From 2a4485748988757fc0064ab795d0a290a55457cb Mon Sep 17 00:00:00 2001 From: Fagner Date: Thu, 20 Aug 2020 12:25:41 -0300 Subject: [PATCH 1/7] working on session authentication --- docker-compose-dev.yml | 2 ++ .../app/Controllers/Http/AuthController.js | 2 +- .../app/Controllers/Http/v1/AuthController.js | 34 ++++++++++++++----- .../Middleware/CheckPermissionForGivenCase.js | 2 -- src/adonisjs/config/auth.js | 4 +-- src/adonisjs/start/routes.js | 4 ++- 6 files changed, 33 insertions(+), 15 deletions(-) diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index 6f905de..ada1302 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -15,12 +15,14 @@ services: - APP_URL=http://0.0.0.0:10020 - CACHE_VIEWS=false - APP_KEY=vJX37W4ycI2nkVoBbCM8OW1nsP5LAE8l + - DB_CONNECTION=mysql - DB_HOST=harena-manager-database - DB_PORT=3306 - DB_DATABASE=harena-manager - DB_USER=jacinto - DB_PASSWORD=jacinto + - HASH_DRIVER=bcrypt depends_on: - harena-manager-database diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 685aea7..42a66c5 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -64,7 +64,7 @@ class AuthController { async logout({ auth, response }) { try{ - +console.log(reuest) const refreshToken = auth.getAuthHeader() await auth.revokeTokens(refreshToken) diff --git a/src/adonisjs/app/Controllers/Http/v1/AuthController.js b/src/adonisjs/app/Controllers/Http/v1/AuthController.js index a0a6b1a..926aa19 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AuthController.js @@ -4,20 +4,23 @@ const User = use('App/Models/v1/User'); class AuthController { async login({ request, auth, response }) { - let { email, password } = request.all(); - try { + let { email, password } = request.all(); +console.log(request) if (await auth.attempt(email, password)) { + console.log('------------------------------- attempt') let user = await User.findBy('email', email) - let token = await auth.generate(user) + // let token = await auth.generate(user) - let authenticatedUser = new User() - authenticatedUser.id = user.id - authenticatedUser.email = user.email - authenticatedUser.username = user.username + // let authenticatedUser = new User() + // authenticatedUser.id = user.id + // authenticatedUser.email = user.email + // authenticatedUser.username = user.username + + // Object.assign(authenticatedUser, token) + // return response.json('Logged in successfully') + return response.json(auth.user) - Object.assign(authenticatedUser, token) - return response.json(authenticatedUser) } } catch (e) { @@ -25,6 +28,19 @@ class AuthController { return response.status(e.status).json({ message: e.message }) } } + + async logout({ auth, response }) { + try{ + + await auth.logout() + + return response.json('Logged Zout successfuly') + }catch(e){ + console.log(e) + return response.status(500).json(e.message) + } + + } } module.exports = AuthController \ No newline at end of file diff --git a/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js b/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js index 735343e..1c53d8c 100644 --- a/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js +++ b/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js @@ -26,7 +26,6 @@ console.log(2) // verify if the loged user is owner of the case if (properties[0] == 'author'){ - console.log('case author check') sqlQuery = 'select uc.user_id from users u ' + 'left join users_cases uc on u.id = uc.user_id ' + @@ -39,7 +38,6 @@ console.log(2) } if (properties[0] == 'contributor'){ - console.log('case contributor check') let logged_user = auth.user.id diff --git a/src/adonisjs/config/auth.js b/src/adonisjs/config/auth.js index 670a046..998880a 100644 --- a/src/adonisjs/config/auth.js +++ b/src/adonisjs/config/auth.js @@ -16,7 +16,7 @@ module.exports = { | Available Serializers - lucid, database | */ - authenticator: 'jwt', + authenticator: 'session', /* |-------------------------------------------------------------------------- @@ -54,7 +54,7 @@ module.exports = { scheme: 'basic', uid: 'email', password: 'password' - }, + }, /* |-------------------------------------------------------------------------- diff --git a/src/adonisjs/start/routes.js