discord-strategy 2.1.4

package/.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 No Name
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,195 @@
+# Discord OAuth2 Strategy for Passport.js
+
+## Overview
+
+This repository contains a custom OAuth2 strategy for authenticating with Discord using Passport.js. It facilitates user authentication via Discord and enables the retrieval of user data, including profile information, guilds, and connections.
+
+## Installation
+
+To use this strategy, first install Passport.js and then the custom strategy:
+
+```bash
+npm install passport discord-strategy
+```
+
+## Usage
+
+Integrate the strategy into your Express application as follows:
+
+### Example Setup
+
+```javascript
+const express = require("express");
+const passport = require("passport");
+const Strategy = require("discord-strategy");
+
+const app = express();
+
+// Define options for the Strategy
+const options = {
+  clientID: "YOUR_CLIENT_ID",
+  clientSecret: "YOUR_CLIENT_SECRET",
+  callbackURL: "http://localhost:3000/auth/discord/callback",
+  scope: ["identify", "email", "guilds", "connections", "guilds.members.read"], // Example scopes
+};
+
+// Create a new instance of the Strategy
+passport.use(new Strategy(options, verify));
+
+async function verify(accessToken, refreshToken, profile, done, consume) {
+  try {
+    // Fetch connections, guilds, guild member concurrently
+    await Promise.all([
+      consume.connections(),
+      consume.guilds(),
+      console.memeber("613425648685547541"), //https://discord.com/developers/docs/resources/user#get-current-user
+    ]);
+    profile = consume.profile();
+    console.log("Authentication successful!");
+    done(null, profile);
+  } catch (error) {
+    done(error?.data || error, null);
+  }
+}
+
+// Initialize Passport
+app.use(passport.initialize());
+
+// Define routes
+app.get("/auth/discord", passport.authenticate("discord"));
+
+app.get(
+  "/auth/discord/callback",
+  passport.authenticate("discord", { session: false }),
+  (req, res) => {
+    res.send(`
+      <h1>Authentication successful!</h1>
+      <h2>User Profile:</h2>
+      <pre>${JSON.stringify(req.user, null, 2)}</pre>
+    `);
+  }
+);
+
+app.listen(3000, () => {
+  console.log("Login via http://localhost:3000/auth/discord");
+});
+```
+
+## Strategy Options
+
+- **`clientID`**: Your Discord application's Client ID.
+- **`clientSecret`**: Your Discord application's Client Secret.
+- **`callbackURL`**: The URL to which Discord will redirect after authorization.
+- **`scope`**: An array of scopes specifying the level of access (default: `["identify", "email"]`).
+
+## Consumable Functions
+
+With the v2.0 patch, all utility functions are now encapsulated in a new `consume` parameter.
+
+List of Consumable Functions
+
+- **`guilds(callback?)`**: Fetches the user's connections. Requires the `connections` scope.
+
+- **`connections(callback?)`**: Fetches the guilds the user is part of. Requires the `guilds` scope.
+
+- **`guildJoiner(botToken: string, serverId: string, nickname: string, roles: string[], callback)`**: join the specified guild.
+
+- **`member(guild_id: string)`**: Returns a guild member object for the current user and creates a member property inside the profile. Within the member property, there is a guild_id. If profile.member.guild_id is null, the user is not in that guild. This requires the guilds.members.read OAuth2 scope.
+
+- **`resolver(key, api)`**: Fetches data from a specified API endpoint and stores it under the given key in the profile.
+
+- **`consume.resolverCallbackBased(key, api, callback)`**: Allows customization of data fetching with more complex API interactions. The access token is sent as a query parameter btw.
+
+- **`consume.profile()`**: Returns the updated user profile.
