@sapphire/plugin-api
Version:
Plugin for @sapphire/framework to expose a REST API
1 lines • 6.36 kB
Source Map (JSON)
{"version":3,"sources":["../../../../src/routes/oauth/logout.post.ts"],"names":["Route","HttpCodes","sleep","result","fetch","OAuth2Routes","stringify"],"mappings":";;;;;;;;;;;AAOO,IAAM,YAAA,GAAN,MAAM,YAAA,SAAoBA,eAAM,CAAA;AAAA,EAC/B,YAAY,OAA8B,EAAA;AAChD,IAAM,KAAA,CAAA,OAAA,EAAS,EAAE,KAAO,EAAA,cAAA,EAAgB,SAAS,CAAC,MAAM,GAAG,CAAA;AAC3D,IAAA,IAAA,CAAK,OAAU,GAAA,IAAA,CAAK,SAAU,CAAA,MAAA,CAAO,IAAS,KAAA,IAAA;AAAA;AAC/C,EAEA,MAAsB,GAAI,CAAA,OAAA,EAAwB,QAA0B,EAAA;AAC3E,IAAA,IAAI,CAAC,OAAA,CAAQ,IAAM,EAAA,OAAO,QAAS,CAAA,MAAA,CAAOC,uBAAU,CAAA,YAAY,CAAE,CAAA,IAAA,CAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAEjG,IAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAO,CAAA,OAAA,CAAQ,KAAK,KAAK,CAAA;AACnD,IAAA,IAAI,MAAO,CAAA,EAAA,EAAW,OAAA,IAAA,CAAK,QAAQ,QAAQ,CAAA;AAM3C,IAAI,IAAA,MAAA,CAAO,MAAW,KAAAA,uBAAA,CAAU,kBAAoB,EAAA;AAMnD,MAAA,MAAM,aAAa,IAAK,CAAA,iBAAA,CAAkB,OAAO,OAAQ,CAAA,GAAA,CAAI,aAAa,CAAC,CAAA;AAC3E,MAAA,IAAI,UAAY,EAAA;AACf,QAAA,MAAMC,gBAAM,UAAU,CAAA;AAEtB,QAAA,MAAMC,UAAS,MAAM,IAAA,CAAK,MAAO,CAAA,OAAA,CAAQ,KAAK,KAAK,CAAA;AACnD,QAAA,IAAIA,OAAO,CAAA,EAAA,EAAW,OAAA,IAAA,CAAK,QAAQ,QAAQ,CAAA;AAAA;AAC5C;AASD,IAAO,OAAA,QAAA,CAAS,OAAOF,uBAAU,CAAA,mBAAmB,EAAE,IAAK,CAAA,EAAE,KAAO,EAAA,+BAAA,EAAiC,CAAA;AAAA;AACtG,EAEQ,QAAQ,QAA0B,EAAA;AAEzC,IAAA,QAAA,CAAS,QAAQ,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,MAAA,CAAO,KAAM,MAAM,CAAA;AAC1D,IAAA,OAAO,QAAS,CAAA,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA;AACvC,EAEA,MAAc,OAAO,KAAe,EAAA;AACnC,IAAM,MAAA,IAAA,GAAO,IAAK,CAAA,SAAA,CAAU,MAAO,CAAA,IAAA;AAkBnC,IAAA,MAAM,MAAS,GAAA,MAAMG,YAAM,CAAAC,uBAAA,CAAa,kBAAoB,EAAA;AAAA,MAC3D,MAAQ,EAAA,MAAA;AAAA,MACR,MAAMC,qBAAU,CAAA;AAAA,QACf,KAAA;AAAA;AAAA,QAEA,WAAW,IAAK,CAAA,EAAA;AAAA,QAChB,eAAe,IAAK,CAAA;AAAA;AAAA,OAEpB,CAAA;AAAA,MACD,OAAS,EAAA;AAAA,QACR,cAAgB,EAAA;AAAA;AACjB,KACA,CAAA;AAED,IAAO,OAAA,MAAA;AAAA;AACR,EAEQ,kBAAkB,UAA2B,EAAA;AAGpD,IAAA,OAAO,UAAe,KAAA,IAAA,GAAO,GAAO,GAAA,MAAA,CAAO,UAAU,CAAI,GAAA,GAAA;AAAA;AAE3D,CAAA;AAvFuC,MAAA,CAAA,YAAA,EAAA,aAAA,CAAA;AAAhC,IAAM,WAAN,GAAA","file":"logout.post.cjs","sourcesContent":["import { sleep } from '@sapphire/utilities';\nimport { OAuth2Routes } from 'discord.js';\nimport { stringify } from 'querystring';\nimport { fetch } from 'undici';\nimport { Route } from '../../lib/structures/Route';\nimport { HttpCodes } from '../../lib/structures/http/HttpCodes';\n\nexport class PluginRoute extends Route {\n\tpublic constructor(context: Route.LoaderContext) {\n\t\tsuper(context, { route: 'oauth/logout', methods: ['POST'] });\n\t\tthis.enabled = this.container.server.auth !== null;\n\t}\n\n\tpublic override async run(request: Route.Request, response: Route.Response) {\n\t\tif (!request.auth) return response.status(HttpCodes.Unauthorized).json({ error: 'Unauthorized.' });\n\n\t\tconst result = await this.revoke(request.auth.token);\n\t\tif (result.ok) return this.success(response);\n\n\t\t// RFC 7009 2.2.1. If the server responds with HTTP status code 503, the client must assume the token still\n\t\t// exists and may retry after a reasonable delay.\n\t\t// The server may include a \"Retry-After\" header in the response to indicate how long the service is expected to\n\t\t// be unavailable to the requesting client.