Arquisoft · uo289267 · Apr 22, 2024 · Apr 14, 2024 · Apr 14, 2024 · Apr 14, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -76,6 +76,8 @@ jobs:
     - uses: actions/checkout@v4
     - name: Publish to Registry
       uses: elgohr/Publish-Docker-Github-Action@v5
+      env:
+        JWT_KEY: ${{secrets.JWT_KEY}}
       with:
           name: arquisoft/wiq_en1b/authservice
           username: ${{ github.actor }}

diff --git a/gatewayservice/gateway-service.js b/gatewayservice/gateway-service.js
@@ -6,7 +6,7 @@
 const swaggerUi = require('swagger-ui-express'); 
 const fs = require("fs")
 const YAML = require('yaml')
-
+const jwt = require('jsonwebtoken');
 const app = express();
 const port = 8000;
 
@@ -47,7 +47,7 @@
   }
 });
 
-app.get('/questions', async (req, res) => {
+app.get('/questions', verifyToken, async (req, res) => {
   try {
 
     // Forward the question request to the quetion service
@@ -74,6 +74,36 @@
 });
 
 
+app.get('/questions/:lang/:amount', verifyToken, async (req, res) => {
+  try {
+    const lang = req.params.lang.toString();
+    const amount = req.params.amount.toString();
+    // Forward the question request to the quetion service
+    const questionResponse = await axios.get(questionServiceUrl+'/questions/' + lang + '/' + amount);
+
+    res.json(questionResponse.data);
+  } catch (error) {
+
+    res.status(error.response.status).json({ error: error.response.data.error });
+  }
+});
+
+app.get('/questions/:lang/:amount/:type', verifyToken, async (req, res) => {
+  try {
+    const lang = req.params.lang.toString();
+    const amount = req.params.amount.toString();
+    const type = req.params.type.toString();
+    // Forward the question request to the quetion service
+    const questionResponse = await axios.get(questionServiceUrl+'/questions/' + lang + '/' + amount + '/' + type);
+
+    res.json(questionResponse.data);
+  } catch (error) {
+
+    res.status(error.response.status).json({ error: error.response.data.error });
+  }
+});
+
+
 app.get('/questions/:lang/:amount', async (req, res) => {
   try {
     const lang = req.params.lang.toString();
@@ -88,11 +118,11 @@
   }
 });
 
-app.get('/questions/:lang', async (req, res) => {
+app.get('/questions/:lang', verifyToken, async (req, res) => {
   try {
     const lang = req.params.lang.toString();
     // Forward the question request to the quetion service
-    const questionResponse = await axios.get(questionServiceUrl+'/questions/' + lang);
+    const questionResponse = await axios.get(questionServiceUrl+'/questions/' + lang.toString());
 
     res.json(questionResponse.data);
   } catch (error) {
@@ -101,7 +131,8 @@
   }
 });
 
-app.post('/record', async(req, res) => {
+app.post('/record', verifyToken, async(req, res) => {
+  console.log("in")
   try {
     // Forward the record request to the record service
     const recordResponse = await axios.post(recordServiceUrl+'/record', req.body);
@@ -111,7 +142,28 @@
   }
 });
 
-app.get('/record/ranking/top10', async(req, res)=>{
+app.get('/record/ranking/top10', verifyToken, async(req, res)=>{
+  try {
+    // Forward the record request to the record service
+    const recordResponse = await axios.get(recordServiceUrl + '/record/ranking/top10');
+    res.json(recordResponse.data);
+  } catch (error) {
+    res.send(error);
+  }
+});
+
+app.get('/record/ranking/:user', verifyToken, async(req, res)=>{
+  try {
+    const user = req.params.user;
+    // Forward the record request to the record service
+    const recordResponse = await axios.get(recordServiceUrl + '/record/ranking/' + user);
+    res.json(recordResponse.data);
+  } catch (error) {
+    res.send(error);
+  }
+});
+
+app.get('/record/ranking/top10', verifyToken, async(req, res)=>{
   try {
     // Forward the record request to the record service
     const recordResponse = await axios.get(recordServiceUrl + '/record/ranking/top10');
@@ -132,7 +184,7 @@
   }
 });
 
-app.get('/record/:user', async(req, res)=>{
+app.get('/record/:user', verifyToken,  async(req, res)=>{
   try {
     const user = req.params.user;
     // Forward the record request to the record service
@@ -159,4 +211,23 @@
   console.log(`Gateway Service listening at http://localhost:${port}`);
 });
 
+function verifyToken(req, res, next) {
+  // Get the token from the request headers
+  const token = req.headers['token'] || req.body.token || req.query.token;
+
+  // Verify if the token is valid
+  jwt.verify(token, (process.env.JWT_KEY??'my-key'), (err, decoded) => {
+    if (err) {
+      // Token is not valid
+      res.status(403).json({authorized: false,
+        error: 'Invalid token or outdated'});
+    } else {
+      // Token is valid
+      req.decodedToken = decoded;
+      // Call next() to proceed to the next middleware or route handler
+      next();
+    }
+  });
+}
+
 module.exports = server
diff --git a/gatewayservice/gateway-service.test.js b/gatewayservice/gateway-service.test.js
@@ -1,14 +1,21 @@
 const request = require('supertest');
 const axios = require('axios');
+const jwt = require('jsonwebtoken');
 const app = require('./gateway-service'); 
 
 afterAll(async () => {
     app.close();
   });
 
+
+jest.mock('jsonwebtoken');
+
 jest.mock('axios');
 
-describe('Gateway Service', () => {
+
+
+describe('Gateway Service with token mock', () => {
+
   // Mock responses from external services
   axios.post.mockImplementation((url, data) => {
     if (url.endsWith('/login')) {
@@ -45,6 +52,14 @@ describe('Gateway Service', () => {
     }
   });
 
+
+
+  // Mock the `verify` function of JWT
+  jwt.verify.mockImplementation((token, secretOrPublicKey, callback) => {
+    // Assume the token is valid and return the payload
+    callback(null, "decoded");
+  });
+
   // Test /login endpoint
   it('should forward login request to auth service', async () => {
     const response = await request(app)
@@ -69,15 +84,15 @@ describe('Gateway Service', () => {
   // Test /questions endpoint
   it('should forward questions request to question service', async () => {
     const response = await request(app)
-      .get('/questions');
+      .get('/questions').set('token', 'valorDelToken');
 
       checkQuestion(response);
   });
 
   // Test /questions/:lang endpoint
   it('should forward questions request to question service', async () => {
     const response = await request(app)
-      .get('/questions/es');
+      .get('/questions/es').set('token', 'valorDelToken');
 
     checkQuestion(response);
   });
@@ -101,14 +116,26 @@ describe('Gateway Service', () => {
   // Test /record endpoint
   it('should forward record request to record service', async () => {
     const response = await request(app)
-      .post('/record');
+      .post('/record').set('token', 'valorDelToken');
 
     expect(response.statusCode).toBe(200);
     expect(response.body.user).toBe('testuser');
   });
 
   // Test /record/:user endpoint
   it('should forward record request to record service', async () => {
+    const response = await request(app)
+      .get('/record/testuser').set('token', 'valorDelToken');
+    expect(response.statusCode).toBe(200);
+    expect(response.body).toHaveProperty('record', "undefined");
+  });
+
+
+});
+
+describe('Gateway Service without token mock', () => {
+  // Test /record/:user endpoint
+  it('should not verify the token', async () => {
     const response = await request(app)
       .get('/record/testuser');
 

diff --git a/gatewayservice/package-lock.json b/gatewayservice/package-lock.json