17th-Ranger-Battalion-ORG/milsim-site-v4
8
1
Fork 0
Code Issues 22 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Implemented actual authentication guards, began implementing main login user flows

Browse Source
This commit is contained in:
ajdj100
2025-10-19 19:27:48 -04:00
parent e6016a19bb
commit 5d7ebd2136
12 changed files with 237 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
api/src/routes/auth.js
View File

@@ -21,12 +21,12 @@ passport.use(new OpenIDConnectStrategy({
scope: ['openid', 'profile'] scope: ['openid', 'profile']
}, async function verify(issuer, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) { }, async function verify(issuer, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) {
console.log('--- OIDC verify() called ---'); // console.log('--- OIDC verify() called ---');
console.log('issuer:', issuer); // console.log('issuer:', issuer);
console.log('sub:', sub); // console.log('sub:', sub);
console.log('profile:', JSON.stringify(profile, null, 2)); // console.log('profile:', JSON.stringify(profile, null, 2));
console.log('id_token claims:', JSON.stringify(jwtClaims, null, 2)); // console.log('id_token claims:', JSON.stringify(jwtClaims, null, 2));
console.log('preferred_username:', jwtClaims?.preferred_username); // console.log('preferred_username:', jwtClaims?.preferred_username);
const con = await pool.getConnection(); const con = await pool.getConnection();
try { try {
@@ -34,14 +34,11 @@ passport.use(new OpenIDConnectStrategy({
//lookup existing user //lookup existing user
const existing = await con.query(`SELECT id FROM members WHERE authentik_issuer = ? AND authentik_sub = ? LIMIT 1;`, [issuer, sub]); const existing = await con.query(`SELECT id FROM members WHERE authentik_issuer = ? AND authentik_sub = ? LIMIT 1;`, [issuer, sub]);
console.log(existing)
let memberId; let memberId;
//if member exists //if member exists
if (existing.length > 0) { if (existing.length > 0) {
console.log('member exists');
memberId = existing[0].id; memberId = existing[0].id;
} else { } else {
console.log("creating member")
//otherwise: create account //otherwise: create account
const username = sub.username; const username = sub.username;
@@ -52,7 +49,6 @@ passport.use(new OpenIDConnectStrategy({
memberId = result.insertId; memberId = result.insertId;
} }
console.log("hello world" + memberId);
await con.commit(); await con.commit();
return cb(null, { memberId }); return cb(null, { memberId });
} catch (error) { } catch (error) {
@@ -63,11 +59,36 @@ passport.use(new OpenIDConnectStrategy({
} }
})); }));
router.get('/login', passport.authenticate('openidconnect')) router.get('/login', (req, res, next) => {
router.get('/callback', passport.authenticate('openidconnect', { // Store redirect target in session if provided
successRedirect: 'https://aj17thdev.nexuszone.net/', req.session.redirectTo = req.query.redirect || '/';
failureRedirect: 'https://aj17thdev.nexuszone.net/'
})); next();
}, passport.authenticate('openidconnect'));
// router.get('/callback', (req, res, next) => {
// passport.authenticate('openidconnect', {
// successRedirect: req.session.redirectTo,
// failureRedirect: 'https://aj17thdev.nexuszone.net/'
// })
// });
router.get('/callback', (req, res, next) => {
const redirectURI = req.session.redirectTo;
passport.authenticate('openidconnect', (err, user) => {
if (err) return next(err);
if (!user) return res.redirect('https://aj17thdev.nexuszone.net/');
req.logIn(user, err => {
if (err) return next(err);
// Use redirect saved from session
const redirectTo = redirectURI || 'https://aj17thdev.nexuszone.net/';
delete req.session.redirectTo;
return res.redirect(redirectTo);
});
})(req, res, next);
});
router.post('/logout', function (req, res, next) { router.post('/logout', function (req, res, next) {
req.logout(function (err) { req.logout(function (err) {
@@ -82,7 +103,6 @@ router.post('/logout', function (req, res, next) {
passport.serializeUser(function (user, cb) { passport.serializeUser(function (user, cb) {
process.nextTick(function () { process.nextTick(function () {
console.log(`serialize: ${user.memberId}`);
cb(null, user); cb(null, user);
}); });
}); });
@@ -95,8 +115,7 @@ passport.deserializeUser(function (user, cb) {
var userData; var userData;
try { try {
userResults = await con.query(`SELECT id, name FROM members WHERE id = ?;`, [memberID]) let userResults = await con.query(`SELECT id, name FROM members WHERE id = ?;`, [memberID])
console.log(userResults)
userData = userResults[0]; userData = userResults[0];
} catch (error) { } catch (error) {

