Next (#184)

* basic onboard

* remove ant design

* checks

* internal users + auth

* admin check

Author: potts99

apps/api/src/controllers/auth.ts

@@ -98,15 +98,15 @@ export function authRoutes(fastify: FastifyInstance) {
         throw new Error("Password is not valid");
       }
 
-      var b64string = "TOMATOSOUP";
-      var buf = new Buffer(b64string, "base64"); // Ta-da
+      var b64string = process.env.SECRET;
+      var buf = new Buffer(b64string!, "base64"); // Ta-da
 
       let token = jwt.sign(
         {
           data: { id: user!.id },
         },
         buf,
-        { expiresIn: "1d" }
+        { expiresIn: "7d" }
       );
 
       await prisma.session.create({
@@ -127,6 +127,7 @@ export function authRoutes(fastify: FastifyInstance) {
         ticket_status_changed: user!.notify_ticket_status_changed,
         ticket_comments: user!.notify_ticket_comments,
         ticket_assigned: user!.notify_ticket_assigned,
+        firstLogin: user!.firstLogin,
       };
 
       reply.send({
@@ -140,25 +141,25 @@ export function authRoutes(fastify: FastifyInstance) {
   fastify.delete(
     "/api/v1/auth/user/:id",
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const { id } = request.params as { id: string };
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
 
-      await prisma.user.delete({
-        where: { id },
-      });
+      if (token) {
+        const { id } = request.params as { id: string };
+
+        await prisma.user.delete({
+          where: { id },
+        });
 
-      reply.send({ success: true });
+        reply.send({ success: true });
+      }
     }
   );
 
   // User Profile
   fastify.get(
     "/api/v1/auth/profile",
     async (request: FastifyRequest, reply: FastifyReply) => {
-      // check token
-      // see if token exists on session table
-      // if not, return 401
-      // if yes, return user data
-
       const bearer = request.headers.authorization!.split(" ")[1];
 
       const token = checkToken(bearer);
@@ -210,8 +211,6 @@ export function authRoutes(fastify: FastifyInstance) {
       };
 
       const bearer = request.headers.authorization!.split(" ")[1];
-
-      //checks if token is valid and returns valid token
       const token = checkToken(bearer);
 
       if (token) {
@@ -245,21 +244,59 @@ export function authRoutes(fastify: FastifyInstance) {
   fastify.put(
     "/api/v1/auth/profile",
     async (request: FastifyRequest, reply: FastifyReply) => {
-      //
+      const bearer = request.headers.authorization!.split(" ")[1];
+
+      //checks if token is valid and returns valid token
+      const token = checkToken(bearer);
+
+      if (token) {
+        let session = await prisma.session.findUnique({
+          where: {
+            sessionToken: bearer,
+          },
+        });
+
+        const { name, email, language } = request.body as {
+          name: string;
+          email: string;
+          language: string;
+        };
+
+        let user = await prisma.user.update({
+          where: { id: session?.userId },
+          data: {
+            name: name,
+            email: email,
+            language: language,
+          },
+        });
+
+        reply.send({
+          user,
+        });
+      } else {
+        reply.send({
+          sucess: false,
+        });
+      }
     }
   );
 
   // Logout a user (deletes session)
   fastify.get(
     "/api/v1/auth/user/:id/logout",
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const { id } = request.params as { id: string };
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+      if (token) {
+        const { id } = request.params as { id: string };
 
-      await prisma.session.deleteMany({
-        where: { userId: id },
-      });
+        await prisma.session.deleteMany({
+          where: { userId: id },
+        });
 
-      reply.send({ success: true });
+        reply.send({ success: true });
+      }
     }
   );
 }

apps/api/src/controllers/clients.ts

@@ -1,4 +1,5 @@
 import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+import { checkToken } from "../lib/jwt";
 import { prisma } from "../prisma";
 
 export function clientRoutes(fastify: FastifyInstance) {
@@ -7,20 +8,25 @@ export function clientRoutes(fastify: FastifyInstance) {
     "/api/v1/client/create",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const { name, email, number, contactName }: any = request.body;
-
-      await prisma.client.create({
-        data: {
-          name,
-          contactName,
-          email,
-          number: String(number),
-        },
-      });
-
-      reply.send({
-        success: true,
-      });
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+
+      if (token) {
+        const { name, email, number, contactName }: any = request.body;
+
+        await prisma.client.create({
+          data: {
+            name,
+            contactName,
+            email,
+            number: String(number),
+          },
+        });
+
+        reply.send({
+          success: true,
+        });
+      }
     }
   );
 
