wired up JWT with wundergraph auth

2023-09-04 11:59:58 +02:00 · 2023-09-04 11:59:58 +02:00 · 53e68aa362
commit 53e68aa362
parent 8a4ec6cc73
13 changed files with 84 additions and 116 deletions
--- a/.wundergraph/wundergraph.config.ts
+++ b/.wundergraph/wundergraph.config.ts
@ -59,7 +59,7 @@ configureWunderGraphApplication({
 		tokenBased: {
 			providers: [
 				{
-					userInfoEndpoint: 'http://localhost:3000/api/auth/session',
+					userInfoEndpoint: 'http://localhost:3000/api/wunderauth',
 				},
 			],
 		},
--- a/src/lib/ACCs.svelte
+++ b/src/lib/ACCs.svelte
@ -0,0 +1,25 @@
+<script>
+  let accs = [
+    // Mock data
+    { id: 1, name: "ACC 1" },
+    { id: 2, name: "ACC 2" },
+    { id: 3, name: "ACC 3" },
+  ];
+
+  function createNewACC() {
+    // Logic for creating a new ACC goes here
+    console.log("Create new ACC button clicked");
+  }
+</script>
+
+<div class="p-12">
+  <h1>Access Control Conditions</h1>
+  {#each accs as acc (acc.id)}
+    <p>{acc.name}</p>
+  {/each}
+  <button on:click={createNewACC}>Create New ACC</button>
+</div>
+
+<style>
+  /* Add your Tailwind CSS classes here */
+</style>
--- a/src/lib/JWT.svelte
+++ b/src/lib/JWT.svelte
@ -1,16 +1,17 @@
 <script>
-  import { createJwt } from "$lib/services/createJwt";
+  import { createJWT } from "$lib/services/createJWT";
+  import Cookies from "js-cookie";

  let jwt = "";

-  async function handleClick() {
-    jwt = await createJwt();
+  async function handleCreateClick() {
+    jwt = await createJWT();
+    Cookies.set("token", jwt);
  }
 </script>

 <div class="p-12">
-  <button on:click={handleClick} class="btn variant-filled-primary"
+  <button on:click={handleCreateClick} class="btn variant-filled-primary"
    >Create JWT</button
  >
-  <p class="text-xs">{jwt}</p>
 </div>
--- a/src/lib/Login.svelte
+++ b/src/lib/Login.svelte
@ -1,27 +0,0 @@
-<script>
-  import Cookies from "js-cookie";
-
-  async function login() {
-    const response = await fetch("/api/auth", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        name: "Sam",
-        loggedIn: true,
-        roles: ["admin"],
-      }),
-    });
-    if (!response.ok) {
-      alert("Login failed");
-    } else {
-      let { token } = await response.json();
-      Cookies.set("token", token);
-      alert(`Login Success: ${token}`);
-      console.log(token);
-    }
-  }
-</script>
-
-<button on:click={login} class="btn variant-filled-primary">Login</button>
--- a/src/lib/services/createJWT.ts
+++ b/src/lib/services/createJWT.ts
@ -1,7 +1,7 @@
 import { LitNodeClient } from "@lit-protocol/lit-node-client";
 import type { AccsEVMParams } from "@lit-protocol/types";

-export const createJwt = async () => {
+export const createJWT = async () => {

    const litNodeClient = new LitNodeClient({ litNetwork: "serrano" });
    await litNodeClient.connect();
@ -13,10 +13,10 @@ export const createJwt = async () => {

    const resourceId = {
        baseUrl: "https://localhost:3000/",
-        path: "/wunderauth",
+        path: "wunderauth",
        orgId: "°",
-        role: "admin",
-        extraData: "{loggedIn: true}"
+        role: "owner",
+        extraData: ""
    }

    const sessionSigs = me.sessionSigs;
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@ -31,6 +31,7 @@
  });