+
+### Example Usage
+
+## Concurrent Data Fetching
+
+```js
+async function verify(accessToken, refreshToken, profile, done, consume) {
+  try {
+    await Promise.all([consume.connections(), consume.guilds()]);
+    profile = consume.profile();
+    console.log("[Asynchronous] Authentication successful!", profile);
+    done(null, profile);
+  } catch (err) {
+    done(err, null);
+  }
+}
+```
+
+**Callback based Data Fetching (Not Recommended // extreme-slow)**
+
+```js
+async function verify(accessToken, refreshToken, profile, done, consume) {
+  consume.connections((err) => {
+    if (err) return done(err, false);
+    consume.guilds((err) => {
+      if (err) return done(err, false);
+      console.log("[Synchronous] Authentication successful!", profile);
+      done(null, profile);
+    });
+  });
+}
+```
+
+### Resolver Functions
+
+## Basic Get Resolver
+
+```javascript
+async function verify(accessToken, refreshToken, profile, done, consume) {
+  try {
+    await consume.resolver("guilds", "users/@me/guilds");
+    profile = consume.profile();
+    done(null, profile);
+  } catch (err) {
+    done(err, null);
+  }
+}
+```
+
+## Basic Information Only
+
+For scenarios where only basic user information is needed:
+
+```javascript
+function verify(accessToken, refreshToken, profile, done) {
+  console.log("Fetched", profile);
+  return done(null, profile);
+}
+```
+
+## Refresh Tokens and Additional Handling
+
+If you need to store the `refreshToken`, manage sessions, or handle other processes unrelated to Discord OAuth, please refer to the Passport.js documentation for more information on managing these tasks or explore other strategies that might be necessary for additional handling.
+
+## Changelog
+
+### v2.1 Patch
+
+- Added `consume.member("guild_id")`,Returns a guild member object for the current user. https://discord.com/developers/docs/resources/user#get-current-user-guild-member
+
+- Resolver function now rejects the promise instead of throwing an error.
+
+### v2.0.1 Patch
+
+- Fixed typo and doc error
+
+### v2.0 Patch
+
+- Switched to an asynchronous approach `async/await` for non-blocking operations.
+- Significantly improved performance compared to the previous version.
+- Introduced the `consume` parameter to encapsulate utility functions.
+- Removed the clean function, as the profile object is no longer need to be sanitize, replacement `consume.profile()` now returns a latest profile object.
+- Added support for both asynchronous and callback-based resolvers.
+
+### v1.1 Patch
+
+- No longer required to pass the access token to the consumable functions.
+- Added two new consumable functions: `complexResolver()` and `guildJoiner()`.
+
+### v1.0.1 Patch
+
+- Bound the cleaner function to the `clean` property of the profile (`profile.clean()`).

package/index.js

@@ -0,0 +1,416 @@
+const OAuth2Strategy = require("passport-oauth2");
+const { InternalOAuthError } = require("passport-oauth2");
+const url = require("node:url");
+const utils = require("passport-oauth2/lib/utils");
+const base64url = require("base64url");
+const crypto = require("crypto");
+
+const API_BASE = "https://discord.com/api/";
+
+/**
+ * Represents the Discord OAuth2 strategy for Passport.
+ * Extends the base OAuth2Strategy to provide custom behavior for Discord's API.
+ * @param {Object} options - Configuration options for the strategy.
+ * @param {Function} verify - Verification callback for the strategy.
+ * @throws Will throw an error if required options are missing.
+ */
+class Strategy extends OAuth2Strategy {
+  constructor(options, verify) {
+    options = options || {};
+    options.authorizationURL = options.authorizationURL || "https://discord.com/api/oauth2/authorize";
+    options.tokenURL = options.tokenURL || "https://discord.com/api/oauth2/token";
+    options.scopeSeparator = options.scopeSeparator || " ";
+    options.scope = options.scope || [
+      "identify",
+      "email",
+    ];
+
+    if (!options.callbackURL) throw new Error("Missing callbackURL property");
+    if (!options.clientID) throw new Error("Missing clientID property");
+    if (!options.clientSecret) throw new Error("Missing clientSecret property");
+    super(options, verify);
+    this.options = options;
+    this.verify = verify;
+    this.name = "discord";
+    this._oauth2.useAuthorizationHeaderforGET(true);
+  }
+
+  /**
+   * Fetches the user profile from Discord using the provided access token.
+   * @param {string} accessToken - The access token for the user.
+   * @param {Function} done - Callback to handle the user profile.
