Merge pull request #7 from hackclub/staging

ArcaEge · web-flow · commit 6f549ef5553d · 2025-11-30T03:19:11.000Z
Beta channel check
diff --git a/.env.example b/.env.example
@@ -14,6 +14,7 @@ APP_SECRET_KEY=changeme
 
 SLACK_BOT_TOKEN=changeme
 SLACK_TEAM=T0266FRGM
+# BETA_CHANNEL_ID=
 
 SUPER_ADMIN_SLACK_ID=changeme
 
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "construct",
 	"private": true,
-	"version": "0.0.1",
+	"version": "0.1.1",
 	"type": "module",
 	"scripts": {
 		"dev": "vite dev",
diff --git a/src/routes/+page.server.ts b/src/routes/+page.server.ts
@@ -3,6 +3,6 @@ import { env } from '$env/dynamic/private';
 export function load({ locals }) {
 	return {
 		loggedIn: locals.session !== null,
-		idvDomain: env.IDV_DOMAIN
+		idvDomain: env.IDV_DOMAIN,
 	};
 }
diff --git a/src/routes/Footer.svelte b/src/routes/Footer.svelte
@@ -2,7 +2,7 @@
 </script>
 
 <footer
-	class="flex w-full flex-col items-center justify-center px-10 pt-5 pb-3 md:mt-8 lg:mt-8 lg:flex-row"
+	class="flex w-full flex-col items-center justify-center px-10 pt-5 pb-3 md:mt-8 lg:mt-8"
 >
 	<div class="">
 		<p class="text-center">
diff --git a/src/routes/auth/callback/+server.ts b/src/routes/auth/callback/+server.ts
@@ -106,6 +106,32 @@ export async function GET(event) {
 	const profilePic = slackProfile['profile']['image_1024'];
 	const username = slackProfile['profile']['display_name'];
 
+	if (env.BETA_CHANNEL_ID && env.BETA_CHANNEL_ID.length > 0) {
+		const channelMembersURL = new URL('https://slack.com/api/conversations.members');
+		channelMembersURL.searchParams.set('channel', env.BETA_CHANNEL_ID);
+
+		const channelMembersBody = new URLSearchParams();
+		channelMembersBody.append('token', env.SLACK_BOT_TOKEN ?? '');
+
+		const channelMembersRes = await fetch(channelMembersURL, {
+			method: 'POST',
+			body: channelMembersBody
+		});
+
+		const channelMembersResJSON = await channelMembersRes.json();
+
+		if (!channelMembersResJSON.ok) {
+			const redirectURL = new URL(`${url.protocol}//${url.host}/auth/failed`);
+			return redirect(302, redirectURL);
+		}
+
+		if (!channelMembersResJSON['members'].includes(slack_id)) {
+			// redirect to funny url
+			const redirectURL = new URL(`https://www.youtube.com/watch?v=xvFZjo5PgG0`);
+			return redirect(302, redirectURL);
+		}
+	}
+
 	// Check Hackatime trust
 	const hackatimeTrust = (
 		await (
@@ -130,6 +156,11 @@ export async function GET(event) {
 	// Create user if doesn't exist
 	let [databaseUser] = await db.select().from(user).where(eq(user.idvId, id)).limit(1);
 
+	if (databaseUser.trust === 'red') {
+		// Prevent login
+		return redirect(302, 'https://fraud.land');
+	}
+
 	if (databaseUser) {
 		// Update user (update name and profile picture and lastLoginAt on login)
 		await db

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "construct",`
`3`	`3`	`"private": true,`
`4`		`- "version": "0.0.1",`
	`4`	`+ "version": "0.1.1",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"scripts": {`
`7`	`7`	`"dev": "vite dev",`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,6 @@ import { env } from '$env/dynamic/private';`
`3`	`3`	`export function load({ locals }) {`
`4`	`4`	`return {`
`5`	`5`	`loggedIn: locals.session !== null,`
`6`		`- idvDomain: env.IDV_DOMAIN`
	`6`	`+ idvDomain: env.IDV_DOMAIN,`
`7`	`7`	`};`
`8`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`</script>`
`3`	`3`
`4`	`4`	`<footer`
`5`		`- class="flex w-full flex-col items-center justify-center px-10 pt-5 pb-3 md:mt-8 lg:mt-8 lg:flex-row"`
	`5`	`+ class="flex w-full flex-col items-center justify-center px-10 pt-5 pb-3 md:mt-8 lg:mt-8"`
`6`	`6`	`>`
`7`	`7`	`<div class="">`
`8`	`8`	`<p class="text-center">`