Refactor AuthenticatedState to store displayName and uid

The AuthenticatedState interface was updated to directly store the
`displayName` and `uid` properties. Previously, it stored the entire
`CasContent` object, which contained these properties along with others
that were not consistently used. This change simplifies the interface
and reduces redundancy.

.gitea/workflows/deploy.yml

@@ -1,27 +0,0 @@
-name: "Build and push image"
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  deploy:
-    name: "Build Docker image"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          registry: registry.docker.polytech.djalim.fr
-          username: ${{ secrets.registry_login }}
-          password: ${{ secrets.registry_pass }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          tags: registry.docker.polytech.djalim.fr/polympr:latest

Dockerfile

@@ -3,12 +3,11 @@ FROM denoland/deno:alpine
 WORKDIR /app
 
 COPY . .
-
-RUN deno cache main.ts --allow-import
+RUN deno cache main.ts --allow-import flag
 RUN deno task build
 
-
+USER deno
 EXPOSE 80
 EXPOSE 443
 
-CMD ["run", "-A", "main.ts"]
+CMD ["run", "-A", "main.ts"]

defaults/interfaces.ts

@@ -3,12 +3,16 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
 
 export interface AuthenticatedState {
   isAuthenticated: true;
-  session: CasContent;
+  isFromPolytech: boolean;
+  role: "etudiant" | "professeur" | "administration" | "autre";
+  displayName: string;
+  uid: string;
   availablePages: Record<string, string>;
 }
 
 interface UnauthenticatedState {
   isAuthenticated: false;
+  isFromPolytech: false;
   session: undefined;
 }
 

env.template

@@ -1,2 +0,0 @@
-#Local mode, set to true to access admin pages with any users
-LOCAL=false

fresh.config.ts

@@ -2,7 +2,7 @@ import { defineConfig } from "$fresh/server.ts";
 import ensureDatabases from "$root/databases/ensure.ts";
 import { load } from "@std/dotenv";
 
-await load({ envPath: "./.env", export: true });
+await load({ envPath: "./.env.development.local", export: true });
 await ensureDatabases();
 export default defineConfig({
   server: {

fresh.gen.ts

@@ -3,9 +3,8 @@
 // This file is automatically updated during development when running `dev.ts`.
 
 import * as $_apps_layout from "./routes/(apps)/_layout.tsx";
-import * as $_apps_mobility_api_download from "./routes/(apps)/mobility/api/download.ts";
-import * as $_apps_mobility_api_download_id_ from "./routes/(apps)/mobility/api/download/[id].ts";
-import * as $_apps_mobility_api_insert_mobility from "./routes/(apps)/mobility/api/insert-mobility.ts";
+import * as $_apps_middleware from "./routes/(apps)/_middleware.ts";
+import * as $_apps_mobility_api_insert_mobility from "./routes/(apps)/mobility/api/insert_mobility.ts";
 import * as $_apps_mobility_index from "./routes/(apps)/mobility/index.tsx";
 import * as $_apps_mobility_partials_admin_edit_mobility from "./routes/(apps)/mobility/partials/(admin)/edit_mobility.tsx";
 import * as $_apps_mobility_partials_index from "./routes/(apps)/mobility/partials/index.tsx";
@@ -20,6 +19,7 @@ import * as $_apps_students_partials_admin_consult from "./routes/(apps)/student
 import * as $_apps_students_partials_admin_upload from "./routes/(apps)/students/partials/(admin)/upload.tsx";
 import * as $_apps_students_partials_index from "./routes/(apps)/students/partials/index.tsx";
 import * as $_apps_students_types_d from "./routes/(apps)/students/types.d.ts";
+import * as $_403 from "./routes/_403.tsx";
 import * as $_404 from "./routes/_404.tsx";
 import * as $_app from "./routes/_app.tsx";
 import * as $_middleware from "./routes/_middleware.ts";
@@ -41,15 +41,8 @@ import type { Manifest } from "$fresh/server.ts";
 const manifest = {
   routes: {
     "./routes/(apps)/_layout.tsx": $_apps_layout,
-<<<<<<< HEAD
     "./routes/(apps)/_middleware.ts": $_apps_middleware,
     "./routes/(apps)/mobility/api/insert_mobility.ts":
-=======
-    "./routes/(apps)/mobility/api/download.ts": $_apps_mobility_api_download,
-    "./routes/(apps)/mobility/api/download/[id].ts":
-      $_apps_mobility_api_download_id_,
-    "./routes/(apps)/mobility/api/insert-mobility.ts":
->>>>>>> 4f1011d (Ultimate fix and tested ! You can download contract now.)
       $_apps_mobility_api_insert_mobility,
     "./routes/(apps)/mobility/index.tsx": $_apps_mobility_index,
     "./routes/(apps)/mobility/partials/(admin)/edit_mobility.tsx":
@@ -72,6 +65,7 @@ const manifest = {
     "./routes/(apps)/students/partials/index.tsx":
       $_apps_students_partials_index,
     "./routes/(apps)/students/types.d.ts": $_apps_students_types_d,
+    "./routes/_403.tsx": $_403,
     "./routes/_404.tsx": $_404,
     "./routes/_app.tsx": $_app,
     "./routes/_middleware.ts": $_middleware,

