# README

Caddy - Discord

tl;dr: Authenticate caddy routes based on a Discord User Identity.
e.g. Accessing /really-cool-people requires user to have {Role} within {Guild}

This package contains a module allowing authorization in Caddy based on a Discord Identity, by using Discords OAuth2 flow (authorization code grant).

Licensed under GNU Affero General Public License v3.0
Logo by @AutonomousCat

Caddy Modules

caddydiscord
http.authentication.providers.discord
http.handler.discord

Docker (Container)

docker run -p 8080:8080 \
  --rm -v $PWD/Caddyfile:/etc/caddy/Caddyfile \
  enumgg/caddy-discord:v1.0.1

Discord Resources

realm allows you to name a label and group together specific targeted Discord Users by using the directives below.

Resource	Description	Example
User ID	Discord User IDs (optionally with guild presence)	realm godmode { user 314009111187026172 # Allow user regardless of which guild they are in guild 1063070451111289907 { user 314009111187026199 # Allow user if they're part of guild } }
Guild	Any user that exists within the guild	realm cool_guild_users { guild 1063070451111289907 { * # Allows all users } }
Role	Users that assigned a specific role within a guild	realm cool_role { guild 1063070451111289907 { role 106301111332755034 role 106301111332755034 } }

Resource

Description

Example

User ID

Discord User IDs (optionally with guild presence)

realm godmode {
  user 314009111187026172 # Allow user regardless of which guild they are in
  guild 1063070451111289907 {
    user 314009111187026199 # Allow user if they're part of guild
  }
}

Guild

Any user that exists within the guild

realm cool_guild_users {
  guild 1063070451111289907 {
    * # Allows all users 
  }
}

Role

Users that assigned a specific role within a guild

realm cool_role {
  guild 1063070451111289907 {
    role 106301111332755034
    role 106301111332755034
  }
}

Loosely inspired from caddy-security's Discord OAuth2 module, with a much stronger focus on coupling Discord and Caddy for authentication purposes.

Install

Download Latest Version

Download caddy + caddy-discord
- Using released binaries
- Build yourself using xcaddy
  - xcaddy build --with github.com/enum-gg/caddy-discord
Create Discord Application (Discord Developer Portal)
- New Application
- OAuth2
  - Obtain your Client ID & Client secret
  - Add Redirects Docs
Prepare your Caddyfile
- Gather your Discord App OAuth2 Client ID & Client Secret,
- Decide your route for caddy-discords to use as the OAuth2

Caddyfile Example

{
    discord {
        client_id 1000000000000000000 # Discord app OAuth client ID 
        client_secret 8CEPZZZZZAfl_w19ZZZZW_k # Discord app OAuth secret
        redirect http://localhost:8080/discord/callback # Route you've configured with `discordauth callback`

        realm clique {
            guild 106307051119907 {
                role 10630111112755034
            }
        }
        
        realm just_for_me {
            user 31400111187026172
        }
    }
}

http://localhost:8080 {
    route /discord/callback {
         # Desigate route as OAuth callback endpoint
         discord callback 
   }

    route /discordians-only {
         # Only allow discord users that auth against 'really_cool_area' realm 
         protect using clique 
        
         respond "Hello {http.auth.user.username}!<br /><br /><img src='https://cdn.discordapp.com/avatars/{http.auth.user.id}/{http.auth.user.avatar}?size=4096.png'> "
    }

    respond "Hello, world!"
}