This PR aims to better the authentication flow while introducing the protection of certain resources to reduce some client errors. For this, I added a few backend and frontend endpoints to determine authentication status and created an AuthenticationContext to allow components to see whether a user is logged in or not. I also introduced middleware to protect resources depending on matchers which checks if a login token exists from the client. Below I list my changes with a bit more elaboration:
Changes
Authentication Context on the Frontend:
Introduced the Authentication Context to determine user authentication status on the frontend.
Middleware for Resource Protection:
Created middleware to protect certain resources, redirecting unauthorized users to the login page.
Error Boundary Enhancement:
Adjusted the error boundary to refresh the page instead of resetting, allowing it to check for authentication status.
Backend Endpoints:
Added two new backend endpoints:
/logout: This endpoint removes any cookies the user currently has, forcing them to log in again.
/login/status: This endpoint checks the user's identity and returns a statusOK response.
Frontend Endpoint:
Added a new frontend endpoint: /login/status, which calls the backend /login/status endpoint and compares the HTTP code with statusOK. It returns a JSON response indicating whether the user is authenticated or not in the form of { isAuthenticated: true | false }.
Navbar Changes:
Added a "Log In" button to the NavBar, replacing the earlier temporary profile picture.
Added a "Log Out" button to the NavBar, which appears based on the current authentication status and redirects the user to BACKEND_API + /logout which then clears all cookies and redirects them to homepage.
Frontend Changes:
Removed the 'isValidUser' checkbox that was previously up as it serves no purpose now.
Removed the temporary profile picture in the NavBar
Adjusted styling to highlight Log In/Log out button in NavBar
Adjusted styling to maintain same height in mobile application gallery in the case of multiple applications
Changed file types of API Routes from tsx to ts as there is no need for JSX elements
Removed redundant checking of ods_login_cookie_nomnom in the API Routes and instead used optional chaining which will write undefined instead of throwing an error
Overview
This PR aims to better the authentication flow while introducing the protection of certain resources to reduce some client errors. For this, I added a few backend and frontend endpoints to determine authentication status and created an AuthenticationContext to allow components to see whether a user is logged in or not. I also introduced middleware to protect resources depending on matchers which checks if a login token exists from the client. Below I list my changes with a bit more elaboration:
Changes
Authentication Context on the Frontend:
Middleware for Resource Protection:
Error Boundary Enhancement:
Backend Endpoints:
/logout
: This endpoint removes any cookies the user currently has, forcing them to log in again./login/status
: This endpoint checks the user's identity and returns astatusOK
response.Frontend Endpoint:
/login/status
, which calls the backend/login/status
endpoint and compares the HTTP code withstatusOK
. It returns a JSON response indicating whether the user is authenticated or not in the form of{ isAuthenticated: true | false }
.Navbar Changes:
BACKEND_API
+/logout
which then clears all cookies and redirects them to homepage.Frontend Changes: