Merge pull request #44 from Women-in-Computing-at-RIT/feature/discord

Add discord integration

Author: ha1lie

api/src/controller/discord.py

@@ -0,0 +1,31 @@
+import logging
+
+from flask_restful import Resource
+from flask import request
+from utils.authentication import authenticate
+from data.discord import getHackerDataByDiscordId
+
+logger = logging.getLogger("Discord")
+class Discord(Resource):
+    PATH = '/discord/user/<discord_id>'
+
+    def get(self, discord_id):
+        authenticationPayload = authenticate(request.headers)
+        if authenticationPayload is None:
+            return {"message": "Must be logged in"}, 401
+        if not authenticationPayload['gty'] == 'client-credentials':
+            # check that the grant type is client-credentials which will exist only for the machine to machine
+            # auth0 connections using client id and secret, aka: discord bots
+            logger.error("Non-Bot/Non-Client Request to get discord information")
+            return {"message": "You shall not pass"}, 403
+
+        if discord_id is None:
+            return {"Message": "Must include discord id"}, 400
+        # ==========
+        # Authentication with Bots via API Keys, auth0 ID doesn't mean anything here
+        # ==========
+
+        hackerData = getHackerDataByDiscordId(discord_id)
+        if hackerData is None:
+            return {}, 500
+        return hackerData

api/src/controller/discordIntegration.py

@@ -0,0 +1,81 @@
+import logging
+
+import requests
+from flask_restful import Resource
+from flask import request, redirect
+from data.users import getUserByAuthID, getUserIdFromAuthID
+from utils.authentication import authenticate
+from data.discord import saveDiscordId
+from urllib.parse import quote
+from hashlib import sha256
+from utils.aws import getDiscordClientID, getDiscordClientSecret, getRedirectDomain
+
+logger = logging.getLogger("Discord")
+
+
+def getRedirectUrl():
+    return getRedirectDomain() + "/discord/callback"
+
+
+def getUrlSafeRedirectUrl():
+    url = getRedirectUrl()
+    return quote(url, safe='')
+
+
+class DiscordIntegration(Resource):
+    PATH = '/discord'
+
+    def get(self):
+        userId = request.args.get('id')
+        if userId is None:
+            return {}, 400
+
+        state = sha256(str(userId).encode("ASCII")).hexdigest()
+        urlEncodedCallback = getUrlSafeRedirectUrl()
+        discordAuthorizationURL = f'https://discord.com/oauth2/authorize?response_type=code&client_id={getDiscordClientID()}&scope=identify&state={state}&redirect_uri={urlEncodedCallback}'
+        return redirect(discordAuthorizationURL, code=302)
+
+    def post(self):
+        authenticationPayload = authenticate(request.headers)
+        if authenticationPayload is None:
+            return {"message": "Authorization Header Failure"}, 401
+        auth0_id = authenticationPayload['sub']
+        userId = getUserIdFromAuthID(auth0_id)
+
+        state = request.args.get('state')
+        code = request.args.get('code')
+        if not state == sha256(str(userId).encode("ASCII")).hexdigest():
+            user = getUserByAuthID(auth0_id)
+            logger.error("A Hacker is under a CSRF attack. user=%s", user)
+            return {}, 400
+        if code is None:
+            return {}, 400
+
+        payload = {
+            'client_id': getDiscordClientID(),
+            'client_secret': getDiscordClientSecret(),
+            'grant_type': 'authorization_code',
+            'code': code,
+            'redirect_uri': getRedirectUrl()
+        }
+        headers = {
+            'Content-Type': 'application/x-www-form-urlencoded'
+        }
+        response = requests.post('https://discord.com/api/oauth2/token', data=payload, headers=headers)
+        discordData = response.json()
+        if not response.status_code == 200:
+            logger.error("Requesting Token from code Failure: UserId=%s", userId)
+            return {}, 500
+        hackerAccessToken = discordData['access_token']
+        headers = {
+            'authorization': 'Bearer ' + hackerAccessToken
+        }
+        identityResponse = requests.get("https://discord.com/api/users/@me", headers=headers)
+        if not identityResponse.status_code == 200:
+            logger.error("Requesting Identity from Discord Failed: UserId=%s", userId)
+            return {}, 500
+        userDiscordId = identityResponse.json()['id']
+        saveSuccessful = saveDiscordId(auth0Id=auth0_id, discordId=userDiscordId)
+        if saveSuccessful:
+            return {"Message": "Discord Integration Success"}
+        return {}, 500

