From ad85194d4f5622edf7edeecad133b959c585d164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20H=C3=B6gbom=20Aronson?= Date: Mon, 18 Mar 2024 23:21:49 +0100 Subject: [PATCH 01/13] finished docs for user reletaded stucts and added endpoint for listallusers --- backend/docs/docs.go | 87 +++++++++++++++++++ .../handlers/handlers_user_related.go | 53 +++++++---- 2 files changed, 124 insertions(+), 16 deletions(-) diff --git a/backend/docs/docs.go b/backend/docs/docs.go index ac1589c..1898804 100644 --- a/backend/docs/docs.go +++ b/backend/docs/docs.go @@ -106,6 +106,58 @@ const docTemplate = `{ } } }, + "/promoteToAdmin": { + "post": { + "description": "promote chosen user to admin", + "consumes": [ + "application/json" + ], + "produces": [ + "text/plain" + ], + "tags": [ + "User" + ], + "summary": "promote user to admin", + "parameters": [ + { + "description": "user info", + "name": "NewUser", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/types.NewUser" + } + } + ], + "responses": { + "200": { + "description": "Successfully prometed user", + "schema": { + "type": "json" + } + }, + "400": { + "description": "bad request", + "schema": { + "type": "string" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "Internal server error", + "schema": { + "type": "string" + } + } + } + } + }, "/register": { "post": { "description": "Register a new user", @@ -192,6 +244,41 @@ const docTemplate = `{ } } } + }, + "/users/all": { + "get": { + "description": "lists all users", + "consumes": [ + "application/json" + ], + "produces": [ + "text/plain" + ], + "tags": [ + "User" + ], + "summary": "Lists users", + "responses": { + "200": { + "description": "Successfully signed token for user", + "schema": { + "type": "json" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "Internal server error", + "schema": { + "type": "string" + } + } + } + } } }, "definitions": { diff --git a/backend/internal/handlers/handlers_user_related.go b/backend/internal/handlers/handlers_user_related.go index c88d3d3..f5a6f1b 100644 --- a/backend/internal/handlers/handlers_user_related.go +++ b/backend/internal/handlers/handlers_user_related.go @@ -16,10 +16,10 @@ import ( // @Tags User // @Accept json // @Produce plain -// @Param NewUser body types.NewUser true "User to register" -// @Success 200 {string} string "User added" -// @Failure 400 {string} string "Bad request" -// @Failure 500 {string} string "Internal server error" +// @Param NewUser body types.NewUser true "User to register" +// @Success 200 {string} string "User added" +// @Failure 400 {string} string "Bad request" +// @Failure 500 {string} string "Internal server error" // @Router /register [post] func (gs *GState) Register(c *fiber.Ctx) error { u := new(types.NewUser) @@ -45,10 +45,10 @@ func (gs *GState) Register(c *fiber.Ctx) error { // @Tags User // @Accept json // @Produce plain -// @Success 200 {string} string "User deleted" -// @Failure 403 {string} string "You can only delete yourself" -// @Failure 500 {string} string "Internal server error" -// @Failure 401 {string} string "Unauthorized" +// @Success 200 {string} string "User deleted" +// @Failure 403 {string} string "You can only delete yourself" +// @Failure 500 {string} string "Internal server error" +// @Failure 401 {string} string "Unauthorized" // @Router /userdelete/{username} [delete] func (gs *GState) UserDelete(c *fiber.Ctx) error { // Read from path parameters @@ -74,12 +74,12 @@ func (gs *GState) UserDelete(c *fiber.Ctx) error { // @Description logs the user in and returns a jwt token // @Tags User // @Accept json -// @Param NewUser body types.NewUser true "login info" +// @Param NewUser body types.NewUser true "login info" // @Produce plain -// @Success 200 Token types.Token "Successfully signed token for user" -// @Failure 400 {string} string "Bad request" -// @Failure 401 {string} string "Unauthorized" -// @Failure 500 {string} string "Internal server error" +// @Success 200 Token types.Token "Successfully signed token for user" +// @Failure 400 {string} string "Bad request" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" // @Router /login [post] func (gs *GState) Login(c *fiber.Ctx) error { // The body type is identical to a NewUser @@ -125,9 +125,9 @@ func (gs *GState) Login(c *fiber.Ctx) error { // @Tags User // @Accept json // @Produce plain -// @Success 200 Token types.Token "Successfully signed token for user" -// @Failure 401 {string} string "Unauthorized" -// @Failure 500 {string} string "Internal server error" +// @Success 200 Token types.Token "Successfully signed token for user" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" // @Router /loginerenew [post] func (gs *GState) LoginRenew(c *fiber.Ctx) error { // For testing: curl localhost:3000/restricted -H "Authorization: Bearer " @@ -148,6 +148,16 @@ func (gs *GState) LoginRenew(c *fiber.Ctx) error { } // ListAllUsers is a handler that returns a list of all users in the application database +// +// @Summary Lists users +// @Description lists all users +// @Tags User +// @Accept json +// @Produce plain +// @Success 200 {json} json "Successfully signed token for user" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" +// @Router /users/all [get] func (gs *GState) ListAllUsers(c *fiber.Ctx) error { // Get all users from the database users, err := gs.Db.GetAllUsersApplication() @@ -159,6 +169,17 @@ func (gs *GState) ListAllUsers(c *fiber.Ctx) error { return c.JSON(users) } +// @Summary promote user to admin +// @Description promote chosen user to admin +// @Tags User +// @Accept json +// @Produce plain +// @Param NewUser body types.NewUser true "user info" +// @Success 200 {json} json "Successfully prometed user" +// @Failure 400 {string} string "bad request" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" +// @Router /promoteToAdmin [post] func (gs *GState) PromoteToAdmin(c *fiber.Ctx) error { // Extract the username from the request body var newUser types.NewUser From 8711f9a20d93a22ec1d24913b3c59f0b5e518b47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20H=C3=B6gbom=20Aronson?