17th-Ranger-Battalion-ORG/milsim-site-v4
8
1
Fork 0
Code Issues 31 Pull Requests Actions 3 Packages Projects Releases 5 Wiki Activity

Implemented login requirement for most of the API

Browse Source
This commit is contained in:
ajdj100
2025-12-13 14:25:39 -05:00
parent 2ea355d9d8
commit 7c4e8d7db8
10 changed files with 56 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
api/src/middleware/auth.ts Normal file
View File

@@ -0,0 +1,14 @@
import { NextFunction, Request, Response } from "express";
export const requireLogin = function (req: Request, res: Response, next: NextFunction) {
if (req.user?.id)
next();
else
res.sendStatus(401)
}
function requireRole(roleName: string) {
return function (req: Request, res: Response, next: NextFunction) {
}
}

19
api/src/routes/applications.ts
View File

@@ -9,6 +9,7 @@ import { ApplicationFull, CommentRow } from "@app/shared/types/application"
import { assignUserToStatus } from '../services/statusService'; import { assignUserToStatus } from '../services/statusService';
import { Request, response, Response } from 'express'; import { Request, response, Response } from 'express';
import { getUserRoles } from '../services/rolesService'; import { getUserRoles } from '../services/rolesService';
import { requireLogin } from '../middleware/auth';
//get CoC //get CoC
router.get('/coc', async (req: Request, res: Response) => { router.get('/coc', async (req: Request, res: Response) => {
@@ -29,7 +30,7 @@ router.get('/coc', async (req: Request, res: Response) => {
// POST /application // POST /application
router.post('/', async (req, res) => { router.post('/', [requireLogin], async (req, res) => {
try { try {
const App = req.body?.App || {}; const App = req.body?.App || {};
const memberID = req.user.id; const memberID = req.user.id;
@@ -47,7 +48,7 @@ router.post('/', async (req, res) => {
}); });
// GET /application/all // GET /application/all
router.get('/all', async (req, res) => { router.get('/all', [requireLogin], async (req, res) => {
try { try {
const rows = await getApplicationList(); const rows = await getApplicationList();
res.status(200).json(rows); res.status(200).json(rows);
@@ -71,7 +72,7 @@ router.get('/meList', async (req, res) => {
} }
}) })
router.get('/me', async (req, res) => { router.get('/me', [requireLogin], async (req, res) => {
let userID = req.user.id; let userID = req.user.id;
@@ -96,7 +97,7 @@ router.get('/me', async (req, res) => {
}) })
// GET /application/:id // GET /application/:id
router.get('/me/:id', async (req: Request, res: Response) => { router.get('/me/:id', [requireLogin], async (req: Request, res: Response) => {
let appID = Number(req.params.id); let appID = Number(req.params.id);
let member = req.user.id; let member = req.user.id;
try { try {
@@ -123,7 +124,7 @@ router.get('/me/:id', async (req: Request, res: Response) => {
}); });
// GET /application/:id // GET /application/:id
router.get('/:id', async (req: Request, res: Response) => { router.get('/:id', [requireLogin], async (req: Request, res: Response) => {
let appID = Number(req.params.id); let appID = Number(req.params.id);
let asAdmin = !!req.query.admin || false; let asAdmin = !!req.query.admin || false;
let user = req.user.id; let user = req.user.id;
@@ -159,7 +160,7 @@ router.get('/:id', async (req: Request, res: Response) => {
}); });
// POST /application/approve/:id // POST /application/approve/:id
router.post('/approve/:id', async (req: Request, res: Response) => { router.post('/approve/:id', [requireLogin], async (req: Request, res: Response) => {
const appID = Number(req.params.id); const appID = Number(req.params.id);
const approved_by = req.user.id; const approved_by = req.user.id;
@@ -188,7 +189,7 @@ router.post('/approve/:id', async (req: Request, res: Response) => {
}); });
// POST /application/deny/:id // POST /application/deny/:id
router.post('/deny/:id', async (req, res) => { router.post('/deny/:id', [requireLogin], async (req, res) => {
const appID = req.params.id; const appID = req.params.id;
try { try {
@@ -203,7 +204,7 @@ router.post('/deny/:id', async (req, res) => {
}); });
// POST /application/:id/comment // POST /application/:id/comment
router.post('/:id/comment', async (req: Request, res: Response) => { router.post('/:id/comment', [requireLogin], async (req: Request, res: Response) => {
const appID = req.params.id; const appID = req.params.id;
const data = req.body.message; const data = req.body.message;
const user = req.user; const user = req.user;
@@ -246,7 +247,7 @@ VALUES(?, ?, ?);`
}); });
// POST /application/:id/comment // POST /application/:id/comment
router.post('/:id/adminComment', async (req: Request, res: Response) => { router.post('/:id/adminComment', [requireLogin], async (req: Request, res: Response) => {
const appID = req.params.id; const appID = req.params.id;
const data = req.body.message; const data = req.body.message;
const user = req.user; const user = req.user;