api/src/data/discord.py

@@ -0,0 +1,46 @@
+import logging
+
+from db.db_utils import exec_commit, exec_get_all
+
+logger = logging.getLogger("Discord")
+
+def saveDiscordId(auth0Id, discordId) -> bool:
+    """
+    Save discord id for user by auth0 ID
+    :param auth0Id:
+    :param discordId:
+    :return:
+    """
+    saveSQL = "UPDATE Users set Users.discord_id = %(discordId)s WHERE auth0_id = %(auth0Id)s;"
+    args = {"discordId": discordId, "auth0Id": auth0Id}
+
+    numberOfRowsAffected = exec_commit(saveSQL, args)
+    if numberOfRowsAffected is None:
+        return None
+    if numberOfRowsAffected != 1:
+        logger.error("Discord Update Affected Multiple Hackers: %s", numberOfRowsAffected)
+        return False
+    return True
+
+
+def getHackerDataByDiscordId(discordId) -> dict:
+    """
+    Retrieve data for discord bots based on user's discordId
+    :param discordId:
+    :return: dictionary with user data or None if error, empty dictionary if no user found
+    """
+    selectSQL = "SELECT u.first_name, u.last_name, app.status FROM Users u " \
+    " INNER JOIN Applications app on u.application_id = app.application_id " \
+    "WHERE u.discord_id = %(discordId)s;"
+    args = {"discordId": discordId}
+
+    userData = exec_get_all(selectSQL, args)
+    if userData is None:
+        return None
+    elif len(userData) > 1:
+        logger.error("Multiple Users Found for Discord ID. DiscordID=%s", discordId)
+        return None
+    elif len(userData) == 0:
+        logger.info("No User found for discord id. DiscordID=%s", discordId)
+        return None
+    return userData[0]

api/src/data/permissions.py

@@ -54,6 +54,8 @@ def checkUserPermissionsByAuth0Id(auth0Id, permission, accessType) -> bool:
     result, err = exec_get_one(sql, args)
     if err:
         return None
+    if result is None:
+        return False
     if len(result) > 0:
         # check if there are keys in result, if there are then user has permission
         return True

api/src/db/db_utils.py

@@ -134,7 +134,7 @@ def exec_get_all(sql, args={}) -> dict:
         return None
 
 
-def exec_commit(sql, args={}) -> dict:
+def exec_commit(sql, args={}) -> int:
     """
     executes sql statement and commits transaction
     :param sql:

api/src/db/migration/scripts/2023_02_23_Add_Discord_Integration.down.sql

@@ -0,0 +1 @@
+ALTER TABLE Users DROP COLUMN discord_id;

api/src/db/migration/scripts/2023_02_23_Add_Discord_Integration.up.sql

@@ -0,0 +1 @@
+ALTER TABLE Users ADD COLUMN discord_id BIGINT;

api/src/server.py

@@ -17,6 +17,8 @@
 from controller.email import Email
 from controller.emailPreset import EmailPreset
 from controller.confirmation import Confirmation
+from controller.discordIntegration import DiscordIntegration
+from controller.discord import Discord
 from db.migration import migration
 import logging
 from dotenv import load_dotenv
@@ -51,6 +53,8 @@
 api.add_resource(Email, Email.PATH)
 api.add_resource(EmailPreset, EmailPreset.PATH)
 api.add_resource(Confirmation, Confirmation.PATH)
+api.add_resource(DiscordIntegration, DiscordIntegration.PATH)
+api.add_resource(Discord, Discord.PATH)
 
 if not initializeAWSClients():
     logger.error("AWS Client Initialization Failure")

api/src/utils/aws.py

@@ -66,6 +66,18 @@ def getAuth0ClientID() -> str:
     return getSSMSecureParameter('AUTH0_CLIENT_ID')
 
 
+def getDiscordClientID() -> str:
+    return getSSMSecureParameter('DISCORD_CLIENT_ID')
+
+
+def getDiscordClientSecret() -> str:
+    return getSSMSecureParameter('DISCORD_CLIENT_SECRET')
+
+
+def getRedirectDomain() -> str:
+    return getSSMSecureParameter(f'/{environment}/REDIRECT_URL')
+
+
 def getSSMSecureParameter(parameterName) -> str:
     ssmResponse = None
     try:

ui/src/components/routes.js

@@ -15,6 +15,7 @@ import {ManageApplicationView} from "../pages/manage/manageApplicationView";
 import ManageAccommodations from "../pages/manage/manageAccomodations";
 import ManageEmails from "../pages/manage/manageEmails";
 import {ConfirmUser} from "../pages/hackers/confirmAttendance";
+import {DiscordCallback} from "../pages/hackers/discord";
 
 export default function AppRoutes(){
     return (
@@ -26,6 +27,7 @@ export default function AppRoutes(){
             <Route path="/user/application" element={<ProtectedComponent component={HackerApplicationView} />} />
             <Route path="/user/confirm" element={<ProtectedComponent component={ConfirmUser} />} />
             <Route path="/auth" element={<LoadingView />} />
+            <Route path="/discord/callback" element={<ProtectedComponent component={DiscordCallback} />} />
             <Route path="/manage" element={<ProtectedComponent component={AdminRoute} permission={CONSOLE} type={READ} children={<HackathonManagerLandingPage />} />} />
             <Route path="/manage/applications" element={<ProtectedComponent component={AdminRoute} permission={HACKER_DATA} type={READ} children={<ManageApplications />} />} />
             <Route path="/manage/applications/:userId" element={<ProtectedComponent component={AdminRoute} permission={HACKER_DATA} type={READ} children={<ManageApplicationView />} />} />