B3-3iL-DLW · julesartd · May 16, 2024 · May 15, 2024 · May 15, 2024 · May 16, 2024
diff --git a/backend-nest/src/api/auth/auth.service.ts b/backend-nest/src/api/auth/auth.service.ts
@@ -14,7 +14,7 @@ export class AuthService {
     if (user?.password !== pass) {
       throw new UnauthorizedException('Invalid credentials');
     }
-    const payload = { sub: user.id, email: user.email };
+    const payload = { sub: user.id, email: user.email, userId: user.id };
     return {
       access_token: await this.jwtService.signAsync(payload),
     };

diff --git a/backend-nest/src/api/classgroups/classgroups.controller.ts b/backend-nest/src/api/classgroups/classgroups.controller.ts
@@ -1,8 +1,18 @@
-import { Body, Controller, Delete, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { ClassgroupsService } from './classgroups.service';
 import { CreateClassgroupDto } from './dto/create-classgroup.dto';
+import { AuthGuard } from '../auth/auth.guard';
 
 @Controller('api/classgroups')
+@UseGuards(AuthGuard)
 export class ClassgroupsController {
   constructor(private readonly classgroupsService: ClassgroupsService) {}
 

diff --git a/backend-nest/src/api/classgroups/classgroups.service.ts b/backend-nest/src/api/classgroups/classgroups.service.ts
@@ -37,7 +37,7 @@ export class ClassgroupsService {
       throw new NotFoundException('Classgroup not found');
     }
     return this.prisma.classgroup.findUnique({
-      where: { id },
+      where: { id: id },
     });
   }
 
@@ -49,7 +49,7 @@ export class ClassgroupsService {
       throw new NotFoundException('Classgroup not found');
     }
     return this.prisma.classgroup.findFirst({
-      where: { file },
+      where: { file: file },
     });
   }
 
@@ -58,7 +58,7 @@ export class ClassgroupsService {
       throw new Error('The class does not exist');
     }
     return this.prisma.classgroup.delete({
-      where: { id },
+      where: { id: id },
     });
   }
 

diff --git a/backend-nest/src/api/persist/persist.service.ts b/backend-nest/src/api/persist/persist.service.ts
@@ -1,30 +1,37 @@
-import { Injectable } from '@nestjs/common';
-import { ApiService } from '../api.service';
-import { ClassgroupsService } from '../classgroups/classgroups.service';
-import { TimetableService } from '../timetable/timetable.service';
-import { Cron } from '@nestjs/schedule';
-import { AxiosResponse } from 'axios';
+import {Injectable, OnModuleInit} from '@nestjs/common';
+import {ApiService} from '../api.service';
+import {ClassgroupsService} from '../classgroups/classgroups.service';
+import {TimetableService} from '../timetable/timetable.service';
+import {Cron} from '@nestjs/schedule';
+import {AxiosResponse} from 'axios';
 import * as console from 'node:console';
 
 @Injectable()
-export class PersistService {
+export class PersistService implements OnModuleInit {
   constructor(
     private readonly apiService: ApiService,
     private readonly classGroupService: ClassgroupsService,
     private readonly timetableService: TimetableService,
   ) {}
+
+  async onModuleInit() {
+    this.persistClasses();
+    setTimeout(() => {
+      this.persistEvents();
+    }, 120000);
+  }
+
   /**
-   * Cron job to persist classes every 5 minutes.
+   * Cron job to persist classes every 3 hours.
    */
-  @Cron('* * * * *')
+  @Cron('0 */3 * * *')
   persistClasses() {
     this.apiService.getClasses().subscribe((response) => {
       response.data.forEach((item) => {
-        // eslint-disable-next-line @typescript-eslint/no-unused-vars
-        const { id, ...data } = item; // ignore id from response
+        const {id, ...data} = item;
         this.classGroupService
           .upsert({
-            where: { file: data.file }, // use a unique field to identify the record
+            where: {file: data.file},
             create: data, // data to create if the record does not exist
             update: data, // data to update if the record exists
           })
@@ -33,9 +40,9 @@ export class PersistService {
     });
   }
   /**
-   * Cron job to persist events every 10 seconds.
+   * Cron job to persist events every 1 hour.
    */
-  @Cron('* * * * *')
+  @Cron('0 */1 * * *')
   persistEvents() {
     this.classGroupService.findAll().then((classGroups) => {
       classGroups.forEach((classGroup: { name: string; id: any }) => {
@@ -122,7 +129,7 @@ export class PersistService {
           endAt: event.horaire.endAt,
           classGroupId: classGroup.id,
         };
-        this.timetableService.upsert(data);
+        this.timetableService.upsert(data).then((r) => console.log(r));
       },
     );
   }

