add experimental "supertokens" that can send messages with any username or avatarurl

This commit is contained in:
hippoz 2022-02-10 01:15:39 +02:00
parent 52df7bb4af
commit 5ad5d0ceba
Signed by: hippoz
GPG key ID: 7C52899193467641
3 changed files with 16 additions and 7 deletions

View file

@ -1,3 +1,4 @@
import { use } from "express/lib/application";
import { WebSocketServer } from "ws"; import { WebSocketServer } from "ws";
import { guildMap } from "./common.js"; import { guildMap } from "./common.js";
import { decodeToken } from "./tokens.js"; import { decodeToken } from "./tokens.js";
@ -161,7 +162,8 @@ class GatewayServer {
username: user.username, username: user.username,
guildAccess: user.guildAccess, guildAccess: user.guildAccess,
discordID: user.discordID, discordID: user.discordID,
avatarURL: user.avatarURL avatarURL: user.avatarURL,
isSuperToken: user.isSuperToken
} }
} }
})); }));

View file

@ -13,12 +13,12 @@ router.post("/tokens/create", async (req, res) => {
if (!dangerousAdminMode) if (!dangerousAdminMode)
return res.status(403).send({ error: true, message: "ERROR_FEATURE_DISABLED" }); return res.status(403).send({ error: true, message: "ERROR_FEATURE_DISABLED" });
const { username, avatarURL, discordID, guildAccess } = req.body; const { username, avatarURL, discordID, guildAccess, isSuperToken=false } = req.body;
if (!username || !discordID || !guildAccess) if (!username || !discordID || !guildAccess)
return res.status(400).send({ error: true, message: "ERROR_BAD_REQUEST" }); return res.status(400).send({ error: true, message: "ERROR_BAD_REQUEST" });
try { try {
const token = await createToken({ username, avatarURL, discordID, guildAccess }); const token = await createToken({ username, avatarURL, discordID, guildAccess, isSuperToken });
res.status(200).send({ error: false, message: "SUCCESS_TOKEN_CREATED", token }); res.status(200).send({ error: false, message: "SUCCESS_TOKEN_CREATED", token });
} catch(e) { } catch(e) {
res.status(500).send({ error: true, message: "ERROR_TOKEN_CREATE_FAILURE" }); res.status(500).send({ error: true, message: "ERROR_TOKEN_CREATE_FAILURE" });
@ -30,7 +30,8 @@ router.get("/users/@self", checkAuth(async (req, res) => {
username: req.user.username, username: req.user.username,
avatarURL: req.user.avatarURL, avatarURL: req.user.avatarURL,
discordID: req.user.discordID, discordID: req.user.discordID,
guildAccess: req.user.guildAccess guildAccess: req.user.guildAccess,
isSuperToken: isSuperToken
}}); }});
})); }));
@ -48,7 +49,13 @@ router.post("/guilds/:guildId/channels/:channelId/messages/create", checkAuth(as
return res.status(400).send({ error: true, message: "ERROR_NO_CHANNEL_ID" }); return res.status(400).send({ error: true, message: "ERROR_NO_CHANNEL_ID" });
const { username, avatarURL, guildAccess } = req.user; let { username, avatarURL, guildAccess, isSuperToken } = req.user;
if (isSuperToken) {
if (req.body.username)
username = req.body.username;
if (req.body.avatarURL)
avatarURL = req.body.avatarURL;
}
if (guildAccess.indexOf(guildId) === -1) if (guildAccess.indexOf(guildId) === -1)
return res.status(403).send({ error: true, message: "ERROR_NO_GUILD_ACCESS" }); return res.status(403).send({ error: true, message: "ERROR_NO_GUILD_ACCESS" });

View file

@ -1,9 +1,9 @@
import jsonwebtoken from "jsonwebtoken"; import jsonwebtoken from "jsonwebtoken";
import { jwtSecret } from "./config.js"; import { jwtSecret } from "./config.js";
export function createToken({ username, avatarURL, discordID, guildAccess }) { export function createToken({ username, avatarURL, discordID, guildAccess, isSuperToken=false }) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
jsonwebtoken.sign({ username, avatarURL, discordID, guildAccess }, jwtSecret, (err, token) => { jsonwebtoken.sign({ username, avatarURL, discordID, guildAccess, isSuperToken }, jwtSecret, (err, token) => {
if (err) if (err)
return reject(err); return reject(err);