Set edit/add question to admin only actions

Author: tzyian

comms/package-lock.json

@@ -1,13 +1,6 @@
 import { cookies } from "next/headers";
-import {
-  LoginResponse,
-  Question,
-  StatusBody,
-  UserServiceResponse,
-} from "./structs";
-import DOMPurify from "isomorphic-dompurify";
+import { LoginResponse, StatusBody, UserServiceResponse } from "./structs";
 import { CookieNames } from "@/app/actions/session";
-import { revalidatePath } from "next/cache";
 
 export function generateAuthHeaders() {
   return {
@@ -30,49 +23,20 @@ export function generateJSONHeaders() {
   };
 }
 
-export async function fetchQuestion(
-  questionId: number,
-): Promise<Question | StatusBody> {
-  try {
-    const response = await fetch(
-      `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_QUESTION_SERVICE}/questions/solve/${questionId}`,
-      {
-        method: "GET",
-        headers: generateAuthHeaders(),
-        cache: "no-store",
-      },
-    );
-    if (!response.ok) {
-      return {
-        error: await response.text(),
-        status: response.status,
-      };
-    }
-
-    const question = (await response.json()) as Question;
-    question.content = DOMPurify.sanitize(question.content);
-    revalidatePath(`/questions/edit/${questionId}`);
-    return question;
-  } catch (err: any) {
-    return { error: err.message, status: 400 };
-  }
-}
+export const userServiceUrl = `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_USER_SERVICE}`;
 
 export async function getSessionLogin(validatedFields: {
   email: string;
   password: string;
 }): Promise<LoginResponse | StatusBody> {
   try {
-    const res = await fetch(
-      `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_USER_SERVICE}/auth/login`,
-      {
-        method: "POST",
-        body: JSON.stringify(validatedFields),
-        headers: {
-          "Content-type": "application/json; charset=UTF-8",
-        },
+    const res = await fetch(`${userServiceUrl}/auth/login`, {
+      method: "POST",
+      body: JSON.stringify(validatedFields),
+      headers: {
+        "Content-type": "application/json; charset=UTF-8",
       },
-    );
+    });
     const json = await res.json();
 
     if (!res.ok) {
@@ -93,16 +57,13 @@ export async function postSignupUser(validatedFields: {
 }): Promise<UserServiceResponse | StatusBody> {
   try {
     console.log(JSON.stringify(validatedFields));
-    const res = await fetch(
-      `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_USER_SERVICE}/users`,
-      {
-        method: "POST",
-        body: JSON.stringify(validatedFields),
-        headers: {
-          "Content-type": "application/json; charset=UTF-8",
-        },
+    const res = await fetch(`${userServiceUrl}/users`, {
+      method: "POST",
+      body: JSON.stringify(validatedFields),
+      headers: {
+        "Content-type": "application/json; charset=UTF-8",
       },
-    );
+    });
     const json = await res.json();
 
     if (!res.ok) {
@@ -118,14 +79,11 @@ export async function postSignupUser(validatedFields: {
 
 export async function verifyUser(): Promise<UserServiceResponse | StatusBody> {
   try {
-    const res = await fetch(
-      `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_USER_SERVICE}/auth/verify-token`,
-      {
-        method: "GET",
-        headers: generateAuthHeaders(),
-      },
-    );
-    const json = await res.json();
+    const res = await fetch(`${userServiceUrl}/auth/verify-token`, {
+      method: "GET",
+      headers: generateAuthHeaders(),
+    });
+    const json = (await res.json()) as UserServiceResponse;
 
     if (!res.ok) {
       return { error: json.message, status: res.status };

peerprep/api/gateway.ts

@@ -6,6 +6,7 @@ import {
   isError,
   LoginFormSchema,
   SignupFormSchema,
+  UserData,
   UserServiceResponse,
 } from "@/api/structs";
 import { createSession } from "@/app/actions/session";
@@ -62,7 +63,7 @@ export async function login(state: FormState, formData: FormData) {
   }
 }
 
