fragginwagon/memory-infrastructure-palace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Add Discord user authentication and admin permissions check for developer tools access

Browse Source
This commit is contained in:
Greg Jacobs
2026-01-30 05:13:35 +00:00
parent 2ef40ac5a3
commit 2ff4160944
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
code/websites/pokedex.online/server/oauth-proxy.js
View File

@@ -125,6 +125,55 @@ app.post('/oauth/token', async (req, res) => {
});
}
// Fetch Discord user info to check permissions
try {
const userResponse = await fetch('https://discord.com/api/users/@me', {
headers: {
Authorization: `Bearer ${data.access_token}`
}
});
if (userResponse.ok) {
const userData = await userResponse.json();
const username = userData.username?.toLowerCase();
const globalName = userData.global_name?.toLowerCase();
const discordId = userData.id;
logger.info('Discord user authenticated', {
username: userData.username,
id: discordId
});
// Check if user is in admin list
const isAdmin = config.discord.adminUsers.some(
adminUser =>
adminUser === username ||
adminUser === globalName ||
adminUser === discordId
);
// Add user info and permissions to response
data.discord_user = {
id: discordId,
username: userData.username,
global_name: userData.global_name,
discriminator: userData.discriminator,
avatar: userData.avatar
};
data.permissions = isAdmin ? ['developer_tools.view'] : [];
if (isAdmin) {
logger.info('Discord user granted developer access', { username: userData.username });
}
} else {
logger.warn('Failed to fetch Discord user info', { status: userResponse.status });
}
} catch (userError) {
logger.warn('Error fetching Discord user info', { error: userError.message });
// Continue without user info - token is still valid
}
logger.info('Discord token exchange successful');
return res.json(data);
}