-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathserver.js
63 lines (50 loc) · 2.73 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
const express = require('express');
const session = require('cookie-session');
const ratelimit = require('express-rate-limit');
const axios = require('axios');
const fs = require('fs');
const zlib = require('zlib');
const { dbs } = require('./ticketomancy.js');
module.exports = () => {
const app = express();
app.use(ratelimit({
windowMs: 10 * 60 * 1000,
max: 100
}))
app.use(session({
secret: config.keys.cookie,
resave: false,
saveUninitialized: false,
cookie: { secure: true },
maxAge: 864e6
}));
app.get('/', (req, res) => res.redirect('https://github.com/notlet/ticketomancy'));
app.get('/oauth', async (req, res) => {
if (Object.keys(req.query).length < 1) return res.send("<script>window.location.href = window.location.href.replace('#', '?')</script>");
if (!req.query.access_token) return res.status(400).redirect('https://notlet.dev/error?code=400&nohome=1');
req.session.token = req.query.access_token;
req.session.token_type = req.query.token_type;
req.session.authorized = true;
let redirect = req.session.redirect;
delete req.session.redirect;
return redirect ? res.redirect(redirect) : res.redirect('https://notlet.dev/error?code=200&nohome=1');
})
app.get('/transcript/:id', async (req, res) => {
const filepath = /^\d+$/.test(req.params.id) ? `transcripts/${req.params.id}.html.br` : null;
if (!filepath || !fs.existsSync(filepath)) return res.status(404).redirect('https://notlet.dev/error?code=404&nohome=1');
if (!req.session.authorized) {
req.session.redirect = `${config.url}/transcript/${req.params.id}`;
return res.redirect(`https://discord.com/oauth2/authorize?client_id=${config.keys.discord.clientID}&response_type=token&redirect_uri=${encodeURIComponent(`${config.url}/oauth`)}&scope=identify%20guilds.members.read`)
}
const memberData = await axios.get(`https://discord.com/api/users/@me/guilds/${config.server}/member`, {
headers: { Authorization: `${req.session.token_type} ${req.session.token}` }
}).catch(() => {});
if (!memberData?.data) return;
const ticket = await dbs.a.findOne({ channel: req.params.id });
if (!ticket) return res.status(404).redirect('https://notlet.dev/error?code=404&nohome=1');
if (!config.categories[ticket.type].team.map(r => memberData.data.roles.includes(r)).includes(true) && ticket.user !== memberData.data.user.id) return res.status(403).redirect('https://notlet.dev/error?code=403&nohome=1');
res.contentType('text/html');
res.send(zlib.brotliDecompressSync(fs.readFileSync(filepath)).toString());
});
app.listen(3000);
}