Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature : Added server side verification for all routes . #3491

Open
wants to merge 13 commits into
base: develop
Choose a base branch
from
Open

Feature : Added server side verification for all routes . #3491

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
cc9019d
added securitty for routing from server side
PurnenduMIshra129th Jan 30, 2025
5a412bd
Merge branch 'develop' of https://github.com/PalisadoesFoundation/tal…
PurnenduMIshra129th Feb 1, 2025
6a38bc3
fixed test cases fail for Routing
PurnenduMIshra129th Feb 1, 2025
23ebe30
taken suggestion from ai
PurnenduMIshra129th Feb 1, 2025
d0ecb55
Update src/components/SecuredRoute/SecuredRoute.tsx
PurnenduMIshra129th Feb 1, 2025
3cc411d
Update src/components/SecuredRoute/SecuredRoute.tsx
PurnenduMIshra129th Feb 1, 2025
3cb3f1f
taken suggestion from ai
PurnenduMIshra129th Feb 1, 2025
603ba56
added signOut button on PageNotFound page and fixed App.spec.tsx fail…
PurnenduMIshra129th Feb 2, 2025
43385aa
added condition in secureRouteForUser such that if the admin or super…
PurnenduMIshra129th Feb 2, 2025
b122947
modify App.spec.tsx
PurnenduMIshra129th Feb 3, 2025
e4e3401
test cases
PurnenduMIshra129th Feb 3, 2025
98ca3b9
taken suggestion from ai and fixed test cases
PurnenduMIshra129th Feb 4, 2025
7c92f64
Update src/components/UserPortal/SecuredRouteForUser/SecuredRouteForU…
PurnenduMIshra129th Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions docs/docs/auto-docs/GraphQl/Queries/Queries/variables/VERIFY_ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
[Admin Docs](/)

***

# Variable: VERIFY\_ROLE

> `const` **VERIFY\_ROLE**: `DocumentNode`

Defined in: [src/GraphQl/Queries/Queries.ts:867](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/GraphQl/Queries/Queries.ts#L867)
2 changes: 1 addition & 1 deletion docs/docs/auto-docs/components/SecuredRoute/SecuredRoute/functions/default.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

> **default**(): `Element`

Defined in: [src/components/SecuredRoute/SecuredRoute.tsx:16](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/SecuredRoute/SecuredRoute.tsx#L16)
Defined in: [src/components/SecuredRoute/SecuredRoute.tsx:18](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/SecuredRoute/SecuredRoute.tsx#L18)

A route guard that checks if the user is logged in and has the necessary permissions.

Expand Down
2 changes: 1 addition & 1 deletion ...ponents/UserPortal/SecuredRouteForUser/SecuredRouteForUser/functions/default.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

> **default**(): `Element`

Defined in: [src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx:14](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L14)
Defined in: [src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx:16](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L16)

A component that guards routes by checking if the user is logged in.
If the user is logged in and does not have 'AdminFor' set, the child routes are rendered.
Expand Down
8 changes: 8 additions & 0 deletions src/GraphQl/Queries/Queries.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -864,6 +864,14 @@ export const GET_COMMUNITY_SESSION_TIMEOUT_DATA = gql`
}
}
`;
export const VERIFY_ROLE = gql`
query verifyRole {
verifyRole {
isAuthorized
role
}
}
`;

// get the list of Action Item Categories
export { ACTION_ITEM_CATEGORY_LIST } from './ActionItemCategoryQueries';
Expand Down
46 changes: 37 additions & 9 deletions src/components/SecuredRoute/SecuredRoute.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import React from 'react';
import { useQuery } from '@apollo/client';
import { VERIFY_ROLE } from 'GraphQl/Queries/Queries';
import React, { useEffect } from 'react';
import { Navigate, Outlet } from 'react-router-dom';
import { toast } from 'react-toastify';
import PageNotFound from 'screens/PageNotFound/PageNotFound';
Expand All @@ -14,14 +16,40 @@ const { getItem, setItem } = useLocalStorage();
* @returns The JSX element representing the secured route.
*/
const SecuredRoute = (): JSX.Element => {
const isLoggedIn = getItem('IsLoggedIn');
const adminFor = getItem('AdminFor');

return isLoggedIn === 'TRUE' ? (
<>{adminFor != null ? <Outlet /> : <PageNotFound />}</>
) : (
<Navigate to="/" replace />
);
const { data, loading, error, refetch } = useQuery(VERIFY_ROLE, {
context: {
headers: {
Authorization: `Bearer ${getItem('token')}`,
},
},
});
useEffect(() => {
PurnenduMIshra129th marked this conversation as resolved.
Show resolved Hide resolved
refetch(); // Refetch when token updates
}, [getItem('token')]);

PurnenduMIshra129th marked this conversation as resolved.
Show resolved Hide resolved
if (loading) {
return <div> Loading.....</div>;
} else if (error) {
return <div>Error During Routing ...</div>;
} else {
const isLoggedIn = data.verifyRole.isAuthorized;
const role = data.verifyRole.role;
const restrictedRoutesForAdmin = ['/member', '/users', '/communityProfile'];
if (isLoggedIn) {
if (role == 'superAdmin') {
return <Outlet />;
} else if (role == 'admin') {
if (restrictedRoutesForAdmin.includes(location.pathname)) {
return <PageNotFound />;
}
return <Outlet />;
} else {
return <PageNotFound />;
}
} else {
return <Navigate to="/" replace />;
}
}
};
PurnenduMIshra129th marked this conversation as resolved.
Show resolved Hide resolved
PurnenduMIshra129th marked this conversation as resolved.
Show resolved Hide resolved

