Add basic auth pages with minimal handling

Author: WZWren

peerprep/api/gateway.ts

@@ -1,4 +1,11 @@
-import { Question, StatusBody, QuestionFullBody } from "./structs";
+import { SafeParseReturnType, SafeParseSuccess } from "zod";
+import {
+  Question,
+  StatusBody,
+  QuestionFullBody,
+  LoginResponse,
+  SigninResponse,
+} from "./structs";
 
 const questions: { [key: string]: Question } = {
   "0": {
@@ -123,3 +130,59 @@ export async function getAllQuestions(): Promise<Question[] | StatusBody> {
     return { error: err.message, status: 400 };
   }
 }
+
+export async function getSessionLogin(
+  validatedFields: {
+    email: string;
+    password: string;
+  }
+): Promise<LoginResponse | StatusBody> {
+  try {
+    const res = await fetch(`${process.env.NEXT_PUBLIC_USER_SERVICE}/auth/login`, {
+      method: "POST",
+      body: JSON.stringify(validatedFields),
+      headers: {
+        "Content-type": "application/json; charset=UTF-8",
+      }
+    });
+    const json = await res.json();
+
+    if (!res.ok) {
+      // TODO: handle not OK
+      return { error: json.message, status: res.status };
+    }
+    // TODO: handle OK
+    return json;
+  } catch (err: any) {
+    return { error: err.message, status: 400 };
+  }
+}
+
+export async function postSignupUser(
+  validatedFields: {
+    username: string;
+    email: string;
+    password: string;
+  }
+): Promise<SigninResponse | StatusBody> {
+  try {
+    console.log(JSON.stringify(validatedFields));
+    const res = await fetch(`${process.env.NEXT_PUBLIC_USER_SERVICE}/users`, {
+      method: "POST",
+      body: JSON.stringify(validatedFields),
+      headers: {
+        "Content-type": "application/json; charset=UTF-8",
+      }
+    });
+    const json = await res.json();
+
+    if (!res.ok) {
+      // TODO: handle not OK
+      return { error: json.message, status: res.status };
+    }
+    // TODO: handle OK
+    return json;
+  } catch (err: any) {
+    return { error: err.message, status: 400 };
+  }
+}

peerprep/api/structs.ts

@@ -1,3 +1,5 @@
+import { z } from "zod";
+
 export enum Difficulty {
   All = 0,
   Easy = 1,
@@ -29,8 +31,72 @@ export interface StatusBody {
   error?: string;
 }
 
+export interface UserData {
+  id: string;
+  username: string;
+  email: string;
+  isAdmin: boolean;
+  createdAt: number;
+}
+
+export interface UserDataAccessToken extends UserData {
+  accessToken: string;
+}
+
+export interface LoginResponse {
+  message: string;
+  data: UserDataAccessToken;
+}
+
+export interface SigninResponse {
+  message: string;
+  data: UserData;
+}
+
+// credit - taken from Next.JS Auth tutorial
+export type FormState =
+  | {
+      errors?: {
+        name?: string[];
+        email?: string[];
+        password?: string[];
+      };
+      message?: string;
+    }
+  | undefined;
+
+export const SignupFormSchema = z.object({
+  username: z
+    .string()
+    .min(2, { message: "Name must be at least 2 characters long." })
+    .trim(),
+  email: z.string().email({ message: "Please enter a valid email." }).trim(),
+  password: z
+    .string()
+    .min(8, { message: "Be at least 8 characters long" })
+    .regex(/[a-zA-Z]/, { message: "Contain at least one letter." })
+    .regex(/[0-9]/, { message: "Contain at least one number." })
+    .regex(/[^a-zA-Z0-9]/, {
+      message: "Contain at least one special character.",
+    })
+    .trim(),
+});
+
+export const LoginFormSchema = z.object({
+  email: z.string().email({ message: "Please enter a valid email." }).trim(),
+  password: z
+    .string()
+    .min(8, { message: "Be at least 8 characters long" })
+    .regex(/[a-zA-Z]/, { message: "Contain at least one letter." })
+    .regex(/[0-9]/, { message: "Contain at least one number." })
+    .regex(/[^a-zA-Z0-9]/, {
+      message: "Contain at least one special character.",
+    })
+    .trim(),
+});
+
 export function isError(
-  obj: Question[] | Question | StatusBody
+  obj: any | StatusBody
 ): obj is StatusBody {
   return (obj as StatusBody).status !== undefined;
 }

