user authentication thingy

api/package.json

@@ -14,10 +14,12 @@
   "license": "ISC",
   "dependencies": {
     "@types/express": "^4.17.13",
+    "@types/monk": "^6.0.0",
     "@types/ws": "^8.2.2",
     "dotenv": "^14.2.0",
     "express": "^4.17.2",
     "log75": "^2.2.0",
+    "monk": "^7.3.4",
     "ws": "^8.4.2"
   }
 }

api/src/db.ts

@@ -0,0 +1,29 @@
+import Monk, { IMonkManager } from 'monk';
+import { logger } from '.';
+
+export default (): IMonkManager => {
+        let dburl = getDBUrl();
+        let db = Monk(dburl);
+        return db;
+};
+
+// Checks if all required env vars were supplied, and returns the mongo db URL
+function getDBUrl() {
+    let env = process.env;
+    if (env['DB_URL']) return env['DB_URL'];
+
+    if (!env['DB_HOST']) {
+        logger.error(`Environment variable 'DB_HOST' not set, unable to connect to database`);
+        logger.error(`Specify either 'DB_URL' or 'DB_HOST', 'DB_USERNAME', 'DB_PASS' and 'DB_NAME'`);
+        throw 'Missing environment variables';
+    }
+
+    // mongodb://username:password@hostname:port/dbname
+    let dburl = 'mongodb://';
+    if (env['DB_USERNAME']) dburl += env['DB_USERNAME'];
+    if (env['DB_PASS']) dburl += `:${env['DB_PASS']}`;
+    dburl += `${process.env['DB_USERNAME'] ? '@' : ''}${env['DB_HOST']}`; // DB_HOST is assumed to contain the port
+    dburl += `/${env['DB_NAME'] ?? 'automod'}`;
+
+    return dburl;
+}

api/src/index.ts

@@ -1,22 +1,29 @@
 import { config } from 'dotenv';
 import Express from "express";
 import Log75, { LogLevel } from 'log75';
+import buildDBClient from './db';
 
 config();
 
 const PORT = Number(process.env.API_PORT || 9000);
 const DEBUG = process.env.NODE_ENV != 'production';
+const SESSION_LIFETIME = 1000 * 60 * 60 * 24 * 7;
 
 const logger: Log75 = new (Log75 as any).default(DEBUG ? LogLevel.Debug : LogLevel.Standard);
+const db = buildDBClient();
 const app = Express();
 
-export { logger, app, PORT }
+app.use(Express.json());
+
+export { logger, app, db, PORT, SESSION_LIFETIME }
 
 (async () => {
     await Promise.all([
         import('./middlewares/log'),
+        import('./middlewares/updateTokenExpiry'),
         import('./routes/internal/ws'),
         import('./routes/root'),
+        import('./routes/login'),
     ]);
     logger.done('All routes and middlewares loaded');
 })();

api/src/middlewares/log.ts

@@ -2,6 +2,6 @@ import { Request, Response } from "express";
 import { app, logger } from "..";
 
 app.use('*', (req: Request, res: Response, next: () => void) => {
-    logger.debug(`${req.method} ${req.path}`);
+    logger.debug(`${req.method} ${req.url}`);
     next();
 });

api/src/middlewares/updateTokenExpiry.ts

@@ -0,0 +1,19 @@
+import { Request, Response } from "express";
+import { FindOneResult } from "monk";
+import { app, db, SESSION_LIFETIME } from "..";
+
+app.use('*', async (req: Request, res: Response, next: () => void) => {
+    next();
+
+    const user = req.header('x-auth-user');
+    const token = req.header('x-auth-token');
+
+    if (!user || !token) return;
+
+    try {
+        const session: FindOneResult<any> = await db.get('sessions').findOne({ user, token, expires: { $gt: Date.now() } });
+        if (session) {
+            await db.get('sessions').update({ _id: session._id }, { $set: { expires: Date.now() + SESSION_LIFETIME } });
+        }
+    } catch(e) { console.error(e) }
+});

api/src/routes/internal/ws.ts

@@ -29,8 +29,12 @@ wsServer.on('connection', (sock) => {
     });
 
     sock.on('message', (msg) => {
+        const jsonBody = JSON.parse(msg.toString());
         logger.debug(`[WS] [<] ${msg.toString()}`);
-        botWS.emit('message', JSON.parse(msg.toString()));
+        botWS.emit('message', jsonBody);
+        if (jsonBody.data && jsonBody.type) {
+            botWS.emit(jsonBody.type, jsonBody.data);
+        }
     });
 });
 
