workadventure/pusher/src/Controller/AuthenticateController.ts

import { v4 } from "uuid";
import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
import { BaseController } from "./BaseController";
import { adminApi } from "../Services/AdminApi";
import { jwtTokenManager } from "../Services/JWTTokenManager";
import { parse } from "query-string";

export interface TokenInterface {
    userUuid: string;
}

export class AuthenticateController extends BaseController {
    constructor(private App: TemplatedApp) {
        super();
        this.register();
        this.verify();
        this.anonymLogin();
    }

    //Try to login with an admin token
    private register() {
        this.App.options("/register", (res: HttpResponse, req: HttpRequest) => {
            this.addCorsHeaders(res);

            res.end();
        });

        this.App.post("/register", (res: HttpResponse, req: HttpRequest) => {
            (async () => {
                res.onAborted(() => {
                    console.warn("Login request was aborted");
                });
                const param = await res.json();

                //todo: what to do if the organizationMemberToken is already used?
                const organizationMemberToken: string | null = param.organizationMemberToken;

                try {
                    if (typeof organizationMemberToken != "string") throw new Error("No organization token");
                    const data = await adminApi.fetchMemberDataByToken(organizationMemberToken);
                    const userUuid = data.userUuid;
                    const roomUrl = data.roomUrl;
                    const mapUrlStart = data.mapUrlStart;
                    const textures = data.textures;

                    const authToken = jwtTokenManager.createJWTToken(userUuid);
                    res.writeStatus("200 OK");
                    this.addCorsHeaders(res);
                    res.end(
                        JSON.stringify({
                            authToken,
                            userUuid,
                            roomUrl,
                            mapUrlStart,
                            organizationMemberToken,
                            textures,
                        })
                    );
                } catch (e) {
                    this.errorToResponse(e, res);
                }
            })();
        });
    }

    private verify() {
        this.App.options("/verify", (res: HttpResponse, req: HttpRequest) => {
            this.addCorsHeaders(res);

            res.end();
        });

        this.App.get("/verify", (res: HttpResponse, req: HttpRequest) => {
            (async () => {
                const query = parse(req.getQuery());

                res.onAborted(() => {
                    console.warn("verify request was aborted");
                });

                try {
                    await jwtTokenManager.getUserUuidFromToken(query.token as string);
                } catch (e) {
                    res.writeStatus("400 Bad Request");
                    this.addCorsHeaders(res);
                    res.end(
                        JSON.stringify({
                            success: false,
                            message: "Invalid JWT token",
                        })
                    );
                    return;
                }
                res.writeStatus("200 OK");
                this.addCorsHeaders(res);
                res.end(
                    JSON.stringify({
                        success: true,
                    })
                );
            })();
        });
    }

    //permit to login on application. Return token to connect on Websocket IO.
    private anonymLogin() {
        this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
            this.addCorsHeaders(res);
            res.end();
        });

        this.App.post("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
            res.onAborted(() => {
                console.warn("Login request was aborted");
            });

            const userUuid = v4();
            const authToken = jwtTokenManager.createJWTToken(userUuid);
            res.writeStatus("200 OK");
            this.addCorsHeaders(res);
            res.end(
                JSON.stringify({
                    authToken,
                    userUuid,
                })
            );
        });
    }
}
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`import { v4 } from "uuid";`
			`import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";`
			`import { BaseController } from "./BaseController";`
			`import { adminApi } from "../Services/AdminApi";`
			`import { jwtTokenManager } from "../Services/JWTTokenManager";`
			`import { parse } from "query-string";`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00
			`export interface TokenInterface {`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`userUuid: string;`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`}`

			`export class AuthenticateController extends BaseController {`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`constructor(private App: TemplatedApp) {`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`super();`
			`this.register();`
			`this.verify();`
			`this.anonymLogin();`
			`}`

			`//Try to login with an admin token`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`private register() {`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`this.App.options("/register", (res: HttpResponse, req: HttpRequest) => {`
			`this.addCorsHeaders(res);`

			`res.end();`
			`});`

			`this.App.post("/register", (res: HttpResponse, req: HttpRequest) => {`
			`(async () => {`
			`res.onAborted(() => {`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`console.warn("Login request was aborted");`
			`});`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`const param = await res.json();`

