PluralKit/PluralKit.Bot/Commands/Api.cs

using System.Text.RegularExpressions;

using Myriad.Extensions;
using Myriad.Rest.Exceptions;
using Myriad.Rest.Types.Requests;
using Myriad.Types;

using PluralKit.Core;

namespace PluralKit.Bot;

public class Api
{
    private static readonly Regex _webhookRegex =
        new("https://(?:\\w+.)?discord(?:app)?.com/api(?:/v.*)?/webhooks/(.*)");

    private readonly BotConfig _botConfig;
    private readonly DispatchService _dispatch;
    private readonly PrivateChannelService _dmCache;

    public Api(BotConfig botConfig, DispatchService dispatch, PrivateChannelService dmCache)
    {
        _botConfig = botConfig;
        _dispatch = dispatch;
        _dmCache = dmCache;
    }

    public async Task GetToken(Context ctx)
    {
        ctx.CheckSystem();

        // Get or make a token
        var token = ctx.System.Token ?? await MakeAndSetNewToken(ctx, ctx.System);

        try
        {
            // DM the user a security disclaimer, and then the token in a separate message (for easy copying on mobile)
            var dm = await _dmCache.GetOrCreateDmChannel(ctx.Author.Id);
            await ctx.Rest.CreateMessage(dm,
                new MessageRequest
                {
                    Content = $"{Emojis.Warn} Please note that this grants access to modify (and delete!) all your system data, so keep it safe and secure."
                            + $" If it leaks or you need a new one, you can invalidate this one with `pk;token refresh`.\n\nYour token is below:"
                });
            await ctx.Rest.CreateMessage(dm, new MessageRequest { Content = token });

            if (_botConfig.IsBetaBot)
                await ctx.Rest.CreateMessage(dm, new MessageRequest
                {
                    Content = $"{Emojis.Note} The beta bot's API base URL is currently <{_botConfig.BetaBotAPIUrl}>."
                                                                                    + " You need to use this URL instead of the base URL listed on the documentation website."
                });

            // If we're not already in a DM, reply with a reminder to check
            if (ctx.Channel.Type != Channel.ChannelType.Dm)
                await ctx.Reply($"{Emojis.Success} Check your DMs!");
        }
        catch (ForbiddenException)
        {
            // Can't check for permission errors beforehand, so have to handle here :/
            if (ctx.Channel.Type != Channel.ChannelType.Dm)
                await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");
        }
    }

    private async Task<string> MakeAndSetNewToken(Context ctx, PKSystem system)
    {
        system = await ctx.Repository.UpdateSystem(system.Id, new SystemPatch { Token = StringUtils.GenerateToken() });
        return system.Token;
    }

    public async Task RefreshToken(Context ctx)
    {
        ctx.CheckSystem();

        if (ctx.System.Token == null)
        {
            // If we don't have a token, call the other method instead
            // This does pretty much the same thing, except words the messages more appropriately for that :)
            await GetToken(ctx);
            return;
        }

        try
        {
            // DM the user an invalidation disclaimer, and then the token in a separate message (for easy copying on mobile)
            var dm = await _dmCache.GetOrCreateDmChannel(ctx.Author.Id);
            await ctx.Rest.CreateMessage(dm,
                new MessageRequest
                {
                    Content = $"{Emojis.Warn} Your previous API token has been invalidated. You will need to change it anywhere it's currently used.\n\nYour token is below:"
                });

            // Make the new token after sending the first DM; this ensures if we can't DM, we also don't end up
            // breaking their existing token as a side effect :)
            var token = await MakeAndSetNewToken(ctx, ctx.System);
            await ctx.Rest.CreateMessage(dm, new MessageRequest { Content = token });

            if (_botConfig.IsBetaBot)
                await ctx.Rest.CreateMessage(dm, new MessageRequest
                {
                    Content = $"{Emojis.Note} The beta bot's API base URL is currently <{_botConfig.BetaBotAPIUrl}>."
                                                                                   + " You need to use this URL instead of the base URL listed on the documentation website."
                });

            // If we're not already in a DM, reply with a reminder to check
            if (ctx.Channel.Type != Channel.ChannelType.Dm)
                await ctx.Reply($"{Emojis.Success} Check your DMs!");
        }
        catch (ForbiddenException)
        {
            // Can't check for permission errors beforehand, so have to handle here :/
            if (ctx.Channel.Type != Channel.ChannelType.Dm)
                await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");
        }
    }

    public async Task SystemWebhook(Context ctx)
    {
        ctx.CheckSystem().CheckDMContext();

        if (!ctx.HasNext(false))
        {
            if (ctx.System.WebhookUrl == null)
                await ctx.Reply("Your system does not have a webhook URL set. Set one with `pk;system webhook <url>`!");
            else
                await ctx.Reply($"Your system's webhook URL is <{ctx.System.WebhookUrl}>.");
            return;
        }