+   */
+  async userProfile(accessToken, done) {
+    try {
+      const profile = await this.resolveApi("users/@me", accessToken);
+      const consumable = {
+        guilds: this.getGuilds.bind(this, profile, accessToken),
+        guildJoiner: this.guildJoiner.bind(this, profile, accessToken),
+        connections: this.getConnection.bind(this, profile, accessToken),
+        member: this.getMember.bind(this, profile, accessToken),
+        complexResolver: this._oauth2._request,
+        profile: () => profile,
+        resolver: async (key, api) => {
+          return new Promise(async (resolve, reject) => {
+            try {
+              const data = await this.resolveApi(api, accessToken);
+              profile[key] = data;
+              resolve(profile);
+            } catch (err) {
+              reject(err);
+            }
+          })
+        },
+        resolverCallbackBased: async (key, api, done) => {
+          try {
+            const data = await this.resolveApi(api, accessToken);
+            profile[key] = data;
+            done(null, profile);
+          } catch (err) {
+            done(err, null);
+          }
+        },
+      };
+      profile.avatarUrl = profile.avatar
+        ? `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}`
+        : undefined;
+      done(null, { profile, consumable });
+    } catch (e) {
+      done(e, null);
+    }
+  }
+
+  /**
+   * Retrieves the connections associated with the user's Discord account.
+   * @param {Object} profile - The user's profile.
+   * @param {string} accessToken - The access token for the user.
+   * @throws Will throw an error if the required scope is not included.
+   */
+  async getConnection(profile, accessToken, done) {
+    if (!this.options.scope || !this.options.scope.includes("connections")) {
+      throw new Error("Missing Scope, 'connections'");
+    }
+
+    try {
+      const connections = await this.resolveApi("users/@me/connections", accessToken);
+      profile.connections = connections;
+      if (done) done(null, profile)
+    } catch (e) {
+      if (done) return done(e, null)
+      return e;
+    }
+  }
+
+  /**
+   * Retrieves the guilds associated with the user's Discord account.
+   * @param {Object} profile - The user's profile.
+   * @param {string} accessToken - The access token for the user.
+   * @throws Will throw an error if the required scope is not included.
+   */
+  async getGuilds(profile, accessToken, done) {
+    if (!this.options.scope || !this.options.scope.includes("guilds")) {
+      throw new Error("Missing Scope, 'guilds'");
+    }
+
+    try {
+      const guilds = await this.resolveApi("users/@me/guilds", accessToken);
+      profile.guilds = guilds;
+      if (done) done(null, profile)
+    } catch (e) {
+      if (done) return done(e, null)
+      return e;
+    }
+  }
+
+  async getMember(profile, accessToken, guild_id, done) {
+    if (!this.options.scope || !this.options.scope.includes("guilds.members.read")) {
+      throw new Error("Missing Scope, 'guilds.members.read'");
+    }
+    if (!profile.member) {
+      profile.member = {}
+    }
+
+    try {
+      const member = await this.resolveApi(`users/@me/guilds/${guild_id}/member`, accessToken);
+      profile.member[guild_id] = member;
+      if (done) done(null, profile)
+    } catch (e) {
+      if (JSON.parse(e.data)?.code == 10004) {
+        profile.member[guild_id] = null
+        e = null
+      }
+      else {
+        if (done) return done(e, profile)
+        return e;
+      }
+    }
+
+  }
+
+  /**
+   * Adds a user to a guild with the specified roles and nickname.
+   * @param {Object} profile - The user's profile.
+   * @param {string} accessToken - The access token for the user.
+   * @param {string} botToken - The bot token for guild authorization.
+   * @param {string} serverId - The ID of the server to join.
+   * @param {string} nick - The nickname to assign to the user.
+   * @param {string[]} roles - The roles to assign to the user.
+   * @param {Function} done - Callback for handling the result.
+   */
+  async guildJoiner(profile, accessToken, botToken, serverId, nick, roles, done) {
+    if (!this.options.scope || !this.options.scope.includes("guilds.join")) {
+      done(new Error("Missing Scope, 'guilds.join'"));
+      return;
+    }
+
+    const body = {
+      access_token: accessToken,
+      nick,
+      roles,
+    };
+
+    try {
+      const res = await new Promise((resolve, reject) => {
+        this._oauth2._request(
+          "PUT",
+          `${API_BASE}guilds/${serverId}/members/${profile.id}`,
+          {
+            Authorization: `Bot ${botToken}`,
+            "content-type": "application/json",
+          },
+          JSON.stringify(body),
+          null,
+          (err, result, response) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(response);
+            }
+          }
+        );
+      });
+      if (res.statusCode === 201 || res.statusCode === 204) {
+        done(null, null);
+      } else {
+        done(new Error(`Unexpected status code: ${res.statusCode}`));
+      }
+    } catch (error) {
+      done(error);
+    }
+  }
+
+  /**
+   * Resolves an API endpoint and parses the response.