			`//todo: what to do if the organizationMemberToken is already used?`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`const organizationMemberToken: string \| null = param.organizationMemberToken;`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00
			`try {`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`if (typeof organizationMemberToken != "string") throw new Error("No organization token");`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`const data = await adminApi.fetchMemberDataByToken(organizationMemberToken);`
			`const userUuid = data.userUuid;`
Migrating away from the notion of public/private URL in WorkAdventure Github repository The notion of public/private repositories (with /_/ and /@/ URLs) is specific to the SAAS version of WorkAdventure. It would be better to avoid leaking the organization/world/room structure of the private SAAS URLs inside the WorkAdventure Github project. Rather than sending http://admin_host/api/map?organizationSlug=...&worldSlug=...&roomSlug=...., we are now sending /api/map&playUri=... where playUri is the full URL of the current game. This allows the backend to act as a complete router. The front (and the pusher) will be able to completely ignore the specifics of URL building (with /@/ and /_/ URLs, etc...) Those details will live only in the admin server, which is way cleaner (and way more powerful). 2021-07-13 19:09:07 +02:00			`const roomUrl = data.roomUrl;`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`const mapUrlStart = data.mapUrlStart;`
			`const textures = data.textures;`

			`const authToken = jwtTokenManager.createJWTToken(userUuid);`
			`res.writeStatus("200 OK");`
			`this.addCorsHeaders(res);`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`res.end(`
			`JSON.stringify({`
			`authToken,`
			`userUuid,`
Migrating away from the notion of public/private URL in WorkAdventure Github repository The notion of public/private repositories (with /_/ and /@/ URLs) is specific to the SAAS version of WorkAdventure. It would be better to avoid leaking the organization/world/room structure of the private SAAS URLs inside the WorkAdventure Github project. Rather than sending http://admin_host/api/map?organizationSlug=...&worldSlug=...&roomSlug=...., we are now sending /api/map&playUri=... where playUri is the full URL of the current game. This allows the backend to act as a complete router. The front (and the pusher) will be able to completely ignore the specifics of URL building (with /@/ and /_/ URLs, etc...) Those details will live only in the admin server, which is way cleaner (and way more powerful). 2021-07-13 19:09:07 +02:00			`roomUrl,`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`mapUrlStart,`
			`organizationMemberToken,`
			`textures,`
			`})`
			`);`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`} catch (e) {`
Correctly forwarding HTTP error status code from admin to front 2021-01-17 20:42:33 +01:00			`this.errorToResponse(e, res);`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`}`
			`})();`
			`});`
			`}`

Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`private verify() {`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`this.App.options("/verify", (res: HttpResponse, req: HttpRequest) => {`
			`this.addCorsHeaders(res);`

			`res.end();`
			`});`

			`this.App.get("/verify", (res: HttpResponse, req: HttpRequest) => {`
			`(async () => {`
			`const query = parse(req.getQuery());`

			`res.onAborted(() => {`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`console.warn("verify request was aborted");`
			`});`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00
			`try {`
			`await jwtTokenManager.getUserUuidFromToken(query.token as string);`
			`} catch (e) {`
			`res.writeStatus("400 Bad Request");`
			`this.addCorsHeaders(res);`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`res.end(`
			`JSON.stringify({`
			`success: false,`
			`message: "Invalid JWT token",`
			`})`
			`);`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`return;`
			`}`
			`res.writeStatus("200 OK");`
			`this.addCorsHeaders(res);`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`res.end(`
			`JSON.stringify({`
			`success: true,`
			`})`
			`);`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`})();`
			`});`
			`}`

			`//permit to login on application. Return token to connect on Websocket IO.`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`private anonymLogin() {`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {`
			`this.addCorsHeaders(res);`
			`res.end();`
			`});`

Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`this.App.post("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`res.onAborted(() => {`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`console.warn("Login request was aborted");`
			`});`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00
			`const userUuid = v4();`
			`const authToken = jwtTokenManager.createJWTToken(userUuid);`
			`res.writeStatus("200 OK");`
			`this.addCorsHeaders(res);`
Applying Prettier on pusher and back 2021-06-24 10:09:10 +02:00			`res.end(`
			`JSON.stringify({`
			`authToken,`
			`userUuid,`
			`})`
			`);`
Adding a Pusher container as a middleware/dispatcher between front and back 2020-11-13 18:00:22 +01:00			`});`
			`}`
			`}`