@@ -61,8 +65,23 @@ function sendBotWS(msg: { [key: string]: any }) {
     socks.forEach(sock => sock.send(JSON.stringify(msg)));
 }
 
-botWS.on('message', msg => {
-    sendBotWS({ amogus: msg });
-});
+type botReqRes = { success: false, error: string, statusCode?: number } | { success: true, [key: string]: any }
+function botReq(type: string, data?: { [key: string]: any }): Promise<botReqRes> {
+    return new Promise((resolve, reject) => {
+        const nonce = `${Date.now()}.${Math.round(Math.random() * 10000000)}`;
+        if (sockets.length == 0) return resolve({ success: false, error: 'Unable to communicate with bot' });
+        sendBotWS({ nonce, type, data });
+        botWS.once(`response:${nonce}`, (data: string|Object) => {
+            try {
+                const d = typeof data == 'string' ? JSON.parse(data || '{}') : data;
+                if (d.success == undefined) d.success = true;
+                if (d.success == false && !d.error) d.error = 'Unknown error';
+                resolve(d);
+            } catch(e) { reject(e) }
+        });
+    });
+}
 
-export { botWS, sendBotWS }
+//setInterval(() => botReq('test', { "sus": true }), 1000);
+
+export { botWS, sendBotWS, botReq }

api/src/routes/login.ts

@@ -0,0 +1,67 @@
+import crypto from 'crypto';
+import { app, SESSION_LIFETIME } from '..';
+import { Request, Response } from 'express';
+import { botReq } from './internal/ws';
+import { db } from '..';
+import { FindOneResult } from 'monk';
+
+class BeginReqBody {
+    user: string;
+}
+class CompleteReqBody {
+    user: string;
+    nonce: string;
+    code: string;
+}
+
+app.post('/login/begin', async (req: Request, res: Response) => {
+    const body = req.body as BeginReqBody;
+    if (!body.user || typeof body.user != 'string') return badRequest(res);
+
+    const r = await botReq('requestLogin', { user: body.user.toLowerCase() });
+
+    if (!r.success) return res.status(r.statusCode ?? 500).send(JSON.stringify({ error: r.error }, null, 4));
+
+    res.status(200).send({ success: true, nonce: r.nonce, code: r.code });
+});
+
+app.post('/login/complete', async (req: Request, res: Response) => {
+    const body = req.body as CompleteReqBody;
+    if ((!body.user || typeof body.user != 'string') ||
+        (!body.nonce || typeof body.nonce != 'string') ||
+        (!body.code || typeof body.code != 'string')) return badRequest(res);
+
+    const loginAttempt: FindOneResult<any> = await db.get('pending_logins').findOne({
+        code: body.code,
+        user: body.user,
+        nonce: body.nonce,
+        exchanged: false,
+        invalid: false,
+    });
+
+        if (!loginAttempt) return res.status(404).send({ error: 'The provided login info could not be found.' });
+
+    if (!loginAttempt.confirmed) {
+        return res.status(400).send({ error: "This code is not yet valid." });
+    }
+
+    const sessionToken = crypto.randomBytes(48).toString('base64').replace(/=/g, '');
+
+
+    await Promise.all([
+        db.get('sessions').insert({
+            user: body.user.toUpperCase(),
+            token: sessionToken,
+            nonce: body.nonce,
+            invalid: false,
+            expires: Date.now() + SESSION_LIFETIME,
+        }),
+        db.get('pending_logins').update({ _id: loginAttempt._id }, { $set: { exchanged: true } }),
+    ]);
+
+    res.status(200).send({ success: true, user: body.user.toUpperCase(), token: sessionToken });
+});
+
+function badRequest(res: Response) {
+    res.status(400).send(JSON.stringify({ "error": "Invalid request body" }, null, 4));
+}

api/src/routes/root.ts

@@ -1,6 +1,11 @@
 import { app } from '..';
 import { Request, Response } from 'express';
+import { getSessionInfo, isAuthenticated } from '../utils';
 
