Preface
I wanted to build a Discord bot with TypeScript that had:
A database
A dashboard/website/domain
An API for interactions & authentication with Discord
I previously created this same “hbd” bot that ran on nodejs runtime, built with the discord.js library.
ARCHIVED!!!
This is the old version of the hbd bot running on Node.js runtime. To view the new and improved (yet work in progress) version of this bot that is on edge runtime, click here.
a discord bot for user’s birthdays, horoscopes, and wishing user’s a happy birthday.
🔗 INVITE
📖 WIKI
Getting Started — Information about configuring the bot for your guild
how it works
data is stored in mongoose models
guild settings (channels, roles)
user’s birthdays
birthday wishes
when the bot logs in, the time event is emitted:
which checks the time, if it is midnight, the interval is emitted
this returns an interval that runs every 24 hrs and checks for birthdays
if there’s a…
While, the discord.js library offers a lot of essential utilities for interacting with discord, it doesn’t quite fit for a bot that’s going to be running through Nextjs/Vercel.
I wanted the bot to respond to interactions through edge runtime rather than running in an environment 24/7 waiting for interactions.
Now, bare with me… I am merely learning everything as I go along. 🤖
Getting started
Interactions endpoint
OAuth2
Vercel postgres
Prisma
OAuth2 (continued)
Access token
Refresh token
Encryption
Cookies / JWT
What’s next?
Final product
Getting started
Copy all the Discord bot values (token, application ID, oauth token, public key, etc.) place them your environment variables locally and on Vercel.
Clone the template repository
Either the initial one: jzxhuang/nextjs-discord-bot
Or the one I built that already has oauth2 (but I will discuss both): clxrityy/nextjs-discord-bot-with-oauth
Alright, as much as I’d like to take credit for the whole “discord bot with nextjs” implementation, my starting point was finding this extremely useful repository that had already put an interactions endpoint & command registration script into place.
Interactions endpoint
Set your discord bot’s interactions endpoint url to https://<VERCEL_URL>/api/interactions.
/api/interactions
Set the the runtime to edge:
The interaction is verified to be received & responded to within the route using some logic implemented by the template creator that I haven’t bothered to understand.
The interaction data is parsed into a custom type so that it can be interacted with regardless of it’s sub-command(s)/option(s) structure:
id: string;
name: string;
options?: InteractionSubcommand<InteractionOption>[] | InteractionOption[] | InteractionSubcommandGroup<InteractionSubcommand<InteractionOption>>[];
}
The last bit of the interactions endpoint structure (that I’m not entirely proud of) is that I’m using switch cases between every command name within the route to execute an external function/handler that generates the response for that specific command. But, this could be more efficient/easier-to-read in the future
const { name } = interaction.data;
// …
switch (name) {
case commands.ping.name:
embed = {
title: “Pong!“,
color: Colors.BLURPLE
}
return NextResponse.json({
type: InteractionResponseType.ChannelMessageWithSource,
data: {
embeds: [JSON.parse(JSON.stringify(embed))]
}
});
// …
}
OAuth2
Authentication endpoint
That template had everything necessary to lift this project off the ground, use interactions, and display UI elements based on the bot’s data.
However, I wanted to create another template I could use that implemented authentication with Discord so that there can be an interactive dashboard.
I will go over the whole process, but you can see in-depth everything I changed about the initial template in this pull request:
With oauth2
#4
With oauth2
#4
nextjs-discord-bot (with oauth2)
Production URL: https://nextjs-discord-bot-with-oauth.vercel.app/
Overview
Accessing the designated root url (/) will require authentication with Discord. Upon authorizing, the user will be
redirected back to the root url (with additional user details displayed)
Replication
OAuth2 URLs
Generate your own OAuth2 redirect URI with every additional scope needed
(discord.com/applications/CLIENT_ID/oauth2)
The path should be /api/auth/discord/redirect
Add these urls (development and production) to config.ts:
REDIRECT_URI:
process.env.NODE_ENV === “development”
? “http://localhost:3000/api/auth/discord/redirect”
: “https://yourdomain.com/api/auth/discord/redirect”, // REPLACE WITH YOUR DOMAIN
OAUTH2_INVITE_URL: process.env.NODE_ENV === “development” ? “” : “”, // (copy the generated url)
ROOT_URL: process.env.NODE_ENV === “development” ? “http://localhost:3000” : “”, // REPLACE WITH YOUR DOMAIN
}
Discord endpoints
After making a POST request to Discord’s oauth token endpoint
(discord.com/api/v10/oauth2/token)
The access_token from the data given is used to receive the Discord user’s details by making a GET request to
the discord.com/api/v10users/@me endpoint:
return await axios.get<OAuth2UserResponse>(CONFIG.OAUTH2_USER, {
headers: {
Authorization: `Bearer ${accessToken}`,
},
})
}
Vercel Postgres / Prisma
I’ve implemented a prisma table which will store the encrypted access & refresh token from the user data. This can be used later, but for now has minimal impact on the application.