diff --git a/backend-nest/src/api/timetable/timetable.controller.ts b/backend-nest/src/api/timetable/timetable.controller.ts
@@ -6,6 +6,7 @@ import { TimetableService } from './timetable.service';
  * Controller for handling timetable related requests.
  */
 @Controller('api/timetable')
+@UseGuards(AuthGuard)
 export class TimetableController {
   /**
    * @param {TimetableService} TimeTableService - The timetable service.

diff --git a/backend-nest/src/api/users/users.controller.ts b/backend-nest/src/api/users/users.controller.ts
@@ -6,12 +6,15 @@ import {
   Param,
   Patch,
   Post,
+  UseGuards,
 } from '@nestjs/common';
 import { UsersService } from './users.service';
 import { CreateUserDto } from './dto/create-user.dto';
 import { UpdateUserDto } from './dto/update-user.dto';
+import { AuthGuard } from '../auth/auth.guard';
 
 @Controller('api/users')
+@UseGuards(AuthGuard)
 export class UsersController {
   constructor(private readonly usersService: UsersService) {}
 

diff --git a/frontend-react/.env b/frontend-react/.env
@@ -0,0 +1 @@
+SESSION_SECRET=97b98665ea4d4672f793b70fed1c71fc23dff48e92fca2137254f9acb259c280
diff --git a/frontend-react/src/app/actions/auth.ts b/frontend-react/src/app/actions/auth.ts
@@ -0,0 +1,8 @@
+import { deleteSession } from '@/app/lib/session'
+import {redirect} from "next/navigation";
+
+export async function logout() {
+    deleteSession()
+    redirect('/login')
+}
+
diff --git a/frontend-react/src/app/api/apiService.ts b/frontend-react/src/app/api/apiService.ts
@@ -1,5 +1,6 @@
 // src/app/api/apiService.ts
 import {API_BASE_URL} from './apiConfig';
+import {verifySession} from "@/app/lib/dal";
 
 export interface ApiResponse {
     ok: boolean;
@@ -8,11 +9,14 @@ export interface ApiResponse {
 
 }
 
-export async function apiRequest(endpoint: string, method: string, body?: any) {
+export async function apiRequest(endpoint: string, method: string, body?: any): Promise<ApiResponse> {
+    const session = await verifySession()
+    const bearer = session.session
     const response = await fetch(`${API_BASE_URL}/${endpoint}`, {
         method,
         headers: {
             'Content-Type': 'application/json',
+            Authorization: bearer ? `Bearer ${bearer}` : '',
         },
         body: body ? JSON.stringify(body) : null,
     });

diff --git a/frontend-react/src/app/api/services/classgroupService.ts b/frontend-react/src/app/api/services/classgroupService.ts
@@ -11,8 +11,9 @@ export async function getClassGroups() {
     }
 }
 
-export async function getClassGroupById(id: number): Promise<Classgroup>{
+export async function getClassGroupById(id: number | undefined): Promise<Classgroup>{
     console.log(id);
+
     try {
         let response = await apiRequest(`classgroups/${id}`, 'GET');
         return response.data;

