PluralKit/PluralKit.Bot/Commands/Api.cs

using System;
using System.Text.RegularExpressions;
using System.Threading.Tasks;

using Myriad.Extensions;
using Myriad.Rest.Exceptions;
using Myriad.Rest.Types.Requests;
using Myriad.Types;

using PluralKit.Core;

namespace PluralKit.Bot
{
    public class Api
    {
        private readonly ModelRepository _repo;
        private readonly DispatchService _dispatch;
        private static readonly Regex _webhookRegex = new("https://(?:\\w+.)?discord(?:app)?.com/api(?:/v.*)?/webhooks/(.*)");
        public Api(ModelRepository repo, DispatchService dispatch)
        {
            _repo = repo;
            _dispatch = dispatch;
        }

        public async Task GetToken(Context ctx)
        {
            ctx.CheckSystem();

            // Get or make a token
            var token = ctx.System.Token ?? await MakeAndSetNewToken(ctx.System);

            try
            {
                // DM the user a security disclaimer, and then the token in a separate message (for easy copying on mobile)
                var dm = await ctx.Cache.GetOrCreateDmChannel(ctx.Rest, ctx.Author.Id);
                await ctx.Rest.CreateMessage(dm.Id, new MessageRequest
                {
                    Content = $"{Emojis.Warn} Please note that this grants access to modify (and delete!) all your system data, so keep it safe and secure. If it leaks or you need a new one, you can invalidate this one with `pk;token refresh`.\n\nYour token is below:"
                });
                await ctx.Rest.CreateMessage(dm.Id, new MessageRequest { Content = token });

                // If we're not already in a DM, reply with a reminder to check
                if (ctx.Channel.Type != Channel.ChannelType.Dm)
                    await ctx.Reply($"{Emojis.Success} Check your DMs!");
            }
            catch (ForbiddenException)
            {
                // Can't check for permission errors beforehand, so have to handle here :/
                if (ctx.Channel.Type != Channel.ChannelType.Dm)
                    await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");
            }
        }

        private async Task<string> MakeAndSetNewToken(PKSystem system)
        {
            system = await _repo.UpdateSystem(system.Id, new() { Token = StringUtils.GenerateToken() });
            return system.Token;
        }

        public async Task RefreshToken(Context ctx)
        {
            ctx.CheckSystem();

            if (ctx.System.Token == null)
            {
                // If we don't have a token, call the other method instead
                // This does pretty much the same thing, except words the messages more appropriately for that :)
                await GetToken(ctx);
                return;
            }

            try
            {
                // DM the user an invalidation disclaimer, and then the token in a separate message (for easy copying on mobile)
                var dm = await ctx.Cache.GetOrCreateDmChannel(ctx.Rest, ctx.Author.Id);
                await ctx.Rest.CreateMessage(dm.Id, new MessageRequest
                {
                    Content = $"{Emojis.Warn} Your previous API token has been invalidated. You will need to change it anywhere it's currently used.\n\nYour token is below:"
                });

                // Make the new token after sending the first DM; this ensures if we can't DM, we also don't end up
                // breaking their existing token as a side effect :)
                var token = await MakeAndSetNewToken(ctx.System);
                await ctx.Rest.CreateMessage(dm.Id, new MessageRequest { Content = token });

                // If we're not already in a DM, reply with a reminder to check
                if (ctx.Channel.Type != Channel.ChannelType.Dm)
                    await ctx.Reply($"{Emojis.Success} Check your DMs!");
            }
            catch (ForbiddenException)
            {
                // Can't check for permission errors beforehand, so have to handle here :/
                if (ctx.Channel.Type != Channel.ChannelType.Dm)
                    await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");
            }
        }

        public async Task SystemWebhook(Context ctx)
        {
            ctx.CheckSystem().CheckDMContext();

            if (!ctx.HasNext(false))
            {
                if (ctx.System.WebhookUrl == null)
                    await ctx.Reply("Your system does not have a webhook URL set. Set one with `pk;system webhook <url>`!");
                else
                    await ctx.Reply($"Your system's webhook URL is <{ctx.System.WebhookUrl}>.");
                return;
            }

            if (await ctx.MatchClear("your system's webhook URL"))
            {
                await _repo.UpdateSystem(ctx.System.Id, new()
                {
                    WebhookUrl = null,
                    WebhookToken = null,
                });

                await ctx.Reply($"{Emojis.Success} System webhook URL removed.");
                return;
            }

            var newUrl = ctx.RemainderOrNull();
            if (!await DispatchExt.ValidateUri(newUrl))
                throw new PKError($"The URL {newUrl.AsCode()} is invalid or I cannot access it. Are you sure this is a valid, publicly accessible URL?");

            if (_webhookRegex.IsMatch(newUrl))
                throw new PKError("PluralKit does not currently support setting a Discord webhook URL as your system's webhook URL.");

            try
            {
                await _dispatch.DoPostRequest(ctx.System.Id, newUrl, null, true);
            }
            catch (Exception e)
            {
                throw new PKError($"Could not verify that the new URL is working: {e.Message}");
            }

