homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: homeburger:7ab03d8073c996b822dea62f66b6da3e7e230593
Branches Tags
homeburger:main homeburger:feature/llm homeburger:feature/auth homeburger:feature/frontend-design homeburger:feature/client-template
...
compare: homeburger:feature/frontend-design
Branches Tags
homeburger:feature/llm homeburger:main homeburger:feature/auth homeburger:feature/frontend-design homeburger:feature/client-template

17 Commits
7ab03d8073 ... feature/fr

Author SHA1 Message Date
homeburger
e3cd44422c Merge pull request 'Feature/Auth: implement user authentication' (#3) from feature/auth into main
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 4s
Details
Build and Deploy Frontend / build-and-deploy (push) Successful in 4s
Details 
Reviewed-on: #3
 2026-03-22 20:52:22 -05:00
Blitblank
93e8b6ee0d fix: setting token
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
2026-03-22 20:50:25 -05:00
Blitblank
f1e693cbc0 debug
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
2026-03-22 20:49:27 -05:00
Blitblank
ba7db77505 fix: fix routing based on token validation
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-03-22 20:47:53 -05:00
Blitblank
cd3fad95a5 fix: browser javascript untyped
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
2026-03-22 20:40:53 -05:00
Blitblank
04e2b6acc3 add refresh tokens on client
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-03-22 20:38:49 -05:00
Blitblank
7e02d3cfe1 add logout for refreshTokens
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-03-22 17:25:15 -05:00
Blitblank
74307e614c add refresh tokens
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-03-22 16:48:58 -05:00
Blitblank
31db3bc58c (►__◄)
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
2026-03-22 01:26:53 -05:00
Blitblank
1b32456173 fix: redirect to root after login
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
2026-03-22 01:23:27 -05:00
Blitblank
eb94a1bcb9 re: require authorization for items list
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
Build and Deploy API / build-and-deploy (push) Successful in 10s
Details
2026-03-22 01:21:50 -05:00
Blitblank
10ac1a6076 fix: require authorization for items list
Some checks failed
Build and Deploy API / build-and-deploy (push) Failing after 5s
Details
2026-03-22 01:21:04 -05:00
Blitblank
da6ffa8167 fix item update api
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-03-22 01:17:24 -05:00
Blitblank
89b4398442 revert
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-03-22 01:08:18 -05:00
Blitblank
99ff02b01b fix: item ids
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-03-22 01:00:59 -05:00
Blitblank
67baddf9d0 implement item dtos
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 8s
Details
Build and Deploy API / build-and-deploy (push) Successful in 10s
Details
2026-03-22 00:56:24 -05:00
Blitblank
3d219b8cf7 fix item routes
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-03-21 23:45:52 -05:00
20 changed files with 632 additions and 66 deletions
Expand all files Collapse all files

336
api/Migrations/20260322214843_AddRefreshTokens.Designer.cs generated Normal file
View File

@@ -0,0 +1,336 @@
// <auto-generated />
using System;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
[DbContext(typeof(AppDbContext))]
[Migration("20260322214843_AddRefreshTokens")]
partial class AddRefreshTokens
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.5")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("RoleId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("RoleId")
.HasColumnType("text");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", (string)null);
});
modelBuilder.Entity("RefreshToken", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<DateTime>("ExpiresAt")
.HasColumnType("timestamp with time zone");
b.Property<bool>("IsRevoked")
.HasColumnType("boolean");
b.Property<string>("Token")
.IsRequired()
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("RefreshTokens");
});
modelBuilder.Entity("agologumApi.Models.Item", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Description")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("LastEditedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Name")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("Items");
});
modelBuilder.Entity("agologumApi.Models.User", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

40
api/Migrations/20260322214843_AddRefreshTokens.cs Normal file
View File

@@ -0,0 +1,40 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
/// <inheritdoc />
public partial class AddRefreshTokens : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "RefreshTokens",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Token = table.Column<string>(type: "text", nullable: false),
UserId = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
ExpiresAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
IsRevoked = table.Column<bool>(type: "boolean", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_RefreshTokens", x => x.Id);
});
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "RefreshTokens");
}
}
}

