TrojanHorseVerification - Verify USC Students on Discord!

Step 1: Enter your school email with the /verify command.
Admins have access to a history log of all account validations!
Step 3: Enter the validation code using the /validate command.
Step 2: Go to your email and find the validation code.

Inspiration

The Trojan CS Society (https://discord.gg/tcss), as well as other major USC Discord servers, have been facing major safety issues in their attempts to provide an open and inclusive community for students. Random strangers, often completely unaffiliated with USC, have begun entering these communities in order to harass students, ask for personal information, or otherwise cause disruptions. For these reasons, students are becoming more hesitant to divulge personal information, connect with students they do not know, or even share their social media on these platforms. Creating private channels for frequent users has served as a temporary solution, but often leads to the exclusion of new students who actually intend to use these platforms to become more involved on campus.

Trojans should not need to compromise safety for inclusivity, especially when we have hackers who can solve this problem!

What it does

TrojanHorseVerification is a Discord bot that uses USC emails to verify students on USC Discord servers, ensuring that these online student communities can be safe while being inclusive to all Trojans!

USC Students can easily verify themselves in three easy steps: 1. Enter their USC email into the /verify command. 2. Check their email for the validation code. 3. Use the /validate command to enter their validation code. The bot will then grant them "Verified USC Student" roles, which will give them access to the parts of the server that are hidden from non-students.

Unlike other verification systems that just guard against spam, this bot includes several features that ensure that those active on USC Discord servers are in fact students: - The /verify command only works with USC emails. - Validation codes cannot be stolen, as they can only be used by the original account. - Student emails can only verify one account: if the same email is used, it will unverify the previous account it was associated with. - Administrators have access to a private history log which shows the USC NetID of every student who validated their account.

How we built it and what we learned

I had never built a Discord bot prior to this hackathon, so I had to teach myself how to host a Discord bot, how Discord bots interact with users, how to efficiently store user information when necessary, and how to configure them so that it is easy to install on any Discord server.

After some research, I decided to use Autocode in order to both host the bot for free and develop the system efficiently by utilizing its development tools for Node.js. I used several NPM modules for email validation, sending emails to users, and the encryption of verification codes (the bot does not store verification codes, so the encryption piece is critical for how they would still work). I had never used Node.js for any of these tasks before, so it took a lot of research and experimentation to get these components to work as well.

I learned everything I needed to build this Discord bot by watching YouTube tutorials, reading documentation, and lots of trial and error. It was an incredibly rewarding process which culminated in a project that will see major use in USC Discord servers beyond this hackathon.

Challenges and Accomplishments

There were many exciting challenges involved in the development of this project, but the most interesting one in my opinion involved devising an implementation that would work with limited access to memory. I did not want to use a database for this project as it had the potential to increase cost, development time, and make the adoption and maintenance of the bot more difficult.

Therefore, I needed to devise an implementation where verification codes could be generated while not relying on the system to store and remember them. I accomplished this by using an NPM module to encrypt JavaScript objects which contained the discord account ID, the server ID, and the student’s USC NetID. The cipher-text would be used as the verification code, and when entered through the /validate command would be decrypted and compared to the credentials of the user running the command. Therefore, these verification codes would work for the intended user while remaining theft proof, all without needing to remember each user’s verification code.

I also devised a system which used Autocode’s limited local storage to store key/value pairs of USC NetIDs and Discord account IDs. Even though Autocode can only store 1024 key-value pairs with value entries limited to 18kb, the bot is still capable of remembering tens of thousands of user IDs and student NetIDs.

The result is that the bot is incredibly easy to maintain and transfer ownership of, with very little sacrifice to its practical functionality.

What's next for TrojanHorseVerification

This project is not a proof of concept: it is a fully functional Discord Bot that will soon be used by USC’s largest Discord server, the Trojan CS Society, to provide both a safe and inclusive environment for all USC Trojans!

Built With

autocode
cryptr
discord
node.js
nodemailer

Updates

Alexander Feinstein started this project — Feb 20, 2022 04:00 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.