update auth middlewares

Clivern · Feb 7, 2024 · bf6a31d · bf6a31d
1 parent aec2019
commit bf6a31d
Show file tree

Hide file tree

Showing 10 changed files with 222 additions and 146 deletions.
diff --git a/lib/brangus/middleware/api_auth.ex b/lib/brangus/middleware/api_auth.ex
@@ -0,0 +1,89 @@
+# Copyright 2023 Clivern. All rights reserved.
+# Use of this source code is governed by the MIT
+# license that can be found in the LICENSE file.
+
+defmodule Brangus.Middleware.APIAuthMiddleware do
+  @moduledoc """
+  Frontend Auth Middleware
+  """
+
+  import Plug.Conn
+
+  alias Brangus.Service.AuthService
+
+  def init(_opts), do: nil
+
+  @doc """
+  Trigger the API Auth Middleware
+  """
+  def call(conn, _opts) do
+    {_, user_token} =
+      Enum.find(conn.req_headers, fn {key, _value} -> String.downcase(key) == "x-user-token" end) ||
+        {nil, nil}
+
+    {_, user_id} =
+      Enum.find(conn.req_headers, fn {key, _value} -> String.downcase(key) == "x-user-id" end) ||
+        {nil, nil}
+
+    {_, api_key} =
+      Enum.find(conn.req_headers, fn {key, _value} -> String.downcase(key) == "x-api-key" end) ||
+        {nil, nil}
+
+    conn =
+      if is_nil(api_key) do
+        # UI Authentication
+        result = AuthService.is_authenticated(user_id, user_token)
+
+        conn =
+          case result do
+            false ->
+              conn
+              |> assign(:is_logged, false)
+              |> assign(:user_role, :anonymous)
+              |> assign(:user_id, nil)
+
+            {true, session} ->
+              conn =
+                case UserModule.get_user_by_id(session.user_id) do
+                  {:ok, user} ->
+                    conn
+                    |> assign(:is_logged, true)
+                    |> assign(:user_role, String.to_atom(user.role))
+                    |> assign(:user_id, user.id)
+
+                  {:not_found, _} ->
+                    conn
+                    |> assign(:is_logged, false)
+                    |> assign(:user_role, :anonymous)
+                    |> assign(:user_id, nil)
+                end
+
+              conn
+          end
+
+        conn
+      else
+        # API Authentication
+        result = AuthService.get_user_by_api(api_key)
+
+        conn =
+          case result do
+            {:ok, user} ->
+              conn
+              |> assign(:is_logged, true)
+              |> assign(:user_role, String.to_atom(user.role))
+              |> assign(:user_id, user.id)
+
+            _ ->
+              conn
+              |> assign(:is_logged, false)
+              |> assign(:user_role, :anonymous)
+              |> assign(:user_id, nil)
+          end
+
+        conn
+      end
+
+    conn
+  end
+end
diff --git a/lib/brangus/middleware/auth.ex b/lib/brangus/middleware/auth.ex
diff --git a/lib/brangus/middleware/ui_auth.ex b/lib/brangus/middleware/ui_auth.ex
@@ -0,0 +1,59 @@
+# Copyright 2023 Clivern. All rights reserved.
+# Use of this source code is governed by the MIT
+# license that can be found in the LICENSE file.
+
+defmodule Brangus.Middleware.UIAuthMiddleware do
+  @moduledoc """
+  UI Auth Middleware
+  """
+
+  import Plug.Conn
+
+  alias Brangus.Service.AuthService
+
+  def init(_opts), do: nil
+
+  @doc """
+  Trigger the UI Auth Middleware
+
+  To authenticate users into the UI, The app will set two cookies
+  _uid: User id
+  _token: the session value
+  """
+  def call(conn, _opts) do
+    result =
+      AuthService.is_authenticated(
+        conn.req_cookies["_uid"],
+        conn.req_cookies["_token"]
+      )
+
+    conn =
+      case result do
+        false ->
+          conn
+          |> assign(:is_logged, false)
+          |> assign(:user_role, :anonymous)
+          |> assign(:user_id, nil)
+
+        {true, session} ->
+          conn =
+            case UserModule.get_user_by_id(session.user_id) do
+              {:ok, user} ->
+                conn
+                |> assign(:is_logged, true)
+                |> assign(:user_role, String.to_atom(user.role))
+                |> assign(:user_id, session.user_id)
+
+              {:not_found, _} ->
+                conn
+                |> assign(:is_logged, false)
+                |> assign(:user_role, :anonymous)
+                |> assign(:user_id, nil)
+            end
+
+          conn
+      end
+
+    conn
+  end
+end
diff --git a/lib/brangus/module/team_module.ex b/lib/brangus/module/team_module.ex
@@ -162,6 +162,5 @@ defmodule Brangus.Module.TeamModule do
   Generate slug from team name
   """
   def generate_team_slug(name) do
-
   end
 end
diff --git a/lib/brangus/service/auth_service.ex b/lib/brangus/service/auth_service.ex
@@ -40,7 +40,7 @@ defmodule Brangus.Service.AuthService do
   @doc """
   Login
   """
-  def login(email, password) when is_nil(email) == false and is_nil(password) == false do
+  def login(email, password) when not is_nil(email) and not is_nil(password) do
     user = UserContext.get_user_by_email(email)
 