24
api/src/routes/members.js
View File

@@ -2,11 +2,13 @@ const express = require('express');
const router = express.Router(); const router = express.Router();
import pool from '../db'; import pool from '../db';
import { getUserRoles } from '../services/rolesService';
//create a new user? router.use((req, res, next) => {
router.post('/', async (req, res) => { console.log(req.user);
console.log('Time:', Date.now())
}); next()
})
//get all users //get all users
router.get('/', async (req, res) => { router.get('/', async (req, res) => {
@@ -42,12 +44,18 @@ router.get('/me', async (req, res) => {
FROM leave_of_absences FROM leave_of_absences
WHERE member_id = ? WHERE member_id = ?
AND deleted = 0 AND deleted = 0
AND UTC_TIMESTAMP() BETWEEN start_date AND end_date;`, req.user.id) AND UTC_TIMESTAMP() BETWEEN start_date AND end_date;`, req.user.id);
const userWithLOA = {
const roleData = await getUserRoles(req.user.id);
const userDataFull = {
...req.user, ...req.user,
loa: LOAData loa: LOAData,
roles: roleData
}; };
res.json(userWithLOA);
console.log(userDataFull);
res.status(200).json(userDataFull);
} catch (error) { } catch (error) {
console.error('Error fetching LOA data:', error); console.error('Error fetching LOA data:', error);
return res.status(500).json({ error: 'Failed to fetch user data' }); return res.status(500).json({ error: 'Failed to fetch user data' });

14
api/src/routes/roles.js
View File

@@ -3,14 +3,14 @@ const r = express.Router();
const ur = express.Router(); const ur = express.Router();
import pool from '../db'; import pool from '../db';
import { assignUserGroup, createGroup } from '../services/rolesService';
//assign a member to a role //manually assign a member to a group
ur.post('/', async (req, res) => { ur.post('/', async (req, res) => {
try { try {
const body = req.body; const body = req.body;
const sql = `INSERT INTO members_roles (member_id, role_id) VALUES (?, ?);`;
await pool.query(sql, [body.member_id, body.role_id]); assignUserGroup(body.member_id, body.role_id);
res.sendStatus(201); res.sendStatus(201);
} catch (err) { } catch (err) {
@@ -19,6 +19,7 @@ ur.post('/', async (req, res) => {
} }
}); });
//manually remove member from group
ur.delete('/', async (req, res) => { ur.delete('/', async (req, res) => {
try { try {
const body = req.body; const body = req.body;
@@ -89,12 +90,9 @@ r.post('/', async (req, res) => {
return res.status(400).json({ error: 'Color must be a valid hex color (#ffffff)' }); return res.status(400).json({ error: 'Color must be a valid hex color (#ffffff)' });
} }
const sql = `INSERT INTO roles (name, color, description) VALUES (?, ?, ?);`; await createGroup(name, color, description);
const params = [name, color, description || null];
const result = await pool.query(sql, params); res.sendStatus(201);
res.status(201).json({ id: result.insertId, name, color, description });
} catch (err) { } catch (err) {
console.error('Insert failed:', err); console.error('Insert failed:', err);
res.status(500).json({ error: 'Failed to create role' }); res.status(500).json({ error: 'Failed to create role' });

1
api/src/services/calendarService.ts
View File

@@ -1,4 +1,3 @@
// const pool = require('../db');
import pool from '../db'; import pool from '../db';
export interface CalendarEvent { export interface CalendarEvent {

26
api/src/services/rolesService.ts Normal file
View File

@@ -0,0 +1,26 @@
import pool from '../db';
export async function assignUserGroup(userID: number, roleID: number) {
const sql = `INSERT INTO members_roles (member_id, role_id) VALUES (?, ?);`;
const params = [userID, roleID];
return await pool.query(sql, params);
}
export async function createGroup(name: string, color: string, description: string) {
const sql = `INSERT INTO roles (name, color, description) VALUES (?, ?, ?)`;
const params = [name, color, description];
const result = await pool.query(sql, params);
return { id: result.insertId, name, color, description };
}
export async function getUserRoles(userID: number) {
const sql = `SELECT r.id, r.name
FROM members_roles mr
INNER JOIN roles r ON mr.role_id = r.id
WHERE mr.member_id = 190;`;
return await pool.query(sql, [userID]);
}

