workadventure/back/src/Controller/AuthenticateController.ts

import {Application, Request, Response} from "express";
import Jwt from "jsonwebtoken";
import {OK} from "http-status-codes";
import {ADMIN_API_TOKEN, ADMIN_API_URL, SECRET_KEY, URL_ROOM_STARTED} from "../Enum/EnvironmentVariable"; //TODO fix import by "_Enum/..."
import { uuid } from 'uuidv4';
import Axios from "axios";

export interface TokenInterface {
    name: string,
    userUuid: string
}

export class AuthenticateController {
    App : Application;

    constructor(App : Application) {
        this.App = App;
        this.login();
    }

    //permit to login on application. Return token to connect on Websocket IO.
    login(){
        // For now, let's completely forget the /login route.
        this.App.post("/login", async (req: Request, res: Response) => {
            //todo: what to do if the organizationMemberToken is already used?
            const organizationMemberToken:string|null = req.body.organizationMemberToken;
            
            try {
                let userUuid;
                let mapUrlStart;
                let newUrl = null;
                
                if (organizationMemberToken) {
                    if (!ADMIN_API_URL) {
                        return res.status(401).send('No admin backoffice set!');
                    }
                    //todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case.
                    const response = await Axios.get(ADMIN_API_URL+'/api/login-url/'+organizationMemberToken,
                        { headers: {"Authorization" : `${ADMIN_API_TOKEN}`} }
                    );
                    
                    userUuid = response.data.userUuid;
                    mapUrlStart = response.data.mapUrlStart;
                    newUrl = this.getNewUrlOnAdminAuth(response.data)
                } else {
                    userUuid = uuid();
                    mapUrlStart= URL_ROOM_STARTED;
                    newUrl = null;
                }

                const authToken = Jwt.sign({userUuid: userUuid} as TokenInterface, SECRET_KEY, {expiresIn: '24h'});
                return res.status(OK).send({
                    authToken,
                    userUuid,
                    mapUrlStart,
                    newUrl,
                });
                
            } catch (e) {
                console.log(e.message)
                return res.status(e.status || 500).send('An error happened');
            }

        });
    }
    
    getNewUrlOnAdminAuth(data:any): string {
        const organizationSlug = data.organizationSlug;
        const worldSlug = data.worldSlug;
        const roomSlug = data.roomSlug;
        return '/@/'+organizationSlug+'/'+worldSlug+'/'+roomSlug;
    }
}
Add authenticate - Create new controller authenticate with login root.. - Update and manage error message socket io. - Create enum for environment variables 2020-04-04 17:22:02 +02:00			`import {Application, Request, Response} from "express";`
Refactor & Typo 2020-04-05 14:31:49 +02:00			`import Jwt from "jsonwebtoken";`
rewrote the login workflow 2020-09-25 18:29:22 +02:00			`import {OK} from "http-status-codes";`
			`import {ADMIN_API_TOKEN, ADMIN_API_URL, SECRET_KEY, URL_ROOM_STARTED} from "../Enum/EnvironmentVariable"; //TODO fix import by "_Enum/..."`
Multi players on the map - Fix share user position - Fix initialise map - Create function to add user on the map with back end data 2020-04-10 12:54:05 +02:00			`import { uuid } from 'uuidv4';`
rewrote the login workflow 2020-09-25 18:29:22 +02:00			`import Axios from "axios";`
Add authenticate - Create new controller authenticate with login root.. - Update and manage error message socket io. - Create enum for environment variables 2020-04-04 17:22:02 +02:00
Removing all "any" from back. To do this, I used generic-type-guard package which generates both an interface AND a valid type guard from code. With this, we are 100% sure that the messages we receive are validated at runtime! The client cannot pass us an object that is invalid! \o/ 2020-06-09 23:07:19 +02:00			`export interface TokenInterface {`
			`name: string,`
Migrating userId to "int32" to save some space and adding userMoves message in protobuf 2020-09-18 13:57:38 +02:00			`userUuid: string`
Removing all "any" from back. To do this, I used generic-type-guard package which generates both an interface AND a valid type guard from code. With this, we are 100% sure that the messages we receive are validated at runtime! The client cannot pass us an object that is invalid! \o/ 2020-06-09 23:07:19 +02:00			`}`

