From e503468660a13760010a94ecda5f0625c6f47f87 Mon Sep 17 00:00:00 2001
From: Ricardo <ricardo@cino.io>
Date: Fri, 13 Oct 2023 14:12:03 +0200
Subject: Server re-build with latest AdonisJS framework & Typescript (#47)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* chore: setup first basis structure

* chore: ensure styling is loaded correctly

* chore: comply to new routing syntax by replace . with / in routes/resource locations

* chore: add login controller

* chore: correctly use views with slash instead of dot

* chore: working login + tests

* chore: clean up tests

* chore: add password-forgot endpoint and matching test

* chore: add delete page test

* chore: add logout test

* chore: add reset-password route and tests

* chore: remove obsolete comment

* chore: add account-page and tests

* chore: add data page & first step of the test

* chore: add transfer/import data feature and tests

* chore: add export and basic test

* chore: add all static api routes with tests

* Regenerate 'pnpm-lock.json' and fix bad merge conflict

WIP:
- Tests have been commented out since they dont work
- Server doesn't start

* easier dev and test runs

* - remove --require-pragma from reformat-files so formatting works properly
- run pnpm reformat-files over codebase
- remove .json files from .eslintignore
- add invalid.json file to .eslintignore
- configure prettier properly in eslint config
- add type jsdoc to prettier config
- run adonis generate:manifest command to regenerate ace-manifest.json
- specify volta in package.json
- introduce typecheck npm script
- remove unused .mjs extension from npm scripts
- install missing type definition dependencies
- add pnpm.allowedDeprecatedVersions to package.json
- fix invalid extends in tsconfig.json causing TS issues throughout codebase
- remove @ts-ignore throughout codebase which is not relevant anymore
- enable some of the tsconfig options
- remove outdated eslint-disable from codebase
- change deprecated faker.company.companyName() to faker.company.name()
- fix TS issues inside transfer.spec.ts

* - update to latest node and pnpm versions
- upgrade all non-major dependencies to latest
- install missing @types/luxon dependency
- add cuid to pnpm.allowedDeprecatedVersions
- add esModuleInterop config option to tsconfig
- migrate more deprecated faker methods to new ones
- add more temporary ts-ignore to code

* - update eslint config
- remove trailingComma: all since default in prettier v3
- add typecheck command to prepare-code npm script
- upgrade various dependencies to latest major version
- update tsconfig to include only useful config options
- disable some lint issues and fix others

* - add test command to prepare-code
- disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models
- update precommit hook to excute pnpm prepare-code
- remove ts-ignore statements from all models

* fix node and pnpm dependency update

* add cross env (so that we can develop on windows)

* add signup endpoint (TODO: JWT auth)

* Add login endpoint

* Add me and updateMe endpoints

* Add service endpoint

* refactor: change endpoints to use jwt

* add recipes endpoint

* add workspaces endpoint

* fix web controllors for login and post import

* Update node deps

* Change auth middleware (for web) and exempt api from CSRF

* Add import endpoint (franz import)

* Fix export/import logic

* Fix service and workspace data in user/data

* Fix partial lint

* chore: workaround lint issues

* fix: migration naming had two .

* Sync back node with recipes repo

* Temporarily ignore typescript

* Fix adonisrc to handle public folder static assets

* Fix issue with production database

* add Legacy Password Provider

* Fix lint errors

* Fix issue on login errors frontend

* add Legacy Password Provider

* Fix issue with customIcons

* Fix issue with auth tokens

* Update 'node' to '18.18.0'

* make docker work

* improve docker entrypoint (test api performance)

* Add migration database script

* NODE_ENV on recipes

* prefer @ts-expect-error over @ts-ignore

* small fixes

* Update 'pnpm' to '8.7.6'

* fix error catch

* Automatically generate JWT Public and Private keys

* Use custom Adonis5-jwt

* Update code to use secret (old way, no breaking changes)

* Normalize appKey

* Trick to make JWT tokens on client work with new version

* Fix error with new JWT logic

* Change migration and how we store JWT

* Fix 500 response code (needs to be 401)

* Improve logic and fix bugs

* Fix build and entrypoint logic

* Catch error if appKey changes

* Add newToken logic

* Fix lint (ignore any errors)

* Add build for PRs

* pnpm reformat-files result

* Fix some tests

* Fix reset password not working (test failing)

