import express from 'express'; import fetch from 'node-fetch'; import logger from '../utils/logger.js'; function computeExpiresAt(expiresInSeconds) { const ttl = Number(expiresInSeconds || 0); if (!ttl || Number.isNaN(ttl)) return null; return Date.now() + ttl * 1000; } function redactProviderRecord(provider, record) { if (!record) { if (provider === 'challonge') { return { provider, connected: false, methods: { user_oauth: { connected: false, expires_at: null, scope: null }, client_credentials: { stored: false, connected: false, expires_at: null, scope: null }, api_key: { stored: false, connected: false } } }; } if (provider === 'discord') { return { provider, connected: false, expires_at: null, scope: null }; } return { provider, connected: false }; } if (provider === 'discord') { return { provider, connected: !!record.access_token, expires_at: record.expires_at || null, scope: record.scope || null }; } if (provider === 'challonge') { const user = record.user_oauth; const app = record.client_credentials; const apiKey = record.api_key; return { provider, connected: !!(user?.access_token || app?.access_token || apiKey?.token), methods: { user_oauth: { connected: !!user?.access_token, expires_at: user?.expires_at || null, scope: user?.scope || null }, client_credentials: { stored: !!(app?.client_id && app?.client_secret), connected: !!app?.access_token, expires_at: app?.expires_at || null, scope: app?.scope || null }, api_key: { stored: !!apiKey?.token, connected: !!apiKey?.token } } }; } return { provider, connected: true }; } export function createOAuthRouter({ config, tokenStore }) { const router = express.Router(); router.get('/:provider/status', async (req, res) => { const { provider } = req.params; if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } const record = await tokenStore.getProviderRecord(req.sid, provider); return res.json(redactProviderRecord(provider, record)); }); router.post('/:provider/disconnect', async (req, res) => { const { provider } = req.params; if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } await tokenStore.deleteProviderRecord(req.sid, provider); return res.json({ ok: true }); }); // Exchange authorization code (server stores tokens; frontend never receives them) router.post('/:provider/exchange', async (req, res) => { const { provider } = req.params; const { code } = req.body || {}; if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } if (!code) { return res.status(400).json({ error: 'Authorization code is required', code: 'MISSING_CODE' }); } if (provider === 'discord') { const clientId = process.env.VITE_DISCORD_CLIENT_ID; const clientSecret = process.env.DISCORD_CLIENT_SECRET; const redirectUri = process.env.DISCORD_REDIRECT_URI || process.env.VITE_DISCORD_REDIRECT_URI; if (!clientId || !clientSecret || !redirectUri) { return res.status(503).json({ error: 'Discord OAuth not configured', code: 'DISCORD_NOT_CONFIGURED' }); } const response = await fetch('https://discord.com/api/oauth2/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ client_id: clientId, client_secret: clientSecret, grant_type: 'authorization_code', code, redirect_uri: redirectUri }) }); const text = await response.text(); let payload; try { payload = text ? JSON.parse(text) : {}; } catch { payload = { raw: text.slice(0, 1000) }; } if (!response.ok) { logger.warn('Discord token exchange failed', { status: response.status, payload }); return res.status(response.status).json({ error: 'Discord token exchange failed', code: 'DISCORD_TOKEN_EXCHANGE_FAILED', details: payload }); } const record = { access_token: payload.access_token, refresh_token: payload.refresh_token, token_type: payload.token_type, scope: payload.scope, expires_at: computeExpiresAt(payload.expires_in) }; await tokenStore.setProviderRecord(req.sid, 'discord', record); return res.json(redactProviderRecord('discord', record)); } if (provider === 'challonge') { if (!config.challonge.configured || !config.challonge.redirectUri) { return res.status(503).json({ error: 'Challonge OAuth not configured', code: 'CHALLONGE_NOT_CONFIGURED' }); } const response = await fetch('https://api.challonge.