b/src/adonisjs/start/routes.js index 5db31ee..3b0195d 100644 --- a/src/adonisjs/start/routes.js +++ b/src/adonisjs/start/routes.js @@ -21,7 +21,7 @@ Route.get('/', () => { return 'Hello from Harena Manager'} ) Route.group(() => { Route.post( '', 'v1/UserController.store') - Route.post( 'login', 'v1/AuthController.login') + // Route.post( 'login', 'v1/AuthController.login') Route.get( 'cases', 'v1/UserController.list_cases').middleware(['auth']) @@ -37,6 +37,8 @@ Route.group(() => { Route.get('/api/v1/users', 'v1/UserController.index').middleware(['auth', 'is:admin']) +Route.post('/api/v1/auth/login', 'v1/AuthController.login') +Route.post('/api/v1/auth/logout', 'v1/AuthController.logout').middleware(['auth']) /* |---------------------------------------------------------------------------------------------- From d4e27d60f03d0c37524ad1da0b9846b1594bbbde Mon Sep 17 00:00:00 2001 From: Fagner Date: Sat, 22 Aug 2020 12:46:17 -0300 Subject: [PATCH 2/7] working on session --- .../app/Controllers/Http/v1/AuthController.js | 19 ++++++++++++++----- src/adonisjs/config/cors.js | 2 +- src/adonisjs/config/session.js | 1 + 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/v1/AuthController.js b/src/adonisjs/app/Controllers/Http/v1/AuthController.js index 926aa19..3f8af80 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AuthController.js @@ -1,14 +1,19 @@ 'use strict' +const Logger = use('Logger') + const User = use('App/Models/v1/User'); class AuthController { - async login({ request, auth, response }) { + async login({ request, auth, response, session }) { + // console.log(session.all()) try { let { email, password } = request.all(); -console.log(request) - if (await auth.attempt(email, password)) { +// console.log(request) + if (await auth.remember(true).attempt(email, password)) { console.log('------------------------------- attempt') + // console.log(session.all()) + let user = await User.findBy('email', email) // let token = await auth.generate(user) @@ -19,7 +24,11 @@ console.log(request) // Object.assign(authenticatedUser, token) // return response.json('Logged in successfully') - return response.json(auth.user) + + let adonis_session = session.get('adonis-auth') + console.log(adonis_session) + console.log(auth) + return response.json(adonis_session) } } @@ -34,7 +43,7 @@ console.log(request) await auth.logout() - return response.json('Logged Zout successfuly') + return response.json('Logged out successfuly') }catch(e){ console.log(e) return response.status(500).json(e.message) diff --git a/src/adonisjs/config/cors.js b/src/adonisjs/config/cors.js index 413fe52..1e62d3c 100644 --- a/src/adonisjs/config/cors.js +++ b/src/adonisjs/config/cors.js @@ -73,7 +73,7 @@ module.exports = { | boolean. | */ - credentials: false, + credentials: true, /* |-------------------------------------------------------------------------- diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index 03aec1a..f218511 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -67,6 +67,7 @@ module.exports = { httpOnly: true, sameSite: false, path: '/' + // domain: Env.get('COOKIE_DOMAIN', null) }, /* From c249dc958272e82168bda9bc9db572430850ef90 Mon Sep 17 00:00:00 2001 From: Fagner Date: Sun, 23 Aug 2020 22:19:06 -0300 Subject: [PATCH 3/7] =?UTF-8?q?refactor:=20=F0=9F=92=A1=20Refactoring=20qu?= =?UTF-8?q?est=20endpoints?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `POST quest/link/user` and `POST admin/role/link/user` --- .../app/Controllers/Http/AuthController.js | 1 - .../Controllers/Http/v1/AdminController.js | 13 +---- .../Controllers/Http/v1/QuestController.js | 57 ++++++++++++------- .../app/Controllers/Http/v1/UserController.js | 2 +- .../Middleware/CheckPermissionForGivenCase.js | 1 - .../Middleware/CheckUserQuestPermission.js | 36 +++++++++--- src/adonisjs/config/auth.js | 2 +- src/adonisjs/start/routes.js | 7 ++- 8 files changed, 74 insertions(+), 45 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 42a66c5..0213a10 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -6,7 +6,6 @@ const Token = use('App/Models/v1/Token'); class AuthController { async login({ request, auth, response }) { - console.log(request.all()) let { email, password, refresh_token } = request.all(); let user = "" let token = "" diff --git a/src/adonisjs/app/Controllers/Http/v1/AdminController.js b/src/adonisjs/app/Controllers/Http/v1/AdminController.js index a75bd54..e9b6191 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AdminController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AdminController.js @@ -51,24 +51,17 @@ class AdminController { } } - async link_role_user({ request, response }) { + async linkRoleUser({ request, response }) { try { const {user_id, role_id} = request.post() let user = await User.find(user_id) let role = await Role.find(role_id) await user.roles().attach(role.id) - - // user.quests = await user.quests().fetch() - - return response.json(user) + return response.json(role.slug + ' role has given to the user ' + user.username) } catch (e) { console.log(e) - if (e.code === 'ER_DUP_ENTRY') { - return response.status(409).json({ message: e.message }) - } - - return response.status(500).json({ message: e.toString() }) + return response.status(500).json(e) } } diff --git a/src/adonisjs/app/Controllers/Http/v1/QuestController.js b/src/adonisjs/app/Controllers/Http/v1/QuestController.js index ce0647a..b3f32b7 100644 --- a/src/adonisjs/app/Controllers/Http/v1/QuestController.js +++ b/src/adonisjs/app/Controllers/Http/v1/QuestController.js @@ -9,11 +9,24 @@ const Database = use('Database') const Quest = use('App/Models/v1/Quest'); const User = use('App/Models/v1/User'); const Case = use('App/Models/v1/Case'); +const Role = use('App/Models/v1/Role'); const uuidv4 = require('uuid/v4'); class QuestController { + async index({ response }) { + console.log('aqui') + try{ + let quests = await Quest.all() + return response.json(quests) + } catch(e){ + return response.status(e.status).json({ message: e.message }) + } + } + + + async store({ request, response, auth }) { let trx = await Database.beginTransaction() @@ -48,29 +61,31 @@ class QuestController { async link_user({ request, response }) { try { - const {user_id, quest_id} = request.post() + const {user_id, quest_id, roleSlug} = request.post() let user = await User.find(user_id) let quest = await Quest.find(quest_id) + let role = await Role.findBy('slug', roleSlug) + + if (role == null) + return response.status(500).json('Invalid roleSlug') - if (await user.check_role('author')){ + if (await user.check_role(role.slug)){ await user.quests().attach([quest.id], (row) => { - row.role = 1 + if (role.slug == 'author'){ + row.role = 1 + } + if (role.slug == 'player'){ + row.role = 2 + } }) - user.quests = await user.quests().fetch() - - return response.json(user) + return response.json(role.slug + ' ' + user.username + ' was added to the quest '+ quest.title) } else { - return response.status(500).json('target user must be an author') + return response.status(500).json('target user must have ' + role.slug + ' role') } - } catch (e) { console.log(e) - if (e.code === 'ER_DUP_ENTRY') { - return response.status(409).json({ message: e.message }) - } - - return response.json({ message: e.toString() }) + return response.status(500).json(e) } } @@ -114,19 +129,23 @@ class QuestController { try{ let quest_id = request.input('quest_id') let quest = await Quest.find(quest_id) - console.log(quest) - return response.json(await quest.cases().fetch()) + return response.json(await quest.cases().fetch()) } catch(e){ console.log(e) } } - async index({ response }) { + + + async list_playable_cases({ request, response }) { +console.log('playable') try{ - let quests = await Quest.all() - return response.json(quests) + let quest_id = request.input('quest_id') + let quest = await Quest.find(quest_id) + console.log(quest) + return response.json(await quest.cases().fetch()) } catch(e){ - return response.status(e.status).json({ message: e.message }) + console.log(e) } } } diff --git a/src/adonisjs/app/Controllers/Http/v1/UserController.js b/src/adonisjs/app/Controllers/Http/v1/UserController.js index 938b430..c5b1ddf 100644 --- a/src/adonisjs/app/Controllers/Http/v1/UserController.js +++ b/src/adonisjs/app/Controllers/Http/v1/UserController.js @@ -86,7 +86,7 @@ class UserController { } catch (e) { console.log(e) if (e.code === 'ER_DUP_ENTRY') { - return response.status(409).json({ message: e.message }) + return response.status(409).json(e.sqlMessage) } return response.status(e.status).json({ message: e.message }) diff --git a/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js b/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js index 1c53d8c..667089e 100644 --- a/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js +++ b/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js @@ -12,7 +12,6 @@ class CheckPermissionForGivenCase { * @param {Function} next */ async handle ({ params, request, response, auth }, next, properties) { -console.log(2) try{ let logged_user = auth.user.id let sqlQuery = "" diff --git a/src/adonisjs/app/Middleware/CheckUserQuestPermission.js b/src/adonisjs/app/Middleware/CheckUserQuestPermission.js index 852b7d0..e13fb82 100644 --- a/src/adonisjs/app/Middleware/CheckUserQuestPermission.js +++ b/src/adonisjs/app/Middleware/CheckUserQuestPermission.js @@ -5,30 +5,48 @@ const Database = use('Database') +const Logger = use('Logger') + class CheckUserQuestPermission { /** * @param {object} ctx * @param {Request} ctx.request * @param {Function} next */ - async handle ({ params, request, auth }, next) { - try{ + async handle ({ params, request, auth, response }, next, properties) { + try{ let user_id = auth.user.id let quest_id = request.input('quest_id') - let query_result = await Database - .from('quests_users') - .where('quests_users.user_id', user_id) + let query_result + if (properties[0] == 'contributor'){ + query_result = await Database + .from('quests_users') + .where('quests_users.user_id', user_id) .where('quests_users.quest_id', quest_id) - .whereIn('quests_users.role', [0, 1]) + .whereIn('quests_users.role', [0, 1]) .count() + } - if (query_result[0]['count(*)'] === 0) - return response.status(500).json('user dont have permission for such quest') - else await next() + if (properties[0] == 'player'){ + query_result = await Database + .from('quests_users') + .where('quests_users.user_id', user_id) + .where('quests_users.quest_id', quest_id) + .whereIn('quests_users.role', [2]) + .count() + } + + if (query_result[0]['count(*)'] === 0) + return response.status(500).json('user dont have ' + properties[0] + ' permissions for such quest') + else { + Logger.info('check user\'s quest permission - OK') + await next() + } } catch(e){ console.log(e) + return response.status(500).json(e) } } diff --git a/src/adonisjs/config/auth.js b/src/adonisjs/config/auth.js index 998880a..ca2d6d1 100644 --- a/src/adonisjs/config/auth.js +++ b/src/adonisjs/config/auth.js @@ -16,7 +16,7 @@ module.exports = { | Available Serializers - lucid, database | */ - authenticator: 'session', + authenticator: 'jwt', /* |-------------------------------------------------------------------------- diff --git a/src/adonisjs/start/routes.js b/src/adonisjs/start/routes.js index 3b0195d..03c55ce 100644 --- a/src/adonisjs/start/routes.js +++ b/src/adonisjs/start/routes.js @@ -97,7 +97,7 @@ Route.group(() => { */ Route.get('/api/v1/author/quest/cases', 'v1/QuestController.list_cases').middleware(['auth', 'is:author', 'quest_permission:contributor']) -// Route.get('/api/v1/play/quest/cases', 'v1/QuestController.list_cases').middleware(['auth', 'is:player']) +Route.get('/api/v1/player/quest/cases', 'v1/QuestController.list_playable_cases').middleware(['auth', 'is:player', 'quest_permission:player']) Route.group(() => { @@ -108,7 +108,7 @@ Route.group(() => { Route.post( 'link/case', 'v1/QuestController.link_case') Route.get( ':id/users', 'v1/QuestController.list_users') -}).prefix('/api/v1/quest').middleware('auth', 'is:admin') +}).prefix('/api/v1/quest').middleware('auth', 'is:author') /* @@ -123,7 +123,7 @@ Route.group(() => { Route.get( 'roles', 'v1/AdminController.list_roles') Route.get( 'permissions', 'v1/AdminController.list_permissions') - Route.post( 'role/link/user', 'v1/AdminController.link_role_user') + Route.post( 'role/link/user', 'v1/AdminController.linkRoleUser') Route.post( 'role/link/permission', 'v1/AdminController.link_role_permission') Route.get( 'user/:id/roles', 'v1/AdminController.list_roles_by_user') @@ -134,6 +134,7 @@ Route.group(() => { Route.post( 'revoke_tokens', 'v1/AdminController.revoke_tokens') + Route.post( 'quest/link/user', 'v1/QuestController.link_user') }).prefix('/api/v1/admin').middleware(['auth', 'is:admin']) From 138b1f803c9172673c0aa2aa06e1cf9ae82283fb Mon Sep 17 00:00:00 2001 From: Fagner Date: Mon, 24 Aug 2020 01:10:46 -0300 Subject: [PATCH 4/7] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Newly=20created=20`P?