[FEATURE]: Authentication (Frontend & Frontend BO)

[helabenkhalfallah]

✨ Description

Authentication interfaces for both the Vitality frontend application and the frontend of the Backoffice (BO), with a focus on protecting source code privacy.

🚀 Motivation

By controlling access to projects, the authentication system ensures that only authorized users can configure and view sensitive source code and reports, preserving their confidentiality and integrity.

📝 Proposed Solution

The Frontend and Frontend BO are the only components directly exposed to users, the authentication layer should be implemented primarily on the BFF side.

How the authentication flow would work:

• User Authentication: The user interacts with the authentication interface on the Frontend or Frontend BO.
• BFF Authentication: The Frontend/Frontend BO sends authentication requests (e.g., login) to the BFF.
• Authentication Backend: The BFF communicates with the authentication backend to verify user credentials.
• Token Generation: Upon successful authentication, the authentication backend generates an access token (e.g., JWT).
• Token Validation: The BFF validates the token and grants access to the requested resources (project data, analysis reports, etc.).

Verify that all Frontend & Frontend BO routes are protected.

Along with Apollo Server Authentication, we can use passportjs:

const server = new ApolloServer({
  typeDefs,
  resolvers,
  context: async ({ req }) => {
    // Authenticate the user using Passport.js
    let user = null;
    try {
      user = await new Promise((resolve, reject) => {
        passport.authenticate('jwt', { session: false }, (err, user) => {
          if (err) reject(err);
          resolve(user);
        })(req);
      });
    } catch (error) {
      console.error('Authentication error:', error); 
    }

    return { user }; 
  },
});

🔗 Relevant Links (if any)

• https://www.apollographql.com/docs/apollo-server/security/authentication
• https://www.apollographql.com/docs/react/networking/authentication
• https://github.com/helabenkhalfallah/node-express-mongoose-sqlize/blob/master/passport/passport.js
• https://www.passportjs.org/

[helabenkhalfallah]

Frontend:

• Create UI for authentication: create account/login/logout/password forget/token
• BFF authentication: create account/login/logout/password forget/token

Frontend BO:

• Authentication UI exists. You should connect this files to BFF: https://github.com/ekino/v6y/blob/main/src/v6y-front-bo/src/infrastructure/providers/GraphQLProvider.ts#L30

• Use the same BFF authentication as the Frontend.

Final result: All Frontend and Frontend BO screens should been protected with authentication access.

Inspirational examples: https://github.com/ekino/v6y/blob/main/src/v6y-front-bo/src/app/page.tsx#L11 https://github.com/ekino/v6y/blob/main/src/v6y-front-bo/src/app/v6y-faqs/layout.tsx#L6 https://gitlab.ekino.com/renault/mfs/myze-battery/-/blob/main/apps/front/components/ProtectedRoute.tsx#L7

"use client";

import { useRouter } from "next/navigation";
import { useEffect } from "react";
import { useLogin } from "../hooks/useAuth";

export function ProtectedRoute({ children }: React.PropsWithChildren<{}>) {
  const { isLoggedIn, isLoginLoading } = useLogin();
  const router = useRouter();

  useEffect(() => {
    if (!isLoggedIn && !isLoginLoading) {
      router.replace("/");
    }
  }, [isLoggedIn, isLoginLoading, router]);

  return isLoggedIn ? children : null;
}

import { PropsWithChildren } from "react";
import { ProtectedRoute } from "./ProtectedRoute";
import RouteErrorHandler from "./errors/RouteErrorHandler";

type Props = {
  error?: Error | null;
};

export default function RouteWrapper({
  error,
  children,
}: PropsWithChildren<Props>) {
  return (
    <ProtectedRoute>
      <RouteErrorHandler error={error}>{children}</RouteErrorHandler>
    </ProtectedRoute>
  );
}

// https://gitlab.ekino.com/renault/mfs/myze-battery/-/blob/main/apps/front/app/profile/layout.tsx

import { PropsWithChildren } from "react";
import RouteWrapper from "../../components/RouteWrapper";

export default function ProfileLayout({ children }: PropsWithChildren) {
  return (
    <RouteWrapper>
      <div className="flex flex-col items-center h-full pt-10 pb-16 lg:pt-12 lg:pb-16 lg:px-20 bg-backgroundMain">
        <section className="bg-backgroundPrimary flex flex-col px-6 py-8 w-full lg:py-15 lg:px-17">
          {children}
        </section>
      </div>
    </RouteWrapper>
  );
}