-app.get('/', (req: Request, res: Response) => {
-    res.send({ msg: "yo" });
+app.get('/', async (req: Request, res: Response) => {
+    const isAuthed = await isAuthenticated(req);
+    res.send({
+        authenticated: isAuthed,
+        sessionInfo: isAuthed ? await getSessionInfo(req.header('x-auth-user')!, req.header('x-auth-token')!) : {},
+    });
 });

api/src/utils.ts

@@ -0,0 +1,36 @@
+import { Request } from "express";
+import { FindOneResult } from "monk";
+import { db } from ".";
+
+class Session {
+    user: string;
+    token: string;
+    nonce: string;
+    expires: number;
+    invalid: boolean;
+}
+
+/**
+ * 
+ * @param req 
+ * @returns false if not authenticated, otherwise the (Revolt) user ID
+ */
+async function isAuthenticated(req: Request): Promise<string|false> {
+    const user = req.header('x-auth-user');
+    const token = req.header('x-auth-token');
+
+    if (!user || !token) return false;
+
+    const info = await getSessionInfo(user, token);
+    return info.valid ? user : false;
+}
+
+type SessionInfo = { exists: boolean, valid: boolean, nonce?: string }
+
+async function getSessionInfo(user: string, token: string): Promise<SessionInfo> {
+    const session: FindOneResult<Session> = await db.get('sessions').findOne({ user, token });
+    
+    return { exists: !!session, valid: !!(session && !session.invalid && session.expires > Date.now()), nonce: session?.nonce }
+}
+
+export { isAuthenticated, getSessionInfo }

api/yarn.lock

@@ -10,6 +10,13 @@
     "@types/connect" "*"
     "@types/node" "*"
 
+"@types/bson@*":
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/@types/bson/-/bson-4.2.0.tgz#a2f71e933ff54b2c3bf267b67fa221e295a33337"
+  integrity sha512-ELCPqAdroMdcuxqwMgUpifQyRoTpyYCNr1V9xKyF40VsBobsj+BbWNRvwGchMgBPGqkw655ypkjj2MEF5ywVwg==
+  dependencies:
+    bson "*"
+
 "@types/connect@*":
   version "3.4.35"
   resolved "https://registry.yarnpkg.com/@types/connect/-/connect-3.4.35.tgz#5fcf6ae445e4021d1fc2219a4873cc73a3bb2ad1"
@@ -41,6 +48,21 @@
   resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.2.tgz#93e25bf9ee75fe0fd80b594bc4feb0e862111b5a"
   integrity sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw==
 
+"@types/mongodb@^3.5.25":
+  version "3.6.20"
+  resolved "https://registry.yarnpkg.com/@types/mongodb/-/mongodb-3.6.20.tgz#b7c5c580644f6364002b649af1c06c3c0454e1d2"
+  integrity sha512-WcdpPJCakFzcWWD9juKoZbRtQxKIMYF/JIAM4JrNHrMcnJL6/a2NWjXxW7fo9hxboxxkg+icff8d7+WIEvKgYQ==
+  dependencies:
+    "@types/bson" "*"
+    "@types/node" "*"
+
+"@types/monk@^6.0.0":
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/@types/monk/-/monk-6.0.0.tgz#236750988e24d92c674529a81b9a296f8bbc3763"
+  integrity sha512-9qy4Gva0uVgaQsDqlcWD+XOXUmgInPAoxyyoN8uFUTjNFvswyCH1hwpnYuh2MVr60ekZgYiquWEjBYvfYfE1Jw==
+  dependencies:
+    monk "*"
+
 "@types/node@*":
   version "17.0.10"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.10.tgz#616f16e9d3a2a3d618136b1be244315d95bd7cab"
@@ -89,6 +111,19 @@ array-flatten@1.1.1:
   resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2"
   integrity sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=
 
