nyxx-discord · l7ssha · Oct 31, 2024 · Oct 31, 2024 · Oct 31, 2024 · Oct 31, 2024
diff --git a/.env.dist b/.env.dist
@@ -0,0 +1,23 @@
+ROD_TOKEN=
+ROD_INTENT_FEATURES_ENABLE=
+ROD_ADMIN_IDS=
+ROD_ADMIN_GUILD=
+ROD_DEV=
+ROD_DEV_GUILD_ID=
+ROD_PREFIX=
+
+ROD_ENABLE_API_SERVER=
+API_SERVER_FRONTEND_ORIGIN=
+API_SERVER_HOST=
+API_SERVER_PORT=
+
+DB_HOST=
+DB_PORT=
+POSTGRES_PASSWORD=
+POSTGRES_USER=
+POSTGRES_DB=
+
+JWT_SECRET=
+DISCORD_CLIENT_ID=
+DISCORD_CLIENT_SECRET=
+DISCORD_REDIRECT_URI=
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,80 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - rewrite
+  pull_request:
+
+jobs:
+  analyze:
+    name: dart analyze
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Dart Action
+        uses: dart-lang/setup-dart@v1
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pub-cache
+          key: ${{ runner.os }}-pubspec-${{ hashFiles('**/pubspec.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pubspec-
+
+      - name: Install dependencies
+        run: dart pub get
+
+      - name: Analyze project source
+        run: dart analyze
+
+  fix:
+    name: dart fix
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Dart Action
+        uses: dart-lang/setup-dart@v1
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pub-cache
+          key: ${{ runner.os }}-pubspec-${{ hashFiles('**/pubspec.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pubspec-
+
+      - name: Install dependencies
+        run: dart pub get
+
+      - name: Analyze project source
+        run: dart fix --dry-run
+
+  format:
+    name: dart format
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Dart Action
+        uses: dart-lang/setup-dart@v1
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pub-cache
+          key: ${{ runner.os }}-pubspec-${{ hashFiles('**/pubspec.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pubspec-
+
+      - name: Install dependencies
+        run: dart pub get
+
+      - name: Format
+        run: dart format --set-exit-if-changed -l120 .
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,7 @@ doc/api/
 
 # dotenv environment variables file
 .env*
+!.env.dist
 
 # IDE configuration folders
 .vscode/

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.7.0-dev.1
+- Implement api server for dashboard
+- Bot info collection improvements
+
 ## 4.6.1
 - Fix unnecessary coma in join logs
 - Move number to song title in media info

diff --git a/Makefile b/Makefile
@@ -7,7 +7,10 @@ format: ## Run dart format
 fix: ## Run dart fix
 	dart fix --apply
 
-fix-project: fix format ## Fix whole project
+analyze: ## Run dart analyze
+	dart analyze
+
+fix-project: fix analyze format ## Fix whole project
 
 run: ## Run dev project
-	docker compose up --build
+	docker compose up --build
diff --git a/analysis_options.yaml b/analysis_options.yaml
@@ -2,3 +2,5 @@ include: package:lints/recommended.yaml
 
 analyzer:
   exclude: [build/**]
+  errors:
+    implementation_imports: ignore
diff --git a/bin/console.dart b/bin/console.dart
@@ -0,0 +1,32 @@
+import 'package:running_on_dart/src/api/jwt_middleware.dart';
+
+enum Commands {
+  generateAdminJwt('generate-admin-jwt');
+
+  final String name;
+  const Commands(this.name);
+
+  static Commands byName(String name) {
+    return values.firstWhere((e) => e.name == name);
+  }
+}
+
+int main(List<String> args) {
+  if (args.isEmpty) {
+    print("Available commands: \n${Commands.values.map((e) => e.name).join(", ")}");
+    return -1;
+  }
+
+  final command = Commands.byName(args[0]);
+
+  switch (command) {
+    case Commands.generateAdminJwt:
+      print(generateJwtKey("0", "test-user"));
+      break;
+    default:
+      print("Command '$command' not recognized!");
+      return -1;
+  }
+
+  return 0;
+}
diff --git a/bin/running_on_dart.dart b/bin/running_on_dart.dart
@@ -44,4 +44,6 @@ void main() async {
       ));
 
