Fix authorisation for all backend routes (#994)

Author: lhvy

client/src/api/getAutoTimetable.ts

@@ -10,6 +10,7 @@ const getAutoTimetable = async (data: any): Promise<[number[], boolean]> => {
         'Content-Type': 'application/json',
       },
       body: JSON.stringify(data),
+      credentials: 'include',
     });
 
     if (res.status !== 201) {

client/src/components/sidebar/groupsSidebar/AddOrEditGroupDialogContent.tsx

@@ -112,6 +112,7 @@ const AddOrEditGroupDialogContent: React.FC<AddGroupDialogContentProps> = ({
           groupAdminIDs: group.groupAdmins.map((groupAdmin) => groupAdmin.userID),
           imageURL: group.imageURL,
         }),
+        credentials: 'include',
       });
       const groupCreationStatus = await res.json();
       console.log('group creation status', groupCreationStatus.data); // Can see the status of group creation here!
@@ -144,6 +145,7 @@ const AddOrEditGroupDialogContent: React.FC<AddGroupDialogContentProps> = ({
           groupAdminIDs: group.groupAdmins.map((groupAdmin) => groupAdmin.userID),
           imageURL: group.imageURL,
         }),
+        credentials: 'include',
       });
       const groupCreationStatus = await res.json();
       console.log('group update status', groupCreationStatus.data); // Can see the status of group creation here!

client/src/components/sidebar/groupsSidebar/GroupCircle.tsx

@@ -61,6 +61,7 @@ const AdminMenu: React.FC<{
           Accept: 'application/json',
           'Content-Type': 'application/json',
         },
+        credentials: 'include',
       });
       const groupDeleteStatus = await res.json();
       console.log('group delete status', groupDeleteStatus);
@@ -114,6 +115,7 @@ const MemberMenu: React.FC<{ userID: string; group: Group; fetchUserInfo: (userI
           groupAdminIDs: group.groupAdmins.map((groupAdmins) => groupAdmins.userID),
           imageURL: group.imageURL,
         }),
+        credentials: 'include',
       });
       const leaveGroupStatus = await res.json();
       console.log('leave group status', leaveGroupStatus.data);

client/src/components/sidebar/groupsSidebar/friends/AddAFriendTab.tsx

@@ -40,6 +40,7 @@ const AddAFriendTab: React.FC<{ user: User; fetchUserInfo: (userID: string) => v
           Accept: 'application/json',
           'Content-Type': 'application/json',
         },
+        credentials: 'include',
       });
       if (res.status !== 200) throw new NetworkError("Couldn't get response");
       const getUsersStatus = await res.json();
@@ -83,6 +84,7 @@ const AddAFriendTab: React.FC<{ user: User; fetchUserInfo: (userID: string) => v
           senderId: user.userID,
           sendeeId: otherUserID,
         }),
+        credentials: 'include',
       });
       if (res.status !== 201) throw new NetworkError("Couldn't get response");
       const acceptRequestStatus = await res.json();
@@ -105,6 +107,7 @@ const AddAFriendTab: React.FC<{ user: User; fetchUserInfo: (userID: string) => v
           sendeeId: otherUserID,
           senderId: user.userID,
         }),
+        credentials: 'include',
       });
       if (res.status !== 200) throw new NetworkError("Couldn't get response");
       const declineRequestStatus = await res.json();

client/src/components/sidebar/groupsSidebar/friends/RequestsTab.tsx

@@ -37,6 +37,7 @@ const RequestsTab: React.FC<{ user: User; fetchUserInfo: (userID: string) => voi
           sendeeId: user.userID,
           senderId: incomingUserId,
         }),
+        credentials: 'include',
       });
       if (res.status !== 200) throw new NetworkError("Couldn't get response");
       const declineRequestStatus = await res.json();
@@ -59,6 +60,7 @@ const RequestsTab: React.FC<{ user: User; fetchUserInfo: (userID: string) => voi
           senderId: user.userID,
           sendeeId: incomingUserId,
         }),
+        credentials: 'include',
       });
       if (res.status !== 201) throw new NetworkError("Couldn't get response");
       const acceptRequestStatus = await res.json();

client/src/components/sidebar/groupsSidebar/friends/YourFriendsTab.tsx

@@ -32,6 +32,7 @@ const YourFriendsTab: React.FC<{ user: User; fetchUserInfo: (userID: string) =>
           senderId: user.userID,
           sendeeId: friendID,
         }),
+        credentials: 'include',
       });
       if (res.status !== 200) throw new NetworkError("Couldn't get response");
       const acceptRequestStatus = await res.json();

client/src/context/UserContext.tsx

@@ -66,6 +66,7 @@ const UserContextProvider = ({ children }: UserContextProviderProps) => {
           Accept: 'application/json',
           'Content-Type': 'application/json',
         },
+        credentials: 'include',
       });
       const res = await response.json();
       const timetables = await Promise.all(
@@ -115,6 +116,7 @@ const UserContextProvider = ({ children }: UserContextProviderProps) => {
           Accept: 'application/json',
           'Content-Type': 'application/json',
         },
+        credentials: 'include',
       });
       if (res.status !== 200) throw new NetworkError("Couldn't get response");
       const jsonData = await res.json();

client/src/utils/syncTimetables.ts

@@ -176,6 +176,7 @@ export const syncAddTimetable = async (userId: string, newTimetable: TimetableDa
         name,
         mapKey: term,
       }),
+      credentials: 'include',
     });
 
     const json = await res.json();
@@ -193,6 +194,7 @@ const syncDeleteTimetable = async (timetableId: string) => {
         Accept: 'application/json',
         'Content-Type': 'application/json',
       },
+      credentials: 'include',
     });
   } catch (e) {
     console.log(e);
@@ -215,6 +217,7 @@ const syncEditTimetable = async (userId: string, editedTimetable: TimetableData)
         userId: userId,
         timetable: convertTimetableToDTO(editedTimetable),
       }),
+      credentials: 'include',
     });
   } catch (e) {
     console.log(e);

server/src/app.module.ts

@@ -5,12 +5,15 @@ import { AppService } from './app.service';
 import { AuthModule } from './auth/auth.module';
 import { AutoModule } from './auto/auto.module';
 import config from './config';
-import { FriendModule } from './friend/friend.module';
-import { GroupModule } from './group/group.module';
+// import { FriendModule } from './friend/friend.module';
+// import { GroupModule } from './group/group.module';
 import { PrismaModule } from './prisma/prisma.module';
 import { UserModule } from './user/user.module';
 import { GraphqlService } from './graphql/graphql.service';
 import { GraphqlModule } from './graphql/graphql.module';
+
+// TOOD: Re-enable FriendModule and GroupModule when ready
+// Need to be locked down better, and FE supported
 @Module({
   imports: [
     ConfigModule.forRoot({
@@ -21,10 +24,10 @@ import { GraphqlModule } from './graphql/graphql.module';
     AuthModule,
     AutoModule,
     UserModule,
-    FriendModule,
+    // FriendModule,
     PrismaModule,
     GraphqlModule,
-    GroupModule,
+    // GroupModule,
   ],
   controllers: [AppController],
   providers: [AppService, GraphqlService],

server/src/auth/auth.controller.ts

@@ -83,6 +83,6 @@ export class AuthController {
 
   @Get('/logout')
   async logout(@Request() req, @Res() res: Response) {
-    this.authService.logout(req, res);
+    await this.authService.logout(req, res);
   }
 }