example frontend-backend communication
This commit is contained in:
@@ -45,7 +45,7 @@ app.use(loggingService.requestLoggingMiddleware());
|
||||
|
||||
app.use((req, res, next) => {
|
||||
const origin = req.headers.origin;
|
||||
const allowedOrigins = ['http://localhost:3000', 'http://localhost:3001', 'http://localhost:8080'];
|
||||
const allowedOrigins = ['http://localhost:3000', 'http://localhost:3001', 'http://localhost:8080', process.env.FRONTEND_URL];
|
||||
|
||||
if (!origin || allowedOrigins.includes(origin)) {
|
||||
res.setHeader('Access-Control-Allow-Origin', origin || '*');
|
||||
|
||||
@@ -29,7 +29,7 @@ userRouter.post('/login',
|
||||
const result = await container.loginCommandHandler.execute({ username, password }, res);
|
||||
|
||||
if (result) {
|
||||
logAuth('User login successful', result.user.id, { username: result.user.username }, req, res);
|
||||
logAuth('User login successful', undefined, { username: result.user.username }, req, res);
|
||||
res.json(result);
|
||||
} else {
|
||||
throw new Error(`Login failed: ${result}`);
|
||||
@@ -80,7 +80,6 @@ userRouter.post('/create',
|
||||
const result = await container.createUserCommandHandler.execute(req.body);
|
||||
|
||||
logRequest('User created successfully', req, res, {
|
||||
userId: result.id,
|
||||
username: result.username
|
||||
});
|
||||
|
||||
|
||||
@@ -5,9 +5,7 @@ import { BaseMapper } from './BaseMapper';
|
||||
export class UserMapper {
|
||||
static toShortDto(user: UserAggregate): ShortUserDto {
|
||||
return {
|
||||
id: user.id,
|
||||
username: user.username,
|
||||
state: user.state,
|
||||
authLevel: (user.state === UserState.ADMIN ? 1 : 0) as 0 | 1,
|
||||
};
|
||||
}
|
||||
|
||||
@@ -10,9 +10,7 @@ export interface UpdateUserDto {
|
||||
}
|
||||
|
||||
export interface ShortUserDto {
|
||||
id: string;
|
||||
username: string;
|
||||
state: number;
|
||||
authLevel: 0 | 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,8 +11,8 @@ import { Response } from 'express';
|
||||
|
||||
export interface LoginResponse {
|
||||
user: ShortUserDto;
|
||||
token: string;
|
||||
refreshToken: string;
|
||||
token?: string;
|
||||
refreshToken?: string;
|
||||
requiresOrgReauth?: boolean;
|
||||
orgLoginUrl?: string;
|
||||
organizationName?: string;
|
||||
@@ -114,10 +114,12 @@ export class LoginCommandHandler {
|
||||
const responseObj = res || mockRes;
|
||||
|
||||
// Check if client prefers Bearer token authentication
|
||||
const prefersBearerAuth = res && (
|
||||
const isWebClient = res?.req?.headers['origin'] || res?.req?.headers['referer'];
|
||||
const explicitBearerRequest = res?.req?.headers['x-auth-method'] === 'bearer';
|
||||
|
||||
const prefersBearerAuth = res && !isWebClient && (
|
||||
res.req?.headers['authorization'] !== undefined ||
|
||||
res.req?.headers['x-auth-method'] === 'bearer' ||
|
||||
res.req?.headers['accept']?.includes('application/json')
|
||||
explicitBearerRequest
|
||||
);
|
||||
|
||||
let tokenPair: any;
|
||||
@@ -168,12 +170,19 @@ export class LoginCommandHandler {
|
||||
organizationName,
|
||||
totalLoginTime: Date.now() - startTime
|
||||
});
|
||||
|
||||
const response: LoginResponse = {
|
||||
user: UserMapper.toShortDto(user),
|
||||
token: tokenPair.accessToken,
|
||||
refreshToken: tokenPair.refreshToken
|
||||
};
|
||||
let response: LoginResponse;
|
||||
if (prefersBearerAuth){
|
||||
response = {
|
||||
user: UserMapper.toShortDto(user),
|
||||
token: tokenPair.accessToken,
|
||||
refreshToken: tokenPair.refreshToken
|
||||
};
|
||||
}
|
||||
else {
|
||||
response = {
|
||||
user: UserMapper.toShortDto(user)
|
||||
};
|
||||
}
|
||||
|
||||
if (requiresOrgReauth) {
|
||||
response.requiresOrgReauth = true;
|
||||
|
||||
Reference in New Issue
Block a user