router now working, implemented login and logout

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
4 months ago · 956281e749
7 changed files with 113 additions and 24 deletions
--- a/frontend/src/App.svelte
+++ b/frontend/src/App.svelte
@ -21,6 +21,7 @@
				@@ -21,6 +21,7 @@

 {#if translations_ready }
    {#if user.name }
+        <!-- https://github.com/notnotsamuel/svelte-tiny-router -->
        <Router>
            <Menu />
            <Route path="/" component={Home} />
--- a/frontend/src/Components/Login.svelte
+++ b/frontend/src/Components/Login.svelte
@ -1,6 +1,8 @@
				@@ -1,6 +1,8 @@
 <script>
+    import { onMount } from 'svelte';
    import { t } from '../translations.svelte.js';
-    import { tryLogin } from '../user.svelte.js';
+    import { checkUser, tryLogin } from '../user.svelte.js';
+
    let credentials = { username : null, password : null }

    function doLogin(ev){
@ -10,6 +12,10 @@
				@@ -10,6 +12,10 @@
    function init(element){
        element.focus();
    }
+
+    onMount(async () => {
+        await checkUser();
+    });
 </script>
 <style>
    label { display: block; margin: 5px; }
--- a/frontend/src/Components/Menu.svelte
+++ b/frontend/src/Components/Menu.svelte
@ -1,17 +1,13 @@
				@@ -1,17 +1,13 @@
 <script>
+    import { logout, user } from '../user.svelte.js';
    import { useTinyRouter } from 'svelte-tiny-router';
    import { t } from '../translations.svelte.js';
-    import { user } from '../user.svelte.js';

    const router = useTinyRouter();

    function gotoAbout(){
        router.navigate('/about');
    }
-
-    function logout(){
-        user.name = null;
-    }
 </script>
 <nav>
    <a on:click={() => router.navigate('/')}>{t('nav.Home')}</a>
--- a/frontend/src/user.svelte.js
+++ b/frontend/src/user.svelte.js
@ -2,9 +2,29 @@ export const user = $state({
				@@ -2,9 +2,29 @@ export const user = $state({
    name : null
 })

+export async function checkUser(){
+    var url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/whoami`;
+    let response = await fetch(url,{
+        credentials: 'include'
+    });
+    if (response.ok){
+        const json = await response.json();
+        for (var key of Object.keys(json)) user[key] = json[key];
+    }
+}
+
+export async function logout(){
+    var url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/logout`;
+    await fetch(url,{
+        credentials: 'include'
+    });
+    user.name = null;
+}
+
 export async function tryLogin(credentials){
    var url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/login`;
    let response = await fetch(url,{
+        credentials: 'include',
        headers: {
            'Content-Type':'application/json'
        },
--- a/user/src/main/java/de/srsoftware/umbrella/user/Constants.java
+++ b/user/src/main/java/de/srsoftware/umbrella/user/Constants.java
@ -34,19 +34,6 @@ public class Constants {
				@@ -34,19 +34,6 @@ public class Constants {

 	public static final String PASS = "pass";

-	public static final String PATH_CALLBACK = "callback";
-	public static final String PATH_DASH = "dash";
-	public static final String PATH_IMPERSONATE = "impersonate";
-	public static final String PATH_INSTALL = "install";
-	public static final String PATH_JAVASCRIPT = "js";
-	public static final String PATH_LOGIN = "login";
-	public static final String PATH_MENU = "menu";
-	public static final String PATH_NOTIFY = "notify";
-	public static final String PATH_OIDC_BUTTONS = "oidc_buttons";
-	public static final String PATH_OIDC_LOGIN = "oidc_login";
-	public static final String PATH_OPENID_LOGIN = "openid_login";
-	public static final String PATH_SESSION = "session";
-	public static final String PATH_VALIDATE_TOKEN = "validateToken";


 	public static final String REDIRECT_URI = "redirect_uri";
--- a/user/src/main/java/de/srsoftware/umbrella/user/Paths.java
+++ b/user/src/main/java/de/srsoftware/umbrella/user/Paths.java
@ -0,0 +1,20 @@
				@@ -0,0 +1,20 @@
+package de.srsoftware.umbrella.user;
+
+public class Paths {
+	private Paths(){}
+
+	public static final String CALLBACK = "callback";
+	public static final String DASH = "dash";
+	public static final String IMPERSONATE = "impersonate";
+	public static final String INSTALL = "install";
+	public static final String JAVASCRIPT = "js";
+	public static final String LOGIN = "login";
+	public static final String MENU = "menu";
+	public static final String NOTIFY = "notify";
+	public static final String OIDC_BUTTONS = "oidc_buttons";
+	public static final String OIDC_LOGIN = "oidc_login";
+	public static final String OPENID_LOGIN = "openid_login";
+	public static final String SESSION = "session";
+	public static final String VALIDATE_TOKEN = "validateToken";
+	public static final String WHOAMI = "whoami";
+}
--- a/user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
+++ b/user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
@ -1,18 +1,32 @@
				@@ -1,18 +1,32 @@
 /* © SRSoftware 2025 */
 package de.srsoftware.umbrella.user;

