feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback

backend/routes/auth/discord.go

@@ -36,8 +36,9 @@ type discordCallbackResponse struct {
 	Token string   `json:"token,omitempty"`
 	User  *db.User `json:"user,omitempty"`
 
-	Discord string `json:"discord,omitempty"` // username, for UI purposes
-	Ticket  string `json:"ticket,omitempty"`
+	Discord       string `json:"discord,omitempty"` // username, for UI purposes
+	Ticket        string `json:"ticket,omitempty"`
+	RequireInvite bool   `json:"require_invite,omitempty"` // require an invite for signing up
 }
 
 func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
@@ -95,7 +96,20 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
-	// no user found, so save a ticket
+	// no user found, so save a ticket + save their Discord info in Redis
+	ticket := RandBase64(32)
+	err = s.DB.SetJSON(ctx, "discord:"+ticket, du, "EX", "600")
+	if err != nil {
+		log.Errorf("setting Discord user for ticket %q: %v", ticket, err)
+		return err
+	}
+
+	render.JSON(w, r, discordCallbackResponse{
+		HasAccount:    false,
+		Discord:       du.String(),
+		Ticket:        ticket,
+		RequireInvite: s.RequireInvite,
+	})
 
 	return nil
 }

backend/routes/auth/oauth.go

@@ -14,16 +14,9 @@ const numStates = "1000"
 
 // setCSRFState generates a random string to use as state, then stores that in Redis.
 func (s *Server) setCSRFState(ctx context.Context) (string, error) {
-	b := make([]byte, 32)
+	state := RandBase64(32)
 
-	_, err := rand.Read(b)
-	if err != nil {
-		panic(err)
-	}
-
-	state := base64.URLEncoding.EncodeToString(b)
-
-	err = s.DB.MultiCmd(ctx,
+	err := s.DB.MultiCmd(ctx,
 		radix.Cmd(nil, "LPUSH", "csrf", state),
 		radix.Cmd(nil, "LTRIM", "csrf", "0", numStates),
 	)
@@ -39,3 +32,14 @@ func (s *Server) validateCSRFState(ctx context.Context, state string) (matched b
 	}
 	return num > 0, nil
 }
+
+// RandBase64 returns a string of random bytes encoded in raw base 64.
+func RandBase64(size int) string {
+	b := make([]byte, size)
+	_, err := rand.Read(b)
+	if err != nil {
+		panic(err)
+	}
+
+	return base64.RawURLEncoding.EncodeToString(b)
+}

backend/routes/auth/routes.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"net/http"
+	"os"
 
 	"codeberg.org/u1f320/pronouns.cc/backend/log"
 	"codeberg.org/u1f320/pronouns.cc/backend/server"
@@ -12,12 +13,20 @@ import (
 
 type Server struct {
 	*server.Server
+
+	RequireInvite bool
 }
 
 func Mount(srv *server.Server, r chi.Router) {
-	s := &Server{srv}
+	s := &Server{
+		Server:        srv,
+		RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
+	}
 
 	r.Route("/auth", func(r chi.Router) {
+		// check if username is taken
+		r.Get("/username", server.WrapHandler(s.usernameTaken))
+
 		// generate csrf token, returns all supported OAuth provider URLs
 		r.Post("/urls", server.WrapHandler(s.oauthURLs))
 
@@ -61,3 +70,29 @@ func (s *Server) oauthURLs(w http.ResponseWriter, r *http.Request) error {
 	})
 	return nil
 }
+
+func (s *Server) usernameTaken(w http.ResponseWriter, r *http.Request) error {
+	type Response struct {
+		Valid bool `json:"valid"`
+		Taken bool `json:"taken"`
+	}
+
+	name := r.FormValue("username")
+	if name == "" {
+		render.JSON(w, r, Response{
+			Valid: false,
+		})
+		return nil
+	}
+
+	valid, taken, err := s.DB.UsernameTaken(r.Context(), name)
+	if err != nil {
+		return err
+	}
+
+	render.JSON(w, r, Response{
+		Valid: valid,
+		Taken: taken,
+	})
+	return nil
+}