= Date: Tue, 19 Mar 2024 00:27:31 +0100 Subject: [PATCH 02/13] tyding up and tryinng to get tokens in docs to work --- backend/docs/docs.go | 22 ++++++++++++++----- .../handlers/handlers_user_related.go | 11 +++++----- backend/main.go | 6 ++++- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/backend/docs/docs.go b/backend/docs/docs.go index 1898804..322c812 100644 --- a/backend/docs/docs.go +++ b/backend/docs/docs.go @@ -73,6 +73,11 @@ const docTemplate = `{ }, "/loginerenew": { "post": { + "security": [ + { + "bererToken": [] + } + ], "description": "renews the users token", "consumes": [ "application/json" @@ -83,7 +88,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "renews the users token", + "summary": "LoginRenews", "responses": { "200": { "description": "Successfully signed token for user", @@ -118,7 +123,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "promote user to admin", + "summary": "PromoteToAdmin", "parameters": [ { "description": "user info", @@ -170,7 +175,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "Register a new user", + "summary": "Register", "parameters": [ { "description": "User to register", @@ -216,7 +221,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "Deletes a user", + "summary": "UserDelete", "responses": { "200": { "description": "User deleted", @@ -257,7 +262,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "Lists users", + "summary": "ListsAllUsers", "responses": { "200": { "description": "Successfully signed token for user", @@ -294,6 +299,13 @@ const docTemplate = `{ } } }, + "securityDefinitions": { + "bererToken": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } + }, "externalDocs": { "description": "OpenAPI", "url": "https://swagger.io/resources/open-api/" diff --git a/backend/internal/handlers/handlers_user_related.go b/backend/internal/handlers/handlers_user_related.go index f5a6f1b..943a977 100644 --- a/backend/internal/handlers/handlers_user_related.go +++ b/backend/internal/handlers/handlers_user_related.go @@ -11,7 +11,7 @@ import ( // Register is a simple handler that registers a new user // -// @Summary Register a new user +// @Summary Register // @Description Register a new user // @Tags User // @Accept json @@ -40,7 +40,7 @@ func (gs *GState) Register(c *fiber.Ctx) error { // This path should obviously be protected in the future // UserDelete deletes a user from the database // -// @Summary Deletes a user +// @Summary UserDelete // @Description UserDelete deletes a user from the database // @Tags User // @Accept json @@ -120,8 +120,9 @@ func (gs *GState) Login(c *fiber.Ctx) error { // LoginRenew is a simple handler that renews the token // -// @Summary renews the users token +// @Summary LoginRenews // @Description renews the users token +// @Security bererToken // @Tags User // @Accept json // @Produce plain @@ -149,7 +150,7 @@ func (gs *GState) LoginRenew(c *fiber.Ctx) error { // ListAllUsers is a handler that returns a list of all users in the application database // -// @Summary Lists users +// @Summary ListsAllUsers // @Description lists all users // @Tags User // @Accept json @@ -169,7 +170,7 @@ func (gs *GState) ListAllUsers(c *fiber.Ctx) error { return c.JSON(users) } -// @Summary promote user to admin +// @Summary PromoteToAdmin // @Description promote chosen user to admin // @Tags User // @Accept json diff --git a/backend/main.go b/backend/main.go index 3e2fb75..c19533e 100644 --- a/backend/main.go +++ b/backend/main.go @@ -22,6 +22,10 @@ import ( // @license.name AGPL // @license.url https://www.gnu.org/licenses/agpl-3.0.html +//@securityDefinitions.apikey bererToken +//@in header +//@name Authorization + // @host localhost:8080 // @BasePath /api @@ -83,7 +87,7 @@ func main() { server.Post("/api/signReport", gs.SignReport) server.Put("/api/addUserToProject", gs.AddUserToProjectHandler) server.Post("/api/promoteToAdmin", gs.PromoteToAdmin) - + server.Get("/api/users/all", gs.ListAllUsers) // Announce the port we are listening on and start the server err = server.Listen(fmt.Sprintf(":%d", conf.Port)) if err != nil { From 7e4e35f597a54ccb4151e2574e347efdb6ef56e5 Mon Sep 17 00:00:00 2001 From: Imbus <> Date: Tue, 19 Mar 2024 00:30:25 +0100 Subject: [PATCH 03/13] Silencing python testing, optional verbose output --- testing.py | 67 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/testing.py b/testing.py index 1eea03b..71b614e 100644 --- a/testing.py +++ b/testing.py @@ -2,6 +2,11 @@ import requests import string import random +debug_output = False + +def dprint(*args, **kwargs): + if debug_output: + print(*args, **kwargs) def randomString(len=10): """Generate a random string of fixed length""" @@ -31,7 +36,7 @@ getUserProjectsPath = base_url + "/api/getUserProjects" def test_get_user_projects(): - print("Testing get user projects") + dprint("Testing get user projects") loginResponse = login("user2", "123") # Check if the user is added to the project response = requests.get( @@ -39,29 +44,29 @@ def test_get_user_projects(): json={"username": "user2"}, headers={"Authorization": "Bearer " + loginResponse.json()["token"]}, ) - print(response.text) - print(response.json()) + dprint(response.text) + dprint(response.json()) assert