Skip to content

Commit

Permalink
tests passing | auth adjustments
Browse files Browse the repository at this point in the history
  • Loading branch information
garrettladley committed Feb 4, 2024
1 parent accd5c2 commit 044ea2a
Show file tree
Hide file tree
Showing 22 changed files with 256 additions and 173 deletions.
11 changes: 2 additions & 9 deletions backend/src/controllers/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/GenerateNU/sac/backend/src/errors"
"github.com/GenerateNU/sac/backend/src/models"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/GenerateNU/sac/backend/src/types"
"github.com/GenerateNU/sac/backend/src/utilities"
"github.com/gofiber/fiber/v2"
)
Expand All @@ -33,15 +34,7 @@ func NewAuthController(authService services.AuthServiceInterface, authSettings c
// @Failure 401 {string} string "failed to get current user"
// @Router /api/v1/auth/me [get]
func (a *AuthController) Me(c *fiber.Ctx) error {
// Extract token values from cookies
accessTokenValue := c.Cookies("access_token")

claims, err := auth.ExtractAccessClaims(accessTokenValue, a.AuthSettings.AccessToken)
if err != nil {
return err.FiberError(c)
}

user, err := a.authService.Me(claims.Issuer)
user, err := a.authService.Me(types.From(c).Issuer)
if err != nil {
return err.FiberError(c)
}
Expand Down
6 changes: 3 additions & 3 deletions backend/src/controllers/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ func (u *UserController) GetUsers(c *fiber.Ctx) error {
// @Failure 500 {string} string "failed to get user"
// @Router /api/v1/users/:id [get]
func (u *UserController) GetUser(c *fiber.Ctx) error {
user, err := u.userService.GetUser(c.Params("id"))
user, err := u.userService.GetUser(c.Params("userID"))
if err != nil {
return err.FiberError(c)
}
Expand Down Expand Up @@ -110,7 +110,7 @@ func (u *UserController) UpdateUser(c *fiber.Ctx) error {
return errors.FailedToParseRequestBody.FiberError(c)
}

updatedUser, err := u.userService.UpdateUser(c.Params("id"), user)
updatedUser, err := u.userService.UpdateUser(c.Params("userID"), user)
if err != nil {
return err.FiberError(c)
}
Expand All @@ -130,7 +130,7 @@ func (u *UserController) UpdateUser(c *fiber.Ctx) error {
// @Failure 500 {string} string "failed to get all users"
// @Router /api/v1/users/:id [delete]
func (u *UserController) DeleteUser(c *fiber.Ctx) error {
err := u.userService.DeleteUser(c.Params("id"))
err := u.userService.DeleteUser(c.Params("userID"))
if err != nil {
return err.FiberError(c)
}
Expand Down
18 changes: 18 additions & 0 deletions backend/src/errors/auth.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package errors

import "github.com/gofiber/fiber/v2"

var (
PassedAuthenticateMiddlewareButNilClaims = Error{
StatusCode: fiber.StatusInternalServerError,
Message: "passed authenticate middleware but claims is nil",
}
FailedToCastToCustomClaims = Error{
StatusCode: fiber.StatusInternalServerError,
Message: "failed to cast to custom claims",
}
ExpectedClaimsButGotNil = Error{
StatusCode: fiber.StatusInternalServerError,
Message: "expected claims but got nil",
}
)
4 changes: 0 additions & 4 deletions backend/src/errors/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,4 @@ var (
StatusCode: fiber.StatusUnauthorized,
Message: "failed to validate access token",
}
FailedToParseUUID = Error{
StatusCode: fiber.StatusBadRequest,
Message: "failed to parse uuid",
}
)
25 changes: 24 additions & 1 deletion backend/src/middleware/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/GenerateNU/sac/backend/src/types"

"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/skip"
)

var paths = []string{
Expand All @@ -18,6 +19,17 @@ var paths = []string{
"/api/v1/auth/logout",
}

func SuperSkipper(h fiber.Handler) fiber.Handler {
return skip.New(h, func(c *fiber.Ctx) bool {
claims, err := types.From(c)
if err != nil {
err.FiberError(c)
return false
}
return claims.Role == string(models.Super)
})
}

func (m *MiddlewareService) Authenticate(c *fiber.Ctx) error {
if slices.Contains(paths, c.Path()) {
return c.Next()
Expand All @@ -28,7 +40,7 @@ func (m *MiddlewareService) Authenticate(c *fiber.Ctx) error {
return errors.FailedToParseAccessToken.FiberError(c)
}

