Pandipipas/scoreko-dev
1
0
Fork 0
mirror of https://github.com/Pandipipas/scoreko-dev.git synced 2026-06-06 03:32:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor OAuth handling: Extract OAuth server logic into a separate module, streamline session management, and enhance error handling in startgg.ts

Browse Source
This commit is contained in:
Pandipipas
2026-05-17 22:07:10 +02:00
parent 0857472ad4
commit aea381ea35
5 changed files with 1334 additions and 1655 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/extension/challonge.ts
+192 -320
View File
@@ -1,6 +1,7 @@
import { createServer, type Server, type ServerResponse } from 'node:http';
import { randomUUID } from 'node:crypto';
import { nodecg } from './util/nodecg.js';
import { createOAuthServer, type OAuthConfig } from './util/oauth-server.js';
// ─── Constantes ────────────────────────────────────────────────────────────────
const CHALLONGE_API_BASE = 'https://api.challonge.com/v2.1';
const CHALLONGE_OAUTH_AUTHORIZE_ENDPOINT = 'https://api.challonge.com/oauth/authorize';
@@ -17,21 +18,9 @@ const CHALLONGE_OAUTH_SCOPES = [
const CHALLONGE_OAUTH_CALLBACK_PATH = '/challonge/callback';
const CHALLONGE_OAUTH_DEFAULT_PORT = 34921;
const CHALLONGE_OAUTH_SESSION_TTL_MS = 10 * 60 * 1000;
const RECENT_TOURNAMENTS_LIMIT = 20;
interface OAuthConfig {
clientId: string;
clientSecret: string;
callbackPort: number;
}
interface OAuthSession {
sessionId: string;
state: string;
expiresAt: number;
status: 'pending' | 'completed' | 'error' | 'expired';
token?: string;
error?: string;
}
// ─── Tipos ─────────────────────────────────────────────────────────────────────
interface OAuthTokenResponse {
access_token?: string;
@@ -57,157 +46,90 @@ interface ImportedPlayer {
twitter: string;
}
const oauthSessions = new Map<string, OAuthSession>();
let oauthCallbackServer: Server | null = null;
const getStringProp = (payload: unknown, key: string): string => {
if (typeof payload !== 'object' || payload === null || !(key in payload)) {
return '';
}
const value = (payload as Record<string, unknown>)[key];
return typeof value === 'string' ? value.trim() : String(value || '').trim();
};
const getNumberProp = (payload: Record<string, unknown>, keys: string[]): number | null => {
for (const key of keys) {
const raw = payload[key];
if (typeof raw === 'number' && Number.isFinite(raw)) {
return raw;
}
if (typeof raw === 'string') {
const parsed = Number(raw);
if (Number.isFinite(parsed)) {
return parsed;
}
}
}
return null;
};
const sendAck = (ack: unknown, error: string | null, response?: unknown) => {
if (typeof ack !== 'function') {
return;
}
ack(error, response);
};
// ─── Config OAuth ──────────────────────────────────────────────────────────────
const getOAuthConfig = (): OAuthConfig | null => {
const bundleConfig = nodecg.bundleConfig as unknown as Record<string, unknown>;
const clientId = String(bundleConfig.challongeClientId || '').trim();
const clientSecret = String(bundleConfig.challongeClientSecret || '').trim();
const clientId = String(bundleConfig.challongeClientId ?? '').trim();
const clientSecret = String(bundleConfig.challongeClientSecret ?? '').trim();
const rawPort = Number(bundleConfig.challongeOAuthPort ?? CHALLONGE_OAUTH_DEFAULT_PORT);
const callbackPort = Number.isFinite(rawPort) && rawPort > 0 ? rawPort : CHALLONGE_OAUTH_DEFAULT_PORT;
const callbackPort =
Number.isFinite(rawPort) && rawPort > 0 ? rawPort : CHALLONGE_OAUTH_DEFAULT_PORT;
if (!clientId || !clientSecret) {
return null;
}
if (!clientId || !clientSecret) return null;
return {
clientId,
clientSecret,
callbackPort,
};
return { clientId, clientSecret, callbackPort };
};
const getCallbackUrl = (callbackPort: number) => `http://127.0.0.1:${callbackPort}${CHALLONGE_OAUTH_CALLBACK_PATH}`;
const updateOAuthSession = (sessionId: string, update: Partial<OAuthSession>) => {