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'authorization_code', client_id: config.challonge.clientId, client_secret: config.challonge.clientSecret, code, redirect_uri: config.challonge.redirectUri }) }); const payload = await response.json().catch(() => ({})); if (!response.ok) { logger.warn('Challonge token exchange failed', { status: response.status, payload }); return res.status(response.status).json({ error: 'Challonge token exchange failed', code: 'CHALLONGE_TOKEN_EXCHANGE_FAILED', details: payload }); } const existing = (await tokenStore.getProviderRecord(req.sid, 'challonge')) || {}; const user_oauth = { access_token: payload.access_token, refresh_token: payload.refresh_token, token_type: payload.token_type, scope: payload.scope, expires_at: computeExpiresAt(payload.expires_in) }; const record = { ...existing, user_oauth }; await tokenStore.setProviderRecord(req.sid, 'challonge', record); return res.json(redactProviderRecord('challonge', record)); } return res.status(400).json({ error: `Unknown provider: ${provider}`, code: 'UNKNOWN_PROVIDER' }); }); // Store Challonge API key (v1 compatibility) per session router.post('/challonge/api-key', async (req, res) => { let { apiKey } = req.body || {}; if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } if (!apiKey) { return res.status(400).json({ error: 'apiKey is required', code: 'MISSING_API_KEY' }); } apiKey = String(apiKey).trim(); if (apiKey.toLowerCase().startsWith('bearer ')) { apiKey = apiKey.slice('bearer '.length).trim(); } if (!apiKey) { return res.status(400).json({ error: 'apiKey is required', code: 'MISSING_API_KEY' }); } const existing = (await tokenStore.getProviderRecord(req.sid, 'challonge')) || {}; const record = { ...existing, api_key: { token: apiKey } }; await tokenStore.setProviderRecord(req.sid, 'challonge', record); return res.json(redactProviderRecord('challonge', record)); }); router.post('/challonge/api-key/clear', async (req, res) => { if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } const existing = (await tokenStore.getProviderRecord(req.sid, 'challonge')) || {}; const record = { ...existing }; if (record.api_key) delete record.api_key; await tokenStore.setProviderRecord(req.sid, 'challonge', record); return res.json(redactProviderRecord('challonge', record)); }); // Store Challonge client credentials and exchange token per session router.post('/challonge/client-credentials', async (req, res) => { let { clientId, clientSecret, scope } = req.body || {}; if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } if (typeof clientId === 'string') clientId = clientId.trim(); if (typeof clientSecret === 'string') clientSecret = clientSecret.trim(); if (typeof scope === 'string') scope = scope.trim(); const existing = (await tokenStore.getProviderRecord(req.sid, 'challonge')) || {}; const prev = existing.client_credentials || {}; const effectiveClientId = clientId || prev.client_id; const effectiveClientSecret = clientSecret || prev.client_secret; const effectiveScope = scope || prev.scope; if (!effectiveClientId || !effectiveClientSecret) { return res.status(400).json({ error: 'clientId and clientSecret are required (or must already be stored for this session)', code: 'MISSING_CLIENT_CREDENTIALS' }); } const response = await fetch('https://api.challonge.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'client_credentials', client_id: effectiveClientId, client_secret: effectiveClientSecret, ...(effectiveScope ? { scope: effectiveScope } : {}) }) }); const payload = await response.json().catch(() => ({})); if (!response.ok) { logger.warn('Challonge client_credentials token exchange failed', { status: response.status, payload }); return res.status(response.status).json({ error: 'Challonge client credentials exchange failed', code: 'CHALLONGE_CLIENT_CREDENTIALS_FAILED', details: payload }); } const record = { ...existing, client_credentials: { client_id: effectiveClientId, client_secret: effectiveClientSecret, access_token: payload.access_token, token_type: payload.token_type, scope: payload.scope, expires_at: computeExpiresAt(payload.expires_in) } }; await tokenStore.setProviderRecord(req.sid, 