notid/integreat
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

routes are now secured.

Browse Source
This commit is contained in:
Bryce Covert
2017-12-19 09:13:45 -08:00
parent 36806c9cf6
commit 5e842a697b
5 changed files with 48 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/clj/auto_ap/handler.clj
View File

@@ -37,21 +37,21 @@
(def jwt-secret "auto ap invoices are awesome") (def jwt-secret "auto ap invoices are awesome")
(defroutes app-routes (defroutes unauthenticated-routes
(GET "/" [] (GET "/" []
(response/resource-response "index.html" {:root "public"})) (response/resource-response "index.html" {:root "public"}))
(GET "/api/oauth" {{:strs [code]} :query-params} (GET "/api/oauth" {{:strs [code]} :query-params}
(try (try
(let [token (-> "https://accounts.google.com/o/oauth2/token" (let [token (-> "https://accounts.google.com/o/oauth2/token"
(http/post (http/post
{:form-params {"client_id" google-client-id {:form-params {"client_id" google-client-id
"client_secret" google-client-secret "client_secret" google-client-secret
"code" code "code" code
"redirect_uri" "http://localhost:3449/api/oauth" "redirect_uri" "http://localhost:3449/api/oauth"
"grant_type" "authorization_code"} "grant_type" "authorization_code"}
:as :json}) :as :json})
:body :body
:access_token) :access_token)
profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo" profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
{:headers {"Authorization" (str "Bearer " token)} :as :json}) {:headers {"Authorization" (str "Bearer " token)} :as :json})
:body :body
@@ -70,13 +70,17 @@
{:status 401 {:status 401
:body (str "Couldn't authenticate " (.toString e))}))) :body (str "Couldn't authenticate " (.toString e))})))
(route/resources "/")
(routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))))
(defroutes api-routes
(GET "/api/invoices" [] (GET "/api/invoices" []
{:status 200 {:status 200
:body (pr-str (invoices/get-all)) :body (pr-str (invoices/get-all))
:headers {"Content-Type" "application/edn"}}) :headers {"Content-Type" "application/edn"}})
(GET "/api/invoices/unpaid" {:keys [query-params] :as r} (GET "/api/invoices/unpaid" {:keys [query-params] :as r}
(println "TEST" r (authenticated? r))
{:status 200 {:status 200
:body (pr-str (invoices/get-unpaid (query-params "company"))) :body (pr-str (invoices/get-unpaid (query-params "company")))
:headers {"Content-Type" "application/edn"}}) :headers {"Content-Type" "application/edn"}})
@@ -123,15 +127,24 @@
))) )))
{:status 200 {:status 200
:body (pr-str (invoices/get-pending ((:query-params params ) "company"))) :body (pr-str (invoices/get-pending ((:query-params params ) "company")))
:headers {"Content-Type" "application/edn"}})) :headers {"Content-Type" "application/edn"}})))
(route/resources "/")
(routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))) (defn wrap-secure [handler]
(route/not-found "Not Found")) (fn [request]
(if (authenticated? request)
(handler request)
{:status 401
:body "not authenticated"})))
(def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}})) (def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}}))
(def app-routes
(routes
(wrap-routes api-routes
wrap-secure)
unauthenticated-routes))
(def app (def app
(-> #'app-routes (-> #'app-routes
(wrap-authorization auth-backend) (wrap-authorization auth-backend)
(wrap-authentication auth-backend) (wrap-authentication auth-backend)
(wrap-reload) (wrap-reload)

21
src/cljs/auto_ap/effects.cljs
View File

@@ -14,13 +14,16 @@
(re-frame/reg-fx (re-frame/reg-fx
:http :http
(fn [{:keys [method uri on-success body headers]}] (fn [{:keys [method uri on-success body headers token]}]
(go (go
(->> (http/request {:method method (let [headers (if token
:body body (assoc headers "Authorization" (str "Token " token))
:headers headers headers)]
:url uri}) (->> (http/request {:method method
(<! ) :body body
:body :headers headers
(conj on-success) :url uri})
(re-frame/dispatch))))) (<! )
:body
(conj on-success)
(re-frame/dispatch))))))