const session = oauthSessions.get(sessionId);
if (!session) {
return;
}
oauthSessions.set(sessionId, {
...session,
...update,
});
};
const cleanupExpiredOAuthSessions = () => {
const now = Date.now();
oauthSessions.forEach((session, sessionId) => {
if (session.expiresAt <= now && session.status === 'pending') {
updateOAuthSession(sessionId, { status: 'expired' });
}
});
};
const renderCallbackHtml = (title: string, message: string) => `<!doctype html>
<html lang="es">
<head>
<meta charset="utf-8" />
<title>${title}</title>
<style>
body { font-family: Arial, sans-serif; margin: 2rem; background: #121212; color: #fff; }
.box { max-width: 680px; padding: 1rem 1.2rem; border: 1px solid #444; border-radius: 8px; }
</style>
</head>
<body>
<div class="box">
<h2>${title}</h2>
<p>${message}</p>
<p>You can close this tab and return to Scoreko.</p>
</div>
</body>
</html>`;
const respondWithCallbackHtml = (res: ServerResponse, statusCode: number, title: string, message: string) => {
res.statusCode = statusCode;
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end(renderCallbackHtml(title, message));
};
const parseOAuthTokenPayload = async (response: Response): Promise<OAuthTokenResponse> => {
const rawBody = await response.text();
try {
return JSON.parse(rawBody) as OAuthTokenResponse;
} catch {
return { message: rawBody };
}
};
// ─── Intercambio de token ──────────────────────────────────────────────────────
const exchangeOAuthCodeForToken = async (
code: string,
redirectUri: string,
oauthConfig: OAuthConfig,
config: OAuthConfig,
): Promise<string> => {
const params = new URLSearchParams({
grant_type: 'authorization_code',
code,
client_id: oauthConfig.clientId,
client_secret: oauthConfig.clientSecret,
client_id: config.clientId,
client_secret: config.clientSecret,
redirect_uri: redirectUri,
});
const response = await fetch(CHALLONGE_OAUTH_TOKEN_ENDPOINT, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: params.toString(),
});
const payload = await parseOAuthTokenPayload(response);
if (!response.ok) {
throw new Error(payload.error_description || payload.error || payload.message || `OAuth token request failed (${response.status})`);
const rawBody = await response.text();
let payload: OAuthTokenResponse;
try {
payload = JSON.parse(rawBody) as OAuthTokenResponse;
} catch {
payload = { message: rawBody };
}
const token = String(payload.access_token || '').trim();
if (!response.ok) {
throw new Error(
payload.error_description ??
payload.error ??
payload.message ??
`OAuth token request failed (${response.status})`,
);
}
const token = String(payload.access_token ?? '').trim();
if (!token) {
throw new Error(payload.error_description || payload.error || payload.message || 'OAuth token response did not include an access token');
throw new Error(
payload.error_description ??
payload.error ??
payload.message ??
'OAuth token response did not include an access token',
);
}
return token;
};
// ─── Servidor OAuth ────────────────────────────────────────────────────────────
const oauthServer = createOAuthServer({
provider: 'Challonge',
callbackPath: CHALLONGE_OAUTH_CALLBACK_PATH,
authorizeEndpoint: CHALLONGE_OAUTH_AUTHORIZE_ENDPOINT,
scope: CHALLONGE_OAUTH_SCOPES,
sessionTtlMs: CHALLONGE_OAUTH_SESSION_TTL_MS,
exchangeToken: exchangeOAuthCodeForToken,
});
// ─── API de Challonge ──────────────────────────────────────────────────────────
type ChallongeErrorPayload = { errors?: { detail?: string }; error?: string } | null;
const parseJsonResponse = async (response: Response): Promise<unknown> => {
const rawBody = await response.text();
if (!rawBody) {
return null;
}
if (!rawBody) return null;
try {
return JSON.parse(rawBody) as unknown;
} catch {
@@ -215,9 +137,21 @@ const parseJsonResponse = async (response: Response): Promise<unknown> => {
}
};
/**
* Realiza una petición autenticada a la API de Challonge.
