diff --git a/src/clj/auto_ap/handler.clj b/src/clj/auto_ap/handler.clj index e140aeca..adcabc3b 100644 --- a/src/clj/auto_ap/handler.clj +++ b/src/clj/auto_ap/handler.clj @@ -32,44 +32,15 @@ (def jwt-secret "auto ap invoices are awesome") (defcredential "AKIAIRKDGLBX7J7VJZ6Q" "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo" "us-east-1") -(defroutes unauthenticated-routes - (GET "/" [] - (response/resource-response "index.html" {:root "public"})) - (GET "/api/oauth" {{:strs [code]} :query-params :keys [scheme] :as r {:strs [host]} :headers} - - (try - (let [auth (-> "https://accounts.google.com/o/oauth2/token" - (http/post - {:form-params {"client_id" google-client-id - "client_secret" google-client-secret - "code" code - "redirect_uri" (str (:scheme env) "://" host "/api/oauth") - "grant_type" "authorization_code"} - :as :json}) - :body) - _ (println auth) - token (:access_token auth) - profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo" - {:headers {"Authorization" (str "Bearer " token)} :as :json}) - :body - (doto println)) - user (users/find-or-insert! {:provider "google" - :provider_id (:id profile)})] - - (if (and token user) - {:status 301 - :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test" - :exp (time/plus (time/now) (time/days 7)) - :companies (:companies user) - :name (:name profile)} - jwt-secret - {:alg :hs512}))}} - {:status 401 - :body "Couldn't authenticate"})) - (catch Exception e - - {:status 401 - :body (str "Couldn't authenticate " (.toString e))}))) +(defn wrap-secure [handler] + (fn [request] + (if (authenticated? request) + (handler request) + {:status 401 + :body "not authenticated"}))) + +(defroutes static-routes + (GET "/" [] (response/resource-response "index.html" {:root "public"})) (route/resources "/") (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))) @@ -172,26 +143,57 @@ :body "{}" :headers {"Content-Type" "application/edn"}}))) +(defroutes auth-routes + (GET "/oauth" {{:strs [code]} :query-params :keys [scheme] :as r {:strs [host]} :headers} + (try + (let [auth (-> "https://accounts.google.com/o/oauth2/token" + (http/post + {:form-params {"client_id" google-client-id + "client_secret" google-client-secret + "code" code + "redirect_uri" (str (:scheme env) "://" host "/api/oauth") + "grant_type" "authorization_code"} + :as :json}) + :body) + _ (println auth) + token (:access_token auth) + profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo" + {:headers {"Authorization" (str "Bearer " token)} :as :json}) + :body + (doto println)) + user (users/find-or-insert! {:provider "google" + :provider_id (:id profile)})] + + (if (and token user) + {:status 301 + :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test" + :exp (time/plus (time/now) (time/days 7)) + :companies (:companies user) + :name (:name profile)} + jwt-secret + {:alg :hs512}))}} + {:status 401 + :body "Couldn't authenticate"})) + (catch Exception e + + {:status 401 + :body (str "Couldn't authenticate " (.toString e))})))) + (defroutes api-routes (context "/api" [] - invoice-routes - company-routes - vendor-routes - reminder-routes)) + (wrap-routes invoice-routes wrap-secure) + (wrap-routes company-routes wrap-secure) + (wrap-routes vendor-routes wrap-secure) + (wrap-routes reminder-routes wrap-secure) + auth-routes)) -(defn wrap-secure [handler] - (fn [request] - (if (authenticated? request) - (handler request) - {:status 401 - :body "not authenticated"}))) (def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}})) + (def app-routes (routes - (wrap-routes api-routes - wrap-secure) - unauthenticated-routes)) + api-routes + static-routes)) (def app (-> #'app-routes