Skip to content

Commit

Permalink
Merge pull request #100 from harena-lab/development
Browse files Browse the repository at this point in the history 
feat (Category): Category as case filter and Session auth
  • Loading branch information
@HeitorMatt
HeitorMatt authored Oct 18, 2020
2 parents 0b8bd16 + 3c3a196 commit 94fc15e
Show file tree
Hide file tree
Showing 24 changed files with 2,627 additions and 347 deletions.
1,974 changes: 1,974 additions & 0 deletions harena-manager.postman_collection.json
View file

Large diffs are not rendered by default.

98 changes: 69 additions & 29 deletions src/adonisjs/app/Controllers/Http/AuthController.js
View file
Original file line number Diff line number Diff line change
@@ -1,47 +1,87 @@
'use strict'

const Logger = use('Logger')

const User = use('App/Models/v1/User')
const Token = use('App/Models/v1/Token')
const Logger = use('Logger')

class AuthController {
async login ({ request, auth, response, session }) {
console.log('v2/session')
Logger.info('login attempt via v2/auth/login (SESSION)')
async checkToken ({ request, auth, response }) {
try {
// console.log('====Checking token...')
await auth.check()
response.json('token valid')
// console.log('====Token valid')
} catch (error) {
// console.log('====Token invalid')
}
}

async login ({ request, auth, response }) {
// console.log(request.all())
Logger.info('login attempt via v1/auth/login (JWT)')

let { email, password, refresh_token } = request.all()
console.log(password)
let user = ''
let token = ''

try {
const { email, password } = request.all()
// if (await auth.remember(true).attempt(email, password)) {
if (await auth.remember(true).attempt(email, password)) {
console.log('------------------------------- attempt')
// console.log(session.all())

const user = await User.findBy('email', email)
// let token = await auth.generate(user)

// let authenticatedUser = new User()
// authenticatedUser.id = user.id
// authenticatedUser.email = user.email
// authenticatedUser.username = user.username

Object.assign(user, { adonisAuth: session.get('adonis-auth') })
// return response.json('Logged in successfully')

// let adonis_session = session.get('adonis-auth')
console.log(session.all())
// console.log(auth)
return response.json(user)
await auth.check()
return response.json('user is signed already')
} catch (e) {
// token expired
if (e.code == 'E_JWT_TOKEN_EXPIRED') {
token = await auth.generateForRefreshToken(refresh_token)

Object.entries(token).forEach(entry => {
if (entry[0] == 'refreshToken') {
refresh_token = entry[1]
}
})
Logger.info('expired token')
}

// unloged user
if (e.code == 'E_INVALID_JWT_TOKEN') {
try {
token = await auth.withRefreshToken().attempt(email, password)
Logger.info('newly generated token')
} catch (e) {
console.log(e)
}
}

// generic error
if (token == '') { return response.status(e.status).json(e.message) }

user = await User.findBy('email', email)
Object.assign(user, token)

return response.json(user)
}
}

async login2 ({ request, auth, response }) {
try {
const refresh_token = request.input('access_code')

const token = await auth.generateForRefreshToken(refresh_token)
return response.json(token)
} catch (e) {
console.log(e)
return response.status(e.status).json({ message: e.message })
return response.status(500).json(e.message)
}
}

async logout ({ auth, response }) {
try {
await auth.logout()
Logger.info('logout attempt via v1/auth/logout (JWT)')

const refreshToken = auth.getAuthHeader()
// console.log(refreshToken);
await auth.revokeTokens(refreshToken)

return response.json('Logged out successfuly')
return response.json('successfull logout')
} catch (e) {
console.log(e)
return response.status(500).json(e.message)
Expand Down
84 changes: 28 additions & 56 deletions src/adonisjs/app/Controllers/Http/v1/AuthController.js
View file
Original file line number Diff line number Diff line change
@@ -1,87 +1,59 @@
'use strict'

const User = use('App/Models/v1/User')
const Token = use('App/Models/v1/Token')
const Logger = use('Logger')

const User = use('App/Models/v1/User')

class AuthController {
async checkToken ({ request, auth, response }) {
try {
console.log('====Checking token...')
// console.log('====Checking token...')
await auth.check()
response.json('token valid')
console.log('====Token valid')
// console.log('====Token valid')
} catch (error) {
console.log('====Token invalid')
// console.log('====Token invalid')
}
}

async login ({ request, auth, response }) {
// console.log(request.all())
Logger.info('login attempt via v1/auth/login (JWT)')

let { email, password, refresh_token } = request.all()
console.log(password)
let user = ''
let token = ''

async login ({ request, auth, response, session }) {
console.log('v2/session')
Logger.info('login attempt via v2/auth/login (SESSION)')
const { email, password } = request.all()
try {
await auth.check()
return response.json('user is signed already')
} catch (e) {
// token expired
if (e.code == 'E_JWT_TOKEN_EXPIRED') {
token = await auth.generateForRefreshToken(refresh_token)
if (await auth.remember(true).attempt(email, password)) {
console.log('------------------------------- attempt')
// console.log(session.all())