diff --git a/frontend-react/src/app/auth/useCurrentUser.ts b/frontend-react/src/app/auth/useCurrentUser.ts
diff --git a/frontend-react/src/app/lib/dal.ts b/frontend-react/src/app/lib/dal.ts
@@ -0,0 +1,35 @@
+"use server";
+
+import {cookies} from 'next/headers'
+import {decrypt} from '@/app/lib/session'
+import {redirect} from "next/navigation";
+import {cache} from 'react';
+import {apiRequest} from "@/app/api/apiService";
+
+export const verifySession = cache(async () => {
+
+    const cookie = cookies().get('session')?.value
+    const session = await decrypt(cookie)
+
+    if (!session?.userId) {
+
+        redirect('/login')
+    }
+
+    return { isAuth: true, userId: session.userId, session: cookie }
+})
+
+export const getUser = cache(async () => {
+    const session = await verifySession()
+    if (!session) return null
+
+    try {
+        const data = await apiRequest(`users/${session.userId}`, 'GET')
+        console.log(data.data)
+        return data.data
+
+    } catch (error) {
+        console.log('Failed to fetch user')
+        return null
+    }
+})
diff --git a/frontend-react/src/app/lib/session.ts b/frontend-react/src/app/lib/session.ts
@@ -1,18 +1,12 @@
-import 'server-only'
-import { SignJWT, jwtVerify } from 'jose'
-import { SessionPayload } from '@/app/lib/definitions'
+"use server";
+
+import {jwtVerify} from 'jose'
+import {cookies} from 'next/headers'
+
 
 const secretKey = process.env.SESSION_SECRET
 const encodedKey = new TextEncoder().encode(secretKey)
 
-export async function encrypt(payload: SessionPayload) {
-    return new SignJWT(payload)
-        .setProtectedHeader({ alg: 'HS256' })
-        .setIssuedAt()
-        .setExpirationTime('7d')
-        .sign(encodedKey)
-}
-
 export async function decrypt(session: string | undefined = '') {
     try {
         const { payload } = await jwtVerify(session, encodedKey, {
@@ -22,4 +16,20 @@ export async function decrypt(session: string | undefined = '') {
     } catch (error) {
         console.log('Failed to verify session')
     }
-}
+}
+
+export async function createSession(jwt: string) {
+    const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
+    cookies().set('session', jwt, {
+        httpOnly: true,
+        secure: true,
+        expires: expiresAt,
+        sameSite: 'lax',
+        path: '/',
+    })
+}
+
+export async function deleteSession() {
+    cookies().delete('session')
+}
+
diff --git a/frontend-react/src/app/login/page.tsx b/frontend-react/src/app/login/page.tsx
@@ -6,6 +6,7 @@ import LoginForm from './form/LoginForm';
 import {Credentials, InvalidCredentialsError, login} from './services/loginService';
 import Toast from '../../app/components/toasts';
 import {useRouter} from 'next/navigation';
+import {createSession} from "@/app/lib/session";
 
 const LoginPage = () => {
     const router = useRouter();
@@ -19,7 +20,7 @@ const LoginPage = () => {
         try {
             const token = await login(credentials);
 
-            document.cookie = `jwt=${token}; path=/`;
+            await createSession(token);
 
 
             setToastMessage('Connexion réussie !');

diff --git a/frontend-react/src/app/middleware.ts b/frontend-react/src/app/middleware.ts
@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { decrypt } from '@/app/lib/session'
+import { cookies } from 'next/headers'
+
+// 1. Specify protected and public routes
+const protectedRoutes = ['/timetable', '/users']
+const publicRoutes = ['/login', '/register', '/']
+
+export default async function middleware(req: NextRequest) {
+    // 2. Check if the current route is protected or public
+    const path = req.nextUrl.pathname
+    const isProtectedRoute = protectedRoutes.includes(path)
+    const isPublicRoute = publicRoutes.includes(path)
+
+    // 3. Decrypt the session from the cookie
+    const cookie = cookies().get('session')?.value
+    const session = await decrypt(cookie)
+
+    // 5. Redirect to /login if the user is not authenticated
+    if (isProtectedRoute && !session?.userId) {
+        return NextResponse.redirect(new URL('/login', req.nextUrl))
+    }
+
+    // 6. Redirect to /dashboard if the user is authenticated
+    if (
+        isPublicRoute &&
+        session?.userId &&
+        !req.nextUrl.pathname.startsWith('/timetable')
+    ) {
+        return NextResponse.redirect(new URL('/timetable', req.nextUrl))
+    }
+
+    return NextResponse.next()
+}
+
+// Routes Middleware should not run on
+export const config = {
+    matcher: ['/((?!api|_next/static|_next/image|.*\\.png$).*)'],
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		SESSION_SECRET=97b98665ea4d4672f793b70fed1c71fc23dff48e92fca2137254f9acb259c280