Getting Started with Vercel Postgres
Prisma is used to store the User model:
id String @id @default(uuid())
userId String @unique
accessToken String @unique
refreshToken String @unique
}
Quickstart
Create a postgres database on your vercel dashboard
This will automatically generate the necessary environment variables for the database.
Retreive the environment variables locally:
Generate the prisma client:
Create the table(s) in your database based on your prisma schema:
The build script within package.json has been altered to support the prisma database in production:
Encryption
crypto-js is used to encrypt the access_token & refresh_token before storing into the User model.
export const encryptToken = (token: string) => CryptoJS.AES.encrypt(token, process.env.ENCRYPTION_KEY);
Add a custom ENCRYPTION_KEY environment variable (make sure to also add this to your vercel project environment variables)
Cookies & JWT
jsonwebtoken & cookie are used for signing & serializing the cookie for the user session.
Add a custom JWT_SECRET environment variable (make sure to also add this to your vercel project environment variables)
import { serialize } from “cookie”;
import { sign } from “jsonwebtoken”;
import { cookies } from “next/headers”;
const token = sign(user.data, process.env.JWT_SECRET, {
expiresIn: “24h”
});
cookies().set(CONFIG.cookieName, serialize(CONFIG.cookieName, token, {
httpOnly: true,
secure: process.env.NODE_ENV === “production”,
sameSite: “lax”,
path: “/”
}))
Updates
The .env.local.example has been updated to include:
DISCORD_CLIENT_SECRET=
# Encryption: a custom secret key for encrypting sensitive data
# This is used to encrypt the user’s Discord token in the database
# If you don’t set this, the app will use a default key
ENCRYPTION_KEY=
# JWT for cookies
# This is used to sign the JWT token for the user’s session
# If you don’t set this, the app will use a default key
JWT_SECRET=
# Prisma / Postgres
# These are used to connect to the database
# See here: https://vercel.com/docs/storage/vercel-postgres/quickstart
POSTGRES_DATABASE=
POSTGRES_HOST=
POSTGRES_PASSWORD=
POSTGRES_PRISMA_URL=
POSTGRES_URL=
POSTGRES_URL_NON_POOLING=
POSTGRES_URL_NO_SSL=
An additional config.ts has been made to include necesssary authentication URLs
/api/auth/discord/redirect
Add your redirect URI to your Discord application: (should be found at https://discord.com/developers/applications/{APP_ID}/oauth2)
Development – http://localhost:3000/api/auth/discord/redirect
Production – https://VERCEL_URL/api/auth/discord/redirect
I know off the bat I’m gonna need to start implementing the database aspect of this application now; as I need a way to store user data (such as refresh tokens, user id, etc.)
… Let’s take a brief intermission and talk about Prisma & Vercel Postgres
Vercel has this amazing feature, you can create a postgresql database directly through Vercel and connect it to any project(s) you want.
I’m not sponsored but I should be
Vercel Postgres
pnpm add @vercel/postgres
Install Vercel CLI
pnpm i -g vercel@latest
Get those environment variables loaded locally
vercel env pull .env.development.local
Prisma
Install prisma
pnpm add -D prisma
pnpm add @prisma/client
Since I’m going to be using prisma on the edge as well, I’m going to install Prisma Accelerate
pnpm add @prisma/extension-accelerate
Initialize the prisma client
npx prisma init
You should now have prisma/schema.prisma in your root directory:
provider = “prisma-client-js”
}
datasource db {
provider = “postgresql”
url = env(“POSTGRES_URL”)
directUrl = env(“POSTGRES_URL_NON_POOLING”)
}
Make sure url & directUrl are set to your environment variable values
Get your accelerate URL: console.prisma.io
src/lib/db.ts
import { withAccelerate } from ‘@prisma/extension-accelerate‘;
function makePrisma() {
return new PrismaClient({
datasources: {
db: {
url: process.env.ACCELERATE_URL!,
}
}
}).$extends(withAccelerate());
}
const globalForPrisma = global as unknown as {
prisma: ReturnType<typeof makePrisma>;
}
export const db = globalForPrisma.prisma ?? makePrisma();
if (process.env.NODE_ENV !== “production“) {
globalForPrisma.prisma = makePrisma();
}
Don’t ask me why it’s set up this way, or why this is the best way… just trust~
Lastly, update your package.json to generate the prisma client upon build.
Adding –no-engine is recommended when using prisma accelerate.
“build”: “npx prisma generate –no-engine && next build”,
},
Back to OAuth2
Create your route (mine is api/auth/discord/redirect/route.ts)
This route is automatically going to give a code url parameter upon successful authentication with Discord (make sure the route is set as the REDIRECT_URI in your bot settings).
const urlParams = new URL(req.url).searchParams;
const code = urlParams.get(“code“);
}
You need this code to generate an access token and a refresh token.