response.status_code == 200, "Get user projects failed" - print("got user projects successfully") + dprint("got user projects successfully") # Posts the username and password to the register endpoint def register(username: string, password: string): - print("Registering with username: ", username, " and password: ", password) + dprint("Registering with username: ", username, " and password: ", password) response = requests.post( registerPath, json={"username": username, "password": password} ) - print(response.text) + dprint(response.text) return response # Posts the username and password to the login endpoint def login(username: string, password: string): - print("Logging in with username: ", username, " and password: ", password) + dprint("Logging in with username: ", username, " and password: ", password) response = requests.post( loginPath, json={"username": username, "password": password} ) - print(response.text) + dprint(response.text) return response @@ -69,7 +74,7 @@ def login(username: string, password: string): def test_login(): response = login(username, "always_same") assert response.status_code == 200, "Login failed" - print("Login successful") + dprint("Login successful") return response.json()["token"] @@ -77,8 +82,7 @@ def test_login(): def test_create_user(): response = register(username, "always_same") assert response.status_code == 200, "Registration failed" - print("Registration successful") - + dprint("Registration successful") # Test function to add a project def test_add_project(): @@ -89,10 +93,9 @@ def test_add_project(): json={"name": projectName, "description": "This is a project"}, headers={"Authorization": "Bearer " + token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Add project failed" - print("Add project successful") - + dprint("Add project successful") # Test function to submit a report def test_submit_report(): @@ -111,10 +114,9 @@ def test_submit_report(): }, headers={"Authorization": "Bearer " + token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Submit report failed" - print("Submit report successful") - + dprint("Submit report successful") # Test function to get a weekly report def test_get_weekly_report(): @@ -124,7 +126,7 @@ def test_get_weekly_report(): headers={"Authorization": "Bearer " + token}, params={"username": username, "projectName": projectName, "week": 1}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Get weekly report failed" @@ -135,7 +137,7 @@ def test_get_project(): getProjectPath + "/1", # Assumes that the project with id 1 exists headers={"Authorization": "Bearer " + token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Get project failed" @@ -144,13 +146,13 @@ def test_add_user_to_project(): # Log in as a site admin admin_username = randomString() admin_password = "admin_password" - print( + dprint( "Registering with username: ", admin_username, " and password: ", admin_password ) response = requests.post( registerPath, json={"username": admin_username, "password": admin_password} ) - print(response.text) + dprint(response.text) admin_token = login(admin_username, admin_password).json()["token"] response = requests.post( @@ -158,9 +160,9 @@ def test_add_user_to_project(): json={"username": admin_username}, headers={"Authorization": "Bearer " + admin_token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Promote to site admin failed" - print("Admin promoted to site admin successfully") + dprint("Admin promoted to site admin successfully") # Create a new user to add to the project new_user = randomString() @@ -173,10 +175,9 @@ def test_add_user_to_project(): headers={"Authorization": "Bearer " + admin_token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Add user to project failed" - print("Add user to project successful") - + dprint("Add user to project successful") # Test function to sign a report def test_sign_report(): @@ -187,13 +188,13 @@ def test_sign_report(): # Register an admin admin_username = randomString() admin_password = "admin_password2" - print( + dprint( "Registering with username: ", admin_username, " and password: ", admin_password ) response = requests.post( registerPath, json={"username": admin_username, "password": admin_password} ) - print(response.text) + dprint(response.text) # Log in as the admin admin_token = login(admin_username, admin_password).json()["token"] @@ -213,7 +214,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + admin_token}, ) assert response.status_code == 200, "Add project manager to project failed" - print("Project manager added to project successfully") + dprint("Project manager added to project successfully") # Log in as the project manager project_manager_token = login(project_manager, "project_manager_password").json()[ @@ -237,7 +238,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + token}, ) assert response.status_code == 200, "Submit report failed" - print("Submit report successful") + dprint("Submit report successful") # Retrieve the report ID response = requests.get( @@ -245,7 +246,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + token}, params={"username": username, "projectName": projectName, "week": 1}, ) - print(response.text) + dprint(response.text) report_id = response.json()["reportId"] # Sign the report as the project manager @@ -255,7 +256,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + project_manager_token}, ) assert response.status_code == 200, "Sign report failed" - print("Sign report successful") + dprint("Sign report successful") # Retrieve the report ID again for confirmation response = requests.get( @@ -263,7 +264,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + token}, params={"username": username, "projectName": projectName, "week": 1}, ) - print(response.text) + dprint(response.text) if __name__ == "__main__": From 3e35586bbea83e73c83a61c1ff6a10a1014f16d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20H=C3=B6gbom=20Aronson?