Refactor: updated frontend auth to use cookies instead of localhost

backend/.gitignore

@@ -3,4 +3,5 @@ target
 Cargo.lock
 prisma-cli/prisma/migrations
 /.idea
-**/.DS_Store
+**/.DS_Store
+.env.*

backend/README.md

@@ -61,4 +61,4 @@ Request -> Middleware (optional) -> Handler -> Service -> Middleware (Optional)
 - JWT
 
 ### Storage
-- Object storage
+- Object storage

backend/migrations/20240406023149_create_users.sql

@@ -14,4 +14,8 @@ CREATE TABLE users (
     updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
 );
 
+-- Seed initial superuser
+INSERT INTO users (id, email, name, role)
+VALUES (10000, 'chaosdirectors@devsoc.app', 'Super Admin', 'SuperUser');
+
 CREATE UNIQUE INDEX IDX_users_email_lower on users((lower(email)));

backend/server/src/handler/auth.rs

@@ -11,11 +11,52 @@ use crate::service::auth::create_or_get_user_id;
 use crate::service::jwt::encode_auth_token;
 use axum::extract::{Query, State};
 use axum_extra::extract::cookie::{Cookie, CookieJar, Expiration};
-use axum::response::IntoResponse;
+use axum::response::{IntoResponse, Redirect};
 use oauth2::reqwest::async_http_client;
-use oauth2::{AuthorizationCode, TokenResponse};
+use oauth2::{AuthorizationCode, TokenResponse, Scope};
 use time::OffsetDateTime;
 
+/// Handles the Google OAuth2 callback.
+/// 
+/// This handler processes the OAuth2 code received from Google after user authorization.
+/// It exchanges the code for an access token, retrieves the user's profile information,
+/// creates or retrieves the user in the database, and generates a JWT token for authentication.
+/// 
+/// # Arguments
+/// 
+/// * `state` - The application state
+/// * `query` - The OAuth2 callback query parameters containing the authorization code
+/// * `oauth_client` - The OAuth2 client for Google authentication
+/// 
+/// # Returns
+/// 
+/// * `Result<impl IntoResponse, ChaosError>` - JWT token or error
+/// 
+/// Initiates the Google OAuth2 flow.
+/// 
+/// This handler redirects users to Google's OAuth2 authorization URL to begin
+/// the authentication process.
+/// 
+/// # Arguments
+/// 
+/// * `state` - The application state containing the OAuth2 client
+/// 
+/// # Returns
+/// 
+/// * `Result<impl IntoResponse, ChaosError>` - Redirect to Google OAuth or error
+pub async fn google_auth_init(
+    State(state): State<AppState>,
+) -> Result<impl IntoResponse, ChaosError> {
+    let (auth_url, _csrf_token) = state.oauth2_client
+        .authorize_url(|| oauth2::CsrfToken::new_random())
+        .add_scope(Scope::new("openid".to_string()))
+        .add_scope(Scope::new("email".to_string()))
+        .add_scope(Scope::new("profile".to_string()))
+        .url();
+
+    Ok(Redirect::to(auth_url.as_str()))
+}
+
 /// Handles the Google OAuth2 callback.
 /// 
 /// This handler processes the OAuth2 code received from Google after user authorization.
@@ -75,8 +116,16 @@ pub async fn google_callback(
         .expires(Expiration::DateTime(OffsetDateTime::now_utc() + time::Duration::days(5))) // Set an expiration time of 5 days, TODO: read from env?
         .secure(!state.is_dev_env)     // Send only over HTTPS, comment out for testing
         .path("/");       // Available for all paths
-    // Add the cookie to the response
-    Ok(jar.add(cookie))
+
+    // Redirect to the frontend dashboard after successful authentication
+    let redirect_url = if state.is_dev_env {
+        "http://localhost:3000/dashboard"
+    } else {
+        "/dashboard" // In production, this would be the full URL
+    };
+
+    // Add the cookie and redirect
+    Ok((jar.add(cookie), Redirect::to(redirect_url)))
 }
 
 pub struct DevLoginHandler;
@@ -104,8 +153,12 @@ impl DevLoginHandler {
             .http_only(true) // Prevent JavaScript access
             .expires(Expiration::DateTime(OffsetDateTime::now_utc() + time::Duration::days(5))) // Set an expiration time of 5 days, TODO: read from env?
             .path("/");       // Available for all paths
-        // Add the cookie to the response
-        Ok(jar.add(cookie))
+
+        // Redirect to the frontend dashboard after successful authentication
+        let redirect_url = "http://localhost:3000/dashboard";
+
+        // Add the cookie and redirect
+        Ok((jar.add(cookie), Redirect::to(redirect_url)))
     }
 
     pub async fn dev_org_admin_login(
@@ -130,8 +183,12 @@ impl DevLoginHandler {
             .http_only(true) // Prevent JavaScript access
             .expires(Expiration::DateTime(OffsetDateTime::now_utc() + time::Duration::days(5))) // Set an expiration time of 5 days, TODO: read from env?
             .path("/");       // Available for all paths
-        // Add the cookie to the response
-        Ok(jar.add(cookie))
+
+        // Redirect to the frontend dashboard after successful authentication
+        let redirect_url = "http://localhost:3000/dashboard";
+
+        // Add the cookie and redirect
+        Ok((jar.add(cookie), Redirect::to(redirect_url)))
     }
 
