chore(frontend): Refactoring

Refactoring zodat de structuur van de authenticatieservice in de client duidelijker is.
2025-03-02 21:02:17 +01:00 · 2025-03-02 21:02:17 +01:00 · 26d5c09bb4
commit 26d5c09bb4
parent a28ec22f29
19 changed files with 215 additions and 183 deletions
--- a/backend/.env.development.example
+++ b/backend/.env.development.example
@ -12,5 +12,5 @@ DWENGO_AUTH_TEACHER_URL=http://localhost:7080/realms/teacher
 DWENGO_AUTH_TEACHER_CLIENT_ID=dwengo
 DWENGO_AUTH_TEACHER_JWKS_ENDPOINT=http://localhost:7080/realms/teacher/protocol/openid-connect/certs

-# Allow frontend from anywhere to access the backend (for testing purposes). Don't forget to remove this in production!
-DWENGO_CORS_ALLOWED_ORIGINS=*
+# Allow Vite dev-server to access the backend (for testing purposes). Don't forget to remove this in production!
+DWENGO_CORS_ALLOWED_ORIGINS=http://localhost:5173
--- a/backend/src/app.ts
+++ b/backend/src/app.ts
@ -24,8 +24,8 @@ app.get('/', (_, res: Response) => {
    });
 });

-app.use(authenticateUser);
 app.use(cors);
+app.use(authenticateUser);

 app.use('/student', studentRouter);
 app.use('/group', groupRouter);
--- a/backend/src/middleware/cors.ts
+++ b/backend/src/middleware/cors.ts
@ -2,5 +2,6 @@ import cors from "cors";
 import {EnvVars, getEnvVar} from "../util/envvars";

 export default cors({
-    origin: getEnvVar(EnvVars.CorsAllowedOrigins).split(',')
+    origin: getEnvVar(EnvVars.CorsAllowedOrigins).split(','),
+    allowedHeaders: getEnvVar(EnvVars.CorsAllowedHeaders).split(',')
 });
--- a/backend/src/routes/auth.ts
+++ b/backend/src/routes/auth.ts
@ -1,5 +1,6 @@
 import express from 'express'
 import {getFrontendAuthConfig} from "../controllers/auth";
+import {authenticatedOnly, studentsOnly, teachersOnly} from "../middleware/auth/auth";
 const router = express.Router();

 // returns auth configuration for frontend
@ -7,4 +8,16 @@ router.get('/config', (req, res) => {
    res.json(getFrontendAuthConfig());
 });

+router.get('/testAuthenticatedOnly', authenticatedOnly, (req, res) => {
+    res.json({message: "If you see this, you should be authenticated!"});
+});
+
+router.get('/testStudentsOnly', studentsOnly, (req, res) => {
+    res.json({message: "If you see this, you should be a student!"});
+});
+
+router.get('/testTeachersOnly', teachersOnly, (req, res) => {
+    res.json({message: "If you see this, you should be a teacher!"});
+});
+
 export default router;
--- a/backend/src/util/envvars.ts
+++ b/backend/src/util/envvars.ts
@ -3,6 +3,7 @@ const DB_PREFIX = PREFIX + 'DB_';
 const IDP_PREFIX = PREFIX + 'AUTH_';
 const STUDENT_IDP_PREFIX = IDP_PREFIX + 'STUDENT_';
 const TEACHER_IDP_PREFIX = IDP_PREFIX + 'TEACHER_';
+const CORS_PREFIX = PREFIX + 'CORS_';

 type EnvVar = { key: string; required?: boolean; defaultValue?: any };

@ -21,7 +22,8 @@ export const EnvVars: { [key: string]: EnvVar } = {
    IdpTeacherClientId: { key: TEACHER_IDP_PREFIX + 'CLIENT_ID', required: true },
    IdpTeacherJwksEndpoint: { key: TEACHER_IDP_PREFIX + 'JWKS_ENDPOINT', required: true },
    IdpAudience: { key: IDP_PREFIX + 'AUDIENCE', defaultValue: 'account' },
-    CorsAllowedOrigins: { key: PREFIX + 'CORS_ALLOWED_ORIGINS', defaultValue: ''}
+    CorsAllowedOrigins: { key: CORS_PREFIX + 'ALLOWED_ORIGINS', defaultValue: ''},
+    CorsAllowedHeaders: { key: CORS_PREFIX + 'ALLOWED_HEADERS', defaultValue: 'Authorization,Content-Type'}
 } as const;

 /**