Merge branch 'dev' of https://git.phc.dm.unipi.it/phc/problemi into dev

client/hooks.tsx

@@ -1,8 +1,7 @@
-import { StateUpdater, useContext, useEffect, useState } from 'preact/hooks'
+import { StateUpdater, useEffect, useState } from 'preact/hooks'
 
 import { createContext } from 'preact'
-import { prependBaseUrl, server } from './api'
+import { prependBaseUrl} from './api'
-import { User } from '../shared/model'
 
 type Metadata = {
     title?: string

package.json

@@ -25,6 +25,7 @@
         "http-status-codes": "^2.2.0",
         "katex": "^0.16.3",
         "morgan": "^1.10.0",
+        "node-fetch": "^3.3.0",
         "preact": "^10.11.2",
         "preact-render-to-string": "^5.2.6",
         "preact-router": "^4.1.0",
@@ -34,6 +35,7 @@
         "remark-parse": "^10.0.1",
         "remark-rehype": "^10.1.0",
         "sass": "^1.55.0",
+        "simple-oauth2": "^5.0.0",
         "unified": "^10.1.2",
         "url-pattern": "^1.0.3",
         "vite": "^3.2.2"
@@ -43,6 +45,7 @@
         "@types/express": "^4.17.14",
         "@types/morgan": "^1.9.3",
         "@types/node": "^18.11.9",
+        "@types/simple-oauth2": "^4.1.1",
         "concurrently": "^7.5.0",
         "esbuild": "^0.15.13",
         "npm-run-all": "^4.1.5",

pnpm-lock.yaml

@@ -7,6 +7,7 @@ specifiers:
   '@types/express': ^4.17.14
   '@types/morgan': ^1.9.3
   '@types/node': ^18.11.9
+  '@types/simple-oauth2': ^4.1.1
   body-parser: ^1.20.1
   chalk: ^5.1.2
   concurrently: ^7.5.0
@@ -17,6 +18,7 @@ specifiers:
   http-status-codes: ^2.2.0
   katex: ^0.16.3
   morgan: ^1.10.0
+  node-fetch: ^3.3.0
   npm-run-all: ^4.1.5
   preact: ^10.11.2
   preact-render-to-string: ^5.2.6
@@ -27,6 +29,7 @@ specifiers:
   remark-parse: ^10.0.1
   remark-rehype: ^10.1.0
   sass: ^1.55.0
+  simple-oauth2: ^5.0.0
   ts-node: ^10.9.1
   typescript: ^4.8.4
   unified: ^10.1.2
@@ -44,6 +47,7 @@ dependencies:
   http-status-codes: 2.2.0
   katex: 0.16.3
   morgan: 1.10.0
+  node-fetch: 3.3.0
   preact: 10.11.2
   preact-render-to-string: 5.2.6_preact@10.11.2
   preact-router: 4.1.0_preact@10.11.2
@@ -53,6 +57,7 @@ dependencies:
   remark-parse: 10.0.1
   remark-rehype: 10.1.0
   sass: 1.56.0
+  simple-oauth2: 5.0.0
   unified: 10.1.2
   url-pattern: 1.0.3
   vite: 3.2.2_sass@1.56.0
@@ -62,6 +67,7 @@ devDependencies:
   '@types/express': 4.17.14
   '@types/morgan': 1.9.3
   '@types/node': 18.11.9
+  '@types/simple-oauth2': 4.1.1
   concurrently: 7.5.0
   esbuild: 0.15.13
   npm-run-all: 4.1.5
@@ -337,6 +343,38 @@ packages:
     requiresBuild: true
     optional: true
 
+  /@hapi/boom/10.0.0:
+    resolution: {integrity: sha512-1YVs9tLHhypBqqinKQRqh7FUERIolarQApO37OWkzD+z6y6USi871Sv746zBPKcIOBuI6g6y4FrwX87mmJ90Gg==}
+    dependencies:
+      '@hapi/hoek': 10.0.1
+    dev: false
+
+  /@hapi/bourne/3.0.0:
+    resolution: {integrity: sha512-Waj1cwPXJDucOib4a3bAISsKJVb15MKi9IvmTI/7ssVEm6sywXGjVJDhl6/umt1pK1ZS7PacXU3A1PmFKHEZ2w==}
+    dev: false
+
+  /@hapi/hoek/10.0.1:
+    resolution: {integrity: sha512-CvlW7jmOhWzuqOqiJQ3rQVLMcREh0eel4IBnxDx2FAcK8g7qoJRQK4L1CPBASoCY6y8e6zuCy3f2g+HWdkzcMw==}
+    dev: false
+
+  /@hapi/hoek/9.3.0:
+    resolution: {integrity: sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==}
+    dev: false
+
+  /@hapi/topo/5.1.0:
+    resolution: {integrity: sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==}
+    dependencies:
+      '@hapi/hoek': 9.3.0
+    dev: false
+
+  /@hapi/wreck/18.0.0:
+    resolution: {integrity: sha512-Yk9STxoM06Hjjq58cH0KFG91u9F2h9eVE72o8vUr3AfK80qt7I2POG5+cDGTEntbnvvzm0ERow2sjG3QsqCWUA==}
+    dependencies:
+      '@hapi/boom': 10.0.0
+      '@hapi/bourne': 3.0.0
+      '@hapi/hoek': 10.0.1
+    dev: false
+
   /@jridgewell/gen-mapping/0.1.1:
     resolution: {integrity: sha512-sQXCasFk+U8lWYEe66WxRDOE9PjVz4vSM51fTu3Hw+ClTpUSQb718772vH3pyS5pShp6lvQM7SxgIDXXXmOX7w==}
     engines: {node: '>=6.0.0'}
@@ -454,6 +492,20 @@ packages:
       picomatch: 2.3.1
     dev: false
 