+import static de.srsoftware.tools.Optionals.nullable;
 import static de.srsoftware.umbrella.core.Constants.PASSWORD;
+import static de.srsoftware.umbrella.core.Constants.REDIRECT;
+import static de.srsoftware.umbrella.core.Paths.LOGOUT;
 import static de.srsoftware.umbrella.core.ResponseCode.*;
 import static de.srsoftware.umbrella.user.Constants.*;
+import static de.srsoftware.umbrella.user.Paths.LOGIN;
+import static de.srsoftware.umbrella.user.Paths.WHOAMI;
+import static java.time.temporal.ChronoUnit.DAYS;

 import com.sun.net.httpserver.HttpExchange;
 import de.srsoftware.tools.Path;
 import de.srsoftware.tools.PathHandler;
+import de.srsoftware.tools.SessionToken;
 import de.srsoftware.umbrella.core.UmbrellaException;
 import de.srsoftware.umbrella.user.api.UserDb;
 import de.srsoftware.umbrella.user.model.Password;
+import de.srsoftware.umbrella.user.model.Session;
+import de.srsoftware.umbrella.user.model.Token;
+import de.srsoftware.umbrella.user.model.UmbrellaUser;
+
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;


 public class UserModule extends PathHandler {
@ -33,10 +47,16 @@ public class UserModule extends PathHandler {
				@@ -33,10 +47,16 @@ public class UserModule extends PathHandler {
 	}

 	private HttpExchange addCors(HttpExchange ex){
-		var headers = ex.getResponseHeaders();
-		headers.add("Allow-Origin","*");
-		headers.add("Access-Control-Allow-Origin","*");
-		headers.add("Access-Control-Allow-Headers","Content-Type");
+		var headers = ex.getRequestHeaders();
+		var origin = nullable(headers.get("Origin")).orElse(List.of()).stream().filter(url -> url.contains("://localhost")||url.contains("://127.0.0.1")).findAny();
+		if (origin.isPresent()) {
+			var url = origin.get();
+			headers = ex.getResponseHeaders();
+			headers.add("Allow-Origin", url);
+			headers.add("Access-Control-Allow-Origin", url);
+			headers.add("Access-Control-Allow-Headers", "Content-Type");
+			headers.add("Access-Control-Allow-Credentials", "true");
+		}
 		return ex;
 	}

@ -45,16 +65,55 @@ public class UserModule extends PathHandler {
				@@ -45,16 +65,55 @@ public class UserModule extends PathHandler {
 		return sendEmptyResponse(200,addCors(ex));
 	}

+	@Override
+	public boolean doGet(Path path, HttpExchange ex) throws IOException {
+		var p = path.toString();
+		switch (p){
+			case LOGOUT: return logout(ex);
+			case WHOAMI: return getUser(ex);
+		}
+		return super.doGet(path,ex);
+	}
+
 	@Override
 	public boolean doPost(Path path, HttpExchange ex) throws IOException {
 		addCors(ex);
 		var p = path.toString();
 		switch (p){
-			case PATH_LOGIN: return postLogin(ex);
+			case LOGIN: return postLogin(ex);
 		}
 		return super.doPost(path, ex);
 	}

+	private boolean getUser(HttpExchange ex) throws IOException {
+		addCors(ex);
+		var sessionToken = SessionToken.from(ex);
+		if (sessionToken.isEmpty()) return sendEmptyResponse(UNAUTHORIZED,ex);
+		try {
+			Session session = users.load(Token.of(sessionToken.get()));
+			UmbrellaUser user = users.load(session);
+			return sendContent(ex,OK,user);
+		} catch (UmbrellaException e) {
+			return sendContent(ex,e.statusCode(),e.getMessage());
+		}
+	}
+
+	public boolean logout(HttpExchange ex) throws IOException {
+		addCors(ex);
+		var optToken = SessionToken.from(ex).map(Token::of);
+		if (optToken.isPresent()){
+			var token = optToken.get();
+			try {
+				users.dropSession(token);
+			} catch (UmbrellaException ignored){
+
+			}
+			new SessionToken(token.toString(),"/", Instant.now().minus(1, DAYS),true).addTo(ex);
+			return sendEmptyResponse(OK,ex);
+		}
+		return sendEmptyResponse(UNAUTHORIZED,ex);
+	}
+
 	private boolean postLogin(HttpExchange ex) throws IOException {
 		var json = json(ex);
 		if (!(json.has(USERNAME) && json.get(USERNAME) instanceof String username)) return sendContent(ex,UNPROCESSABLE,"Username missing");