30
api/Migrations/AppDbContextModelSnapshot.cs
View File

@@ -153,6 +153,36 @@ namespace agologum_api.Migrations
b.ToTable("AspNetUserTokens", (string)null); b.ToTable("AspNetUserTokens", (string)null);
}); });
modelBuilder.Entity("RefreshToken", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<DateTime>("ExpiresAt")
.HasColumnType("timestamp with time zone");
b.Property<bool>("IsRevoked")
.HasColumnType("boolean");
b.Property<string>("Token")
.IsRequired()
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("RefreshTokens");
});
modelBuilder.Entity("agologumApi.Models.Item", b => modelBuilder.Entity("agologumApi.Models.Item", b =>
{ {
b.Property<int>("Id") b.Property<int>("Id")

3
api/Program.cs
View File

@@ -39,7 +39,8 @@ builder.Services.AddAuthentication(options => {
ValidateIssuerSigningKey = true, ValidateIssuerSigningKey = true,
ValidIssuer = "agologum", ValidIssuer = "agologum",
ValidAudience = "agologum", ValidAudience = "agologum",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)) IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
ClockSkew = TimeSpan.Zero
}; };
}); });

53
api/src/Controllers/AuthController.cs
View File

@@ -51,22 +51,61 @@ public class AuthController : ControllerBase {
if(!result.Succeeded) return Unauthorized(); if(!result.Succeeded) return Unauthorized();
var token = jwt_.GenerateJwt(user); var accessToken = jwt_.GenerateJwt(user);
var refreshToken = jwt_.GenerateRefreshToken();
RefreshToken newTokenObject = new RefreshToken {
Token = refreshToken,
UserId = user.Id,
CreatedAt = DateTime.UtcNow,
ExpiresAt = DateTime.UtcNow.AddDays(30),
IsRevoked = false
};
await jwt_.AddRefreshToken(newTokenObject);
return Ok(new { token }); return Ok(new { accessToken, refreshToken });
} }
[Authorize] // authorize is handled by middleware [Authorize] // authorize is handled by middleware
[HttpPost("logout")] [HttpPost("logout")]
public ActionResult Logout() { public async Task<ActionResult> Logout(string refreshTokenString) {
// dummy endpoint // revoke refresh token
// logout happens upon client-side jwt removal bool success = await jwt_.RevokeRefreshToken(refreshTokenString);
// TODO: expire all refresh tokens if(!success) return NotFound();
return Ok(); return Ok();
} }
[HttpPost("refresh")] // allow-anonymous by default
public async Task<ActionResult> Refresh(TokenDto request) {
RefreshToken? storedToken = await jwt_.GetRefreshToken(request.RefreshToken);
if (storedToken == null) return Unauthorized();
bool valid = (storedToken.IsRevoked) ||
(storedToken.ExpiresAt < DateTime.UtcNow);
if(!valid) return Unauthorized(); // TODO: delete the invalid token
User? user = await jwt_.GetUser(storedToken.UserId);
if(user == null) return NotFound();
string? newAccessToken = jwt_.GenerateJwt(user);
if(newAccessToken == null) return NotFound();
string newRefreshToken = jwt_.GenerateRefreshToken();
storedToken.IsRevoked = true;
RefreshToken newTokenObject = new RefreshToken {
Token = newRefreshToken,
UserId = storedToken.UserId,
CreatedAt = DateTime.UtcNow,
ExpiresAt = DateTime.UtcNow.AddDays(30),
IsRevoked = false
};
await jwt_.AddRefreshToken(newTokenObject);
return Ok(new { accessToken = newAccessToken, refreshToken = newRefreshToken });
}
// TODO // TODO
// refresh tokens
// email verification // email verification
// password reset // password reset
// oh hell naw 2FA I do not care enough // oh hell naw 2FA I do not care enough