3
api/src/routes/auth.js
View File

@@ -7,6 +7,7 @@ const express = require('express');
const { param } = require('./applications'); const { param } = require('./applications');
const router = express.Router(); const router = express.Router();
import pool from '../db'; import pool from '../db';
import { requireLogin } from '../middleware/auth';
const querystring = require('querystring'); const querystring = require('querystring');
@@ -90,7 +91,7 @@ router.get('/callback', (req, res, next) => {
})(req, res, next); })(req, res, next);
}); });
router.get('/logout', function (req, res, next) { router.get('/logout', [requireLogin], function (req, res, next) {
req.logout(function (err) { req.logout(function (err) {
if (err) { return next(err); } if (err) { return next(err); }
var params = { var params = {

11
api/src/routes/calendar.ts
View File

@@ -1,6 +1,7 @@
import { Request, Response } from "express"; import { Request, Response } from "express";
import { createEvent, getEventAttendance, getEventDetails, getShortEventsInRange, setAttendanceStatus, setEventCancelled, updateEvent } from "../services/calendarService"; import { createEvent, getEventAttendance, getEventDetails, getShortEventsInRange, setAttendanceStatus, setEventCancelled, updateEvent } from "../services/calendarService";
import { CalendarAttendance, CalendarEvent } from "@app/shared/types/calendar"; import { CalendarAttendance, CalendarEvent } from "@app/shared/types/calendar";
import { requireLogin } from "../middleware/auth";
const express = require('express'); const express = require('express');
const r = express.Router(); const r = express.Router();
@@ -35,7 +36,7 @@ r.get('/upcoming', async (req, res) => {
res.sendStatus(501); res.sendStatus(501);
}) })
r.post('/:id/cancel', async (req: Request, res: Response) => { r.post('/:id/cancel', [requireLogin], async (req: Request, res: Response) => {
try { try {
const eventID = Number(req.params.id); const eventID = Number(req.params.id);
setEventCancelled(eventID, true); setEventCancelled(eventID, true);
@@ -45,7 +46,7 @@ r.post('/:id/cancel', async (req: Request, res: Response) => {
res.status(500).send('Error setting cancel status'); res.status(500).send('Error setting cancel status');
} }
}) })
r.post('/:id/uncancel', async (req: Request, res: Response) => { r.post('/:id/uncancel', [requireLogin], async (req: Request, res: Response) => {
try { try {
const eventID = Number(req.params.id); const eventID = Number(req.params.id);
setEventCancelled(eventID, false); setEventCancelled(eventID, false);
@@ -57,7 +58,7 @@ r.post('/:id/uncancel', async (req: Request, res: Response) => {
}) })
r.post('/:id/attendance', async (req: Request, res: Response) => { r.post('/:id/attendance', [requireLogin], async (req: Request, res: Response) => {
try { try {
let member = req.user.id; let member = req.user.id;
let event = Number(req.params.id); let event = Number(req.params.id);
@@ -85,7 +86,7 @@ r.get('/:id', async (req: Request, res: Response) => {
//post a new calendar event //post a new calendar event
r.post('/', async (req: Request, res: Response) => { r.post('/', [requireLogin], async (req: Request, res: Response) => {
try { try {
const member = req.user.id; const member = req.user.id;
let event: CalendarEvent = req.body; let event: CalendarEvent = req.body;
@@ -100,7 +101,7 @@ r.post('/', async (req: Request, res: Response) => {
} }
}) })
r.put('/', async (req: Request, res: Response) => { r.put('/', [requireLogin], async (req: Request, res: Response) => {
try { try {
let event: CalendarEvent = req.body; let event: CalendarEvent = req.body;
event.start = new Date(event.start); event.start = new Date(event.start);