        if (ctx.MatchClear() && await ctx.ConfirmClear("your system's webhook URL"))
        {
            await ctx.Repository.UpdateSystem(ctx.System.Id, new SystemPatch { WebhookUrl = null, WebhookToken = null });

            await ctx.Reply($"{Emojis.Success} System webhook URL removed.");
            return;
        }

        var newUrl = ctx.RemainderOrNull();
        if (!await DispatchExt.ValidateUri(newUrl))
            throw new PKError($"The URL {newUrl.AsCode()} is invalid or I cannot access it. Are you sure this is a valid, publicly accessible URL?");

        if (_webhookRegex.IsMatch(newUrl))
            throw new PKError("PluralKit does not currently support setting a Discord webhook URL as your system's webhook URL.");

        try
        {
            await _dispatch.DoPostRequest(ctx.System.Id, newUrl, null, true);
        }
        catch (Exception e)
        {
            throw new PKError($"Could not verify that the new URL is working: {e.Message}");
        }

        var newToken = StringUtils.GenerateToken();

        await ctx.Repository.UpdateSystem(ctx.System.Id, new SystemPatch { WebhookUrl = newUrl, WebhookToken = newToken });

        await ctx.Reply($"{Emojis.Success} Successfully the new webhook URL for your system."
                        + $"\n\n{Emojis.Warn} The following token is used to authenticate requests from PluralKit to you."
                        + " If it leaks, you should clear and re-set the webhook URL to get a new token."
                        + "\ntodo: add link to docs or something"
        );

        await ctx.Reply(newToken);
    }
}
fix(webhooks): don't allow Discord webhook URLs 2021-11-19 20:54:39 +00:00			`using System.Text.RegularExpressions;`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00
Add DM support 2020-12-25 12:19:35 +00:00			`using Myriad.Extensions;`
Port some more commands, mostly for embeds 2020-12-25 11:56:46 +00:00			`using Myriad.Rest.Exceptions;`
Add DM support 2020-12-25 12:19:35 +00:00			`using Myriad.Rest.Types.Requests;`
			`using Myriad.Types;`
Refactor command system 2019-10-05 05:41:00 +00:00
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00			`using PluralKit.Core;`
Add API token commands 2019-06-20 19:15:57 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`namespace PluralKit.Bot;`

			`public class Api`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`private static readonly Regex _webhookRegex =`
			`new("https://(?:\\w+.)?discord(?:app)?.com/api(?:/v.)?/webhooks/(.)");`

feat: beta bot patches 2021-11-27 16:09:08 +00:00			`private readonly BotConfig _botConfig;`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`private readonly DispatchService _dispatch;`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`private readonly PrivateChannelService _dmCache;`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`public Api(BotConfig botConfig, DispatchService dispatch, PrivateChannelService dmCache)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
feat: beta bot patches 2021-11-27 16:09:08 +00:00			`_botConfig = botConfig;`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`_dispatch = dispatch;`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`_dmCache = dmCache;`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`}`
Refactor command system 2019-10-05 05:41:00 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`public async Task GetToken(Context ctx)`
			`{`
			`ctx.CheckSystem();`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// Get or make a token`
refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`var token = ctx.System.Token ?? await MakeAndSetNewToken(ctx, ctx.System);`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`try`
			`{`
			`// DM the user a security disclaimer, and then the token in a separate message (for easy copying on mobile)`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`var dm = await _dmCache.GetOrCreateDmChannel(ctx.Author.Id);`
			`await ctx.Rest.CreateMessage(dm,`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`new MessageRequest`
Add DM support 2020-12-25 12:19:35 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`Content = $"{Emojis.Warn} Please note that this grants access to modify (and delete!) all your system data, so keep it safe and secure."`
			+ $" If it leaks or you need a new one, you can invalidate this one with `pk;token refresh`.\n\nYour token is below:"
Add DM support 2020-12-25 12:19:35 +00:00			`});`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`await ctx.Rest.CreateMessage(dm, new MessageRequest { Content = token });`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
feat: beta bot patches 2021-11-27 16:09:08 +00:00			`if (_botConfig.IsBetaBot)`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`await ctx.Rest.CreateMessage(dm, new MessageRequest`
feat: beta bot patches 2021-11-27 16:09:08 +00:00			`{`
			`Content = $"{Emojis.Note} The beta bot's API base URL is currently <{_botConfig.BetaBotAPIUrl}>."`
			`+ " You need to use this URL instead of the base URL listed on the documentation website."`
			`});`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// If we're not already in a DM, reply with a reminder to check`
			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
			`await ctx.Reply($"{Emojis.Success} Check your DMs!");`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`catch (ForbiddenException)`
			`{`
			`// Can't check for permission errors beforehand, so have to handle here :/`
			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
			`await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");`
			`}`
			`}`

refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`private async Task<string> MakeAndSetNewToken(Context ctx, PKSystem system)`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`{`
refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`system = await ctx.Repository.UpdateSystem(system.Id, new SystemPatch { Token = StringUtils.GenerateToken() });`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`return system.Token;`
			`}`

