AeThex-Labs/AeThex-Bot-Master
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
AeThex-Bot-Master/attached_assets/Pasted-That-s-the-most-crucial-step-because-we-are-using-your-_1765680278829.txt
sirpiglr 09c7d84e58 Transitioned from Plan to Build mode 
Replit-Commit-Author: Agent
Replit-Commit-Session-Id: aed2e46d-25bb-4b73-81a1-bb9e8437c261
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 00e7163d-4d03-4652-bbe8-0850044e84c1
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3bdfff67-975a-46ad-9845-fbb6b4a4c4b5/aed2e46d-25bb-4b73-81a1-bb9e8437c261/5VMaR1q
Replit-Helium-Checkpoint-Created: true
2025-12-14 03:56:16 +00:00

81 lines
No EOL
4.6 KiB
Text
Raw Blame History

That's the most crucial step, because we are using your existing, complex bot's web server to solve a legal and security problem.
We need to implement the final stage of the **Discord Linking Handshake** on your bot's existing web dashboard. This code will handle the redirection from Discord and securely forward the necessary information to the **NEXUS API** (Project 1).
Here is the plan for the **Express.js code on your `bot.aethex.dev` Web Dashboard (Port 5000)**.
-----
## **Action Plan: `bot.aethex.dev` Dashboard Callback**
This code goes into the Node.js Express server that runs your Web Dashboard. Its primary job is to receive the secure `code` from Discord and securely pass it, along with the user's **Passport JWT**, to the **NEXUS API**.
### **Replit Project: `bot.aethex.dev` (Web Dashboard Express Server)**
This is the Express route that must match the **Redirect URI** registered in your Discord Developer Portal (e.g., `/auth/discord/callback`).
```javascript
// GET /auth/discord/callback
// This route executes when Discord redirects the user back to your bot's web server.
router.get('/auth/discord/callback', async (req, res) => {
// 1. Capture the critical parameters from Discord's redirect URL
const authCode = req.query.code;
const state = req.query.state; // Used to prevent CSRF (must match the one the bot initiated)
// 2. Retrieve the user's Passport JWT (The SSO Credential)
// The passport token is retrieved from the domain-scoped cookie set by the NEXUS API.
const passportToken = req.cookies.aethex_passport;
if (!authCode || !passportToken) {
// Essential check: If either the Discord Code or the user's Passport is missing, fail fast.
return res.status(400).send('Authentication failed. Missing authorization code or AeThex Passport.');
}
try {
// 3. SECURELY FORWARD DATA to the NEXUS API (Server-to-Server)
// NOTE: The NEXUS API holds the sensitive Discord Client Secret and performs the final token exchange.
const nexusResponse = await fetch(`${process.env.NEXUS_API_URL}/api/passport/link/discord`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
// Send the user's Passport Token for authentication (Who is this AeThex user?)
'Authorization': `Bearer ${passportToken}`
},
body: JSON.stringify({
authCode: authCode, // The code from Discord
state: state, // The original state from the bot
// You can add the user's current session ID or other required data here if needed
})
});
// 4. Handle NEXUS API Response
if (!nexusResponse.ok) {
// The NEXUS API failed the handshake with Discord
const error = await nexusResponse.json();
console.error('NEXUS API Link Error:', error);
// Redirect to an error page instead of showing raw JSON
return res.redirect('/dashboard/link/error?msg=NEXUS_FAILURE');
}
// 5. Success: Redirect the user to a confirmation page on the dashboard
res.redirect('/dashboard/link/success');
} catch (error) {
console.error('Discord callback processing error:', error);
res.status(500).send('An unexpected error occurred during the Discord link process.');
}
});
```
### **What This Code Achieves (Compliance and Security)**
1. **Compliance:** It maintains the **Axiom Model's** legal firewall. The `bot.aethex.dev` web server acts only as a secure intermediary (a messenger), ensuring the high-security IP (the **Discord Client Secret** and the **Database Write** logic) remains isolated in the **NEXUS API** (Corp IP).
2. **Security:** By relying on the `passportToken` from the **`aethex_passport` cookie**, we ensure that only users who have successfully logged in to your SSO system can even attempt to link a Discord account, preventing unauthorized linking attempts.
3. **Efficiency:** This code is minimal and fast. It simply captures the required parameters and immediately hands the responsibility to the dedicated **NEXUS API**.
-----
**Next Action:** We now must build the final, most secure piece of logic—the **`POST /api/passport/link/discord`** endpoint on the **`aethex-nexus-security` API** (Project 1). This is where the **Corp IP** performs the final, secret-driven handshake with Discord and updates the shared database, completing the link.
Would you like to detail the code for the **NEXUS API's final Discord linking endpoint**?
Reference in a new issue View git blame Copy permalink