feat: link discord account to existing account

2024-11-03 13:53:16 +01:00 · 2024-11-03 13:53:16 +01:00 · 201c56c3dd
commit 201c56c3dd
parent c4cb08cdc1
12 changed files with 333 additions and 14 deletions
--- a/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
@ -1,6 +1,10 @@
+using System.Net;
+using System.Web;
+using EntityFramework.Exceptions.Common;
 using Foxnouns.Backend.Database;
 using Foxnouns.Backend.Database.Models;
 using Foxnouns.Backend.Extensions;
+using Foxnouns.Backend.Middleware;
 using Foxnouns.Backend.Services;
 using Foxnouns.Backend.Services.Auth;
 using Foxnouns.Backend.Utils;
@ -94,6 +98,87 @@ public class DiscordAuthController(
        return Ok(await authService.GenerateUserTokenAsync(user));
    }

+    [HttpGet("add-account")]
+    [Authorize("*")]
+    public async Task<IActionResult> AddDiscordAccountAsync()
+    {
+        CheckRequirements();
+
+        var existingAccounts = await db
+            .AuthMethods.Where(m => m.UserId == CurrentUser!.Id && m.AuthType == AuthType.Discord)
+            .CountAsync();
+        if (existingAccounts > AuthUtils.MaxAuthMethodsPerType)
+        {
+            throw new ApiError.BadRequest(
+                "Too many linked Discord accounts, maximum of 3 per account."
+            );
+        }
+
+        var state = HttpUtility.UrlEncode(
+            await keyCacheService.GenerateAddExtraAccountStateAsync(
+                AuthType.Discord,
+                CurrentUser!.Id
+            )
+        );
+
+        var url =
+            $"https://discord.com/oauth2/authorize?response_type=code"
+            + $"&client_id={config.DiscordAuth.ClientId}&scope=identify"
+            + $"&prompt=none&state={state}"
+            + $"&redirect_uri={HttpUtility.UrlEncode($"{config.BaseUrl}/auth/callback/discord")}";
+
+        return Ok(new AuthController.SingleUrlResponse(url));
+    }
+
+    [HttpPost("add-account/callback")]
+    [Authorize("*")]
+    public async Task<IActionResult> AddAccountCallbackAsync(
+        [FromBody] AuthController.CallbackRequest req
+    )
+    {
+        CheckRequirements();
+
+        var accountState = await keyCacheService.GetAddExtraAccountStateAsync(req.State);
+        if (
+            accountState is not { AuthType: AuthType.Discord }
+            || accountState.UserId != CurrentUser!.Id
+        )
+            throw new ApiError.BadRequest("Invalid state", "state", req.State);
+
+        var remoteUser = await remoteAuthService.RequestDiscordTokenAsync(req.Code);
+        try
+        {
+            var authMethod = await authService.AddAuthMethodAsync(
+                CurrentUser.Id,
+                AuthType.Discord,
+                remoteUser.Id,
+                remoteUser.Username
+            );
+            _logger.Debug(
+                "Added new Discord auth method {AuthMethodId} to user {UserId}",
+                authMethod.Id,
+                CurrentUser.Id
+            );
+
+            return Ok(
+                new AuthController.AddOauthAccountResponse(
+                    authMethod.Id,
+                    AuthType.Discord,
+                    authMethod.RemoteId,
+                    authMethod.RemoteUsername
+                )
+            );
+        }
+        catch (UniqueConstraintException)
+        {
+            throw new ApiError(
+                "That account is already linked.",
+                HttpStatusCode.BadRequest,
+                ErrorCode.AccountAlreadyLinked
+            );
+        }
+    }
+
    private void CheckRequirements()
    {
        if (!config.DiscordAuth.Enabled)