feat: add auth logic

amjed-ali-k · Oct 10, 2023 · a08279a · a08279a
1 parent a2177c8
commit a08279a
Show file tree

Hide file tree

Showing 15 changed files with 92 additions and 205 deletions.
diff --git a/src/app/api/middleware.ts b/src/app/api/middleware.ts
diff --git a/src/app/api/secure/batches/all/route.ts b/src/app/api/secure/batches/all/route.ts
@@ -4,7 +4,7 @@ import { Branch, Student } from "@prisma/client";
 import { getUserId } from "@/components/auth/server";
 
 export async function GET(request: NextRequest) {
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const results = await prisma.batch.findMany({
     where: {

diff --git a/src/app/api/secure/batches/new/route.ts b/src/app/api/secure/batches/new/route.ts
@@ -16,7 +16,7 @@ const schema = z.object({
 });
 
 export async function GET(request: NextRequest) {
-  const userId = await getUserId();
+  const userId = await getUserId(request);
   const body = schema.safeParse(await request.json());
   if (!body.success) {
     const { errors } = body.error;

diff --git a/src/app/api/secure/branches/all/route.ts b/src/app/api/secure/branches/all/route.ts
@@ -3,7 +3,7 @@ import { prisma } from "@/server/db/prisma";
 import { getUserId } from "@/components/auth/server";
 
 export async function GET(request: NextRequest) {
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const results = await prisma.branch.findMany({
     select: {

diff --git a/src/app/api/secure/profile/route.ts b/src/app/api/secure/profile/route.ts
@@ -28,7 +28,7 @@ export async function PUT(request: NextRequest) {
       { status: 400 }
     );
   }
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const res = await prisma.user.upsert({
     where: {
@@ -57,7 +57,7 @@ export async function PUT(request: NextRequest) {
 }
 
 export async function GET(request: NextRequest) {
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const res = await prisma.user.findUnique({
     where: {

diff --git a/src/app/api/secure/sbte-result/history/route.ts b/src/app/api/secure/sbte-result/history/route.ts
@@ -4,7 +4,7 @@ import { z } from "zod";
 import { getUserId } from "@/components/auth/server";
 
 export async function GET(request: NextRequest) {
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const results = await prisma.examResultFormatHistory.findMany({
     where: {
@@ -50,7 +50,7 @@ export async function DELETE(request: NextRequest) {
       { status: 400 }
     );
   }
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   await prisma.examResultFormatHistory.delete({
     where: {

diff --git a/src/app/api/secure/sbte-result/route.ts b/src/app/api/secure/sbte-result/route.ts
@@ -67,7 +67,7 @@ export async function POST(request: NextRequest) {
       { status: 400 }
     );
   }
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const myProfile = await prisma.user.findUnique({
     where: {

diff --git a/src/app/api/secure/sbte-result/single/[resultId]/route.ts b/src/app/api/secure/sbte-result/single/[resultId]/route.ts
@@ -7,7 +7,7 @@ export async function GET(
   request: NextRequest,
   { params }: { params: { resultId: string } }
 ) {
-  const userId = await getUserId();
+  const userId = await getUserId(request);
 
   const results = await prisma.examResultFormatHistory.findUnique({
     where: {

diff --git a/src/app/dashboard/layout.tsx b/src/app/dashboard/layout.tsx
@@ -1,11 +1,35 @@
 "use client";
 import Navigation from "@/components/Navigation";
+import { useProfile } from "@/lib/swr";
+import { useEffect } from "react";
+import { usePathname, useRouter } from "next/navigation";
+import { useToast } from "@/components/ui/use-toast";
 
 export default function RootLayout({
   children,
 }: {
   children: React.ReactNode;
 }) {
+  const { data } = useProfile();
+  const pathName = usePathname();
+  const router = useRouter();
+  const { toast } = useToast();
+
+  useEffect(() => {
+    // check data.college, data.department, data.email, data.phonenumber exists
+    // if not, redirect to /profile
+
+    // if current page is /profile, do nothing
+    if (pathName === "/dashboard/profile") return;
+
+    if (data) {
+      if (!data.collegeId || !data.designation || !data.phone || !data.name) {
+        toast({ title: "Please complete your profile first" });
+        router.replace("/dashboard/profile");
+      }
+    }
+  }, [data, pathName, router, toast]);
+
   return (
     <>
       <Navigation />

diff --git a/src/app/middleware.ts b/src/app/middleware.ts
diff --git a/src/components/auth/LogOut.tsx b/src/components/auth/LogOut.tsx
@@ -42,7 +42,7 @@ export function LogoutBtn() {
   const logout = async () => {
     try {
       await hanko?.user.logout();
-      router.push("/login");
+      router.push("/auth");
       router.refresh();
       return;
     } catch (error) {

diff --git a/src/components/auth/Profile.tsx b/src/components/auth/Profile.tsx
@@ -2,13 +2,15 @@
 
 import { useEffect } from "react";
 import { register } from "@teamhanko/hanko-elements";
+import { toast } from "../ui/use-toast";
 
 const hankoApi = process.env.NEXT_PUBLIC_HANKO_API_URL!;
 
 export default function HankoProfile() {
   useEffect(() => {
     register(hankoApi).catch((error) => {
       // handle error
+      toast(error.toString());
     });
   }, []);
 

diff --git a/src/components/auth/server.ts b/src/components/auth/server.ts
@@ -1,12 +1,30 @@
-"use server";
 import axios from "axios";
 import { hankoApiUrl } from "./vars";
+import { createRemoteJWKSet, jwtVerify } from "jose";
+import { NextRequest } from "next/server";
+import { z } from "zod";
 
-export const getUserId = async () => {
-  // get user details from Hanko
-  const {
-    data: { id },
-  } = await axios.get<{ id: string }>(`${hankoApiUrl}/me`);
+export const fetchUserId = async (hanko: string) => {
+  const JWKS = createRemoteJWKSet(
+    new URL(`${hankoApiUrl}/.well-known/jwks.json`)
+  );
 
-  return id;
+  const verifiedJWT = await jwtVerify(hanko ?? "", JWKS);
+  return verifiedJWT.payload.sub;
+};
+
+export const getUserId = async (req: NextRequest) => {
+  // const userId = req.headers.get("x-user-id");
+  const hanko = req.cookies.get("hanko")?.value;
+  if (!hanko) {
+    throw new Error("No Hanko cookie found");
+  }
+  const userId = await fetchUserId(hanko);
+  // validate userId is uuid using zod
+  const schema = z.string().uuid();
+  const validatedUserId = schema.safeParse(userId);
+  if (!validatedUserId.success) {
+    throw new Error("Invalid user id");
+  }
+  return validatedUserId.data;
 };
diff --git a/src/middleware.ts b/src/middleware.ts
@@ -0,0 +1,31 @@
+import { NextResponse, NextRequest } from "next/server";
+
+import { fetchUserId, getUserId } from "@/components/auth/server";
+
+export async function middleware(req: NextRequest) {
+  try {
+    const hanko = req.cookies.get("hanko")?.value;
+    if (!hanko) {
+      throw new Error("No Hanko cookie found");
+    }
+    const userId = await fetchUserId(hanko);
+
+    userId && req.headers.set("x-user-id", userId);
+    return NextResponse.next();
+  } catch {
+    if (req.url.startsWith("/api/secure")) {
+      return NextResponse.json(
+        {
+          message: "Unauthenticated",
+          detail: "Please log in to access this resource.",
+        },
+        { status: 401 }
+      );
+    }
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+}
+
+export const config = {
+  matcher: ["/dashboard/:path*", "/api/secure/:path*"],
+};