diff --git a/package.json b/package.json index c1480f2..428fbea 100644 --- a/package.json +++ b/package.json @@ -22,27 +22,26 @@ "dependencies": { "@types/cheerio": "^0.22.35", "cheerio": "1.0.0-rc.12", - "discord-api-types": "^0.37.83", + "discord-api-types": "^0.37.89", "discord-interactions": "^4.0.0", - "discord-verify": "^1.2.0", - "hono": "^4.2.8" + "hono": "^4.4.6" }, "devDependencies": { - "@cloudflare/workers-types": "^4.20240423.0", - "@types/chai": "^4.3.14", + "@cloudflare/workers-types": "^4.20240614.0", + "@types/chai": "^4.3.16", "@types/mocha": "^10.0.6", "@types/sinon": "^17.0.3", - "c8": "^10.0.0", - "chai": "^5.1.0", + "c8": "^10.1.2", + "chai": "^5.1.1", "dotenv": "^16.4.5", - "eslint": "^9.1.1", + "eslint": "^9.5.0", "eslint-config-prettier": "^9.1.0", "eslint-plugin-prettier": "^5.1.3", "mocha": "^10.4.0", - "pnpm": "^9.0.6", - "prettier": "^3.2.5", + "pnpm": "^9.4.0", + "prettier": "^3.3.2", "sinon": "^18.0.0", "typescript": "^5.4.5", - "wrangler": "^3.52.0" + "wrangler": "^3.60.3" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9a73e87..1c51d36 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -15,23 +15,20 @@ importers: specifier: 1.0.0-rc.12 version: 1.0.0-rc.12 discord-api-types: - specifier: ^0.37.83 + specifier: ^0.37.89 version: 0.37.89 discord-interactions: specifier: ^4.0.0 version: 4.0.0 - discord-verify: - specifier: ^1.2.0 - version: 1.2.0 hono: - specifier: ^4.2.8 + specifier: ^4.4.6 version: 4.4.6 devDependencies: '@cloudflare/workers-types': - specifier: ^4.20240423.0 + specifier: ^4.20240614.0 version: 4.20240614.0 '@types/chai': - specifier: ^4.3.14 + specifier: ^4.3.16 version: 4.3.16 '@types/mocha': specifier: ^10.0.6 @@ -40,16 +37,16 @@ importers: specifier: ^17.0.3 version: 17.0.3 c8: - specifier: ^10.0.0 + specifier: ^10.1.2 version: 10.1.2 chai: - specifier: ^5.1.0 + specifier: ^5.1.1 version: 5.1.1 dotenv: specifier: ^16.4.5 version: 16.4.5 eslint: - specifier: ^9.1.1 + specifier: ^9.5.0 version: 9.5.0 eslint-config-prettier: specifier: ^9.1.0 @@ -61,10 +58,10 @@ importers: specifier: ^10.4.0 version: 10.4.0 pnpm: - specifier: ^9.0.6 + specifier: ^9.4.0 version: 9.4.0 prettier: - specifier: ^3.2.5 + specifier: ^3.3.2 version: 3.3.2 sinon: specifier: ^18.0.0 @@ -73,7 +70,7 @@ importers: specifier: ^5.4.5 version: 5.4.5 wrangler: - specifier: ^3.52.0 + specifier: ^3.60.3 version: 3.60.3(@cloudflare/workers-types@4.20240614.0) packages: @@ -358,56 +355,23 @@ packages: '@sinonjs/text-encoding@0.7.2': resolution: {integrity: sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ==} - '@types/body-parser@1.19.5': - resolution: {integrity: sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==} - '@types/chai@4.3.16': resolution: {integrity: sha512-PatH4iOdyh3MyWtmHVFXLWCCIhUbopaltqddG9BzB+gMIzee2MJrvd+jouii9Z3wzQJruGWAm7WOMjgfG8hQlQ==} '@types/cheerio@0.22.35': resolution: {integrity: sha512-yD57BchKRvTV+JD53UZ6PD8KWY5g5rvvMLRnZR3EQBCZXiDT/HR+pKpMzFGlWNhFrXlo7VPZXtKvIEwZkAWOIA==} - '@types/connect@3.4.38': - resolution: {integrity: sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==} - - '@types/express-serve-static-core@4.19.0': - resolution: {integrity: sha512-bGyep3JqPCRry1wq+O5n7oiBgGWmeIJXPjXXCo8EK0u8duZGSYar7cGqd3ML2JUsLGeB7fmc06KYo9fLGWqPvQ==} - - '@types/express@4.17.21': - resolution: {integrity: sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==} - - '@types/http-errors@2.0.4': - resolution: {integrity: sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==} - '@types/istanbul-lib-coverage@2.0.6': resolution: {integrity: sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==} - '@types/mime@1.3.5': - resolution: {integrity: sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==} - '@types/mocha@10.0.6': resolution: {integrity: sha512-dJvrYWxP/UcXm36Qn36fxhUKu8A/xMRXVT2cliFF1Z7UA9liG5Psj3ezNSZw+5puH2czDXRLcXQxf8JbJt0ejg==} '@types/node-forge@1.3.11': resolution: {integrity: sha512-FQx220y22OKNTqaByeBGqHWYz4cl94tpcxeFdvBo3wjG6XPBuZ0BNgNZRV5J5TFmmcsJ4IzsLkmGRiQbnYsBEQ==} - '@types/node@20.12.7': - resolution: {integrity: sha512-wq0cICSkRLVaf3UGLMGItu/PtdY7oaXaI/RVU+xliKVOtRna3PRY57ZDfztpDL0n11vfymMUnXv8QwYCO7L1wg==} - - '@types/node@20.14.2': - resolution: {integrity: sha512-xyu6WAMVwv6AKFLB+e/7ySZVr/0zLCzOa7rSpq6jNwpqOrUbcACDWC+53d4n2QHOnDou0fbIsg8wZu/sxrnI4Q==} - - '@types/qs@6.9.15': - resolution: {integrity: sha512-uXHQKES6DQKKCLh441Xv/dwxOq1TVS3JPUMlEqoEglvlhR6Mxnlew/Xq/LRVHpLyk7iK3zODe1qYHIMltO7XGg==} - - '@types/range-parser@1.2.7': - resolution: {integrity: sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==} - - '@types/send@0.17.4': - resolution: {integrity: sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==} - - '@types/serve-static@1.15.7': - resolution: {integrity: sha512-W8Ym+h8nhuRwaKPaDw34QUkwsGi6Rc4yYqvKFo5rm2FUEhCFbzVWrxXUxuKK8TASjWsysJY0nsmNCGhCOIsrOw==} + '@types/node@20.14.5': + resolution: {integrity: sha512-aoRR+fJkZT2l0aGOJhuA8frnCSoNX6W7U2mpNq63+BxBIj5BQFt8rHy627kijCmm63ijdSdwvGgpUsU6MBsZZA==} '@types/sinon@17.0.3': resolution: {integrity: sha512-j3uovdn8ewky9kRBG19bOwaZbexJu/XjtkHyjvUgt4xfPFz18dcORIMqnYh66Fx3Powhcr85NT5+er3+oViapw==} @@ -604,8 +568,8 @@ packages: resolution: {integrity: sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==} engines: {node: '>=10'} - deep-eql@5.0.1: - resolution: {integrity: sha512-nwQCf6ne2gez3o1MxWifqkciwt0zhl0LO1/UwVu4uMBuPmflWM4oQ70XMqHqnBJA+nhzncaqL9HVL6KkHJ28lw==} + deep-eql@5.0.2: + resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==} engines: {node: '>=6'} deep-is@0.1.4: @@ -629,10 +593,6 @@ packages: resolution: {integrity: sha512-27HSJ379W9E4T6Or+efQRGnekJ6g8kYokSFtK5HKc/3ObC+83O+vxdg2trStD/2XPIHVPMNVIoZAeK9s/EL8Yg==} engines: {node: '>=18.4.0'} - discord-verify@1.2.0: - resolution: {integrity: sha512-8qlrMROW8DhpzWWzgNq9kpeLDxKanWa4EDVoj/ASVv2nr+dSr4JPmu2tFSydf3hAGI/OIJTnZyD0JulMYIxx4w==} - engines: {node: '>=16'} - dom-serializer@2.0.0: resolution: {integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==} @@ -713,8 +673,8 @@ packages: engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} hasBin: true - espree@10.0.1: - resolution: {integrity: sha512-MWkrWZbJsL2UwnjxTX3gG8FneachS/Mwg7tdGXce011sJd5b0JG54vat5KHnfSBODZ3Wvzd2WnjxyzsRoVv+ww==} + espree@10.1.0: + resolution: {integrity: sha512-M1M6CpiE6ffoigIOWYO9UDP8TMUw9kqb21tf+08IgDYjCsOvCuDt4jQcZmoYxx+w7zlKw9/N0KXfto+I8/FrXA==} engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} esquery@1.5.0: @@ -778,8 +738,8 @@ packages: flatted@3.3.1: resolution: {integrity: sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==} - foreground-child@3.2.0: - resolution: {integrity: sha512-CrWQNaEl1/6WeZoarcM9LHupTo3RpZO2Pdk1vktwzPiQTsJnAKJmm3TACKeG5UZbWDfaH2AbvYxzP96y0MT7fA==} + foreground-child@3.2.1: + resolution: {integrity: sha512-PXUUyLqrR2XCWICfv6ukppP96sdFwWbNEnfEMt7jNsISjMsvaLNinAHNDYyvkyU+SZG2BTSbT5NjG+vZslfGTA==} engines: {node: '>=14'} fs.realpath@1.0.0: @@ -960,8 +920,8 @@ packages: resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==} engines: {node: '>=10'} - loupe@3.1.0: - resolution: {integrity: sha512-qKl+FrLXUhFuHUoDJG7f8P8gEMHq9NFS0c6ghXG1J0rldmZFQZoNVv/vyirE9qwCIhWZDsvEFd1sbFu3GvRQFg==} + loupe@3.1.1: + resolution: {integrity: sha512-edNu/8D5MKVfGVFRhFf8aAxiTM6Wumfz5XsaatSxlD3w4R1d/WEKUTydCdPGbl9K7QG/Ca3GnDV2sIKIpXRQcw==} lru-cache@10.2.2: resolution: {integrity: sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==} @@ -1253,9 +1213,6 @@ packages: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} - tslib@2.6.2: - resolution: {integrity: sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==} - tslib@2.6.3: resolution: {integrity: sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==} @@ -1330,8 +1287,8 @@ packages: wrappy@1.0.2: resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} - ws@8.17.0: - resolution: {integrity: sha512-uJq6108EgZMAl20KagGkzCKfMEjxmKvZHG7Tlq0Z6nOky7YF7aq4mOx6xK8TJ/i1LeK4Qus7INktacctDgY8Ow==} + ws@8.17.1: + resolution: {integrity: sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==} engines: {node: '>=10.0.0'} peerDependencies: bufferutil: ^4.0.1 @@ -1503,7 +1460,7 @@ snapshots: dependencies: ajv: 6.12.6 debug: 4.3.5 - espree: 10.0.1 + espree: 10.1.0 globals: 14.0.0 ignore: 5.3.1 import-fresh: 3.3.0 @@ -1585,70 +1542,24 @@ snapshots: '@sinonjs/text-encoding@0.7.2': {} - '@types/body-parser@1.19.5': - dependencies: - '@types/connect': 3.4.38 - '@types/node': 20.14.2 - '@types/chai@4.3.16': {} '@types/cheerio@0.22.35': dependencies: - '@types/node': 20.12.7 - - '@types/connect@3.4.38': - dependencies: - '@types/node': 20.14.2 - - '@types/express-serve-static-core@4.19.0': - dependencies: - '@types/node': 20.14.2 - '@types/qs': 6.9.15 - '@types/range-parser': 1.2.7 - '@types/send': 0.17.4 - - '@types/express@4.17.21': - dependencies: - '@types/body-parser': 1.19.5 - '@types/express-serve-static-core': 4.19.0 - '@types/qs': 6.9.15 - '@types/serve-static': 1.15.7 - - '@types/http-errors@2.0.4': {} + '@types/node': 20.14.5 '@types/istanbul-lib-coverage@2.0.6': {} - '@types/mime@1.3.5': {} - '@types/mocha@10.0.6': {} '@types/node-forge@1.3.11': dependencies: - '@types/node': 20.14.2 + '@types/node': 20.14.5 - '@types/node@20.12.7': + '@types/node@20.14.5': dependencies: undici-types: 5.26.5 - '@types/node@20.14.2': - dependencies: - undici-types: 5.26.5 - - '@types/qs@6.9.15': {} - - '@types/range-parser@1.2.7': {} - - '@types/send@0.17.4': - dependencies: - '@types/mime': 1.3.5 - '@types/node': 20.14.2 - - '@types/serve-static@1.15.7': - dependencies: - '@types/http-errors': 2.0.4 - '@types/node': 20.14.2 - '@types/send': 0.17.4 - '@types/sinon@17.0.3': dependencies: '@types/sinonjs__fake-timers': 8.1.5 @@ -1725,7 +1636,7 @@ snapshots: '@bcoe/v8-coverage': 0.2.3 '@istanbuljs/schema': 0.1.3 find-up: 5.0.0 - foreground-child: 3.2.0 + foreground-child: 3.2.1 istanbul-lib-coverage: 3.2.2 istanbul-lib-report: 3.0.1 istanbul-reports: 3.1.7 @@ -1749,8 +1660,8 @@ snapshots: dependencies: assertion-error: 2.0.1 check-error: 2.1.1 - deep-eql: 5.0.1 - loupe: 3.1.0 + deep-eql: 5.0.2 + loupe: 3.1.1 