= Date: Mon, 18 Mar 2024 23:21:49 +0100 Subject: [PATCH 04/13] finished docs for user reletaded stucts and added endpoint for listallusers --- backend/docs/docs.go | 87 +++++++++++++++++++ .../handlers/handlers_user_related.go | 53 +++++++---- 2 files changed, 124 insertions(+), 16 deletions(-) diff --git a/backend/docs/docs.go b/backend/docs/docs.go index ac1589c..1898804 100644 --- a/backend/docs/docs.go +++ b/backend/docs/docs.go @@ -106,6 +106,58 @@ const docTemplate = `{ } } }, + "/promoteToAdmin": { + "post": { + "description": "promote chosen user to admin", + "consumes": [ + "application/json" + ], + "produces": [ + "text/plain" + ], + "tags": [ + "User" + ], + "summary": "promote user to admin", + "parameters": [ + { + "description": "user info", + "name": "NewUser", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/types.NewUser" + } + } + ], + "responses": { + "200": { + "description": "Successfully prometed user", + "schema": { + "type": "json" + } + }, + "400": { + "description": "bad request", + "schema": { + "type": "string" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "Internal server error", + "schema": { + "type": "string" + } + } + } + } + }, "/register": { "post": { "description": "Register a new user", @@ -192,6 +244,41 @@ const docTemplate = `{ } } } + }, + "/users/all": { + "get": { + "description": "lists all users", + "consumes": [ + "application/json" + ], + "produces": [ + "text/plain" + ], + "tags": [ + "User" + ], + "summary": "Lists users", + "responses": { + "200": { + "description": "Successfully signed token for user", + "schema": { + "type": "json" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "Internal server error", + "schema": { + "type": "string" + } + } + } + } } }, "definitions": { diff --git a/backend/internal/handlers/handlers_user_related.go b/backend/internal/handlers/handlers_user_related.go index 1d94270..1ed6bd4 100644 --- a/backend/internal/handlers/handlers_user_related.go +++ b/backend/internal/handlers/handlers_user_related.go @@ -17,10 +17,10 @@ import ( // @Tags User // @Accept json // @Produce plain -// @Param NewUser body types.NewUser true "User to register" -// @Success 200 {string} string "User added" -// @Failure 400 {string} string "Bad request" -// @Failure 500 {string} string "Internal server error" +// @Param NewUser body types.NewUser true "User to register" +// @Success 200 {string} string "User added" +// @Failure 400 {string} string "Bad request" +// @Failure 500 {string} string "Internal server error" // @Router /register [post] func (gs *GState) Register(c *fiber.Ctx) error { u := new(types.NewUser) @@ -47,10 +47,10 @@ func (gs *GState) Register(c *fiber.Ctx) error { // @Tags User // @Accept json // @Produce plain -// @Success 200 {string} string "User deleted" -// @Failure 403 {string} string "You can only delete yourself" -// @Failure 500 {string} string "Internal server error" -// @Failure 401 {string} string "Unauthorized" +// @Success 200 {string} string "User deleted" +// @Failure 403 {string} string "You can only delete yourself" +// @Failure 500 {string} string "Internal server error" +// @Failure 401 {string} string "Unauthorized" // @Router /userdelete/{username} [delete] func (gs *GState) UserDelete(c *fiber.Ctx) error { // Read from path parameters @@ -79,12 +79,12 @@ func (gs *GState) UserDelete(c *fiber.Ctx) error { // @Description logs the user in and returns a jwt token // @Tags User // @Accept json -// @Param NewUser body types.NewUser true "login info" +// @Param NewUser body types.NewUser true "login info" // @Produce plain -// @Success 200 Token types.Token "Successfully signed token for user" -// @Failure 400 {string} string "Bad request" -// @Failure 401 {string} string "Unauthorized" -// @Failure 500 {string} string "Internal server error" +// @Success 200 Token types.Token "Successfully signed token for user" +// @Failure 400 {string} string "Bad request" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" // @Router /login [post] func (gs *GState) Login(c *fiber.Ctx) error { // The body type is identical to a NewUser @@ -130,9 +130,9 @@ func (gs *GState) Login(c *fiber.Ctx) error { // @Tags User // @Accept json // @Produce plain -// @Success 200 Token types.Token "Successfully signed token for user" -// @Failure 401 {string} string "Unauthorized" -// @Failure 500 {string} string "Internal server error" +// @Success 200 Token types.Token "Successfully signed token for user" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" // @Router /loginerenew [post] func (gs *GState) LoginRenew(c *fiber.Ctx) error { user := c.Locals("user").