Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: user data server routes #41

Merged
merged 32 commits into from
Aug 18, 2023
Merged

feat: user data server routes #41

merged 32 commits into from
Aug 18, 2023

Conversation

AasmundN
Copy link
Contributor

@AasmundN AasmundN commented Aug 14, 2023
edited
Loading

Changes

  • user server middleware. Fetches the users data from the db and merges it with the decodedToken on the h3 event context. The user generated user object is placed on the event context.
  • Server plugin auth.server.ts to populate authStore on initial server render. Runs after the auth and user server middlewares and only on the initial server render. The plugin has access to both the event context and the nuxtApp instance, which means it can populate the Pinia store. The global auth route middleware has been updated accordingly.
  • Add db export from firebase util.
  • hasAccessLevel server util to check a users accessLevel.

API endoints

POST /api/user endpoint creates or updates a user in the firebase realtime database. A user object in the database has the following format.

{
  accessLevel?: string[]
  studyProgram: string
  updated: number
}

The user entries use the firebase token subject scope decodedToken.sub as their object keys. The currently available accessLevels are 'admin'. A default user has no accesslevel array defined. The updated field holds the date of the last time the user object was updated. The endpoint accepts a request body of the following format.

{
   sub: string
   accessLevel: string[]
   studyProgram: string
}

These specify how the data of the user with uid sub is to be updated. Only admins can update other users than their own.

GET /api/user/ endpoint returns the users data object, stored on the event context (see user middleware). If the query paramter scope is present and has the value 'all', all users will be fetched. Only admins can fetch all users.

DELETE /api/user/ endpoint deletes the users data from the database. The sub field of the request body specifies which user to remove. Only admins can remove other users than their own.

Further work

This PR only adds the endpoints to modify the data in the database. The firebase auth composable needs to be updated to use these endpoints, as well as update the users in firebase auth accordingly.

Resources

  • Firebase admin SDK realtime database reference.

@AasmundN AasmundN added the feature New feature or request label Aug 14, 2023
@AasmundN AasmundN self-assigned this Aug 14, 2023
@AasmundN AasmundN linked an issue Aug 14, 2023 that may be closed by this pull request
Authentication - user data server routes #27
Closed
AasmundN
AasmundN commented Aug 14, 2023
View reviewed changes
plugins/auth.server.ts Outdated Show resolved Hide resolved
@ipeglin ipeglin changed the base branch from main to dev August 15, 2023 14:03
@AasmundN
feat: update auth middleware
5b9b656 
- Populating pinia store server side removes the need for some of the old code.
@AasmundN
feat(middleware): throw error
c3d3cb2
@AasmundN
feat: user middleware
49e3c1f 
- Add user middleware to fetch user data from db.
- Update other parts of the code accordingly.
@AasmundN
feat: update user data types
7873ff0
@AasmundN
chore(plugins): remove db and analytics
a9da5c5
@AasmundN
feat: update errors
33a8ccb
@AasmundN
feat: access-level utility
0955b81
@AasmundN
feat(api): create user endpoint
ba441b6
@AasmundN
fix(api): return 201
fcb5285 
- POST events must return something nuxt/nuxt#15293
@AasmundN
feat(api): delete user
f379066
@AasmundN
feat(models): update user type
5dcdf8a
@AasmundN
feat(api): add updated field to db
26cc387
@AasmundN
chore(utils): rename format-user
2a7930b
@AasmundN
fix(utils): optional chaining
59101e9
@AasmundN
chore(middleware): update util call
2704765
@AasmundN
feat(api): get all users
bcde49f 
- By adding the scope query paramater an admin can get all users.
  This will fetch and merge user data from firebase auth and the db.
@AasmundN
fix(api) remove import
f84baf1
@AasmundN
fix(api): typo
f9b0632
@AasmundN AasmundN mentioned this pull request Aug 16, 2023
Closed
@AasmundN AasmundN requested a review from ipeglin August 16, 2023 12:28
AasmundN
AasmundN commented Aug 16, 2023
View reviewed changes
pages/index.vue Outdated Show resolved Hide resolved
Bissas
Bissas reviewed Aug 17, 2023
View reviewed changes
pages/index.vue Outdated Show resolved Hide resolved
ipeglin
ipeglin approved these changes Aug 17, 2023
View reviewed changes
Copy link
Member

@ipeglin ipeglin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

models/User.ts Show resolved Hide resolved
pages/index.vue Outdated Show resolved Hide resolved
server/api/user/index.delete.ts Show resolved Hide resolved
server/api/user/index.delete.ts Outdated Show resolved Hide resolved
server/api/user/index.post.ts Show resolved Hide resolved
server/api/user/index.post.ts Outdated Show resolved Hide resolved
server/api/user/index.post.ts Show resolved Hide resolved
server/api/user/index.ts Show resolved Hide resolved
server/api/user/index.ts Show resolved Hide resolved
server/api/user/index.ts Show resolved Hide resolved
@AasmundN AasmundN temporarily deployed to Development August 18, 2023 10:19 — with GitHub Actions Inactive
@AasmundN AasmundN merged commit 770792c into dev Aug 18, 2023
2 checks passed
@AasmundN AasmundN deleted the feat/27-authentication-user-data-server-routes branch August 18, 2023 10:20
@AasmundN AasmundN mentioned this pull request Nov 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ipeglin ipeglin ipeglin approved these changes

@Bissas Bissas Bissas left review comments

@miriamehm miriamehm Awaiting requested review from miriamehm

@JStoresund JStoresund Awaiting requested review from JStoresund

@ranerhei ranerhei Awaiting requested review from ranerhei

@Siristol Siristol Awaiting requested review from Siristol

Assignees

@AasmundN AasmundN

Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Authentication - user data server routes
3 participants
@AasmundN @ipeglin @Bissas