21
api/src/Controllers/ItemsController.cs
View File

@@ -15,13 +15,13 @@ public class ItemsController : ControllerBase {
service_ = service; service_ = service;
} }
[AllowAnonymous] // accessible if not authorized [Authorize]
[HttpGet] [HttpGet]
public async Task<ActionResult<List<Item>>> getItemss() { public async Task<ActionResult<List<Item>>> getItems() {
return Ok(await service_.GetAll()); return Ok(await service_.GetAll());
} }
[AllowAnonymous] [Authorize]
[HttpGet("{id:int}")] [HttpGet("{id:int}")]
public async Task<ActionResult<Item>> getItem(int id) { public async Task<ActionResult<Item>> getItem(int id) {
@@ -34,9 +34,16 @@ public class ItemsController : ControllerBase {
[Authorize] // testing the authorization [Authorize] // testing the authorization
[HttpPost] [HttpPost]
public async Task<ActionResult<Item>> createItem(Item item) { public async Task<ActionResult<Item>> createItem(ItemDto item) {
var created = await service_.Create(item); Item newItem = new Item {
Name = item.Name,
Description = item.Description,
CreatedAt = DateTime.UtcNow,
LastEditedAt = DateTime.UtcNow
};
var created = await service_.Create(newItem);
return CreatedAtAction( return CreatedAtAction(
nameof(getItem), nameof(getItem),
@@ -47,9 +54,9 @@ public class ItemsController : ControllerBase {
[Authorize] [Authorize]
[HttpPut("{id}")] [HttpPut("{id}")]
public async Task<ActionResult<Item>> updateItem(int id, Item item) { public async Task<ActionResult<Item>> updateItem(int id, ItemDto item) {
var updated = await service_.Update(item); var updated = await service_.Update(id, item);
if (updated == null) return NotFound(); if (updated == null) return NotFound();

1
api/src/Data/AppDbContext.cs
View File

@@ -12,5 +12,6 @@ public class AppDbContext : IdentityDbContext<User> {
// Db set for each model besides Users (DbSet<template> is already defined in IdenityDbContext<template>) // Db set for each model besides Users (DbSet<template> is already defined in IdenityDbContext<template>)
public DbSet<Item> Items { get; set; } public DbSet<Item> Items { get; set; }
public DbSet<RefreshToken> RefreshTokens { get; set; }
} }

21
api/src/Models/RefreshToken.cs Normal file
View File

@@ -0,0 +1,21 @@
// a refresh token's purpose is to authenticate user's without logging in
public class RefreshToken {
public int Id { get; set; }
public string Token { get; set; } = "";
public string UserId { get; set; } = ""; // in EF Identity the IdentityUser's id is a GUID string (32 hex digits)
public DateTime CreatedAt { get; set; }
public DateTime ExpiresAt { get; set; }
public bool IsRevoked { get; set; }
}
public class TokenDto {
public string RefreshToken { get; set; } = "";
}

13
api/src/Services/ItemService.cs
View File

@@ -31,10 +31,17 @@ public class ItemService {
return item; return item;
} }
public async Task<Item> Update(Item item) { public async Task<Item?> Update(int id, ItemDto item) {
db_.Items.Update(item);
Item? oldItem = await db_.Items.FindAsync(id);
if(oldItem == null) return oldItem;
oldItem.Name = item.Name;
oldItem.Description = item.Description;
oldItem.LastEditedAt = DateTime.UtcNow;
await db_.SaveChangesAsync(); await db_.SaveChangesAsync();
return item; return oldItem;
} }
public async Task<bool> Delete(int id) { public async Task<bool> Delete(int id) {

