From c74e4fceaafec4c57a1d887c6adbf52836dbee9a Mon Sep 17 00:00:00 2001 From: Bryce Covert Date: Fri, 6 Apr 2018 09:20:51 -0700 Subject: [PATCH] moved security. --- src/clj/auto_ap/background/mail.clj | 2 +- src/clj/auto_ap/handler.clj | 19 ++--- src/clj/auto_ap/routes/companies.clj | 25 ++++--- src/clj/auto_ap/routes/invoices.clj | 101 ++++++++++++++------------- src/clj/auto_ap/routes/reminders.clj | 3 +- src/clj/auto_ap/routes/utils.clj | 9 +++ src/clj/auto_ap/routes/vendors.clj | 31 ++++---- 7 files changed, 100 insertions(+), 90 deletions(-) create mode 100644 src/clj/auto_ap/routes/utils.clj diff --git a/src/clj/auto_ap/background/mail.clj b/src/clj/auto_ap/background/mail.clj index 1908d022..e078acf0 100644 --- a/src/clj/auto_ap/background/mail.clj +++ b/src/clj/auto_ap/background/mail.clj @@ -20,7 +20,7 @@ Flags$Flag AuthenticationFailedException] (com.sun.mail.imap IMAPStore))) -(def queue-url "https://sqs.us-east-1.amazonaws.com/679918342773/integreat-mail-prod") +(def queue-url "https://sqs.us-east-1.amazonaws.com/679918342773/integreat-mail-prod") (defn process-sqs [] (println "Fetching messages from sqs...") diff --git a/src/clj/auto_ap/handler.clj b/src/clj/auto_ap/handler.clj index 3b9f5648..13039f79 100644 --- a/src/clj/auto_ap/handler.clj +++ b/src/clj/auto_ap/handler.clj @@ -13,7 +13,7 @@ [ring.middleware.edn :refer [wrap-edn-params]] [clojure.java.jdbc :as j] [config.core :refer [env]] - [buddy.auth :refer [authenticated?]] + [buddy.auth.backends.token :refer [jws-backend]] [buddy.auth.middleware :refer [wrap-authorization wrap-authentication]] [auto-ap.routes.companies :as companies] @@ -24,26 +24,17 @@ (defcredential "AKIAIRKDGLBX7J7VJZ6Q" "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo" "us-east-1") -(defn wrap-secure [handler] - (fn [request] - (if (authenticated? request) - (handler request) - {:status 401 - :body "not authenticated"}))) - (defroutes static-routes (GET "/" [] (response/resource-response "index.html" {:root "public"})) (route/resources "/") (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))) - - (defroutes api-routes (context "/api" [] - (wrap-routes invoices/routes wrap-secure) - (wrap-routes companies/routes wrap-secure) - (wrap-routes vendors/routes wrap-secure) - (wrap-routes reminders/routes wrap-secure) + invoices/routes + companies/routes + vendors/routes + reminders/routes auth/routes)) diff --git a/src/clj/auto_ap/routes/companies.clj b/src/clj/auto_ap/routes/companies.clj index acee237c..6f21860c 100644 --- a/src/clj/auto_ap/routes/companies.clj +++ b/src/clj/auto_ap/routes/companies.clj @@ -1,14 +1,17 @@ (ns auto-ap.routes.companies - (:require [compojure.core :refer [context GET PUT defroutes]] - [auto-ap.db.companies :as companies])) + (:require [compojure.core :refer [context GET PUT defroutes wrap-routes]] + [auto-ap.db.companies :as companies] + [auto-ap.routes.utils :refer [wrap-secure]])) (defroutes routes - (context "/companies" [] - (GET "/" [] - {:status 200 - :body (pr-str (companies/get-all)) - :headers {"Content-Type" "application/edn"}}) - (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r} - {:status 200 - :body (pr-str (companies/upsert id edn-params)) - :headers {"Content-Type" "application/edn"}}))) + (wrap-routes + (context "/companies" [] + (GET "/" [] + {:status 200 + :body (pr-str (companies/get-all)) + :headers {"Content-Type" "application/edn"}}) + (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r} + {:status 200 + :body (pr-str (companies/upsert id edn-params)) + :headers {"Content-Type" "application/edn"}})) + wrap-secure)) diff --git a/src/clj/auto_ap/routes/invoices.clj b/src/clj/auto_ap/routes/invoices.clj index 3450de99..fb2f0b8a 100644 --- a/src/clj/auto_ap/routes/invoices.clj +++ b/src/clj/auto_ap/routes/invoices.clj @@ -1,62 +1,65 @@ (ns auto-ap.routes.invoices - (:require [compojure.core :refer [context GET PUT POST defroutes]] + (:require [compojure.core :refer [context GET PUT POST defroutes wrap-routes]] [auto-ap.db.invoices :as invoices] [auto-ap.db.companies :as companies] - [auto-ap.parse :as parse])) + [auto-ap.parse :as parse] + [auto-ap.routes.utils :refer [wrap-secure]])) (defroutes routes - (context "/invoices" [] - (GET "/" [] - {:status 200 - :body (pr-str (invoices/get-all)) - :headers {"Content-Type" "application/edn"}}) - - (GET "/unpaid" {:keys [query-params] :as r} - {:status 200 - :body (pr-str (invoices/get-unpaid (query-params "company"))) - :headers {"Content-Type" "application/edn"}}) - - (GET "/pending" {:keys [query-params]} - {:status 200 - :body (pr-str (invoices/get-pending (query-params "company"))) - :headers {"Content-Type" "application/edn"}}) - (POST "/" {:keys [edn-params]} - (invoices/insert-multi! (:rows edn-params)) + (wrap-routes + (context "/invoices" [] + (GET "/" [] {:status 200 :body (pr-str (invoices/get-all)) :headers {"Content-Type" "application/edn"}}) - (POST "/approve" {:keys [query-params]} - (invoices/approve) + + (GET "/unpaid" {:keys [query-params] :as r} + {:status 200 + :body (pr-str (invoices/get-unpaid (query-params "company"))) + :headers {"Content-Type" "application/edn"}}) + + (GET "/pending" {:keys [query-params]} {:status 200 :body (pr-str (invoices/get-pending (query-params "company"))) :headers {"Content-Type" "application/edn"}}) - (POST "/reject" {:keys [query-params]} - (invoices/reject) - {:status 200 - :body (pr-str (invoices/get-pending (query-params "company"))) - :headers {"Content-Type" "application/edn"}}) - (POST "/upload" - {{ files "file"} :params :as params} - (let [{:keys [filename tempfile]} files - existing-invoices (invoices/get-all) - companies (companies/get-all)] - (invoices/insert-multi! - (for [{:keys [total date invoice-number customer-identifier vendor] :as row} - (parse/parse-file (.getPath tempfile) filename)] - (assoc row - :company-id (:id (parse/best-match companies customer-identifier)) + (POST "/" {:keys [edn-params]} + (invoices/insert-multi! (:rows edn-params)) + {:status 200 + :body (pr-str (invoices/get-all)) + :headers {"Content-Type" "application/edn"}}) + (POST "/approve" {:keys [query-params]} + (invoices/approve) + {:status 200 + :body (pr-str (invoices/get-pending (query-params "company"))) + :headers {"Content-Type" "application/edn"}}) + (POST "/reject" {:keys [query-params]} + (invoices/reject) + {:status 200 + :body (pr-str (invoices/get-pending (query-params "company"))) + :headers {"Content-Type" "application/edn"}}) + (POST "/upload" + {{ files "file"} :params :as params} + (let [{:keys [filename tempfile]} files + existing-invoices (invoices/get-all) + companies (companies/get-all)] + (invoices/insert-multi! + (for [{:keys [total date invoice-number customer-identifier vendor] :as row} + (parse/parse-file (.getPath tempfile) filename)] + (assoc row + :company-id (:id (parse/best-match companies customer-identifier)) - :imported false - :potential-duplicate (boolean (seq (filter #(and (= vendor (:vendor %)) - (= invoice-number (:invoice-number %))) - existing-invoices))) - ))) - {:status 200 - :body (pr-str (invoices/get-pending ((:query-params params ) "company"))) - :headers {"Content-Type" "application/edn"}})) + :imported false + :potential-duplicate (boolean (seq (filter #(and (= vendor (:vendor %)) + (= invoice-number (:invoice-number %))) + existing-invoices))) + ))) + {:status 200 + :body (pr-str (invoices/get-pending ((:query-params params ) "company"))) + :headers {"Content-Type" "application/edn"}})) - ;; Removing the export view for now... - #_(wrap-json-response (GET "/export" {:keys [query-params]} - (println query-params) - (doto (invoices/get-unpaid (query-params "company")) - println))))) + ;; Removing the export view for now... + #_(wrap-json-response (GET "/export" {:keys [query-params]} + (println query-params) + (doto (invoices/get-unpaid (query-params "company")) + println)))) + wrap-secure)) diff --git a/src/clj/auto_ap/routes/reminders.clj b/src/clj/auto_ap/routes/reminders.clj index 9c572b80..365edf80 100644 --- a/src/clj/auto_ap/routes/reminders.clj +++ b/src/clj/auto_ap/routes/reminders.clj @@ -1,7 +1,8 @@ (ns auto-ap.routes.reminders (:require [compojure.core :refer [context GET POST defroutes]] [auto-ap.db.vendors :as vendors] - [amazonica.aws.simpleemail :as ses])) + [amazonica.aws.simpleemail :as ses] + )) (defroutes routes diff --git a/src/clj/auto_ap/routes/utils.clj b/src/clj/auto_ap/routes/utils.clj new file mode 100644 index 00000000..31ed48c0 --- /dev/null +++ b/src/clj/auto_ap/routes/utils.clj @@ -0,0 +1,9 @@ +(ns auto-ap.routes.utils + (:require [buddy.auth :refer [authenticated?]])) + +(defn wrap-secure [handler] + (fn [request] + (if (authenticated? request) + (handler request) + {:status 401 + :body "not authenticated"}))) diff --git a/src/clj/auto_ap/routes/vendors.clj b/src/clj/auto_ap/routes/vendors.clj index 26e6754a..a2c5079f 100644 --- a/src/clj/auto_ap/routes/vendors.clj +++ b/src/clj/auto_ap/routes/vendors.clj @@ -1,18 +1,21 @@ (ns auto-ap.routes.vendors - (:require [compojure.core :refer [context GET PUT POST defroutes]] - [auto-ap.db.vendors :as vendors])) + (:require [compojure.core :refer [context GET PUT POST defroutes wrap-routes]] + [auto-ap.db.vendors :as vendors] + [auto-ap.routes.utils :refer [wrap-secure]])) (defroutes routes - (context "/vendors" [] - (GET "/" [] - {:status 200 - :body (pr-str (vendors/get-all)) - :headers {"Content-Type" "application/edn"}}) - (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r} - {:status 200 - :body (pr-str (vendors/upsert id edn-params)) - :headers {"Content-Type" "application/edn"}}) - (POST "/" {:keys [edn-params] :as r} + (wrap-routes + (context "/vendors" [] + (GET "/" [] {:status 200 - :body (pr-str (vendors/insert edn-params)) - :headers {"Content-Type" "application/edn"}}))) + :body (pr-str (vendors/get-all)) + :headers {"Content-Type" "application/edn"}}) + (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r} + {:status 200 + :body (pr-str (vendors/upsert id edn-params)) + :headers {"Content-Type" "application/edn"}}) + (POST "/" {:keys [edn-params] :as r} + {:status 200 + :body (pr-str (vendors/insert edn-params)) + :headers {"Content-Type" "application/edn"}})) + wrap-secure))