API Auth

.github/workflows/postman-tests.yml

@@ -2,7 +2,7 @@
 name: Postman tests
 on:
   push:
-    branches: [main, dev/postman-tests, dev/api]
+    branches: [main, dev/postman-tests, dev/api, dev/auth-api]
 jobs:
   run-and-test:
     runs-on: ubuntu-latest
@@ -40,6 +40,10 @@ jobs:
 
         # run the API in the background. This will host it on localhost:3000
       - name: Start API
+        env:
+          NEXTAUTH_URL: "http://localhost:3000"
+          # this doesn't actually have to be a secret on CI
+          NEXTAUTH_SECRET: "123"
         run: |
           cd next
           npm run dev &
@@ -54,4 +58,6 @@ jobs:
           reporters: cli
 
       - name: Output summary to console
-        run: echo ${{ steps.run-newman.outputs.summary }}
+        if: always()
+        run: |
+          echo ${{ steps.run-newman.outputs.summary }}

next/app/api/auth/[...nextauth]/route.ts

@@ -3,30 +3,23 @@ import { PrismaClient } from "@prisma/client";
 import NextAuth, { AuthOptions } from "next-auth";
 import GoogleProvider from "next-auth/providers/google";
 
-const prisma = new PrismaClient()
+const prisma = new PrismaClient();
 
 export const authOptions: AuthOptions = {
-    adapter: PrismaAdapter(prisma),
-    providers: [
-        GoogleProvider({
-            clientId: process.env.GOOGLE_CLIENT_ID || "",
-            clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
-            authorization: {
-                params: {
-                    hd: "g.rit.edu" // restrict logins to rit.edu accounts
-                }
-            }
-        })
-    ],
-    callbacks: {
-        session: async ({ session, user }) => {
-            // fetch user roles from database
-            // session.roles = ...
-            return Promise.resolve(session)
-        }
-    }
+  adapter: PrismaAdapter(prisma),
+  providers: [
+    GoogleProvider({
+      clientId: process.env.GOOGLE_CLIENT_ID || "",
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
+      authorization: {
+        params: {
+          hd: "g.rit.edu", // restrict logins to rit.edu accounts
+        },
+      },
+    }),
+  ],
 };
 
-export const handler = NextAuth(authOptions)
+export const handler = NextAuth(authOptions);
 
 export { handler as GET, handler as POST };

next/app/api/authLevel/route.ts

@@ -0,0 +1,149 @@
+import { PrismaClient } from "@prisma/client";
+import { NextRequest, NextResponse } from "next/server";
+
+const prisma = new PrismaClient();
+
+/**
+ * HTTP PUT request to /api/authLevel/
+ * Ideally this would be a GET request but the computer doesn't like it when I put data in the body of a GET.
+ *
+ * This route should be used to figure out what level of authorization a given user has.
+ *
+ * The user's session token should be provided in the request body.
+ *
+ * returns {
+ * * isUser: boolean -- whether the provided email/token corresponds to a valid user
+ * * isMember: boolean -- isUser && the user is a member
+ * * isMentor: boolean -- isUser && the user is an active mentor
+ * * isOfficer: boolean -- isUser && the user is an active officer
+ *
+ * }
+ * @param request \{token: string}
+ * @returns \{isUser: boolean, isMember: boolean, isMentor: boolean, isOfficer: boolean} the auth level
+ */
+export async function PUT(request: Request) {
+  let body;
+  try {
+    body = await request.json();
+  } catch {
+    return new Response("Invalid JSON", { status: 422 });
+  }
+
+  // console.log("Getting Auth for ", body, user);
+
+  const authLevel = {
+    isUser: false,
+    isMember: false,
+    isMentor: false,
+    isOfficer: false,
+  };
+
+  // if the email or token we get is null, don't call prisma
+  if (body.token == null) {
+    return Response.json(authLevel);
+  }
+
+  const user = await prisma.user.findFirst({
+    where: {
+      session: {
+        some: {
+          sessionToken: body.token,
+        },
+      },
+    },
+    select: {
+      // select a minimal amount of data for active mentors
+      mentor: {
+        where: { isActive: true },
+        select: { id: true },
+      },
+      // select a minimal amount of data for active officers
+      officers: {
+        where: { is_active: true },
+        select: { id: true },
+      },
+      isMember: true,
+    },
+  });
+  if (user != null) {
+    // deconstruct the user object
+    const { mentor, officers, isMember } = user;
+    if (officers.length > 0) {
+      authLevel.isOfficer = true;
+    }
+    if (mentor.length > 0) {
+      authLevel.isMentor = true;
+    }
+    authLevel.isMember = isMember;
+    authLevel.isUser = true;
+  }
+  return Response.json(authLevel);
+}
+
+/**
+ * HTTP GET request to /api/authLevel/
+ * This route should be used to figure out what level of authorization a given user has.
+ *
+ * The user's email or session token should be provided in the request body.
+ *
+ * returns {
+ * * isUser: boolean -- whether the provided email/token corresponds to a valid user
+ * * isMember: boolean -- isUser && the user is a member
+ * * isMentor: boolean -- isUser && the user is an active mentor
+ * * isOfficer: boolean -- isUser && the user is an active officer
+ *
+ * }
+ * @param request \{email: string} | {token: string}
+ * @returns \{isUser: boolean, isMember: boolean, isMentor: boolean, isOfficer: boolean} the auth level
+ */
+export async function GET(request: NextRequest) {
+  const authToken = request.cookies.get("next-auth.session-token")?.value;
+
+  const authLevel = {
+    isUser: false,
+    isMember: false,
+    isMentor: false,
+    isOfficer: false,
+  };
+
+  if (authToken == null) {
+    return Response.json(authLevel);
+  }
+
+  const user = await prisma.user.findFirst({
+    where: {
+      session: {
+        some: {
+          sessionToken: authToken,
+        },
+      },
+    },
+    select: {
+      // select a minimal amount of data for active mentors
+      mentor: {
+        where: { isActive: true },
+        select: { id: true },
+      },
+      // select a minimal amount of data for active officers
+      officers: {
+        where: { is_active: true },
+        select: { id: true },
+      },
+      isMember: true,
+    },
+  });
+
+  if (user != null) {
+    // deconstruct the user object
+    const { mentor, officers, isMember } = user;
+    if (officers.length > 0) {
+      authLevel.isOfficer = true;
+    }
+    if (mentor.length > 0) {
+      authLevel.isMentor = true;
+    }
+    authLevel.isMember = isMember;
+    authLevel.isUser = true;
+  }
+  return Response.json(authLevel);
+}

