From 3706603235f346658d76a3fb762d58435daef98a Mon Sep 17 00:00:00 2001 From: Arca Ege Cengiz Date: Thu, 22 Jan 2026 20:02:14 +0000 Subject: [PATCH 1/2] Add get country counts --- get-country-counts.ts | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 get-country-counts.ts diff --git a/get-country-counts.ts b/get-country-counts.ts new file mode 100644 index 0000000..7ff19d9 --- /dev/null +++ b/get-country-counts.ts @@ -0,0 +1,50 @@ +import Cryptr from 'cryptr'; + +const cryptr = new Cryptr('insert secret key here'); + +export function encrypt(plaintext: string) { + return cryptr.encrypt(plaintext); +} + +export function decrypt(ciphertext: string) { + return cryptr.decrypt(ciphertext); +} + +const tokens = ['']; + +export async function getUserData(token: string) { + const userDataURL = new URL(`https://auth.hackclub.com/api/v1/me`); + const userDataRes = await fetch(userDataURL, { + method: 'GET', + headers: { + Authorization: `Bearer ${token}` + } + }); + + if (!userDataRes.ok) { + throw new Error('Failed to fetch user data'); + } + + const userDataJSON = await userDataRes.json(); + + return userDataJSON.identity!; +} + +const countries: Record = {}; + +for (let i = 0; i < tokens.length; i++) { + try { + const token = decrypt(tokens[i]); + const userData = await getUserData(token); + const { addresses } = userData; + const address = addresses?.find((address: { primary: boolean }) => address.primary); + console.log('Address', i + '/' + tokens.length + ':', address.country); + + countries[address.country as string] = (countries[address.country as string] ?? 0) + 1; + } catch { + console.warn('Failed: user ' + i); + } +} + +console.log('\n'); +console.log(countries); From 9900a0a7b99eadebf17f11f5c070ccd5347c77e8 Mon Sep 17 00:00:00 2001 From: Arca Ege Cengiz Date: Thu, 22 Jan 2026 23:40:05 +0000 Subject: [PATCH 2/2] IDV bypass mechanism --- .env.example | 1 + src/routes/auth/callback/+server.ts | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 4688dcb..6517370 100644 --- a/.env.example +++ b/.env.example @@ -22,6 +22,7 @@ SLACK_TEAM=T0266FRGM # BETA_CHANNEL_ID= SUPER_ADMIN_SLACK_ID=changeme +LOGIN_IDV_BYPASS_SLACK_IDS="SLACK_ID_1,SLACK_ID_2" IDV_DOMAIN=auth.hackclub.com IDV_CLIENT_ID=changeme diff --git a/src/routes/auth/callback/+server.ts b/src/routes/auth/callback/+server.ts index 46375d0..799322e 100644 --- a/src/routes/auth/callback/+server.ts +++ b/src/routes/auth/callback/+server.ts @@ -55,7 +55,11 @@ export async function GET(event) { const { id, slack_id, first_name, last_name, primary_email, ysws_eligible } = userData; - if (!ysws_eligible) { + if ( + !ysws_eligible && + (!env.LOGIN_IDV_BYPASS_SLACK_IDS || + !env.LOGIN_IDV_BYPASS_SLACK_IDS.split(',').includes(slack_id)) + ) { return redirect(302, '/auth/ineligible'); }