@@ -29,21 +35,26 @@ export function clientRoutes(fastify: FastifyInstance) {
     "/api/v1/client/update",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const { name, email, number, contactName, id }: any = request.body;
-
-      await prisma.client.update({
-        where: { id: id },
-        data: {
-          name,
-          contactName,
-          email,
-          number: String(number),
-        },
-      });
-
-      reply.send({
-        success: true,
-      });
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+
+      if (token) {
+        const { name, email, number, contactName, id }: any = request.body;
+
+        await prisma.client.update({
+          where: { id: id },
+          data: {
+            name,
+            contactName,
+            email,
+            number: String(number),
+          },
+        });
+
+        reply.send({
+          success: true,
+        });
+      }
     }
   );
 
@@ -52,12 +63,17 @@ export function clientRoutes(fastify: FastifyInstance) {
     "/api/v1/clients/all",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const clients = await prisma.client.findMany({});
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
 
-      reply.send({
-        success: true,
-        clients: clients,
-      });
+      if (token) {
+        const clients = await prisma.client.findMany({});
+
+        reply.send({
+          success: true,
+          clients: clients,
+        });
+      }
     }
   );
 
@@ -66,15 +82,20 @@ export function clientRoutes(fastify: FastifyInstance) {
     "/api/v1/clients/:id/delete-client",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const { id }: any = request.params;
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+
+      if (token) {
+        const { id }: any = request.params;
 
-      await prisma.client.delete({
-        where: { id: id },
-      });
+        await prisma.client.delete({
+          where: { id: id },
+        });
 
-      reply.send({
-        success: true,
-      });
+        reply.send({
+          success: true,
+        });
+      }
     }
   );
 }

apps/api/src/controllers/data.ts

@@ -1,4 +1,5 @@
 import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+import { checkToken } from "../lib/jwt";
 import { prisma } from "../prisma";
 
 export function dataRoutes(fastify: FastifyInstance) {
@@ -7,8 +8,14 @@ export function dataRoutes(fastify: FastifyInstance) {
     "/api/v1/data/tickets/all",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      // check jwt is valid
-      // check user is admin
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+
+      if (token) {
+        const result = await prisma.ticket.count();
+
+        reply.send({ count: result });
+      }
     }
   );
 
@@ -17,11 +24,16 @@ export function dataRoutes(fastify: FastifyInstance) {
     "/api/v1/data/tickets/completed",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const result = await prisma.ticket.count({
-        where: { isComplete: true },
-      });
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+
+      if (token) {
+        const result = await prisma.ticket.count({
+          where: { isComplete: true },
+        });
 
-      reply.send({ count: result });
+        reply.send({ count: result });
+      }
     }
   );
 
@@ -30,11 +42,16 @@ export function dataRoutes(fastify: FastifyInstance) {
     "/api/v1/data/tickets/open",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const result = await prisma.ticket.count({
-        where: { isComplete: false },
-      });
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
 
-      reply.send({ count: result });
+      if (token) {
+        const result = await prisma.ticket.count({
+          where: { isComplete: false },
+        });
+
+        reply.send({ count: result });
+      }
     }
   );
 
@@ -43,11 +60,16 @@ export function dataRoutes(fastify: FastifyInstance) {
     "/api/v1/data/tickets/unassigned",
 
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const result = await prisma.ticket.count({
-        where: { userId: null },
-      });
+      const bearer = request.headers.authorization!.split(" ")[1];
+      const token = checkToken(bearer);
+
+      if (token) {
+        const result = await prisma.ticket.count({
+          where: { userId: null },
+        });
 
-      reply.send({ count: result });
+        reply.send({ count: result });
+      }
     }
   );
 }