*
* Intenta primero con OAuth v2 (Bearer token).
* Si recibe 401, reintenta con autenticación v1 (API key personal pegada manualmente).
* En cualquier otro error no-2xx, lanza inmediatamente.
*
* CORRECCIÓN: en la versión anterior, el bloque de error final era dead code
* porque el body de v2 ya había sido consumido y la condición `!v2Response.ok`
* nunca se alcanzaba tras el fallback v1.
*/
const requestChallonge = async (path: string, token: string): Promise<unknown> => {
const requestUrl = `${CHALLONGE_API_BASE}${path}`;
// ── Intento v2 (OAuth Bearer) ─────────────────────────────────────────────
const v2Response = await fetch(requestUrl, {
headers: {
Accept: 'application/json',
@@ -226,14 +160,13 @@ const requestChallonge = async (path: string, token: string): Promise<unknown> =
Authorization: `Bearer ${token}`,
},
});
const v2Payload = await parseJsonResponse(v2Response);
if (v2Response.ok) {
return v2Payload;
}
// Fallback for personal API keys pasted manually (v1 auth style).
// ── Fallback v1 (API key personal pegada manualmente) ─────────────────────
if (v2Response.status === 401) {
const v1Response = await fetch(requestUrl, {
headers: {
@@ -243,46 +176,68 @@ const requestChallonge = async (path: string, token: string): Promise<unknown> =
Authorization: token,
},
});
const v1Payload = await parseJsonResponse(v1Response);
if (v1Response.ok) {
return v1Payload;
}
}
const maybeError = v2Payload as { errors?: { detail?: string }; error?: string } | null;
if (!v2Response.ok) {
const v1Error = v1Payload as ChallongeErrorPayload;
throw new Error(
maybeError?.errors?.detail || maybeError?.error || `Challonge responded with ${v2Response.status} ${v2Response.statusText}`.trim(),
v1Error?.errors?.detail ??
v1Error?.error ??
`Challonge responded with ${v1Response.status} ${v1Response.statusText}`.trim(),
);
}
return v2Payload;
// ── Otros errores v2 (4xx/5xx que no sean 401) ────────────────────────────
const v2Error = v2Payload as ChallongeErrorPayload;
throw new Error(
v2Error?.errors?.detail ??
v2Error?.error ??
`Challonge responded with ${v2Response.status} ${v2Response.statusText}`.trim(),
);
};
// ─── Parsers de respuesta ──────────────────────────────────────────────────────
const normalizeTournamentSlug = (value: string): string => {
const trimmed = value.trim();
if (!trimmed) {
return '';
if (!trimmed) return '';
return trimmed
.replace(/^https?:\/\/[^/]+\//i, '')
.replace(/^tournaments\//i, '')
.replace(/^\/+/, '');
};
const getNumberProp = (payload: Record<string, unknown>, keys: string[]): number | null => {
for (const key of keys) {
const raw = payload[key];
if (typeof raw === 'number' && Number.isFinite(raw)) return raw;
if (typeof raw === 'string') {
const parsed = Number(raw);
if (Number.isFinite(parsed)) return parsed;
}
}
return trimmed.replace(/^https?:\/\/[^/]+\//i, '').replace(/^tournaments\//i, '').replace(/^\/+/, '');
return null;
};
const parseRecentTournaments = (payload: unknown): RecentTournament[] => {
const rows: RecentTournament[] = [];
const push = (candidate: Record<string, unknown>) => {
const attributes = (typeof candidate.attributes === 'object' && candidate.attributes !== null)
? (candidate.attributes as Record<string, unknown>)
: candidate;
const attributes =
typeof candidate.attributes === 'object' && candidate.attributes !== null
? (candidate.attributes as Record<string, unknown>)