+base64-js@^1.3.1:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
+  integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
+
+bl@^2.2.1:
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/bl/-/bl-2.2.1.tgz#8c11a7b730655c5d56898cdc871224f40fd901d5"
+  integrity sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g==
+  dependencies:
+    readable-stream "^2.3.5"
+    safe-buffer "^5.1.1"
+
 body-parser@1.19.1:
   version "1.19.1"
   resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4"
@@ -105,6 +140,26 @@ body-parser@1.19.1:
     raw-body "2.4.2"
     type-is "~1.6.18"
 
+bson@*:
+  version "4.6.1"
+  resolved "https://registry.yarnpkg.com/bson/-/bson-4.6.1.tgz#2b5da517539bb0f7f3ffb54ac70a384ca899641c"
+  integrity sha512-I1LQ7Hz5zgwR4QquilLNZwbhPw0Apx7i7X9kGMBTsqPdml/03Q9NBtD9nt/19ahjlphktQImrnderxqpzeVDjw==
+  dependencies:
+    buffer "^5.6.0"
+
+bson@^1.1.4:
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/bson/-/bson-1.1.6.tgz#fb819be9a60cd677e0853aee4ca712a785d6618a"
+  integrity sha512-EvVNVeGo4tHxwi8L6bPj3y3itEvStdwvvlojVxxbyYfoaxJ6keLgrTuKdyfEAszFK+H3olzBuafE0yoh0D1gdg==
+
+buffer@^5.6.0:
+  version "5.7.1"
+  resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0"
+  integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==
+  dependencies:
+    base64-js "^1.3.1"
+    ieee754 "^1.1.13"
+
 bytes@3.1.1:
   version "3.1.1"
   resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a"
@@ -132,6 +187,18 @@ cookie@0.4.1:
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
   integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
 
+core-util-is@~1.0.0:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85"
+  integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==
+
+debug@*:
+  version "4.3.3"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.3.tgz#04266e0b70a98d4462e6e288e38259213332b664"
+  integrity sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==
+  dependencies:
+    ms "2.1.2"
+
 debug@2.6.9:
   version "2.6.9"
   resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
@@ -139,6 +206,11 @@ debug@2.6.9:
   dependencies:
     ms "2.0.0"
 
+denque@^1.4.1:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/denque/-/denque-1.5.1.tgz#07f670e29c9a78f8faecb2566a1e2c11929c5cbf"
+  integrity sha512-XwE+iZ4D6ZUB7mfYRMb5wByE8L74HCn30FBN7sWnXksWc1LO1bPDl67pBR9o/kC4z/xSNAwkMYcGgqDV3BE3Hw==
+
 depd@~1.1.2:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9"
@@ -251,7 +323,12 @@ iconv-lite@0.4.24:
   dependencies:
     safer-buffer ">= 2.1.2 < 3"
 
-inherits@2.0.4:
+ieee754@^1.1.13:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352"
+  integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==
+
+inherits@2.0.4, inherits@~2.0.3:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
@@ -261,6 +338,11 @@ ipaddr.js@1.9.1:
   resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3"
   integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
 
+isarray@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
+  integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=
+
 log75@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/log75/-/log75-2.2.0.tgz#2505159b450c3cd1b4e863a837e883a7ecbaa2a1"
@@ -273,6 +355,11 @@ media-typer@0.3.0:
   resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
   integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=
 
+memory-pager@^1.0.2:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/memory-pager/-/memory-pager-1.5.0.tgz#d8751655d22d384682741c972f2c3d6dfa3e66b5"
+  integrity sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==
+
 merge-descriptors@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61"
@@ -300,11 +387,75 @@ mime@1.6.0:
   resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
   integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
 
