notid/integreat
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

moved security.

Browse Source
This commit is contained in:
Bryce Covert
2018-04-06 09:20:51 -07:00
parent b93808f1df
commit c74e4fceaa
7 changed files with 100 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/clj/auto_ap/background/mail.clj
View File

@@ -20,7 +20,7 @@
Flags$Flag AuthenticationFailedException] Flags$Flag AuthenticationFailedException]
(com.sun.mail.imap IMAPStore))) (com.sun.mail.imap IMAPStore)))
(def queue-url "https://sqs.us-east-1.amazonaws.com/679918342773/integreat-mail-prod") (def queue-url "https://sqs.us-east-1.amazonaws.com/679918342773/integreat-mail-prod")
(defn process-sqs [] (defn process-sqs []
(println "Fetching messages from sqs...") (println "Fetching messages from sqs...")

19
src/clj/auto_ap/handler.clj
View File

@@ -13,7 +13,7 @@
[ring.middleware.edn :refer [wrap-edn-params]] [ring.middleware.edn :refer [wrap-edn-params]]
[clojure.java.jdbc :as j] [clojure.java.jdbc :as j]
[config.core :refer [env]] [config.core :refer [env]]
[buddy.auth :refer [authenticated?]]
[buddy.auth.backends.token :refer [jws-backend]] [buddy.auth.backends.token :refer [jws-backend]]
[buddy.auth.middleware :refer [wrap-authorization wrap-authentication]] [buddy.auth.middleware :refer [wrap-authorization wrap-authentication]]
[auto-ap.routes.companies :as companies] [auto-ap.routes.companies :as companies]
@@ -24,26 +24,17 @@
(defcredential "AKIAIRKDGLBX7J7VJZ6Q" "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo" "us-east-1") (defcredential "AKIAIRKDGLBX7J7VJZ6Q" "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo" "us-east-1")
(defn wrap-secure [handler]
(fn [request]
(if (authenticated? request)
(handler request)
{:status 401
:body "not authenticated"})))
(defroutes static-routes (defroutes static-routes
(GET "/" [] (response/resource-response "index.html" {:root "public"})) (GET "/" [] (response/resource-response "index.html" {:root "public"}))
(route/resources "/") (route/resources "/")
(routes (ANY "*" [] (response/resource-response "index.html" {:root "public"})))) (routes (ANY "*" [] (response/resource-response "index.html" {:root "public"}))))
(defroutes api-routes (defroutes api-routes
(context "/api" [] (context "/api" []
(wrap-routes invoices/routes wrap-secure) invoices/routes
(wrap-routes companies/routes wrap-secure) companies/routes
(wrap-routes vendors/routes wrap-secure) vendors/routes
(wrap-routes reminders/routes wrap-secure) reminders/routes
auth/routes)) auth/routes))

25
src/clj/auto_ap/routes/companies.clj
View File

@@ -1,14 +1,17 @@
(ns auto-ap.routes.companies (ns auto-ap.routes.companies
(:require [compojure.core :refer [context GET PUT defroutes]] (:require [compojure.core :refer [context GET PUT defroutes wrap-routes]]
[auto-ap.db.companies :as companies])) [auto-ap.db.companies :as companies]
[auto-ap.routes.utils :refer [wrap-secure]]))
(defroutes routes (defroutes routes
(context "/companies" [] (wrap-routes
(GET "/" [] (context "/companies" []
{:status 200 (GET "/" []
:body (pr-str (companies/get-all)) {:status 200
:headers {"Content-Type" "application/edn"}}) :body (pr-str (companies/get-all))
(PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r} :headers {"Content-Type" "application/edn"}})
{:status 200 (PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
:body (pr-str (companies/upsert id edn-params)) {:status 200
:headers {"Content-Type" "application/edn"}}))) :body (pr-str (companies/upsert id edn-params))
:headers {"Content-Type" "application/edn"}}))
wrap-secure))

