minor changes

01a23cc9 · Wilson JALLET · af774cff · 01a23cc9 · 01a23cc9 · 01a23cc9
Commit 01a23cc9 authored 6 years ago by Wilson JALLET
--- a/src/app.ts
+++ b/src/app.ts
@@ -36,7 +36,9 @@ import { ldapConfig, credentialsConfig } from './ldap/config';
 const { dn, passwd } = credentialsConfig;
-const app = express(); // "The app object conventionally denotes the Express application" (https://expressjs.com/en/4x/api.html#app)
+// "The app object conventionally denotes the Express application" 
+// see https://expressjs.com/en/4x/api.html#app
+const app = express(); 
 // Parse incoming HTTP request bodies, available under the req.body property. cf www.npmjs.com/package/body-parser
 app.use(bodyParser.json()); //parses bodies of media type "application/json"
@@ -72,13 +74,14 @@ app.use('/assets', express.static(path.resolve('./', 'assets')));
 * it is important to configure this right!!! please check out https://www.npmjs.com/package/express-session 
 * and make sure you understand the way session is stored. (en vrai c'est vraiment important...)
 */
- app.use(session({
+app.use(session({
    secret: ldapConfig.sessionSecret,
    resave: true,
    saveUninitialized: false,
 }));
 app.use(passport.initialize());
 //GHETTO
 //initialize Passport. (adds hidden field req._passport and do some magic stuff)
 //app.use(passport.session()); //this is equivalent to app.use(passport.authenticate('session'))
@@ -91,12 +94,18 @@ app.use(passport.session(), (req, res, next)=>{
 }); 
 // *aucun* effet sur les requetes n'ayant pas ete reconnues par app.use(session(...)) (e.g. les requetes sans cookie ou les requetes avec cookie expired). source: lecture directe du code passport/lib/strategies/session.js sur github... :/
-/*
+// connect-flash is middleware for flashing messages, used in adminview
-app.use((req, res, next) => {
+app.use(flash());
-    console.log("Finished trying to authentify request as an existing session");
-    console.log("req.user: "+req.user);
+/**
-});
+ * @desc SETUP DE ADMINVIEW
-*/
+ */
+// setting up view engine for pug, for adminview
+console.log("Running at", __dirname);
+let viewpath = path.resolve(__dirname, 'views');
+app.set('views', viewpath);
+app.set('view engine', 'pug');
 /**
@@ -186,7 +195,7 @@ app.post('/login',
 */
 /**
- * @desc API GRAPHQL
+ * @desc API GraphQL
 */
 const environment = process.env.NODE_ENV || 'development';
@@ -199,13 +208,13 @@ const context = async ({ req }) => {
    let uid;
    let password;
-    // console.log("Responding to graphql request...");
+    console.log("Responding to graphql request...");
-    /*console.log(`
+    console.log(`
    | User: ${req.user ? req.user.uid : "none"}
    | Authorization: ${req.headers.authorization}
    | Authenticated: ${req.isAuthenticated()}
    `.trim());
-    */
    if(req.isAuthenticated()) {
        console.log("graphql API is receiving a request from an authenticated user! \\o/");
        try {
@@ -223,11 +232,11 @@ const context = async ({ req }) => {
    return {
        request: req,
-        bindUser: { uid, password }
+        user: { uid, password }
    }
 }
-const graphServer = new ApolloServer({
+const server = new ApolloServer({
    ...schema,
    context,
    playground: {
@@ -237,26 +246,8 @@ const graphServer = new ApolloServer({
        }
    }
 });
-graphServer.applyMiddleware({ app });
+server.applyMiddleware({ app });
-/**
- * @desc SETUP DE ADMINVIEW, L'INTERFACE ADMIN DES BDD
- * Remarque: le graphiql est desormais integre a express-graphql (mai 2018), donc il n'est plus possible de le proteger par connect-ensure-login, ni donc de considerer qu'il fait partie de l'adminview.
- * C'est relativement grave, car n'importe qui se connectant directement a [adresse_IP_de_roued]/graphql peut faire des requetes a la base de donnees de sigma
- * Donc il faudra retirer cette fonctionnalite en production ; or elle est pratique, meme en production, pour des sanity checks.
- * ...bref integrer graphiql a express-graphql etait completement con.
- */
-// setting up view engine for pug, for adminview
-console.log("Running at", __dirname);
-let viewpath = path.resolve(__dirname, 'views');
-app.set('views', viewpath);
-app.set('view engine', 'pug');
-// connect-flash is middleware for flashing messages, used in adminview
-app.use(flash());
 // GraphQL voyager affiche une représentation sous forme de graphe du schema GraphQL
 // accessible depuis adminview
@@ -268,11 +259,8 @@ app.use('/voyager',
 // on utilise un express.Router qui sert a creer un "sous-middleware stack".
 app.use('/adminview', router); // catches and resolves HTTP requests to paths '/adminview/*'
-// catch all other GET requests.
+app.use('/', (req, res) => {
-// il est bien sur essentiel de mettre ceci a la toute fin du middleware stack !
+    res.redirect('/adminview');
-app.get('/*',
+});
-    ((req, res, next) => res.redirect('/adminview'))
-);
 export default app;
--- a/src/graphql/resolvers/groups.js
+++ b/src/graphql/resolvers/groups.js
-import knex from '../../../db/knex_router';
 import * as connectors from '../connectors/connectors';
 import * as authentifiers from '../connectors/authentifiers';
@@ -6,7 +5,6 @@ const GroupResolvers = {
    // @rights viewer(obj.uid)
    Group: {
        __resolveType: async (obj) => {
            switch (obj.type) {
            case "simple":
                return "SimpleGroup";
@@ -16,35 +14,33 @@ const GroupResolvers = {
        }
    },
    // @rights viewer(obj.uid)
    SimpleGroup: {
+        async admins(obj, args, context) {
-        admins: async function (obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return await user.ldap_access.listMembers(context.user, obj.uid);
        },
-        members: async function (obj, args, context) {
+        async members(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user.ldap_access.listMembers(context.user, obj.uid);
        },
-        likers: async function (obj, args, context) {
+        async likers(obj, args, context) {
            return connectors.utilisateur.listMembers(context.user, obj.uid);
        },
-        privatePosts: async function (obj, args, context) {
+        async privatePosts(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user && connectors.receivedPrivatePosts(user, obj.uid);
        },
-        questions: async function (obj, args, context) {
+        async questions(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user && connectors.receivedQuestions(user, obj.uid);
        },
-        answers: async function (obj, args, context) {
+        async answers(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user && connectors.receivedAnswers(user, obj.uid);
        }
@@ -52,20 +48,20 @@ const GroupResolvers = {
    // @rights viewer(obj.uid)
    MetaGroup: {
-        members: (obj, args, context) => {
+        async members(obj, args, context) {
        },
-        privatePosts: async function (obj, args, context) {
+        async privatePosts(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user && connectors.receivedPrivatePosts(user, obj.uid);
        },
-        questions: async function (obj, args, context) {
+        async questions(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user && connectors.receivedQuestions(user, obj.uid);
        },
-        answers: async function (obj, args, context) {
+        async answers(obj, args, context) {
            let user = await authentifiers.member(context.user, obj.uid);
            return user && connectors.receivedAnswers(user, obj.uid);
        }