(*jwt.Token) @@ -158,6 +158,16 @@ func (gs *GState) LoginRenew(c *fiber.Ctx) error { } // ListAllUsers is a handler that returns a list of all users in the application database +// +// @Summary Lists users +// @Description lists all users +// @Tags User +// @Accept json +// @Produce plain +// @Success 200 {json} json "Successfully signed token for user" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" +// @Router /users/all [get] func (gs *GState) ListAllUsers(c *fiber.Ctx) error { // Get all users from the database users, err := gs.Db.GetAllUsersApplication() @@ -171,6 +181,17 @@ func (gs *GState) ListAllUsers(c *fiber.Ctx) error { return c.JSON(users) } +// @Summary promote user to admin +// @Description promote chosen user to admin +// @Tags User +// @Accept json +// @Produce plain +// @Param NewUser body types.NewUser true "user info" +// @Success 200 {json} json "Successfully prometed user" +// @Failure 400 {string} string "bad request" +// @Failure 401 {string} string "Unauthorized" +// @Failure 500 {string} string "Internal server error" +// @Router /promoteToAdmin [post] func (gs *GState) PromoteToAdmin(c *fiber.Ctx) error { // Extract the username from the request body var newUser types.NewUser From 9ce70e74e922279f4881407b49b096ba5a4681fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20H=C3=B6gbom=20Aronson?= Date: Tue, 19 Mar 2024 00:27:31 +0100 Subject: [PATCH 05/13] tyding up and tryinng to get tokens in docs to work --- backend/docs/docs.go | 22 ++++++++++++++----- .../handlers/handlers_user_related.go | 11 +++++----- backend/main.go | 6 ++++- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/backend/docs/docs.go b/backend/docs/docs.go index 1898804..322c812 100644 --- a/backend/docs/docs.go +++ b/backend/docs/docs.go @@ -73,6 +73,11 @@ const docTemplate = `{ }, "/loginerenew": { "post": { + "security": [ + { + "bererToken": [] + } + ], "description": "renews the users token", "consumes": [ "application/json" @@ -83,7 +88,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "renews the users token", + "summary": "LoginRenews", "responses": { "200": { "description": "Successfully signed token for user", @@ -118,7 +123,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "promote user to admin", + "summary": "PromoteToAdmin", "parameters": [ { "description": "user info", @@ -170,7 +175,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "Register a new user", + "summary": "Register", "parameters": [ { "description": "User to register", @@ -216,7 +221,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "Deletes a user", + "summary": "UserDelete", "responses": { "200": { "description": "User deleted", @@ -257,7 +262,7 @@ const docTemplate = `{ "tags": [ "User" ], - "summary": "Lists users", + "summary": "ListsAllUsers", "responses": { "200": { "description": "Successfully signed token for user", @@ -294,6 +299,13 @@ const docTemplate = `{ } } }, + "securityDefinitions": { + "bererToken": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } + }, "externalDocs": { "description": "OpenAPI", "url": "https://swagger.io/resources/open-api/" diff --git a/backend/internal/handlers/handlers_user_related.go b/backend/internal/handlers/handlers_user_related.go index 1ed6bd4..96fddb7 100644 --- a/backend/internal/handlers/handlers_user_related.go +++ b/backend/internal/handlers/handlers_user_related.go @@ -12,7 +12,7 @@ import ( // Register is a simple handler that registers a new user // -// @Summary Register a new user +// @Summary Register // @Description Register a new user // @Tags User // @Accept json @@ -42,7 +42,7 @@ func (gs *GState) Register(c *fiber.Ctx) error { // This path should obviously be protected in the future // UserDelete deletes a user from the database // -// @Summary Deletes a user +// @Summary UserDelete // @Description UserDelete deletes a user from the database // @Tags User // @Accept json @@ -125,8 +125,9 @@ func (gs *GState) Login(c *fiber.Ctx) error { // LoginRenew is a simple handler that renews the token // -// @Summary renews the users token +// @Summary LoginRenews // @Description renews the users token +// @Security bererToken // @Tags User // @Accept json // @Produce plain @@ -159,7 +160,7 @@ func (gs *GState) LoginRenew(c *fiber.Ctx) error { // ListAllUsers is a handler that returns a list of all users in the application database // -// @Summary Lists users +// @Summary ListsAllUsers // @Description lists all users // @Tags User // @Accept json @@ -181,7 +182,7 @@ func (gs *GState) ListAllUsers(c *fiber.Ctx) error { return c.JSON(users) } -// @Summary promote user to admin +// @Summary PromoteToAdmin // @Description promote chosen user to admin // @Tags User // @Accept json diff --git a/backend/main.go b/backend/main.go index 9abe995..76c5f99 100644 --- a/backend/main.go +++ b/backend/main.go @@ -23,6 +23,10 @@ import ( // @license.name AGPL // @license.url https://www.gnu.org/licenses/agpl-3.0.html +//@securityDefinitions.apikey bererToken +//@in header +//@name Authorization + // @host localhost:8080 // @BasePath /api @@ -89,7 +93,7 @@ func main() { server.Post("/api/signReport", gs.SignReport) server.Put("/api/addUserToProject", gs.AddUserToProjectHandler) server.Post("/api/promoteToAdmin", gs.PromoteToAdmin) - + server.Get("/api/users/all", gs.ListAllUsers) // Announce the port we are listening on and start the server err = server.Listen(fmt.Sprintf(":%d", conf.Port)) if err != nil { From b174ec8922aa7761ba5095f64ea2752aa3f10d06 Mon Sep 17 00:00:00 2001 From: Imbus <> Date: Tue, 19 Mar 2024 00:41:30 +0100 Subject: [PATCH 06/13] Rename for clarity and consistensy with TS api --- backend/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/main.go b/backend/main.go index 76c5f99..e578c52 100644 --- a/backend/main.go +++ b/backend/main.go @@ -83,7 +83,7 @@ func main() { })) // Protected routes (require a valid JWT bearer token authentication header) - server.Post("/api/submitReport", gs.SubmitWeeklyReport) + server.Post("/api/submitWeeklyReport", gs.SubmitWeeklyReport) server.Get("/api/getUserProjects", gs.GetUserProjects) server.Post("/api/loginrenew", gs.LoginRenew) server.Delete("/api/userdelete/:username", gs.UserDelete) // Perhaps just use POST to avoid headaches From