36
api/src/Services/JwtService.cs
View File

@@ -1,17 +1,21 @@
using Microsoft.IdentityModel.Tokens; using Microsoft.IdentityModel.Tokens;
using Microsoft.EntityFrameworkCore;
using System.Text; using System.Text;
using System.Security.Claims; using System.Security.Claims;
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;
using agologumApi.Models; using agologumApi.Models;
public class JwtService { public class JwtService {
private readonly IConfiguration config_; private readonly IConfiguration config_;
private readonly AppDbContext db_;
public JwtService(IConfiguration config) { // why the heck does c# not have initializer lists ? public JwtService(IConfiguration config, AppDbContext db) { // why the heck does c# not have initializer lists ?
config_ = config; config_ = config;
db_ = db;
} }
public string? GenerateJwt(User user) { public string? GenerateJwt(User user) {
@@ -42,5 +46,35 @@ public class JwtService {
} }
public string GenerateRefreshToken() {
byte[] randomBytes = new byte[64];
RandomNumberGenerator.Fill(randomBytes.AsSpan());
return Convert.ToBase64String(randomBytes);
}
public async Task<RefreshToken?> GetRefreshToken(string refreshTokenString) {
return await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
}
public async Task<RefreshToken> AddRefreshToken(RefreshToken refreshToken) {
db_.RefreshTokens.Add(refreshToken);
await db_.SaveChangesAsync();
return refreshToken;
}
// helper to get the User from the id that exists in a refresh token object
public async Task<User?> GetUser(string id) {
return await db_.Users.FindAsync(id);
}
public async Task<bool> RevokeRefreshToken(string refreshTokenString) {
var refreshToken = await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
if(refreshToken == null) return false;
refreshToken.IsRevoked = true;
await db_.SaveChangesAsync();
return true;
}
} }

13
client/src/api/AuthApi.ts
View File

@@ -2,7 +2,7 @@
// service to interact with the api/auth endpoints // service to interact with the api/auth endpoints
// handles user registration, user logins, tokens, password reset, etc. // handles user registration, user logins, tokens, password reset, etc.
import api from "./axios.ts" import { api, authStorage } from "./axios.ts"
import type { User, RegisterDto, LoginDto } from "../models/User.ts"; import type { User, RegisterDto, LoginDto } from "../models/User.ts";
const API_URL: string = "/auth"; const API_URL: string = "/auth";
@@ -10,9 +10,8 @@ const API_URL: string = "/auth";
export const register = async (user: RegisterDto) => { export const register = async (user: RegisterDto) => {
try { try {
console.log(user);
// TODO: if valid const response = await api.post(`${API_URL}/register`, user);
return true; return true;
@@ -28,9 +27,7 @@ export const login = async (user: LoginDto ) => {
try { try {
const response = await api.post(`${API_URL}/login`, user); const response = await api.post(`${API_URL}/login`, user);
const token = response.data.token; authStorage.setTokens(response.data);
localStorage.setItem("token", token);
return true; return true;
@@ -41,9 +38,9 @@ export const login = async (user: LoginDto ) => {
} }
export const logout = () => { export const logout = () => {
localStorage.removeItem("token"); authStorage.clear();
} }
export const getToken = () => { export const getToken = () => {
return localStorage.getItem("token"); authStorage.getAccessToken();
} }

6
client/src/api/ItemsApi.ts
View File

@@ -3,7 +3,7 @@
// this item service will handle all to <-> from the server when handling item objects // this item service will handle all to <-> from the server when handling item objects
import api from "./axios.ts" import api from "./axios.ts"
import type { Item } from "../models/Item.ts"; import type { Item, ItemDto } from "../models/Item.ts";
const API_URL: string = "/items"; const API_URL: string = "/items";
@@ -11,8 +11,8 @@ export const getItems = () => api.get<Item[]>(`${API_URL}`);
export const getItem = (id: number) => api.get<Item>(`${API_URL}/${id}`); export const getItem = (id: number) => api.get<Item>(`${API_URL}/${id}`);
export const createItem = (data: Item) => api.post<Item>(`${API_URL}`, data); export const createItem = (data: ItemDto) => api.post<Item>(`${API_URL}`, data);
export const updateItem = (id: number, data: Item) => api.put<Item>(`${API_URL}/${id}`, data); export const updateItem = (id: number, data: ItemDto) => api.put<Item>(`${API_URL}/${id}`, data);
export const deleteItem = (id: number) => api.delete<Item>(`${API_URL}/${id}`); export const deleteItem = (id: number) => api.delete<Item>(`${API_URL}/${id}`);