-export async function hydrateUid(): Promise<undefined | string> {
+export async function hydrateUid(): Promise<null | UserData> {
   if (!cookies().has("session")) {
     // TODO: this should not be required because of middleware
     console.log("No session found - triggering switch back to login page.");
@@ -74,8 +75,7 @@ export async function hydrateUid(): Promise<undefined | string> {
     console.log(`Error ${json.status}: ${json.error}`);
     redirect("/api/internal/auth/expire");
   }
-
   // TODO: handle error handling
   const response = json as UserServiceResponse;
-  return response.data.id;
+  return response.data;
 }

peerprep/app/actions/server_actions.ts

@@ -1,9 +1,10 @@
-import { fetchQuestion, getSessionToken, getUserData } from "@/api/gateway";
+import { getSessionToken, getUserData } from "@/api/gateway";
 import { isError, Question as QnType, StatusBody } from "@/api/structs";
 import styles from "@/style/question.module.css";
 import ErrorBlock from "@/components/shared/ErrorBlock";
 import React from "react";
 import QuestionBlock from "./question";
+import { fetchQuestion } from "@/app/questions/helper";
 
 type Props = {
   searchParams: {

peerprep/app/questions/[question]/[roomID]/page.tsx

@@ -1,10 +1,11 @@
-import { fetchQuestion } from "@/api/gateway";
 import { isError, Question as QnType, StatusBody } from "@/api/structs";
 import styles from "@/style/question.module.css";
 import ErrorBlock from "@/components/shared/ErrorBlock";
 import React from "react";
 import QuestionBlock from "./question";
 
+import { fetchQuestion } from "@/app/questions/helper";
+
 type Props = {
   params: {
     question: number;

peerprep/app/questions/[question]/page.tsx

@@ -1,9 +1,10 @@
-import { fetchQuestion } from "@/api/gateway";
 import React from "react";
 import EditQuestion from "@/app/questions/edit/[question]/EditQuestion";
 import { Question } from "@/api/structs";
 import { revalidatePath } from "next/cache";
 
+import { fetchQuestion } from "@/app/questions/helper";
+
 type Props = {
   params: {
     question: number;

peerprep/app/questions/edit/[question]/page.tsx

@@ -1,17 +1,26 @@
 "use server";
 
-import { Question, QuestionFullBody, StatusBody } from "@/api/structs";
+import { isError, Question, QuestionFullBody, StatusBody } from "@/api/structs";
 import { revalidatePath } from "next/cache";
-import { generateAuthHeaders, generateJSONHeaders } from "@/api/gateway";
+import {
+  generateAuthHeaders,
+  generateJSONHeaders,
+  verifyUser,
+} from "@/api/gateway";
+import DOMPurify from "isomorphic-dompurify";
+
+const questionServiceUrl = `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_QUESTION_SERVICE}`;
 
 export async function deleteQuestion(id: number): Promise<StatusBody> {
-  const res = await fetch(
-    `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_QUESTION_SERVICE}/questions/delete/${id}`,
-    {
-      method: "DELETE",
-      headers: generateAuthHeaders(),
-    },
-  );
+  const verify = await verifyUser();
+  if (isError(verify) || verify?.data.isAdmin === false) {
+    return verify as StatusBody;
+  }
+
+  const res = await fetch(`${questionServiceUrl}/questions/delete/${id}`, {
+    method: "DELETE",
+    headers: generateAuthHeaders(),
+  });
   if (res.ok) {
     return { status: res.status };
   }
@@ -20,10 +29,29 @@ export async function deleteQuestion(id: number): Promise<StatusBody> {
   return json as StatusBody;
 }
 
