Refactor AuthenticatedState to store displayName and uid

The AuthenticatedState interface was updated to directly store the
`displayName` and `uid` properties. Previously, it stored the entire
`CasContent` object, which contained these properties along with others
that were not consistently used. This change simplifies the interface
and reduces redundancy.

defaults/interfaces.ts

@@ -3,12 +3,16 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
 
 export interface AuthenticatedState {
   isAuthenticated: true;
-  session: CasContent;
+  isFromPolytech: boolean;
+  role: "etudiant" | "professeur" | "administration" | "autre";
+  displayName: string;
+  uid: string;
   availablePages: Record<string, string>;
 }
 
 interface UnauthenticatedState {
   isAuthenticated: false;
+  isFromPolytech: false;
   session: undefined;
 }
 

fresh.gen.ts

@@ -19,6 +19,7 @@ import * as $_apps_students_partials_admin_consult from "./routes/(apps)/student
 import * as $_apps_students_partials_admin_upload from "./routes/(apps)/students/partials/(admin)/upload.tsx";
 import * as $_apps_students_partials_index from "./routes/(apps)/students/partials/index.tsx";
 import * as $_apps_students_types_d from "./routes/(apps)/students/types.d.ts";
+import * as $_403 from "./routes/_403.tsx";
 import * as $_404 from "./routes/_404.tsx";
 import * as $_app from "./routes/_app.tsx";
 import * as $_middleware from "./routes/_middleware.ts";
@@ -64,6 +65,7 @@ const manifest = {
     "./routes/(apps)/students/partials/index.tsx":
       $_apps_students_partials_index,
     "./routes/(apps)/students/types.d.ts": $_apps_students_types_d,
+    "./routes/_403.tsx": $_403,
     "./routes/_404.tsx": $_404,
     "./routes/_app.tsx": $_app,
     "./routes/_middleware.ts": $_middleware,

routes/(apps)/_middleware.ts

@@ -23,7 +23,7 @@ export const handler: MiddlewareHandler<AuthenticatedState>[] = [
 
     context.state.availablePages = properties.pages;
     if (
-      context.state.session.eduPersonPrimaryAffiliation == "student" &&
+      context.state.role == "etudiant" &&
       Deno.env.get("LOCAL") != "true"
     ) {
       properties.adminOnly.forEach((page) =>

routes/(apps)/mobility/partials/index.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/(admin)/courses.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 async function Courses(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/index.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/notes.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 async function Notes(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/students/api/students.ts

@@ -92,9 +92,9 @@ export const handler: Handlers<null, AuthenticatedState> = {
     using connection = connect("students");
     const database = connection.database;
 
-    if (context.state.session.eduPersonPrimaryAffiliation == "student") {
+    if (context.state.role == "etudiant") {
       return new Response(
-        JSON.stringify(getItself(database, context.state.session.uid)),
+        JSON.stringify(getItself(database, context.state.uid)),
         {
           headers: {
             "content-type": "application/json",

routes/(apps)/students/partials/index.tsx

@@ -8,13 +8,7 @@ import SelfPortrait from "$root/routes/(apps)/students/(_components)/SelfPortrai
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return (
+  return <h2>Welcome {context.state.displayName || 'Guest'}!</h2>;
-    <>
-      <h2>Welcome {context.state.session?.givenName}!</h2>
-      <h3>Your amU identity</h3>
-      <SelfPortrait self={context.state.session!} />
-    </>
-  );
 }
 
 export const config = getPartialsConfig();

routes/_403.tsx

@@ -0,0 +1,12 @@
+import { Head } from "$fresh/runtime.ts";
+
+export default function Error403() {
+  return (
+    <>
+      <Head>
+        <title>403 - Forbidden</title>
+      </Head>
+      <p>403</p>
+    </>
+  );
+}

routes/_middleware.ts

@@ -44,6 +44,7 @@ export function getKey(user: string): string {
 export const handler: MiddlewareHandler<State>[] = [
   /**
    * Check if user is authenticated and add session to context accordingly.
+   * Only authenticated users who are members of Polytech are allowed.
    * @param request The HTTP incomming request.
    * @param context The Fresh context object with custom `State`.
    * @returns The response from the next middleware.
@@ -55,6 +56,7 @@ export const handler: MiddlewareHandler<State>[] = [
     const cookies = getCookies(request.headers);
     if (!cookies["sessionToken"]) {
       context.state.isAuthenticated = false;
+      context.state.isFromPolytech = false;
       return await context.next();
     }
 
@@ -67,9 +69,27 @@ export const handler: MiddlewareHandler<State>[] = [
     );
 
     if (context.state.isAuthenticated) {
+
       const session: CasContent =
         (getJwtPayload(cookies["sessionToken"]) as LoginJWT).user;
-      context.state.session = session;
+
+      const isFromPolytech = session.amuComposante.includes("polytech");
+      context.state.isFromPolytech = isFromPolytech;
+
+      if (isFromPolytech) {
+        context.state.displayName = session.displayName;
+        context.state.uid = session.uid;
+
+        if (session.eduPersonPrimaryAffiliation == "faculty") {
+          context.state.role = "professeur"
+        } else if (session.eduPersonPrimaryAffiliation == "employee") {
+          context.state.role = "administration"
+        } else if (session.eduPersonPrimaryAffiliation == "student") {
+          context.state.role = "etudiant";
+        } else {
+          context.state.role = "autre";
+        }
+      }
     }
 
     return await context.next();
@@ -87,7 +107,8 @@ export const handler: MiddlewareHandler<State>[] = [
   ): Promise<Response> {
     const url = new URL(request.url);
 
-    if (!isRoutePublic(url.pathname) && !context.state.isAuthenticated) {
+    if (!isRoutePublic(url.pathname)) {
+      if (!context.state.isAuthenticated) {
         return new Response(null, {
           status: 302,
           headers: {
@@ -96,6 +117,16 @@ export const handler: MiddlewareHandler<State>[] = [
         });
       }
 
+      if (!context.state.isFromPolytech) {
+        return new Response(null, {
+          status: 403,
+          headers: {
+            Location: "/403",
+          },
+        });
+      }
+    }
+
     return await context.next();
   },
 ];