routes/(apps)/_middleware.ts

@@ -23,7 +23,7 @@ export const handler: MiddlewareHandler<AuthenticatedState>[] = [
 
     context.state.availablePages = properties.pages;
     if (
-      context.state.session.eduPersonPrimaryAffiliation == "student" &&
+      context.state.role == "etudiant" &&
       Deno.env.get("LOCAL") != "true"
     ) {
       properties.adminOnly.forEach((page) =>

routes/(apps)/mobility/(_islands)/EditMobility.tsx

@@ -240,7 +240,7 @@ export default function EditMobility() {
           </table>
         </div>
       ))}
-      <button type="button" onClick={handleSave} disabled={isSaving}>
+      <button onClick={handleSave} disabled={isSaving}>
         {isSaving ? "Saving..." : "Confirm"}
       </button>
     </section>

routes/(apps)/mobility/api/download/[id].ts

@@ -1,36 +0,0 @@
-import { Handlers } from "$fresh/server.ts";
-import connect from "$root/databases/connect.ts";
-
-export const handler: Handlers = {
-  async GET(_request, ctx) {
-    try {
-      const { id } = ctx.params;
-
-      if (!id) {
-        return new Response("Invalid request: Missing ID", { status: 400 });
-      }
-
-      using connection = connect("mobility");
-
-      const query = connection.database.prepare(
-        "SELECT attestationFile FROM mobility WHERE id = ?",
-      );
-      const result = query.get(id);
-
-      if (!result || !result.attestationFile) {
-        return new Response("No file found for the given ID", { status: 404 });
-      }
-
-      return new Response(result.attestationFile, {
-        status: 200,
-        headers: {
-          "Content-Type": "application/pdf",
-          "Content-Disposition": `attachment; filename="attestation_${id}.pdf"`,
-        },
-      });
-    } catch (error) {
-      console.error("Error fetching file:", error);
-      return new Response("Failed to fetch file", { status: 500 });
-    }
-  },
-};

routes/(apps)/mobility/api/insert-mobility.ts

@@ -1,131 +0,0 @@
-import { Handlers } from "$fresh/server.ts";
-import connect from "$root/databases/connect.ts";
-
-export const handler: Handlers = {
-  // deno-lint-ignore require-await
-  async GET() {
-    try {
-      using connection = connect("mobility");
-
-      const mobilities = connection.database.prepare(
-        `SELECT 
-          mobility.id, 
-          mobility.studentId, 
-          mobility.startDate, 
-          mobility.endDate, 
-          mobility.weeksCount, 
-          mobility.destinationCountry, 
-          mobility.destinationName, 
-          mobility.mobilityStatus, 
-          mobility.attestationFile -- Inclure le fichier
-        FROM mobility`
-      ).all();
-
-      const students = connection.database.prepare(
-        `SELECT 
-          students.userId AS id, 
-          students.firstName, 
-          students.lastName, 
-          students.promotionId AS promotionId, 
-          promotions.name AS promotionName
-        FROM students.students
-        LEFT JOIN students.promotions ON students.promotionId = promotions.id`
-      ).all();
-
-      const promotions = connection.database.prepare(
-        `SELECT id, name FROM students.promotions`
-      ).all();
-
-      return new Response(
-        JSON.stringify({ mobilities, students, promotions }),
-        {
-          status: 200,
-          headers: { "Content-Type": "application/json" },
-        },
-      );
-    } catch (error) {
-      console.error("Error fetching mobility data:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
-
-  async POST(request) {
-    console.log("API /mobility/api/insert-mobility POST called");
-
-    try {
-      const formData = await request.formData();
-      const dataEntries = formData.getAll("data").map((item) => JSON.parse(item as string));
-      console.log("Parsed data entries:", dataEntries);
-
-      const fileMap: Record<string, Uint8Array> = {};
-      for (const [key, value] of formData.entries()) {
-        if (key.startsWith("file_") && value instanceof File) {
-          const studentId = key.split("_")[1]; 
-          const file = value as File;
-          fileMap[studentId] = new Uint8Array(await file.arrayBuffer());
-          console.log(`File processed for studentId ${studentId}`);
-        }
-      }
-
-      using connection = connect("mobility");
-      const insertQuery = connection.database.prepare(
-        `INSERT INTO mobility (
-          id, studentId, startDate, endDate, weeksCount, destinationCountry, destinationName, mobilityStatus, attestationFile
-        )
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
-        ON CONFLICT(id) DO UPDATE SET
-          startDate = excluded.startDate,
-          endDate = excluded.endDate,
-          weeksCount = excluded.weeksCount,
-          destinationCountry = excluded.destinationCountry,
-          destinationName = excluded.destinationName,
-          mobilityStatus = excluded.mobilityStatus,
-          attestationFile = COALESCE(excluded.attestationFile, mobility.attestationFile)`
-      );
-
-      for (const mobility of dataEntries) {
-        const {
-          id = null,
-          studentId,
-          startDate,
-          endDate,
-          destinationCountry,
-          destinationName,
-          mobilityStatus = "N/A",
-        } = mobility;
-
-        let calculatedWeeksCount = null;
-        if (startDate && endDate) {
-          const start = new Date(startDate);
-          const end = new Date(endDate);
-          if (start <= end) {
-            const differenceInDays = Math.ceil(
-              (end.getTime() - start.getTime()) / (24 * 60 * 60 * 1000)
-            );
-            calculatedWeeksCount = Math.floor(differenceInDays / 7);
-          }
-        }
-        const attestationFile = fileMap[studentId] ?? null;
-
-        console.log(`Inserting/Updating mobility for studentId: ${studentId}`);
-        insertQuery.run(
-          id,
-          studentId,
-          startDate,
-          endDate,
-          calculatedWeeksCount,
-          destinationCountry,
-          destinationName,
-          mobilityStatus,
-          attestationFile
-        );
-      }
-
-      console.log("Mobility data inserted/updated successfully.");
-      return new Response("Data inserted/updated successfully", { status: 200 });
-    } catch (error) {
-      console.error("Error inserting mobility data:", error);
-      return new Response("Failed to insert/update data", { status: 500 });
-    }
-  },
-};