			`public async Task RefreshToken(Context ctx)`
			`{`
			`ctx.CheckSystem();`
Add API token commands 2019-06-20 19:15:57 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`if (ctx.System.Token == null)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// If we don't have a token, call the other method instead`
			`// This does pretty much the same thing, except words the messages more appropriately for that :)`
			`await GetToken(ctx);`
			`return;`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`try`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// DM the user an invalidation disclaimer, and then the token in a separate message (for easy copying on mobile)`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`var dm = await _dmCache.GetOrCreateDmChannel(ctx.Author.Id);`
			`await ctx.Rest.CreateMessage(dm,`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`new MessageRequest`
Add DM support 2020-12-25 12:19:35 +00:00			`{`
			`Content = $"{Emojis.Warn} Your previous API token has been invalidated. You will need to change it anywhere it's currently used.\n\nYour token is below:"`
			`});`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// Make the new token after sending the first DM; this ensures if we can't DM, we also don't end up`
			`// breaking their existing token as a side effect :)`
refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`var token = await MakeAndSetNewToken(ctx, ctx.System);`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`await ctx.Rest.CreateMessage(dm, new MessageRequest { Content = token });`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
feat: beta bot patches 2021-11-27 16:09:08 +00:00			`if (_botConfig.IsBetaBot)`
feat: cache Discord DM channels in database 2022-01-22 07:47:47 +00:00			`await ctx.Rest.CreateMessage(dm, new MessageRequest`
feat: beta bot patches 2021-11-27 16:09:08 +00:00			`{`
			`Content = $"{Emojis.Note} The beta bot's API base URL is currently <{_botConfig.BetaBotAPIUrl}>."`
			`+ " You need to use this URL instead of the base URL listed on the documentation website."`
			`});`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// If we're not already in a DM, reply with a reminder to check`
			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
			`await ctx.Reply($"{Emojis.Success} Check your DMs!");`
			`}`
			`catch (ForbiddenException)`
			`{`
			`// Can't check for permission errors beforehand, so have to handle here :/`
			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
			`await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");`
			`}`
			`}`

			`public async Task SystemWebhook(Context ctx)`
			`{`
			`ctx.CheckSystem().CheckDMContext();`

			`if (!ctx.HasNext(false))`
			`{`
			`if (ctx.System.WebhookUrl == null)`
			await ctx.Reply("Your system does not have a webhook URL set. Set one with `pk;system webhook <url>`!");
			`else`
			`await ctx.Reply($"Your system's webhook URL is <{ctx.System.WebhookUrl}>.");`
			`return;`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00
refactor(bot): separate MatchClear from ConfirmClear 2022-12-01 07:16:36 +00:00			`if (ctx.MatchClear() && await ctx.ConfirmClear("your system's webhook URL"))`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`{`
refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`await ctx.Repository.UpdateSystem(ctx.System.Id, new SystemPatch { WebhookUrl = null, WebhookToken = null });`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
			`await ctx.Reply($"{Emojis.Success} System webhook URL removed.");`
			`return;`
			`}`

			`var newUrl = ctx.RemainderOrNull();`
			`if (!await DispatchExt.ValidateUri(newUrl))`
			`throw new PKError($"The URL {newUrl.AsCode()} is invalid or I cannot access it. Are you sure this is a valid, publicly accessible URL?");`

			`if (_webhookRegex.IsMatch(newUrl))`
			`throw new PKError("PluralKit does not currently support setting a Discord webhook URL as your system's webhook URL.");`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`try`
			`{`
			`await _dispatch.DoPostRequest(ctx.System.Id, newUrl, null, true);`
			`}`
			`catch (Exception e)`
			`{`
			`throw new PKError($"Could not verify that the new URL is working: {e.Message}");`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`}`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
			`var newToken = StringUtils.GenerateToken();`

refactor: don't DI IDatabase and ModelRepository into bot command classes 2022-01-22 08:05:01 +00:00			`await ctx.Repository.UpdateSystem(ctx.System.Id, new SystemPatch { WebhookUrl = newUrl, WebhookToken = newToken });`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
			`await ctx.Reply($"{Emojis.Success} Successfully the new webhook URL for your system."`
			`+ $"\n\n{Emojis.Warn} The following token is used to authenticate requests from PluralKit to you."`
			`+ " If it leaks, you should clear and re-set the webhook URL to get a new token."`
			`+ "\ntodo: add link to docs or something"`
			`);`

			`await ctx.Reply(newToken);`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
			`}`