feat: added check for discord group membership

stratisproject · Mar 5, 2024 · 9ae8cc9 · 9ae8cc9
1 parent ae80591
commit 9ae8cc9
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 5 deletions.
diff --git a/internal/server/dto.go b/internal/server/dto.go
@@ -34,6 +34,10 @@ type discordTokenResponse struct {
 	ErrorDesc   string `json:"error_description"`
 }
 
+type isPendingResponse struct {
+	Pending bool `json:"pending"`
+}
+
 type infoResponse struct {
 	Account         string `json:"account"`
 	Network         string `json:"network"`

diff --git a/internal/server/server.go b/internal/server/server.go
@@ -139,6 +139,22 @@ func (s *Server) handleLogin() http.HandlerFunc {
 			return
 		}
 
+		if token.AccessToken == "" {
+			http.Error(w, "Could not login", http.StatusUnauthorized)
+			return
+		}
+
+		isPending, err := checkIfPending(token.AccessToken)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+			return
+		}
+
+		if isPending.Pending {
+			http.Error(w, "User is not verified in STratis discord", http.StatusBadRequest)
+			return
+		}
+
 		expirationTime := time.Now().Add(24 * time.Hour) // Expires in 24 hours
 		http.SetCookie(w, &http.Cookie{
 			Name:     "token",
@@ -147,9 +163,6 @@ func (s *Server) handleLogin() http.HandlerFunc {
 			HttpOnly: true, // This makes the cookie inaccessible to JavaScript
 		})
 
-		// You can send back a simple response
-		//w.Write([]byte("User logged in"))
-
 		renderJSON(w, authResponse{
 			Token: token.AccessToken,
 		}, http.StatusOK)
@@ -217,3 +230,32 @@ func exchangeCodeForToken(code, discordClientId, discordClientSecret, discordRed
 
 	return &tokenResp, nil
 }
+
+func checkIfPending(token string) (*isPendingResponse, error) {
+	// Make the request
+	req, err := http.NewRequest("GET", "https://discord.com/api/users/@me/guilds/404643249798512652/member", nil)
+	if err != nil {
+		log.Error(err)
+		return nil, err
+	}
+	req.Header.Add("Authorization", "Bearer "+token)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Error(err)
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	log.Info(resp.Body)
+
+	// Decode the response
+	var isPendingResp isPendingResponse
+	if err := json.NewDecoder(resp.Body).Decode(&isPendingResp); err != nil {
+		log.Error(err)
+		return nil, err
+	}
+
+	return &isPendingResp, nil
+}
diff --git a/web/src/Faucet.svelte b/web/src/Faucet.svelte
@@ -27,7 +27,8 @@
 
     const res = await fetch('/api/info');
     faucetInfo = await res.json();
-    loginUrl = `https://discord.com/api/oauth2/authorize?client_id=${faucetInfo.discord_client_id}&redirect_uri=${window.location.href}&response_type=code&scope=identify%20email`;
+    const baseUrl = window.location.protocol + "//" + window.location.hostname + (window.location.port ? ':' + window.location.port : '') + "/";
+    loginUrl = `https://discord.com/api/oauth2/authorize?client_id=${faucetInfo.discord_client_id}&redirect_uri=${baseUrl}&response_type=code&scope=identify%20email%20guilds.members.read%20guilds`;
 
     await checkAuthentication();
 
@@ -74,7 +75,10 @@
       const newUrl = window.location.pathname; // This retains the current path without the query parameters
       window.history.replaceState({}, '', newUrl);
     } else {
-      // Handle errors
+      loggedIn = false;
+      const newUrl = window.location.pathname; // This retains the current path without the query parameters
+      window.history.replaceState({}, '', newUrl);
+      toast({ message: "Make sure you are a verified user in Stratis Dscord", type: 'is-warning' });
     }
   }