Use bearer token (#12)

adborbas · web-flow · commit 71166f85a7d6 · 2025-01-04T22:44:01.000+01:00
diff --git a/Sources/Grodt/Application/routes.swift b/Sources/Grodt/Application/routes.swift
@@ -49,35 +49,33 @@ func routes(_ app: Application) async throws {
     app.middleware.use(app.sessions.middleware)
     app.middleware.use(globalRateLimiter)
     
-    try app.group("") { routeBuilder in
-        try routeBuilder
-            .grouped(loginRateLimiter)
-            .register(collection: UserController(dtoMapper: loginResponseDTOMapper))
-    }
-    
     let tokenAuthMiddleware = UserToken.authenticator()
     let guardAuthMiddleware = User.guardMiddleware()
     
-    let protected = app.grouped([tokenAuthMiddleware, guardAuthMiddleware])
-    try protected.group("api") { routeBuilder in
-        try routeBuilder.register(collection:
-                                    PortfoliosController(
-                                        portfolioRepository: PostgresPortfolioRepository(database: app.db),
-                                        currencyRepository: PostgresCurrencyRepository(database: app.db),
-                                        historicalPortfolioPerformanceUpdater: portfolioPerformanceUpdater,
-                                        dataMapper: portfolioDTOMapper)
+    try app.group("api") { api in
+        // Public routes
+        try api
+            .grouped(loginRateLimiter)
+            .register(collection: UserController(dtoMapper: loginResponseDTOMapper))
+        
+        // Protected routes
+        let protected = api.grouped([tokenAuthMiddleware, guardAuthMiddleware])
+        try protected.register(collection:
+                                PortfoliosController(
+                                    portfolioRepository: PostgresPortfolioRepository(database: app.db),
+                                    currencyRepository: PostgresCurrencyRepository(database: app.db),
+                                    historicalPortfolioPerformanceUpdater: portfolioPerformanceUpdater,
+                                    dataMapper: portfolioDTOMapper)
         )
         
         let transactionController = TransactionsController(transactionsRepository: PostgresTransactionRepository(database: app.db),
-                               currencyRepository: PostgresCurrencyRepository(database: app.db),
-                               dataMapper: transactionDTOMapper)
-        
+                                                           currencyRepository: PostgresCurrencyRepository(database: app.db),
+                                                           dataMapper: transactionDTOMapper)
         transactionController.delegate = transactionChangedHandler
-        try routeBuilder.register(collection: transactionController)
-        
-        try routeBuilder.register(collection: tickersController)
-        try routeBuilder.register(collection: investmentsController)
-        try routeBuilder.register(collection: accountController)
+        try protected.register(collection: transactionController)
+        try protected.register(collection: tickersController)
+        try protected.register(collection: investmentsController)
+        try protected.register(collection: accountController)
     }
     
     if app.environment != .testing {
diff --git a/Sources/Grodt/Controllers/UserController.swift b/Sources/Grodt/Controllers/UserController.swift
@@ -10,13 +10,15 @@ struct UserController: RouteCollection {
     
     func boot(routes: Vapor.RoutesBuilder) throws {
         let passwordProtected = routes.grouped(User.authenticator())
-        passwordProtected.post("login") { req async throws -> LoginResponseDTO in
+        passwordProtected.post("login") { req async throws -> Response in
             let user = try req.auth.require(User.self)
             let token = try user.generateToken()
             try await token.save(on: req.db)
-            return dtoMapper.response(from: token)
+            
+            let response = Response(status: .ok)
+            response.headers.add(name: .authorization, value: "Bearer \(token.value)")
+            
+            return response
         }
     }
 }
-
-extension LoginResponseDTO: Content { }
diff --git a/Tests/GrodtTests/GrodtTestCase.swift b/Tests/GrodtTests/GrodtTestCase.swift
@@ -63,9 +63,8 @@ class GrodtControllerTestCase: GrodtTestCase {
     }
     
     private func authHeader() async throws -> (String, String) {
-        let login = try await app.sendRequest(.POST, "login", headers: HTTPHeaders([AuthorizationHeader.basic(email: user.email, password: "password").value]))
-        let response = try login.content.decode(LoginResponseDTO.self)
-        return AuthorizationHeader.bearer(token: response.value).value
+        let login = try await app.sendRequest(.POST, "api/login", headers: HTTPHeaders([AuthorizationHeader.basic(email: user.email, password: "password").value]))
+        return AuthorizationHeader.bearer(token: login.headers.bearerAuthorization!.token).value
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -10,13 +10,15 @@ struct UserController: RouteCollection {`
`10`	`10`
`11`	`11`	`func boot(routes: Vapor.RoutesBuilder) throws {`
`12`	`12`	`let passwordProtected = routes.grouped(User.authenticator())`
`13`		`- passwordProtected.post("login") { req async throws -> LoginResponseDTO in`
	`13`	`+ passwordProtected.post("login") { req async throws -> Response in`
`14`	`14`	`let user = try req.auth.require(User.self)`
`15`	`15`	`let token = try user.generateToken()`
`16`	`16`	`try await token.save(on: req.db)`
`17`		`- return dtoMapper.response(from: token)`
	`17`	`+`
	`18`	`+ let response = Response(status: .ok)`
	`19`	`+ response.headers.add(name: .authorization, value: "Bearer \(token.value)")`
	`20`	`+`
	`21`	`+ return response`
`18`	`22`	`}`
`19`	`23`	`}`
`20`	`24`	`}`
`21`		`-`
`22`		`-extension LoginResponseDTO: Content { }`
Original file line number	Diff line number	Diff line change
`@@ -63,9 +63,8 @@ class GrodtControllerTestCase: GrodtTestCase {`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`private func authHeader() async throws -> (String, String) {`
`66`		`- let login = try await app.sendRequest(.POST, "login", headers: HTTPHeaders([AuthorizationHeader.basic(email: user.email, password: "password").value]))`
`67`		`- let response = try login.content.decode(LoginResponseDTO.self)`
`68`		`- return AuthorizationHeader.bearer(token: response.value).value`
	`66`	`+ let login = try await app.sendRequest(.POST, "api/login", headers: HTTPHeaders([AuthorizationHeader.basic(email: user.email, password: "password").value]))`
	`67`	`+ return AuthorizationHeader.bearer(token: login.headers.bearerAuthorization!.token).value`
`69`	`68`	`}`
`70`	`69`	`}`
`71`	`70`