[FEATURE]: Authentication Interface Design (Frontend & Frontend BO)

ekino / v6y

Vitality is a tool crafted to maintain and optimize the health and performance of codebase and applications.

MIT License

2 stars 0 forks source link

[FEATURE]: Authentication Interface Design (Frontend & Frontend BO) #7

Open helabenkhalfallah opened 1 week ago

helabenkhalfallah commented 1 week ago

✨ Description

Authentication interfaces for both the Vitality frontend application and the frontend of the Backoffice (BO), with a focus on protecting source code privacy.

🚀 Motivation

By controlling access to projects, the authentication system ensures that only authorized users can configure and view sensitive source code and reports, preserving their confidentiality and integrity.

📝 Proposed Solution

The Frontend and Frontend BO are the only components directly exposed to users, the authentication layer should be implemented primarily on the BFF side.

How the authentication flow would work:

User Authentication: The user interacts with the authentication interface on the Frontend or Frontend BO.
BFF Authentication: The Frontend/Frontend BO sends authentication requests (e.g., login) to the BFF.
Authentication Backend: The BFF communicates with the authentication backend to verify user credentials.
Token Generation: Upon successful authentication, the authentication backend generates an access token (e.g., JWT).
Token Validation: The BFF validates the token and grants access to the requested resources (project data, analysis reports, etc.).

Verify that all Frontend & Frontend BO routes are protected.

Along with Apollo Server Authentication, we can use passportjs:

const server = new ApolloServer({
  typeDefs,
  resolvers,
  context: async ({ req }) => {
    // Authenticate the user using Passport.js
    let user = null;
    try {
      user = await new Promise((resolve, reject) => {
        passport.authenticate('jwt', { session: false }, (err, user) => {
          if (err) reject(err);
          resolve(user);
        })(req);
      });
    } catch (error) {
      console.error('Authentication error:', error); 
    }

    return { user }; 
  },
});

🔗 Relevant Links (if any)

helabenkhalfallah commented 6 days ago

Frontend:

Create UI for authentication: create account/login/logout/password forget/token
BFF authentication: create account/login/logout/password forget/token

Frontend BO:

Authentication UI exists. You should connect this files to BFF: https://github.com/ekino/v6y/blob/main/src/v6y-front-bo/src/infrastructure/providers/GraphQLProvider.ts#L30
Use the same BFF authentication as the Frontend.

Final result: All Frontend and Frontend BO screens should been protected with authentication access.

Inspirational examples: https://github.com/ekino/v6y/blob/main/src/v6y-front-bo/src/app/page.tsx#L11 https://github.com/ekino/v6y/blob/main/src/v6y-front-bo/src/app/v6y-faqs/layout.tsx#L6 https://gitlab.ekino.com/renault/mfs/myze-battery/-/blob/main/apps/front/components/ProtectedRoute.tsx#L7

"use client";

import { useRouter } from "next/navigation";
import { useEffect } from "react";
import { useLogin } from "../hooks/useAuth";

export function ProtectedRoute({ children }: React.PropsWithChildren<{}>) {
  const { isLoggedIn, isLoginLoading } = useLogin();
  const router = useRouter();

  useEffect(() => {
    if (!isLoggedIn && !isLoginLoading) {
      router.replace("/");
    }
  }, [isLoggedIn, isLoginLoading, router]);

  return isLoggedIn ? children : null;
}

import { PropsWithChildren } from "react";
import { ProtectedRoute } from "./ProtectedRoute";
import RouteErrorHandler from "./errors/RouteErrorHandler";

type Props = {
  error?: Error | null;
};

export default function RouteWrapper({
  error,
  children,
}: PropsWithChildren<Props>) {
  return (
    <ProtectedRoute>
      <RouteErrorHandler error={error}>{children}</RouteErrorHandler>
    </ProtectedRoute>
  );
}

// https://gitlab.ekino.com/renault/mfs/myze-battery/-/blob/main/apps/front/app/profile/layout.tsx

import { PropsWithChildren } from "react";
import RouteWrapper from "../../components/RouteWrapper";

export default function ProfileLayout({ children }: PropsWithChildren) {
  return (
    <RouteWrapper>
      <div className="flex flex-col items-center h-full pt-10 pb-16 lg:pt-12 lg:pb-16 lg:px-20 bg-backgroundMain">
        <section className="bg-backgroundPrimary flex flex-col px-6 py-8 w-full lg:py-15 lg:px-17">
          {children}
        </section>
      </div>
    </RouteWrapper>
  );
}

helabenkhalfallah commented 6 days ago

Mutation example:

Frontend:

const CreateOrEditApplication = gql`
    mutation CreateOrEditAccount($accountInput: ApplicationCreateOrEditInput!) {
        createOrEditApplication(applicationInput: $applicationInput) {
            _id
        }
    }
`;

Create useMutationAdapter: https://github.com/ekino/v6y/tree/main/src/v6y-front/src/infrastructure/adapters/api

Inside useMutationAdapter, we use TanStackQuery Mutation: https://tanstack.com/query/latest/docs/framework/react/reference/useMutation

export const useClientMutation = <TData = unknown,>({
    mutationCacheKey,
    mutationBuilder,
}: UseClientMutationParams<TData>) => {
    return useMutation<TData, Error>(params);
};

Consume Mutation:

    const {
        isLoading,
        data,
    } = useClientMutation(params);

BFF: 1) Create a folder account 2) Create a type: AccountType 3) Add AccountType to VitalityTypes 4) Add type : CreateOrEditAccountType 5) Add AccountType to CreateOrEditAccountType 6) Add AccountMutationsType 7) Add type : AccountMutationsType 8) Create resolver for each AccountMutationsType function

const createOrEditApplication = async (
    _: unknown,
    params: { applicationInput: ApplicationInputType },
) => {
    try {

9) Add Database model and Provider in v6y-commons/database then export on v6y-commons/index.js 10) Use exposed model and provider in the resolver.

helabenkhalfallah commented 6 days ago

Tasks:

[x] CRUD dans le BFF: création d'un account (register), édition (edit account), suppression (delete account), logout, login.
[x] Validation des CRUD dans le BFF: création d'un account (register), édition (edit account), suppression (delete account), logout, login.
[ ] On a besoin d'un autre menu pour la création des accounts dans le BO: faire exactement comme dans la liste des applications.
[ ] Dans le BO, à la création d'un user, il doit avoir la liste des applications et de choisir une application obligatoirement. Un exemple d'inspiration pour afficher des données restituées dans le BO est de voir le menu des dépendances. Je restitue la liste des status depuis le BFF.
[ ] On doit avoir un super-admin qui a accès à toutes les applications, il est ajouté d'une façon statique dans la base.
[ ] Uniquement le super-admin qui peut créer des accounts
[ ] Frontend: les utilisateurs doivent être crées au préalable dans le BO.