_, ok := token.Claims.(*types.CustomClaims)
claims, ok := token.Claims.(*types.CustomClaims)
if !ok || !token.Valid {
return errors.FailedToValidateAccessToken.FiberError(c)
}
Expand All @@ -37,11 +49,22 @@ func (m *MiddlewareService) Authenticate(c *fiber.Ctx) error {
return errors.Unauthorized.FiberError(c)
}

c.Locals("claims", claims)

return c.Next()
}

func (m *MiddlewareService) Authorize(requiredPermissions ...types.Permission) func(c *fiber.Ctx) error {
return func(c *fiber.Ctx) error {
claims, fromErr := types.From(c)
if fromErr != nil {
return fromErr.FiberError(c)
}

if claims != nil && claims.Role == string(models.Super) {
return c.Next()
}

role, err := auth.GetRoleFromToken(c.Cookies("access_token"), m.AuthSettings.AccessToken)
if err != nil {
return errors.FailedToParseAccessToken.FiberError(c)
Expand Down
2 changes: 1 addition & 1 deletion backend/src/middleware/club.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
func (m *MiddlewareService) ClubAuthorizeById(c *fiber.Ctx) error {
clubUUID, err := utilities.ValidateID(c.Params("id"))
if err != nil {
return errors.FailedToParseUUID.FiberError(c)
return errors.FailedToValidateID.FiberError(c)
}

token, tokenErr := auth.ParseAccessToken(c.Cookies("access_token"), m.AuthSettings.AccessToken)
Expand Down
4 changes: 2 additions & 2 deletions backend/src/middleware/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
func (m *MiddlewareService) UserAuthorizeById(c *fiber.Ctx) error {
idAsUUID, err := utilities.ValidateID(c.Params("id"))
if err != nil {
return errors.FailedToParseUUID.FiberError(c)
return errors.FailedToValidateID.FiberError(c)
}

token, tokenErr := auth.ParseAccessToken(c.Cookies("access_token"), m.AuthSettings.AccessToken)
Expand All @@ -26,7 +26,7 @@ func (m *MiddlewareService) UserAuthorizeById(c *fiber.Ctx) error {

issuerIDAsUUID, err := utilities.ValidateID(claims.Issuer)
if err != nil {
return errors.FailedToParseUUID.FiberError(c)
return errors.FailedToValidateID.FiberError(c)
}

if issuerIDAsUUID.String() == idAsUUID.String() {
Expand Down
1 change: 0 additions & 1 deletion backend/src/models/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ type UpdateUserRequestBody struct {
FirstName string `json:"first_name" validate:"omitempty,max=255"`
LastName string `json:"last_name" validate:"omitempty,max=255"`
Email string `json:"email" validate:"omitempty,email,neu_email,max=255"`
Password string `json:"password" validate:"omitempty,password"`
College College `json:"college" validate:"omitempty,oneof=CAMD DMSB KCCS CE BCHS SL CPS CS CSSH"`
Year Year `json:"year" validate:"omitempty,min=1,max=6"`
}
Expand Down
20 changes: 20 additions & 0 deletions backend/src/server/routes/auth.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/config"
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/gofiber/fiber/v2"
)

func Auth(router fiber.Router, authService services.AuthServiceInterface, authSettings config.AuthSettings) {
authController := controllers.NewAuthController(authService, authSettings)