+export async function fetchAllQuestions(): Promise<StatusBody | Question[]> {
+  console.log("Fetching all questions...");
+  const res = await fetch(`${questionServiceUrl}/questions`, {
+    method: "GET",
+    headers: generateAuthHeaders(),
+    cache: "no-store",
+  });
+  if (!res.ok) {
+    return { status: res.status };
+  }
+  const json = await res.json();
+  return json as Question[];
+}
+
 export async function editQuestion(question: Question): Promise<StatusBody> {
+  const verify = await verifyUser();
+  if (isError(verify) || verify?.data.isAdmin === false) {
+    return verify as StatusBody;
+  }
+
   console.log("editing question", question.id);
   const res = await fetch(
-    `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_QUESTION_SERVICE}/questions/replace/${question.id}`,
+    `${questionServiceUrl}/questions/replace/${question.id}`,
     {
       method: "PUT",
       body: JSON.stringify(question),
@@ -42,10 +70,12 @@ export async function editQuestion(question: Question): Promise<StatusBody> {
 export async function addQuestion(
   question: QuestionFullBody,
 ): Promise<StatusBody> {
+  const verify = await verifyUser();
+  if (isError(verify) || verify?.data.isAdmin === false) {
+    return verify as StatusBody;
+  }
   console.log("Adding question", question.title);
-  const url = `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_QUESTION_SERVICE}/questions`;
-  console.log(url);
-  const res = await fetch(url, {
+  const res = await fetch(`${questionServiceUrl}/questions`, {
     method: "POST",
     body: JSON.stringify(question),
     headers: generateJSONHeaders(),
@@ -57,3 +87,31 @@ export async function addQuestion(
   const json = await res.json();
   return json as StatusBody;
 }
+
+export async function fetchQuestion(
+  questionId: number,
+): Promise<Question | StatusBody> {
+  try {
+    const response = await fetch(
+      `${questionServiceUrl}/questions/solve/${questionId}`,
+      {
+        method: "GET",
+        headers: generateAuthHeaders(),
+        cache: "no-store",
+      },
+    );
+    if (!response.ok) {
+      return {
+        error: await response.text(),
+        status: response.status,
+      };
+    }
+
+    const question = (await response.json()) as Question;
+    question.content = DOMPurify.sanitize(question.content);
+    revalidatePath(`/questions/edit/${questionId}`);
+    return question;
+  } catch (err: any) {
+    return { error: err.message, status: 400 };
+  }
+}

peerprep/app/questions/helper.ts

@@ -1,7 +1,8 @@
 const LoadingPage = () => {
   return (
-    <div>
-      <h1>Loading...</h1>
+    <div className="flex h-screen items-center justify-center">
+      <div className="text-2xl">Loading...</div>
+      <div className="text-2xl">Please wait...</div>
     </div>
   );
 };

peerprep/app/questions/loading.tsx

@@ -3,31 +3,32 @@ import QuestionList from "@/components/questionpage/QuestionList";
 import Matchmaking from "@/components/questionpage/Matchmaking";
 import { QuestionFilterProvider } from "@/contexts/QuestionFilterContext";
 import { hydrateUid } from "../actions/server_actions";
-import { Question } from "@/api/structs";
-import { generateAuthHeaders } from "@/api/gateway";
+import { isError, Question, StatusBody, UserData } from "@/api/structs";
 import { UserInfoProvider } from "@/contexts/UserInfoContext";
+import { fetchAllQuestions } from "@/app/questions/helper";
 
 async function QuestionsPage() {
-  const userId = await hydrateUid();
+  const userData = (await hydrateUid()) as UserData;
 
-  const questions: Question[] = await fetch(
-    `${process.env.NEXT_PUBLIC_NGINX}/${process.env.NEXT_PUBLIC_QUESTION_SERVICE}/questions`,
-    {
-      method: "GET",
-      headers: generateAuthHeaders(),
-      cache: "no-store",
-    },
-  ).then((res) => res.json());
+  const questions: Question[] | StatusBody = await fetchAllQuestions();
+
+  if (isError(questions)) {
+    return (
+      <div className="flex h-screen items-center justify-center">
+        <div className="text-2xl">Error...</div>
+      </div>
+    );
+  }
 
   return (
-    <UserInfoProvider userid={userId}>
+    <UserInfoProvider userData={userData}>
       <QuestionFilterProvider>
         <div className="flex h-screen flex-col overflow-hidden">
           <div className="sticky top-0">
             <Matchmaking />
           </div>
           <div className="flex-grow overflow-y-auto">
-            <QuestionList questions={questions} />
+            <QuestionList questions={questions as unknown as Question[]} />
           </div>
         </div>
       </QuestionFilterProvider>