Adds Authenticatio/Authorization

[MGerrior]

I'll try to get some time tomorrow to clean this up a bit, but I believe I covered all he criteria set out in Issue #7 .

All server-side routes (except for /login require authentication) by default. There's an ensureAdmin middleware you can add to routes that require locking down (I added this to the route that allows creating new Matches as suggested by @sharonkass ).

It's a pretty simple username/password authentication powered by passport.js. I added a page in the wiki for creating accounts locally using the node.js console here. You'll also need to generate an application secret, locally it can just be a random string, but probably want something more secure in production. I just took a random 256bit key from random keygen.

With regards to Client Side, again all routes except for /login are protected using the new ProtectedRoute component that will only allow access to the route if the user is logged in. There's also an AdminRoute again used to protect /matches/new on the client side.

In the MatchReportList you can see an example of some authentication, checking if the user is an admin before rendering the New button. I'm sure this is something we can clean up moving forward somehow.

This is my first time using React Hooks/Contexts and what not, so feel free to provide any suggestions regarding the overall architecture/solution.

I actually also have been doing this all locally, need to get Heroku set up unless someone is brave enough to check this out and try it :P

[sharonkass]

@MGerrior : When I try 'npm install' I get some errors:

node-pre-gyp WARN Using needle for node-pre-gyp https download
node-pre-gyp WARN Tried to download(404): https://github.com/ranisalt/node-argon2/releases/download/v0.25.1/argon2-v0.25.1-node-v72-darwin-x64-unknown.tar.gz
node-pre-gyp WARN Pre-built binaries not found for argon2@0.25.1 and node@12.14.0 (node-v72 ABI, unknown) (falling back to source compile with node-gyp)
No receipt for 'com.apple.pkg.CLTools_Executables' found at '/'.

No receipt for 'com.apple.pkg.DeveloperToolsCLILeo' found at '/'.

No receipt for 'com.apple.pkg.DeveloperToolsCLI' found at '/'.

gyp: No Xcode or CLT version detected!
gyp ERR! configure error
gyp ERR! stack Error: gyp failed with exit code: 1
gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
gyp ERR! stack at ChildProcess.emit (events.js:210:5)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Darwin 19.3.0
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "configure" "--fallback-to-build" "--module=/Users/sharon/RoboTigers/FRCScout2020/node_modules/argon2/lib/binding/argon2.node" "--module_name=argon2" "--module_path=/Users/sharon/RoboTigers/FRCScout2020/node_modules/argon2/lib/binding" "--napi_version=5" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v72"
gyp ERR! cwd /Users/sharon/RoboTigers/FRCScout2020/node_modules/argon2
gyp ERR! node -v v12.14.0
gyp ERR! node-gyp -v v5.0.5
gyp ERR! not ok
node-pre-gyp ERR! build error
node-pre-gyp ERR! stack Error: Failed to execute '/usr/local/bin/node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --module=/Users/sharon/RoboTigers/FRCScout2020/node_modules/argon2/lib/binding/argon2.node --module_name=argon2 --module_path=/Users/sharon/RoboTigers/FRCScout2020/node_modules/argon2/lib/binding --napi_version=5 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v72' (1)
node-pre-gyp ERR! stack at ChildProcess. (/Users/sharon/RoboTigers/FRCScout2020/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
node-pre-gyp ERR! stack at ChildProcess.emit (events.js:210:5)
node-pre-gyp ERR! stack at maybeClose (internal/child_process.js:1021:16)
node-pre-gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
node-pre-gyp ERR! System Darwin 19.3.0

I don't have full XCode on my Macbook anymore (no room for it).. I'll google this after my FLL session today but if you have any tips please let me know.

[DanielLaszczych]

I got it working on my Heroku app. I think I was getting a similar issue and I had to install Visual Studio to fix it. Also, I really like that there are admin and scout roles, its something we wanted but we weren't sure if we would have time to do. But thanks for designing a really nice system Matt. The only thing I would change is removing the admin requirement for creating a new match. The idea we had in mind is for scouts to be able to create new matches but only admins are able to edit matches after they are submitted. Basically a scouter will create a match, submit it, and then that match will appear in a table for admins to edit if need be. I can fix this issue, the most important thing is that the system is up and running. Thanks again Matt!

[DanielLaszczych]

I found a bug that doesn't happen locally but does on Heroku. Basically when you go to the login page and then you reload (reload as in F5) a different screen shows up, seems like a screen related to the backend. Then when you log in with a valid user on this screen it shows a JSON of the username and role. And when you log in with an invalid user it shows 'unauthorized'. Here are some screenshots:

Then I reload:

If valid:

If invalid:

Basically, it seems like it's only showing the backend. Here are some logs that may or may not help:

You can reproduce the bug https://daniel-scout-2020.herokuapp.com/
I made an account with the username: Matt and password: password if you want to test things out.

[sharonkass]

@MGerrior - Thanks for helping me at lunch today find the answer: nodejs/node-gyp#1917:

sudo npm explore npm -g -- npm install node-gyp@latest

sudo npm explore npm -g -- npm explore npm-lifecycle -- npm install node-gyp@latest

npm install --verbose

Worked like a charm!