+mongodb@^3.2.3:
+  version "3.7.3"
+  resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-3.7.3.tgz#b7949cfd0adc4cc7d32d3f2034214d4475f175a5"
+  integrity sha512-Psm+g3/wHXhjBEktkxXsFMZvd3nemI0r3IPsE0bU+4//PnvNWKkzhZcEsbPcYiWqe8XqXJJEg4Tgtr7Raw67Yw==
+  dependencies:
+    bl "^2.2.1"
+    bson "^1.1.4"
+    denque "^1.4.1"
+    optional-require "^1.1.8"
+    safe-buffer "^5.1.2"
+  optionalDependencies:
+    saslprep "^1.0.0"
+
+monk-middleware-cast-ids@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/monk-middleware-cast-ids/-/monk-middleware-cast-ids-0.2.1.tgz#40c40e5a6cb33ccedc289220943275ee8861c529"
+  integrity sha1-QMQOWmyzPM7cKJIglDJ17ohhxSk=
+
+monk-middleware-fields@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/monk-middleware-fields/-/monk-middleware-fields-0.2.0.tgz#ff637af35f5948879ccb2be15a91360911bea6c1"
+  integrity sha1-/2N6819ZSIecyyvhWpE2CRG+psE=
+
+monk-middleware-handle-callback@^0.2.0:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/monk-middleware-handle-callback/-/monk-middleware-handle-callback-0.2.2.tgz#47de6cc1248726c72a2be0c81bc4e68310c32146"
+  integrity sha512-5hBynb7asZ2uw9XVze7C3XH0zXT51yFDvYydk/5HnWWzh2NLglDSiKDcX0yLKPHzFgiq+5Z4Laq5fFVnFsmm8w==
+
+monk-middleware-options@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/monk-middleware-options/-/monk-middleware-options-0.2.1.tgz#58dae1c518d46636ebdff506fadfc773bb442886"
+  integrity sha1-WNrhxRjUZjbr3/UG+t/Hc7tEKIY=
+
+monk-middleware-query@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/monk-middleware-query/-/monk-middleware-query-0.2.0.tgz#a926c677d4a5620c62151b0a56d0c0c151675874"
+  integrity sha1-qSbGd9SlYgxiFRsKVtDAwVFnWHQ=
+
+monk-middleware-wait-for-connection@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/monk-middleware-wait-for-connection/-/monk-middleware-wait-for-connection-0.2.0.tgz#312958d30e588b57d09754dd7c97b4843316835a"
+  integrity sha1-MSlY0w5Yi1fQl1TdfJe0hDMWg1o=
+
+monk@*, monk@^7.3.4:
+  version "7.3.4"
+  resolved "https://registry.yarnpkg.com/monk/-/monk-7.3.4.tgz#50ccd7daebb4c16ace58d45b2c28c29112f8a85e"
+  integrity sha512-PkPNiElwroVyKQj01usyziOvwiKYBUVSq7YU1FB4KFr0J3v0GeXW0TebYsLR4u33WB8JGqPiAcuzDspfdujqQg==
+  dependencies:
+    "@types/mongodb" "^3.5.25"
+    debug "*"
+    mongodb "^3.2.3"
+    monk-middleware-cast-ids "^0.2.1"
+    monk-middleware-fields "^0.2.0"
+    monk-middleware-handle-callback "^0.2.0"
+    monk-middleware-options "^0.2.1"
+    monk-middleware-query "^0.2.0"
+    monk-middleware-wait-for-connection "^0.2.0"
+    object-assign "^4.1.1"
+
 ms@2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
   integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
 
+ms@2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
+  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
+
 ms@2.1.3:
   version "2.1.3"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
@@ -315,6 +466,11 @@ negotiator@0.6.2:
   resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.2.tgz#feacf7ccf525a77ae9634436a64883ffeca346fb"
   integrity sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==
 
+object-assign@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
+  integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
+
 on-finished@~2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947"
@@ -322,6 +478,13 @@ on-finished@~2.3.0:
   dependencies:
     ee-first "1.1.1"
 
