authenticate and authorize all the user endpoints

handle general response Delete User
Zenmo · Jan 20, 2025 · 3745473 · 3745473
1 parent ac2a849
commit 3745473
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 22 deletions.
diff --git a/frontend/src/admin/use-users.ts b/frontend/src/admin/use-users.ts
@@ -26,8 +26,8 @@ export const useUsers = (): UseUserReturn => {
                 redirectToLogin()
                 return
             }
-            if (response.status === 500) {
-                return
+            if (!response.ok) {
+                throw new Error(`Could not load users: ${response.status} ${response.statusText}`)
             }
 
             setUsers(usersFromJson(await response.text()))

diff --git a/ztor/src/main/kotlin/com/zenmo/ztor/plugins/Databases.kt b/ztor/src/main/kotlin/com/zenmo/ztor/plugins/Databases.kt
@@ -32,7 +32,7 @@ fun Application.configureDatabases(): Database {
     val projectRepository = ProjectRepository(db)
     val deeplinkService = DeeplinkService(DeeplinkRepository(db))
 
-    fun authenticateAndAuthorize(call: ApplicationCall, userRepository: UserRepository): Boolean {
+    suspend fun authenticateAndAuthorize(call: ApplicationCall, userRepository: UserRepository): Boolean {
         val userId = call.getUserId()
         if (userId == null) {
             call.respond(HttpStatusCode.Unauthorized, "User not authenticated")
@@ -47,10 +47,10 @@ fun Application.configureDatabases(): Database {
 
         return true
     }
-    
+
     routing {
         // List users for current user
-        get("/users") {\
+        get("/users") {
             if (!authenticateAndAuthorize(call, userRepository)) return@get
 
             try {
@@ -64,14 +64,14 @@ fun Application.configureDatabases(): Database {
         // Get one user that belongs to the user
         get("/users/{userId}") {
             if (!authenticateAndAuthorize(call, userRepository)) return@get
-
+            val userId = UUID.fromString(call.parameters["userId"])
             val user = userRepository.getUserById(userId)
             call.respond(HttpStatusCode.OK, user)
         }
 
         // Create
         post("/users") {
-            if (!authenticateAndAuthorize(call, userRepository)) return@get
+            if (!authenticateAndAuthorize(call, userRepository)) return@post
 
             val user: User?
             try {
@@ -85,26 +85,14 @@ fun Application.configureDatabases(): Database {
                 return@post
             }
 
-            val userId = call.getUserId()
-            if (userId == null) {
-                call.respond(HttpStatusCode.Unauthorized)
-                return@post
-            }
-            val isAdmin = userRepository.isAdmin(userId)
-
-            if (!isAdmin) {
-                call.respond(HttpStatusCode.Forbidden, "Access denied")
-                return@get
-            }
-
             val newUser = userRepository.save(user)
 
             call.respond(HttpStatusCode.Created, newUser)
         }
 
         // Update
         put("/users") {
-            if (!authenticateAndAuthorize(call, userRepository)) return@get
+            if (!authenticateAndAuthorize(call, userRepository)) return@put
 
             val user: User?
             try {
@@ -117,12 +105,21 @@ fun Application.configureDatabases(): Database {
                 call.respond(HttpStatusCode.BadRequest,  errorMessageToJson(e.message))
                 return@put
             }
+            println(user)
 
             val newUser = userRepository.save(user)
+            println(newUser)
 
             call.respond(HttpStatusCode.OK, newUser)
         }
 
+        delete("/users/{userId}") {
+            if (!authenticateAndAuthorize(call, userRepository)) return@delete
+            val userId = UUID.fromString(call.parameters["userId"])
+            userRepository.deleteUserById(userId)
+            call.respond(HttpStatusCode.OK)
+        }
+
         // List projects for current user
         get("/projects") {
             val userId = call.getUserId()

diff --git a/zummon/src/commonMain/kotlin/User.kt b/zummon/src/commonMain/kotlin/User.kt
@@ -13,8 +13,10 @@ import kotlin.js.JsExport
  */
 @Serializable
 @JsExport
-data class User(
-    val id: Uuid = Uuid.random(),
+data class User
+constructor(
+    @Serializable(with = BenasherUuidSerializer::class)
+    val id: Uuid = uuid4(),
     val note: String,
     val projects: List<Project> = emptyList(),
     val isAdmin: Boolean = false