Completely getting rid of "userid" Previously, userid was generated by the "/login" route and passed along. This commit completely removes the uuid "userid" (and disables the LoginController too and any Jwt check). "userid" is replaced by the "socket id" of the connection. So a user is now identified using a socket id, which is unique for a given connection. 2020-05-14 23:19:48 +02:00			`export class AuthenticateController {`
Add authenticate - Create new controller authenticate with login root.. - Update and manage error message socket io. - Create enum for environment variables 2020-04-04 17:22:02 +02:00			`App : Application;`

			`constructor(App : Application) {`
			`this.App = App;`
			`this.login();`
			`}`

			`//permit to login on application. Return token to connect on Websocket IO.`
			`login(){`
Completely getting rid of "userid" Previously, userid was generated by the "/login" route and passed along. This commit completely removes the uuid "userid" (and disables the LoginController too and any Jwt check). "userid" is replaced by the "socket id" of the connection. So a user is now identified using a socket id, which is unique for a given connection. 2020-05-14 23:19:48 +02:00			`// For now, let's completely forget the /login route.`
rewrote the login workflow 2020-09-25 18:29:22 +02:00			`this.App.post("/login", async (req: Request, res: Response) => {`
			`//todo: what to do if the organizationMemberToken is already used?`
			`const organizationMemberToken:string\|null = req.body.organizationMemberToken;`

			`try {`
			`let userUuid;`
			`let mapUrlStart;`
			`let newUrl = null;`

			`if (organizationMemberToken) {`
			`if (!ADMIN_API_URL) {`
			`return res.status(401).send('No admin backoffice set!');`
			`}`
			`//todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case.`
			`const response = await Axios.get(ADMIN_API_URL+'/api/login-url/'+organizationMemberToken,`
			{ headers: {"Authorization" : `${ADMIN_API_TOKEN}`} }
			`);`

			`userUuid = response.data.userUuid;`
			`mapUrlStart = response.data.mapUrlStart;`
			`newUrl = this.getNewUrlOnAdminAuth(response.data)`
			`} else {`
			`userUuid = uuid();`
			`mapUrlStart= URL_ROOM_STARTED;`
			`newUrl = null;`
			`}`

			`const authToken = Jwt.sign({userUuid: userUuid} as TokenInterface, SECRET_KEY, {expiresIn: '24h'});`
			`return res.status(OK).send({`
			`authToken,`
			`userUuid,`
			`mapUrlStart,`
			`newUrl,`
Add authenticate - Create new controller authenticate with login root.. - Update and manage error message socket io. - Create enum for environment variables 2020-04-04 17:22:02 +02:00			`});`
rewrote the login workflow 2020-09-25 18:29:22 +02:00
			`} catch (e) {`
			`console.log(e.message)`
			`return res.status(e.status \|\| 500).send('An error happened');`
			`}`

Fix mediam stream manage and server back down 2020-05-23 14:00:36 +02:00			`});`
Add authenticate - Create new controller authenticate with login root.. - Update and manage error message socket io. - Create enum for environment variables 2020-04-04 17:22:02 +02:00			`}`
rewrote the login workflow 2020-09-25 18:29:22 +02:00
			`getNewUrlOnAdminAuth(data:any): string {`
			`const organizationSlug = data.organizationSlug;`
			`const worldSlug = data.worldSlug;`
			`const roomSlug = data.roomSlug;`
			`return '/@/'+organizationSlug+'/'+worldSlug+'/'+roomSlug;`
			`}`
Completely getting rid of "userid" Previously, userid was generated by the "/login" route and passed along. This commit completely removes the uuid "userid" (and disables the LoginController too and any Jwt check). "userid" is replaced by the "socket id" of the connection. So a user is now identified using a socket id, which is unique for a given connection. 2020-05-14 23:19:48 +02:00			`}`