next/app/go/GoLink.tsx

@@ -2,8 +2,9 @@ import { GoLinkIcon } from "@/components/common/Icons";
 import { GoLinkStar } from "@/components/common/Icons";
 import { GoLinkEdit } from "@/components/common/Icons";
 import { GoLinkDelete } from "@/components/common/Icons";
+import { useEffectAsync } from "@/lib/utils";
 import { useSession } from "next-auth/react";
-import { useState } from "react";
+import { useCallback, useEffect, useState } from "react";
 
 export interface GoLinkProps {
     id: number;
@@ -222,7 +223,15 @@ const GoLink: React.FC<GoLinkProps> = ({ id, goUrl, url, description, pinned, fe
 
 const EditAndDelete: React.FC<GoLinkProps> = ({ id, goUrl, url, description, pinned } ) => {
     const { data: session } = useSession();
-    if(session) {
+    const [isOfficer, setIsOfficer] = useState(false);
+
+    useEffectAsync(async() => {
+        const response = await fetch("http://localhost:3000/api/authLevel");
+        const data = await response.json();
+        setIsOfficer(data.isOfficer);            
+    }, []);
+
+    if(isOfficer) {
         return (
             <form>
                 <div className="flex flex-row">

next/app/go/MakeNewGoLink.tsx

@@ -1,9 +1,10 @@
 import { useSession } from "next-auth/react";
-import { useState } from "react";
+import { useCallback, useEffect, useState } from "react";
 import { CreateGoLinkProps } from "./page";
+import { useEffectAsync } from "@/lib/utils";
 
 export const GoLinkButton: React.FC<CreateGoLinkProps> = ({fetchData}) =>  {
-    const { data: session } = useSession()
+    const { data: session } : any= useSession()
     const [title, setTitle] = useState(""); 
     const [url, setUrl] = useState(""); 
     const [description, setDescription] = useState(""); 
@@ -29,6 +30,7 @@ export const GoLinkButton: React.FC<CreateGoLinkProps> = ({fetchData}) =>  {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
+                    'Authorization': 'Bearer ' + session?.accessToken
                 },
                 // In body, make sure parameter names MATCH the ones in api/golinks/route.ts for the POST request
                 // Left is backend parameter names, right is our front end names
@@ -52,15 +54,24 @@ export const GoLinkButton: React.FC<CreateGoLinkProps> = ({fetchData}) =>  {
         } catch (error) {}
     };
 
-    if(session){
+    const [isOfficer, setIsOfficer] = useState(false);
+    useEffectAsync(async() => {
+        const response = await fetch("http://localhost:3000/api/authLevel");
+        const data = await response.json();
+        console.log(data);
+        setIsOfficer(data.isOfficer);
+    }, []);
+
+
+    if(isOfficer){
         return (
             <>
                 <button 
                 onClick={(func) =>{
                     func.preventDefault();
-                    if(document) {
-                        (document.getElementById('create-golink') as HTMLFormElement).showModal();
-                    }
+                        if(document) {
+                            (document.getElementById('create-golink') as HTMLFormElement).showModal();
+                        }
                     }
                 }
                 className="