\n\t\tif (result.status === HttpCodes.ServiceUnavailable) {\n\t\t\t// RFC 7231 7.1.3. Servers send the \"Retry-After\" header field to indicate how long the user agent ought to\n\t\t\t// wait before making a follow-up request.\n\t\t\t//\n\t\t\t// The value of this field can be either an HTTP-date or a number of seconds to delay after the response is\n\t\t\t// received.\n\t\t\tconst retryAfter = this.processRetryAfter(result.headers.get('Retry-After'));\n\t\t\tif (retryAfter) {\n\t\t\t\tawait sleep(retryAfter);\n\n\t\t\t\tconst result = await this.revoke(request.auth.token);\n\t\t\t\tif (result.ok) return this.success(response);\n\t\t\t}\n\t\t}\n\n\t\t// RFC 7009 2.2. The authorization server responds with HTTP status code 200 if the token has been revoked\n\t\t// successfully or if the client submitted an invalid token.\n\t\t//\n\t\t// Note: invalid tokens do not cause an error response since the client cannot handle such an error in a\n\t\t// reasonable way. Moreover, the purpose of the revocation request, invalidating the particular token, is\n\t\t// already achieved.\n\t\treturn response.status(HttpCodes.InternalServerError).json({ error: 'Unexpected error from server.' });\n\t}\n\n\tprivate success(response: Route.Response) {\n\t\t// Sending an empty cookie with \"expires\" set to 1970-01-01 makes the browser instantly remove the cookie.\n\t\tresponse.cookies.remove(this.container.server.auth!.cookie);\n\t\treturn response.json({ success: true });\n\t}\n\n\tprivate async revoke(token: string) {\n\t\tconst auth = this.container.server.auth!;\n\n\t\t// RFC 7009 2.1.\n\t\t// The following parameters must be formatted as \"application/x-www-form-urlencoded\" in the HTTP request-body:\n\t\t//\n\t\t// - token: The token the client wants to be revoked.\n\t\t// - token_type_hint: [Optional]: `access_token` (RFC 6749 1.4), `refresh_token` (RFC 6749 1.5)\n\t\t//\n\t\t// The client also includes its authentication credentials, as described in RFC 6749 2.3.\n\t\t//\n\t\t// RFC 6749 2.3.1.\n\t\t// The authorization server MAY include the client credentials in the request - body using the following parameters:\n\t\t//\n\t\t// - client_id: The client identifier issued to the client during the registration process (RFC 6749 2.2)\n\t\t// - client_secret: The client secret.\n\t\t//\n\t\t// RFC 7009 2.2.\n\t\t// The content of the response body is ignored by the client as all necessary information is conveyed in the response code.\n\t\tconst result = await fetch(OAuth2Routes.tokenRevocationURL, {\n\t\t\tmethod: 'POST',\n\t\t\tbody: stringify({\n\t\t\t\ttoken,\n\t\t\t\t/* eslint-disable @typescript-eslint/naming-convention */\n\t\t\t\tclient_id: auth.id,\n\t\t\t\tclient_secret: auth.secret\n\t\t\t\t/* eslint-enable @typescript-eslint/naming-convention */\n\t\t\t}),\n\t\t\theaders: {\n\t\t\t\t'content-type': 'application/x-www-form-urlencoded'\n\t\t\t}\n\t\t});\n\n\t\treturn result;\n\t}\n\n\tprivate processRetryAfter(retryAfter: string | null) {\n\t\t// Discord sends Retry-After in seconds, never an HTTP-date, therefore, we will assume this behaviour.\n\t\t// Either way, if it's not present, we will retry in 5 seconds.\n\t\treturn retryAfter === null ? 5000 : Number(retryAfter) * 1000;\n\t}\n}\n"]}