update & fix http stuff

Author: eartharoid

package.json

@@ -49,15 +49,15 @@
 		"@eartharoid/dbf": "^0.4.1",
 		"@eartharoid/dtf": "^2.0.1",
 		"@eartharoid/i18n": "^1.2.1",
-		"@fastify/cookie": "^9.1.0",
-		"@fastify/jwt": "^7.2.2",
-		"@fastify/oauth2": "^7.5.0",
+		"@fastify/cookie": "^9.3.1",
+		"@fastify/jwt": "^8.0.0",
+		"@fastify/oauth2": "^7.8.0",
 		"@prisma/client": "^4.16.1",
 		"boxen": "^7.1.0",
 		"cryptr": "^6.2.0",
 		"discord.js": "^14.11.0",
 		"dotenv": "^16.0.3",
-		"fastify": "^4.24.2",
+		"fastify": "^4.25.2",
 		"figlet": "^1.6.0",
 		"fs-extra": "^10.1.0",
 		"keyv": "^4.5.2",

pnpm-lock.yaml

@@ -25,17 +25,18 @@ module.exports = async client => {
 	fastify.states = new Map();
 	fastify.register(oauth, {
 		callbackUri: `${process.env.HTTP_EXTERNAL}/auth/callback`,
-		checkStateFunction: (req, callback) => {
-			// if (fastify.states.has(req.query.state)) {
-			// 	callback();
-			// 	return;
-			// }
-			console.log(req.session)
-			if (req.query.state === req.session.state) {
-				callback();
-				return;
+		// checkStateFunction: (req, callback) => {
+		// 	if (req.query.state === req.cookies['oauth2-redirect-state']) {
+		// 		callback();
+		// 		return;
+		// 	}
+		// 	callback(new Error('Invalid state'));
+		// },
+		checkStateFunction: async req => {
+			if (req.query.state !== req.cookies['oauth2-redirect-state']) {
+				throw new Error('Invalid state');
 			}
-			callback(new Error('Invalid state'));
+			return true;
 		},
 		credentials: {
 			auth: oauth.DISCORD_CONFIGURATION,

src/http.js

@@ -2,26 +2,33 @@ const { domain } = require('../../lib/http');
 
 module.exports.get = () => ({
 	handler: async function (req, res) { // MUST NOT use arrow function syntax
-		const {
-			access_token: accessToken,
-			expires_in: expiresIn,
-		} = await this.discord.getAccessTokenFromAuthorizationCodeFlow(req);
+		const data = await (await fetch('https://discord.com/api/oauth2/token', {
+			body: new URLSearchParams({
+				client_id: req.routeOptions.config.client.user.id,
+				client_secret: process.env.DISCORD_SECRET,
+				code: req.query.code,
+				grant_type: 'authorization_code',
+				redirect_uri: `${process.env.HTTP_EXTERNAL}/auth/callback`,
+			}).toString(),
+			headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+			method: 'POST',
+		})).json();
 		const redirect = this.states.get(req.query.state) || '/';
 		this.states.delete(req.query.state);
-		const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${accessToken}` } })).json();
+		const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${data.access_token}` } })).json();
 		const token = this.jwt.sign({
-			accessToken,
+			accessToken: data.access_token,
 			avatar: user.avatar,
 			discriminator: user.discriminator,
-			expiresAt: Date.now() + (expiresIn * 1000),
+			expiresAt: Date.now() + (data.expires_in * 1000),
 			id: user.id,
 			locale: user.locale,
 			username: user.username,
 		});
 		res.setCookie('token', token, {
 			domain,
 			httpOnly: true,
-			maxAge: expiresIn,
+			maxAge: data.expires_in,
 			path: '/',
 			sameSite: 'Lax',
 			secure: false,