merge auth into main (#39)

* created catalog table * AT - created the published schedule table * fixed enum name * removed brackets around exist conditionals * added create table users statement * added drop table if exists * updated drop table statement * Made CRUD SQL queries for Published Schedule Table * added catalog CRUD queries * Attempt to figure out ENV variable issue with workflows * fix typo * try moving env variables * Revert changes * Make CRUD SQL queries for Users Table (#25) * Added UPDATE and DELETE queries for user table * added Get, Get pending accounts, and Post * implemented changes from pr feedback --------- Co-authored-by: Sean Fong <[email protected]> Co-authored-by: Philip Jian <[email protected]> * fixed published schedule types * added connection to db * 23-make-backend-routes-for-users (#26) * Create a pull trequest for branch 23-make-backend-routes-for-users * Co-authored-by: cherhchen <[email protected]> * Finished backend routes Co-authored-by: cherhchen <[email protected]> * Refactor users.js for minor updates and delete users.sql Co-authored-by: cherhchen <[email protected]> --------- Co-authored-by: Ethan Ho <[email protected]> Co-authored-by: cherhchen <[email protected]> * Make backend routes for Catelog (#27) * created catalog.js, made progress * added :id to the router functions, changed delete query * Completed code for routes. Running into db.query is not a function error * Completed Routes for Catelog * removed comments, fixed yarn lock * removed console logs * fixed ? Co-authored-by: liannejl <[email protected]> --------- Co-authored-by: Alyssia Tan <[email protected]> Co-authored-by: liannejl <[email protected]> Co-authored-by: liannejl <[email protected]> * Set up the nodeMailer route and the transporter (#28) * nodeMailer.js setup * Added nodeMailer.js code and transporter.js that is called within nodeMailer * Updated package.json to include nodeMailer dependency, added endpoint for emailRouter in app.js, set cors credentials to true so it doesn't block req --------- Co-authored-by: subinqkim <[email protected]> * Make Backend Routes for Published Schedule (#29) * Modified GET queries with joins on catalog table * created publishSchedule.js file * Mounted published schedule route on app.js * Added GET and POST route controller functions for published schedule * put and delete, not yet complete * updated publishedSchedule.js * updated to use numeric syntax for sql queries * small fixes in ppublishedSchedule.js * pull request feedback * pull request feedback cont. * fixed misc bugs --------- Co-authored-by: Sean Fong <[email protected]> Co-authored-by: Philip Jian <[email protected]> Co-authored-by: michellelin1 <[email protected]> Co-authored-by: ThatMegamind <[email protected]> * Minor DB Updates (#32) * Create a pull trequest for branch 31-minor-db-updates * updated db model and queries --------- Co-authored-by: michellelin1 <[email protected]> * Protected routes have token refresh method, all CRUD methods work with the user database and firebase console (#37) * protected routes have method to refresh token, all CRUD Methods work with the database and firebase console. * took out console logs * removed test code --------- Co-authored-by: subinqkim <[email protected]> Co-authored-by: michellelin1 <[email protected]> --------- Co-authored-by: Kristen Yee <[email protected]> Co-authored-by: Alyssia Tan <[email protected]> Co-authored-by: Cheryl Chen <[email protected]> Co-authored-by: subinqkim <[email protected]> Co-authored-by: chloecheng8 <[email protected]> Co-authored-by: Andrew Lee <[email protected]> Co-authored-by: ThatMegamind <[email protected]> Co-authored-by: ctc-devops <[email protected]> Co-authored-by: Sean Fong <[email protected]> Co-authored-by: Philip Jian <[email protected]> Co-authored-by: Ethan Ho <[email protected]> Co-authored-by: cherhchen <[email protected]> Co-authored-by: liannejl <[email protected]> Co-authored-by: liannejl <[email protected]>
ctc-uci · Jan 23, 2024 · f90c34b · f90c34b
1 parent 3ef8a11
commit f90c34b
Show file tree

Hide file tree

Showing 9 changed files with 1,066 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -100,6 +100,9 @@ dist
 # DynamoDB Local files
 .dynamodb/
 
+# firebase sdk
+firebase-adminsdk.json
+
 # TernJS port file
 .tern-port
 

diff --git a/app.js b/app.js
@@ -7,6 +7,8 @@ require('dotenv').config();
 // routes
 const users = require('./routes/users');
 