+optional-require@^1.1.8:
+  version "1.1.8"
+  resolved "https://registry.yarnpkg.com/optional-require/-/optional-require-1.1.8.tgz#16364d76261b75d964c482b2406cb824d8ec44b7"
+  integrity sha512-jq83qaUb0wNg9Krv1c5OQ+58EK+vHde6aBPzLvPPqJm89UQWsvSuFy9X/OSNJnFeSOKo7btE0n8Nl2+nE+z5nA==
+  dependencies:
+    require-at "^1.0.6"
+
 parseurl@~1.3.3:
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"
@@ -332,6 +495,11 @@ path-to-regexp@0.1.7:
   resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
   integrity sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=
 
+process-nextick-args@~2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2"
+  integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==
+
 proxy-addr@~2.0.7:
   version "2.0.7"
   resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"
@@ -360,16 +528,46 @@ raw-body@2.4.2:
     iconv-lite "0.4.24"
     unpipe "1.0.0"
 
-safe-buffer@5.2.1:
+readable-stream@^2.3.5:
+  version "2.3.7"
+  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57"
+  integrity sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==
+  dependencies:
+    core-util-is "~1.0.0"
+    inherits "~2.0.3"
+    isarray "~1.0.0"
+    process-nextick-args "~2.0.0"
+    safe-buffer "~5.1.1"
+    string_decoder "~1.1.1"
+    util-deprecate "~1.0.1"
+
+require-at@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/require-at/-/require-at-1.0.6.tgz#9eb7e3c5e00727f5a4744070a7f560d4de4f6e6a"
+  integrity sha512-7i1auJbMUrXEAZCOQ0VNJgmcT2VOKPRl2YGJwgpHpC9CE91Mv4/4UYIUm4chGJaI381ZDq1JUicFii64Hapd8g==
+
+safe-buffer@5.2.1, safe-buffer@^5.1.1, safe-buffer@^5.1.2:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 
+safe-buffer@~5.1.0, safe-buffer@~5.1.1:
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
+  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
+
 "safer-buffer@>= 2.1.2 < 3":
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 
+saslprep@^1.0.0:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/saslprep/-/saslprep-1.0.3.tgz#4c02f946b56cf54297e347ba1093e7acac4cf226"
+  integrity sha512-/MY/PEMbk2SuY5sScONwhUDsV2p77Znkb/q3nSVstq/yQzYJOH/Azh29p9oJLsl3LnQwSvZDKagDGBsBwSooag==
+  dependencies:
+    sparse-bitfield "^3.0.3"
+
 send@0.17.2:
   version "0.17.2"
   resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820"
@@ -404,11 +602,25 @@ setprototypeof@1.2.0:
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
   integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 
+sparse-bitfield@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz#ff4ae6e68656056ba4b3e792ab3334d38273ca11"
+  integrity sha1-/0rm5oZWBWuks+eSqzM004JzyhE=
+  dependencies:
+    memory-pager "^1.0.2"
+
 "statuses@>= 1.5.0 < 2", statuses@~1.5.0:
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c"
   integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=
 
+string_decoder@~1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8"
+  integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==
+  dependencies:
+    safe-buffer "~5.1.0"
+
 toidentifier@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
@@ -427,6 +639,11 @@ unpipe@1.0.0, unpipe@~1.0.0:
   resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
   integrity sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=
 
+util-deprecate@~1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
+  integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=
+
 utils-merge@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"

