Revamped verification process

This commit revamps the process for verifying a Discord account. In addition, it migrates the codebase to [email protected].

Rather than storing information in encrypted and authenticated cookies, the IdentiBot web interface now stores a session ID cookie, which contains a base64url-encoded, pseudorandom 256-bit value. The session ID cookie points to relevant information in the MongoDB database that would formerly have been stored in cookies. The cookie expires after 12 hours, and the associated record remains in the database for 12.5 hours after creation, at which time it should be pruned using the MongoDB TTL feature. When verification is completed, the record is removed from the database and the cookie from the browser.

Furthermore, the async/promise handling during the verification flow has been improved in this commit.

lib/oauthConfigurations.js

@@ -0,0 +1,17 @@
+import * as openidClient from 'openid-client'
+import * as preferencesReader from '../lib/preferencesReader.js'
+
+const config = await preferencesReader.config()
+const secrets = await preferencesReader.secrets()
+
+export const petrock = await openidClient.discovery(
+  new URL('https://petrock.mit.edu'),
+  config.petrock.clientID,
+  secrets.oauthClientSecrets.petrock,
+  openidClient.ClientSecretBasic(secrets.oauthClientSecrets.petrock)
+)
+export const discord = await openidClient.discovery(
+  new URL('https://discord.com'),
+  config.discord.clientID,
+  secrets.oauthClientSecrets.discord
+)

package.json

@@ -26,7 +26,7 @@
     "hbs": "^4.2.0",
     "luxon": "^3.5.0",
     "mongodb": "^6.12.0",
-    "openid-client": "^5.7.0",
+    "openid-client": "^6.1.7",
     "utf-8-validate": "^6.0.5",
     "yaml": "^2.6.1"
   },