"use client";

import { useQuery } from "@tanstack/react-query";
import { useRouter } from "next/navigation";
import { getLogoutUrl, logoutJWT, retrieveJWT } from "@myze/fo-sdk";
import { getFOSDKConfig } from "../helpers/getFOSDKConfig";
import { useStorage } from "./useStorage";

const queryKey = ["jwt"];
const logoutUrl = getLogoutUrl(getFOSDKConfig());

export const useLogin = () => {
  const { isSuccess: isLoggedIn, isLoading: isLoginLoading } = useQuery({
    queryKey,
    queryFn: () => retrieveJWT(window.gigya!),
  });

  return {
    isLoggedIn,
    isLoginLoading,
  };
};

export const useLogout = () => {
  const { replace } = useRouter();
  const { clearStorage } = useStorage();

  const logout = async (): Promise<void> => {
    await logoutJWT(window.gigya!);
    clearStorage();
    replace(logoutUrl);
  };

  return { logout };
};

Dans le frontend:

const { isLoading, data }: VitalityFaqQueryType = useClientQuery({
        queryCacheKey: ['getFaqListByPageAndParams'],
        queryBuilder: async () =>
            buildClientQuery({
                queryBaseUrl: VitalityApiConfig.VITALITY_BFF_URL,
                query: GetFaqListByPageAndParams,
                variables: {},
            }),
    });

[helabenkhalfallah]

Mutation example:

Frontend:

const CreateOrEditApplication = gql`
    mutation CreateOrEditAccount($accountInput: ApplicationCreateOrEditInput!) {
        createOrEditApplication(applicationInput: $applicationInput) {
            _id
        }
    }
`;

Create useMutationAdapter: https://github.com/ekino/v6y/tree/main/src/v6y-front/src/infrastructure/adapters/api

Inside useMutationAdapter, we use TanStackQuery Mutation: https://tanstack.com/query/latest/docs/framework/react/reference/useMutation

export const useClientMutation = <TData = unknown,>({
    mutationCacheKey,
    mutationBuilder,
}: UseClientMutationParams<TData>) => {
    return useMutation<TData, Error>(params);
};

Consume Mutation:

    const {
        isLoading,
        data,
    } = useClientMutation(params);

BFF: 1) Create a folder account 2) Create a type: AccountType 3) Add AccountType to VitalityTypes 4) Add type : CreateOrEditAccountType 5) Add AccountType to CreateOrEditAccountType 6) Add AccountMutationsType 7) Add type : AccountMutationsType 8) Create resolver for each AccountMutationsType function

const createOrEditApplication = async (
    _: unknown,
    params: { applicationInput: ApplicationInputType },
) => {
    try {

9) Add Database model and Provider in v6y-commons/database then export on v6y-commons/index.js 10) Use exposed model and provider in the resolver.

[helabenkhalfallah]

Tasks:

• [x] CRUD dans le BFF: création d'un account (register), édition (edit account), suppression (delete account), logout, login.
• [x] Validation des CRUD dans le BFF: création d'un account (register), édition (edit account), suppression (delete account), logout, login.
• [x] On a besoin d'un autre menu pour la création des accounts dans le BO: faire exactement comme dans la liste des applications.
• [x] Dans le BO, à la création d'un user, il doit avoir la liste des applications et de choisir une application obligatoirement. Un exemple d'inspiration pour afficher des données restituées dans le BO est de voir le menu des dépendances. Je restitue la liste des status depuis le BFF.
• [x] On doit avoir un super-admin qui a accès à toutes les applications, il est ajouté d'une façon statique dans la base.
• [x] Uniquement le super-admin qui peut créer des accounts
• [ ] Frontend: les utilisateurs doivent être crées au préalable dans le BO.

[maelaubert56]

User Account Management

Super Admin:

• Can create and manage admins and users.
• Has full access to the entire back office, including:
  • Creating applications (and other content like FAQ, etc.).
  • Modifying applications, FAQs, and other resources.
  • Managing the overall system.
• Can access both the back office and the front (like users).

Admin:

• Can create and manage users.
• Has access to most back office functionalities, including:
  • Creating applications and users.
  • Modifying applications and other resources (like FAQs).
• Cannot create or modify admins (only the super admin can).
• Can access both the back office and the front (like users).

User:

• Can only access the front.
  • Cannot access the back office.
• Can view and interact with applications and front functionalities.