moved security.

2018-04-06 09:20:51 -07:00
parent b93808f1df
commit c74e4fceaa
7 changed files with 100 additions and 90 deletions
--- a/src/clj/auto_ap/background/mail.clj
+++ b/src/clj/auto_ap/background/mail.clj
@@ -20,7 +20,7 @@
            Flags$Flag AuthenticationFailedException]
           (com.sun.mail.imap IMAPStore)))

-(def  queue-url "https://sqs.us-east-1.amazonaws.com/679918342773/integreat-mail-prod")
+(def queue-url "https://sqs.us-east-1.amazonaws.com/679918342773/integreat-mail-prod")

 (defn process-sqs []
  (println "Fetching messages from sqs...")
--- a/src/clj/auto_ap/handler.clj
+++ b/src/clj/auto_ap/handler.clj
@@ -13,7 +13,7 @@
            [ring.middleware.edn :refer [wrap-edn-params]]
            [clojure.java.jdbc :as j]
            [config.core :refer [env]]
-            [buddy.auth :refer [authenticated?]]
+            
            [buddy.auth.backends.token :refer [jws-backend]]
            [buddy.auth.middleware :refer [wrap-authorization wrap-authentication]]
            [auto-ap.routes.companies :as companies]
@@ -24,26 +24,17 @@

 (defcredential "AKIAIRKDGLBX7J7VJZ6Q" "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo" "us-east-1")

-(defn wrap-secure [handler]
-  (fn [request]
-    (if (authenticated? request)
-      (handler request)
-      {:status 401
-       :body "not authenticated"})))
-
 (defroutes static-routes
  (GET "/"  [] (response/resource-response "index.html" {:root "public"})) 
  (route/resources "/")
  (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))))

-
-
 (defroutes api-routes
  (context "/api" []
-           (wrap-routes invoices/routes wrap-secure)
-           (wrap-routes companies/routes wrap-secure)
-           (wrap-routes vendors/routes wrap-secure)
-           (wrap-routes reminders/routes wrap-secure)
+           invoices/routes
+           companies/routes
+           vendors/routes
+           reminders/routes
           auth/routes))


--- a/src/clj/auto_ap/routes/companies.clj
+++ b/src/clj/auto_ap/routes/companies.clj
@@ -1,14 +1,17 @@
 (ns auto-ap.routes.companies
-  (:require [compojure.core :refer [context GET PUT defroutes]]
-            [auto-ap.db.companies :as companies]))
+  (:require [compojure.core :refer [context GET PUT defroutes wrap-routes]]
+            [auto-ap.db.companies :as companies]
+            [auto-ap.routes.utils :refer [wrap-secure]]))

 (defroutes routes
-  (context "/companies" []
-           (GET "/" []
-                {:status 200
-                 :body (pr-str (companies/get-all))
-                 :headers {"Content-Type" "application/edn"}})
-           (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
-                {:status 200
-                 :body (pr-str (companies/upsert id edn-params))
-                 :headers {"Content-Type" "application/edn"}})))
+  (wrap-routes
+   (context "/companies" []
+            (GET "/" []
+                 {:status 200
+                  :body (pr-str (companies/get-all))
+                  :headers {"Content-Type" "application/edn"}})
+            (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
+                 {:status 200
+                  :body (pr-str (companies/upsert id edn-params))
+                  :headers {"Content-Type" "application/edn"}}))
+   wrap-secure))
--- a/src/clj/auto_ap/routes/invoices.clj
+++ b/src/clj/auto_ap/routes/invoices.clj
@@ -1,62 +1,65 @@
 (ns auto-ap.routes.invoices
-  (:require [compojure.core :refer [context GET PUT POST defroutes]]
+  (:require [compojure.core :refer [context GET PUT POST defroutes wrap-routes]]
            [auto-ap.db.invoices :as invoices]
            [auto-ap.db.companies :as companies]
-            [auto-ap.parse :as parse]))
+            [auto-ap.parse :as parse]
+            [auto-ap.routes.utils :refer [wrap-secure]]))