c03be8c5d91d8c1bb5b15a9292e7a6c575c2629f Mon Sep 17 00:00:00 2001 From: Imbus <> Date: Tue, 19 Mar 2024 00:46:28 +0100 Subject: [PATCH 07/13] Path rename in python testing script --- testing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing.py b/testing.py index 1eea03b..ffadb56 100644 --- a/testing.py +++ b/testing.py @@ -20,7 +20,7 @@ base_url = "http://localhost:8080" registerPath = base_url + "/api/register" loginPath = base_url + "/api/login" addProjectPath = base_url + "/api/project" -submitReportPath = base_url + "/api/submitReport" +submitReportPath = base_url + "/api/submitWeeklyReport" getWeeklyReportPath = base_url + "/api/getWeeklyReport" getProjectPath = base_url + "/api/project" signReportPath = base_url + "/api/signReport" From 0217f2b51259d6b1fd29e2cd8a65a0ffa6fd5bbf Mon Sep 17 00:00:00 2001 From: borean Date: Tue, 19 Mar 2024 01:10:02 +0100 Subject: [PATCH 08/13] AddProject changed so that user is promoted to projectmanager --- backend/internal/database/db.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/backend/internal/database/db.go b/backend/internal/database/db.go index 25dd04b..e95ae4c 100644 --- a/backend/internal/database/db.go +++ b/backend/internal/database/db.go @@ -201,8 +201,15 @@ func (d *Db) GetProjectId(projectname string) (int, error) { // Creates a new project in the database, associated with a user func (d *Db) AddProject(name string, description string, username string) error { - _, err := d.Exec(projectInsert, name, description, username) - return err + _, err1 := d.Exec(projectInsert, name, description, username) + + // Immediately promotes said user to project manager + err2 := d.ChangeUserRole(username, name, "project_manager") + if err2 != nil { + panic(err2) + } + + return err1 } func (d *Db) GetAllUsersProject(projectname string) ([]UserProjectMember, error) { From 5bcca0202b1c6ed1285ee86a6e1bc56c62fa9fc7 Mon Sep 17 00:00:00 2001 From: Imbus <> Date: Tue, 19 Mar 2024 01:12:14 +0100 Subject: [PATCH 09/13] Better test feedback in python script --- testing.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/testing.py b/testing.py index 71b614e..f4666a7 100644 --- a/testing.py +++ b/testing.py @@ -4,6 +4,11 @@ import random debug_output = False +def gprint(*args, **kwargs): + print("\033[92m", *args, "\033[00m", **kwargs) + +print("Running Tests...") + def dprint(*args, **kwargs): if debug_output: print(*args, **kwargs) @@ -47,7 +52,7 @@ def test_get_user_projects(): dprint(response.text) dprint(response.json()) assert response.status_code == 200, "Get user projects failed" - dprint("got user projects successfully") + gprint("test_get_user_projects successful") # Posts the username and password to the register endpoint @@ -75,6 +80,7 @@ def test_login(): response = login(username, "always_same") assert response.status_code == 200, "Login failed" dprint("Login successful") + gprint("test_login successful") return response.json()["token"] @@ -82,7 +88,7 @@ def test_login(): def test_create_user(): response = register(username, "always_same") assert response.status_code == 200, "Registration failed" - dprint("Registration successful") + gprint("test_create_user successful") # Test function to add a project def test_add_project(): @@ -95,7 +101,7 @@ def test_add_project(): ) dprint(response.text) assert response.status_code == 200, "Add project failed" - dprint("Add project successful") + gprint("test_add_project successful") # Test function to submit a report def test_submit_report(): @@ -116,7 +122,7 @@ def test_submit_report(): ) dprint(response.text) assert response.status_code == 200, "Submit report failed" - dprint("Submit report successful") + gprint("test_submit_report successful") # Test function to get a weekly report def test_get_weekly_report(): @@ -128,6 +134,7 @@ def test_get_weekly_report(): ) dprint(response.text) assert response.status_code == 200, "Get weekly report failed" + gprint("test_get_weekly_report successful") # Tests getting a project by id @@ -139,6 +146,7 @@ def test_get_project(): ) dprint(response.text) assert response.status_code == 200, "Get project failed" + gprint("test_get_project successful") # Test function to add a user to a project @@ -177,7 +185,7 @@ def test_add_user_to_project(): dprint(response.text) assert response.status_code == 200, "Add user to project failed" - dprint("Add user to project successful") + gprint("test_add_user_to_project successful") # Test function to sign a report def test_sign_report(): @@ -265,6 +273,7 @@ def test_sign_report(): params={"username": username, "projectName": projectName, "week": 1}, ) dprint(response.text) + gprint("test_sign_report successful") if __name__ == "__main__": From 58d9001be3e79275e14d8ab4e1fe2dabc453d67a Mon Sep 17 00:00:00 2001 From: borean Date: Tue, 19 Mar 2024 01:10:02 +0100 Subject: [PATCH 10/13] AddProject changed so that user is promoted to projectmanager --- backend/internal/database/db.