That's the most crucial step, because we are using your existing, complex bot's web server to solve a legal and security problem. We need to implement the final stage of the **Discord Linking Handshake** on your bot's existing web dashboard. This code will handle the redirection from Discord and securely forward the necessary information to the **NEXUS API** (Project 1). Here is the plan for the **Express.js code on your `bot.aethex.dev` Web Dashboard (Port 5000)**. ----- ## **Action Plan: `bot.aethex.dev` Dashboard Callback** This code goes into the Node.js Express server that runs your Web Dashboard. Its primary job is to receive the secure `code` from Discord and securely pass it, along with the user's **Passport JWT**, to the **NEXUS API**. ### **Replit Project: `bot.aethex.dev` (Web Dashboard Express Server)** This is the Express route that must match the **Redirect URI** registered in your Discord Developer Portal (e.g., `/auth/discord/callback`). ```javascript // GET /auth/discord/callback // This route executes when Discord redirects the user back to your bot's web server. router.get('/auth/discord/callback', async (req, res) => { // 1. Capture the critical parameters from Discord's redirect URL const authCode = req.query.code; const state = req.query.state; // Used to prevent CSRF (must match the one the bot initiated) // 2. Retrieve the user's Passport JWT (The SSO Credential) // The passport token is retrieved from the domain-scoped cookie set by the NEXUS API. const passportToken = req.cookies.aethex_passport; if (!authCode || !passportToken) { // Essential check: If either the Discord Code or the user's Passport is missing, fail fast. return res.status(400).send('Authentication failed. Missing authorization code or AeThex Passport.'); } try { // 3. SECURELY FORWARD DATA to the NEXUS API (Server-to-Server) // NOTE: The NEXUS API holds the sensitive Discord Client Secret and performs the final token exchange. const nexusResponse = await fetch(`${process.env.NEXUS_API_URL}/api/passport/link/discord`, { method: 'POST', headers: { 'Content-Type': 'application/json', // Send the user's Passport Token for authentication (Who is this AeThex user?) 'Authorization': `Bearer ${passportToken}` }, body: JSON.stringify({ authCode: authCode, // The code from Discord state: state, // The original state from the bot // You can add the user's current session ID or other required data here if needed }) }); // 4. Handle NEXUS API Response if (!nexusResponse.ok) { // The NEXUS API failed the handshake with Discord const error = await nexusResponse.json(); console.error('NEXUS API Link Error:', error); // Redirect to an error page instead of showing raw JSON return res.redirect('/dashboard/link/error?msg=NEXUS_FAILURE'); } // 5. Success: Redirect the user to a confirmation page on the dashboard res.redirect('/dashboard/link/success'); } catch (error) { console.error('Discord callback processing error:', error); res.status(500).send('An unexpected error occurred during the Discord link process.'); } }); ``` ### **What This Code Achieves (Compliance and Security)** 1. **Compliance:** It maintains the **Axiom Model's** legal firewall. The `bot.aethex.dev` web server acts only as a secure intermediary (a messenger), ensuring the high-security IP (the **Discord Client Secret** and the **Database Write** logic) remains isolated in the **NEXUS API** (Corp IP). 2. **Security:** By relying on the `passportToken` from the **`aethex_passport` cookie**, we ensure that only users who have successfully logged in to your SSO system can even attempt to link a Discord account, preventing unauthorized linking attempts. 3. **Efficiency:** This code is minimal and fast. It simply captures the required parameters and immediately hands the responsibility to the dedicated **NEXUS API**. ----- **Next Action:** We now must build the final, most secure piece of logic—the **`POST /api/passport/link/discord`** endpoint on the **`aethex-nexus-security` API** (Project 1). This is where the **Corp IP** performs the final, secret-driven handshake with Discord and updates the shared database, completing the link. Would you like to detail the code for the **NEXUS API's final Discord linking endpoint**?