   await setupContainer(client);
+
+  WebServer().startServer();
 }
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -9,6 +9,8 @@ services:
       - db
     depends_on:
       - db
+    networks:
+      - nginx-proxy_default
 
   db:
     image: postgres:17
@@ -21,3 +23,8 @@ services:
 
 volumes:
   rod_db_17:
+
+networks:
+  nginx-proxy_default:
+    name: nginx-proxy_default
+    driver: bridge
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,8 +6,8 @@ services:
     container_name: running_on_dart
     env_file:
      - .env
-    links:
-      - db
+    ports:
+      - "8088:8088"
     depends_on:
       - db
 

diff --git a/lib/running_on_dart.dart b/lib/running_on_dart.dart
@@ -24,3 +24,5 @@ export 'src/settings.dart';
 export 'src/converter.dart';
 export 'src/error_handler.dart';
 export 'src/init.dart';
+
+export 'src/api/api_server.dart' show WebServer;
diff --git a/lib/src/api/api_server.dart b/lib/src/api/api_server.dart
@@ -0,0 +1,125 @@
+import 'dart:convert';
+
+import 'package:injector/injector.dart';
+import 'package:nyxx/nyxx.dart';
+import 'package:running_on_dart/running_on_dart.dart';
+import 'package:running_on_dart/src/api/jwt_middleware.dart';
+import 'package:running_on_dart/src/api/utils.dart';
+import 'package:running_on_dart/src/services/bot_info.dart';
+
+import 'package:shelf_cors_headers/shelf_cors_headers.dart';
+import 'package:shelf_router/shelf_router.dart' as shelf_router;
+import 'package:shelf/shelf.dart' as shelf;
+import 'package:shelf/shelf_io.dart' as shelf_io;
+
+import 'package:http/http.dart' as http;
+
+final clientId = getEnv('DISCORD_CLIENT_ID');
+final clientSecret = getEnv('DISCORD_CLIENT_SECRET');
+final clientRedirectUri = getEnv('DISCORD_REDIRECT_URI');
+
+enum WebApiPermission {
+  guilds('G');
+
+  final String name;
+
+  const WebApiPermission(this.name);
+}
+
+class WebServer {
+  final Logger _logger = Logger('ROD.ApiServer');
+
+  Future<shelf.Response> _handleBotInfo(shelf.Request request) async {
+    final botInfo = await Injector.appInstance.get<BotInfoService>().getCurrentBotInfo();
+
+    return createOkResponse(botInfo.toJson());
+  }
+
+  Future<shelf.Response> _handleGuildInfo(shelf.Request request) async {
+    final outputJson = Injector.appInstance.get<NyxxGateway>().guilds.cache.values.map((guild) {
+      return <String, dynamic>{
+        "id": guild.id.toString(),
+        "icon_hash": guild.iconHash,
+        "banner_hash": guild.bannerHash,
+        "name": guild.name,
+        "cached_members": guild.members.cache.length,
+        "cached_roles": guild.roles.cache.length,
+      };
+    });
+
+    return createOkResponse(outputJson.toList());
+  }
+
+  Future<shelf.Response> _handleLogin(shelf.Request request) async {
+    final requestBody = jsonDecode(await request.readAsString()) as Map<String, dynamic>;
+    final authCode = requestBody['code'];
+
+    final response = await http.post(Uri.https('discord.com', '/api/oauth2/token'), body: {
+      'client_id': clientId,
+      'client_secret': clientSecret,
+      'redirect_uri': clientRedirectUri,
+      'grant_type': 'authorization_code',
+      'code': authCode,
+    }, headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    });
+
+    if (response.statusCode != 200) {
+      return createJsonErrorResponse(400, "Cannot login through discord. Try again");
+    }
+
+    final responseBody = jsonDecode(response.body) as Map<String, dynamic>;
+    final accessToken = responseBody['access_token'];
+
+    final authorizedUserResponse = await http.get(Uri.https('discord.com', '/api/oauth2/@me'),
+        headers: {"Accept": 'application/json', 'Authorization': 'Bearer $accessToken'});
+
+    if (authorizedUserResponse.statusCode != 200) {
+      return createJsonErrorResponse(400, "Cannot fetch user data from discord!");
+    }
+
