From ceefa23636642c7d1a02e399da6113f55cda35e7 Mon Sep 17 00:00:00 2001
From: Benjamin Kyd <benjaminkyd@gmail.com>
Date: Thu, 7 Apr 2022 19:25:59 +0100
Subject: [PATCH] lol

Former-commit-id: bed8faac58c963971f6069026341e987d305c2ec
---
 client/public/auth.mjs     | 27 ++++++++++++++++++++++----
 package-lock.json          | 13 +++++++++++++
 package.json               |  1 +
 src/routes/api.js          |  2 +-
 src/routes/auth0-router.js | 39 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 77 insertions(+), 5 deletions(-)

diff --git a/client/public/auth.mjs b/client/public/auth.mjs
index 0c44a80..38abd92 100644
--- a/client/public/auth.mjs
+++ b/client/public/auth.mjs
@@ -22,9 +22,9 @@ async function CheckRedirect() {
             window.alert(e.message || 'authentication error, sorry');
             Signout();
         }
-  
+
         // remove the query parameters
-        window.history.replaceState({}, document.title, '/');  
+        window.history.replaceState({}, document.title, '/');
     }
 }
 
@@ -39,12 +39,31 @@ export async function InitAuth0() {
     const isAuthenticated = await auth0.isAuthenticated();
     if (isAuthenticated) {
         const user = await auth0.getUser();
-        console.log(user);
         NotifyNavbar('login', user);
+
+        // tell the server about the logon, so that it can make the proper
+        // entry in the database, if there is for example an address
+        // associated with the user
+        const token = await auth0.getTokenSilently();
+
+        const fetchOptions = {
+            credentials: 'same-origin',
+            method: 'GET',
+            headers: { Authorization: 'Bearer ' + token },
+        };
+        const res = await fetch('/api/auth/login', fetchOptions);
+        if (!res.ok) {
+            throw new Error('failed to login with the server');
+        }
     }
 }
 
-export async function LoginSignup(context) {
+export async function GetToken() {
+    const token = await auth0.getTokenSilently();
+    return token;
+}
+
+export async function LoginSignup() {
     const isAuthenticated = await auth0.isAuthenticated();
     if (isAuthenticated) {
         return;
diff --git a/package-lock.json b/package-lock.json
index 226acbe..7cbb014 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2126,6 +2126,14 @@
         }
       }
     },
+    "express-oauth2-jwt-bearer": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/express-oauth2-jwt-bearer/-/express-oauth2-jwt-bearer-1.1.0.tgz",
+      "integrity": "sha512-T9sSmGftzMACOH1oY2gniHkiJ53dWjPgIUD/CrJDL5Ss5PeX+PAol53upd7eaKLiLn/vp+AMTefxkkDIPEJXBQ==",
+      "requires": {
+        "jose": "^4.3.7"
+      }
+    },
     "ext": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/ext/-/ext-1.6.0.tgz",
@@ -3328,6 +3336,11 @@
         }
       }
     },
+    "jose": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-4.6.0.tgz",
+      "integrity": "sha512-0hNAkhMBNi4soKSAX4zYOFV+aqJlEz/4j4fregvasJzEVtjDChvWqRjPvHwLqr5hx28Ayr6bsOs1Kuj87V0O8w=="
+    },
     "js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
diff --git a/package.json b/package.json
index b63374a..17616d6 100644
--- a/package.json
+++ b/package.json
@@ -31,6 +31,7 @@
     "cli-color": "^2.0.1",
     "dotenv": "^10.0.0",
     "express": "^4.17.2",
+    "express-oauth2-jwt-bearer": "^1.1.0",
     "install": "^0.13.0",
     "jest": "^27.4.5",
     "jsdoc": "^3.6.10",
diff --git a/src/routes/api.js b/src/routes/api.js
index c6dfac8..0038abf 100644
--- a/src/routes/api.js
+++ b/src/routes/api.js
@@ -19,7 +19,7 @@ function Init() {
 
     Server.App.get('/api/cdn/:id/');
 
-    Server.App.put('/api/auth/login/');
+    Server.App.get('/api/auth/login', Auth0.JWTMiddleware, Auth0.LoginCheck);
     Server.App.get('/api/auth/orders/');
     Server.App.get('/api/auth/order/:id/');
 
diff --git a/src/routes/auth0-router.js b/src/routes/auth0-router.js
index e69de29..8a96572 100644
--- a/src/routes/auth0-router.js
+++ b/src/routes/auth0-router.js
@@ -0,0 +1,39 @@
+const OAuth2JWTBearer = require('express-oauth2-jwt-bearer');
+
+const AUTH0CONFIG = {
+    audience: 'localhost:8080/api',
+    domain: 'benkyd.eu.auth0.com',
+};
+
+const JWTChecker = OAuth2JWTBearer.auth({
+    audience: AUTH0CONFIG.audience,
+    issuerBaseURL: `https://${AUTH0CONFIG.domain}`,
+});
+
+const status401Errors = [
+    'UnauthorizedError',
+    'InvalidTokenError',
+];
+
+function JWTMiddleware(req, res, next) {
+    return JWTChecker(req, res, (err) => {
+        if (err && status401Errors.includes(err.name)) {
+            res.sendStatus(401);
+        } else {
+            next(err);
+        }
+    });
+}
+
+function LoginCheck(req, res, next) {
+    if (req.user) {
+        next();
+    } else {
+        res.status(401).send('Unauthorized');
+    }
+}
+
+module.exports = {
+    JWTMiddleware,
+    LoginCheck,
+};