tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
Archived
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

Merge remote-tracking branch 'origin/feat/endpoints-beschermen-met-authenticatie-#105' into feat/endpoints-beschermen-met-authenticatie-#105

Browse source
This commit is contained in:
Gabriellvl 2025-05-15 21:07:10 +02:00
commit 4925a9bdb7
19 changed files with 26 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/src/controllers/auth.ts
View file

@ -5,7 +5,7 @@ import { envVars, getEnvVar } from '../util/envVars.js';
import { createOrUpdateStudent } from '../services/students.js';
import { Request, Response } from 'express';
import { createOrUpdateTeacher } from '../services/teachers.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
interface FrontendIdpConfig {
authority: string;

2
backend/src/middleware/auth/checks/assignment-auth-checks.ts
View file

@ -2,7 +2,7 @@ import { authorize } from './auth-checks.js';
import { fetchClass } from '../../../services/classes.js';
import { fetchAllGroups } from '../../../services/groups.js';
import { mapToUsername } from '../../../interfaces/user.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
/**
* Expects the path to contain the path parameters 'classId' and 'id' (meaning the ID of the assignment).

2
backend/src/middleware/auth/checks/auth-checks.ts
View file

@ -5,7 +5,7 @@ import { RequestHandler } from 'express';
import { UnauthorizedException } from '../../../exceptions/unauthorized-exception.js';
import { ForbiddenException } from '../../../exceptions/forbidden-exception.js';
import { envVars, getEnvVar } from '../../../util/envVars.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
/**
* Middleware which rejects unauthenticated users (with HTTP 401) and authenticated users which do not fulfill

2
backend/src/middleware/auth/checks/class-auth-checks.ts
View file

@ -4,7 +4,7 @@ import { AuthenticatedRequest } from '../authenticated-request.js';
import { fetchClass } from '../../../services/classes.js';
import { mapToUsername } from '../../../interfaces/user.js';
import { getAllInvitations } from '../../../services/teacher-invitations.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
async function teaches(teacherUsername: string, classId: string): Promise<boolean> {
const clazz = await fetchClass(classId);

2
backend/src/middleware/auth/checks/group-auth-checker.ts
View file

@ -2,7 +2,7 @@ import { authorize } from './auth-checks.js';
import { fetchClass } from '../../../services/classes.js';
import { fetchGroup } from '../../../services/groups.js';
import { mapToUsername } from '../../../interfaces/user.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
/**
* Expects the path to contain the path parameters 'classid', 'assignmentid' and 'groupid'.

2
backend/src/middleware/auth/checks/learning-content-auth-checks.ts
View file

@ -1,7 +1,7 @@
import { authorize } from './auth-checks';
import { AuthenticationInfo } from '../authentication-info';
import { AuthenticatedRequest } from '../authenticated-request';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
/**
* Only allows requests whose learning path personalization query parameters ('forGroup' / 'assignmentNo' / 'classId')

2
backend/src/middleware/auth/checks/question-checks.ts
View file

@ -7,7 +7,7 @@ import { fetchQuestion } from '../../../services/questions.js';
import { FALLBACK_SEQ_NUM } from '../../../config.js';
import { fetchAnswer } from '../../../services/answers.js';
import { mapToUsername } from '../../../interfaces/user.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
export const onlyAllowAuthor = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { author: string }).author === auth.username

2
backend/src/middleware/auth/checks/submission-checks.ts
View file

@ -6,7 +6,7 @@ import { AuthenticationInfo } from '../authentication-info.js';
import { authorize } from './auth-checks.js';
import { FALLBACK_LANG } from '../../../config.js';
import { mapToUsername } from '../../../interfaces/user.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
import { AccountType } from '@dwengo-1/common/util/account-types';
export const onlyAllowSubmitter = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { submitter: string }).submitter === auth.username

8
backend/src/services/teachers.ts
View file

@ -100,13 +100,9 @@ export async function getStudentsByTeacher(username: string, full: boolean): Pro
const classIds: string[] = classes.map((cls) => cls.id);
const students: StudentDTO[] = (await Promise.all(
classIds.map(async (classId) => await getClassStudentsDTO(classId))
))
const students: StudentDTO[] = (await Promise.all(classIds.map(async (classId) => await getClassStudentsDTO(classId))))
.flat()
.filter((student, index, self) =>
self.findIndex((s) => s.username === student.username) === index
);
.filter((student, index, self) => self.findIndex((s) => s.username === student.username) === index);
if (full) {
return students;