:construction: Continued working on email auth/save save survey state

backend/lib/plugins/user.js

@@ -14,6 +14,8 @@ const UserLoginRoute = require('../routes/user/login')
 const UserSignupRoute = require('../routes/user/signup')
 const UserEmailRoute = require('../routes/user/email.js')
 const UserVerifyEmailRoute = require('../routes/user/verifyemail.js')
+const UserGenerateJWTRoute = require('../routes/user/generatejwt.js')
+const UserValidateJWTRoute = require('../routes/user/validatejwt.js')
 const UserPassword = require('../routes/user/authentication')
 
 const UserService = require('../services/user')
@@ -53,6 +55,8 @@ module.exports = {
         await server.route(UserProfilesListRoute)
         await server.route(UserEmailRoute)
         await server.route(UserVerifyEmailRoute)
+        await server.route(UserGenerateJWTRoute)
+        await server.route(UserValidateJWTRoute)
         await server.route(UserPassword)
     },
 }

backend/lib/routes/user/generatejwt.js

@@ -0,0 +1,58 @@
+'use strict'
+
+const Joi = require('joi')
+
+const pluginConfig = {
+    handlerType: 'email',
+    docs: {
+        get: {
+            description: 'generates jwt after verifying email',
+            notes: 'Generates jwt after validating email',
+        },
+    },
+}
+
+module.exports = {
+    method: 'GET',
+    path: '/generatejwt/{hash}',
+    options: {
+        ...pluginConfig.docs.get,
+        tags: ['api'],
+        auth: false,
+        cors: true,
+        handler: async function (request, h) {
+            const { userService } = request.server.services()
+            const hash = request.params.hash
+            const user = {
+                user_email: hash,
+            }
+            const token = await userService.createToken(user)
+            try {
+                return {
+                    ok: true,
+                    handler: pluginConfig.handlerType,
+                    data: { jwt: token },
+                }
+            } catch (err) {
+                return {
+                    ok: false,
+                    handler: pluginConfig.handlerType,
+                    data: {
+                        error: err,
+                    },
+                }
+            }
+        },
+        validate: {
+            failAction: 'log',
+        },
+        response: {
+            schema: Joi.object({
+                ok: Joi.bool(),
+                handler: Joi.string(),
+                data: Joi.object(),
+            }).label('generate_jwt_res'),
+            failAction: 'log',
+        },
+    },
+}

backend/lib/routes/user/validatejwt.js

@@ -0,0 +1,56 @@
+'use strict'
+
+const Joi = require('joi')
+
+const pluginConfig = {
+    handlerType: 'jwt',
+    docs: {
+        get: {
+            description: 'validates jwt for each step of survey',
+            notes: 'validates jwt for each step of survey',
+        },
+    },
+}
+
+module.exports = {
+    method: 'GET',
+    path: '/validatejwt/{jwt}',
+    options: {
+        ...pluginConfig.docs.get,
+        tags: ['api'],
+        auth: false,
+        cors: true,
+        handler: async function (request, h) {
+            const jwt = request.params.jwt
+            const { userService } = request.server.services()
+            const jwtIsValid = userService.validateToken(jwt)
+            console.log('jwtIsValid :=>', jwtIsValid)
+            try {
+                return {
+                    ok: true,
+                    handler: pluginConfig.handlerType,
+                    data: { isValid: jwtIsValid.isValid },
+                }
+            } catch (err) {
+                return {
+                    ok: false,
+                    handler: pluginConfig.handlerType,
+                    data: {
+                        error: err,
+                    },
+                }
+            }
+        },
+        validate: {
+            failAction: 'log',
+        },
+        response: {
+            schema: Joi.object({
+                ok: Joi.bool(),
+                handler: Joi.string(),
+                data: Joi.object(),
+            }).label('validate_jwt_res'),
+            failAction: 'log',
+        },
+    },
+}

backend/lib/services/user.js

@@ -204,11 +204,30 @@ module.exports = class UserService extends Schmervice.Service {
                 algorithm: 'HS256',
             },
             {
-                ttlSec: 4 * 60 * 60, // 7 days
+                // ttlSec: 4 * 60 * 60, // 7 days
+                ttlSec: 60 * 3, // 3 minutes
             },
         )
     }
 
