Merge branch 'develop' into add/org-view-table-sort

# Conflicts:
#	src/components/tables/table.js

Author: vgeorge

.env.test

@@ -2,4 +2,5 @@ NEXTAUTH_URL=http://127.0.0.1:3000
 NEXTAUTH_SECRET=next-auth-cypress-secret
 DATABASE_URL=postgres://postgres:postgres@localhost:5434/osm-teams-test
 TESTING=true
-LOG_LEVEL=silent
+LOG_LEVEL=silent
+AUTH_URL=http://127.0.0.1:3000

app/index.js

@@ -11,21 +11,14 @@ module.exports = {
       process.env.OSM_API ||
       process.env.OSM_DOMAIN ||
       'https://www.openstreetmap.org',
-    OSM_HYDRA_ID: process.env.OSM_HYDRA_ID || 'manage',
-    OSM_HYDRA_SECRET: process.env.OSM_HYDRA_SECRET || 'manage-secret',
-    OSM_CONSUMER_KEY: process.env.OSM_CONSUMER_KEY,
-    OSM_CONSUMER_SECRET: process.env.OSM_CONSUMER_SECRET,
-    HYDRA_TOKEN_HOST: process.env.HYDRA_TOKEN_HOST || 'http://localhost:4444',
-    HYDRA_TOKEN_PATH: process.env.HYDRA_TOKEN_PATH || '/oauth2/token',
-    HYDRA_AUTHZ_HOST: process.env.HYDRA_AUTHZ_HOST || 'http://localhost:4444',
-    HYDRA_AUTHZ_PATH: process.env.HYDRA_AUTHZ_PATH || '/oauth2/auth',
-    HYDRA_ADMIN_HOST: process.env.HYDRA_ADMIN_HOST || 'http://localhost:4445',
   },
   basePath: process.env.BASE_PATH || '',
   env: {
     APP_URL: process.env.APP_URL || vercelUrl || 'http://127.0.0.1:3000',
     OSM_NAME: process.env.OSM_NAME || 'OSM',
     BASE_PATH: process.env.BASE_PATH || '',
+    HYDRA_URL: process.env.HYDRA_URL || 'https://auth.mapping.team/hyauth',
+    AUTH_URL: process.env.AUTH_URL || 'https://auth.mapping.team',
   },
   eslint: {
     dirs: [

next.config.js

@@ -30,7 +30,6 @@
     "test:ava": "NODE_ENV=test ava",
     "lint": "next lint",
     "build": "next build",
-    "start": "NODE_ENV=production node app/index.js",
     "postinstall": "yarn run next telemetry disable > /dev/null"
   },
   "browserify": {

oauth2-osm-client-app.png

@@ -53,7 +53,7 @@ const SearchInput = ({ onSearch, placeholder, 'data-cy': dataCy }) => {
           name='search'
           id='search'
           placeholder={placeholder}
-          style={{ width: '12rem' }}
+          style={{ width: '14rem' }}
         />
         <Button
           data-cy={`${dataCy}-search-submit`}

package.json

@@ -12,13 +12,15 @@ function TableHead({ dataCy, columns, sort, setSort, onClick }) {
             currentSortDirection === 'asc' ? 'desc' : 'asc'
           let sortIcon = ''
           if (currentSortDirection !== 'none') {
-            sortIcon = currentSortDirection === 'asc' ? '⬆' : '⬇'
+            sortIcon = currentSortDirection === 'asc' ? '▲' : '▼'
           }
 
           return (
             <th
               key={`table-head-column-${key}`}
               data-cy={`${dataCy}-head-column-${key}`}
+              className={sortable && 'sortable'}
+              title={sortable && `Click to sort by ${key}`}
               onClick={() => {
                 onClick && onClick()
 
@@ -155,6 +157,9 @@ export default function Table({
             background: ${theme.colors.primaryLite};
             border-bottom: 4px solid ${theme.colors.primaryColor};
           }
+          thead th.sortable {
+            cursor: pointer;
+          }
 
           tbody tr td {
             padding: 0.875rem;

src/components/tables/search-input.js

@@ -66,6 +66,7 @@ function UsersTable({ type, orgId, onRowClick, isSearchable }) {
             setPage(1)
             setSearch(search)
           }}
+          placeholder='Search by username'
         />
       )}
       <Table

src/components/tables/table.js

@@ -1,6 +1,7 @@
 import nc from 'next-connect'
 import logger from '../lib/logger'
 import { getToken } from 'next-auth/jwt'
+import Boom from '@hapi/boom'
 
 /**
  * This file contains the base handler to be used in all API routes.
@@ -67,9 +68,40 @@ export function createBaseHandler() {
 
   // Add session to request
   baseHandler.use(async (req, res, next) => {
-    const token = await getToken({ req })
-    if (token) {
-      req.session = { user_id: token.userId || token.sub }
+    /** Handle authorization using either Bearer token auth or
+     * using the next-auth session
+     */
+    if (req.headers.authorization) {
+      // introspect the token
+      const [type, token] = req.headers.authorization.split(' ')
+      if (type !== 'Bearer') {
+        throw Boom.badRequest(
+          'Authorization scheme not supported. Only Bearer scheme is supported'
+        )
+      } else {
+        const result = await fetch(`${process.env.AUTH_URL}/api/introspect`, {
+          method: 'POST',
+          headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+          },
+          body: JSON.stringify({
+            token: token,
+          }),
+        }).then((response) => {
+          return response.json()
+        })
+        if (result && result.active) {
+          req.session = { user_id: result.sub }
+        } else {
+          throw Boom.badRequest('Invalid token')
+        }
+      }
+    } else {
+      const token = await getToken({ req })
+      if (token) {
+        req.session = { user_id: token.userId || token.sub }
+      }
     }
     next()
   })

src/components/tables/users.js

@@ -0,0 +1,19 @@
+import Boom from '@hapi/boom'
+
+/**
+ * Authenticated
+ *
+ * To view this route you must be authenticated
+ *
+ * @returns {Promise<boolean>}
+ */
+export default async function isAuthenticated(req, res, next) {
+  const userId = req.session?.user_id
+
+  // Must be owner or manager
+  if (!userId) {
+    throw Boom.unauthorized()
+  } else {
+    next()
+  }
+}