notid/integreat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

routes are now secured.

Browse Source
This commit is contained in:
Bryce Covert
2017-12-19 09:13:45 -08:00
parent 36806c9cf6
commit 5e842a697b
5 changed files with 48 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/clj/auto_ap/handler.clj
View File

@@ -37,21 +37,21 @@
(def jwt-secret "auto ap invoices are awesome")
(defroutes app-routes
(defroutes unauthenticated-routes
(GET "/" []
(response/resource-response "index.html" {:root "public"}))
(GET "/api/oauth" {{:strs [code]} :query-params}
(try
(let [token (-> "https://accounts.google.com/o/oauth2/token"
(http/post
{:form-params {"client_id" google-client-id
"client_secret" google-client-secret
"code" code
"redirect_uri" "http://localhost:3449/api/oauth"
"grant_type" "authorization_code"}
:as :json})
:body
:access_token)
(http/post
{:form-params {"client_id" google-client-id
"client_secret" google-client-secret
"code" code
"redirect_uri" "http://localhost:3449/api/oauth"
"grant_type" "authorization_code"}
:as :json})
:body
:access_token)
profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
{:headers {"Authorization" (str "Bearer " token)} :as :json})
:body
@@ -70,13 +70,17 @@
{:status 401
:body (str "Couldn't authenticate " (.toString e))})))
(route/resources "/")
(routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))))
(defroutes api-routes
(GET "/api/invoices" []
{:status 200
:body (pr-str (invoices/get-all))
:headers {"Content-Type" "application/edn"}})
(GET "/api/invoices/unpaid" {:keys [query-params] :as r}
(println "TEST" r (authenticated? r))
{:status 200
:body (pr-str (invoices/get-unpaid (query-params "company")))
:headers {"Content-Type" "application/edn"}})
@@ -123,15 +127,24 @@
)))
{:status 200
:body (pr-str (invoices/get-pending ((:query-params params ) "company")))
:headers {"Content-Type" "application/edn"}}))
(route/resources "/")
(routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))
(route/not-found "Not Found"))
:headers {"Content-Type" "application/edn"}})))
(defn wrap-secure [handler]
(fn [request]
(if (authenticated? request)
(handler request)
{:status 401
:body "not authenticated"})))
(def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}}))
(def app-routes
(routes
(wrap-routes api-routes
wrap-secure)
unauthenticated-routes))
(def app
(-> #'app-routes
(-> #'app-routes
(wrap-authorization auth-backend)
(wrap-authentication auth-backend)
(wrap-reload)

21
src/cljs/auto_ap/effects.cljs
View File

@@ -14,13 +14,16 @@
(re-frame/reg-fx
:http
(fn [{:keys [method uri on-success body headers]}]
(fn [{:keys [method uri on-success body headers token]}]
(go
(->> (http/request {:method method
:body body
:headers headers
:url uri})
(<! )
:body
(conj on-success)
(re-frame/dispatch)))))
(let [headers (if token
(assoc headers "Authorization" (str "Token " token))
headers)]
(->> (http/request {:method method
:body body
:headers headers
:url uri})
(<! )
:body
(conj on-success)
(re-frame/dispatch))))))

5
src/cljs/auto_ap/events.cljs
View File

@@ -41,6 +41,7 @@
::approve-invoices
(fn [cofx [_]]
{:http {:method :post
:token (-> cofx :db :user)
:uri (str "/api/invoices/approve"
(when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name)))
@@ -52,6 +53,7 @@
(fn [cofx []]
{:db (assoc-in (:db cofx) [:status :loading] true)
:http {:method :get
:token (-> cofx :db :user)
:uri (str "/api/invoices/pending"
(when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name)))
@@ -62,6 +64,7 @@
(fn [cofx []]
{:db (assoc-in (:db cofx) [:status :loading] true)
:http {:method :get
:token (-> cofx :db :user)
:uri (str "/api/invoices/unpaid"
(when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name)))
@@ -71,6 +74,7 @@
::reject-invoices
(fn [cofx [_]]
{:http {:method :post
:token (-> cofx :db :user)
:uri (str "/api/invoices/reject"
(when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name)))
@@ -86,6 +90,7 @@
(fn [{:keys [db]} [_ invoice]]
{:http {:method :post
:token (-> db :user)
:uri "/api/invoices"
:body (pr-str {:rows [(assoc invoice :imported true)]})
:headers {"Content-Type" "application/edn"}

1
src/cljs/auto_ap/subs.cljs
View File

@@ -23,7 +23,6 @@
(fn [db]
(when (:user db)
(let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))]
(println x)
{:name name}))))
(re-frame/reg-sub

5
src/cljs/auto_ap/views.cljs
View File

@@ -220,11 +220,10 @@
(defn login-url []
(let [client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com"
redirect-uri "http%3A%2F%2Flocalhost%3A3449%2Fapi%2Foauth"]
(str "https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=" client-id "&redirect_uri=" redirect-uri "&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile"))
)
(str "https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=" client-id "&redirect_uri=" redirect-uri "&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile")))
(defn login []
(let [user (re-frame/subscribe [::subs/user])]
(println @user)
[:a {:class "navbar-link login" :href (login-url)} (or (:name @user) "Login")]))
(defn main-panel []