routes/(apps)/mobility/partials/index.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/(admin)/courses.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 async function Courses(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/index.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/notes.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 async function Notes(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/students/(_components)/Promotion.tsx

@@ -22,7 +22,7 @@ export default function Promotion(props: PromotionProps) {
         <tbody>
           {props.students
             .filter((student) => student.promotionId === props.promo.id)
-            .map((student) => <Student key={student.id} student={student} />)}
+            .map((student) => <Student student={student} />)}
         </tbody>
       </table>
     </div>

routes/(apps)/students/(_islands)/UploadStudents.tsx

@@ -104,7 +104,7 @@ export default function UploadStudents() {
   return (
     <>
       <input type="file" accept=".xlsx, .xls" onChange={handleFileChange} />
-      <button type="button" onClick={confirmUpload}>Confirm Upload</button>
+      <button onClick={confirmUpload}>Confirm Upload</button>
       <p>{statusMessage.value}</p>
     </>
   );

routes/(apps)/students/api/insert_students.ts

@@ -1,84 +0,0 @@
-import { Handlers } from "$fresh/server.ts";
-import connect from "$root/databases/connect.ts";
-
-// Rendre l'API plus simple car xlsx pour l'import c'est nul :/
-export const handler: Handlers = {
-  // deno-lint-ignore require-await
-  async GET() {
-    try {
-      using connection = connect("students");
-
-      const promotions = connection.database.prepare(
-        "select id, name from promotions",
-      ).all();
-
-      const students = connection.database
-        .prepare(
-          `select userId, firstName, lastName, mail, promotionId from students`,
-        )
-        .all();
-
-      return new Response(
-        JSON.stringify({ promotions, students }),
-        {
-          status: 200,
-          headers: { "Content-Type": "application/json" },
-        },
-      );
-    } catch (error) {
-      console.error("Error fetching data:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
-
-  async POST(request) {
-    console.log("API /students/api/insert_students called");
-
-    try {
-      const body = await request.json();
-      const { data, promoName } = body;
-
-      console.log("Received data:", { promoName, data });
-
-      if (!promoName || !Array.isArray(data)) {
-        throw new Error("Invalid request body");
-      }
-
-      using connection = connect("students");
-
-      connection.database.prepare(
-        "INSERT OR IGNORE INTO promotions (name) VALUES (?)",
-      ).run(promoName);
-
-      const promoIdRow: { id: number } = connection.database
-        .prepare("SELECT id FROM promotions WHERE name = ?")
-        .get(promoName)!;
-      const promoId = promoIdRow.id;
-
-      console.log(`Promotion ID for "${promoName}":`, promoId);
-
-      const insertQuery = connection.database.prepare(
-        `INSERT INTO students 
-        (userId, firstName, lastName, mail, promotionId) 
-        VALUES (?, ?, ?, ?, ?)`,
-      );
-
-      for (const student of data) {
-        console.log("Inserting student:", student);
-        insertQuery.run(
-          student.Identifiant,
-          student.Nom,
-          student["Prénom"],
-          student.Mail,
-          promoId,
-        );
-      }
-
-      console.log("All data inserted successfully");
-      return new Response("Data inserted successfully", { status: 201 });
-    } catch (error) {
-      console.error("Error inserting data:", error);
-      return new Response("Failed to insert data", { status: 500 });
-    }
-  },
-};