     pub async fn dev_user_login(
@@ -156,7 +213,11 @@ impl DevLoginHandler {
             .http_only(true) // Prevent JavaScript access
             .expires(Expiration::DateTime(OffsetDateTime::now_utc() + time::Duration::days(5))) // Set an expiration time of 5 days, TODO: read from env?
             .path("/");       // Available for all paths
-        // Add the cookie to the response
-        Ok(jar.add(cookie))
+
+        // Redirect to the frontend dashboard after successful authentication
+        let redirect_url = "http://localhost:3000/dashboard";
+
+        // Add the cookie and redirect
+        Ok((jar.add(cookie), Redirect::to(redirect_url)))
     }
 }

backend/server/src/main.rs

@@ -10,8 +10,8 @@ async fn main() -> Result<(), ChaosError> {
     dotenvy::dotenv()?;
 
     let app = app().await?;
-    let listener = tokio::net::TcpListener::bind("0.0.0.0:3000").await.unwrap();
+    let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap();
     axum::serve(listener, app).await.unwrap();
 
     Ok(())
-}
+}

backend/server/src/models/app.rs

@@ -1,6 +1,6 @@
 use crate::handler::answer::AnswerHandler;
 use crate::handler::application::ApplicationHandler;
-use crate::handler::auth::{google_callback, DevLoginHandler};
+use crate::handler::auth::{google_callback, google_auth_init, DevLoginHandler};
 use crate::handler::campaign::CampaignHandler;
 use crate::handler::email_template::EmailTemplateHandler;
 use crate::handler::offer::OfferHandler;
@@ -123,6 +123,7 @@ pub async fn app() -> Result<Router, ChaosError> {
         .allow_credentials(true)
         .allow_origin([
             "http://localhost".parse().unwrap(),
+            "http://localhost:3000".parse().unwrap(),
             "https://chaos.devsoc.app".parse().unwrap(),
             "http://chaos.devsoc.app".parse().unwrap(),
             "https://chaosstaging.devsoc.app".parse().unwrap(),
@@ -131,6 +132,7 @@ pub async fn app() -> Result<Router, ChaosError> {
 
     Ok(Router::new()
         .route("/", get(|| async { "Join DevSoc! https://devsoc.app/" }))
+        .route("/auth/google", get(google_auth_init))
         .route("/api/auth/callback/google", get(google_callback))
         .route("/api/v1/dev/super_admin_login", get(DevLoginHandler::dev_super_admin_login))
         .route("/api/v1/dev/org_admin_login", get(DevLoginHandler::dev_org_admin_login))

backend/server/src/service/auth.rs

@@ -109,15 +109,28 @@ pub async fn extract_user_id_from_request(
 ) -> Result<i64, ChaosError> {
     let decoding_key = &state.decoding_key;
     let jwt_validator = &state.jwt_validator;
+
+
     let TypedHeader(cookies) = parts
         .extract::<TypedHeader<Cookie>>()
         .await
-        .map_err(|_| ChaosError::NotLoggedIn)?;
+        .map_err(|e| {
+            ChaosError::NotLoggedIn
+        })?;
 
-    let token = cookies.get("auth_token").ok_or(ChaosError::NotLoggedIn)?;
+
+
+    let token = cookies.get("auth_token").ok_or_else(|| {
+        ChaosError::NotLoggedIn
+    })?;
+
+
 
     let claims =
-        decode_auth_token(token, decoding_key, jwt_validator).ok_or(ChaosError::NotLoggedIn)?;
+        decode_auth_token(token, decoding_key, jwt_validator).ok_or_else(|| {
+            ChaosError::NotLoggedIn
+        })?;
 
+
     Ok(claims.sub)
 }

frontend/.env.development

@@ -1,3 +1,3 @@
-VITE_OAUTH_CALLBACK_URL=https://accounts.google.com/o/oauth2/v2/auth?client_id=985448402284-al4vuqpokkhgv6h952lhu6iasg1lupug.apps.googleusercontent.com&redirect_uri=http://localhost:3000/auth/callback&response_type=code&scope=profile email&access_type=online
-VITE_API_BASE_URL=http://localhost:8000
+VITE_OAUTH_CALLBACK_URL=https://accounts.google.com/o/oauth2/v2/auth?client_id=731862014126-5b109p4v6b173910ib347gtfn0ecnacj.apps.googleusercontent.com&redirect_uri=http://localhost:8080/api/auth/callback/google&response_type=code&scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile&access_type=offline
+VITE_API_BASE_URL=http://localhost:8080
 BROWSER=none

frontend/.eslintrc.json

@@ -25,7 +25,7 @@
   "parserOptions": {
     "ecmaVersion": 12,
     "sourceType": "module",
-    "project": "./tsconfig.json"
+    "project": "./frontend/tsconfig.json"
   },
   "plugins": ["react", "prettier"],
   "rules": {

frontend/.gitignore

@@ -23,3 +23,6 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+
+.env.development
+.env

frontend/index.html

@@ -10,6 +10,7 @@
       content="iVGfVNkqvkNxy6yl6RKaGIok_5_DOndLxzj9ydHWJrA"
     />
     <meta name="description" content="CSESoc Hiring Web App" />
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://localhost:8080 https://accounts.google.com https://openidconnect.googleapis.com;" />
     <link rel="preconnect" href="https://fonts.googleapis.com" />
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
     <link