+    /**
+     * Validates whether a token has expired or not
+     * @param {User} user
+     * @returns {Token}
+     */
+    validateToken(token) {
+        const key = this.server.registrations['main-app-plugin'].options.jwtKey
+        const decodedToken = Jwt.token.decode(token)
+        // NOTE: reveals email...perhaps unhashed email belongs here instead...
+        // console.log('decodedToken :=>', decodedToken)
+        try {
+            Jwt.token.verify(decodedToken, key)
+            return { isValid: true }
+        } catch (err) {
+            return { isValid: false, error: err.message }
+        }
+    }
+
     /**
      * Use knex to try to change password entry
      * @param {number} id

frontend/src/components/onboarding/Auth.vue

@@ -9,6 +9,7 @@
 
 <script>
 import { Authenticator } from '../../services/auth.service.js'
+import { createProfileForUserId } from '../../services/profile.service'
 import { signupUser } from '../../services/user.service.js'
 
 export default {
@@ -23,14 +24,32 @@ export default {
             type: String,
             default: '',
         },
+        responses: {
+            type: String,
+            default: '',
+        },
+        survey: {
+            required: true,
+            type: Object,
+            default: () => {},
+        },
     },
     emits: ['update-answers'],
     data: () => ({
         authenticator: {},
     }),
-    created() {
+    async created() {
         this.authenticator = new Authenticator()
-        console.log('this.answered :=>', this.answered)
+        if (this.survey.hasMinResponsesToCreateProfile(this.answered)) {
+            const newUser = await signupUser(this.answered)
+            const newUserId = newUser.user_id
+            try {
+                await createProfileForUserId(newUserId, this.responses)
+            } catch (err) {
+                console.error('ERROR :=>', err)
+            }
+        }
+
         this.authenticator.sendAuthEmail(this.answered)
         // TODO: Consider waiting until email hash is verified...(i.e. not in created)
         signupUser(this.answered)

frontend/src/entities/survey/survey.js

@@ -44,9 +44,12 @@ class Survey extends _baseRecord {
     }
 
     hasMinResponsesToCreateProfile(responses) {
-        if (responses.name &&
+        if (
+            responses.name &&
             responses.email &&
-            responses.seeking) {
+            responses.seeking &&
+            responses.password
+        ) {
             return true
         } else return false
     }

frontend/src/router/index.js

@@ -61,7 +61,7 @@ const routes = [
     // TODO: remove after better implementation is found for verifying email
     // hash
     {
-        path: `/onboarding/:hash?`,
+        path: `/onboarding/`,
         component: OnboardingView,
         name: `OnboardingView`,
         meta: { requiresAuth: true, requiresCompleteProfile: false },

frontend/src/services/auth.service.js

@@ -8,10 +8,19 @@ class Authenticator {
         const emailWasSent = await db.post(`/user/sendemail/`, answered)
         console.log('emailwasSent :=>', emailWasSent)
     }
+    // NOTE: these might be better suited as POST requests
     async verifyAuthEmail(hash) {
         const isVerified = await db.get(`/user/verify/${hash}`)
         return isVerified.hashesMatch
     }
+    async generateJwt(hash) {
+        const token = await db.get(`/user/generatejwt/${hash}`)
+        return token.jwt
+    }
+    async validateJwt(jwt) {
+        const validateJwt = await db.get(`/user/validatejwt/${jwt}`)
+        return validateJwt.isValid
+    }
 }
 
 export { Authenticator }

frontend/src/services/user.service.js

@@ -8,6 +8,7 @@ const signupUser = async user => {
     const payload = {
         user_name: user.name,
         user_email: user.email,
+        user_pass: user.password,
         is_poster: user.seeking == 'position' ? 0 : 1,
     }
     return await db.post(`/user/signup`, payload)

frontend/src/utils/lang.js

@@ -34,8 +34,8 @@ const allSteps = {
     usa: {
         email: 'email',
         name: 'name',
-        password: 'password',
         seeking: 'seeking',
+        password: 'password',
         aspect01: 'aspect-1',
         aspect02: 'aspect-2',
         aspect03: 'aspect-3',

