blob: a1663737389203004292ce8a654ef4496b554358 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
(ns bbbg.discord.auth
(:require
[bbbg.discord :as discord]
[bbbg.util.core :as u]
[bbbg.util.dev-secrets :refer [secret]]
clj-time.coerce
[clojure.spec.alpha :as s]
[config.core :refer [env]]
[ring.middleware.oauth2 :refer [wrap-oauth2]]))
(s/def ::client-id string?)
(s/def ::client-secret string?)
(s/def ::bbbg-guild-id string?)
(s/def ::bbbg-organizer-role string?)
(s/def ::config (s/keys :req [::client-id
::client-secret
::bbbg-guild-id
::bbbg-organizer-role]))
;;;
(defn env->config []
(s/assert
::config
{::client-id (:discord-client-id env)
::client-secret (:discord-client-secret env)
::bbbg-guild-id (:bbbg-guild-id env "841295283564052510")
::bbbg-organizer-role (:bbbg-organizer-role
env
;; TODO this might not be the right id
"908428000817725470")}))
(defn dev-config []
(s/assert
::config
{::client-id (secret "bbbg/discord-client-id")
::client-secret (secret "bbbg/discord-client-secret")
::bbbg-guild-id "841295283564052510"
;; TODO this might not be the right id
::bbbg-organizer-role "874846495873040395"}))
;;;
(def access-token-url
"https://discord.com/api/oauth2/token")
(def authorization-url
"https://discord.com/api/oauth2/authorize")
(def revoke-url
"https://discord.com/api/oauth2/token/revoke")
(def scopes ["guilds"
"guilds.members.read"
"identify"])
(defn discord-oauth-profile [{:keys [base-url] :as env}]
{:authorize-uri authorization-url
:access-token-uri access-token-url
:client-id (::client-id env)
:client-secret (::client-secret env)
:scopes scopes
:launch-uri "/auth/discord"
:redirect-uri (str base-url "/auth/discord/redirect")
:landing-uri (str base-url "/auth/success")})
(comment
(-> "https://bbbg-staging.gws.fyi/auth/login"
(java.net.URI/create)
(.resolve "https://bbbg.gws.fyi/auth/discord/redirect")
str)
)
(defn wrap-discord-auth [handler env]
(wrap-oauth2 handler {:discord (discord-oauth-profile env)}))
(defn check-discord-auth
"Check that the user with the given token has the correct level of discord
auth"
[{::keys [bbbg-guild-id bbbg-organizer-role]} token]
(and (some (comp #{bbbg-guild-id} :id)
(discord/guilds token))
(some #{bbbg-organizer-role}
(:roles (discord/guild-member token bbbg-guild-id)))))
(comment
(#'ring.middleware.oauth2/valid-profile?
(discord-oauth-profile
(dev-config)))
)
|