Access token
Consider the access token as an item (such as a token) that authorizes the client (authorized website user) to interact with the API server (being Discord in this instance) on behalf of that same user.
Refresh token
Access tokens can only be available for so long (for security purposes), and the refresh token allows users to literally refresh their access token without doing the entire log in process again.
Set up a query string that says “hey, here’s the code, can I have the access and refresh tokens”
const OAUTH_QS = new URLSearchParams({
client_id: process.env.CLIENT_ID!,
redirect_uri: CONFIG.URLS.REDIRECT_URI,
response_type: “code“,
scope
}).toString();
const OAUTH_URL = `https://discord.com/api/oauth2/authorize?${OAUTH_QS}`;
Build the OAuth2 request payload (the body of the upcoming request)
client_id: string;
client_secret: string;
grant_type: string;
code: string;
redirect_uri: string;
scope: string;
}
const body = buildOAuth2RequestPayload({
client_id: process.env.CLIENT_ID!,
client_secret: process.env.CLIENT_SECRET!,
grant_type: “authorization_code“,
code,
redirect_uri: CONFIG.URLS.REDIRECT_URI,
scope
}).toString();
Now we should be able to access the access_token and refresh_token by deconstructing the data from the POST request to the OAUTH_URL.
headers: {
“Content-Type“: “application/x-www-form-urlencoded“,
}
});
const { access_token, refresh_token } = data;
I’m gonna wanna store these as encrypted values, along with some other user data, in a User model, and set up functions to update those values.
id String @id @default(uuid())
userId String @unique
accessToken String @unique
refreshToken String @unique
}
Get the user details using the access token
return await axios.get<OAuth2UserResponse>(`https://discord.com/api/v10/users/@me`, {
headers: {
Authorization: `Bearer ${accessToken}`
}
})
};
Encryption
In order to store the access_token & refresh_token, it’s good practice to encrypt those values.
I’m using crypto-js.
Add an ENCRYPTION_KEY environment variable locally and on Vercel.
export const encryptToken = (token: string) => CryptoJS.AES.encrypt(token, process.env.ENCRYPTION_KEY!);
export const decryptToken = (encrypted: string) => CryptoJS.AES.decrypt(encrypted, process.env.ENCRYPTION_KEY!).toString(CryptoJS.enc.Utf8);
Now you can store those values in the User model
await db.user.create({
data: {
userId,
accessToken, // encrypted
refreshToken, // encrypted
}
});
Cookies / JWT
Add a JWT_SECRET environment variable locally & on Vercel.
Cookies are bits of data the website sends to the client to recount information about the user’s visit.
I’m going to be using jsonwebtoken, cookie, & the cookies() (from next/headers) to manage cookies.
Within this route (if the code exists, there’s no error, and user data exists) I’m going to set a cookie, as users should only be directed to this route upon authentication.
Sign the token
const token = sign(user.data, process.env.JWT_SECRET!, { expiresIn: “72h“ });
Set the cookie
You can name this cookie whatever you want.
import { serialize } from “cookie“;
cookies().set(“cookie_name“, serialize(“cookie_name“, token, {
httpOnly: true,
secure: process.env.NODE_ENV === “production“, // secure when in production
sameSite: “lax“,
path: “/“
}));
Then you can redirect the user to the application!
//…
return NextResponse.redirect(BASE_URL);
Check for a cookie to ensure a user is authenticated:
import { verify } from “jsonwebtoken“;
import { cookies } from “next/headers“;
export function parseUser(): OAuth2UserResponse | null {
const cookie = cookies().get(CONFIG.VALUES.COOKIE_NAME);
if (!cookie?.value) {
return null;
}
const token = parse(cookie.value)[CONFIG.VALUES.COOKIE_NAME];
if (!token) {
return null;
}
try {
const { iat, exp, …user } = verify(token, process.env.JWT_SECRET) as OAuth2UserResponse & { iat: number, exp: number };
return user;
} catch (e) {
console.log(`Error parsing user: ${e}`);
return null;
}
}
What’s next?
With this, you have a fully authenticated Discord application with Nextjs!
Utilizing discord & user data, you can add on by…
Add pages for guilds / user profiles
Give guild admins the ability to alter specific guild configurations for the bot through the dashboard
Display data about commands
Add premium features
Integrate stripe for paid features only available to premium users
Leaderboards / statistics
Guild with the most members, user who’s used the most commands, etc…
The possibilities are endless, and your starting point to making something amazing is right here.
Final product
You can clone the template repository here.
My bot (hbd) is hosted here: hbd.mjanglin.com
🔗 Invite
Support server
GitHub repo
Source structure overview
Thanks for reading! Give this post a ❤️ if you found it helpful!
I’m open to comments/suggestions/ideas!
clxrityy
posted on Jun 10, 2024