-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #226 from DecentralCardGame/goat_discord
Goat discord
- Loading branch information
Showing
8 changed files
with
1,071 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,3 +8,4 @@ release/ | |
.DS_Store | ||
/build | ||
/cs | ||
/goat/node_modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
|
||
server { | ||
listen 443 http2; | ||
listen [::]:443 http2; | ||
server_name cardchain.crowdcontrol.network; | ||
#ssl_certificate /etc/letsencrypt/live/cardchain.crowdcontrol.network/fullchain.pem; | ||
#ssl_certificate_key /etc/letsencrypt/live/cardchain.crowdcontrol.network/privkey.pem; | ||
|
||
# Improve HTTPS performance with session resumption | ||
ssl_session_cache shared:SSL:10m; | ||
ssl_session_timeout 10m; | ||
|
||
# Enable server-side protection against BEAST attacks | ||
ssl_protocols TLSv1.2; | ||
ssl_prefer_server_ciphers on; | ||
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"; | ||
|
||
# RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096 | ||
ssl_dhparam /etc/nginx/ssl/dhparam-4096.pem; | ||
ssl_ecdh_curve secp521r1:secp384r1; | ||
|
||
# Aditional Security Headers | ||
# ref: https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security | ||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | ||
|
||
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
add_header X-Frame-Options DENY always; | ||
|
||
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | ||
add_header X-Content-Type-Options nosniff always; | ||
|
||
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection | ||
add_header X-Xss-Protection "1; mode=block" always; | ||
|
||
# Enable OCSP stapling | ||
# ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox | ||
ssl_stapling on; | ||
ssl_stapling_verify on; | ||
ssl_trusted_certificate /etc/letsencrypt/live/cardchain.crowdcontrol.network/fullchain.pem; | ||
#resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare | ||
resolver 127.0.0.11; | ||
resolver_timeout 5s; | ||
|
||
location ~ ^/cosmos(/.*)?$ { | ||
# Not sending ACAO header because it is already being added by the upstream | ||
#add_header 'Access-Control-Allow-Origin' '*' always; | ||
add_header 'Access-Control-Allow-Credentials' 'true' always; | ||
add_header 'Access-Control-Allow-Headers' '*' always; | ||
add_header 'Access-Control-Allow-Methods' '*' always; | ||
add_header 'Access-Control-Max-Age' 1728000 always; | ||
|
||
if ($request_method = 'OPTIONS') { | ||
return 200; | ||
} | ||
|
||
proxy_redirect off; | ||
proxy_set_header host $host; | ||
proxy_set_header X-real-ip $remote_addr; | ||
proxy_set_header X-forward-for $proxy_add_x_forwarded_for; | ||
proxy_pass http://blockchain:1317$1$is_args$args; | ||
} | ||
|
||
location ~ ^/grpc(/.*)?$ { | ||
grpc_pass grpcs://blockchain:9090$1$is_args$args; | ||
} | ||
|
||
location ~ ^/grpc2(/.*)?$ { | ||
grpc_pass grpcs://blockchain:9091$1$is_args$args; | ||
} | ||
|
||
location ~ ^/tendermint(/.*)?$ { | ||
# Not sending ACAO header because it is already being added by the upstream | ||
#add_header 'Access-Control-Allow-Origin' '*' always; | ||
add_header 'Access-Control-Allow-Credentials' 'true' always; | ||
add_header 'Access-Control-Allow-Headers' '*' always; | ||
add_header 'Access-Control-Allow-Methods' '*' always; | ||
add_header 'Access-Control-Max-Age' 1728000 always; | ||
|
||
if ($request_method = 'OPTIONS') { | ||
return 200; | ||
} | ||
|
||
proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection "upgrade"; | ||
proxy_redirect off; | ||
proxy_set_header host $host; | ||
proxy_set_header X-real-ip $remote_addr; | ||
proxy_set_header X-forward-for $proxy_add_x_forwarded_for; | ||
proxy_set_header X-forwarded-proto $scheme; | ||
proxy_intercept_errors on; | ||
proxy_pass http://blockchain:26657$1$is_args$args; | ||
