feat(discord-control): add private-channel and member-list admin API

discord-control-api/server.mjs

@@ -0,0 +1,179 @@
+import http from "node:http";
+
+const port = Number(process.env.PORT || 8790);
+const authToken = process.env.AUTH_TOKEN || "";
+const discordToken = process.env.DISCORD_BOT_TOKEN || "";
+const discordBase = "https://discord.com/api/v10";
+
+const BIT_VIEW_CHANNEL = 1024n;
+const BIT_SEND_MESSAGES = 2048n;
+const BIT_READ_MESSAGE_HISTORY = 65536n;
+
+function sendJson(res, status, payload) {
+  res.writeHead(status, { "Content-Type": "application/json; charset=utf-8" });
+  res.end(JSON.stringify(payload));
+}
+
+function isAuthorized(req) {
+  if (!authToken) return true;
+  const header = req.headers.authorization || "";
+  return header === `Bearer ${authToken}`;
+}
+
+function ensureDiscordToken() {
+  if (!discordToken) {
+    const e = new Error("missing DISCORD_BOT_TOKEN");
+    e.status = 500;
+    throw e;
+  }
+}
+
+async function discordRequest(path, init = {}) {
+  ensureDiscordToken();
+  const headers = {
+    Authorization: `Bot ${discordToken}`,
+    "Content-Type": "application/json",
+    ...(init.headers || {}),
+  };
+
+  const r = await fetch(`${discordBase}${path}`, { ...init, headers });
+  const text = await r.text();
+  let data = text;
+  try {
+    data = text ? JSON.parse(text) : {};
+  } catch {}
+
+  if (!r.ok) {
+    const e = new Error(`discord_api_error ${r.status}`);
+    e.status = r.status;
+    e.details = data;
+    throw e;
+  }
+  return data;
+}
+
+function toStringMask(v, fallback) {
+  if (v === undefined || v === null || v === "") return String(fallback);
+  if (typeof v === "string") return v;
+  if (typeof v === "number") return String(Math.floor(v));
+  if (typeof v === "bigint") return String(v);
+  throw new Error("invalid mask");
+}
+
+function buildPrivateOverwrites({ guildId, allowedUserIds = [], allowedRoleIds = [], allowMask, denyEveryoneMask }) {
+  const allowDefault = BIT_VIEW_CHANNEL | BIT_SEND_MESSAGES | BIT_READ_MESSAGE_HISTORY;
+  const denyDefault = BIT_VIEW_CHANNEL;
+
+  const everyoneDeny = toStringMask(denyEveryoneMask, denyDefault);
+  const targetAllow = toStringMask(allowMask, allowDefault);
+
+  const overwrites = [
+    {
+      id: guildId,
+      type: 0,
+      allow: "0",
+      deny: everyoneDeny,
+    },
+  ];
+
+  for (const roleId of allowedRoleIds) {
+    overwrites.push({ id: roleId, type: 0, allow: targetAllow, deny: "0" });
+  }
+  for (const userId of allowedUserIds) {
+    overwrites.push({ id: userId, type: 1, allow: targetAllow, deny: "0" });
+  }
+
+  return overwrites;
+}
+
+async function actionChannelPrivateCreate(body) {
+  const guildId = String(body.guildId || "").trim();
+  const name = String(body.name || "").trim();
+  if (!guildId) throw Object.assign(new Error("guildId is required"), { status: 400 });
+  if (!name) throw Object.assign(new Error("name is required"), { status: 400 });
+
+  const payload = {
+    name,
+    type: Number.isInteger(body.type) ? body.type : 0,
+    parent_id: body.parentId || undefined,
+    topic: body.topic || undefined,
+    position: Number.isInteger(body.position) ? body.position : undefined,
+    nsfw: typeof body.nsfw === "boolean" ? body.nsfw : undefined,
+    permission_overwrites: buildPrivateOverwrites({
+      guildId,
+      allowedUserIds: Array.isArray(body.allowedUserIds) ? body.allowedUserIds.map(String) : [],
+      allowedRoleIds: Array.isArray(body.allowedRoleIds) ? body.allowedRoleIds.map(String) : [],
+      allowMask: body.allowMask,
+      denyEveryoneMask: body.denyEveryoneMask,
+    }),
+  };
+
+  const channel = await discordRequest(`/guilds/${guildId}/channels`, {
+    method: "POST",
+    body: JSON.stringify(payload),
+  });
+
+  return { ok: true, action: "channel-private-create", channel };
+}
+
+async function actionMemberList(body) {
+  const guildId = String(body.guildId || "").trim();
+  if (!guildId) throw Object.assign(new Error("guildId is required"), { status: 400 });
+
+  const limitRaw = Number(body.limit ?? 100);
+  const limit = Number.isFinite(limitRaw) ? Math.max(1, Math.min(1000, Math.floor(limitRaw))) : 100;
+  const after = body.after ? String(body.after) : undefined;
+
+  const qs = new URLSearchParams();
+  qs.set("limit", String(limit));
+  if (after) qs.set("after", after);
+
+  const members = await discordRequest(`/guilds/${guildId}/members?${qs.toString()}`);
+  return { ok: true, action: "member-list", guildId, count: Array.isArray(members) ? members.length : 0, members };
+}
+
+async function handleAction(body) {
+  const action = String(body.action || "").trim();
+  if (!action) throw Object.assign(new Error("action is required"), { status: 400 });
+
+  if (action === "channel-private-create") return await actionChannelPrivateCreate(body);
+  if (action === "member-list") return await actionMemberList(body);
+
+  throw Object.assign(new Error(`unsupported action: ${action}`), { status: 400 });
+}
+
+const server = http.createServer((req, res) => {
+  if (req.method === "GET" && req.url === "/health") {
+    return sendJson(res, 200, { ok: true, service: "discord-control-api" });
+  }
+
+  if (req.method !== "POST" || req.url !== "/v1/discord/action") {
+    return sendJson(res, 404, { error: "not_found" });
+  }
+
+  if (!isAuthorized(req)) return sendJson(res, 401, { error: "unauthorized" });
+
+  let body = "";
+  req.on("data", (chunk) => {
+    body += chunk;
+    if (body.length > 2_000_000) req.destroy();
+  });
+
+  req.on("end", async () => {
+    try {
+      const parsed = body ? JSON.parse(body) : {};
+      const result = await handleAction(parsed);
+      return sendJson(res, 200, result);
+    } catch (err) {
+      return sendJson(res, err?.status || 500, {
+        error: "request_failed",
+        message: String(err?.message || err),
+        details: err?.details,
+      });
+    }
+  });
+});
+
+server.listen(port, () => {
+  console.log(`[discord-control-api] listening on :${port}`);
+});