Object.entries(token).forEach(entry => {
if (entry[0] == 'refreshToken') {
refresh_token = entry[1]
}
})
Logger.info('expired token')
}
const user = await User.findBy('email', email)

// unloged user
if (e.code == 'E_INVALID_JWT_TOKEN') {
console.log(session.all())
return response.json(user)
}
} catch (e) {
if (e.code === 'E_CANNOT_LOGIN') {
try {
token = await auth.withRefreshToken().attempt(email, password)
Logger.info('newly generated token')
console.log('=============== Another was session found, logging out old session')
await auth.logout()
if (await auth.remember(true).attempt(email, password)) {
console.log('=============== login in to current session')
const user = await User.findBy('email', email)
return response.json(user)
}
} catch (e) {
console.log(e)
}
}

// generic error
if (token == '') { return response.status(e.status).json(e.message) }

user = await User.findBy('email', email)
Object.assign(user, token)

return response.json(user)
}
}

async login2 ({ request, auth, response }) {
try {
const refresh_token = request.input('access_code')

const token = await auth.generateForRefreshToken(refresh_token)
return response.json(token)
} catch (e) {
console.log(e)
return response.status(500).json(e.message)
return response.status(e.status).json({ message: e.message })
}
}

async logout ({ auth, response }) {
try {
Logger.info('logout attempt via v1/auth/logout (JWT)')

const refreshToken = auth.getAuthHeader()
// console.log(refreshToken);
await auth.revokeTokens(refreshToken)
await auth.logout()

return response.json('successfull logout')
return response.json('Logged out successfuly')
} catch (e) {
console.log(e)
return response.status(500).json(e.message)
Expand Down
64 changes: 42 additions & 22 deletions src/adonisjs/app/Controllers/Http/v1/CaseController.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ class CaseController {

const institution = await Institution.find(c.institution_id)
c.institution = institution.acronym
c.institutionTitle = institution.title

return response.json(c)
} else return response.status(500).json('case not found')
Expand Down Expand Up @@ -84,7 +85,7 @@ class CaseController {

await c.versions().save(cv)
await c.users().attach(auth.user.id, (row) => {
row.role = 0
row.permission = 'delete'
})

c.versions = await c.versions().fetch()
Expand Down Expand Up @@ -165,34 +166,53 @@ class CaseController {
}
}

async share ({ request, auth, response }) {

async linkUser ({ request, auth, response }) {
const trx = await Database.beginTransaction()

try {
const logged_user = auth.user.id
const { user_id, case_id } = request.post()
const loggedUser = auth.user.id
const { userId, caseId, permission } = request.post()

if (logged_user == user_id) {
if (permission != 'read' && permission != 'share' && permission != 'write'){
return response.json('invalid permission')
}

if (loggedUser == userId) {
return response.status(500).json('cannot share a case with herself')
}

const user = await User.find(user_id)

// Check if target user is an author
const sql_return = await Database
.select('slug')
.from('roles')
.where('slug', '=', 'author')
.leftJoin('role_user', 'roles.id', 'role_user.role_id')
.where('role_user.user_id', '=', user_id)

if (sql_return[0] != undefined) {
await user.cases().attach(case_id, (row) => {
row.role = 1
})
return response.json('case successfully shared')
} else {
return response.status(500).json('target user is not an author')
const user = await User.find(userId)

await user.cases().detach(null, trx)

if (permission == 'read'){
if (await user.checkRole('player') || await user.checkRole('author')){
await user.cases().attach(caseId, (row) => {
row.permission = permission
}, trx)
}else {
return response.status(500).json('target user must be an author or a player to be elegible for such permission')
}

}

if (permission == 'write' || permission == 'share'){
// Check if target user is an author
if (await user.checkRole('author')){

await user.cases().attach(caseId, (row) => {
row.permission = permission
}, trx)

} else {
return response.status(500).json('target user must be an author to be elegible for such permission')
}
}
trx.commit()
return response.json('user and case successfully linked')
} catch (e) {
trx.rollback()
console.log(e)
return response.status(e.status).json({ message: e.toString() })
}
Expand Down
Loading

0 comments on commit 94fc15e

Please sign in to comment.