+const { authRouter } = require('./routes/auth');
+
 const email = require('./routes/nodeMailer');
 
 const app = express();
@@ -30,6 +32,7 @@ app.use('/published-schedule', publishedScheduleRouter);
 app.use('/users', users);
 app.use('/catalog', catalogRouter);
 app.use('/nodeMailer', email);
+app.use('/auth', authRouter);
 
 app.listen(PORT, () => {
   console.log(`Server listening on ${PORT}`);

diff --git a/firebase.js b/firebase.js
@@ -0,0 +1,9 @@
+const admin = require('firebase-admin');
+
+require('dotenv').config();
+
+const credentials = require('./firebase-adminsdk.json');
+
+admin.initializeApp({ credential: admin.credential.cert(credentials) });
+
+module.exports = admin;
diff --git a/package.json b/package.json
@@ -24,6 +24,7 @@
     "eslint-plugin-prettier": "^4.0.0",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.1",
+    "firebase-admin": "^12.0.0",
     "nodemailer": "^6.9.7",
     "nodemon": "^2.0.14",
     "pg": "^8.8.0",

diff --git a/routes/auth.js b/routes/auth.js
@@ -0,0 +1,41 @@
+const express = require('express');
+
+const authRouter = express();
+const admin = require('../firebase');
+
+authRouter.use(express.json());
+
+// This method makes a call to Firebase that will verify the access token attached to the request's cookies
+// This method is used to make sure that only users who have appropriate access tokens can access backend routes.
+const verifyToken = async (req, res, next) => {
+  try {
+    const {
+      cookies: { accessToken },
+    } = req;
+    if (!accessToken) {
+      return res.status(400).send('@verifyToken no access token');
+    }
+    const decodedToken = await admin.auth().verifyIdToken(accessToken);
+    if (!decodedToken) {
+      return res.status(400).send('Empty token from firebase');
+    }
+    return next();
+  } catch (err) {
+    return res.status(400).send('@verifyToken no access token');
+  }
+};
+
+// This method makes a call to firebase that will verify the access token attached to the request's cookies
+// This method is used to make sure that only users who have appropriate access tokens can access frontend routes.
+authRouter.get('/verifyToken/:accessToken', async (req, res) => {
+  try {
+    const { accessToken } = req.params;
+    const decodedToken = await admin.auth().verifyIdToken(accessToken);
+    return res.status(200).send(decodedToken.uid);
+  } catch (err) {
+    console.log('err', err);
+    return res.status(400).send('@verifyToken no access token');
+  }
+});
+
+module.exports = { verifyToken, authRouter };
diff --git a/routes/nodeMailer.js b/routes/nodeMailer.js
@@ -16,8 +16,6 @@ emailRouter.use(express.json());
 
 emailRouter.post('/send', (req, res) => {
   const { email, messageHtml, subject } = req.body;
-  console.log('req.body', req.body);
-  console.log('email', email);
   const mail = {
     from: `${process.env.REACT_APP_EMAIL_FIRST_NAME} ${process.env.REACT_APP_EMAIL_LAST_NAME} ${process.env.REACT_APP_EMAIL_USERNAME}`,
     to: email,

diff --git a/routes/users.js b/routes/users.js
@@ -4,6 +4,8 @@ const { db } = require('../server/db');
 
 const userRouter = express.Router();
 
+const admin = require('../firebase');
+
 userRouter.get('/', async (req, res) => {
   try {
     const allUsers = await db.query(`SELECT * FROM users;`);
@@ -13,6 +15,17 @@ userRouter.get('/', async (req, res) => {
   }
 });
 
+// logInWithEmailAndPassword() needs to get specific user id
+userRouter.get('/:uid', async (req, res) => {
+  try {
+    const { uid } = req.params;
+    const user = await db.query(`SELECT * FROM users WHERE id = $1;`, [uid]);
+    res.status(200).json(keysToCamel(user));
+  } catch (err) {
+    res.status(500).send(err.message);
+  }
+});
+
 userRouter.get('/pending-accounts', async (req, res) => {
   try {
     const pendingAccounts = await db.query(`SELECT * FROM users WHERE approved = FALSE;`);
@@ -22,7 +35,7 @@ userRouter.get('/pending-accounts', async (req, res) => {
   }
 });
 
-userRouter.post('/', async (req, res) => {
+userRouter.post('/create', async (req, res) => {
   try {
     const { id, email, type, approved } = req.body;
     await db.query(`INSERT INTO users (id, email, "type", approved) VALUES ($1, $2, $3, $4);`, [
@@ -35,14 +48,15 @@ userRouter.post('/', async (req, res) => {
       id,
     });
   } catch (err) {
+    console.log('err', err);
     res.status(500).json({
       status: 'Failed',
       msg: err.message,
     });
   }
 });
 
-userRouter.put('/:uid', async (req, res) => {
+userRouter.put('/approve/:uid', async (req, res) => {
   try {
     const { uid } = req.params;
     const updatedApproval = await db.query(
@@ -58,6 +72,10 @@ userRouter.put('/:uid', async (req, res) => {
 userRouter.delete('/:uid', async (req, res) => {
   try {
     const { uid } = req.params;
+
+    // Firebase delete
+    await admin.auth().deleteUser(uid);
+
     const deletedUser = await db.query(`DELETE FROM users WHERE id = $1 RETURNING *;`, [uid]);
     res.status(200).send(keysToCamel(deletedUser));
   } catch (err) {

diff --git a/transporter.js b/transporter.js
@@ -3,6 +3,7 @@ const nodemailer = require('nodemailer');
 require('dotenv').config();
 
 // sender information
+
 const transport = {
   host: 'smtp.gmail.com', // e.g. smtp.gmail.com
   auth: {