bot/src/bot/commands/login.ts

@@ -0,0 +1,62 @@
+import { FindOneResult } from "monk";
+import { client } from "../..";
+import Command from "../../struct/Command";
+import MessageCommandContext from "../../struct/MessageCommandContext";
+import PendingLogin from "../../struct/PendingLogin";
+import logger from "../logger";
+import { DEFAULT_PREFIX } from "../modules/command_handler";
+
+export default {
+    name: 'login',
+    aliases: null,
+    description: 'Log into the web dashboard',
+    category: 'misc',
+    run: async (message: MessageCommandContext, args: string[]) => {
+        try {
+            const code = args.shift();
+            if (!code) {
+                return message.reply(`If you're trying to log in, you can access the dashboard `
+                    + `[here](${process.env.WEB_UI_URL || 'https://automod.janderedev.xyz'}).\n\n`
+                    + `If you already have a code, you can use \`${DEFAULT_PREFIX}login [Code]\`.`);
+            }
+
+            const login: FindOneResult<PendingLogin> = await client.db.get('pending_logins').findOne({
+                code,
+                user: message.author_id,
+                confirmed: false,
+                exchanged: false,
+                invalid: false,
+                expires: {
+                    $gt: Date.now(),
+                },
+            });
+
+            if (!login) return message.reply(`Unknown code. Make sure you're logged into the correct account.`);
+
+            if (login.requirePhishingConfirmation) {
+                logger.info(`Showing phishing warning to ${message.author_id}`);
+                await Promise.all([
+                    message.reply(
+                        `# If someone told you to run this, stop!\n` +
+                        `This could give an attacker access to all servers you're using AutoMod in.\n` +
+                        `If someone else told you to run this command, **block them and ignore this.**\n\n` +
+                        `Otherwise, if this was you trying to log in from <${process.env.WEB_UI_URL || 'https://automod.janderedev.xyz'}>, \n` +
+                        `you can run this command again to continue.\n` +
+                        `##### You're seeing this because this is the first time you're trying to log in. Stay safe!`
+                    ),
+                    client.db.get('pending_logins').update({ _id: login._id }, { $set: { requirePhishingConfirmation: false } }),
+                ]);
+                return;
+            }
+
+            await Promise.all([
+                message.reply(`Successfully logged in.\n\n` +
+                    `If this wasn't you, ~~run \`${DEFAULT_PREFIX}logout ${code}\` immediately~~ pray.`),
+                client.db.get('pending_logins').update({ _id: login._id }, { $set: { confirmed: true } }),
+            ]);
+        } catch(e) {
+            console.error(e);
+            message.reply(`An error occurred: ${e}`);
+        }
+    }
+} as Command;

bot/src/bot/commands/logout.ts

@@ -0,0 +1,64 @@
+import { FindOneResult, FindResult } from "monk";
+import { client } from "../..";
+import Command from "../../struct/Command";
+import MessageCommandContext from "../../struct/MessageCommandContext";
+import PendingLogin from "../../struct/PendingLogin";
+import { DEFAULT_PREFIX } from "../modules/command_handler";
+
+export default {
+    name: 'logout',
+    aliases: null,
+    description: 'Log out of sessions created with /login',
+    category: 'misc',
+    run: async (message: MessageCommandContext, args: string[]) => {
+        try {
+            const code = args.shift();
+            if (!code) {
+                return message.reply(`### No code provided.\n`
+                    + `You can invalidate a session by using \`${DEFAULT_PREFIX}logout [Code]\`, `
+                    + `or log out everywhere with \`${DEFAULT_PREFIX}logout ALL\``);
+            }
+
+            if (code.toLowerCase() == 'all') {
+                const [ attempts, sessions ]: FindResult<any>[] = await Promise.all([
+                    client.db.get('pending_logins').find({ user: message.author_id }),
+                    client.db.get('sessions').find({ user: message.author_id }),
+                ]);
+
+                if (attempts.length == 0 && sessions.length == 0) return message.reply('There are no sessions to invalidate.');
+                
+                await Promise.all([
+                    client.db.get('pending_logins').update({ _id: { $in: attempts.map(a => a._id) } }, { $set: { invalid: true } }),
+                    client.db.get('sessions').update({ _id: { $in: sessions.map(a => a._id) } }, { $set: { invalid: true } }),
+                ]);
+
+                message.reply(`Successfully invalidated ${attempts.length} codes and ${sessions.length} sessions.`);
+            } else {
+                const loginAttempt: FindOneResult<PendingLogin> = await client.db.get('pending_logins')
+                    .findOne({
+                        code: code.toUpperCase(),
+                        user: message.author_id,
+                    });
+
+                if (!loginAttempt || loginAttempt.invalid) {
+                    return message.reply('That code doesn\'t seem to exist.');
+                }
+
+                await client.db.get('pending_logins').update({ _id: loginAttempt._id }, { $set: { invalid: true } });
+
+                if (loginAttempt.exchanged) {
+                    const session: FindOneResult<any> = await client.db.get('sessions').findOne({ nonce: loginAttempt.nonce });
+                    if (session) {
+                        await client.db.get('sessions').update({ _id: session._id }, { $set: { invalid: true } });
+                        return message.reply(`Successfully invalidated code and terminated associated session.`);
+                    }
+                }
+
+                message.reply(`Successfully invalidated code.`);
+            }
+        } catch(e) {
+            console.error(e);
+            message.reply(`An error occurred: ${e}`);
+        }
+    }
+} as Command;