--- a/src/routing/admin.router.ts
+++ b/src/routing/admin.router.ts
@@ -40,18 +40,14 @@ router.get('/avlogin', function (req, res) {
 router.get('/admin',
    ensureLoggedIn('/adminview/avlogin'),
    function (req, res) {
-        console.log('adminview: Connecting to ' + req.url);
        let userName;
        // Une erreur a ce stade peut etre triggered si req.user n'existe pas
        // mais pour autant on est assures que la personne est bien authentifiee
        // donc on laisse passer sans déclencher d'erreur 500
        try {
            let user = req.user;
-            console.log('adminview: Welcome,', user.uid);
            userName = user.uid;
        } catch (err) {
-            console.log("Warning: in admin_router router.get('/admin')");
-            console.log(err.message);
            userName = "No one";
        }
        res.render('home', { title: 'Home', port: port, userName: userName });

--- a/src/views/login.pug
+++ b/src/views/login.pug
@@ -4,7 +4,6 @@ block content
    img(src="/assets/logo_sigma_large.png", width="240px", id='logo', alt="Logo sigma")
    h1 Sigma backend API
    p Veuillez vous connecter.
-    p <em>Please log in.</em>
    p #{errorMessage}
    form(action="/adminview/avlogin", method="post")
        div.form-group
@@ -13,5 +12,4 @@ block content
        div.form-group
            label(for="password") Password
            input.form-control(type="password", placeholder="Password", name="password")
-        button.form-control(type="submit",class="button") Connexion/<em>Log in</em>
+        button.form-control(type="submit",class="button") Connexion
\ No newline at end of file