frontend/src/utils/survey.js

@@ -84,7 +84,7 @@ class SurveyFactory {
         // Splash page is placed at beginning of survey
         mutatedResponseKeys.unshift(splash)
         // Auth page is placed after email/password
-        mutatedResponseKeys.splice(3, 0, auth)
+        mutatedResponseKeys.splice(5, 0, auth)
         return mutatedResponseKeys
     }
     async getQuestions() {

frontend/src/views/OnboardingView.vue

@@ -12,11 +12,12 @@ main.view--onboarding
                 :is='step.component'
                 :question='step'
                 :answered='answered'
+                :responses='responses'
+                :survey='survey'
                 :currentStep='currentStep'
                 :surveyStepsCount='survey.steps.length'
                 @handle-submit='onSubmit'
                 @update-answers='updateAnswers'
-                @resume-survey='resumeSurvey'
                 v-if='step && currentStep == i'
             ) 
         .invalidResponseMessage(
@@ -36,7 +37,6 @@ main.view--onboarding
 import { Authenticator } from '../services/auth.service.js'
 import { surveyFactory } from '@/utils'
 import stepViews from '@/components/onboarding'
-import VerifyView from './VerifyView.vue'
 import SurveyCompleteView from './SurveyCompleteView.vue'
 
 // import savesurveybyprofileid - call it on submit
@@ -56,20 +56,23 @@ export default {
         currentProfileId: null,
         invalidResponse: false,
         // TODO: CURRENTLY WORKING ON**
-        isAuthenticated: false,
         authenticator: {},
+        jwt: '',
     }),
     async created() {
+        if (document.cookie.length) {
+            const siimeeToken = this.grabToken(document.cookie)
+            this.jwt = siimeeToken ? siimeeToken : ''
+        }
         this.survey = await surveyFactory.createSurvey()
         this.authenticator = new Authenticator()
-        // TODO: Replace with better implementation, hacky workaround for now...
-        if (this.$route.params.hash) {
-            const hashEmail = this.$route.params.hash
-            const hashesMatch = this.authenticator.verifyAuthEmail(hashEmail)
-            if (hashesMatch) {
-                this.currentStep = 4
+        if (this.jwt.length) {
+            const jwtStillValid = await this.authenticator.validateJwt(this.jwt)
+            if (jwtStillValid) {
+                this.goToStep(6)
             } else {
-                console.log('nope, not at all :=>')
+                this.goToStep(0)
+                this.jwt = ''
             }
         }
     },
@@ -80,8 +83,13 @@ export default {
         goToStep(num) {
             this.currentStep = num
         },
-        resumeSurvey() {
-            this.goToStep(4)
+        grabToken(cookieString) {
+            const cookies = cookieString.split('; ').reduce((prev, current) => {
+                const [name, ...value] = current.split('=')
+                prev[name] = value.join('=')
+                return prev
+            }, {})
+            return 'siimee_jwt' in cookies ? cookies['siimee_jwt'] : undefined
         },
         async updateAnswers(payload) {
             // null payload is passed on splash page
@@ -96,7 +104,7 @@ export default {
                 }
                 //
                 // once validated, don't log password in answered object
-                this.answered[k] = k === 'password' ? undefined : payload.input
+                // this.answered[k] = k === 'password' ? undefined : payload.input
 
                 // formats initial responses for response table
                 const response = {}

frontend/src/views/VerifyView.vue

@@ -8,17 +8,17 @@
 import { Authenticator } from '../services/auth.service.js'
 export default {
     name: 'VerifyView',
-    emits: ['resume-survey'],
     data: () => ({
         authenticator: {},
     }),
-    created() {
+    async created() {
         this.authenticator = new Authenticator()
         const hashEmail = this.$route.params.email
-        const hashesMatch = this.authenticator.verifyAuthEmail(hashEmail)
+        const hashesMatch = await this.authenticator.verifyAuthEmail(hashEmail)
         if (hashesMatch) {
-            // this.$router.push(`/onboarding/${hashEmail}`)
-            this.$emit('resume-survey')
+            const jwt = await this.authenticator.generateJwt(hashEmail)
+            document.cookie = `siimee_jwt=${jwt}; path=/onboarding`
+            this.$router.push('/onboarding')
         }
         // else {
         // render ERROR message above or redirect to 404 (or both?)