From 696bb1fc055b83e19a0f423d2e790eebb16055e4 Mon Sep 17 00:00:00 2001 From: Baumple Date: Fri, 7 Jun 2024 23:27:29 +0200 Subject: [PATCH 1/4] feat: enforcing rudimentary nonces --- src/glyph/clients/bot.gleam | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/glyph/clients/bot.gleam b/src/glyph/clients/bot.gleam index 65221ef..8895874 100644 --- a/src/glyph/clients/bot.gleam +++ b/src/glyph/clients/bot.gleam @@ -4,14 +4,16 @@ import gleam/erlang/process import gleam/int import gleam/json import gleam/list -import gleam/result import gleam/otp/supervisor -import glyph/models/discord.{type BotClient, type GatewayIntent} +import gleam/result +import gleam/option.{Some} import glyph/internal/cache -import glyph/internal/encoders import glyph/internal/decoders +import glyph/internal/encoders import glyph/internal/network/gateway import glyph/internal/network/rest +import glyph/models/discord.{type BotClient, type GatewayIntent} +import prng/random.{type Generator} /// Generic bot error pub type BotError { @@ -112,11 +114,22 @@ fn get_gateway_info(bot: BotClient) -> Result(discord.GetGatewayBot, BotError) { Ok(gateway_info) } +fn generate_nonce() -> String { + let gen: Generator(String) = random.fixed_size_string(25) + random.random_sample(gen) +} + /// Send a message to a channel. /// /// For constructing a message, see [the message builder](https://hexdocs.pm/glyph/glyph/builders/message.html). /// For constructing an embed, see [the embed builder](https://hexdocs.pm/glyph/glyph/builders/embed.html). pub fn send(bot: BotClient, channel_id: String, message: discord.MessagePayload) { + let message = + discord.MessagePayload( + ..message, + nonce: Some(generate_nonce()), + enforce_nonce: Some(True), + ) let message_json = encoders.message_to_json(message) let endpoint = "/channels/" <> channel_id <> "/messages" From ddda9450a13460ebe8c6b137acd527ae5d060b15 Mon Sep 17 00:00:00 2001 From: Baumple Date: Sat, 8 Jun 2024 01:44:31 +0200 Subject: [PATCH 2/4] Enforcing rudimentary nonces --- src/glyph/clients/bot.gleam | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/glyph/clients/bot.gleam b/src/glyph/clients/bot.gleam index 8895874..877b03b 100644 --- a/src/glyph/clients/bot.gleam +++ b/src/glyph/clients/bot.gleam @@ -14,6 +14,7 @@ import glyph/internal/network/gateway import glyph/internal/network/rest import glyph/models/discord.{type BotClient, type GatewayIntent} import prng/random.{type Generator} +import prng/seed /// Generic bot error pub type BotError { @@ -115,8 +116,9 @@ fn get_gateway_info(bot: BotClient) -> Result(discord.GetGatewayBot, BotError) { } fn generate_nonce() -> String { - let gen: Generator(String) = random.fixed_size_string(25) - random.random_sample(gen) + random.int(random.min_int, random.max_int) + |> random.random_sample + |> int.to_string } /// Send a message to a channel. From 35378935b25eeeb220013d882c8a850effe5fa93 Mon Sep 17 00:00:00 2001 From: Baumple Date: Sat, 8 Jun 2024 01:46:24 +0200 Subject: [PATCH 3/4] removed unecessary imports --- src/glyph/clients/bot.gleam | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/glyph/clients/bot.gleam b/src/glyph/clients/bot.gleam index 877b03b..9aee8c7 100644 --- a/src/glyph/clients/bot.gleam +++ b/src/glyph/clients/bot.gleam @@ -13,8 +13,6 @@ import glyph/internal/encoders import glyph/internal/network/gateway import glyph/internal/network/rest import glyph/models/discord.{type BotClient, type GatewayIntent} -import prng/random.{type Generator} -import prng/seed /// Generic bot error pub type BotError { From 30b9e328ac73723ef69f6544b1dbca7e63c10656 Mon Sep 17 00:00:00 2001 From: Baumple Date: Sat, 8 Jun 2024 19:25:40 +0200 Subject: [PATCH 4/4] fix: capped maximum length of nonce to 25 --- src/glyph/clients/bot.gleam | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/glyph/clients/bot.gleam b/src/glyph/clients/bot.gleam index 9aee8c7..81f789c 100644 --- a/src/glyph/clients/bot.gleam +++ b/src/glyph/clients/bot.gleam @@ -2,6 +2,7 @@ import gleam/erlang/process import gleam/int +import gleam/string import gleam/json import gleam/list import gleam/otp/supervisor @@ -13,6 +14,7 @@ import glyph/internal/encoders import glyph/internal/network/gateway import glyph/internal/network/rest import glyph/models/discord.{type BotClient, type GatewayIntent} +import prng/random /// Generic bot error pub type BotError { @@ -117,6 +119,7 @@ fn generate_nonce() -> String { random.int(random.min_int, random.max_int) |> random.random_sample |> int.to_string + |> string.slice(at_index: 0, length: 25) } /// Send a message to a channel.