Skip to content

Commit

Permalink
refactor(auth-api): duplicate auth endpoints to new /api/v3 router
Browse files Browse the repository at this point in the history
- duplicate auth endpoint functionality and update endpoints
- update v3 router to use new endpoints
- update frontend api calls to use new endpoints
  • Loading branch information
orbitalsqwib committed Apr 5, 2021
1 parent 94684b7 commit 48a1f2e
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 4 deletions.
95 changes: 95 additions & 0 deletions src/app/routes/api/v3/auth/auth.routes.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
import { celebrate, Joi, Segments } from 'celebrate'
import { Router } from 'express'

import { rateLimitConfig } from '../../../../../config/config'
import * as AuthController from '../../../../modules/auth/auth.controller'
import { limitRate } from '../../../../utils/limit-rate'

export const AuthRouter = Router()
/**
* Check if email domain is a valid agency
* @route POST /auth/email/validate
* @group admin
* @param body.email the user's email to validate domain for
* @return 200 when email domain is valid
* @return 401 when email domain is invalid
*/
AuthRouter.post(
'/email/validate',
celebrate({
[Segments.BODY]: Joi.object().keys({
email: Joi.string()
.required()
.email()
.message('Please enter a valid email'),
}),
}),
AuthController.handleCheckUser,
)

/**
* Send a one-time password (OTP) to the specified email address
* as part of the login procedure.
* @route POST /auth/otp/generate
* @group admin
* @param body.email the user's email to validate domain for
* @produces application/json
* @consumes application/json
* @return 200 when OTP has been been successfully sent
* @return 401 when email domain is invalid
* @return 500 when FormSG was unable to generate the OTP, or create/send the email that delivers the OTP to the user's email address
*/
AuthRouter.post(
'/otp/generate',
limitRate({ max: rateLimitConfig.sendAuthOtp }),
celebrate({
[Segments.BODY]: Joi.object().keys({
email: Joi.string()
.required()
.email()
.message('Please enter a valid email'),
}),
}),
AuthController.handleLoginSendOtp,
)

/**
* Verify the one-time password (OTP) for the specified email address
* as part of the login procedure.
* @route POST /auth/otp/verify
* @group admin
* @param body.email the user's email
* @param body.otp the otp to verify
* @headers 200.set-cookie contains the session cookie upon login
* @returns 200 when user has successfully logged in, with session cookie set
* @returns 401 when the email domain is invalid
* @returns 422 when the OTP is invalid
* @returns 500 when error occurred whilst verifying the OTP
*/
AuthRouter.post(
'/otp/verify',
celebrate({
[Segments.BODY]: Joi.object().keys({
email: Joi.string()
.required()
.email()
.message('Please enter a valid email'),
otp: Joi.string()
.required()
.regex(/^\d{6}$/)
.message('Please enter a valid otp'),
}),
}),
AuthController.handleLoginVerifyOtp,
)

/**
* Sign the user out of the session by clearing the relevant session cookie
* @route GET /auth/logout
* @group admin
* @headers 200.clear-cookie clears cookie upon signout
* @returns 200 when user has signed out successfully
* @returns 400 when the request does not contain a session
* @returns 500 when the session fails to be destroyed
*/
AuthRouter.get('/logout', AuthController.handleSignout)
1 change: 1 addition & 0 deletions src/app/routes/api/v3/auth/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export { AuthRouter } from './auth.routes'
2 changes: 2 additions & 0 deletions src/app/routes/api/v3/v3.routes.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
import { Router } from 'express'

import { AdminRouter } from './admin'
import { AuthRouter } from './auth'

export const V3Router = Router()

V3Router.use('/admin', AdminRouter)
V3Router.use('/auth', AuthRouter)
8 changes: 4 additions & 4 deletions src/public/modules/users/services/auth.client.service.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ function Auth($q, $http, $state, $window) {

function checkUser(credentials) {
let deferred = $q.defer()
$http.post('/auth/checkuser', credentials).then(
$http.post('/api/v3/auth/email/validate', credentials).then(
function (response) {
deferred.resolve(response.data)
},
Expand All @@ -82,7 +82,7 @@ function Auth($q, $http, $state, $window) {

function sendOtp(credentials) {
let deferred = $q.defer()
$http.post('/auth/sendotp', credentials).then(
$http.post('/api/v3/auth/otp/generate', credentials).then(
function (response) {
deferred.resolve(response.data)
},
Expand All @@ -95,7 +95,7 @@ function Auth($q, $http, $state, $window) {

function verifyOtp(credentials) {
let deferred = $q.defer()
$http.post('/auth/verifyotp', credentials).then(
$http.post('/api/v3/auth/otp/verify', credentials).then(
function (response) {
setUser(response.data)
deferred.resolve()
Expand All @@ -108,7 +108,7 @@ function Auth($q, $http, $state, $window) {
}

function signOut() {
$http.get('/auth/signout').then(
$http.get('/api/v3/auth/logout').then(
function () {
$window.localStorage.removeItem('user')
// Clear contact banner on logout
Expand Down

0 comments on commit 48a1f2e

Please sign in to comment.