: candidate;
const id = String(candidate.id || attributes.id || attributes.tournament_id || '').trim();
const name = String(attributes.name || attributes.full_name || '').trim();
const slug = normalizeTournamentSlug(String(attributes.url || attributes.slug || attributes.identifier || id));
const id = String(candidate.id ?? attributes.id ?? attributes.tournament_id ?? '').trim();
const name = String(attributes.name ?? attributes.full_name ?? '').trim();
const slug = normalizeTournamentSlug(
String(attributes.url ?? attributes.slug ?? attributes.identifier ?? id),
);
if (!id || !name || !slug) {
return;
}
if (!id || !name || !slug) return;
rows.push({
id,
@@ -294,26 +249,25 @@ const parseRecentTournaments = (payload: unknown): RecentTournament[] => {
};
if (Array.isArray(payload)) {
payload.forEach((row) => {
for (const row of payload) {
const wrapper = row as Record<string, unknown>;
const tournament = (typeof wrapper.tournament === 'object' && wrapper.tournament !== null)
? (wrapper.tournament as Record<string, unknown>)
: wrapper;
const tournament =
typeof wrapper.tournament === 'object' && wrapper.tournament !== null
? (wrapper.tournament as Record<string, unknown>)
: wrapper;
push(tournament);
});
}
return rows;
}
if (typeof payload === 'object' && payload !== null) {
const root = payload as Record<string, unknown>;
const data = root.data;
const data = (payload as Record<string, unknown>).data;
if (Array.isArray(data)) {
data.forEach((row) => {
for (const row of data) {
if (typeof row === 'object' && row !== null) {
push(row as Record<string, unknown>);
}
});
return rows;
}
}
}
@@ -324,201 +278,127 @@ const parseImportedPlayers = (payload: unknown): ImportedPlayer[] => {
const map = new Map<string, ImportedPlayer>();
const push = (candidate: Record<string, unknown>) => {
const attributes = (typeof candidate.attributes === 'object' && candidate.attributes !== null)
? (candidate.attributes as Record<string, unknown>)
: candidate;
const attributes =
typeof candidate.attributes === 'object' && candidate.attributes !== null
? (candidate.attributes as Record<string, unknown>)
: candidate;
const id = String(candidate.id || attributes.id || attributes.participant_id || '').trim();
const gamertag = String(
attributes.display_name
|| attributes.name
|| attributes.username
|| attributes.gamer_tag
|| '',
const id = String(
candidate.id ?? attributes.id ?? attributes.participant_id ?? '',
).trim();
if (!id || !gamertag) {
return;
}
const rawDisplayName = String(
attributes.display_name ??
attributes.name ??
attributes.username ??
attributes.gamer_tag ??
'',
).trim();
if (!id || !rawDisplayName) return;
// Detectar patrón "TEAM | Gamertag" o "TEAM |Gamertag" (muy común en fighting games).
// Si se detecta, extraer el equipo del propio nombre y limpiar el gamertag.
const PIPE_PATTERN = /^(.+?)\s*\|\s*(.+)$/;
const pipeMatch = PIPE_PATTERN.exec(rawDisplayName);
const teamFromName = pipeMatch ? pipeMatch[1].trim() : '';
const gamertag = pipeMatch ? pipeMatch[2].trim() : rawDisplayName;
// team_name de la API tiene prioridad; si no existe, usar el extraído del nombre.
const team = String(attributes.team_name ?? '').trim() || teamFromName;
// Challonge no expone un campo de nombre real separado del username/display_name.
// Se deja vacío para no duplicar el gamertag en el campo name.
