Caddy - Discord

tl;dr: Authenticate caddy routes based on a Discord User Identity.
e.g. Accessing /really-cool-people requires user to have {Role} within {Guild}

This package contains a module allowing authorization in Caddy based on a Discord Identity, by using Discords OAuth2 flow (authorization code grant).

---

Licensed under GNU Affero General Public License v3.0
Logo by @AutonomousCat

---

Caddy Modules

caddydiscord
http.authentication.providers.discord
http.handler.discord

Docker (Container)

docker run -p 8080:8080 \
  --rm -v $PWD/Caddyfile:/etc/caddy/Caddyfile \
  enumgg/caddy-discord:v1.0.1

Discord Resources

realm allows you to name a label and group together specific targeted Discord Users by using the directives below.

Resource	Description	Example
User ID	Discord User IDs (optionally with guild presence)	realm godmode { user 314009111187026172 # Allow user regardless of which guild they are in guild 1063070451111289907 { user 314009111187026199 # Allow user if they're part of guild } }
Guild	Any user that exists within the guild	realm cool_guild_users { guild 1063070451111289907 { * # Allows all users } }
Role	Users that assigned a specific role within a guild	realm cool_role { guild 1063070451111289907 { role 106301111332755034 role 106301111332755034 } }

Loosely inspired from caddy-security's Discord OAuth2 module, with a much stronger focus on coupling Discord and Caddy for authentication purposes.

Install

Download Latest Version

1. Download caddy + caddy-discord
   • Using released binaries
   • Build yourself using xcaddy
     • xcaddy build --with github.com/enum-gg/caddy-discord
2. Create Discord Application (Discord Developer Portal)
   • New Application
   • OAuth2
     • Obtain your Client ID & Client secret
     • Add Redirects Docs
3. Prepare your Caddyfile
   • Gather your Discord App OAuth2 Client ID & Client Secret,
   • Decide your route for caddy-discords to use as the OAuth2

Caddyfile Example

{
    discord {
        client_id 1000000000000000000 # Discord app OAuth client ID 
        client_secret 8CEPZZZZZAfl_w19ZZZZW_k # Discord app OAuth secret
        redirect http://localhost:8080/discord/callback # Route you've configured with `discordauth callback`

        realm clique {
            guild 106307051119907 {
                role 10630111112755034
            }
        }
        
        realm just_for_me {
            user 31400111187026172
        }
    }
}

http://localhost:8080 {
    route /discord/callback {
         # Desigate route as OAuth callback endpoint
         discord callback 
   }

    route /discordians-only {
         # Only allow discord users that auth against 'really_cool_area' realm 
         protect using clique 
        
         respond "Hello {http.auth.user.username}!<br /><br /><img src='https://cdn.discordapp.com/avatars/{http.auth.user.id}/{http.auth.user.avatar}?size=4096.png'> "
    }

    respond "Hello, world!"
}

Building

xcaddy build --with github.com/enum-gg/caddy-discord=./