Added auth to the branch

Author: ConnerWithAnE

server/src/auth/jwt-auth.ts

@@ -0,0 +1,21 @@
+import jwt from "jsonwebtoken";
+import { Request, Response, NextFunction } from "express";
+
+const authenticateJWT = (req: Request, res: Response, next: NextFunction) => {
+  const authHeader = req.headers.authorization;
+
+  if (authHeader) {
+    const token = authHeader.split(" ")[1];
+    jwt.verify(token, process.env.JWT_SECRET!, (err, user) => {
+      if (err) {
+        return res.status(403).json({ error: "Forbidden" });
+      }
+      req.user = user;
+      next();
+    });
+  } else {
+    res.status(401).json({ error: "Unauthorized" });
+  }
+};
+
+export default authenticateJWT;

server/src/routes/admin-router.ts

@@ -1,8 +1,9 @@
-import express, { Request, Response, Router } from "express";
+import express, { Request, Response, Router, NextFunction } from "express";
 import { DatabaseController } from "../database-controller";
 import { GetQuery, InsertData, RadData, Testing } from "../types";
-
-const router = express.Router();
+import axios from "axios";
+import jwt from "jsonwebtoken";
+import authenticateJWT from "../auth/jwt-auth";
 
 export default function adminRouter(dbController: DatabaseController): Router {
   const router = Router();
@@ -11,25 +12,82 @@ export default function adminRouter(dbController: DatabaseController): Router {
   // The data is in the correct format and ready to be input.
 
   // THIS WILL NOT WORK WITH RAW PAPERS, Data MUST be in InsertData format
-  router.post("/insertPapers", (req: Request, res: Response) => {
-    try {
-      insertRows(requestFromJSON(req.body), dbController).then(() => {
-        // 201: The request was successful, and a new resource was created
-        res.send(201);
-      });
-    } catch (error) {
-      console.error(`${error}`);
+  router.post(
+    "/insertPapers",
+    authenticateJWT,
+    async (req: Request, res: Response) => {
+      try {
+        await insertRows(requestFromJSON(req.body), dbController).then(() => {
+          // 201: The request was successful, and a new resource was created
+          res.send(201);
+        });
+      } catch (error) {
+        console.error(`${error}`);
+      }
+    },
+  );
+
+  router.post(
+    "/parseRequest",
+    authenticateJWT,
+    (req: Request, res: Response) => {
+      try {
+        // TODO
+        parsePapers(req.body).then((result: InsertData[]) => {
+          res.send(responseToJSON(result));
+        });
+      } catch (error) {
+        console.error(``);
+      }
+    },
+  );
+
+  // Example list of allowed NSIDs (replace with database table in the future)
+  const allowedNSIDs = [
+    "mrm322",
+    "nec314",
+    "stm875",
+    "cmh860",
+    "ara258",
+    "xgr074",
+  ];
+
+  router.get("/auth/cas-validate", async (req: Request, res: Response) => {
+    const { ticket, service } = req.query;
+
+    if (!ticket || !service) {
+      res.status(400).json({ error: "Missing ticket or service" });
     }
-  });
 
-  router.post("/parseRequest", (req: Request, res: Response) => {
     try {
-      // TODO
-      parsePapers(req.body).then((result: InsertData[]) => {
-        res.send(responseToJSON(result));
-      });
+      // Validate CAS ticket
+      const casResponse = await axios.get(
+        `https://cas.usask.ca/serviceValidate`,
+        {
+          params: { ticket, service },
+        },
+      );
+
+      const casData = casResponse.data; // assumed user CAS info, need to test to see
+      const nsid = casData.user; // Potentally the nsid of the user. Again need to test
+
+      if (!nsid) {
+        res.status(401).json({ error: "Invalid CAS Ticket" });
+      }
+
+      if (!allowedNSIDs.includes(nsid)) {
+        res.status(403).json({ error: "Access denied" });
+      }
+
+      const token = jwt.sign(
+        { username: casData.user, roles: casData.roles },
+        process.env.JWT_SECRET!,
+        { expiresIn: "3h" },
+      );
+
+      res.json({ token });
     } catch (error) {
-      console.error(``);
+      res.status(500).json({ error: "CAS validation failed" });
     }
   });
 

server/src/types/express.d.ts

@@ -0,0 +1,9 @@
+import * as express from "express";
+
+declare global {
+  namespace Express {
+    interface Request {
+      user?: any; // Adjust the type as needed, e.g., `Record<string, any>` or a custom User type
+    }
+  }
+}