feat(auth): new auth provider + hook

Author: goshatch

src/main/parts/frontend/api/core.cljs

@@ -4,10 +4,10 @@
 
 ;; Helpers
 
-(defn- get-auth-token []
-  (js/lcalStorage.getItem "auth-token"))
+(defn get-auth-token []
+  (js/localStorage.getItem "auth-token"))
 
-(defn- add-auth-header [req]
+(defn add-auth-header [req]
   (if-let [token (js/localStorage.getItem "auth-token")]
     (assoc-in req [:headers "Authorization"] (str "Bearer " token))
     req))

src/main/parts/frontend/app.cljs

@@ -1,7 +1,7 @@
 (ns parts.frontend.app
   (:require
    ["htmx.org" :default htmx]
-   [parts.frontend.api.core :as api]
+   [parts.frontend.context :refer [auth-provider]]
    [parts.frontend.components.system :refer [system]]
    [uix.core :refer [defui $]]
    [uix.dom]))
@@ -16,7 +16,8 @@
     {:id "e3-2" :source "3" :target "2"}]})
 
 (defui app []
-  ($ system system-data))
+  ($ auth-provider {}
+     ($ system system-data)))
 
 (defonce root
   (when-let [root-element (js/document.getElementById "root")]

src/main/parts/frontend/components/login_modal.cljs

@@ -0,0 +1,80 @@
+(ns parts.frontend.components.login-modal
+  (:require
+   [uix.core :refer [defui $ use-state]]
+   [cljs.core.async :refer [<!]]
+   [parts.frontend.context :as ctx]
+   [parts.frontend.utils.csrf :as csrf]
+   [parts.frontend.components.modal :refer [modal]])
+  (:require-macros
+   [cljs.core.async.macros :refer [go]]))
+
+(defui login-modal [{:keys [show on-close]}]
+  (let [[email set-email] (use-state "")
+        [password set-password] (use-state "")
+        [error set-error] (use-state nil)
+        [loading set-loading] (use-state false)
+        {:keys [login]} (ctx/use-auth)
+
+        handle-submit (fn [e]
+                        (.preventDefault e)
+                        (set-loading true)
+                        (set-error nil)
+                        (go
+                          (try
+                            (let [_result (<! (login {:email email
+                                                      :password password}))]
+                              (set-loading false)
+                              (on-close))
+                            (catch js/Error err
+                              (js/console.log "Login error:", err)
+                              (set-loading false)
+                              (set-error "Invalid email or password")))))]
+
+    ($ modal
+       {:show show
+        :title "Log in"
+        :on-close on-close}
+
+       ($ :form {:on-submit handle-submit}
+          (when error
+            ($ :div {:class "error-message"}
+               error))
+
+          (when-let [token (csrf/get-token)]
+            ($ :input
+               {:type "hidden"
+                :id "__anti-forgery-token"
+                :name "__anti-forgery-token"
+                :value token}))
+
+          ($ :div {:class "form-group"}
+             ($ :label {:for "email"} "Email:")
+             ($ :input
+                {:type "email"
+                 :id "email"
+                 :value email
+                 :disabled loading
+                 :on-change #(set-email (.. % -target -value))
+                 :required true}))
+
+          ($ :div {:class "form-group"}
+             ($ :label {:for "password"} "Password:")
+             ($ :input
+                {:type "password"
+                 :id "password"
+                 :value password
+                 :disabled loading
+                 :on-change #(set-password (.. % -target -value))
+                 :required true}))
+
+          ($ :div {:class "form-actions"}
+             ($ :button
+                {:type "button"
+                 :disabled loading
+                 :on-click on-close}
+                "Cancel")
+             ($ :button
+                {:type "submit"
+                 :disabled loading
+                 :class "primary"}
+                (if loading "Logging in..." "Log in")))))))

src/main/parts/frontend/components/system.cljs

@@ -12,6 +12,7 @@
    [clojure.string :as str]
    [parts.frontend.components.nodes :refer [node-types]]
    [parts.frontend.components.toolbar :refer [parts-toolbar]]
+   [parts.frontend.components.login-modal :refer [login-modal]]
    [parts.frontend.utils.node-utils :refer [build-updated-part]]
    [parts.frontend.context :as ctx]))
 
@@ -53,16 +54,17 @@
 
 (defui auth-status-bar []
   (let [[show-login-modal set-show-login-modal] (use-state false)
-        {:keys [logged-in email logout]} (uix.core/use-context ctx/auth-context)]
+        {:keys [user loading logout]} (ctx/use-auth)]
     ($ :div
        (when show-login-modal
          ($ login-modal
             {:show true
              :on-close #(set-show-login-modal false)}))
-
-       (if logged-in
+       (when loading
+         ($ :span "(...) "))
+       (if user
          ($ :span
-            ($ :span {:class "user-email"} (str "🟢 " email))
+            ($ :span {:class "user-email"} (str "🟢 " (:email user)))
             ($ :button {:on-click (fn []
                                     (.then (logout) (fn [_] nil)))}
                "Log out"))

src/main/parts/frontend/context.cljs

@@ -1,10 +1,57 @@
 (ns parts.frontend.context
-  (:require [uix.core]))
+  (:require
+   [clojure.core.async :refer [<!]]
+   [parts.frontend.api.core :as api]
+   [uix.core :refer [$ defui use-state use-effect use-context]])
+  (:require-macros
+   [cljs.core.async.macros :refer [go]]))
 