     case user do
@@ -96,7 +96,7 @@ defmodule Brangus.Service.AuthService do
   Is Authenticated
   """
   def is_authenticated(user_id, session_value)
-      when is_nil(user_id) == false and is_nil(session_value) == false do
+      when not is_nil(user_id) and not is_nil(session_value) do
     result = UserContext.get_user_session_by_id_key(user_id, session_value)
 
     case result do
@@ -115,7 +115,7 @@ defmodule Brangus.Service.AuthService do
   @doc """
   Authenticate
   """
-  def authenticate(user_id) when is_nil(user_id) == false do
+  def authenticate(user_id) when not is_nil(user_id) do
     # Clear old sessions
     UserContext.delete_user_sessions(user_id)
 
@@ -139,14 +139,14 @@ defmodule Brangus.Service.AuthService do
     end
   end
 
-  def authenticate(user_id) when is_nil(user_id) == true do
+  def authenticate(user_id) when is_nil(user_id) do
     {:error, "Invalid User ID"}
   end
 
   @doc """
   Logout
   """
-  def logout(user_id) when is_nil(user_id) == false do
+  def logout(user_id) when not is_nil(user_id) do
     # Clear old sessions
     UserContext.delete_user_sessions(user_id)
   end
@@ -158,7 +158,7 @@ defmodule Brangus.Service.AuthService do
   @doc """
   Get User By API Key
   """
-  def get_user_by_api(api_key) when is_nil(api_key) == false do
+  def get_user_by_api(api_key) when not is_nil(api_key) do
     case UserContext.get_user_by_api_key(api_key) do
       nil ->
         {:not_found, "Invalid API Key"}

diff --git a/lib/brangus/service/slug_service.ex b/lib/brangus/service/slug_service.ex
@@ -17,4 +17,4 @@ defmodule Brangus.Service.SlugService do
     |> String.replace(~r/-+/, "-")
     |> String.trim("-")
   end
-end
+end
diff --git a/lib/brangus_web/controllers/misc_controller.ex b/lib/brangus_web/controllers/misc_controller.ex
@@ -50,7 +50,7 @@ defmodule BrangusWeb.MiscController do
           |> render("error.json", %{message: msg})
           |> halt()
 
-        {:success, nil} ->
+        _ ->
           nil
       end
     end
@@ -71,14 +71,11 @@ defmodule BrangusWeb.MiscController do
         |> render("error.json", %{message: msg})
         |> halt()
 
-      {:success, nil} ->
-        nil
+      _ ->
+        conn
+        |> put_status(:ok)
+        |> render("success.json", %{message: "Application installed successfully"})
     end
-
-    # Installation succeeded
-    conn
-    |> put_status(:ok)
-    |> render("success.json", %{message: "Application installed successfully"})
   end
 
   @doc """
@@ -112,45 +109,4 @@ defmodule BrangusWeb.MiscController do
         |> halt()
     end
   end
-
-  @doc """
-  Renew Token Endpoint
-  """
-  def renew_token(conn, params) do
-    result =
-      AuthService.is_authenticated(
-        params["user_id"],
-        params["token"]
-      )
-
-    case result do
-      false ->
-        conn
-        |> put_status(:bad_request)
-        |> render("error.json", %{message: "Invalid request"})
-        |> halt()
-
-      {true, session} ->
-        case AuthService.refresh_session(session) do
-          {:error, message} ->
-            conn
-            |> put_status(:bad_request)
-            |> render("error.json", %{message: message})
-            |> halt()
-
-          {_, sess} ->
-            conn
-            |> put_status(:ok)
-            |> render(
-              "token_success.json",
-              %{
-                message: "Token updated successfully!",
-                token: sess.value,
-                user: sess.user_id
-              }
-            )
-            |> halt()
-        end
-    end
-  end
 end
diff --git a/lib/brangus_web/controllers/page_controller.ex b/lib/brangus_web/controllers/page_controller.ex
@@ -20,17 +20,18 @@ defmodule BrangusWeb.PageController do
         conn.req_cookies["_token"]
       )
 
-    conn = case result do
-      false ->
-        assign(conn, :is_logged, false)
-        |> assign(:user_id, "")
-        |> assign(:user_token, "")
-
-      {true, session} ->
-        assign(conn, :is_logged, true)
-        |> assign(:user_id, session.user_id)
-        |> assign(:user_token, session.value)
-    end
+    conn =
+      case result do
+        false ->
+          assign(conn, :is_logged, false)
+          |> assign(:user_id, "")
+          |> assign(:user_token, "")
+
+        {true, session} ->
+          assign(conn, :is_logged, true)
+          |> assign(:user_id, session.user_id)
+          |> assign(:user_token, session.value)
+      end
 
     conn
   end
-Original file line number
+Diff line change
@@ Expand Up / @@ -162,6 +162,5 @@ defmodule Brangus.Module.TeamModule do @@
       Generate slug from team name
       """
       def generate_team_slug(name) do
       end
     end