+    final authorizedUserResponseBody = jsonDecode(authorizedUserResponse.body) as Map<String, dynamic>;
+
+    final userName =
+        authorizedUserResponseBody['user']['global_name'] ?? authorizedUserResponseBody['user']['username'];
+    final jwtToken = generateJwtKey(authorizedUserResponseBody['user']['id'], userName);
+
+    return createOkResponse({
+      'token': jwtToken,
+      'user': {
+        'id': authorizedUserResponseBody['user']['id'],
+        'name': userName,
+        'avatar_hash': authorizedUserResponseBody['user']['avatar'],
+      },
+    });
+  }
+
+  Future<shelf_router.Router> _setupRouter() async {
+    return shelf_router.Router()
+      ..get("/api/info", _handleBotInfo)
+      ..post("/api/login", _handleLogin)
+      ..get("/api/guilds", _authorized(_handleGuildInfo, [WebApiPermission.guilds]));
+  }
+
+  shelf.Handler _authorized(shelf.Handler inner, [List<WebApiPermission> requiredRoles = const []]) =>
+      shelf.Pipeline().addMiddleware(jwtMiddleware(requiredRoles.map((e) => e.name).toList())).addHandler(inner);
+
+  Future<void> startServer() async {
+    if (!enableApiServer) {
+      _logger.info("Api server disabled...");
+      return;
+    }
+
+    final router = await _setupRouter();
+
+    final corsOriginChecker = dev ? originAllowAll : originOneOf([getEnv('API_SERVER_FRONTEND_ORIGIN')]);
+
+    final app = const shelf.Pipeline()
+        .addMiddleware(shelf.logRequests())
+        .addMiddleware(corsHeaders(originChecker: corsOriginChecker))
+        .addHandler(router.call);
+
+    _logger.info("Starting api server at `$apiServerHost:$apiServerPort`");
+    await shelf_io.serve(app, apiServerHost, apiServerPort);
+  }
+}
diff --git a/lib/src/api/jwt_middleware.dart b/lib/src/api/jwt_middleware.dart
@@ -0,0 +1,57 @@
+import 'package:jaguar_jwt/jaguar_jwt.dart';
+import 'package:nyxx/nyxx.dart';
+import 'package:running_on_dart/running_on_dart.dart';
+import 'package:running_on_dart/src/api/api_server.dart';
+import 'package:running_on_dart/src/api/utils.dart';
+import 'package:shelf/shelf.dart' as shelf;
+
+final jwtKey = getEnv("JWT_SECRET");
+
+class MissingPermissionsException implements Exception {}
+
+String generateJwtKey(String discordUserId, String userName) {
+  final perms = adminIds.contains(Snowflake.parse(discordUserId)) ? WebApiPermission.values.map((e) => e.name) : [];
+
+  final jwtClaim = JwtClaim(
+    subject: discordUserId,
+    maxAge: Duration(days: 1),
+    payload: {
+      "name": userName,
+      'perms': perms,
+    },
+  );
+
+  return issueJwtHS256(jwtClaim, jwtKey);
+}
+
+void validateClaims(JwtClaim jwt, List<String> requiredPermissions) {
+  final permissions = (jwt.payload['perms'] as List<dynamic>? ?? []).cast<String>();
+  final valid = Set.of(permissions).containsAll(requiredPermissions);
+  if (!valid) {
+    throw MissingPermissionsException();
+  }
+}
+
+shelf.Middleware jwtMiddleware([List<String> requiredPermissions = const []]) => (shelf.Handler handler) {
+      return (shelf.Request request) {
+        final authHeader = request.headers['Authorization'];
+
+        if (authHeader == null) {
+          return createUnauthorizedResponse('Missing authorization header');
+        }
+
+        try {
+          final jwt = verifyJwtHS256Signature(authHeader.replaceFirst('Bearer ', ''), jwtKey);
+
+          if (requiredPermissions.isNotEmpty) {
+            validateClaims(jwt, requiredPermissions);
+          }
+        } on JwtException catch (e) {
+          return createUnauthorizedResponse(e.message);
+        } on MissingPermissionsException {
+          return createForbiddenResponse();
+        }
+
+        return handler(request);
+      };
+    };
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,4 +44,6 @@ void main() async { @@
           ));
       await setupContainer(client);
+      WebServer().startServer();
     }