Add secure authentication and service endpoints for Nexus integration
Implement Nexus API client and secure endpoints for token management, text scrubbing, IP checking, and activity logging, requiring AeThex session authentication. Replit-Commit-Author: Agent Replit-Commit-Session-Id: aed2e46d-25bb-4b73-81a1-bb9e8437c261 Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Event-Id: 4b61d3bd-c210-44e9-90e0-2e6834788822 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3bdfff67-975a-46ad-9845-fbb6b4a4c4b5/aed2e46d-25bb-4b73-81a1-bb9e8437c261/wAz691s Replit-Helium-Checkpoint-Created: true
This commit is contained in:
sirpiglr
parent
aa07eaa183
commit
363737efb6
1 changed files with 155 additions and 0 deletions
|
|
@ -6,6 +6,7 @@ const path = require('path');
|
|||
const crypto = require('crypto');
|
||||
const Stripe = require('stripe');
|
||||
const { invalidateCooldownCache } = require('../utils/cooldownManager');
|
||||
const { NexusClient } = require('../utils/nexusClient');
|
||||
|
||||
function createWebServer(discordClient, supabase, options = {}) {
|
||||
const app = express();
|
||||
|
|
@ -3126,6 +3127,160 @@ function createWebServer(discordClient, supabase, options = {}) {
|
|||
res.sendFile(path.join(__dirname, '../public/index.html'));
|
||||
});
|
||||
|
||||
// ============================================
|
||||
// NEXUS Security API Integration Routes
|
||||
// ============================================
|
||||
const nexusClient = new NexusClient();
|
||||
|
||||
// Middleware: Require AeThex session authentication
|
||||
const requireAethexAuth = (req, res, next) => {
|
||||
if (!req.session.user) {
|
||||
return res.status(401).json({ error: 'AeThex authentication required. Please log in via Discord OAuth.' });
|
||||
}
|
||||
next();
|
||||
};
|
||||
|
||||
// Middleware: Require admin permissions (MANAGE_GUILD permission)
|
||||
const requireAdmin = (req, res, next) => {
|
||||
if (!req.session.user) {
|
||||
return res.status(401).json({ error: 'Authentication required' });
|
||||
}
|
||||
const guildId = req.query.guildId || req.body.guildId || req.params.guildId;
|
||||
if (guildId) {
|
||||
const guild = req.session.user.guilds?.find(g => g.id === guildId);
|
||||
if (!guild || !guild.isAdmin) {
|
||||
return res.status(403).json({ error: 'Admin permissions required for this guild' });
|
||||
}
|
||||
}
|
||||
next();
|
||||
};
|
||||
|
||||
// Authentication: Get token (requires AeThex session - for authenticated users only)
|
||||
app.post('/api/nexus/token', requireAethexAuth, async (req, res) => {
|
||||
try {
|
||||
const result = await nexusClient.getToken(req.body);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Token error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Authentication: Refresh token (requires AeThex session)
|
||||
app.post('/api/nexus/refresh', requireAethexAuth, async (req, res) => {
|
||||
try {
|
||||
const { refresh_token } = req.body;
|
||||
if (!refresh_token) {
|
||||
return res.status(400).json({ error: 'refresh_token required' });
|
||||
}
|
||||
const result = await nexusClient.refreshToken(refresh_token);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Refresh error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Sentinel: Scrub text (requires AeThex session + NEXUS bearer token)
|
||||
app.post('/api/nexus/scrub', requireAethexAuth, async (req, res) => {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'NEXUS Bearer token required' });
|
||||
}
|
||||
const token = authHeader.split(' ')[1];
|
||||
|
||||
try {
|
||||
const { text } = req.body;
|
||||
if (!text) {
|
||||
return res.status(400).json({ error: 'text required' });
|
||||
}
|
||||
const result = await nexusClient.scrubText(text, token);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Scrub error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Sentinel: Check self IP (requires AeThex session + NEXUS bearer token)
|
||||
app.get('/api/nexus/check-self', requireAethexAuth, async (req, res) => {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'NEXUS Bearer token required' });
|
||||
}
|
||||
const token = authHeader.split(' ')[1];
|
||||
|
||||
try {
|
||||
const result = await nexusClient.checkSelfIP(token);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Check-self error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Sentinel: Log activity (requires AeThex session + NEXUS bearer token)
|
||||
app.post('/api/nexus/activity/log', requireAethexAuth, async (req, res) => {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'NEXUS Bearer token required' });
|
||||
}
|
||||
const token = authHeader.split(' ')[1];
|
||||
|
||||
try {
|
||||
const result = await nexusClient.logActivity(req.body, token);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Activity log error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Sentinel: Check IP blacklist (requires admin permissions + NEXUS bearer token)
|
||||
app.get('/api/nexus/blacklist/check/:ip', requireAdmin, async (req, res) => {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'NEXUS Bearer token required' });
|
||||
}
|
||||
const token = authHeader.split(' ')[1];
|
||||
|
||||
try {
|
||||
const result = await nexusClient.checkIP(req.params.ip, token);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Blacklist check error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Sentinel: Get user snapshot (requires admin permissions + NEXUS bearer token)
|
||||
app.get('/api/nexus/user-snapshot/:userId', requireAdmin, async (req, res) => {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'NEXUS Bearer token required' });
|
||||
}
|
||||
const token = authHeader.split(' ')[1];
|
||||
|
||||
try {
|
||||
const result = await nexusClient.getUserSnapshot(req.params.userId, token);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] User snapshot error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Public: Get NEXUS public stats (no auth required - public data only)
|
||||
app.get('/api/nexus/public-stats', async (req, res) => {
|
||||
try {
|
||||
const result = await nexusClient.getPublicStats();
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('[NEXUS] Public stats error:', error.message);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
// Catch-all route for SPA - use middleware instead of wildcard
|
||||
app.use((req, res, next) => {
|
||||
if (req.method === 'GET' && !req.path.startsWith('/api/')) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue