car-crushers-portal/functions/api/data-transfers/create.ts

import { jsonError } from "../../common.js";

export async function onRequestPost(context: RequestContext) {
  const { cookie, has_access } = context.data.body;

  if (
    typeof has_access !== "boolean" ||
    (!has_access && typeof cookie !== "string") ||
    (!has_access &&
      !cookie.match(
        /_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/,
      ))
  )
    return jsonError("Invalid request", 400);

  const id =
    (context.request.headers.get("cf-ray")?.split("-")[0] as string) +
    Date.now().toString() +
    crypto.randomUUID().replaceAll("-", "");

  if (has_access) {
    await context.env.DATA.put(`datatransfer_${id}`, "{}", {
      expirationTtl: 1800,
    });

    const host = context.request.headers.get("Host") as string;

    return new Response(
      `{"url":"https://apis.roblox.com/oauth/v1/authorize?client_id=${
        context.env.ROBLOX_OAUTH_CLIENT_ID
      }&redirect_uri=${encodeURIComponent(
        `http${host.startsWith(
          "localhost" ? "" : "s",
        )}://${host}/api/data-transfers/verify`,
      )}&state=${id}"}`,
      {
        headers: {
          "set-cookie": `__dtid=${id}; HttpOnly; Max-Age=3600; Path=/; SameSite=Lax; Secure`,
        },
      },
    );
  }

  const authedUserReq = await fetch(
    "https://users.roblox.com/v1/users/authenticated",
    {
      headers: {
        cookie: `.ROBLOSECURITY=${cookie}`,
      },
    },
  );

  if (!authedUserReq.ok) return jsonError("Cookie is invalid", 400);

  const authedUser: { id: number; name: string } = await authedUserReq.json();

  const createCardReq = await fetch(
    `https://api.trello.com/1/cards?key=${context.env.TRELLO_API_KEY}&token=${context.env.TRELLO_API_TOKEN}`,
    {
      body: JSON.stringify({
        desc: `Old account: ${authedUser.name} (${authedUser.id})`,
        idList: "5fbd440cd30b6377f959e244",
        name: `${authedUser.name} | Data Transfer`,
      }),
      headers: {
        accept: "application/json",
        "content-type": "application/json",
      },
      method: "POST",
    },
  );

  if (!createCardReq.ok) return jsonError("Failed to create entry", 500);

  await context.env.DATA.put(
    `datatransfer_${id}`,
    JSON.stringify({
      oldUser: authedUser,
    }),
    {
      expirationTtl: 900,
    },
  );

  return new Response(null, {
    headers: {
      location: `/data-transfer/${id}`,
    },
    status: 201,
  });
}