// Time constants for session timeout and inactivity interval
Expand Down
41 changes: 30 additions & 11 deletions src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import React from 'react';
import { useQuery } from '@apollo/client';
import { VERIFY_ROLE } from 'GraphQl/Queries/Queries';
import React, { useEffect } from 'react';
import { Navigate, Outlet } from 'react-router-dom';
import PageNotFound from 'screens/PageNotFound/PageNotFound';
import useLocalStorage from 'utils/useLocalstorage';
Expand All @@ -14,17 +16,34 @@
const SecuredRouteForUser = (): JSX.Element => {
// Custom hook to interact with local storage
const { getItem } = useLocalStorage();
const { data, loading, error, refetch } = useQuery(VERIFY_ROLE, {

Check warning on line 19 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L19 

Added line #L19 was not covered by tests
context: {
headers: {

Check failure on line 21 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View workflow job for this annotation

GitHub Actions / Test Application

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.spec.tsx > SecuredRouteForUser > renders the route when the user is logged in 

Invariant Violation: An error occurred! For more details, see the full error text at https://go.apollo.dev/c/err#%7B%22version%22%3A%223.11.8%22%2C%22message%22%3A50%2C%22args%22%3A%5B%5D%7D
 ❯ new InvariantError node_modules/ts-invariant/lib/invariant.js:11:28
 ❯ Object.originalInvariant [as invariant] node_modules/ts-invariant/lib/invariant.js:24:15
 ❯ Object.invariant node_modules/@apollo/client/utilities/globals/invariantWrappers.js:28:9
 ❯ useApolloClient node_modules/@apollo/client/react/hooks/useApolloClient.js:22:5
 ❯ Proxy.useQuery node_modules/@apollo/client/react/hooks/useQuery.js:72:44
 ❯ SecuredRouteForUser src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx:21:16
 ❯ renderWithHooks node_modules/react-dom/cjs/react-dom.development.js:15486:18
 ❯ mountIndeterminateComponent node_modules/react-dom/cjs/react-dom.development.js:20103:13
 ❯ beginWork node_modules/react-dom/cjs/react-dom.development.js:21626:16
 ❯ beginWork$1 node_modules/react-dom/cjs/react-dom.development.js:27465:14

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
Serialized Error: { framesToPop: 1 }

Check failure on line 21 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View workflow job for this annotation

GitHub Actions / Test Application

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.spec.tsx > SecuredRouteForUser > redirects to /user when the user is not logged in 

Invariant Violation: An error occurred! For more details, see the full error text at https://go.apollo.dev/c/err#%7B%22version%22%3A%223.11.8%22%2C%22message%22%3A50%2C%22args%22%3A%5B%5D%7D
 ❯ new InvariantError node_modules/ts-invariant/lib/invariant.js:11:28
 ❯ Object.originalInvariant [as invariant] node_modules/ts-invariant/lib/invariant.js:24:15
 ❯ Object.invariant node_modules/@apollo/client/utilities/globals/invariantWrappers.js:28:9
 ❯ useApolloClient node_modules/@apollo/client/react/hooks/useApolloClient.js:22:5
 ❯ Proxy.useQuery node_modules/@apollo/client/react/hooks/useQuery.js:72:44
 ❯ SecuredRouteForUser src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx:21:16
 ❯ renderWithHooks node_modules/react-dom/cjs/react-dom.development.js:15486:18
 ❯ mountIndeterminateComponent node_modules/react-dom/cjs/react-dom.development.js:20103:13
 ❯ beginWork node_modules/react-dom/cjs/react-dom.development.js:21626:16
 ❯ beginWork$1 node_modules/react-dom/cjs/react-dom.development.js:27465:14

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
Serialized Error: { framesToPop: 1 }
Authorization: `Bearer ${getItem('token')}`,
},
},
});
PurnenduMIshra129th marked this conversation as resolved.
Show resolved Hide resolved
useEffect(() => {
refetch(); // Refetch when token updates

Check warning on line 27 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L26-L27 

Added lines #L26 - L27 were not covered by tests
}, [getItem('token')]);
PurnenduMIshra129th marked this conversation as resolved.
Show resolved Hide resolved

// Check if the user is logged in and the role of the user
const isLoggedIn = getItem('IsLoggedIn');
const adminFor = getItem('AdminFor');

// Conditional rendering based on authentication status and role
return isLoggedIn === 'TRUE' ? (
<>{adminFor == undefined ? <Outlet /> : <PageNotFound />}</>
) : (
<Navigate to="/" replace />
);
if (loading) {
return <div> Loading.....</div>;

Check warning on line 31 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L31 

Added line #L31 was not covered by tests
} else if (error) {
return <div>Error During Routing ...</div>;

Check warning on line 33 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L33 

Added line #L33 was not covered by tests
} else {
const isLoggedIn = data.verifyRole.isAuthorized;
const role = data.verifyRole.role;

Check warning on line 36 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L35-L36 

Added lines #L35 - L36 were not covered by tests
if (isLoggedIn) {
if (role == 'user') {
return <Outlet />;

Check warning on line 39 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L39 

Added line #L39 was not covered by tests
} else {
return <PageNotFound />;

Check warning on line 41 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L41 

Added line #L41 was not covered by tests
}
} else {
return <Navigate to="/" replace />;

Check warning on line 44 in src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

View check run for this annotation

Codecov / codecov/patch

src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L44 

Added line #L44 was not covered by tests
}
}
};

export default SecuredRouteForUser;
Loading