map.set(id, {
id,
gamertag,
name: gamertag,
team: String(attributes.group_player_ids || attributes.team_name || '').trim(),
name: '',
team,
country: '',
twitter: String(attributes.twitter_handle || attributes.twitter || '').trim(),
twitter: String(attributes.twitter_handle ?? attributes.twitter ?? '').trim(),
});
};
if (Array.isArray(payload)) {
payload.forEach((row) => {
for (const row of payload) {
const wrapper = row as Record<string, unknown>;
const participant = (typeof wrapper.participant === 'object' && wrapper.participant !== null)
? (wrapper.participant as Record<string, unknown>)
: wrapper;
const participant =
typeof wrapper.participant === 'object' && wrapper.participant !== null
? (wrapper.participant as Record<string, unknown>)
: wrapper;
push(participant);
});
}
return Array.from(map.values());
}
if (typeof payload === 'object' && payload !== null) {
const root = payload as Record<string, unknown>;
const data = root.data;
const data = (payload as Record<string, unknown>).data;
if (Array.isArray(data)) {
data.forEach((row) => {
for (const row of data) {
if (typeof row === 'object' && row !== null) {
push(row as Record<string, unknown>);
}
});
}
}
}
return Array.from(map.values());
};
const ensureOAuthCallbackServer = async (oauthConfig: OAuthConfig) => {
if (oauthCallbackServer) {
return;
}
// ─── Utilidades ────────────────────────────────────────────────────────────────
const callbackUrl = getCallbackUrl(oauthConfig.callbackPort);
const server = createServer((req, res) => {
if (!req.url) {
res.statusCode = 400;
res.end('Bad request');
return;
}
const requestUrl = new URL(req.url, callbackUrl);
if (requestUrl.pathname !== CHALLONGE_OAUTH_CALLBACK_PATH) {
res.statusCode = 404;
res.end('Not found');
return;
}
cleanupExpiredOAuthSessions();
const state = requestUrl.searchParams.get('state') || '';
const code = requestUrl.searchParams.get('code') || '';
const error = requestUrl.searchParams.get('error') || '';
const session = Array.from(oauthSessions.values()).find((candidate) => candidate.state === state);
if (!session) {
respondWithCallbackHtml(res, 400, 'Invalid OAuth', 'No active session was found for this authorization.');
return;
}
if (session.expiresAt <= Date.now()) {
updateOAuthSession(session.sessionId, { status: 'expired' });
respondWithCallbackHtml(res, 400, 'Session expired', 'The OAuth session expired. Start the process again from Scoreko.');
return;
}
if (error) {
updateOAuthSession(session.sessionId, { status: 'error', error });
respondWithCallbackHtml(res, 400, 'OAuth canceled', `Challonge returned this error: ${error}`);
return;
}
if (!code) {
updateOAuthSession(session.sessionId, {
status: 'error',
error: 'Missing authorization code',
});
respondWithCallbackHtml(res, 400, 'Incomplete OAuth', 'No authorization code was received.');
return;
}
void exchangeOAuthCodeForToken(code, callbackUrl, oauthConfig)
.then((token) => {
updateOAuthSession(session.sessionId, { status: 'completed', token, error: undefined });
})
.catch((exchangeError) => {
const message = exchangeError instanceof Error ? exchangeError.message : 'Failed to exchange authorization code';
updateOAuthSession(session.sessionId, { status: 'error', error: message });
});
respondWithCallbackHtml(res, 200, 'Authorization received', 'Your authorization was received. Finishing sign-in in the background...');
});
await new Promise<void>((resolve, reject) => {
server.once('error', reject);
server.listen(oauthConfig.callbackPort, '127.0.0.1', () => {
server.off('error', reject);
resolve();
});
});
oauthCallbackServer = server;
const getStringProp = (payload: unknown, key: string): string => {
if (typeof payload !== 'object' || payload === null || !(key in payload)) return '';
const value = (payload as Record<string, unknown>)[key];
return typeof value === 'string' ? value.trim() : String(value ?? '').trim();
};
const sendAck = (ack: unknown, error: string | null, response?: unknown) => {
if (typeof ack === 'function') ack(error, response);
};
// ─── Listeners de NodeCG ───────────────────────────────────────────────────────