15
ui/src/App.vue
View File

@@ -16,13 +16,14 @@ import AlertDescription from './components/ui/alert/AlertDescription.vue';
const userStore = useUserStore(); const userStore = useUserStore();
onMounted(async () => { // onMounted(async () => {
const res = await fetch(`${import.meta.env.VITE_APIHOST}/members/me`, { // const res = await fetch(`${import.meta.env.VITE_APIHOST}/members/me`, {
credentials: 'include', // credentials: 'include',
}); // });
const data = await res.json(); // const data = await res.json();
userStore.user = data; // console.log(data);
}); // userStore.user = data;
// });
async function logout() { async function logout() {
await fetch(`${import.meta.env.VITE_APIHOST}/logout`, { await fetch(`${import.meta.env.VITE_APIHOST}/logout`, {

4
ui/src/api/member.ts
View File

@@ -12,7 +12,9 @@ export type Member = {
const addr = import.meta.env.VITE_APIHOST; const addr = import.meta.env.VITE_APIHOST;
export async function getMembers(): Promise<Member[]> { export async function getMembers(): Promise<Member[]> {
const response = await fetch(`${addr}/members`); const response = await fetch(`${addr}/members`, {
credentials: 'include'
});
if (!response.ok) { if (!response.ok) {
throw new Error("Failed to fetch members"); throw new Error("Failed to fetch members");
} }

3
ui/src/pages/Application.vue
View File

@@ -23,6 +23,7 @@ onMounted(async () => {
const router = useRoute(); const router = useRoute();
const appIDRaw = router.params.id.toString(); const appIDRaw = router.params.id.toString();
const raw = await loadApplication(appIDRaw); const raw = await loadApplication(appIDRaw);
console.log(raw);
if (raw === null) { if (raw === null) {
//new app //new app
appData.value = null appData.value = null
@@ -43,7 +44,7 @@ onMounted(async () => {
readOnly.value = true; readOnly.value = true;
} }
} catch (e) { } catch (e) {
console.error(e) console.error(e);
} }
loading.value = false; loading.value = false;
}) })

24
ui/src/pages/Join.vue Normal file
View File

@@ -0,0 +1,24 @@
<template>
<div class="min-h-screen flex items-center justify-center ">
<div class="w-full max-w-2xl mx-auto p-8 text-center">
<h1 class="text-4xl sm:text-5xl font-extrabold mb-4">
welcome to the 17th
</h1>
<p class=" mb-8">
Welcome click below to get started.
</p>
<Button class="w-44" @click="goToLogin">Get started</Button>
</div>
</div>
</template>
<script setup>
import Button from '@/components/ui/button/Button.vue';
function goToLogin() {
window.location.href = 'https://aj17thdevapi.nexuszone.net/login';
}
</script>

40
ui/src/pages/Unauthorized.vue Normal file
View File

@@ -0,0 +1,40 @@
<template>
<div class="min-h-screen flex flex-col items-center justify-center text-center px-6">
<h1 class="text-5xl font-bold mb-4">Unauthorized</h1>
<p class="text-lg text-muted-foreground max-w-md mb-6">
You don't have permission to access this page.
If you think this is a mistake, please contact an administrator.
</p>
<div class="flex flex-col gap-3 sm:flex-row">
<Button variant="default" @click="goHome">
Go to Home
</Button>
<Button variant="outline" @click="loginIfNeeded">
Log In
</Button>
</div>
</div>
</template>
<script setup lang="ts">
import Button from '@/components/ui/button/Button.vue'
import { useRouter } from 'vue-router'
import { useUserStore } from '@/stores/user' // adjust path to your store
const router = useRouter()
const user = useUserStore()
function goHome() {
router.push('/')
}
function loginIfNeeded() {
if (!user.isLoggedIn) {
window.location.href = 'https://your-auth-service/login'
} else {
router.push('/')
}
}
</script>