+   * @param {string} api - The API endpoint to resolve.
+   * @param {string} accessToken - The access token for the user.
+   * @returns {Promise<Object>} The resolved data.
+   * @throws Will throw an error for request or parsing issues.
+   */
+  async resolveApi(api, accessToken) {
+    return new Promise(async (res, rej) => {
+      try {
+        const result = await new Promise((resolve, reject) => {
+          this._oauth2.get(`${API_BASE}${api}`, accessToken, (err, result) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          });
+        });
+        res(JSON.parse(result))
+      } catch (err) {
+        if (err instanceof SyntaxError) {
+          reject(new Error("Failed to parse the user profile."));
+        }
+        // throw new InternalOAuthError("Failed to resolve API", err);
+        rej(err)
+      }
+    })
+  }
+
+  /**
+   * Authenticate the request.
+   * @param {Object} req - The request object.
+   * @param {Object} options - Authentication options.
+   */
+  authenticate = function (req, options) {
+    options = options || {};
+    var self = this;
+
+    if (req.query && req.query.error) {
+      if (req.query.error == 'access_denied') {
+        return this.fail({ message: req.query.error_description });
+      } else {
+        return this.error(new AuthorizationError(req.query.error_description, req.query.error, req.query.error_uri));
+      }
+    }
+
+    var callbackURL = options.callbackURL || this._callbackURL;
+    if (callbackURL) {
+      var parsed = url.parse(callbackURL);
+      if (!parsed.protocol) {
+        // The callback URL is relative, resolve a fully qualified URL from the
+        // URL of the originating request.
+        callbackURL = url.resolve(utils.originalURL(req, { proxy: this._trustProxy }), callbackURL);
+      }
+    }
+
+    var meta = {
+      authorizationURL: this._oauth2._authorizeUrl,
+      tokenURL: this._oauth2._accessTokenUrl,
+      clientID: this._oauth2._clientId,
+      callbackURL: callbackURL
+    }
+
+    if ((req.query && req.query.code) || (req.body && req.body.code)) {
+      function loaded(err, ok, state) {
+        if (err) { return self.error(err); }
+        if (!ok) {
+          return self.fail(state, 403);
+        }
+
+        var code = (req.query && req.query.code) || (req.body && req.body.code);
+
+        var params = self.tokenParams(options);
+        params.grant_type = 'authorization_code';
+        if (callbackURL) { params.redirect_uri = callbackURL; }
+        if (typeof ok == 'string') { // PKCE
+          params.code_verifier = ok;
+        }
+
+        self._oauth2.getOAuthAccessToken(code, params,
+          function (err, accessToken, refreshToken, params) {
+            if (err) { return self.error(self._createOAuthError('Failed to obtain access token', err)); }
+            if (!accessToken) { return self.error(new Error('Failed to obtain access token')); }
+
+            self._loadUserProfile(accessToken, function (err, {
+              profile,
+              consumable,
+            }) {
+              if (err) { return self.error(err); }
+
+              function verified(err, user, info) {
+                if (err) { return self.error(err); }
+                if (!user) { return self.fail(info); }
+
+                info = info || {};
+                if (state) { info.state = state; }
+                self.success(user, info);
+              }
+
+              try {
+                if (self._passReqToCallback) {
+                  var arity = self._verify.length;
+                  if (arity == 7) {
+                    self._verify(req, accessToken, refreshToken, params, profile, verified, consumable);
+                  } else { // arity == 6
+                    self._verify(req, accessToken, refreshToken, profile, verified, consumable);
+                  }
+                } else {
+                  var arity = self._verify.length;
+                  if (arity == 6) {
+                    self._verify(accessToken, refreshToken, params, profile, verified, consumable);
+                  } else { // arity == 5
+                    self._verify(accessToken, refreshToken, profile, verified, consumable);
+                  }
+                }
+              } catch (ex) {
+                return self.error(ex);