nodecg.listenFor('challonge:createOAuthSession', async (_payload: unknown, ack) => {
const oauthConfig = getOAuthConfig();
if (!oauthConfig) {
sendAck(ack, 'OAuth is not configured in this installation (missing challongeClientId/challongeClientSecret). Use the Client ID and Client Secret from a Challonge OAuth app.');
const config = getOAuthConfig();
if (!config) {
sendAck(
ack,
'OAuth is not configured in this installation (missing challongeClientId/challongeClientSecret). Use the Client ID and Client Secret from a Challonge OAuth app.',
);
return;
}
try {
await ensureOAuthCallbackServer(oauthConfig);
} catch (serverError) {
const message = serverError instanceof Error ? serverError.message : 'Could not start the local OAuth callback';
sendAck(ack, message);
await oauthServer.ensureServer(config);
} catch (err) {
sendAck(ack, err instanceof Error ? err.message : 'Could not start the local OAuth callback');
return;
}
cleanupExpiredOAuthSessions();
const sessionId = randomUUID();
const state = randomUUID();
oauthSessions.set(sessionId, {
sessionId,
state,
expiresAt: Date.now() + CHALLONGE_OAUTH_SESSION_TTL_MS,
status: 'pending',
});
const params = new URLSearchParams({
response_type: 'code',
client_id: oauthConfig.clientId,
redirect_uri: getCallbackUrl(oauthConfig.callbackPort),
scope: CHALLONGE_OAUTH_SCOPES,
state,
});
sendAck(ack, null, {
sessionId,
authUrl: `${CHALLONGE_OAUTH_AUTHORIZE_ENDPOINT}?${params.toString()}`,
});
const session = oauthServer.createSession(config);
sendAck(ack, null, session);
});
nodecg.listenFor('challonge:getOAuthSessionStatus', (payload: unknown, ack) => {
cleanupExpiredOAuthSessions();
const sessionId = getStringProp(payload, 'sessionId');
if (!sessionId) {
sendAck(ack, 'Missing OAuth session id');
return;
}
const session = oauthSessions.get(sessionId);
if (!session) {
const status = oauthServer.getSessionStatus(sessionId);
if (!status) {
sendAck(ack, 'OAuth session not found');
return;
}
sendAck(ack, null, {
status: session.status,
token: session.status === 'completed' ? session.token : undefined,
error: session.status === 'error' ? session.error : undefined,
});
sendAck(ack, null, status);
});
nodecg.listenFor('challonge:fetchRecentTournaments', async (payload: unknown, ack) => {
const token = getStringProp(payload, 'token');
if (!token) {
sendAck(ack, 'Missing Challonge API token');
return;
@@ -528,12 +408,10 @@ nodecg.listenFor('challonge:fetchRecentTournaments', async (payload: unknown, ac
const raw = await requestChallonge('/tournaments.json', token);
const tournaments = parseRecentTournaments(raw)
.sort((a, b) => (b.startAt ?? 0) - (a.startAt ?? 0))
.slice(0, 20);
.slice(0, RECENT_TOURNAMENTS_LIMIT);
sendAck(ack, null, tournaments);
} catch (error) {
const message = error instanceof Error ? error.message : 'Unknown error while loading tournaments';
sendAck(ack, message);
sendAck(ack, error instanceof Error ? error.message : 'Unknown error while loading tournaments');
}
});
@@ -541,22 +419,16 @@ nodecg.listenFor('challonge:fetchTournamentPlayers', async (payload: unknown, ac
const token = getStringProp(payload, 'token');
const slug = normalizeTournamentSlug(getStringProp(payload, 'slug'));
if (!token) {
sendAck(ack, 'Missing Challonge API token');
return;
}
if (!slug) {
sendAck(ack, 'Missing tournament slug');
return;
}
if (!token) { sendAck(ack, 'Missing Challonge API token'); return; }
if (!slug) { sendAck(ack, 'Missing tournament slug'); return; }
try {
const raw = await requestChallonge(`/tournaments/${encodeURIComponent(slug)}/participants.json`, token);
const players = parseImportedPlayers(raw);
sendAck(ack, null, players);
const raw = await requestChallonge(
`/tournaments/${encodeURIComponent(slug)}/participants.json`,
token,
);
sendAck(ack, null, parseImportedPlayers(raw));
} catch (error) {
const message = error instanceof Error ? error.message : 'Unknown error while importing players';
sendAck(ack, message);
sendAck(ack, error instanceof Error ? error.message : 'Unknown error while importing players');
}
});