auth now actually works straight through google

2017-12-18 22:45:24 -08:00
parent 3b3295f535
commit 36806c9cf6
6 changed files with 57 additions and 14 deletions
--- a/src/clj/auto_ap/handler.clj
+++ b/src/clj/auto_ap/handler.clj
@@ -15,7 +15,13 @@
            [clojure.java.jdbc :as j]
            [clj-fuzzy.metrics :as m]
            [clj-http.client :as http]
+            [clj-time.core :as time]
+
+            [buddy.auth :refer [authenticated?]]
            
+            [buddy.sign.jwt :as jwt]
+            [buddy.auth.backends.token :refer [jws-backend]]
+            [buddy.auth.middleware :refer [wrap-authorization wrap-authentication]]
            [auto-ap.db.companies :as companies]))
 (defn best-match [companies company-identifier]
  (->> companies
@@ -29,11 +35,14 @@
 (def google-client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com")
 (def google-client-secret "OC-WemHurPXYpuIw5cT-B90g")

+(def jwt-secret "auto ap invoices are awesome")
+
 (defroutes app-routes
-  (GET "/" [] (response/resource-response "index.html" {:root "public"}))
+  (GET "/"  [] 
+       (response/resource-response "index.html" {:root "public"}))
  (GET "/api/oauth" {{:strs [code]} :query-params}
       (try
-         (let [result (-> "https://accounts.google.com/o/oauth2/token"
+         (let [token (-> "https://accounts.google.com/o/oauth2/token"
                          (http/post 
                           {:form-params {"client_id" google-client-id
                                          "client_secret" google-client-secret
@@ -42,19 +51,32 @@
                                          "grant_type" "authorization_code"}
                            :as :json})
                          :body
-                          :access_token)]
-           {:status 200
-            :body result})
+                          :access_token)
+               profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
+                                     {:headers {"Authorization" (str "Bearer " token)} :as :json})
+                           :body
+                           :name)
+               ]
+           (if token
+             {:status 301
+              :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test"
+                                                            :exp (time/plus (time/now) (time/days 7))
+                                                            :name profile}
+                                                           jwt-secret
+                                                           {:alg :hs512}))}}
+             {:status 401
+              :body "Couldn't authenticate"}))
         (catch Exception e
-           (println e)
+           
           {:status 401
-            :body "Couldn't authenticate"})))
+            :body (str "Couldn't authenticate " (.toString e))})))
  (GET "/api/invoices" []
       {:status 200
        :body (pr-str (invoices/get-all))
        :headers {"Content-Type" "application/edn"}})

-  (GET "/api/invoices/unpaid" {:keys [query-params]}
+  (GET "/api/invoices/unpaid" {:keys [query-params] :as r}
+       (println "TEST" r (authenticated? r))
       {:status 200
        :body (pr-str (invoices/get-unpaid (query-params "company")))
        :headers {"Content-Type" "application/edn"}})
@@ -106,5 +128,14 @@
  (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))
  (route/not-found "Not Found"))

+(def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}}))
+
 (def app
-  (wrap-edn-params (mp/wrap-multipart-params (wrap-params (wrap-reload #'app-routes)))))
+  (-> #'app-routes
+      (wrap-authorization auth-backend)
+      (wrap-authentication auth-backend)
+      (wrap-reload)
+      (wrap-params)
+      (mp/wrap-multipart-params)
+      (wrap-edn-params)
+      ))