remove web.jwt.encryptionkey requirement

when running just CouchDB, make sure fasten services are not present. added auth interceptor when session has expired.
2022-10-09 12:59:09 -07:00 · 2022-10-09 12:59:09 -07:00 · d89cb920af
parent 8f933e626d
commit d89cb920af
6 changed files with 51 additions and 10 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -6,7 +6,7 @@ go mod vendor
 go run backend/cmd/fasten/fasten.go start --config ./config.example.yaml --debug

 docker build -t fasten-couchdb -f docker/couchdb/Dockerfile .
-docker run --rm -it -p 5984:5984 -v './.couchdb/data:/opt/couchdb/data' fasten-couchdb
+docker run --rm -it -p 5984:5984 -v `pwd`/.couchdb/data:/opt/couchdb/data fasten-couchdb
 ```

 # Docker 
--- a/backend/pkg/config/config.go
+++ b/backend/pkg/config/config.go
@ -77,9 +77,5 @@ func (c *configuration) ReadConfig(configFilePath string) error {
 // This function ensures that required configuration keys (that must be manually set) are present
 func (c *configuration) ValidateConfig() error {

-	if !c.IsSet("web.jwt.encryptionkey") {
-		return errors.ConfigValidationError("`web.jwt.encryptionkey` configuration option must be set")
-	}
-
 	return nil
 }
--- a/docker/couchdb/Dockerfile
+++ b/docker/couchdb/Dockerfile
@ -11,6 +11,6 @@ RUN curl https://github.com/just-containers/s6-overlay/releases/download/v1.21.8

 COPY /docker/couchdb/local.ini /opt/couchdb/etc/
 COPY /docker/rootfs /
-RUN rm -rf /etc/services/fasten #delete the fasten app from the couchdbase container.
+RUN rm -rf /etc/services.d/fasten #delete the fasten app from the couchdbase container.

 ENTRYPOINT ["/init"]
--- a/frontend/src/app/app.module.ts
+++ b/frontend/src/app/app.module.ts
@ -19,12 +19,11 @@ import { AuthSigninComponent } from './pages/auth-signin/auth-signin.component';
 import { FormsModule } from '@angular/forms';
 import { NgxDropzoneModule } from 'ngx-dropzone';
 import { CanActivateAuthGuard } from './services/can-activate.auth-guard';
-import {FastenApiService} from './services/fasten-api.service';
 import {FastenDbService} from './services/fasten-db.service';
 import {Router} from '@angular/router';
 import { SourceDetailComponent } from './pages/source-detail/source-detail.component';
-import {ResourceListComponent} from './components/resource-list/resource-list.component';
 import { HighlightModule, HIGHLIGHT_OPTIONS } from 'ngx-highlightjs';
+import {AuthInterceptorService} from './services/auth-interceptor.service';

@NgModule({
  declarations: [
@ -51,6 +50,12 @@ import { HighlightModule, HIGHLIGHT_OPTIONS } from 'ngx-highlightjs';
    HighlightModule
  ],
  providers: [
+    {
+      provide: HTTP_INTERCEPTORS,
+      useClass: AuthInterceptorService,
+      multi: true,
+      deps: [FastenDbService, Router]
+    },
    CanActivateAuthGuard,
    {
      provide: HIGHLIGHT_OPTIONS,
--- a/frontend/src/app/services/auth-interceptor.service.ts
+++ b/frontend/src/app/services/auth-interceptor.service.ts
@ -0,0 +1,39 @@
+import { Injectable, Injector } from '@angular/core';
+import {HttpErrorResponse, HttpEvent, HttpHandler, HttpInterceptor, HttpRequest} from '@angular/common/http';
+import { FastenDbService } from './fasten-db.service';
+import {Router} from '@angular/router';
+import {Observable, of, throwError} from 'rxjs';
+import {catchError} from 'rxjs/operators';
+
+@Injectable({
+  providedIn: 'root'
+})
+
+// based on https://stackoverflow.com/questions/46017245/how-to-handle-unauthorized-requestsstatus-with-401-or-403-with-new-httpclient
+export class AuthInterceptorService implements HttpInterceptor {
+
+  constructor(private fastenDbService: FastenDbService, private router: Router) { }
+
+  private handleAuthError(err: HttpErrorResponse): Observable<any> {
+    //handle your auth error or rethrow
+    if (err.status === 401 || err.status === 403) {
+      //navigate /delete cookies or whatever
+      this.fastenDbService.Logout()
+      this.router.navigateByUrl(`/auth/signin`);
+      // if you've caught / handled the error, you don't want to rethrow it unless you also want downstream consumers to have to handle it as well.
+      return of(err.message); // or EMPTY may be appropriate here
+    }
+    return throwError(err);
+  }
+
+  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
+    //only intercept requests to the fasten API, all other requests should be sent as-is
+    if(!req.url.startsWith('/api/secure/')){
+      return next.handle(req)
+    }
+
+    // catch the error, make specific functions for catching specific errors and you can chain through them with more catch operators
+    return next.handle(req).pipe(catchError(x=> this.handleAuthError(x))); //here use an arrow function, otherwise you may get "Cannot read property 'navigate' of undefined" on angular 4.4.2/net core 2/webpack 2.70
+
+  }
+}
--- a/frontend/src/app/services/fasten-db.service.ts
+++ b/frontend/src/app/services/fasten-db.service.ts
@ -86,9 +86,10 @@ export class FastenDbService extends PouchdbRepository {
      //if we have a local database, lets see if we have an active session to the remote database.
      const remotePouchDb = new PouchDB(this.getRemoteUserDb(localStorage.getItem("current_user")), {skip_setup: true});
      const session = await remotePouchDb.getSession()
-      console.warn("IsAuthenticated? getSession() ====> ", !!session)
+      const isAuth = !!session?.userCtx?.name
+      console.warn("IsAuthenticated? getSession() ====> ", isAuth)

-      return !!session
+      return isAuth
    } catch (e) {
      return false
    }