routes/(apps)/students/api/students.ts

@@ -60,8 +60,8 @@ function getAll(
  */
 function addStudents(database: Database, students: Student[], promoId: string) {
   const query = `
-    INSERT INTO students 
-    (userId, firstName, lastName, mail, promotionId) 
+    INSERT INTO students
+    (userId, firstName, lastName, mail, promotionId)
     VALUES (?, ?, ?, ?, ?)`;
 
   const statement = database.prepare(query);
@@ -92,9 +92,9 @@ export const handler: Handlers<null, AuthenticatedState> = {
     using connection = connect("students");
     const database = connection.database;
 
-    if (context.state.session.eduPersonPrimaryAffiliation == "student") {
+    if (context.state.role == "etudiant") {
       return new Response(
-        JSON.stringify(getItself(database, context.state.session.uid)),
+        JSON.stringify(getItself(database, context.state.uid)),
         {
           headers: {
             "content-type": "application/json",

routes/(apps)/students/partials/index.tsx

@@ -8,13 +8,7 @@ import SelfPortrait from "$root/routes/(apps)/students/(_components)/SelfPortrai
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return (
-    <>
-      <h2>Welcome {context.state.session?.givenName}!</h2>
-      <h3>Your amU identity</h3>
-      <SelfPortrait self={context.state.session!} />
-    </>
-  );
+  return <h2>Welcome {context.state.displayName || 'Guest'}!</h2>;
 }
 
 export const config = getPartialsConfig();

routes/_403.tsx

@@ -0,0 +1,12 @@
+import { Head } from "$fresh/runtime.ts";
+
+export default function Error403() {
+  return (
+    <>
+      <Head>
+        <title>403 - Forbidden</title>
+      </Head>
+      <p>403</p>
+    </>
+  );
+}

routes/_middleware.ts

@@ -44,6 +44,7 @@ export function getKey(user: string): string {
 export const handler: MiddlewareHandler<State>[] = [
   /**
    * Check if user is authenticated and add session to context accordingly.
+   * Only authenticated users who are members of Polytech are allowed.
    * @param request The HTTP incomming request.
    * @param context The Fresh context object with custom `State`.
    * @returns The response from the next middleware.
@@ -55,6 +56,7 @@ export const handler: MiddlewareHandler<State>[] = [
     const cookies = getCookies(request.headers);
     if (!cookies["sessionToken"]) {
       context.state.isAuthenticated = false;
+      context.state.isFromPolytech = false;
       return await context.next();
     }
 
@@ -67,9 +69,27 @@ export const handler: MiddlewareHandler<State>[] = [
     );
 
     if (context.state.isAuthenticated) {
+
       const session: CasContent =
         (getJwtPayload(cookies["sessionToken"]) as LoginJWT).user;
-      context.state.session = session;
+
+      const isFromPolytech = session.amuComposante.includes("polytech");
+      context.state.isFromPolytech = isFromPolytech;
+
+      if (isFromPolytech) {
+        context.state.displayName = session.displayName;
+        context.state.uid = session.uid;
+
+        if (session.eduPersonPrimaryAffiliation == "faculty") {
+          context.state.role = "professeur"
+        } else if (session.eduPersonPrimaryAffiliation == "employee") {
+          context.state.role = "administration"
+        } else if (session.eduPersonPrimaryAffiliation == "student") {
+          context.state.role = "etudiant";
+        } else {
+          context.state.role = "autre";
+        }
+      }
     }
 
     return await context.next();
@@ -87,13 +107,24 @@ export const handler: MiddlewareHandler<State>[] = [
   ): Promise<Response> {
     const url = new URL(request.url);
 
-    if (!isRoutePublic(url.pathname) && !context.state.isAuthenticated) {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/login",
-        },
-      });
+    if (!isRoutePublic(url.pathname)) {
+      if (!context.state.isAuthenticated) {
+        return new Response(null, {
+          status: 302,
+          headers: {
+            Location: "/login",
+          },
+        });
+      }
+
+      if (!context.state.isFromPolytech) {
+        return new Response(null, {
+          status: 403,
+          headers: {
+            Location: "/403",
+          },
+        });
+      }
     }
 
     return await context.next();