51 lines
1.8 KiB
JavaScript
51 lines
1.8 KiB
JavaScript
// auth.js
|
|
import express from "express";
|
|
import fetch from "node-fetch";
|
|
const router = express.Router();
|
|
|
|
const CLIENT_ID = process.env.DISCORD_CLIENT_ID;
|
|
const CLIENT_SECRET = process.env.DISCORD_CLIENT_SECRET;
|
|
const REDIRECT_URI = process.env.DISCORD_REDIRECT_URI; // e.g. https://your.site/api/auth/discord/callback
|
|
const SCOPES = ["identify"]; // you only need the user's handle/id
|
|
|
|
router.get("/auth/discord", (req, res) => {
|
|
const url = new URL("https://discord.com/oauth2/authorize");
|
|
url.searchParams.set("client_id", CLIENT_ID);
|
|
url.searchParams.set("response_type", "code");
|
|
url.searchParams.set("scope", SCOPES.join(" "));
|
|
url.searchParams.set("redirect_uri", REDIRECT_URI);
|
|
res.redirect(url.toString());
|
|
});
|
|
|
|
router.get("/auth/discord/callback", async (req, res) => {
|
|
const code = req.query.code;
|
|
const token = await fetch("https://discord.com/api/oauth2/token", {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
body: new URLSearchParams({
|
|
client_id: CLIENT_ID,
|
|
client_secret: CLIENT_SECRET,
|
|
grant_type: "authorization_code",
|
|
code, redirect_uri: REDIRECT_URI
|
|
})
|
|
}).then(r => r.json());
|
|
|
|
const me = await fetch("https://discord.com/api/users/@me", {
|
|
headers: { Authorization: `Bearer ${token.access_token}` }
|
|
}).then(r => r.json());
|
|
|
|
req.session.user = {
|
|
id: me.id,
|
|
username: me.username,
|
|
global_name: me.global_name || null
|
|
};
|
|
res.redirect("/"); // back to storefront
|
|
});
|
|
|
|
router.get("/api/whoami", (req, res) => {
|
|
if (!req.session.user) return res.sendStatus(401);
|
|
res.json(req.session.user);
|
|
});
|
|
|
|
export default router;
|