LevelVisibility { get; set; }
     public Visibility? ProfileVisibility { get; set; }
+    public Visibility? DiscordProfileVisibility { get; set; }
 }

Refresh.GameServer/Endpoints/ApiV3/DataTypes/Response/ApiInstanceResponse.cs

@@ -44,6 +44,7 @@ public class ApiInstanceResponse : IApiResponse
 
     public required IEnumerable<ApiGameAnnouncementResponse> Announcements { get; set; }
     public required ApiRichPresenceConfigurationResponse RichPresenceConfiguration { get; set; }
+    public required bool DiscordOAuthEnabled { get; set; }
 
     public required bool MaintenanceModeEnabled { get; set; }
     public required string? GrafanaDashboardUrl { get; set; }