'challonge', record); return res.json(redactProviderRecord('challonge', record)); }); router.post('/challonge/client-credentials/clear', async (req, res) => { if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } const existing = (await tokenStore.getProviderRecord(req.sid, 'challonge')) || {}; const record = { ...existing }; if (record.client_credentials) delete record.client_credentials; await tokenStore.setProviderRecord(req.sid, 'challonge', record); return res.json(redactProviderRecord('challonge', record)); }); // Logout client credentials token but retain stored client_id/client_secret router.post('/challonge/client-credentials/logout', async (req, res) => { if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } const existing = (await tokenStore.getProviderRecord(req.sid, 'challonge')) || {}; const creds = existing.client_credentials; if (!creds) { return res.json(redactProviderRecord('challonge', existing)); } const record = { ...existing, client_credentials: { client_id: creds.client_id, client_secret: creds.client_secret } }; await tokenStore.setProviderRecord(req.sid, 'challonge', record); return res.json(redactProviderRecord('challonge', record)); }); // Refresh stored OAuth tokens (no tokens returned to browser) router.post('/:provider/refresh', async (req, res) => { const { provider } = req.params; if (!req.sid) { return res.status(500).json({ error: 'SID middleware not configured' }); } const record = await tokenStore.getProviderRecord(req.sid, provider); if (!record) { return res.status(400).json({ error: 'No stored tokens', code: 'NO_TOKENS' }); } if (provider === 'discord') { const refreshToken = record.refresh_token; if (!refreshToken) { return res.status(400).json({ error: 'No refresh token available', code: 'NO_REFRESH_TOKEN' }); } const clientId = process.env.VITE_DISCORD_CLIENT_ID; const clientSecret = process.env.DISCORD_CLIENT_SECRET; if (!clientId || !clientSecret) { return res.status(503).json({ error: 'Discord OAuth not configured', code: 'DISCORD_NOT_CONFIGURED' }); } const response = await fetch('https://discord.com/api/oauth2/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ client_id: clientId, client_secret: clientSecret, grant_type: 'refresh_token', refresh_token: refreshToken }) }); const payload = await response.json().catch(() => ({})); if (!response.ok) { return res.status(response.status).json({ error: 'Discord refresh failed', code: 'DISCORD_REFRESH_FAILED', details: payload }); } const updated = { ...record, access_token: payload.access_token, refresh_token: payload.refresh_token || record.refresh_token, token_type: payload.token_type, scope: payload.scope, expires_at: computeExpiresAt(payload.expires_in) }; await tokenStore.setProviderRecord(req.sid, 'discord', updated); return res.json(redactProviderRecord('discord', updated)); } if (provider === 'challonge') { const user = record.user_oauth; if (!user?.refresh_token) { return res.status(400).json({ error: 'No refresh token available', code: 'NO_REFRESH_TOKEN' }); } if (!config.challonge.configured) { return res.status(503).json({ error: 'Challonge OAuth not configured', code: 'CHALLONGE_NOT_CONFIGURED' }); } const response = await fetch('https://api.challonge.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'refresh_token', client_id: config.challonge.clientId, client_secret: config.challonge.clientSecret, refresh_token: user.refresh_token }) }); const payload = await response.json().catch(() => ({})); if (!response.ok) { return res.status(response.status).json({ error: 'Challonge refresh failed', code: 'CHALLONGE_REFRESH_FAILED', details: payload }); } const updatedRecord = { ...record, user_oauth: { ...user, access_token: payload.access_token, refresh_token: payload.refresh_token || user.refresh_token, token_type: payload.token_type, scope: payload.scope, expires_at: computeExpiresAt(payload.expires_in) } }; await tokenStore.setProviderRecord(req.sid, 'challonge', updatedRecord); return res.json(redactProviderRecord('challonge', updatedRecord)); } return res.status(400).json({ error: `Unknown provider: ${provider}`, code: 'UNKNOWN_PROVIDER' }); }); return router; }