add experimental "supertokens" that can send messages with any username or avatarurl

GatewayServer.js

@@ -1,3 +1,4 @@
+import { use } from "express/lib/application";
 import { WebSocketServer } from "ws";
 import { guildMap } from "./common.js";
 import { decodeToken } from "./tokens.js";
@@ -161,7 +162,8 @@ class GatewayServer {
                                     username: user.username,
                                     guildAccess: user.guildAccess,
                                     discordID: user.discordID,
-                                    avatarURL: user.avatarURL
+                                    avatarURL: user.avatarURL,
+                                    isSuperToken: user.isSuperToken
                                 }
                             }
                         }));

routes/api.js

@@ -13,12 +13,12 @@ router.post("/tokens/create", async (req, res) => {
     if (!dangerousAdminMode)
         return res.status(403).send({ error: true, message: "ERROR_FEATURE_DISABLED" });
 
-    const { username, avatarURL, discordID, guildAccess } = req.body;
+    const { username, avatarURL, discordID, guildAccess, isSuperToken=false } = req.body;
     if (!username || !discordID || !guildAccess)
         return res.status(400).send({ error: true, message: "ERROR_BAD_REQUEST" });
 
     try {
-        const token = await createToken({ username, avatarURL, discordID, guildAccess });
+        const token = await createToken({ username, avatarURL, discordID, guildAccess, isSuperToken });
         res.status(200).send({ error: false, message: "SUCCESS_TOKEN_CREATED", token });
     } catch(e) {
         res.status(500).send({ error: true, message: "ERROR_TOKEN_CREATE_FAILURE" });
@@ -30,7 +30,8 @@ router.get("/users/@self", checkAuth(async (req, res) => {
         username: req.user.username,
         avatarURL: req.user.avatarURL,
         discordID: req.user.discordID,
-        guildAccess: req.user.guildAccess
+        guildAccess: req.user.guildAccess,
+        isSuperToken: isSuperToken
     }});
 }));
 
@@ -48,7 +49,13 @@ router.post("/guilds/:guildId/channels/:channelId/messages/create", checkAuth(as
         return res.status(400).send({ error: true, message: "ERROR_NO_CHANNEL_ID" });
 
 
-    const { username, avatarURL, guildAccess } = req.user;
+    let { username, avatarURL, guildAccess, isSuperToken } = req.user;
+    if (isSuperToken) {
+        if (req.body.username)
+            username = req.body.username;
+        if (req.body.avatarURL)
+            avatarURL = req.body.avatarURL;
+    }
 
     if (guildAccess.indexOf(guildId) === -1)
         return res.status(403).send({ error: true, message: "ERROR_NO_GUILD_ACCESS" });

tokens.js

@@ -1,9 +1,9 @@
 import jsonwebtoken from "jsonwebtoken";
 import { jwtSecret } from "./config.js";
 
-export function createToken({ username, avatarURL, discordID, guildAccess }) {
+export function createToken({ username, avatarURL, discordID, guildAccess, isSuperToken=false }) {
     return new Promise((resolve, reject) => {
-        jsonwebtoken.sign({ username, avatarURL, discordID, guildAccess }, jwtSecret, (err, token) => {
+        jsonwebtoken.sign({ username, avatarURL, discordID, guildAccess, isSuperToken }, jwtSecret, (err, token) => {
             if (err)
                 return reject(err);