feat: add API service keys

src/routes/api/admin/guilds/[guild]/categories/[category]/index.js

@@ -23,7 +23,7 @@ module.exports.delete = fastify => ({
 				name: category.name,
 				type: 'category',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return category;
@@ -146,7 +146,7 @@ module.exports.patch = fastify => ({
 		await client.tickets.getCategory(categoryId, true);
 		await updateStaffRoles(guild);
 
-		if (req.user.payload.accessToken && JSON.stringify(category.staffRoles) !== JSON.stringify(original.staffRoles)) {
+		if (req.user.accessToken && JSON.stringify(category.staffRoles) !== JSON.stringify(original.staffRoles)) {
 			Promise.all([
 				'Create ticket for user',
 				'claim',
@@ -170,7 +170,7 @@ module.exports.patch = fastify => ({
 							type: ApplicationCommandPermissionType.Role,
 						})),
 					],
-					token: req.user.payload.accessToken,
+					token: req.user.accessToken,
 				}),
 			))
 				.then(() => client.log.success('Updated application command permissions in "%s"', guild.name))
@@ -189,10 +189,10 @@ module.exports.patch = fastify => ({
 				name: category.name,
 				type: 'category',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return category;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/[guild]/categories/[category]/questions/[question].js

@@ -20,10 +20,10 @@ module.exports.delete = fastify => ({
 				name: question.label,
 				type: 'question',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return question;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/[guild]/categories/index.js

@@ -54,7 +54,7 @@ module.exports.post = fastify => ({
 		/** @type {import('client')} */
 		const client = res.context.config.client;
 
-		const user = await client.users.fetch(req.user.payload.id);
+		const user = await client.users.fetch(req.user.id);
 		const guild = client.guilds.cache.get(req.params.guild);
 		const data = req.body;
 		const allow = ['ViewChannel', 'ReadMessageHistory', 'SendMessages', 'EmbedLinks', 'AttachFiles'];
@@ -101,7 +101,7 @@ module.exports.post = fastify => ({
 		await client.tickets.getCategory(category.id, true);
 		await updateStaffRoles(guild);
 
-		if (req.user.payload.accessToken) {
+		if (req.user.accessToken) {
 			Promise.all([
 				'Create ticket for user',
 				'claim',
@@ -125,7 +125,7 @@ module.exports.post = fastify => ({
 							type: ApplicationCommandPermissionType.Role,
 						})),
 					],
-					token: req.user.payload.accessToken,
+					token: req.user.accessToken,
 				}),
 			))
 				.then(() => client.log.success('Updated application command permissions in "%s"', guild.name))
@@ -140,10 +140,10 @@ module.exports.post = fastify => ({
 				name: category.name,
 				type: 'category',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return category;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/[guild]/panels.js

@@ -134,10 +134,10 @@ module.exports.post = fastify => ({
 				id: channel.toString(),
 				type: 'panel',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return true;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/[guild]/settings.js

@@ -16,7 +16,7 @@ module.exports.delete = fastify => ({
 				name: client.guilds.cache.get(id),
 				type: 'settings',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 		return settings;
 	},
@@ -69,9 +69,9 @@ module.exports.patch = fastify => ({
 				name: client.guilds.cache.get(id).name,
 				type: 'settings',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 		return settings;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/[guild]/tags/[tag].js

@@ -30,7 +30,7 @@ module.exports.delete = fastify => ({
 				name: tag.name,
 				type: 'tag',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return tag;
@@ -97,10 +97,10 @@ module.exports.patch = fastify => ({
 				name: tag.name,
 				type: 'tag',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return tag;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/[guild]/tags/index.js

@@ -56,10 +56,10 @@ module.exports.post = fastify => ({
 				name: tag.name,
 				type: 'tag',
 			},
-			userId: req.user.payload.id,
+			userId: req.user.id,
 		});
 
 		return tag;
 	},
 	onRequest: [fastify.authenticate, fastify.isAdmin],
-});
+});

src/routes/api/admin/guilds/index.js

@@ -3,7 +3,7 @@ const { PermissionsBitField } = require('discord.js');
 module.exports.get = fastify => ({
 	handler: async (req, res) => {
 		const { client } = res.context.config;
-		const guilds = await (await fetch('https://discordapp.com/api/users/@me/guilds', { headers: { 'Authorization': `Bearer ${req.user.payload.accessToken}` } })).json();
+		const guilds = await (await fetch('https://discordapp.com/api/users/@me/guilds', { headers: { 'Authorization': `Bearer ${req.user.accessToken}` } })).json();
 		res.send(
 			guilds
 				.filter(guild => guild.owner || new PermissionsBitField(guild.permissions.toString()).has(PermissionsBitField.Flags.ManageGuild))
@@ -16,4 +16,4 @@ module.exports.get = fastify => ({
 		);
 	},
 	onRequest: [fastify.authenticate],
-});
+});

src/routes/api/users/@me/index.js

@@ -1,4 +1,4 @@
 module.exports.get = fastify => ({
-	handler: req => req.user.payload,
+	handler: req => req.user,
 	onRequest: [fastify.authenticate],
-});
+});

src/routes/api/users/@me/key.js

@@ -0,0 +1,19 @@
+module.exports.get = fastify => ({
+	handler: async function (req, res) { // MUST NOT use arrow function syntax
+		if (process.env.PUBLIC_BOT === 'true') {
+			return res.code(400).send({
+				error: 'Bad Request',
+				message: 'API keys are not available on public bots.',
+				statusCode: 400,
+			});
+		} else {
+			return {
+				token: this.jwt.sign({
+					createdAt: Date.now(),
+					id: req.user.id,
+				}),
+			};
+		}
+	},
+	onRequest: [fastify.authenticate],
+});

src/routes/auth/callback.js

@@ -7,17 +7,15 @@ module.exports.get = () => ({
 			expires_in: expiresIn,
 		} = await this.discord.getAccessTokenFromAuthorizationCodeFlow(req);
 		const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${accessToken}` } })).json();
-		const payload = {
+		const token = this.jwt.sign({
 			accessToken,
-			avatar: `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.webp`,
+			avatar: user.avatar,
 			discriminator: user.discriminator,
 			expiresAt: Date.now() + (expiresIn * 1000),
 			id: user.id,
 			locale: user.locale,
 			username: user.username,
-
-		};
-		const token = this.jwt.sign({ payload });
+		});
 		res
 			.setCookie('token', token, {
 				domain,
@@ -30,4 +28,4 @@ module.exports.get = () => ({
 			.redirect(this.states.get(req.query.state) || '/');
 		this.states.delete(req.query.state);
 	},
-});
+});

src/routes/auth/logout.js

@@ -1,7 +1,7 @@
 module.exports.get = fastify => ({
 	handler: async function (req, res) {
 		await fetch('https://discord.com/api/oauth2/token/revoke', {
-			body: new URLSearchParams({ token: req.user.payload.accessToken }).toString(),
+			body: new URLSearchParams({ token: req.user.accessToken }).toString(),
 			headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
 			method: 'POST',
 		});
@@ -10,4 +10,4 @@ module.exports.get = fastify => ({
 			.send('The token has been revoked.');
 	},
 	onRequest: [fastify.authenticate],
-});
+});