= =?UTF-8?q?OST=20quest/cases`=20endpoint?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It returns the cases given a questId input --- .../app/Controllers/Http/v1/AuthController.js | 1 + .../Controllers/Http/v1/QuestController.js | 27 +++++++------------ .../app/Controllers/Http/v1/UserController.js | 2 -- .../Middleware/CheckUserQuestPermission.js | 23 +++++++++++----- src/adonisjs/start/routes.js | 10 +++---- 5 files changed, 31 insertions(+), 32 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/v1/AuthController.js b/src/adonisjs/app/Controllers/Http/v1/AuthController.js index 926aa19..3bc09d9 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AuthController.js @@ -6,6 +6,7 @@ class AuthController { async login({ request, auth, response }) { try { let { email, password } = request.all(); + console.log(request) if (await auth.attempt(email, password)) { console.log('------------------------------- attempt') diff --git a/src/adonisjs/app/Controllers/Http/v1/QuestController.js b/src/adonisjs/app/Controllers/Http/v1/QuestController.js index b3f32b7..6f731db 100644 --- a/src/adonisjs/app/Controllers/Http/v1/QuestController.js +++ b/src/adonisjs/app/Controllers/Http/v1/QuestController.js @@ -114,40 +114,31 @@ class QuestController { } - async list_users({ params, response }) { + async listUsers({ request, response }) { try{ - let quest = await Quest.find(params.id) + let questId = request.input('questId') + + let quest = await Quest.find(questId) return response.json(await quest.users().fetch()) } catch(e){ console.log(e) + return response.status(500).json(e) } } - async list_cases({ request, response }) { - + async listCases({ request, response }) { try{ - let quest_id = request.input('quest_id') - let quest = await Quest.find(quest_id) - return response.json(await quest.cases().fetch()) - } catch(e){ - console.log(e) - } - } - + let questId = request.input('questId') + let quest = await Quest.find(questId) - async list_playable_cases({ request, response }) { -console.log('playable') - try{ - let quest_id = request.input('quest_id') - let quest = await Quest.find(quest_id) - console.log(quest) return response.json(await quest.cases().fetch()) } catch(e){ console.log(e) } } + } module.exports = QuestController diff --git a/src/adonisjs/app/Controllers/Http/v1/UserController.js b/src/adonisjs/app/Controllers/Http/v1/UserController.js index c5b1ddf..adc09d7 100644 --- a/src/adonisjs/app/Controllers/Http/v1/UserController.js +++ b/src/adonisjs/app/Controllers/Http/v1/UserController.js @@ -22,7 +22,6 @@ class UserController { * @param {View} ctx.view */ async index({ request, response, view, auth }) { - console.log(1) try{ let users = await User.all() @@ -42,7 +41,6 @@ class UserController { * @param {View} ctx.view */ async show({ params, request, response, view }) { - console.log(12323) try{ let user = await User.find(params.id) diff --git a/src/adonisjs/app/Middleware/CheckUserQuestPermission.js b/src/adonisjs/app/Middleware/CheckUserQuestPermission.js index e13fb82..0ac5dbd 100644 --- a/src/adonisjs/app/Middleware/CheckUserQuestPermission.js +++ b/src/adonisjs/app/Middleware/CheckUserQuestPermission.js @@ -15,15 +15,25 @@ class CheckUserQuestPermission { */ async handle ({ params, request, auth, response }, next, properties) { try{ - let user_id = auth.user.id - let quest_id = request.input('quest_id') + let userId = auth.user.id + let questId = request.input('questId') let query_result + + if (properties[0] == null){ + query_result = await Database + .from('quests_users') + .where('quests_users.user_id', userId) + .where('quests_users.quest_id', questId) + .count() + } + + if (properties[0] == 'contributor'){ query_result = await Database .from('quests_users') - .where('quests_users.user_id', user_id) - .where('quests_users.quest_id', quest_id) + .where('quests_users.user_id', userId) + .where('quests_users.quest_id', questId) .whereIn('quests_users.role', [0, 1]) .count() } @@ -31,13 +41,12 @@ class CheckUserQuestPermission { if (properties[0] == 'player'){ query_result = await Database .from('quests_users') - .where('quests_users.user_id', user_id) - .where('quests_users.quest_id', quest_id) + .where('quests_users.user_id', userId) + .where('quests_users.quest_id', questId) .whereIn('quests_users.role', [2]) .count() } - if (query_result[0]['count(*)'] === 0) return response.status(500).json('user dont have ' + properties[0] + ' permissions for such quest') else { diff --git a/src/adonisjs/start/routes.js b/src/adonisjs/start/routes.js index 03c55ce..12ef0ad 100644 --- a/src/adonisjs/start/routes.js +++ b/src/adonisjs/start/routes.js @@ -96,17 +96,17 @@ Route.group(() => { |---------------------------------------------------------------------------------------------- */ -Route.get('/api/v1/author/quest/cases', 'v1/QuestController.list_cases').middleware(['auth', 'is:author', 'quest_permission:contributor']) -Route.get('/api/v1/player/quest/cases', 'v1/QuestController.list_playable_cases').middleware(['auth', 'is:player', 'quest_permission:player']) +Route.get('/api/v1/quests', 'v1/QuestController.index').middleware('auth', 'is:admin') +Route.get('/api/v1/quest/cases', 'v1/QuestController.listCases').middleware(['auth', 'is:(author or player)', 'quest_permission']) Route.group(() => { - Route.get( '', 'v1/QuestController.index') Route.put( '', 'v1/QuestController.store') Route.post( 'link/user', 'v1/QuestController.link_user').middleware('quest_permission:contributor') - Route.post( 'link/case', 'v1/QuestController.link_case') - Route.get( ':id/users', 'v1/QuestController.list_users') + Route.post( 'link/case', 'v1/QuestController.link_case').middleware('quest_permission:contributor') + + Route.get( 'users', 'v1/QuestController.listUsers').middleware('quest_permission:contributor') }).prefix('/api/v1/quest').middleware('auth', 'is:author') From d0fc7645589f47246010035944f232b9bbf70710 Mon Sep 17 00:00:00 2001 From: Fagner Date: Mon, 24 Aug 2020 02:03:05 -0300 Subject: [PATCH 5/7] Removing console.log() from AuthController --- src/adonisjs/app/Controllers/Http/AuthController.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 0213a10..f3715eb 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -14,7 +14,6 @@ class AuthController { await auth.check() return response.json('user is signed already') } catch(e) { - console.log(e) // token expired if (e.code == 'E_JWT_TOKEN_EXPIRED'){ token = await auth.generateForRefreshToken(refresh_token) @@ -28,11 +27,9 @@ class AuthController { // unloged user if (e.code == 'E_INVALID_JWT_TOKEN'){ - console.log(7) try{ token = await auth.withRefreshToken().attempt(email, password) } catch(e){ - console.log('erro aqui') console.log(e) } } @@ -63,7 +60,6 @@ class AuthController { async logout({ auth, response }) { try{ -console.log(reuest) const refreshToken = auth.getAuthHeader() await auth.revokeTokens(refreshToken) From 65cbe6a8e7608beb440166e6dfdb81043f5b25ac Mon Sep 17 00:00:00 2001 From: Fagner Date: Mon, 24 Aug 2020 12:22:33 -0300 Subject: [PATCH 6/7] working on csrf token --- .../app/Controllers/Http/AuthController.js | 91 +++++++------------ .../app/Controllers/Http/v1/AuthController.js | 89 +++++++++++------- src/adonisjs/config/session.js | 3 +- 3 files changed, 94 insertions(+), 89 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 42a66c5..1c88ad7 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -1,74 +1,49 @@ 'use strict' +const Logger = use('Logger') + const User = use('App/Models/v1/User'); -const Token = use('App/Models/v1/Token'); class AuthController { + async login({ request, auth, response, session }) { + console.log('v2/session') + try { + let { email, password } = request.all(); +// console.log(request) + if (await auth.remember(true).attempt(email, password)) { + console.log('------------------------------- attempt') + // console.log(session.all()) + + let