4
api/src/routes/course.ts
View File

@@ -1,10 +1,14 @@
import { CourseAttendee, CourseEventDetails } from "@app/shared/types/course"; import { CourseAttendee, CourseEventDetails } from "@app/shared/types/course";
import { getAllCourses, getCourseEventAttendees, getCourseEventDetails, getCourseEventRoles, getCourseEvents, insertCourseEvent } from "../services/CourseSerivce"; import { getAllCourses, getCourseEventAttendees, getCourseEventDetails, getCourseEventRoles, getCourseEvents, insertCourseEvent } from "../services/CourseSerivce";
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
import { requireLogin } from "../middleware/auth";
const courseRouter = Router(); const courseRouter = Router();
const eventRouter = Router(); const eventRouter = Router();
courseRouter.use(requireLogin)
eventRouter.use(requireLogin)
courseRouter.get('/', async (req, res) => { courseRouter.get('/', async (req, res) => {
try { try {
const courses = await getAllCourses(); const courses = await getAllCourses();

3
api/src/routes/loa.ts
View File

@@ -5,6 +5,9 @@ import { Request, Response } from 'express';
import pool from '../db'; import pool from '../db';
import { closeLOA, createNewLOA, getAllLOA, getLOAbyID, getLoaTypes, getUserLOA, setLOAExtension } from '../services/loaService'; import { closeLOA, createNewLOA, getAllLOA, getLOAbyID, getLoaTypes, getUserLOA, setLOAExtension } from '../services/loaService';
import { LOARequest } from '@app/shared/types/loa'; import { LOARequest } from '@app/shared/types/loa';
import { requireLogin } from '../middleware/auth';
router.use(requireLogin);
//member posts LOA //member posts LOA
router.post("/", async (req: Request, res: Response) => { router.post("/", async (req: Request, res: Response) => {

7
api/src/routes/members.js
View File

@@ -2,15 +2,12 @@ const express = require('express');
const router = express.Router(); const router = express.Router();
import pool from '../db'; import pool from '../db';
import { requireLogin } from '../middleware/auth';
import { getUserActiveLOA } from '../services/loaService'; import { getUserActiveLOA } from '../services/loaService';
import { getUserData } from '../services/memberService'; import { getUserData } from '../services/memberService';
import { getUserRoles } from '../services/rolesService'; import { getUserRoles } from '../services/rolesService';
router.use((req, res, next) => { router.use(requireLogin);
console.log(req.user);
console.log('Time:', Date.now())
next()
})
//get all users //get all users
router.get('/', async (req, res) => { router.get('/', async (req, res) => {

9
api/src/routes/ranks.js
View File

@@ -1,10 +1,15 @@
const express = require('express'); const express = require('express');
const r = express.Router(); const r = express.Router();
const ur = express.Router(); const ur = express.Router();
const { getAllRanks, insertMemberRank } = require('../services/rankService') const { getAllRanks, insertMemberRank } = require('../services/rankService');
const { requireLogin } = require('../middleware/auth');
r.use(requireLogin)
ur.use(requireLogin)
//insert a new latest rank for a user //insert a new latest rank for a user
ur.post('/', async (req, res) => {3 ur.post('/', async (req, res) => {
3
try { try {
const change = req.body?.change; const change = req.body?.change;
await insertMemberRank(change.member_id, change.rank_id, change.date); await insertMemberRank(change.member_id, change.rank_id, change.date);

4
api/src/routes/roles.js
View File

@@ -3,8 +3,12 @@ const r = express.Router();
const ur = express.Router(); const ur = express.Router();
import pool from '../db'; import pool from '../db';
import { requireLogin } from '../middleware/auth';
import { assignUserGroup, createGroup } from '../services/rolesService'; import { assignUserGroup, createGroup } from '../services/rolesService';
r.use(requireLogin)
ur.use(requireLogin)
//manually assign a member to a group //manually assign a member to a group
ur.post('/', async (req, res) => { ur.post('/', async (req, res) => {
try { try {

4
api/src/routes/statuses.js
View File

@@ -3,6 +3,10 @@ const status = express.Router();
const memberStatus = express.Router(); const memberStatus = express.Router();
import pool from '../db'; import pool from '../db';
import { requireLogin } from '../middleware/auth';
status.use(requireLogin);
memberStatus.use(requireLogin);
//insert a new latest rank for a user //insert a new latest rank for a user
memberStatus.post('/', async (req, res) => { memberStatus.post('/', async (req, res) => {