knightrider/src/express/get/dashboard/dashboard.js

/*
 * licence https://github.com/404invalid-user/knightrider/blob/main/LICENCE
 */
const fetch = require('node-fetch');
const config = require('../../../conf/conf.json')
const User = require('../../../models/userdashboard');
const dbc = require('discord-bitfield-calculator')
const token = require('../../../conf/tokens');
const Server = require('../../../models/server');
const randomString = require("randomstring").generate({
    length: 33,
    charset: 'alphabetic'
});

module.exports = {
    name: '/dashboard',
    dynamic: false,
    async exe(client, req, res) {
        //  try {
        if (req.query.code) {
            let oath;
            let userInfo;
            let userGuilds = [];
            let guilds = [];
            let theAccessCode = randomString;

            //access discord oauth2 and get nececry data
            await fetch('https://discord.com/api/oauth2/token', {
                method: 'POST',
                body: new URLSearchParams({
                    client_id: token.oauth.clientId,
                    client_secret: token.oauth.clientSecret,
                    grant_type: 'authorization_code',
                    redirect_uri: token.oauth.redirectUri,
                    code: req.query.code,
                    scope: token.oauth.scope,
                }),
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded',
                },
            }).then(discordRes => discordRes.json()).then(info => oath = info);

            //fetch user info from OAuth2 token
            await fetch('https://discord.com/api/users/@me', {
                headers: {
                    authorization: `${oath.token_type} ${oath.access_token}`,
                },
            }).then(async userRes => {
                userInfo = await userRes.json();
            });

            //fetch guilds from OAuth2 token
            await fetch('https://discord.com/api/users/@me/guilds', {
                    headers: {
                        authorization: `${oath.token_type} ${oath.access_token}`,
                    },
                })
                .then(async guildRes => {
                    userGuilds = await guildRes.json()
                });

            //if the access code was used/expired (from browser refresh) redirect without code and try use cookeis
            if (userInfo.message == '401: Unauthorized') return res.redirect('/dashboard');
            if (userGuilds.message == '401: Unauthorized') return res.redirect('/dashboard');

            let botGuilds = await client.guilds.cache.map(guild => guild.id)
                //loop though oauth2 guilds and push guild info for matching guilds to 'guilds' array
            await userGuilds.forEach(async(userGuild) => {
                let currentServer = await Server.findOne({ id: userGuild.id })
                    //handle servers only the user is in
                if (currentServer == null) {
                    if (userGuild.owner == true) {
                        guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: false, userPermission: 'owner' });
                    } else {
                        if (dbc.permissions(userGuild.permissions_new).includes('MANAGE_GUILD')) {
                            guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: false, userPermission: 'MANAGE_GUILD' });
                        };
                    };
                    //handle servers the bot and user are in
                } else {
                    if (userGuild.owner == true) {
                        guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'owner' });
                    } else {
                        if (client.guilds.cache.get(currentServer.id).members.find(userInfo.id).roles.cache.find(r => currentServer.staffRoles.includes(r.name))) {
                            guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'staffrole' });
                        } else {
                            currentServer.staff.forEach(userid => {
                                if (userInfo.id == userid) {
                                    guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'staffid' });
                                } else if (dbc.permissions(userGuild.permissions_new).includes('MANAGE_GUILD')) {
                                    guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'MANAGE_GUILD' });
                                };
                            });
                        };
                    };
                };
            });
            delete botGuilds;

            let currentUser = await User.findOne({ userId: userInfo.id });
            if (currentUser == null) {
                await User.create({
                    userId: userInfo.id,
                    userName: userInfo.username,
                    discriminator: userInfo.discriminator || '0000',
                    avatar: `https://cdn.discordapp.com/avatars/${userInfo.id}/${userInfo.avatar}.png`,
                    accessCodes: [{ browser: req.headers['user-agent'], code: randomString }],
                    guilds: guilds
                });
                currentUser = await User.findOne({ userId: userInfo.id });
            } else {
                let gotCorrectAccessCode = false;
                if (res.locals.cookie.accesscode) {
                    await currentUser.accessCodes.forEach(async(accessCode) => {
                        if (res.locals.cookie.accesscode == accessCode.code) {
                            gotCorrectAccessCode = await true;
                            theAccessCode = res.locals.cookie.accesscode;
                        }
                    });
                };
                if (gotCorrectAccessCode == false) {
                    currentUser.accessCodes.push({ browser: req.headers['user-agent'], code: randomString });
                    theAccessCode = randomString;
                };
                currentUser.userName = userInfo.username;
                currentUser.avatar = `https://cdn.discordapp.com/avatars/${userInfo.id}/${userInfo.avatar}.png`;
                currentUser.guilds = guilds;
                currentUser.save();
            };

            res.cookie('id', currentUser.userId, { expires: new Date(253402300000000), httpOnly: true }).cookie('accesscode', theAccessCode, { expires: new Date(253402300000000), httpOnly: true }).status(200).render('dashboard/index.ejs', { currentUser: currentUser, guilds: currentUser.guilds });

        } else if (req.query.error) {
            console.log("req query error: " + req.query.error)
            await res.status(500).render('500.ejs');

        } else if (res.locals.cookie.id && res.locals.cookie.accesscode) {
            const currentUser = await User.findOne({ userId: res.locals.cookie.id });
            if (currentUser == null) return res.redirect('/login?nouser');

            let hasAccess = false;
            await currentUser.accessCodes.forEach(async(userCode) => {
                if (res.locals.cookie.accesscode == userCode.code) {

                    hasAccess = true;
                    return res.cookie('id', currentUser.userId, { expires: new Date(253402300000000), httpOnly: true }).cookie('accesscode', res.locals.cookie.accesscode, { expires: new Date(253402300000000), httpOnly: true }).render('dashboard/index.ejs', { user: { name: currentUser.userName, tag: currentUser.discriminator, avatar: currentUser.avatar }, currentUser: currentUser, guilds: currentUser.guilds });
                };
            });
            if (hasAccess == false) return res.redirect('/login?ninvalidcode');
        } else if (!res.locals.cookie.id || !res.locals.cookie.accesscode) return res.redirect('/login?nocookies');

        /*
                } catch (error) {
                    console.log(chalk.red('[express get]: ') + "there was an error with dashboard.js\nerror: " + error);
                    return res.status(500).render('500.ejs');
                };
                */
    }
}