 (defroutes routes
-  (context "/invoices" []
-           (GET "/" []
-                {:status 200
-                 :body (pr-str (invoices/get-all))
-                 :headers {"Content-Type" "application/edn"}})
-
-           (GET "/unpaid" {:keys [query-params] :as r}
-                {:status 200
-                 :body (pr-str (invoices/get-unpaid (query-params "company")))
-                 :headers {"Content-Type" "application/edn"}})
-
-           (GET "/pending" {:keys [query-params]}
-                {:status 200
-                 :body (pr-str (invoices/get-pending (query-params "company")))
-                 :headers {"Content-Type" "application/edn"}})
-           (POST "/" {:keys [edn-params]}
-                 (invoices/insert-multi! (:rows edn-params))
+  (wrap-routes
+   (context "/invoices" []
+            (GET "/" []
                 {:status 200
                  :body (pr-str (invoices/get-all))
                  :headers {"Content-Type" "application/edn"}})
-           (POST "/approve" {:keys [query-params]}
-                 (invoices/approve)
+
+            (GET "/unpaid" {:keys [query-params] :as r}
+                 {:status 200
+                  :body (pr-str (invoices/get-unpaid (query-params "company")))
+                  :headers {"Content-Type" "application/edn"}})
+
+            (GET "/pending" {:keys [query-params]}
                 {:status 200
                  :body (pr-str (invoices/get-pending (query-params "company")))
                  :headers {"Content-Type" "application/edn"}})
-           (POST "/reject" {:keys [query-params]}
-                 (invoices/reject)
-                 {:status 200
-                  :body (pr-str (invoices/get-pending (query-params "company")))
-                  :headers {"Content-Type" "application/edn"}})
-           (POST "/upload"
-                 {{  files "file"} :params :as params}
-                 (let [{:keys [filename tempfile]} files
-                       existing-invoices (invoices/get-all)
-                       companies (companies/get-all)]
-                   (invoices/insert-multi!
-                    (for [{:keys [total date invoice-number customer-identifier vendor] :as row}
-                          (parse/parse-file (.getPath tempfile) filename)]
-                      (assoc row
-                             :company-id (:id (parse/best-match companies customer-identifier))
+            (POST "/" {:keys [edn-params]}
+                  (invoices/insert-multi! (:rows edn-params))
+                  {:status 200
+                   :body (pr-str (invoices/get-all))
+                   :headers {"Content-Type" "application/edn"}})
+            (POST "/approve" {:keys [query-params]}
+                  (invoices/approve)
+                  {:status 200
+                   :body (pr-str (invoices/get-pending (query-params "company")))
+                   :headers {"Content-Type" "application/edn"}})
+            (POST "/reject" {:keys [query-params]}
+                  (invoices/reject)
+                  {:status 200
+                   :body (pr-str (invoices/get-pending (query-params "company")))
+                   :headers {"Content-Type" "application/edn"}})
+            (POST "/upload"
+                  {{  files "file"} :params :as params}
+                  (let [{:keys [filename tempfile]} files
+                        existing-invoices (invoices/get-all)
+                        companies (companies/get-all)]
+                    (invoices/insert-multi!
+                     (for [{:keys [total date invoice-number customer-identifier vendor] :as row}
+                           (parse/parse-file (.getPath tempfile) filename)]
+                       (assoc row
+                              :company-id (:id (parse/best-match companies customer-identifier))

-                             :imported false
-                             :potential-duplicate (boolean (seq (filter #(and (= vendor (:vendor %))
-                                                                              (= invoice-number (:invoice-number %)))
-                                                                        existing-invoices)))
-                             )))
-                   {:status 200
-                    :body (pr-str (invoices/get-pending ((:query-params params ) "company")))
-                    :headers {"Content-Type" "application/edn"}})) 
+                              :imported false
+                              :potential-duplicate (boolean (seq (filter #(and (= vendor (:vendor %))
+                                                                               (= invoice-number (:invoice-number %)))
+                                                                         existing-invoices)))
+                              )))
+                    {:status 200
+                     :body (pr-str (invoices/get-pending ((:query-params params ) "company")))
+                     :headers {"Content-Type" "application/edn"}})) 

-           ;; Removing the export view for now...
-           #_(wrap-json-response (GET "/export" {:keys [query-params]}
-                                      (println query-params)
-                                      (doto (invoices/get-unpaid (query-params "company"))
-                                        println)))))
+            ;; Removing the export view for now...
+            #_(wrap-json-response (GET "/export" {:keys [query-params]}
+                                       (println query-params)
+                                       (doto (invoices/get-unpaid (query-params "company"))
+                                         println))))
+   wrap-secure))
--- a/src/clj/auto_ap/routes/reminders.clj
+++ b/src/clj/auto_ap/routes/reminders.clj
@@ -1,7 +1,8 @@
 (ns auto-ap.routes.reminders
  (:require [compojure.core :refer [context GET POST defroutes]]
            [auto-ap.db.vendors :as vendors]
-            [amazonica.aws.simpleemail :as ses]))
+            [amazonica.aws.simpleemail :as ses]
+            ))


 (defroutes routes
--- a/src/clj/auto_ap/routes/utils.clj
+++ b/src/clj/auto_ap/routes/utils.clj
@@ -0,0 +1,9 @@
+(ns auto-ap.routes.utils
+  (:require [buddy.auth :refer [authenticated?]]))
+
+(defn wrap-secure [handler]
+  (fn [request]
+    (if (authenticated? request)
+      (handler request)
+      {:status 401
+       :body "not authenticated"})))
--- a/src/clj/auto_ap/routes/vendors.clj
+++ b/src/clj/auto_ap/routes/vendors.clj
@@ -1,18 +1,21 @@
 (ns auto-ap.routes.vendors
-  (:require [compojure.core :refer [context GET PUT POST defroutes]]
-            [auto-ap.db.vendors :as vendors]))
+  (:require [compojure.core :refer [context GET PUT POST defroutes wrap-routes]]
+            [auto-ap.db.vendors :as vendors]
+            [auto-ap.routes.utils :refer [wrap-secure]]))

 (defroutes routes
-  (context "/vendors" []
-           (GET "/" []
-                {:status 200
-                 :body (pr-str (vendors/get-all))
-                 :headers {"Content-Type" "application/edn"}})
-           (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
-                {:status 200
-                 :body (pr-str (vendors/upsert id edn-params))
-                 :headers {"Content-Type" "application/edn"}})
-           (POST "/" {:keys [edn-params] :as r}
+  (wrap-routes
+   (context "/vendors" []
+            (GET "/" []
                 {:status 200
-                  :body (pr-str (vendors/insert edn-params))
-                  :headers {"Content-Type" "application/edn"}})))
+                  :body (pr-str (vendors/get-all))
+                  :headers {"Content-Type" "application/edn"}})
+            (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
+                 {:status 200
+                  :body (pr-str (vendors/upsert id edn-params))
+                  :headers {"Content-Type" "application/edn"}})
+            (POST "/" {:keys [edn-params] :as r}
+                  {:status 200
+                   :body (pr-str (vendors/insert edn-params))
+                   :headers {"Content-Type" "application/edn"}}))
+   wrap-secure))