72
client/src/api/axios.ts
View File

@@ -5,13 +5,41 @@
import axios from "axios"; import axios from "axios";
const baseUrl: string = import.meta.env.DEV ? import.meta.env.VITE_DEV_API_URL : "https://app.vxbard.net/api" const baseUrl: string = import.meta.env.DEV ? import.meta.env.VITE_DEV_API_URL : "https://app.vxbard.net/api"
const api = axios.create({ export const api = axios.create({
baseURL: baseUrl baseURL: baseUrl
}); });
api.interceptors.request.use(config => { type FailedRequest = { resolve: (token: string) => void, reject: (error: unknown) => void}
let isRefreshing: boolean = false;
let failedQueue: FailedRequest[] = [];
const token = localStorage.getItem("token"); export const authStorage = {
getAccessToken: () => localStorage.getItem("accessToken"),
getRefreshToken: () => localStorage.getItem("refreshToken"),
setTokens: ({ accessToken, refreshToken } : { accessToken: string, refreshToken: string }) => {
localStorage.setItem("accessToken", accessToken)
localStorage.setItem("refreshToken", refreshToken)
},
clear: () => {
localStorage.removeItem("accessToken")
localStorage.removeItem("refreshToken")
}
}
const processQueue = (error: unknown, token: string | null = null): void => {
failedQueue.forEach(prom => {
if (error) prom.reject(error);
else prom.resolve(token as string);
})
failedQueue = [];
}
// intercept on each request
api.interceptors.request.use(config => { // add access token to request headers
const token = authStorage.getAccessToken();
if (token) { if (token) {
config.headers.Authorization = `Bearer ${token}`; config.headers.Authorization = `Bearer ${token}`;
@@ -21,4 +49,42 @@ api.interceptors.request.use(config => {
}); });
// intercept on each response
api.interceptors.response.use(response => response, async error => { // mainly for authentication refreshTokens
const originalRequest = error.config;
// if un authorized then refresh the token
if(error.response?.status === 401 && !originalRequest._retry) {
if(isRefreshing) {
return new Promise((resolve, reject) => {
failedQueue.push({ resolve, reject })
}).then(token => {
originalRequest.headers.Authorization = `Bearer ${token}`;
return api(originalRequest);
}).catch(err => Promise.reject(err));
}
originalRequest._retry = true;
isRefreshing = true;
const refreshToken = authStorage.getRefreshToken();
try {
// request refresh endpoint get back a new accessToken
const res = await axios.post(`${baseUrl}/auth/refresh`, { refreshToken });
const { accessToken, refreshToken: newRefresh } = res.data;
authStorage.setTokens({ accessToken, refreshToken: newRefresh });
processQueue(null, accessToken);
originalRequest.headers.Authorization = `Bearer ${accessToken}`;
return api(originalRequest);
} catch (err) {
processQueue(err, null);
authStorage.clear()
window.location.href = "/login";
return Promise.reject(err);
} finally {
isRefreshing = false;
}
}
return Promise.reject(error);
})
export default api; export default api;

12
client/src/models/Item.ts
View File

@@ -7,13 +7,7 @@ export interface Item {
lastEditedAt: string; lastEditedAt: string;
} }
export interface RegisterDto { export interface ItemDto {
username: string; name: string;
email: string; description: string;
password: string;
}
export interface LoginDto {
username: string;
password: string;
} }

2
client/src/pages/ItemForm.vue
View File

@@ -48,7 +48,7 @@ async function save(): Promise<void> {
<form @submit.prevent="save"> <form @submit.prevent="save">
<input v-model="item.name" placeholder="Name" /> <input v-model="item.name" placeholder="Name" />
<input v-model="item.description" placeholder="Name" />
<button type="submit">Save</button> <button type="submit">Save</button>
</form> </form>
</div> </div>

2
client/src/pages/ItemsList.vue
View File

@@ -24,7 +24,7 @@ function logout() {
<div> <div>
<h1>Items</h1> <h1>Items</h1>
<router-link to="/user/new">Create Item</router-link> <router-link to="/item/new">Create Item</router-link>
<table> <table>
<tr v-for="item in store.items" :key="item.id"> <tr v-for="item in store.items" :key="item.id">

4
client/src/pages/LoginForm.vue
View File

@@ -23,10 +23,12 @@ async function login(): Promise<void> {
const success: boolean = await authApi.login(user); const success: boolean = await authApi.login(user);
if(success) { if(success) {
router.push("/users"); // redirect router.push("/"); // redirect
} else { } else {
// prompt try again // prompt try again
} }
// TODO: interceptor for when a request returns unauthorized to redirect to login
// TODO: when redirected to login, save previous url as a query parameter then redirect back to that url after login
} }