bot/src/bot/modules/api_communication.ts

@@ -4,7 +4,13 @@
 
 import ws from "ws";
 import logger from "../logger";
+import crypto from 'crypto';
+import { client as bot } from '../..';
 import { EventEmitter } from "events";
+import { parseUser } from "../util";
+import PendingLogin from "../../struct/PendingLogin";
+import { LogLevel } from "log75";
+import { ulid } from "ulid";
 
 const wsEvents = new EventEmitter();
 const { API_WS_URL, API_WS_TOKEN } = process.env;
@@ -50,7 +56,24 @@ function connect() {
     client.on('message', (msg) => {
         logger.debug(`[WS] [<] ${msg.toString('utf8')}`);
         try {
-            wsEvents.emit('message', JSON.parse(msg.toString('utf8')));
+            const jsonMsg = JSON.parse(msg.toString('utf8'));
+            wsEvents.emit('message', jsonMsg);
+            if (jsonMsg['nonce'] && jsonMsg['type']) {
+                const hasListeners = wsEvents.emit(`req:${jsonMsg.type}`, jsonMsg.data, (res: { [key: string]: any }) => {
+                    wsSend({ nonce: jsonMsg.nonce, type: `response:${jsonMsg.nonce}`, data: res });
+                });
+
+                if (!hasListeners) {
+                    wsSend({
+                        nonce: jsonMsg.nonce,
+                        type: `response:${jsonMsg.nonce}`,
+                        data: {
+                            success: false,
+                            error: 'No event listeners available for event'
+                        }
+                    });
+                }
+            }
         } catch(e) { console.error(e) }
     });
 }
@@ -65,6 +88,46 @@ function wsSend(data: { [key: string]: any }) {
     }
 }
 
-setInterval(() => wsSend({ "among": "us" }), 1000);
+wsEvents.on('req:test', (data: any, res: (data: any) => void) => {
+    res({ received: data });
+});
+
+wsEvents.on('req:requestLogin', async (data: any, cb: (data: any) => void) => {
+    try {
+        const user = await parseUser(data.user);
+        if (!user)
+            return cb({ success: false, statusCode: 404, error: `The specified user could not be found` });
+        
+        let code: string|null = null;
+        while (!code) {
+            const c = crypto.randomBytes(8).toString('hex');
+            const found = await bot.db.get('pending_logins').find({ code: c, user: user._id, confirmed: false });
+            if (found.length > 0) continue;
+            code = c.substring(0, 8).toUpperCase();
+        }
+
+        logger.info(`Attempted login for user ${user._id} with code ${code}`);
+
+        const nonce = ulid();
+
+        const previousLogins = await bot.db.get('pending_logins').find({ user: user._id, confirmed: true });
+
+        await bot.db.get('pending_logins').insert({
+            code,
+            expires: Date.now() + (1000 * 60 * 15), // Expires in 15 minutes
+            user: user._id,
+            nonce: nonce,
+            confirmed: false,
+            requirePhishingConfirmation: previousLogins.length == 0,
+            exchanged: false,
+            invalid: false,
+        } as PendingLogin);
+
+        cb({ success: true, uid: user._id, nonce, code });
+    } catch(e) {
+        console.error(e);
+        cb({ success: false, error: e });
+    }
+});
 
 export { wsEvents, wsSend }

bot/src/struct/PendingLogin.ts

@@ -0,0 +1,12 @@
+class PendingLogin {
+    user: string;
+    code: string;
+    expires: number;
+    nonce: string;
+    confirmed: boolean;
+    requirePhishingConfirmation: boolean;
+    exchanged: boolean;
+    invalid: boolean;
+}
+
+export default PendingLogin;