            var newToken = StringUtils.GenerateToken();

            await _repo.UpdateSystem(ctx.System.Id, new()
            {
                WebhookUrl = newUrl,
                WebhookToken = newToken,
            });

            await ctx.Reply($"{Emojis.Success} Successfully the new webhook URL for your system."
                + $"\n\n{Emojis.Warn} The following token is used to authenticate requests from PluralKit to you."
                + " If it leaks, you should clear and re-set the webhook URL to get a new token."
                + "\ntodo: add link to docs or something"
            );

            await ctx.Reply(newToken);
        }
    }
}
feat(webhooks): verify that url is accessible before saving it 2021-11-25 21:45:00 +00:00			`using System;`
fix(webhooks): don't allow Discord webhook URLs 2021-11-19 20:54:39 +00:00			`using System.Text.RegularExpressions;`
Add API token commands 2019-06-20 19:15:57 +00:00			`using System.Threading.Tasks;`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00
Add DM support 2020-12-25 12:19:35 +00:00			`using Myriad.Extensions;`
Port some more commands, mostly for embeds 2020-12-25 11:56:46 +00:00			`using Myriad.Rest.Exceptions;`
Add DM support 2020-12-25 12:19:35 +00:00			`using Myriad.Rest.Types.Requests;`
			`using Myriad.Types;`
Refactor command system 2019-10-05 05:41:00 +00:00
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00			`using PluralKit.Core;`
Add API token commands 2019-06-20 19:15:57 +00:00
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00			`namespace PluralKit.Bot`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
feat: rename Commands/Token to Commands/Api 2021-11-03 05:36:03 +00:00			`public class Api`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
Major database refactor (again) 2020-08-29 11:46:27 +00:00			`private readonly ModelRepository _repo;`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`private readonly DispatchService _dispatch;`
fix(webhook): don't try escaping backslashes in a raw string 2021-11-22 22:05:13 +00:00			`private static readonly Regex _webhookRegex = new("https://(?:\\w+.)?discord(?:app)?.com/api(?:/v.)?/webhooks/(.)");`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`public Api(ModelRepository repo, DispatchService dispatch)`
Refactor command system 2019-10-05 05:41:00 +00:00			`{`
Major database refactor (again) 2020-08-29 11:46:27 +00:00			`_repo = repo;`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`_dispatch = dispatch;`
Refactor command system 2019-10-05 05:41:00 +00:00			`}`

			`public async Task GetToken(Context ctx)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
Refactor command system 2019-10-05 05:41:00 +00:00			`ctx.CheckSystem();`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00
Add API token commands 2019-06-20 19:15:57 +00:00			`// Get or make a token`
Refactor command system 2019-10-05 05:41:00 +00:00			`var token = ctx.System.Token ?? await MakeAndSetNewToken(ctx.System);`
run dotnet format 2021-08-27 15:03:47 +00:00
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`try`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`// DM the user a security disclaimer, and then the token in a separate message (for easy copying on mobile)`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`var dm = await ctx.Cache.GetOrCreateDmChannel(ctx.Rest, ctx.Author.Id);`
			`await ctx.Rest.CreateMessage(dm.Id, new MessageRequest`
Add DM support 2020-12-25 12:19:35 +00:00			`{`
			Content = $"{Emojis.Warn} Please note that this grants access to modify (and delete!) all your system data, so keep it safe and secure. If it leaks or you need a new one, you can invalidate this one with `pk;token refresh`.\n\nYour token is below:"
			`});`
run dotnet format 2021-08-27 15:03:47 +00:00			`await ctx.Rest.CreateMessage(dm.Id, new MessageRequest { Content = token });`
Add API token commands 2019-06-20 19:15:57 +00:00
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`// If we're not already in a DM, reply with a reminder to check`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
Add DM support 2020-12-25 12:19:35 +00:00			`await ctx.Reply($"{Emojis.Success} Check your DMs!");`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`}`
Fix error on DMing with no permission 2021-03-18 10:38:28 +00:00			`catch (ForbiddenException)`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`{`
			`// Can't check for permission errors beforehand, so have to handle here :/`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
Add DM support 2020-12-25 12:19:35 +00:00			`await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`}`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`

