Updated Discord Authentication Module to allow optionally filtering based on Server Roles.

Updated Discord Authentication Module to allow optionally filtering based on Server Roles. Added custom authentication error message. Added Discord-Oauth2 to package. Discord-Oauth2 is used to fetch role data from the specified server.

.gitignore

@@ -47,3 +47,4 @@ test-results/
 
 # Localization Resources
 /server/locales/**/*.yml
+yarn.lock

package.json

@@ -70,6 +70,7 @@
     "dependency-graph": "0.11.0",
     "diff": "4.0.2",
     "diff2html": "3.1.14",
+    "discord-oauth2": "2.11.0",
     "dompurify": "2.4.3",
     "dotize": "0.3.0",
     "elasticsearch6": "npm:@elastic/elasticsearch@6",

server/helpers/error.js

@@ -73,6 +73,10 @@ module.exports = {
     message: 'You are not authorized to register. Your domain is not whitelisted.',
     code: 1011
   }),
+  AuthDiscordRoleUnauthorized: CustomError('AuthDiscordRoleUnauthorized', {
+    message: 'You are not authorized to register. You lack the necessary Server Roles.',
+    code: 1012
+  }),
   AuthRequired: CustomError('AuthRequired', {
     message: 'You must be authenticated to access this resource.',
     code: 1019

server/modules/authentication/discord/authentication.js

@@ -6,6 +6,18 @@
 
 const DiscordStrategy = require('passport-discord').Strategy
 const _ = require('lodash')
+const DiscordOauth2 = require('discord-oauth2')
+
+// Checks for the existence of all of the configured role IDs in the member's guild IDs.
+function hasRoles(memberRoles, authRoles) {
+  if (memberRoles.every(value => {
+    return authRoles.includes(value)
+  })) {
+    return true
+  } else {
+    return false
+  }
+};
 
 module.exports = {
   init (passport, conf) {
@@ -19,9 +31,16 @@ module.exports = {
         passReqToCallback: true
       }, async (req, accessToken, refreshToken, profile, cb) => {
         try {
-          if (conf.guildId && !_.some(profile.guilds, { id: conf.guildId })) {
+          if (conf.roles) {
+            const discord = new DiscordOauth2()
+            const memberRoles = await discord.getGuildMember(accessToken, conf.guildId)
+            if (!hasRoles(memberRoles.roles, conf.roles)) {
               throw new WIKI.Error.AuthLoginFailed()
             }
+          } else if (conf.guildId && !_.some(profile.guilds, { id: conf.guildId })) {
+            throw new WIKI.Error.AuthLoginFailed()
+          }
+
           const user = await WIKI.models.users.processProfile({
             providerKey: req.params.strategy,
             profile: {

server/modules/authentication/discord/definition.yml

@@ -23,3 +23,8 @@ props:
     title: Server ID
     hint: Optional - Your unique server identifier, such that only members are authorized
     order: 3
+  roles:
+    type: String
+    title: Required Roles
+    hint: Optional - Comma-separated list of server role IDs that are required for access (you must hae a Server ID configured to use this.)
+    order: 4

yarn.lock

@@ -8490,6 +8490,11 @@ dir-glob@^3.0.1:
   dependencies:
     path-type "^4.0.0"
 
+discord-oauth2@2.11.0:
+  version "2.11.0"
+  resolved "https://registry.yarnpkg.com/discord-oauth2/-/discord-oauth2-2.11.0.tgz#799acc6777a216f8fbbf72d5ea29086eb4303f85"
+  integrity sha512-pIbgXm498f7vqNd8/7JwoLd36YMFOFASSJdqyCGdwQpaG7ULHu9nLyifpVXI1b88xvNLqQwqugS8jxkn8Ypd1Q==
+
 doctrine@1.5.0:
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-1.5.0.tgz#379dce730f6166f76cefa4e6707a159b02c5a6fa"