auth now actually works straight through google

project.clj

@@ -22,7 +22,10 @@
                  [cljs-http "0.1.44"]
                  [clj-http "3.7.0"]
                  [org.clojure/core.async "0.3.465"]
-                 [fogus/ring-edn "0.3.0"]]
+                 [fogus/ring-edn "0.3.0"]
+                 [buddy/buddy-auth "2.1.0"]
+                 [buddy/buddy-sign "2.1.0"]
+                 [clj-time "0.14.2"]]
   :plugins [[lein-ring "0.9.7"]
             [lein-cljsbuild "1.1.5"]]
   :clean-targets ^{:protect false} ["resources/public/js/compiled" "target"]

src/clj/auto_ap/handler.clj

@@ -15,7 +15,13 @@
             [clojure.java.jdbc :as j]
             [clj-fuzzy.metrics :as m]
             [clj-http.client :as http]
+            [clj-time.core :as time]
+
+            [buddy.auth :refer [authenticated?]]
             
+            [buddy.sign.jwt :as jwt]
+            [buddy.auth.backends.token :refer [jws-backend]]
+            [buddy.auth.middleware :refer [wrap-authorization wrap-authentication]]
             [auto-ap.db.companies :as companies]))
 (defn best-match [companies company-identifier]
   (->> companies
@@ -29,11 +35,14 @@
 (def google-client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com")
 (def google-client-secret "OC-WemHurPXYpuIw5cT-B90g")
 
+(def jwt-secret "auto ap invoices are awesome")
+
 (defroutes app-routes
-  (GET "/" [] (response/resource-response "index.html" {:root "public"}))
+  (GET "/"  [] 
+       (response/resource-response "index.html" {:root "public"}))
   (GET "/api/oauth" {{:strs [code]} :query-params}
        (try
-         (let [result (-> "https://accounts.google.com/o/oauth2/token"
+         (let [token (-> "https://accounts.google.com/o/oauth2/token"
                           (http/post 
                            {:form-params {"client_id" google-client-id
                                           "client_secret" google-client-secret
@@ -42,19 +51,32 @@
                                           "grant_type" "authorization_code"}
                             :as :json})
                           :body
-                          :access_token)]
+                          :access_token)
-           {:status 200
+               profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
-            :body result})
+                                     {:headers {"Authorization" (str "Bearer " token)} :as :json})
+                           :body
+                           :name)
+               ]
+           (if token
+             {:status 301
+              :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test"
+                                                            :exp (time/plus (time/now) (time/days 7))
+                                                            :name profile}
+                                                           jwt-secret
+                                                           {:alg :hs512}))}}
+             {:status 401
+              :body "Couldn't authenticate"}))
          (catch Exception e
-           (println e)
+           
            {:status 401
-            :body "Couldn't authenticate"})))
+            :body (str "Couldn't authenticate " (.toString e))})))
   (GET "/api/invoices" []
        {:status 200
         :body (pr-str (invoices/get-all))
         :headers {"Content-Type" "application/edn"}})
 
-  (GET "/api/invoices/unpaid" {:keys [query-params]}
+  (GET "/api/invoices/unpaid" {:keys [query-params] :as r}
+       (println "TEST" r (authenticated? r))
        {:status 200
         :body (pr-str (invoices/get-unpaid (query-params "company")))
         :headers {"Content-Type" "application/edn"}})
@@ -106,5 +128,14 @@
   (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))
   (route/not-found "Not Found"))
 
+(def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}}))
+
 (def app
-  (wrap-edn-params (mp/wrap-multipart-params (wrap-params (wrap-reload #'app-routes)))))
+  (-> #'app-routes
+      (wrap-authorization auth-backend)
+      (wrap-authentication auth-backend)
+      (wrap-reload)
+      (wrap-params)
+      (mp/wrap-multipart-params)
+      (wrap-edn-params)
+      ))

src/cljs/auto_ap/core.cljs

@@ -27,6 +27,9 @@
 
 (defn ^:export init []
   (dev-setup)
+  (when-let [jwt (.get (js/URLSearchParams. (.-search (.-location js/window))) "jwt")]
+    (println "got jwt" jwt)
+    (.setItem js/localStorage "jwt" jwt))
   (pushy/start! (pushy/pushy dispatch-route parse-url))
   (re-frame/dispatch-sync [::events/initialize-db])
   (mount-root))

src/cljs/auto_ap/db.cljs

@@ -1,7 +1,7 @@
 (ns auto-ap.db)
 
 (def default-db
-  {:user nil
+  {:user (.getItem js/localStorage "jwt")
    :company {:name "Campbell Brewing Company"}
    :companies [{:name "Campbell Brewing Company"
                 :matches ["campbell brewing company" "campbell brewery company" "campbell brewing"]}

src/cljs/auto_ap/subs.cljs

@@ -1,5 +1,7 @@
 (ns auto-ap.subs
-  (:require [re-frame.core :as re-frame]))
+  (:require [re-frame.core :as re-frame]
+            [clojure.string :as str]
+            [goog.crypt.base64 :as base64]))
 
 (re-frame/reg-sub
  ::company
@@ -19,7 +21,10 @@
 (re-frame/reg-sub
  ::user
  (fn [db]
-   (:user db)))
+   (when (:user db)
+     (let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))]
+       (println  x)
+       {:name name}))))
 
 (re-frame/reg-sub
  ::active-page

src/cljs/auto_ap/views.cljs

@@ -224,7 +224,8 @@
   )
 (defn login []
   (let [user (re-frame/subscribe [::subs/user])]
-    [:a {:class "navbar-link login" :href (login-url)} (or (get @user "name") "Login")]))
+    (println @user)
+    [:a {:class "navbar-link login" :href (login-url)} (or (:name @user) "Login")]))
 
 (defn main-panel []
   (let [company (re-frame/subscribe [::subs/company])