101
src/clj/auto_ap/routes/invoices.clj
View File

@@ -1,62 +1,65 @@
(ns auto-ap.routes.invoices (ns auto-ap.routes.invoices
(:require [compojure.core :refer [context GET PUT POST defroutes]] (:require [compojure.core :refer [context GET PUT POST defroutes wrap-routes]]
[auto-ap.db.invoices :as invoices] [auto-ap.db.invoices :as invoices]
[auto-ap.db.companies :as companies] [auto-ap.db.companies :as companies]
[auto-ap.parse :as parse])) [auto-ap.parse :as parse]
[auto-ap.routes.utils :refer [wrap-secure]]))
(defroutes routes (defroutes routes
(context "/invoices" [] (wrap-routes
(GET "/" [] (context "/invoices" []
{:status 200 (GET "/" []
:body (pr-str (invoices/get-all))
:headers {"Content-Type" "application/edn"}})
(GET "/unpaid" {:keys [query-params] :as r}
{:status 200
:body (pr-str (invoices/get-unpaid (query-params "company")))
:headers {"Content-Type" "application/edn"}})
(GET "/pending" {:keys [query-params]}
{:status 200
:body (pr-str (invoices/get-pending (query-params "company")))
:headers {"Content-Type" "application/edn"}})
(POST "/" {:keys [edn-params]}
(invoices/insert-multi! (:rows edn-params))
{:status 200 {:status 200
:body (pr-str (invoices/get-all)) :body (pr-str (invoices/get-all))
:headers {"Content-Type" "application/edn"}}) :headers {"Content-Type" "application/edn"}})
(POST "/approve" {:keys [query-params]}
(invoices/approve) (GET "/unpaid" {:keys [query-params] :as r}
{:status 200
:body (pr-str (invoices/get-unpaid (query-params "company")))
:headers {"Content-Type" "application/edn"}})
(GET "/pending" {:keys [query-params]}
{:status 200 {:status 200
:body (pr-str (invoices/get-pending (query-params "company"))) :body (pr-str (invoices/get-pending (query-params "company")))
:headers {"Content-Type" "application/edn"}}) :headers {"Content-Type" "application/edn"}})
(POST "/reject" {:keys [query-params]} (POST "/" {:keys [edn-params]}
(invoices/reject) (invoices/insert-multi! (:rows edn-params))
{:status 200 {:status 200
:body (pr-str (invoices/get-pending (query-params "company"))) :body (pr-str (invoices/get-all))
:headers {"Content-Type" "application/edn"}}) :headers {"Content-Type" "application/edn"}})
(POST "/upload" (POST "/approve" {:keys [query-params]}
{{ files "file"} :params :as params} (invoices/approve)
(let [{:keys [filename tempfile]} files {:status 200
existing-invoices (invoices/get-all) :body (pr-str (invoices/get-pending (query-params "company")))
companies (companies/get-all)] :headers {"Content-Type" "application/edn"}})
(invoices/insert-multi! (POST "/reject" {:keys [query-params]}
(for [{:keys [total date invoice-number customer-identifier vendor] :as row} (invoices/reject)
(parse/parse-file (.getPath tempfile) filename)] {:status 200
(assoc row :body (pr-str (invoices/get-pending (query-params "company")))
:company-id (:id (parse/best-match companies customer-identifier)) :headers {"Content-Type" "application/edn"}})
(POST "/upload"
{{ files "file"} :params :as params}
(let [{:keys [filename tempfile]} files
existing-invoices (invoices/get-all)
companies (companies/get-all)]
(invoices/insert-multi!
(for [{:keys [total date invoice-number customer-identifier vendor] :as row}
(parse/parse-file (.getPath tempfile) filename)]
(assoc row
:company-id (:id (parse/best-match companies customer-identifier))
:imported false :imported false
:potential-duplicate (boolean (seq (filter #(and (= vendor (:vendor %)) :potential-duplicate (boolean (seq (filter #(and (= vendor (:vendor %))
(= invoice-number (:invoice-number %))) (= invoice-number (:invoice-number %)))
existing-invoices))) existing-invoices)))
))) )))
{:status 200 {:status 200
:body (pr-str (invoices/get-pending ((:query-params params ) "company"))) :body (pr-str (invoices/get-pending ((:query-params params ) "company")))
:headers {"Content-Type" "application/edn"}})) :headers {"Content-Type" "application/edn"}}))
;; Removing the export view for now... ;; Removing the export view for now...
#_(wrap-json-response (GET "/export" {:keys [query-params]} #_(wrap-json-response (GET "/export" {:keys [query-params]}
(println query-params) (println query-params)
(doto (invoices/get-unpaid (query-params "company")) (doto (invoices/get-unpaid (query-params "company"))
println))))) println))))
wrap-secure))

3
src/clj/auto_ap/routes/reminders.clj
View File

@@ -1,7 +1,8 @@
(ns auto-ap.routes.reminders (ns auto-ap.routes.reminders
(:require [compojure.core :refer [context GET POST defroutes]] (:require [compojure.core :refer [context GET POST defroutes]]
[auto-ap.db.vendors :as vendors] [auto-ap.db.vendors :as vendors]
[amazonica.aws.simpleemail :as ses])) [amazonica.aws.simpleemail :as ses]
))
(defroutes routes (defroutes routes

9
src/clj/auto_ap/routes/utils.clj Normal file
View File

@@ -0,0 +1,9 @@
(ns auto-ap.routes.utils
(:require [buddy.auth :refer [authenticated?]]))
(defn wrap-secure [handler]
(fn [request]
(if (authenticated? request)
(handler request)
{:status 401
:body "not authenticated"})))

31
src/clj/auto_ap/routes/vendors.clj
View File

@@ -1,18 +1,21 @@
(ns auto-ap.routes.vendors (ns auto-ap.routes.vendors
(:require [compojure.core :refer [context GET PUT POST defroutes]] (:require [compojure.core :refer [context GET PUT POST defroutes wrap-routes]]
[auto-ap.db.vendors :as vendors])) [auto-ap.db.vendors :as vendors]
[auto-ap.routes.utils :refer [wrap-secure]]))
(defroutes routes (defroutes routes
(context "/vendors" [] (wrap-routes
(GET "/" [] (context "/vendors" []
{:status 200 (GET "/" []
:body (pr-str (vendors/get-all))
:headers {"Content-Type" "application/edn"}})
(PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
{:status 200
:body (pr-str (vendors/upsert id edn-params))
:headers {"Content-Type" "application/edn"}})
(POST "/" {:keys [edn-params] :as r}
{:status 200 {:status 200
:body (pr-str (vendors/insert edn-params)) :body (pr-str (vendors/get-all))
:headers {"Content-Type" "application/edn"}}))) :headers {"Content-Type" "application/edn"}})
(PUT "/:id" {:keys [edn-params] {:keys [id]} :route-params :as r}
{:status 200
:body (pr-str (vendors/upsert id edn-params))
:headers {"Content-Type" "application/edn"}})
(POST "/" {:keys [edn-params] :as r}
{:status 200
:body (pr-str (vendors/insert edn-params))
:headers {"Content-Type" "application/edn"}}))
wrap-secure))