// api/v1/auth/*
auth := router.Group("/auth")

auth.Post("/login", authController.Login)
auth.Get("/logout", authController.Logout)
auth.Get("/refresh", authController.Refresh)
auth.Get("/me", authController.Me)
}
21 changes: 21 additions & 0 deletions backend/src/server/routes/category.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/gofiber/fiber/v2"
)

func Category(router fiber.Router, categoryService services.CategoryServiceInterface) fiber.Router {
categoryController := controllers.NewCategoryController(categoryService)

categories := router.Group("/categories")

categories.Post("/", categoryController.CreateCategory)
categories.Get("/", categoryController.GetCategories)
categories.Get("/:id", categoryController.GetCategory)
categories.Delete("/:id", categoryController.DeleteCategory)
categories.Patch("/:id", categoryController.UpdateCategory)

return categories
}
16 changes: 16 additions & 0 deletions backend/src/server/routes/category_tag.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/gofiber/fiber/v2"
)

func CategoryTag(router fiber.Router, categoryTagService services.CategoryTagServiceInterface) {
categoryTagController := controllers.NewCategoryTagController(categoryTagService)

categoryTags := router.Group("/:categoryID/tags")

categoryTags.Get("/", categoryTagController.GetTagsByCategory)
categoryTags.Get("/:tagID", categoryTagController.GetTagByCategory)
}
26 changes: 26 additions & 0 deletions backend/src/server/routes/club.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/middleware"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/GenerateNU/sac/backend/src/types"
"github.com/gofiber/fiber/v2"
)

func Club(router fiber.Router, clubService services.ClubServiceInterface, middlewareService middleware.MiddlewareInterface) {
clubController := controllers.NewClubController(clubService)

clubs := router.Group("/clubs")

clubs.Get("/", middlewareService.Authorize(types.ClubReadAll), clubController.GetAllClubs)
clubs.Post("/", clubController.CreateClub)

// api/v1/clubs/:id/*
clubsID := clubs.Group("/:id")
clubsID.Use(middleware.SuperSkipper(middlewareService.UserAuthorizeById))

clubsID.Get("/", clubController.GetClub)
clubsID.Patch("/", middlewareService.Authorize(types.ClubWrite), clubController.UpdateClub)
clubsID.Delete("/", middleware.SuperSkipper(middlewareService.Authorize(types.ClubDelete)), clubController.DeleteClub)
}
18 changes: 18 additions & 0 deletions backend/src/server/routes/tag.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/gofiber/fiber/v2"
)

func Tag(router fiber.Router, tagService services.TagServiceInterface) {
tagController := controllers.NewTagController(tagService)

tags := router.Group("/tags")

tags.Get("/:tagID", tagController.GetTag)
tags.Post("/", tagController.CreateTag)
tags.Patch("/:tagID", tagController.UpdateTag)
tags.Delete("/:tagID", tagController.DeleteTag)
}
28 changes: 28 additions & 0 deletions backend/src/server/routes/user.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/middleware"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/GenerateNU/sac/backend/src/types"
"github.com/gofiber/fiber/v2"
)

func User(router fiber.Router, userService services.UserServiceInterface, middlewareService middleware.MiddlewareInterface) fiber.Router {
userController := controllers.NewUserController(userService)

// api/v1/users/*
users := router.Group("/users")
users.Post("/", userController.CreateUser)
users.Get("/", middleware.SuperSkipper(middlewareService.Authorize(types.UserReadAll)), userController.GetUsers)

// api/v1/users/:userID/*
usersID := users.Group("/:userID")
usersID.Use(middleware.SuperSkipper(middlewareService.UserAuthorizeById))

usersID.Get("/", userController.GetUser)
usersID.Patch("/", userController.UpdateUser)
usersID.Delete("/", userController.DeleteUser)

return users
}
16 changes: 16 additions & 0 deletions backend/src/server/routes/user_tag.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package routes

import (
"github.com/GenerateNU/sac/backend/src/controllers"
"github.com/GenerateNU/sac/backend/src/services"
"github.com/gofiber/fiber/v2"
)

func UserTag(router fiber.Router, userTagService services.UserTagServiceInterface) {
userTagController := controllers.NewUserTagController(userTagService)

userTags := router.Group("/:userID/tags")

userTags.Post("/", userTagController.CreateUserTags)
userTags.Get("/", userTagController.GetUserTags)
}
13 changes: 13 additions & 0 deletions backend/src/server/routes/utility.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package routes

import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/swagger"
)

func Utility(router fiber.Router) {
router.Get("/swagger/*", swagger.HandlerDefault)
router.Get("/health", func(c *fiber.Ctx) error {
return c.SendStatus(200)
})
}
Loading

0 comments on commit 044ea2a

Please sign in to comment.