Transitioned from Plan to Build mode

Replit-Commit-Author: Agent Replit-Commit-Session-Id: aed2e46d-25bb-4b73-81a1-bb9e8437c261 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 00e7163d-4d03-4652-bbe8-0850044e84c1 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3bdfff67-975a-46ad-9845-fbb6b4a4c4b5/aed2e46d-25bb-4b73-81a1-bb9e8437c261/5VMaR1q Replit-Helium-Checkpoint-Created: true
2025-12-14 03:56:16 +00:00 · 2025-12-14 03:56:16 +00:00 · 09c7d84e58
commit 09c7d84e58
parent 917e51e790
1 changed files with 81 additions and 0 deletions
--- a/attached_assets/Pasted-That-s-the-most-crucial-step-because-we-are-using-your-_1765680278829.txt
+++ b/attached_assets/Pasted-That-s-the-most-crucial-step-because-we-are-using-your-_1765680278829.txt
@ -0,0 +1,81 @@
 That's the most crucial step, because we are using your existing, complex bot's web server to solve a legal and security problem.
 We need to implement the final stage of the **Discord Linking Handshake** on your bot's existing web dashboard. This code will handle the redirection from Discord and securely forward the necessary information to the **NEXUS API** (Project 1).
 Here is the plan for the **Express.js code on your `bot.aethex.dev` Web Dashboard (Port 5000)**.
 -----
 ## **Action Plan: `bot.aethex.dev` Dashboard Callback**
 This code goes into the Node.js Express server that runs your Web Dashboard. Its primary job is to receive the secure `code` from Discord and securely pass it, along with the user's **Passport JWT**, to the **NEXUS API**.
 ### **Replit Project: `bot.aethex.dev` (Web Dashboard Express Server)**
 This is the Express route that must match the **Redirect URI** registered in your Discord Developer Portal (e.g., `/auth/discord/callback`).
 ```javascript
 // GET /auth/discord/callback
 // This route executes when Discord redirects the user back to your bot's web server.
 router.get('/auth/discord/callback', async (req, res) => {
    // 1. Capture the critical parameters from Discord's redirect URL
    const authCode = req.query.code;
    const state = req.query.state; // Used to prevent CSRF (must match the one the bot initiated)
    // 2. Retrieve the user's Passport JWT (The SSO Credential)
    // The passport token is retrieved from the domain-scoped cookie set by the NEXUS API.
    const passportToken = req.cookies.aethex_passport;
    if (!authCode || !passportToken) {
        // Essential check: If either the Discord Code or the user's Passport is missing, fail fast.
        return res.status(400).send('Authentication failed. Missing authorization code or AeThex Passport.');
    }
    try {
        // 3. SECURELY FORWARD DATA to the NEXUS API (Server-to-Server)
        // NOTE: The NEXUS API holds the sensitive Discord Client Secret and performs the final token exchange.
        const nexusResponse = await fetch(`${process.env.NEXUS_API_URL}/api/passport/link/discord`, {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
                // Send the user's Passport Token for authentication (Who is this AeThex user?)
                'Authorization': `Bearer ${passportToken}` 
            },
            body: JSON.stringify({ 
                authCode: authCode, // The code from Discord
                state: state,       // The original state from the bot
                // You can add the user's current session ID or other required data here if needed
            })
        });
        // 4. Handle NEXUS API Response
        if (!nexusResponse.ok) {
            // The NEXUS API failed the handshake with Discord
            const error = await nexusResponse.json();
            console.error('NEXUS API Link Error:', error);
            // Redirect to an error page instead of showing raw JSON
            return res.redirect('/dashboard/link/error?msg=NEXUS_FAILURE'); 
        }
        // 5. Success: Redirect the user to a confirmation page on the dashboard
        res.redirect('/dashboard/link/success');
    } catch (error) {
        console.error('Discord callback processing error:', error);
        res.status(500).send('An unexpected error occurred during the Discord link process.');
    }
 });
 ```
 ### **What This Code Achieves (Compliance and Security)**
 1.  **Compliance:** It maintains the **Axiom Model's** legal firewall. The `bot.aethex.dev` web server acts only as a secure intermediary (a messenger), ensuring the high-security IP (the **Discord Client Secret** and the **Database Write** logic) remains isolated in the **NEXUS API** (Corp IP).
 2.  **Security:** By relying on the `passportToken` from the **`aethex_passport` cookie**, we ensure that only users who have successfully logged in to your SSO system can even attempt to link a Discord account, preventing unauthorized linking attempts.
 3.  **Efficiency:** This code is minimal and fast. It simply captures the required parameters and immediately hands the responsibility to the dedicated **NEXUS API**.
 -----
 **Next Action:** We now must build the final, most secure piece of logic—the **`POST /api/passport/link/discord`** endpoint on the **`aethex-nexus-security` API** (Project 1). This is where the **Corp IP** performs the final, secret-driven handshake with Discord and updates the shared database, completing the link.
 Would you like to detail the code for the **NEXUS API's final Discord linking endpoint**?