From 261bb1b8c8ef9bb80f1debd6cbdf94da1c505d94 Mon Sep 17 00:00:00 2001 From: Cadence Ember Date: Fri, 5 Dec 2025 17:13:56 +1300 Subject: [PATCH] Future-proof permissions --- addbot.js | 11 ++++++++++- src/m2d/event-dispatcher.js | 2 +- src/web/routes/oauth.js | 4 ++-- test/addbot.test.js | 2 +- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/addbot.js b/addbot.js index ef1cc63..f0e850c 100755 --- a/addbot.js +++ b/addbot.js @@ -1,12 +1,20 @@ #!/usr/bin/env node // @ts-check +const DiscordTypes = require("discord-api-types/v10") + const {reg} = require("./src/matrix/read-registration") const token = reg.ooye.discord_token const id = Buffer.from(token.split(".")[0], "base64").toString() +const permissions = +( DiscordTypes.PermissionFlagsBits.ManageWebhooks +| DiscordTypes.PermissionFlagsBits.ManageGuildExpressions +| DiscordTypes.PermissionFlagsBits.ManageMessages +| DiscordTypes.PermissionFlagsBits.PinMessages +| DiscordTypes.PermissionFlagsBits.UseExternalEmojis) function addbot() { - return `Open this link to add the bot to a Discord server:\nhttps://discord.com/oauth2/authorize?client_id=${id}&scope=bot&permissions=1610883072 ` + return `Open this link to add the bot to a Discord server:\nhttps://discord.com/oauth2/authorize?client_id=${id}&scope=bot&permissions=${permissions} ` } /* c8 ignore next 3 */ @@ -16,3 +24,4 @@ if (process.argv.find(a => a.endsWith("addbot") || a.endsWith("addbot.js"))) { module.exports.id = id module.exports.addbot = addbot +module.exports.permissions = permissions diff --git a/src/m2d/event-dispatcher.js b/src/m2d/event-dispatcher.js index 985036e..9fe6ed5 100644 --- a/src/m2d/event-dispatcher.js +++ b/src/m2d/event-dispatcher.js @@ -161,7 +161,7 @@ const errorRetrySema = new Semaphore() */ async function onRetryReactionAdd(reactionEvent) { const roomID = reactionEvent.room_id - errorRetrySema.request(async () => { + await errorRetrySema.request(async () => { const event = await api.getEvent(roomID, reactionEvent.content["m.relates_to"]?.event_id) // Check that it's a real error from OOYE diff --git a/src/web/routes/oauth.js b/src/web/routes/oauth.js index 80765d6..fe35230 100644 --- a/src/web/routes/oauth.js +++ b/src/web/routes/oauth.js @@ -8,7 +8,7 @@ const DiscordTypes = require("discord-api-types/v10") const getRelativePath = require("get-relative-path") const {discord, as, db, sync} = require("../../passthrough") -const {id} = require("../../../addbot") +const {id, permissions} = require("../../../addbot") /** @type {import("../auth")} */ const auth = sync.require("../auth") const {reg} = require("../../matrix/read-registration") @@ -51,7 +51,7 @@ as.router.get("/oauth", defineEventHandler(async event => { async function tryAgain() { const newState = randomUUID() await session.update({state: newState}) - return sendRedirect(event, `https://discord.com/oauth2/authorize?client_id=${id}&scope=${scope}&permissions=1610883072&response_type=code&redirect_uri=${redirect_uri}&state=${newState}`) + return sendRedirect(event, `https://discord.com/oauth2/authorize?client_id=${id}&scope=${scope}&permissions=${permissions}&response_type=code&redirect_uri=${redirect_uri}&state=${newState}`) } const parsedQuery = await getValidatedQuery(event, schema.code.safeParse) diff --git a/test/addbot.test.js b/test/addbot.test.js index 17c6dda..4130051 100644 --- a/test/addbot.test.js +++ b/test/addbot.test.js @@ -4,5 +4,5 @@ const {addbot} = require("../addbot") const {test} = require("supertape") test("addbot: returns message and invite link", t => { - t.equal(addbot(), `Open this link to add the bot to a Discord server:\nhttps://discord.com/oauth2/authorize?client_id=684280192553844747&scope=bot&permissions=1610883072 `) + t.equal(addbot(), `Open this link to add the bot to a Discord server:\nhttps://discord.com/oauth2/authorize?client_id=684280192553844747&scope=bot&permissions=2251801424568320 `) })