5
src/cljs/auto_ap/events.cljs
View File

@@ -41,6 +41,7 @@
::approve-invoices ::approve-invoices
(fn [cofx [_]] (fn [cofx [_]]
{:http {:method :post {:http {:method :post
:token (-> cofx :db :user)
:uri (str "/api/invoices/approve" :uri (str "/api/invoices/approve"
(when-let [company-name (-> cofx :db :company :name)] (when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name))) (str "?company=" company-name)))
@@ -52,6 +53,7 @@
(fn [cofx []] (fn [cofx []]
{:db (assoc-in (:db cofx) [:status :loading] true) {:db (assoc-in (:db cofx) [:status :loading] true)
:http {:method :get :http {:method :get
:token (-> cofx :db :user)
:uri (str "/api/invoices/pending" :uri (str "/api/invoices/pending"
(when-let [company-name (-> cofx :db :company :name)] (when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name))) (str "?company=" company-name)))
@@ -62,6 +64,7 @@
(fn [cofx []] (fn [cofx []]
{:db (assoc-in (:db cofx) [:status :loading] true) {:db (assoc-in (:db cofx) [:status :loading] true)
:http {:method :get :http {:method :get
:token (-> cofx :db :user)
:uri (str "/api/invoices/unpaid" :uri (str "/api/invoices/unpaid"
(when-let [company-name (-> cofx :db :company :name)] (when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name))) (str "?company=" company-name)))
@@ -71,6 +74,7 @@
::reject-invoices ::reject-invoices
(fn [cofx [_]] (fn [cofx [_]]
{:http {:method :post {:http {:method :post
:token (-> cofx :db :user)
:uri (str "/api/invoices/reject" :uri (str "/api/invoices/reject"
(when-let [company-name (-> cofx :db :company :name)] (when-let [company-name (-> cofx :db :company :name)]
(str "?company=" company-name))) (str "?company=" company-name)))
@@ -86,6 +90,7 @@
(fn [{:keys [db]} [_ invoice]] (fn [{:keys [db]} [_ invoice]]
{:http {:method :post {:http {:method :post
:token (-> db :user)
:uri "/api/invoices" :uri "/api/invoices"
:body (pr-str {:rows [(assoc invoice :imported true)]}) :body (pr-str {:rows [(assoc invoice :imported true)]})
:headers {"Content-Type" "application/edn"} :headers {"Content-Type" "application/edn"}

1
src/cljs/auto_ap/subs.cljs
View File

@@ -23,7 +23,6 @@
(fn [db] (fn [db]
(when (:user db) (when (:user db)
(let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))] (let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))]
(println x)
{:name name})))) {:name name}))))
(re-frame/reg-sub (re-frame/reg-sub

5
src/cljs/auto_ap/views.cljs
View File

@@ -220,11 +220,10 @@
(defn login-url [] (defn login-url []
(let [client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com" (let [client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com"
redirect-uri "http%3A%2F%2Flocalhost%3A3449%2Fapi%2Foauth"] redirect-uri "http%3A%2F%2Flocalhost%3A3449%2Fapi%2Foauth"]
(str "https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=" client-id "&redirect_uri=" redirect-uri "&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile")) (str "https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=" client-id "&redirect_uri=" redirect-uri "&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile")))
)
(defn login [] (defn login []
(let [user (re-frame/subscribe [::subs/user])] (let [user (re-frame/subscribe [::subs/user])]
(println @user)
[:a {:class "navbar-link login" :href (login-url)} (or (:name @user) "Login")])) [:a {:class "navbar-link login" :href (login-url)} (or (:name @user) "Login")]))
(defn main-panel [] (defn main-panel []