From ee7f1d97f3b2b03ede5e2845698bd56767c397c3 Mon Sep 17 00:00:00 2001
From: FragginWagon <greg.r.jacobs@gmail.com>
Date: Fri, 30 Jan 2026 05:34:01 +0000
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20endpoint=20to=20fetch=20Disco?=
 =?UTF-8?q?rd=20user=20profile=20using=20access=20token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../pokedex.online/server/routes/auth.js      | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/code/websites/pokedex.online/server/routes/auth.js b/code/websites/pokedex.online/server/routes/auth.js
index 59b59b6..bb808b5 100644
--- a/code/websites/pokedex.online/server/routes/auth.js
+++ b/code/websites/pokedex.online/server/routes/auth.js
@@ -277,5 +277,60 @@ export function createAuthRouter({ secret, adminPassword } = {}) {
     }
   });
 
+  /**
+   * GET /auth/discord/profile
+   * Fetch Discord user profile using the stored Discord token
+   * Requires: Authorization header with Discord access token
+   */
+  router.get('/discord/profile', async (req, res) => {
+    try {
+      const authHeader = req.headers.authorization;
+      if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return res.status(401).json({
+          error: 'Missing or invalid authorization header',
+          code: 'MISSING_AUTH'
+        });
+      }
+
+      const token = authHeader.substring('Bearer '.length);
+
+      // Fetch user profile from Discord API
+      const response = await fetch('https://discord.com/api/users/@me', {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      });
+
+      if (!response.ok) {
+        console.error('Discord API error:', response.status);
+        return res.status(response.status).json({
+          error: 'Failed to fetch Discord profile',
+          code: 'DISCORD_API_ERROR'
+        });
+      }
+
+      const userData = await response.json();
+
+      // Return user data
+      res.json({
+        user: {
+          id: userData.id,
+          username: userData.username,
+          global_name: userData.global_name,
+          discriminator: userData.discriminator,
+          avatar: userData.avatar,
+          email: userData.email,
+          verified: userData.verified
+        }
+      });
+    } catch (err) {
+      console.error('Failed to fetch Discord profile:', err);
+      return res.status(500).json({
+        error: 'Failed to fetch Discord profile',
+        code: 'PROFILE_FETCH_ERROR'
+      });
+    }
+  });
+
   return router;
 }