  if (token) {
+    console.log("layout jwt token: " + token);
    client.setAuthorizationToken(token);
  }
 </script>
--- a/src/routes/api/auth/+server.ts
+++ b/src/routes/api/auth/+server.ts
@ -1,13 +0,0 @@
-import jwt from 'jsonwebtoken';
-import { error } from '@sveltejs/kit';
-
-const secretKey = process.env.JWT_KEY;
-
-export async function POST({ request }) {
-  const user = await request.json();
-  const token = jwt.sign(user, secretKey);
-  if (!token) {
-    throw error(400, 'No token created.');
-  }
-  return new Response(JSON.stringify({ token }), { status: 200 });
-}
--- a/src/routes/api/auth/session/+server.js
+++ b/src/routes/api/auth/session/+server.js
@ -1,24 +0,0 @@
-// src/routes/api/session/+server.ts
-import jwt from 'jsonwebtoken';
-import { error } from '@sveltejs/kit';
-
-const secretKey = process.env.JWT_KEY;
-
-export async function GET({ request }) {
-  const authHeader = request.headers.get('Authorization');
-  if (!authHeader) {
-    throw error(401, 'No Authorization header provided.');
-  }
-
-  const token = authHeader.split(' ')[1];
-  if (!token) {
-    throw error(401, 'No token provided.');
-  }
-
-  try {
-    const user = jwt.verify(token, secretKey);
-    return new Response(JSON.stringify(user), { status: 200 });
-  } catch (err) {
-    throw error(401, 'Invalid token.');
-  }
-}
--- a/src/routes/api/login/+server.js
+++ b/src/routes/api/login/+server.js
@ -1,13 +0,0 @@
-import jwt from 'jsonwebtoken';
-import { error } from '@sveltejs/kit';
-
-const secretKey = process.env.JWT_KEY;
-
-export async function POST({ request }) {
-  const user = await request.json();
-  const token = jwt.sign(user, secretKey);
-  if (!token) {
-    throw error(400, 'No token created.');
-  }
-  return new Response(JSON.stringify({ token }), { status: 200 });
-}
--- a/src/routes/api/verify/+server.ts
+++ b/src/routes/api/verify/+server.ts
@ -1,15 +0,0 @@
-import { json } from '@sveltejs/kit';
-import { ethers } from 'ethers';
-
-export async function POST({ request }) {
-    const { messageToSign, messageSignature, currentPKP } = await request.json();
-
-    // Verify the signature
-    const jsonString = JSON.stringify(messageToSign);
-    const recoveredAddr = ethers.verifyMessage(jsonString, messageSignature);
-
-    // Check if the address associated with the signature is the same as the current PKP
-    const verified = currentPKP.ethAddress.toLowerCase() === recoveredAddr.toLowerCase();
-
-    return json({ verified }, { status: 200 });
-}
--- a/src/routes/api/wunderauth/+server.ts
+++ b/src/routes/api/wunderauth/+server.ts
@ -0,0 +1,33 @@
+import { verifyJwt } from "@lit-protocol/lit-node-client";
+import { error } from '@sveltejs/kit';
+
+export async function GET({ request }) {
+    const authHeader = request.headers.get('Authorization');
+    if (!authHeader) {
+        throw error(401, 'No Authorization header provided.');
+    }
+
+    const token = authHeader.split(' ')[1];
+    if (!token) {
+        throw error(401, 'No jwt provided.');
+    }
+
+    try {
+        const { payload } = await verifyJwt({ jwt: token });
+        if (
+            payload.baseUrl !== "https://localhost:3000/" ||
+            payload.path !== "wunderauth" ||
+            payload.orgId !== "°" ||
+            payload.role !== "owner" ||
+            payload.extraData !== ""
+        ) {
+            console.log("JWT payload not matching");
+            throw error(401, "JWT payload not macting")
+        }
+        console.log(payload);
+        return new Response(JSON.stringify(payload), { status: 200 });
+    } catch (err) {
+        console.log("JWT error");
+        throw error(401, "JWT payload not machting")
+    }
+}
--- a/src/routes/jwt/+page.svelte
+++ b/src/routes/jwt/+page.svelte
@ -1,5 +1,7 @@
 <script>
+  import AcCs from "$lib/ACCs.svelte";
  import JWT from "$lib/JWT.svelte";
 </script>

 <JWT />
+<!-- <AcCs /> -->
--- a/src/routes/me/+page.svelte
+++ b/src/routes/me/+page.svelte
@ -1,19 +1,16 @@
 <script lang="ts">
  import { createQuery } from "../../lib/wundergraph";
-  import Login from "$lib/Login.svelte";
-  import User from "$lib/User.svelte";
+  import JWT from "$lib/JWT.svelte";

  const projectsQuery = createQuery({
    operationName: "Projects",
  });
 </script>

-<Login />
-<User />
+<div class="w-full h-full overflow-y-auto">
+  <JWT />

-<br />
-Projects
-<div class="results">
+  <div class="w-full h-full results">
    {#if $projectsQuery.isLoading}
      <p>Loading...</p>
    {:else if $projectsQuery.error}
@ -22,3 +19,4 @@ Projects
      <pre>{JSON.stringify($projectsQuery.data, null, 2)}</pre>
    {/if}
  </div>
+</div>