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/backend/internal/database/db.go b/backend/internal/database/db.go index 25dd04b..e95ae4c 100644 --- a/backend/internal/database/db.go +++ b/backend/internal/database/db.go @@ -201,8 +201,15 @@ func (d *Db) GetProjectId(projectname string) (int, error) { // Creates a new project in the database, associated with a user func (d *Db) AddProject(name string, description string, username string) error { - _, err := d.Exec(projectInsert, name, description, username) - return err + _, err1 := d.Exec(projectInsert, name, description, username) + + // Immediately promotes said user to project manager + err2 := d.ChangeUserRole(username, name, "project_manager") + if err2 != nil { + panic(err2) + } + + return err1 } func (d *Db) GetAllUsersProject(projectname string) ([]UserProjectMember, error) { From e498f0ed6380c06d61018cfca42c1ba88f06d545 Mon Sep 17 00:00:00 2001 From: Imbus <> Date: Tue, 19 Mar 2024 00:30:25 +0100 Subject: [PATCH 11/13] Silencing python testing, optional verbose output --- testing.py | 67 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/testing.py b/testing.py index ffadb56..f1e17c0 100644 --- a/testing.py +++ b/testing.py @@ -2,6 +2,11 @@ import requests import string import random +debug_output = False + +def dprint(*args, **kwargs): + if debug_output: + print(*args, **kwargs) def randomString(len=10): """Generate a random string of fixed length""" @@ -31,7 +36,7 @@ getUserProjectsPath = base_url + "/api/getUserProjects" def test_get_user_projects(): - print("Testing get user projects") + dprint("Testing get user projects") loginResponse = login("user2", "123") # Check if the user is added to the project response = requests.get( @@ -39,29 +44,29 @@ def test_get_user_projects(): json={"username": "user2"}, headers={"Authorization": "Bearer " + loginResponse.json()["token"]}, ) - print(response.text) - print(response.json()) + dprint(response.text) + dprint(response.json()) assert response.status_code == 200, "Get user projects failed" - print("got user projects successfully") + dprint("got user projects successfully") # Posts the username and password to the register endpoint def register(username: string, password: string): - print("Registering with username: ", username, " and password: ", password) + dprint("Registering with username: ", username, " and password: ", password) response = requests.post( registerPath, json={"username": username, "password": password} ) - print(response.text) + dprint(response.text) return response # Posts the username and password to the login endpoint def login(username: string, password: string): - print("Logging in with username: ", username, " and password: ", password) + dprint("Logging in with username: ", username, " and password: ", password) response = requests.post( loginPath, json={"username": username, "password": password} ) - print(response.text) + dprint(response.text) return response @@ -69,7 +74,7 @@ def login(username: string, password: string): def test_login(): response = login(username, "always_same") assert response.status_code == 200, "Login failed" - print("Login successful") + dprint("Login successful") return response.json()["token"] @@ -77,8 +82,7 @@ def test_login(): def test_create_user(): response = register(username, "always_same") assert response.status_code == 200, "Registration failed" - print("Registration successful") - + dprint("Registration successful") # Test function to add a project def test_add_project(): @@ -89,10 +93,9 @@ def test_add_project(): json={"name": projectName, "description": "This is a project"}, headers={"Authorization": "Bearer " + token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Add project failed" - print("Add project successful") - + dprint("Add project successful") # Test function to submit a report def test_submit_report(): @@ -111,10 +114,9 @@ def test_submit_report(): }, headers={"Authorization": "Bearer " + token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Submit report failed" - print("Submit report successful") - + dprint("Submit report successful") # Test function to get a weekly report def test_get_weekly_report(): @@ -124,7 +126,7 @@ def test_get_weekly_report(): headers={"Authorization": "Bearer " + token}, params={"username": username, "projectName": projectName, "week": 1}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Get weekly report failed" @@ -135,7 +137,7 @@ def test_get_project(): getProjectPath + "/1", # Assumes that the project with id 1 exists headers={"Authorization": "Bearer " + token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Get project failed" @@ -144,13 +146,13 @@ def test_add_user_to_project(): # Log in as a site admin admin_username = randomString() admin_password = "admin_password" - print( + dprint( "Registering with username: ", admin_username, " and password: ", admin_password ) response = requests.post( registerPath, json={"username": admin_username, "password": admin_password} ) - print(response.text) + dprint(response.text) admin_token = login(admin_username, admin_password).json()["token"] response = requests.post( @@ -158,9 +160,9 @@ def test_add_user_to_project(): json={"username": admin_username}, headers={"Authorization": "Bearer " + admin_token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Promote to site admin failed" - print("Admin promoted to site admin successfully") + dprint("Admin promoted to site admin successfully") # Create a new user to add to the project new_user = randomString() @@ -173,10 +175,9 @@ def test_add_user_to_project(): headers={"Authorization": "Bearer " + admin_token}, ) - print(response.text) + dprint(response.text) assert response.status_code == 200, "Add user to project failed" - print("Add user to project successful") - + dprint("Add user to project successful") # Test function to sign a report def test_sign_report(): @@ -187,13 +188,13 @@ def test_sign_report(): # Register an admin admin_username = randomString() admin_password = "admin_password2" - print( + dprint( "Registering with username: ", admin_username, " and password: ", admin_password ) response = requests.post( registerPath, json={"username": admin_username, "password": admin_password} ) - print(response.text) + dprint(response.text) # Log in as the admin admin_token = login(admin_username, admin_password).json()["token"] @@ -213,7 +214,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + admin_token}, ) assert response.status_code == 200, "Add project manager to project failed" - print("Project manager added to project successfully") + dprint("Project manager added to project successfully") # Log in as the project manager project_manager_token = login(project_manager, "project_manager_password").json()[ @@ -237,7 +238,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + token}, ) assert response.status_code == 200, "Submit report failed" - print("Submit report successful") + dprint("Submit report successful") # Retrieve the report ID response = requests.get( @@ -245,7 +246,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + token}, params={"username": username, "projectName": projectName, "week": 1}, ) - print(response.text) + dprint(response.text) report_id = response.json()["reportId"] # Sign the report as the project manager @@ -255,7 +256,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + project_manager_token}, ) assert response.status_code == 200, "Sign report failed" - print("Sign report successful") + dprint("Sign report successful") # Retrieve the report ID again for confirmation response = requests.get( @@ -263,7 +264,7 @@ def test_sign_report(): headers={"Authorization": "Bearer " + token}, params={"username": username, "projectName": projectName, "week": 1}, ) - print(response.text) + dprint(response.text) if __name__ == "__main__": From 09014c66596d48c0c4f36574d007864e8f51da3e Mon Sep 17 00:00:00 2001 From: Imbus <> Date: Tue, 19 Mar 2024 01:12:14 +0100 Subject: [PATCH 12/13] Better test feedback in python script --- testing.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/testing.py b/testing.py index f1e17c0..a3de715 100644 --- a/testing.py +++ b/testing.py @@ -4,6 +4,11 @@ import random debug_output = False +def gprint(*args, **kwargs): + print("\033[92m", *args, "\033[00m", **kwargs) + +print("Running Tests...") + def dprint(*args, **kwargs): if debug_output: print(*args, **kwargs) @@ -47,7 +52,7 @@ def test_get_user_projects(): dprint(response.text) dprint(response.json()) assert response.status_code == 200, "Get user projects failed" - dprint("got user projects successfully") + gprint("test_get_user_projects successful") # Posts the username and password to the register endpoint @@ -75,6 +80,7 @@ def test_login(): response = login(username, "always_same") assert response.status_code == 200, "Login failed" dprint("Login successful") + gprint("test_login successful") return response.json()["token"] @@ -82,7 +88,7 @@ def test_login(): def test_create_user(): response = register(username, "always_same") assert response.status_code == 200, "Registration failed" - dprint("Registration successful") + gprint("test_create_user successful") # Test function to add a project def test_add_project(): @@ -95,7 +101,7 @@ def test_add_project(): ) dprint(response.text) assert response.status_code == 200, "Add project failed" - dprint("Add project successful") + gprint("test_add_project successful") # Test function to submit a report def test_submit_report(): @@ -116,7 +122,7 @@ def test_submit_report(): ) dprint(response.text) assert response.status_code == 200, "Submit report failed" - dprint("Submit report successful") + gprint("test_submit_report successful") # Test function to get a weekly report def test_get_weekly_report(): @@ -128,6 +134,7 @@ def test_get_weekly_report(): ) dprint(response.text) assert response.status_code == 200, "Get weekly report failed" + gprint("test_get_weekly_report successful") # Tests getting a project by id @@ -139,6 +146,7 @@ def test_get_project(): ) dprint(response.text) assert response.status_code == 200, "Get project failed" + gprint("test_get_project successful") # Test function to add a user to a project @@ -177,7 +185,7 @@ def test_add_user_to_project(): dprint(response.text) assert response.status_code == 200, "Add user to project failed" - dprint("Add user to project successful") + gprint("test_add_user_to_project successful") # Test function to sign a report def test_sign_report(): @@ -265,6 +273,7 @@ def test_sign_report(): params={"username": username, "projectName": projectName, "week": 1}, ) dprint(response.text) + gprint("test_sign_report successful") if __name__ == "__main__": From 3125b511bbabaa79f23b1b3559b264c7a4bc880d Mon Sep 17 00:00:00 2001 From: borean Date: Tue, 19 Mar 2024 01:38:40 +0100 Subject: [PATCH 13/13] correcting AddProject --- backend/internal/database/db.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/backend/internal/database/db.go b/backend/internal/database/db.go index e95ae4c..ad408a7 100644 --- a/backend/internal/database/db.go +++ b/backend/internal/database/db.go @@ -201,15 +201,19 @@ func (d *Db) GetProjectId(projectname string) (int, error) { // Creates a new project in the database, associated with a user func (d *Db) AddProject(name string, description string, username string) error { - _, err1 := d.Exec(projectInsert, name, description, username) - - // Immediately promotes said user to project manager - err2 := d.ChangeUserRole(username, name, "project_manager") - if err2 != nil { - panic(err2) + tx := d.MustBegin() + _, err := tx.Exec(projectInsert, name, description, username) + if err != nil { + tx.Rollback() + return err } - - return err1 + _, err = tx.Exec(changeUserRole, "project_manager", username, name) + if err != nil { + tx.Rollback() + return err + } + tx.Commit() + return err } func (d *Db) GetAllUsersProject(projectname string) ([]UserProjectMember, error) {