routes are now secured.

2017-12-19 09:13:45 -08:00
parent 36806c9cf6
commit 5e842a697b
5 changed files with 48 additions and 29 deletions
--- a/src/clj/auto_ap/handler.clj
+++ b/src/clj/auto_ap/handler.clj
@@ -37,21 +37,21 @@

 (def jwt-secret "auto ap invoices are awesome")

-(defroutes app-routes
+(defroutes unauthenticated-routes
  (GET "/"  [] 
       (response/resource-response "index.html" {:root "public"}))
  (GET "/api/oauth" {{:strs [code]} :query-params}
       (try
         (let [token (-> "https://accounts.google.com/o/oauth2/token"
-                          (http/post 
-                           {:form-params {"client_id" google-client-id
-                                          "client_secret" google-client-secret
-                                          "code" code
-                                          "redirect_uri" "http://localhost:3449/api/oauth"
-                                          "grant_type" "authorization_code"}
-                            :as :json})
-                          :body
-                          :access_token)
+                         (http/post 
+                          {:form-params {"client_id" google-client-id
+                                         "client_secret" google-client-secret
+                                         "code" code
+                                         "redirect_uri" "http://localhost:3449/api/oauth"
+                                         "grant_type" "authorization_code"}
+                           :as :json})
+                         :body
+                         :access_token)
               profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
                                     {:headers {"Authorization" (str "Bearer " token)} :as :json})
                           :body
@@ -70,13 +70,17 @@
           
           {:status 401
            :body (str "Couldn't authenticate " (.toString e))})))
+  (route/resources "/")
+  (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))))
+
+(defroutes api-routes
+  
  (GET "/api/invoices" []
       {:status 200
        :body (pr-str (invoices/get-all))
        :headers {"Content-Type" "application/edn"}})

  (GET "/api/invoices/unpaid" {:keys [query-params] :as r}
-       (println "TEST" r (authenticated? r))
       {:status 200
        :body (pr-str (invoices/get-unpaid (query-params "company")))
        :headers {"Content-Type" "application/edn"}})
@@ -123,15 +127,24 @@
                    )))
          {:status 200
           :body (pr-str (invoices/get-pending ((:query-params params ) "company")))
-           :headers {"Content-Type" "application/edn"}}))
-  (route/resources "/")
-  (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))
-  (route/not-found "Not Found"))
+           :headers {"Content-Type" "application/edn"}})))
+
+(defn wrap-secure [handler]
+  (fn [request]
+    (if (authenticated? request)
+      (handler request)
+      {:status 401
+       :body "not authenticated"})))

 (def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}}))
+(def app-routes
+  (routes 
+   (wrap-routes api-routes
+                wrap-secure)
+   unauthenticated-routes))

 (def app
-  (-> #'app-routes
+  (->  #'app-routes
      (wrap-authorization auth-backend)
      (wrap-authentication auth-backend)
      (wrap-reload)