peerprep/app/actions/server_actions.ts

@@ -0,0 +1,64 @@
+"use server"
+import { getSessionLogin, postSignupUser } from '@/api/gateway';
+// defines the server-sided login action.
+import { SignupFormSchema, LoginFormSchema, FormState, isError } from '@/api/structs';
+import { createSession } from '@/app/actions/session';
+import { cookies } from 'next/headers';
+import { redirect } from 'next/navigation';
+
+// credit - taken from Next.JS Auth tutorial
+export async function signup(state: FormState, formData: FormData) {
+  // Validate form fields
+  const validatedFields = SignupFormSchema.safeParse({
+    username: formData.get('username'),
+    email: formData.get('email'),
+    password: formData.get('password'),
+  });
+ 
+  // If any form fields are invalid, return early
+  if (!validatedFields.success) {
+    return {
+      errors: validatedFields.error.flatten().fieldErrors,
+    }
+  }
+ 
+  const json = await postSignupUser(validatedFields.data);
+
+  if (!isError(json)) {
+    // TODO: handle OK
+    redirect("/auth/login");
+  } else {
+    // TODO: handle failure codes: 400, 409, 500.
+    console.log(`${json.status}: ${json.error}`);
+  }
+}
+
+export async function login(state: FormState, formData: FormData) {
+  // Validate form fields
+  const validatedFields = LoginFormSchema.safeParse({
+    email: formData.get('email'),
+    password: formData.get('password'),
+  });
+ 
+  // If any form fields are invalid, return early
+  if (!validatedFields.success) {
+    return {
+      errors: validatedFields.error.flatten().fieldErrors,
+    }
+  }
+ 
+  const json = await getSessionLogin(validatedFields.data);
+  if (!isError(json)) {
+    if (cookies().has('session')) {
+      console.log(cookies().get('session'));
+      console.log("Note a cookie already exists, overriding!");
+    }
+    await createSession(json.data.accessToken);
+    
+    if (cookies().has('session')) {
+      console.log(`New cookie: ${cookies().get('session')?.value}`);
+    }
+  } else {
+    console.log(json.error);
+  }
+}

peerprep/app/actions/session.ts

@@ -0,0 +1,13 @@
+import 'server-only';
+import { cookies } from 'next/headers';
+
+export async function createSession(accessToken: string) {
+  const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000);
+  cookies().set('session', accessToken, {
+    httpOnly: true,
+    secure: true,
+    expires: expiresAt,
+    sameSite: 'lax',
+    path: '/',
+  })
+}

peerprep/app/auth/login/page.tsx

@@ -0,0 +1,58 @@
+"use client";
+import React from "react";
+import style from "@/style/form.module.css";
+import { useFormState, useFormStatus } from "react-dom";
+import FormTextInput from "@/components/shared/form/FormTextInput";
+import FormPasswordInput from "@/components/shared/form/FormPasswordInput";
+import { login } from "@/app/actions/server_actions";
+import Link from "next/link";
+
+type Props = {}
+
+function LoginPage({}: Props) {
+  const [state, action] = useFormState(login, undefined);
+  return (
+    // we can actually use server actions to auth the user... maybe we can
+    // change our AddQn action too.
+    <div className={style.wrapper}>
+      <form className={style.form_container} action={action}>
+        <h1 className={style.title}>Login to PeerPrep</h1>
+        <FormTextInput
+            required
+            label="Email:"
+            name="email"
+        />
+        {state?.errors?.email && <p>{state.errors.email}</p>}
+        <FormPasswordInput
+            required
+            label="Password:"
+            name="password"
+        />
+        {state?.errors?.password && (
+          <div>
+            <p>Password must:</p>
+            <ul>
+              {state.errors.password.map((error) => (
+                <li key={error}>- {error}</li>
+              ))}
+            </ul>
+          </div>
+        )}
+        <SubmitButton />
+        <p>No account? <Link href="/auth/register">Register here.</Link></p>
+      </form>
+    </div>
+  )
+}
+
+function SubmitButton() {
+  const { pending } = useFormStatus()
+ 
+  return (
+    <button disabled={pending} type="submit">
+      Login
+    </button>
+  )
+}
+
+export default LoginPage;

peerprep/app/auth/register/page.tsx

@@ -0,0 +1,64 @@
+"use client";
+import React from "react";
+import style from "@/style/form.module.css";
+import { useFormState, useFormStatus } from "react-dom";
+import FormTextInput from "@/components/shared/form/FormTextInput";
+import FormPasswordInput from "@/components/shared/form/FormPasswordInput";
+import { signup } from "@/app/actions/server_actions";
+import Link from "next/link";
+
+type Props = {}
+
+function RegisterPage({}: Props) {
+  const [state, action] = useFormState(signup, undefined);
+  return (
+    // we can actually use server actions to auth the user... maybe we can
+    // change our AddQn action too.
+    <div className={style.wrapper}>
+      <form className={style.form_container} action={action}>
+        <h1 className={style.title}>Sign up for an account</h1>
+        <FormTextInput
+            required
+            label="Username:"
+            name="username"
+        />
+        {state?.errors?.username && <p>{state.errors.username}</p>}
+        <FormTextInput
+            required
+            label="Email:"
+            name="email"
+        />
+        {state?.errors?.email && <p>{state.errors.email}</p>}
+        <FormPasswordInput
+            required
+            label="Password:"
+            name="password"
+        />
+        {state?.errors?.password && (
+          <div>
+            <p>Password must:</p>
+            <ul>
+              {state.errors.password.map((error) => (
+                <li key={error}>- {error}</li>
+              ))}
+            </ul>
+          </div>
+        )}
+        <SubmitButton />
+        <p>Have an account? <Link href="/auth/login">Login.</Link></p>
+      </form>
+    </div>
+  )
+}
+
+function SubmitButton() {
+  const { pending } = useFormStatus()
+ 
+  return (
+    <button disabled={pending} type="submit">
+      Sign up
+    </button>
+  )
+}
+
+export default RegisterPage;