Merge pull request #91 from Klaven/dashboard-api

Dashboard api
null-channel · Mar 13, 2024 · 18575c6 · 18575c6
2 parents 78cc162 + 348916c
commit 18575c6
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 32 deletions.
diff --git a/api/middleware/authentication.go b/api/middleware/authentication.go
@@ -33,13 +33,9 @@ func AddJwtHeaders(next http.Handler) http.Handler {
 		var cookies string
 
 		ctx := withCookies(request.Context(), cookies)
-		// this example passes all request.Cookies
-		// to `ToSession` function
-		//
-		// However, you can pass only the value of
-		// ory_session_projectid cookie to the endpoint
 		cookies = request.Header.Get("Cookie")
 		tokenString := request.Header.Get("Authorization")
+
 		// remove the Bearer prefix
 		// and parse the token
 		parser := &jwt.Parser{
@@ -48,24 +44,18 @@ func AddJwtHeaders(next http.Handler) http.Handler {
 			SkipClaimsValidation: true,
 		}
 		tokenString = strings.Replace(tokenString, "Bearer ", "", 1)
-		userId, err := parser.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
-			//fmt.Println("claims: " + token.Claims.(jwt.MapClaims)["sub"])
-			claims := token.Claims.(jwt.MapClaims)
-			// You can now extract any data from the token's payload
-			return claims["sub"], nil
-		})
-		user_id := fmt.Sprintf("%v", userId)
+		var claims jwt.MapClaims
+		_, _, err := parser.ParseUnverified(tokenString, &claims)
 		if err != nil {
 			fmt.Println("Error parsing token! but that is ok")
-			// can fail if the token is invalid but we don't want to validate it here for now
-			//return
+			fmt.Println(err)
+			return
 		}
-		//TODO: Delete this line
-		fmt.Println("request userId: %s" + user_id)
-		ctx = withUser(ctx, user_id)
+		userId := claims["sub"].(string)
+
+		ctx = withUser(ctx, userId)
 
-		//ctx = withSession(ctx, session)
-		request.Header.Set("user-id", fmt.Sprintf("%v", user_id))
+		request.Header.Set("user-id", userId)
 
 		// continue to the requested page (in our case the Dashboard)
 		next.ServeHTTP(writer, request.WithContext(ctx))

diff --git a/api/middleware/dumbauthz.go b/api/middleware/dumbauthz.go
@@ -22,11 +22,11 @@ func NewAuthzMiddleware(db *bun.DB) *AuthzMiddleware {
 func (k *AuthzMiddleware) CheckAuthz(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Check if the user-id header is set
-		userId, ok := r.Context().Value("user-id").(int64)
+		userId, ok := r.Context().Value("user-id").(string)
 		if !ok {
-			fmt.Println("User id not found in context. Failing Authz.")
-			http.Redirect(w, r, "error", 234)
-			w.Header().Set("location", "error")
+			fmt.Println("User is new, redirecting to new user page")
+			http.Error(w, "User is new, redirecting to new user page", http.StatusTemporaryRedirect)
+			w.Header().Set("location", "/newuser")
 			return
 		}
 		fmt.Println("Checking if user is new...")
@@ -35,8 +35,8 @@ func (k *AuthzMiddleware) CheckAuthz(next http.Handler) http.Handler {
 
 		if err != nil {
 			fmt.Println("User is new, redirecting to new user page")
-			http.Redirect(w, r, "newuser", 234)
-			w.Header().Set("location", "newuser")
+			http.Error(w, "User is new, redirecting to new user page", http.StatusTemporaryRedirect)
+			w.Header().Set("location", "/newuser")
 			return
 		}
 		org, err := user.GetOrgByOwnerId(userId, k.db)

diff --git a/api/middleware/newuser.go b/api/middleware/newuser.go
@@ -20,7 +20,7 @@ func NewUserMiddleware(db *bun.DB) *UserMiddleware {
 
 func (k *UserMiddleware) NewUserMiddlewareCheck(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		userId := r.Context().Value("user-id").(int64)
+		userId := r.Context().Value("user-id").(string)
 		fmt.Println("Checking if user is new... %i", userId)
 		// Check database for user
 		_, err := user.GetUserForId(userId, k.db)
@@ -29,7 +29,6 @@ func (k *UserMiddleware) NewUserMiddlewareCheck(next http.Handler) http.Handler
 			fmt.Println("User is new, redirecting to new user page")
 			http.Error(w, "User is new, redirecting to new user page", http.StatusTemporaryRedirect)
 			w.Header().Set("location", "/newuser")
-
 			return
 		}
 

diff --git a/api/users/controllers/user.go b/api/users/controllers/user.go
@@ -160,7 +160,7 @@ func (u *UserController) UpsertUserDB(user models.User) (int, error) {
 // @Success		200	{string}	Helloworld
 // @Router			/users/ [post]
 func (u *UserController) UpsertUser(w http.ResponseWriter, r *http.Request) {
-	id := r.Context().Value("user-id").(int64)
+	id := r.Context().Value("user-id").(string)
 	email := r.Context().Value("email").(string)
 	newsLetterConsent := r.Context().Value("newsletter-consent").(bool)
 	name := r.Context().Value("name").(string)

diff --git a/api/users/models/models.go b/api/users/models/models.go
@@ -8,7 +8,7 @@ import (
 )
 
 type User struct {
-	ID                int64 `bun:",pk"` // primary key, same as ory.
+	ID                string `bun:",pk"` // primary key, same as ory.
 	Name              string
 	Email             string
 	NewsLetterConsent bool `bun:"newsletterConsent"`
@@ -42,7 +42,7 @@ func (u User) String() string {
 
 // UpdateUser godoc
 // @Summary	Get user info for user id
-func GetUserForId(id int64, userDb *bun.DB) (*User, error) {
+func GetUserForId(id string, userDb *bun.DB) (*User, error) {
 	var user User
 	err := userDb.NewSelect().
 		Model(&user).
@@ -56,11 +56,11 @@ func GetUserForId(id int64, userDb *bun.DB) (*User, error) {
 	return &user, nil
 }
 
-func GetOrgByOwnerId(user_id int64, userDb *bun.DB) (*Org, error) {
+func GetOrgByOwnerId(userId string, userDb *bun.DB) (*Org, error) {
 	var org Org
 	err := userDb.NewSelect().
 		Model(&org).
-		Where("owner_id = ?", user_id).
+		Where("owner_id = ?", userId).
 		Scan(context.Background(), &org)
 
 	if err != nil {