+  /@sideway/address/4.1.4:
+    resolution: {integrity: sha512-7vwq+rOHVWjyXxVlR76Agnvhy8I9rpzjosTESvmhNeXOXdZZB15Fl+TI9x1SiHZH5Jv2wTGduSxFDIaq0m3DUw==}
+    dependencies:
+      '@hapi/hoek': 9.3.0
+    dev: false
+
+  /@sideway/formula/3.0.1:
+    resolution: {integrity: sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==}
+    dev: false
+
+  /@sideway/pinpoint/2.0.0:
+    resolution: {integrity: sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==}
+    dev: false
+
   /@tsconfig/node10/1.0.9:
     resolution: {integrity: sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==}
     dev: true
@@ -565,6 +617,10 @@ packages:
       '@types/node': 18.11.9
     dev: true
 
+  /@types/simple-oauth2/4.1.1:
+    resolution: {integrity: sha512-8jqhfUFb0FoCl2Od4czprB7ubM8/Fuo3tg+vQZ00zYtPcNLogGyDgm2DVfVvD3NYXK7AscKOXSaW33NHUWpNBg==}
+    dev: true
+
   /@types/unist/2.0.6:
     resolution: {integrity: sha512-PBjIUxZHOuj0R15/xuwJYjFi+KZdNFrehocChv4g5hu6aFroHue8m0lBP0POdK2nKzbw0cgV1mws8+V/JAcEkQ==}
     dev: false
@@ -870,6 +926,11 @@ packages:
       which: 1.3.1
     dev: true
 
+  /data-uri-to-buffer/4.0.0:
+    resolution: {integrity: sha512-Vr3mLBA8qWmcuschSLAOogKgQ/Jwxulv3RNE4FXnYWRGujzrRWQI4m12fQqRkwX06C0KanhLr4hK+GydchZsaA==}
+    engines: {node: '>= 12'}
+    dev: false
+
   /date-fns/2.29.3:
     resolution: {integrity: sha512-dDCnyH2WnnKusqvZZ6+jA1O51Ibt8ZMRNkDZdyAyK4YfbDwa/cEmuztzG5pk6hqlp9aSBPYcjOlktquahGwGeA==}
     engines: {node: '>=0.11'}
@@ -1257,6 +1318,14 @@ packages:
     resolution: {integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==}
     dev: false
 
+  /fetch-blob/3.2.0:
+    resolution: {integrity: sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==}
+    engines: {node: ^12.20 || >= 14.13}
+    dependencies:
+      node-domexception: 1.0.0
+      web-streams-polyfill: 3.2.1
+    dev: false
+
   /fill-range/7.0.1:
     resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==}
     engines: {node: '>=8'}
@@ -1279,6 +1348,13 @@ packages:
       - supports-color
     dev: false
 
+  /formdata-polyfill/4.0.10:
+    resolution: {integrity: sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==}
+    engines: {node: '>=12.20.0'}
+    dependencies:
+      fetch-blob: 3.2.0
+    dev: false
+
   /forwarded/0.2.0:
     resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==}
     engines: {node: '>= 0.6'}
@@ -1630,6 +1706,16 @@ packages:
     resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
     dev: true
 
+  /joi/17.7.0:
+    resolution: {integrity: sha512-1/ugc8djfn93rTE3WRKdCzGGt/EtiYKxITMO4Wiv6q5JL1gl9ePt4kBsl1S499nbosspfctIQTpYIhSmHA3WAg==}
+    dependencies:
+      '@hapi/hoek': 9.3.0
+      '@hapi/topo': 5.1.0
+      '@sideway/address': 4.1.4
+      '@sideway/formula': 3.0.1
+      '@sideway/pinpoint': 2.0.0
+    dev: false
+
   /js-tokens/4.0.0:
     resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
     dev: false
@@ -2043,6 +2129,20 @@ packages:
     resolution: {integrity: sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==}
     dev: true
 