88
ui/src/router/index.js
View File

@@ -1,45 +1,67 @@
import { useUserStore } from '@/stores/user'
import { createRouter, createWebHistory } from 'vue-router' import { createRouter, createWebHistory } from 'vue-router'
const router = createRouter({ const router = createRouter({
history: createWebHistory(import.meta.env.BASE_URL), history: createWebHistory(import.meta.env.BASE_URL),
routes: [ routes: [
{ path: '/applications', component: () => import('@/pages/ManageApplications.vue') }, // PUBLIC
{ path: '/applications/:id', component: () => import('@/pages/Application.vue') }, { path: '/join', component: () => import('@/pages/Join.vue') },
{ path: '/rankChange', component: () => import('@/pages/RankChange.vue') },
{ path: '/members', component: () => import('@/pages/memberList.vue') }, // AUTH REQUIRED
{ path: '/loa', component: () => import('@/pages/SubmitLOA.vue') }, { path: '/apply', component: () => import('@/pages/Application.vue'), meta: { requiresAuth: true } },
{ path: '/transfer', component: () => import('@/pages/Transfer.vue') },
{ path: '/calendar', component: () => import('@/pages/Calendar.vue') }, // MEMBER ROUTES
{ path: '/members', component: () => import('@/pages/memberList.vue'), meta: { requiresAuth: true, memberOnly: true } },
{ path: '/loa', component: () => import('@/pages/SubmitLOA.vue'), meta: { requiresAuth: true, memberOnly: true } },
{ path: '/transfer', component: () => import('@/pages/Transfer.vue'), meta: { requiresAuth: true, memberOnly: true } },
{ path: '/calendar', component: () => import('@/pages/Calendar.vue'), meta: { requiresAuth: true, memberOnly: true } },
// ADMIN / STAFF ROUTES
{ {
path: '/administration', path: '/administration',
meta: { requiresAuth: true, memberOnly: true, roles: ['staff', 'admin'] },
children: [ children: [
{ { path: 'applications', component: () => import('@/pages/ManageApplications.vue') },
path: 'applications', { path: 'rankChange', component: () => import('@/pages/RankChange.vue') },
component: () => import('@/pages/ManageApplications.vue') { path: 'applications/:id', component: () => import('@/pages/Application.vue') },
}, { path: 'transfer', component: () => import('@/pages/ManageTransfers.vue') },
{ { path: 'loa', component: () => import('@/pages/ManageLOA.vue') },
path: 'rankChange', { path: 'roles', component: () => import('@/pages/ManageRoles.vue') }
component: () => import('@/pages/RankChange.vue')
},
{
path: 'applications/:id',
component: () => import('@/pages/Application.vue')
},
{
path: 'transfer',
component: () => import('@/pages/ManageTransfers.vue')
},
{
path: 'loa',
component: () => import('@/pages/ManageLOA.vue')
},
{
path: 'roles',
component: () => import('@/pages/ManageRoles.vue')
}
] ]
} },
// UNAUTHORIZED PAGE
{ path: '/unauthorized', component: () => import('@/pages/Unauthorized.vue') }
] ]
}) })
export default router router.beforeEach(async (to) => {
const userStore = useUserStore()
// Make sure user state is loaded before checking
if (!userStore.loaded) {
console.log('loaduser')
await userStore.loadUser();
}
// Not logged in
if (to.meta.requiresAuth && !userStore.isLoggedIn) {
// Redirect back to original page after login
const redirectUrl = encodeURIComponent(window.location.origin + to.fullPath)
window.location.href = `https://aj17thdevapi.nexuszone.net/login?redirect=${redirectUrl}`
return false // Prevent Vue Router from continuing
}
// // Must be a member
// if (to.meta.memberOnly && userStore.status !== 'member') {
// return '/unauthorized'
// }
// // Must have specific role
// if (to.meta.roles && !to.meta.roles.includes(userStore.role)) {
// return '/unauthorized'
// }
})
export default router;

21
ui/src/stores/user.ts
View File

@@ -3,8 +3,25 @@ import { defineStore } from 'pinia'
export const useUserStore = defineStore('user', () => { export const useUserStore = defineStore('user', () => {
const user = ref(null) const user = ref(null)
const roles = ref<string[]>([]) const roles = computed(() => { user.value.roles })
const loaded = ref(false);
const isLoggedIn = computed(() => user.value !== null) const isLoggedIn = computed(() => user.value !== null)
return { user, isLoggedIn, roles }
async function loadUser() {
//@ts-ignore
const res = await fetch(`${import.meta.env.VITE_APIHOST}/members/me`, {
credentials: 'include',
});
if (res.ok) {
const data = await res.json();
console.log(data);
user.value = data;
}
loaded.value = true;
}
return { user, isLoggedIn, roles, loadUser, loaded }
}) })