user = await User.findBy('email', email) + // let token = await auth.generate(user) + + // let authenticatedUser = new User() + // authenticatedUser.id = user.id + // authenticatedUser.email = user.email + // authenticatedUser.username = user.username + + // Object.assign(authenticatedUser, token) + // return response.json('Logged in successfully') + + let adonis_session = session.get('adonis-auth') + console.log(adonis_session) + console.log(auth) + return response.json(adonis_session) - async login({ request, auth, response }) { - console.log(request.all()) - let { email, password, refresh_token } = request.all(); - let user = "" - let token = "" - - try{ - await auth.check() - return response.json('user is signed already') - } catch(e) { - console.log(e) - // token expired - if (e.code == 'E_JWT_TOKEN_EXPIRED'){ - token = await auth.generateForRefreshToken(refresh_token) - - Object.entries(token).forEach(entry => { - if (entry[0] == 'refreshToken'){ - refresh_token = entry[1] - } - }); } - - // unloged user - if (e.code == 'E_INVALID_JWT_TOKEN'){ - console.log(7) - try{ - token = await auth.withRefreshToken().attempt(email, password) - } catch(e){ - console.log('erro aqui') - console.log(e) - } - } - - // generic error - if (token == "") - return response.status(e.status).json(e.message) - - user = await User.findBy('email', email) - Object.assign(user, token) - - return response.json(user) } - } - - async login2({ request, auth, response }) { - try{ - let refresh_token = request.input('access_code'); - - let token = await auth.generateForRefreshToken(refresh_token) - return response.json(token) - }catch(e){ + catch (e) { console.log(e) - return response.status(500).json(e.message) + return response.status(e.status).json({ message: e.message }) } - } async logout({ auth, response }) { try{ -console.log(reuest) - const refreshToken = auth.getAuthHeader() - await auth.revokeTokens(refreshToken) + + await auth.logout() - return response.json('successfull logout') + return response.json('Logged out successfuly') }catch(e){ console.log(e) return response.status(500).json(e.message) @@ -78,3 +53,7 @@ console.log(reuest) } module.exports = AuthController + + + + diff --git a/src/adonisjs/app/Controllers/Http/v1/AuthController.js b/src/adonisjs/app/Controllers/Http/v1/AuthController.js index 3f8af80..1c8c052 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AuthController.js @@ -1,49 +1,74 @@ 'use strict' -const Logger = use('Logger') - const User = use('App/Models/v1/User'); +const Token = use('App/Models/v1/Token'); class AuthController { - async login({ request, auth, response, session }) { - // console.log(session.all()) - try { - let { email, password } = request.all(); -// console.log(request) - if (await auth.remember(true).attempt(email, password)) { - console.log('------------------------------- attempt') - // console.log(session.all()) - - let user = await User.findBy('email', email) - // let token = await auth.generate(user) - - // let authenticatedUser = new User() - // authenticatedUser.id = user.id - // authenticatedUser.email = user.email - // authenticatedUser.username = user.username - - // Object.assign(authenticatedUser, token) - // return response.json('Logged in successfully') - - let adonis_session = session.get('adonis-auth') - console.log(adonis_session) - console.log(auth) - return response.json(adonis_session) + async login({ request, auth, response }) { + console.log(request.all()) + let { email, password, refresh_token } = request.all(); + let user = "" + let token = "" + + try{ + await auth.check() + return response.json('user is signed already') + } catch(e) { + console.log(e) + // token expired + if (e.code == 'E_JWT_TOKEN_EXPIRED'){ + token = await auth.generateForRefreshToken(refresh_token) + + Object.entries(token).forEach(entry => { + if (entry[0] == 'refreshToken'){ + refresh_token = entry[1] + } + }); } + + // unloged user + if (e.code == 'E_INVALID_JWT_TOKEN'){ + console.log(7) + try{ + token = await auth.withRefreshToken().attempt(email, password) + } catch(e){ + console.log('erro aqui') + console.log(e) + } + } + + // generic error + if (token == "") + return response.status(e.status).json(e.message) + + user = await User.findBy('email', email) + Object.assign(user, token) + + return response.json(user) } - catch (e) { + } + + async login2({ request, auth, response }) { + try{ + let refresh_token = request.input('access_code'); + + let token = await auth.generateForRefreshToken(refresh_token) + return response.json(token) + }catch(e){ console.log(e) - return response.status(e.status).json({ message: e.message }) + return response.status(500).json(e.message) } + } async logout({ auth, response }) { try{ - - await auth.logout() +console.log(reuest) + const refreshToken = auth.getAuthHeader() + await auth.revokeTokens(refreshToken) - return response.json('Logged out successfuly') + return response.json('successfull logout') }catch(e){ console.log(e) return response.status(500).json(e.message) @@ -52,4 +77,4 @@ class AuthController { } } -module.exports = AuthController \ No newline at end of file +module.exports = AuthController diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index f218511..0e55f45 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -66,7 +66,8 @@ module.exports = { cookie: { httpOnly: true, sameSite: false, - path: '/' + path: '/', + domain: 'harena.com' // domain: Env.get('COOKIE_DOMAIN', null) }, From 3d3fc5bed62704bb667eb5e57a094f7120e63b79 Mon Sep 17 00:00:00 2001 From: Fagner Date: Mon, 24 Aug 2020 19:27:28 -0300 Subject: [PATCH 7/7] working on authorization header --- src/adonisjs/app/Controllers/Http/AuthController.js | 13 +++++++------ .../app/Controllers/Http/v1/AuthController.js | 4 +--- src/adonisjs/config/auth.js | 1 + src/adonisjs/config/session.js | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 1c88ad7..917818b 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -9,8 +9,9 @@ class AuthController { console.log('v2/session') try { let { email, password } = request.all(); -// console.log(request) + // if (await auth.remember(true).attempt(email, password)) { if (await auth.remember(true).attempt(email, password)) { + console.log('------------------------------- attempt') // console.log(session.all()) @@ -22,13 +23,13 @@ class AuthController { // authenticatedUser.email = user.email // authenticatedUser.username = user.username - // Object.assign(authenticatedUser, token) + Object.assign(user, { 'adonisAuth': session.get('adonis-auth') }) // return response.json('Logged in successfully') - let adonis_session = session.get('adonis-auth') - console.log(adonis_session) - console.log(auth) - return response.json(adonis_session) + // let adonis_session = session.get('adonis-auth') + console.log(session.all()) + // console.log(auth) + return response.json(user) } } diff --git a/src/adonisjs/app/Controllers/Http/v1/AuthController.js b/src/adonisjs/app/Controllers/Http/v1/AuthController.js index 1c8c052..0a5c3da 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AuthController.js @@ -6,7 +6,7 @@ const Token = use('App/Models/v1/Token'); class AuthController { async login({ request, auth, response }) { - console.log(request.all()) + // console.log(request.all()) let { email, password, refresh_token } = request.all(); let user = "" let token = "" @@ -29,7 +29,6 @@ class AuthController { // unloged user if (e.code == 'E_INVALID_JWT_TOKEN'){ - console.log(7) try{ token = await auth.withRefreshToken().attempt(email, password) } catch(e){ @@ -64,7 +63,6 @@ class AuthController { async logout({ auth, response }) { try{ -console.log(reuest) const refreshToken = auth.getAuthHeader() await auth.revokeTokens(refreshToken) diff --git a/src/adonisjs/config/auth.js b/src/adonisjs/config/auth.js index 998880a..8a40813 100644 --- a/src/adonisjs/config/auth.js +++ b/src/adonisjs/config/auth.js @@ -75,6 +75,7 @@ module.exports = { secret: Env.get('APP_KEY'), // expiresIn: 300 expiresIn: 86400 + // algorithm: } }, diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index 0e55f45..37c9f40 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -67,7 +67,7 @@ module.exports = { httpOnly: true, sameSite: false, path: '/', - domain: 'harena.com' + // domain: 'harena.com' // domain: Env.get('COOKIE_DOMAIN', null) },