+  /node-domexception/1.0.0:
+    resolution: {integrity: sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==}
+    engines: {node: '>=10.5.0'}
+    dev: false
+
+  /node-fetch/3.3.0:
+    resolution: {integrity: sha512-BKwRP/O0UvoMKp7GNdwPlObhYGB5DQqwhEDQlNKuoqwVYSxkSZCSbHjnFFmUEtwSKRPU4kNK8PbDYYitwaE3QA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+    dependencies:
+      data-uri-to-buffer: 4.0.0
+      fetch-blob: 3.2.0
+      formdata-polyfill: 4.0.10
+    dev: false
+
   /node-releases/2.0.6:
     resolution: {integrity: sha512-PiVXnNuFm5+iYkLBNeq5211hvO38y63T0i2KKh2KnUs3RpzJ+JtODFjkD8yjLwnDkTYF1eKXheUwdssR+NRZdg==}
     dev: false
@@ -2455,6 +2555,17 @@ packages:
       get-intrinsic: 1.1.3
       object-inspect: 1.12.2
 
+  /simple-oauth2/5.0.0:
+    resolution: {integrity: sha512-8291lo/z5ZdpmiOFzOs1kF3cxn22bMj5FFH+DNUppLJrpoIlM1QnFiE7KpshHu3J3i21TVcx4yW+gXYjdCKDLQ==}
+    dependencies:
+      '@hapi/hoek': 10.0.1
+      '@hapi/wreck': 18.0.0
+      debug: 4.3.4
+      joi: 17.7.0
+    transitivePeerDependencies:
+      - supports-color
+    dev: false
+
   /source-map-js/1.0.2:
     resolution: {integrity: sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==}
     engines: {node: '>=0.10.0'}
@@ -2838,6 +2949,11 @@ packages:
     resolution: {integrity: sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ==}
     dev: false
 
+  /web-streams-polyfill/3.2.1:
+    resolution: {integrity: sha512-e0MO3wdXWKrLbL0DgGnUV7WHVuw9OUvL4hjgnPkIeEvESk74gAITi5G606JtZPp39cd8HA9VQzCIvA49LpPN5Q==}
+    engines: {node: '>= 8'}
+    dev: false
+
   /which-boxed-primitive/1.0.2:
     resolution: {integrity: sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==}
     dependencies:

server/auth.ts

@@ -0,0 +1,63 @@
+import { Router } from 'express';
+import { AuthorizationCode } from 'simple-oauth2'
+import fetch from 'node-fetch'
+
+export function setupOauth(r: Router) {
+    const config = {
+        client: {
+            id: process.env.OAUTH_CLIENT_ID ?? '',
+            secret: process.env.OAUTH_CLIENT_SECRET ?? '',
+        },
+        auth: {
+            authorizePath: process.env.OAUTH_AUTH_URL ?? '',
+            tokenHost: process.env.OAUTH_TOKEN_HOST ?? '',
+            tokenPath: process.env.OAUTH_TOKEN_PATH ?? ''
+        },
+    };
+
+    const conf = {
+        redirect_uri: process.env.OAUTH_REDIRECT_URL ?? '',
+        scope: process.env.OAUTH_SCOPES ?? '',
+    }
+
+    const client = new AuthorizationCode(config);
+
+    const authorizationUri = client.authorizeURL({
+        redirect_uri: conf.redirect_uri,
+        scope: conf.scope,
+        state: ''
+    });
+
+    r.get('/redirect', (req, res) => {
+        res.redirect(authorizationUri);
+    });
+
+    // Callback service parsing the authorization token and asking for the access token
+    r.get('/callback', async (req, res) => {
+        const code = req.query.code as string;
+
+        const options = {
+            code,
+            redirect_uri: conf.redirect_uri
+        };
+
+        try {
+            const accessToken = await client.getToken(options);
+
+            console.log(accessToken.token.access_token)
+
+            const userInfo = await (await fetch(process.env.OAUTH_USER_INFO_URL ?? '', {
+                method: 'GET',
+                headers: {
+                    'Authorization': "Bearer " + accessToken.token.access_token
+                }
+            })).json()
+
+            // TODO: call to db && login
+            return res.status(200).json(userInfo);
+        } catch (error) {
+            console.error('Access Token Error', error.message);
+            return res.status(500).redirect(`/error?message=${encodeURIComponent('Autenticazione fallita')}`);
+        }
+    });
+}

server/routes.ts

@@ -38,6 +38,7 @@ import {
 import { initialDatabaseValue } from './db/example-data'
 
 import { validateObjectKeys } from '../shared/utils'
+import { setupOauth } from './auth'
 
 export async function createApiRouter() {
     type SessionId = Opaque<string, string, 'session'>
@@ -70,6 +71,11 @@ export async function createApiRouter() {
     r.use(bodyParser.json())
     r.use(cookieParser())
 
+    const authRouter: Router = express.Router()
+
+    setupOauth(authRouter)
+    r.use('/auth', authRouter)
+
     r.get('/api/status', (req, res) => {
         res.json({ url: req.originalUrl, status: 'ok' })
     })
@@ -79,7 +85,7 @@ export async function createApiRouter() {
     })
 
     r.post('/api/login', async (req, res) => {
-        const { id } = req.body
+        const { id, name } = req.body
 
         const user = await getUser(db, id)
         if (!user) {
@@ -256,7 +262,7 @@ export async function createApiRouter() {
             solutions = solutions.filter(s => s.sentBy === queryUser)
         }
 
-        if(isPublic) {
+        if (isPublic) {
             solutions = solutions.filter(s => s.visible)
         }