pathval: 2.0.0 chalk@4.1.2: @@ -1859,7 +1770,7 @@ snapshots: decamelize@4.0.0: {} - deep-eql@5.0.1: {} + deep-eql@5.0.2: {} deep-is@0.1.4: {} @@ -1873,10 +1784,6 @@ snapshots: discord-interactions@4.0.0: {} - discord-verify@1.2.0: - dependencies: - '@types/express': 4.17.21 - dom-serializer@2.0.0: dependencies: domelementtype: 2.3.0 @@ -1973,7 +1880,7 @@ snapshots: escape-string-regexp: 4.0.0 eslint-scope: 8.0.1 eslint-visitor-keys: 4.0.0 - espree: 10.0.1 + espree: 10.1.0 esquery: 1.5.0 esutils: 2.0.3 fast-deep-equal: 3.1.3 @@ -1995,7 +1902,7 @@ snapshots: transitivePeerDependencies: - supports-color - espree@10.0.1: + espree@10.1.0: dependencies: acorn: 8.12.0 acorn-jsx: 5.3.2(acorn@8.12.0) @@ -2051,7 +1958,7 @@ snapshots: flatted@3.3.1: {} - foreground-child@3.2.0: + foreground-child@3.2.1: dependencies: cross-spawn: 7.0.3 signal-exit: 4.1.0 @@ -2084,7 +1991,7 @@ snapshots: glob@10.4.1: dependencies: - foreground-child: 3.2.0 + foreground-child: 3.2.1 jackspeak: 3.4.0 minimatch: 9.0.4 minipass: 7.1.2 @@ -2214,7 +2121,7 @@ snapshots: chalk: 4.1.2 is-unicode-supported: 0.1.0 - loupe@3.1.0: + loupe@3.1.1: dependencies: get-func-name: 2.0.2 @@ -2241,7 +2148,7 @@ snapshots: stoppable: 1.1.0 undici: 5.28.4 workerd: 1.20240610.1 - ws: 8.17.0 + ws: 8.17.1 youch: 3.3.3 zod: 3.23.8 transitivePeerDependencies: @@ -2499,7 +2406,7 @@ snapshots: synckit@0.8.8: dependencies: '@pkgr/core': 0.1.1 - tslib: 2.6.2 + tslib: 2.6.3 test-exclude@7.0.1: dependencies: @@ -2513,8 +2420,6 @@ snapshots: dependencies: is-number: 7.0.0 - tslib@2.6.2: {} - tslib@2.6.3: {} type-check@0.4.0: @@ -2607,7 +2512,7 @@ snapshots: wrappy@1.0.2: {} - ws@8.17.0: {} + ws@8.17.1: {} xxhash-wasm@1.0.2: {} diff --git a/src/server.ts b/src/server.ts index ab5e942..013252f 100644 --- a/src/server.ts +++ b/src/server.ts @@ -3,11 +3,11 @@ import { getSignedCookie, setSignedCookie } from 'hono/cookie'; import { InteractionResponseType, InteractionResponseFlags, + verifyKey, } from 'discord-interactions'; import * as commands from './commands.js'; import { lookup } from './nzqa_lookup.js'; import * as discordJs from 'discord-api-types/v10'; -import { isValidRequest } from 'discord-verify'; import * as storage from './storage.js'; import * as discord from './discord.js'; import { Bindings } from './worker-configuration.js'; @@ -24,11 +24,11 @@ router.get('/', (c) => { // eslint-disable-next-line no-unused-vars router.post('/interactions', async (c) => { - const isValid: boolean | void = await isValidRequest( - c.req.raw, - c.env.DISCORD_PUBLIC_KEY - ).catch(console.error); - if (!isValid) return new Response('Invalid request', { status: 401 }); + const signature = c.req.header('x-signature-ed25519')!; + const timestamp = c.req.header('x-signature-timestamp')!; + const body = await c.req.text(); + if (!(await verifyKey(body, signature as string, timestamp, c.env.DISCORD_PUBLIC_KEY))) + return new Response('Invalid request', { status: 401 }); const interaction: discordJs.APIInteraction = (await c.req.json()) as discordJs.APIInteraction; @@ -41,7 +41,7 @@ router.post('/interactions', async (c) => { case discordJs.InteractionType.ModalSubmit: { // The `MODAL_SUBMIT` message is sent when a user submits a modal form. - + // console.log(JSON.stringify(interaction, null, 2)) return c.json({ type: InteractionResponseType.CHANNEL_MESSAGE_WITH_SOURCE,