reworked routes.

2018-04-06 08:13:23 -07:00
parent 66638bd6a6
commit b12a168421
1 changed files with 53 additions and 51 deletions
--- a/src/clj/auto_ap/handler.clj
+++ b/src/clj/auto_ap/handler.clj
@@ -32,44 +32,15 @@
 (def jwt-secret "auto ap invoices are awesome")
 (defcredential "AKIAIRKDGLBX7J7VJZ6Q" "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo" "us-east-1")
-(defroutes unauthenticated-routes
+(defn wrap-secure [handler]
-  (GET "/"  [] 
+  (fn [request]
-       (response/resource-response "index.html" {:root "public"}))
+    (if (authenticated? request)
-  (GET "/api/oauth" {{:strs [code]} :query-params :keys [scheme] :as r {:strs [host]} :headers}
+      (handler request)
-       
+      {:status 401
-       (try
+       :body "not authenticated"})))
-         (let [auth (-> "https://accounts.google.com/o/oauth2/token"
+
-                         (http/post 
+(defroutes static-routes
-                          {:form-params {"client_id" google-client-id
+  (GET "/"  [] (response/resource-response "index.html" {:root "public"})) 
                                         "client_secret" google-client-secret
                                         "code" code
                                         "redirect_uri" (str (:scheme env) "://" host  "/api/oauth")
                                         "grant_type" "authorization_code"}
                           :as :json})
                         :body)
               _ (println auth)
               token (:access_token auth)
               profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
                                     {:headers {"Authorization" (str "Bearer " token)} :as :json})
                           :body
                           (doto println))
               user (users/find-or-insert! {:provider "google"
                                            :provider_id (:id profile)})]
           (if (and token user)
             {:status 301
              :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test"
                                                            :exp (time/plus (time/now) (time/days 7))
                                                            :companies (:companies user)
                                                            :name (:name profile)}
                                                           jwt-secret
                                                           {:alg :hs512}))}}
             {:status 401
              :body "Couldn't authenticate"}))
         (catch Exception e
           {:status 401
            :body (str "Couldn't authenticate "  (.toString e))})))
  (route/resources "/")
  (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))))
@@ -172,26 +143,57 @@
                  :body "{}"
                  :headers {"Content-Type" "application/edn"}})))
 (defroutes auth-routes
  (GET "/oauth" {{:strs [code]} :query-params :keys [scheme] :as r {:strs [host]} :headers}
       (try
         (let [auth (-> "https://accounts.google.com/o/oauth2/token"
                        (http/post 
                         {:form-params {"client_id" google-client-id
                                        "client_secret" google-client-secret
                                        "code" code
                                        "redirect_uri" (str (:scheme env) "://" host  "/api/oauth")
                                        "grant_type" "authorization_code"}
                          :as :json})
                        :body)
               _ (println auth)
               token (:access_token auth)
               profile (-> (http/get "https://www.googleapis.com/oauth2/v1/userinfo"
                                     {:headers {"Authorization" (str "Bearer " token)} :as :json})
                           :body
                           (doto println))
               user (users/find-or-insert! {:provider "google"
                                            :provider_id (:id profile)})]
           (if (and token user)
             {:status 301
              :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test"
                                                            :exp (time/plus (time/now) (time/days 7))
                                                            :companies (:companies user)
                                                            :name (:name profile)}
                                                           jwt-secret
                                                           {:alg :hs512}))}}
             {:status 401
              :body "Couldn't authenticate"}))
         (catch Exception e
           {:status 401
            :body (str "Couldn't authenticate "  (.toString e))}))))
 (defroutes api-routes
  (context "/api" []
-           invoice-routes
+           (wrap-routes invoice-routes wrap-secure)
-           company-routes
+           (wrap-routes company-routes wrap-secure)
-           vendor-routes
+           (wrap-routes vendor-routes wrap-secure)
-           reminder-routes))
+           (wrap-routes reminder-routes wrap-secure)
           auth-routes))
 (defn wrap-secure [handler]
  (fn [request]
    (if (authenticated? request)
      (handler request)
      {:status 401
       :body "not authenticated"})))
 (def auth-backend (jws-backend {:secret jwt-secret :options {:alg :hs512}}))
 (def app-routes
  (routes 
-   (wrap-routes api-routes
+   api-routes
-                wrap-secure)
+   static-routes))
   unauthenticated-routes))
 (def app
  (->  #'app-routes