} | ||
|
||
location ~ ^/faucet(/.*)?$ { | ||
# Not sending ACAO header because it is already being added by the upstream | ||
#add_header 'Access-Control-Allow-Origin' '*' always; | ||
add_header 'Access-Control-Allow-Credentials' 'true' always; | ||
add_header 'Access-Control-Allow-Methods' '*' always; | ||
add_header 'Access-Control-Allow-Headers' '*' always; | ||
add_header 'Access-Control-Max-Age' 1728000 always; | ||
|
||
if ($request_method = 'OPTIONS') { | ||
return 200; | ||
} | ||
|
||
proxy_redirect off; | ||
proxy_set_header host $host; | ||
proxy_set_header X-real-ip $remote_addr; | ||
proxy_set_header X-forward-for $proxy_add_x_forwarded_for; | ||
proxy_pass http://blockchain:4500$1$is_args$args; | ||
} | ||
|
||
location /files/ { | ||
add_header 'Access-Control-Allow-Origin' '*' always; | ||
add_header 'Access-Control-Allow-Credentials' 'true' always; | ||
add_header 'Access-Control-Allow-Methods' '*' always; | ||
add_header 'Access-Control-Allow-Headers' '*' always; | ||
add_header 'Access-Control-Max-Age' 1728000 always; | ||
|
||
root /; | ||
} | ||
|
||
location /goat/ { | ||
add_header 'Access-Control-Allow-Origin' '*' always; | ||
add_header 'Access-Control-Allow-Credentials' 'true' always; | ||
add_header 'Access-Control-Allow-Methods' '*' always; | ||
add_header 'Access-Control-Allow-Headers' '*' always; | ||
add_header 'Access-Control-Max-Age' 1728000 always; | ||
|
||
proxy_redirect off; | ||
proxy_set_header host $host; | ||
proxy_set_header X-real-ip $remote_addr; | ||
proxy_set_header X-forward-for $proxy_add_x_forwarded_for; | ||
proxy_pass http://goat:31337; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Use the official Node.js image as the base image | ||
FROM node:16.14.0-alpine | ||
|
||
# Set the working directory | ||
WORKDIR /usr/src/app | ||
|
||
# Copy package.json and package-lock.json | ||
COPY package*.json ./ | ||
|
||
# Install dependencies | ||
RUN npm install | ||
|
||
# Copy the application files | ||
COPY . . | ||
|
||
# Expose the port | ||
EXPOSE 31337 | ||
|
||
# Start the application | ||
CMD [ "node", "app.js" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
const express = require('express'); | ||
const axios = require('axios'); | ||
const querystring = require('node:querystring'); | ||
|
||
const app = express(); | ||
const PORT = process.env.PORT || 31337; | ||
|
||
//let codeValue = 'oHISzAR5RdTef7jVntWuA48Gf044Vr' | ||
|
||
const fetchUser = code => { | ||
let query = querystring.stringify({ | ||
'client_id': '1242405621815316502', | ||
'client_secret': 'SdY9h2ilQb42AKV3dL8pscd9vcvUc0Bo', | ||
'grant_type': 'authorization_code', | ||
'code': code, | ||
'redirect_uri': 'https://crowdcontrol.network/#/discord', | ||
'scope': 'identify' | ||
}) | ||
let headers = { | ||
'Content-Type': 'application/x-www-form-urlencoded' | ||
} | ||
|
||
return axios.post('https://discordapp.com/api/oauth2/token', query, headers) | ||
.then(token => { | ||
return axios.get(`https://discordapp.com/api/users/@me`, { | ||
headers: { | ||
"Authorization": "Bearer " + token.data.access_token, | ||
} | ||
}) | ||
}) | ||
|
||
} | ||
|
||
app.get('/', (req, res) => { | ||
if (!req.query.code) { | ||
throw new Error('No code provided - you must provide a token code from Discord') | ||
} | ||
|
||
console.log("code", req.query.code) | ||
|
||
return fetchUser(req.query.code) | ||
.then(user => { | ||
console.log("response", user.data) | ||
console.log("status", user.status, user.statusText); | ||
res.send(user.data); | ||
}) | ||
.catch(err => { | ||
console.error(err.response) | ||
res.status(500).send(err.message) | ||
}) | ||
|
||
}); | ||
|
||
app.listen(PORT, () => { | ||
console.log(`Server running on port ${PORT}`); | ||
}); | ||
|
||
|
||
|
||
|
||
|
Oops, something went wrong.