Refactor command system 2019-10-05 05:41:00 +00:00			`private async Task<string> MakeAndSetNewToken(PKSystem system)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`system = await _repo.UpdateSystem(system.Id, new() { Token = StringUtils.GenerateToken() });`
Refactor command system 2019-10-05 05:41:00 +00:00			`return system.Token;`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
Refactor command system 2019-10-05 05:41:00 +00:00			`public async Task RefreshToken(Context ctx)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
Refactor command system 2019-10-05 05:41:00 +00:00			`ctx.CheckSystem();`
run dotnet format 2021-08-27 15:03:47 +00:00
Refactor command system 2019-10-05 05:41:00 +00:00			`if (ctx.System.Token == null)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
			`// If we don't have a token, call the other method instead`
			`// This does pretty much the same thing, except words the messages more appropriately for that :)`
Refactor command system 2019-10-05 05:41:00 +00:00			`await GetToken(ctx);`
Add API token commands 2019-06-20 19:15:57 +00:00			`return;`
			`}`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00
run dotnet format 2021-08-27 15:03:47 +00:00			`try`
			`{`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`// DM the user an invalidation disclaimer, and then the token in a separate message (for easy copying on mobile)`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`var dm = await ctx.Cache.GetOrCreateDmChannel(ctx.Rest, ctx.Author.Id);`
			`await ctx.Rest.CreateMessage(dm.Id, new MessageRequest`
Add DM support 2020-12-25 12:19:35 +00:00			`{`
			`Content = $"{Emojis.Warn} Your previous API token has been invalidated. You will need to change it anywhere it's currently used.\n\nYour token is below:"`
			`});`
run dotnet format 2021-08-27 15:03:47 +00:00
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`// Make the new token after sending the first DM; this ensures if we can't DM, we also don't end up`
			`// breaking their existing token as a side effect :)`
			`var token = await MakeAndSetNewToken(ctx.System);`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`await ctx.Rest.CreateMessage(dm.Id, new MessageRequest { Content = token });`
run dotnet format 2021-08-27 15:03:47 +00:00
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`// If we're not already in a DM, reply with a reminder to check`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
Add DM support 2020-12-25 12:19:35 +00:00			`await ctx.Reply($"{Emojis.Success} Check your DMs!");`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`}`
Fix error on DMing with no permission 2021-03-18 10:38:28 +00:00			`catch (ForbiddenException)`
Add API token commands 2019-06-20 19:15:57 +00:00			`{`
Add DM permission "check" when sending system token 2020-08-25 22:17:05 +00:00			`// Can't check for permission errors beforehand, so have to handle here :/`
Do the Big Rename 2021-01-31 15:16:52 +00:00			`if (ctx.Channel.Type != Channel.ChannelType.Dm)`
Add DM support 2020-12-25 12:19:35 +00:00			`await ctx.Reply($"{Emojis.Error} Could not send token in DMs. Are your DMs closed?");`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
			`}`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00
			`public async Task SystemWebhook(Context ctx)`
			`{`
fix(webhooks): CheckSystem before trying to set a webhook URL 2021-11-19 20:53:48 +00:00			`ctx.CheckSystem().CheckDMContext();`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00
			`if (!ctx.HasNext(false))`
			`{`
			`if (ctx.System.WebhookUrl == null)`
			await ctx.Reply("Your system does not have a webhook URL set. Set one with `pk;system webhook <url>`!");
			`else`
			`await ctx.Reply($"Your system's webhook URL is <{ctx.System.WebhookUrl}>.");`
			`return;`
			`}`

			`if (await ctx.MatchClear("your system's webhook URL"))`
			`{`
			`await _repo.UpdateSystem(ctx.System.Id, new()`
			`{`
			`WebhookUrl = null,`
fix(webhooks): fix error when DNS entry has non-ipv4 addresses 2021-11-19 15:58:12 +00:00			`WebhookToken = null,`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`});`

			`await ctx.Reply($"{Emojis.Success} System webhook URL removed.");`
			`return;`
			`}`

			`var newUrl = ctx.RemainderOrNull();`
			`if (!await DispatchExt.ValidateUri(newUrl))`
fix(webhooks): fix error when DNS entry has non-ipv4 addresses 2021-11-19 15:58:12 +00:00			`throw new PKError($"The URL {newUrl.AsCode()} is invalid or I cannot access it. Are you sure this is a valid, publicly accessible URL?");`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00
fix(webhooks): don't allow Discord webhook URLs 2021-11-19 20:54:39 +00:00			`if (_webhookRegex.IsMatch(newUrl))`
			`throw new PKError("PluralKit does not currently support setting a Discord webhook URL as your system's webhook URL.");`

feat(webhooks): verify that url is accessible before saving it 2021-11-25 21:45:00 +00:00			`try`
			`{`
			`await _dispatch.DoPostRequest(ctx.System.Id, newUrl, null, true);`
			`}`
			`catch (Exception e)`
			`{`
			`throw new PKError($"Could not verify that the new URL is working: {e.Message}");`
			`}`

feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`var newToken = StringUtils.GenerateToken();`

			`await _repo.UpdateSystem(ctx.System.Id, new()`
			`{`
			`WebhookUrl = newUrl,`
fix(webhooks): fix error when DNS entry has non-ipv4 addresses 2021-11-19 15:58:12 +00:00			`WebhookToken = newToken,`
feat(webhooks): add basic commands 2021-11-03 06:01:35 +00:00			`});`

			`await ctx.Reply($"{Emojis.Success} Successfully the new webhook URL for your system."`
			`+ $"\n\n{Emojis.Warn} The following token is used to authenticate requests from PluralKit to you."`
			`+ " If it leaks, you should clear and re-set the webhook URL to get a new token."`
			`+ "\ntodo: add link to docs or something"`
			`);`

			`await ctx.Reply(newToken);`
			`}`
Add API token commands 2019-06-20 19:15:57 +00:00			`}`
			`}`