 (def update-node-context (uix.core/create-context nil))
 
-(def auth-context (uix.core/create-context 
-                    {:logged-in false
-                     :email nil
-                     :login nil
-                     :logout nil}))
+(def auth-context (uix.core/create-context
+                   {:logged-in false
+                    :email nil
+                    :login nil
+                    :logout nil}))
+
+(defui auth-provider [{:keys [children]}]
+  (let [[user set-user] (use-state nil)
+        [loading set-loading] (use-state true)
+        fetch-user! (fn []
+                      (go
+                        (let [resp (<! (api/get-current-user))]
+                          (set-loading false)
+                          (when (= 200 (:status resp))
+                            (set-user (:body resp))))))
+        login! (fn [creds]
+                 (go
+                   (let [resp (<! (api/login creds))]
+                     (when (= 200 (:status resp))
+                       (<! (fetch-user!)))
+                     resp)))
+        logout! (fn []
+                  (api/logout)
+                  (set-user nil))
+        value {:user user
+               :loading loading
+               :login login!
+               :logout logout!}]
+
+    (use-effect
+     (fn []
+       (println "[auth-provider] checking for token")
+       (if (api/get-auth-token)
+         (do
+           (println "[auth-provider] token found")
+           (fetch-user!))
+         (set-loading false)))
+     [fetch-user!])
+
+    ($ auth-context.Provider {:value value}
+       children)))
+
+(defn use-auth []
+  (let [auth (use-context auth-context)]
+    (when (nil? auth)
+      (js/console.error "use-auth must be used within an AuthProvider"))
+    auth))

src/main/parts/frontend/utils/csrf.cljs

@@ -0,0 +1,7 @@
+(ns parts.frontend.utils.csrf)
+
+(defn get-token
+  "Get the CSRF token from the meta tag"
+  []
+  (when-let [meta-tag (.querySelector js/document "meta[name='csrf-token']")]
+    (.getAttribute meta-tag "content")))

test/parts/routes_test.clj

@@ -0,0 +1,75 @@
+(ns parts.routes-test
+  (:require
+   [clojure.test :refer [deftest is testing use-fixtures]]
+   [muuntaja.core :as m]
+   [parts.api.auth :as auth]
+   [parts.helpers.utils :refer [with-test-db register-test-user]]
+   [parts.helpers.test-factory :as factory]
+   [parts.entity.user :as user]
+   [parts.routes :as routes]
+   [reitit.ring :as ring]
+   [ring.mock.request :as mock]
+   [cognitect.transit :as transit])
+  (:import
+   [java.io ByteArrayInputStream ByteArrayOutputStream]))
+
+(use-fixtures :once with-test-db)
+
+(defn- parse-transit [body]
+  (let [in (ByteArrayInputStream. (.getBytes body))
+        reader (transit/reader in :json)]
+    (transit/read reader)))
+
+(defn- create-app
+  "Creates a test app with all middleware configured as in production"
+  []
+  (ring/ring-handler
+   (ring/router routes/routes)))
+
+(deftest test-login-handler
+  (testing "login handler with middleware stack"
+    (let [app (create-app)
+          user-data (factory/create-test-user)
+          {:keys [email password]} user-data]
+
+      ;; First create the user
+      (user/create! user-data)
+
+      ;; Create login request with transit format
+      (let [request (-> (mock/request :post "/api/auth/login")
+                        (mock/json-body {:email email :password password})
+                        (mock/header "Content-Type" "application/transit+json")
+                        (mock/header "Accept" "application/transit+json"))
+            response (app request)
+            body (parse-transit (:body response))]
+
+        ;; Test response status, headers and content
+        (is (= 200 (:status response)))
+        (is (= "application/transit+json; charset=utf-8"
+               (get-in response [:headers "Content-Type"])))
+        (is (:access_token body))
+        (is (:refresh_token body))
+        (is (= "Bearer" (:token_type body)))))))
+
+(deftest test-unauthorized-access
+  (testing "protected endpoints require authentication"
+    (let [app (create-app)
+          request (-> (mock/request :get "/api/account")
+                      (mock/header "Accept" "application/transit+json"))
+          response (app request)
+          body (parse-transit (:body response))]
+
+      (is (= 401 (:status response)))
+      (is (= "application/transit+json; charset=utf-8"
+             (get-in response [:headers "Content-Type"])))
+      (is (= "Unauthorized" (:error body))))))
+
+(deftest test-static-resource-content-type
+  (testing "SVG files are served with correct content type"
+    (let [app (create-app)
+          request (mock/request :get "/images/parts-logo-horizontal.svg")
+          response (app request)]
+
+      (is (= 200 (:status response)))
+      (is (= "image/svg+xml"
+             (get-in response [:headers "Content-Type"]))))))