* Restore csrfTokens (disabled by accident)

* Fix pnpm start command with .env

* Disable failing tests on the transfer endpoint (TODO)

* Add tests to PR build

* Fix build

* Remove unnecessary assertStatus

* Add typecheck

* hash password on UserFactory (fix build)

* Add JWT_USE_PEM true by default (increase security)

* fix name of github action

---------

Co-authored-by: Vijay A <vraravam@users.noreply.github.com>
Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com>
Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com>
Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>
---
 app/Middleware/Auth.ts | 118 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 app/Middleware/Auth.ts

(limited to 'app/Middleware/Auth.ts')

diff --git a/app/Middleware/Auth.ts b/app/Middleware/Auth.ts
new file mode 100644
index 0000000..d0b212c
--- /dev/null
+++ b/app/Middleware/Auth.ts
@@ -0,0 +1,118 @@
+import { GuardsList } from '@ioc:Adonis/Addons/Auth';
+import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
+import { AuthenticationException } from '@adonisjs/auth/build/standalone';
+import * as jose from 'jose';
+import { appKey } from 'Config/app';
+import User from 'App/Models/User';
+
+/**
+ * Auth middleware is meant to restrict un-authenticated access to a given route
+ * or a group of routes.
+ *
+ * You must register this middleware inside `start/kernel.ts` file under the list
+ * of named middleware.
+ */
+export default class AuthMiddleware {
+  /**
+   * The URL to redirect to when request is Unauthorized
+   */
+  protected redirectTo = '/user/login';
+
+  /**
+   * Authenticates the current HTTP request against a custom set of defined
+   * guards.
+   *
+   * The authentication loop stops as soon as the user is authenticated using any
+   * of the mentioned guards and that guard will be used by the rest of the code
+   * during the current request.
+   */
+  protected async authenticate(
+    auth: HttpContextContract['auth'],
+    guards: (keyof GuardsList)[],
+    request: HttpContextContract['request'],
+  ) {
+    /**
+     * Hold reference to the guard last attempted within the for loop. We pass
+     * the reference of the guard to the "AuthenticationException", so that
+     * it can decide the correct response behavior based upon the guard
+     * driver
+     */
+    let guardLastAttempted: string | undefined;
+
+    for (const guard of guards) {
+      guardLastAttempted = guard;
+
+      let isLoggedIn = false;
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        isLoggedIn = await auth.use(guard).check();
+      } catch {
+        // Silent fail to allow the rest of the code to handle the error
+      }
+
+      if (isLoggedIn) {
+        /**
+         * Instruct auth to use the given guard as the default guard for
+         * the rest of the request, since the user authenticated
+         * succeeded here
+         */
+        auth.defaultGuard = guard;
+        return;
+      }
+    }
+
+    // Manually try authenticating using the JWT (verfiy signature required)
+    // Legacy support for JWTs so that the client still works (older than 2.0.0)
+    const authToken = request.headers().authorization?.split(' ')[1];
+    if (authToken) {
+      try {
+        const jwt = await jose.jwtVerify(
+          authToken,
+          new TextEncoder().encode(appKey),
+        );
+        const { uid } = jwt.payload;
+
+        // @ts-expect-error
+        request.user = await User.findOrFail(uid);
+        return;
+      } catch {
+        // Silent fail to allow the rest of the code to handle the error
+      }
+    }
+
+    /**
+     * Unable to authenticate using any guard
+     */
+    throw new AuthenticationException(
+      'Unauthorized access',
+      'E_UNAUTHORIZED_ACCESS',
+      guardLastAttempted,
+      this.redirectTo,
+    );
+  }
+
+  /**
+   * Handle request
+   */
+  public async handle(
+    { request, auth, response }: HttpContextContract,
+    next: () => Promise<void>,
+    customGuards: (keyof GuardsList)[],
+  ) {
+    /**
+     * Uses the user defined guards or the default guard mentioned in
+     * the config file
+     */
+    const guards = customGuards.length > 0 ? customGuards : [auth.name];
+    try {
+      await this.authenticate(auth, guards, request);
+    } catch (error) {
+      // If the user is not authenticated and it is a web endpoint, redirect to the login page
+      if (guards.includes('web')) {
+        return response.redirect(error.redirectTo);
+      }
+      throw error;
+    }
+    await next();
+  }
+}
-- 
cgit v1.2.3-54-g00ecf