4
client/src/pages/index.vue
View File

@@ -10,8 +10,8 @@
<h3>yeah im so cool rn</h3> <h3>yeah im so cool rn</h3>
<h1>imagining what I could do with themes :o</h1> <h1>imagining what I could do with themes :o</h1>
<router-link to="/users" custom v-slot="{ navigate }"> <router-link to="/items" custom v-slot="{ navigate }">
<button @click="navigate" role="link">Users</button> <button @click="navigate" role="link">Items</button>
</router-link> </router-link>
<router-link to="/register" custom v-slot="{ navigate }"> <!-- TODO: only if token == invalid --> <router-link to="/register" custom v-slot="{ navigate }"> <!-- TODO: only if token == invalid -->

19
client/src/router/index.ts
View File

@@ -8,12 +8,14 @@ import ItemsList from "../pages/ItemsList.vue";
import ItemForm from "../pages/ItemForm.vue"; import ItemForm from "../pages/ItemForm.vue";
import index from "../pages/index.vue"; import index from "../pages/index.vue";
import { authStorage } from "../api/axios.ts"
// link path to the page component // link path to the page component
const routes = [ const routes = [
{ path: "/", component: index }, { path: "/", component: index },
{ path: "/login", component: LoginForm }, { path: "/login", component: LoginForm },
{ path: "/register", component: RegisterForm }, { path: "/register", component: RegisterForm },
{ path: "/items", component: ItemsList }, { path: "/items", component: ItemsList, meta: { requiresAuth: true } },
{ path: "/item/new", component: ItemForm, meta: { requiresAuth: true } }, { path: "/item/new", component: ItemForm, meta: { requiresAuth: true } },
{ path: "/item/:id", component: ItemForm, meta: { requiresAuth: true } } { path: "/item/:id", component: ItemForm, meta: { requiresAuth: true } }
]; // I really like this ]; // I really like this
@@ -26,24 +28,13 @@ const router = createRouter({
// intercept before routing // intercept before routing
router.beforeEach((to, from, next) => { router.beforeEach((to, from, next) => {
const token = localStorage.getItem("token"); const token: string | null = authStorage.getAccessToken();
if(to.meta.requiresAuth && !token) { // if the page requires use to be signed in, they must have at least a token set if(to.meta.requiresAuth && !token) { // if the page requires use to be signed in, they must have at least a token set
next("/login"); next("/login");
} else { } else {
next(); next();
} }
// TODO: if they have a token, but invalid, it will still send them to the page (the api will catch non-authorized though)
// maybe have a "validate token" from the api and refresh it if valid
/*
} else {
bool authorizedUser = authApi.refreshToken(token);
if(authorizedUser) {
next();
} else {
next("/login");
}
}
*/
}); });
export default router; export default router;

10
client/src/stores/ItemsStore.ts
View File

@@ -5,7 +5,7 @@
// sighh // sighh
import { defineStore } from "pinia"; import { defineStore } from "pinia";
import type { Item } from "../models/Item.ts"; import type { Item, ItemDto } from "../models/Item.ts";
import * as itemsApi from "../api/ItemsApi"; import * as itemsApi from "../api/ItemsApi";
interface ItemState { interface ItemState {
@@ -28,15 +28,15 @@ export const useItemsStore = defineStore("items", {
this.loading = false; this.loading = false;
}, },
async addItem(item: Item) { async addItem(item: ItemDto) {
const response = await itemsApi.createItem(item); const response = await itemsApi.createItem(item);
this.items.push(response.data); this.items.push(response.data);
}, },
async updateItem(id: number, item: Item) { async updateItem(id: number, item: ItemDto) {
await itemsApi.updateItem(id, item); const response = await itemsApi.updateItem(id, item);
const index = this.items.findIndex(i => i.id === id); const index = this.items.findIndex(i => i.id === id);
this.items[index] = item; this.items[index] = response.data;
}, },
async removeItem(id: number) { async removeItem(id: number) {