+              }
+            });
+          }
+        );
+      }
+
+      var state = (req.query && req.query.state) || (req.body && req.body.state);
+      try {
+        var arity = this._stateStore.verify.length;
+        if (arity == 4) {
+          this._stateStore.verify(req, state, meta, loaded);
+        } else { // arity == 3
+          this._stateStore.verify(req, state, loaded);
+        }
+      } catch (ex) {
+        return this.error(ex);
+      }
+    } else {
+      var params = this.authorizationParams(options);
+      params.response_type = 'code';
+      if (callbackURL) { params.redirect_uri = callbackURL; }
+      var scope = options.scope || this._scope;
+      if (scope) {
+        if (Array.isArray(scope)) { scope = scope.join(this._scopeSeparator); }
+        params.scope = scope;
+      }
+      var verifier, challenge;
+
+      if (this._pkceMethod) {
+        verifier = base64url(crypto.pseudoRandomBytes(32))
+        switch (this._pkceMethod) {
+          case 'plain':
+            challenge = verifier;
+            break;
+          case 'S256':
+            challenge = base64url(crypto.createHash('sha256').update(verifier).digest());
+            break;
+          default:
+            return this.error(new Error('Unsupported code verifier transformation method: ' + this._pkceMethod));
+        }
+        params.code_challenge = challenge;
+        params.code_challenge_method = this._pkceMethod;
+      }
+
+      var state = options.state;
+      if (state && typeof state == 'string') {
+        // NOTE: In passport-oauth2@1.5.0 and earlier, `state` could be passed as
+        //       an object.  However, it would result in an empty string being
+        //       serialized as the value of the query parameter by `url.format()`,
+        //       effectively ignoring the option.  This implies that `state` was
+        //       only functional when passed as a string value.
+        //
+        //       This fact is taken advantage of here to fall into the `else`
+        //       branch below when `state` is passed as an object.  In that case
+        //       the state will be automatically managed and persisted by the
+        //       state store.
+        params.state = state;
+
+        var parsed = url.parse(this._oauth2._authorizeUrl, true);
+        utils.merge(parsed.query, params);
+        parsed.query['client_id'] = this._oauth2._clientId;
+        delete parsed.search;
+        var location = url.format(parsed);
+        this.redirect(location);
+      } else {
+        function stored(err, state) {
+          if (err) { return self.error(err); }
+
+          if (state) { params.state = state; }
+          var parsed = url.parse(self._oauth2._authorizeUrl, true);
+          utils.merge(parsed.query, params);
+          parsed.query['client_id'] = self._oauth2._clientId;
+          delete parsed.search;
+          var location = url.format(parsed);
+          self.redirect(location);
+        }
+
+        try {
+          var arity = this._stateStore.store.length;
+          if (arity == 5) {
+            this._stateStore.store(req, verifier, state, meta, stored);
+          } else if (arity == 4) {
+            this._stateStore.store(req, state, meta, stored);
+          } else if (arity == 3) {
+            this._stateStore.store(req, meta, stored);
+          } else { // arity == 2
+            this._stateStore.store(req, stored);
+          }
+        } catch (ex) {
+          return this.error(ex);
+        }
+      }
+    }
+  };
+}
+
+module.exports = Strategy;

package/package.json

@@ -0,0 +1,34 @@
+{
+  "dependencies": {
+    "passport-oauth2": "^1.8.0"
+  },
+  "name": "discord-strategy",
+  "description": "Passport strategy for Discord OAuth2",
+  "version": "2.1.4",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bjn7/discord-strategy.git"
+  },
+  "keywords": [
+    "discord strategy",
+    "discord oauth2",
+    "discord auth",
+    "passport strategy",
+    "passport discord",
+    "discord passport"
+  ],
+  "author": "bjn7",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/bjn7/discord-strategy/issues"
+  },
+  "homepage": "https://github.com/bjn7/discord-strategy#readme",
+  "devDependencies": {
+    "@types/passport-oauth2": "^1.4.17",
+    "typescript": "^5.7.2"
+  }
+}