From 1af561acb1db6f055c546121b13ce49611ab1d7d Mon Sep 17 00:00:00 2001
From: Blake Matthes <cowchmonkey@gmail.com>
Date: Mon, 3 Mar 2025 17:32:46 -0600
Subject: [PATCH] refactor(server): corrected the middleware to be in the
 correct spot to work as intended

---
 server/services/auth/authService.ts           | 10 +++++----
 server/services/auth/controllers/login.ts     | 21 ++++++++++++-------
 server/services/auth/routes/login.ts          |  3 ++-
 server/services/auth/routes/session.ts        | 13 +++++++-----
 .../auth/routes/userRoles/getUserRoles.ts     |  3 ++-
 .../auth/routes/userRoles/setUserRoles.ts     |  2 ++
 server/services/auth/utils/verifyToken.ts     |  0
 7 files changed, 33 insertions(+), 19 deletions(-)
 create mode 100644 server/services/auth/utils/verifyToken.ts

diff --git a/server/services/auth/authService.ts b/server/services/auth/authService.ts
index 5b20c93..2669202 100644
--- a/server/services/auth/authService.ts
+++ b/server/services/auth/authService.ts
@@ -1,22 +1,24 @@
 import {OpenAPIHono} from "@hono/zod-openapi";
 import {authMiddleware} from "./middleware/authMiddleware.js";
+
 import login from "./routes/login.js";
 import register from "./routes/register.js";
 import session from "./routes/session.js";
 import getAccess from "./routes/userRoles/getUserRoles.js";
 import setAccess from "./routes/userRoles/setUserRoles.js";
+import profile from "./routes/user/profileUpdate.js";
 
 const app = new OpenAPIHono();
+
 app.route("auth/login", login);
 app.route("auth/register", register);
 app.route("auth/session", session);
 
 // required to login
-app.use("auth/getuseraccess", authMiddleware);
+/* User area just needs to be logged in to enter here  */
+app.route("/auth/profileUpdate", profile);
 
+/* will need to increase to make sure the person coming here has the correct permissions */
 app.route("/auth/getuseraccess", getAccess);
-
-app.use("auth/setuseraccess", authMiddleware);
 app.route("/auth/setuseraccess", setAccess);
-
 export default app;
diff --git a/server/services/auth/controllers/login.ts b/server/services/auth/controllers/login.ts
index 6e39c34..da729b8 100644
--- a/server/services/auth/controllers/login.ts
+++ b/server/services/auth/controllers/login.ts
@@ -4,6 +4,7 @@ import {users} from "../../../../database/schema/users.js";
 import {eq, sql} from "drizzle-orm";
 import {checkPassword} from "../utils/checkPassword.js";
 import {roleCheck} from "./userRoles/getUserAccess.js";
+import {log} from "../../logger/logger.js";
 
 /**
  * Authenticate a user and return a JWT.
@@ -42,14 +43,18 @@ export async function login(
     };
 
     // update the user last login
-    // try {
-    //     db.update(users)
-    //     .set({lastLogin: sql`NOW()`})
-    //     .where(eq(users.user_id, user[0].user_id));
-    // } catch (e) {
-    //     console.log(e);
-    // }
-    const token = sign({user: userData}, secret, {expiresIn: expiresIn * 60});
+    try {
+        const lastLog = await db
+        .update(users)
+        .set({lastLogin: sql`NOW()`})
+        .where(eq(users.user_id, user[0].user_id))
+        .returning({lastLogin: users.lastLogin});
+        log.info(`Its been 5days since ${user[0].username} has logged in`);
+        //]);
+    } catch (error) {
+        log.error(error, "There was an error updating the user last login");
+    }
 
+    const token = sign({user: userData}, secret, {expiresIn: expiresIn * 60});
     return {token, user: userData};
 }
diff --git a/server/services/auth/routes/login.ts b/server/services/auth/routes/login.ts
index 751361e..21db8a6 100644
--- a/server/services/auth/routes/login.ts
+++ b/server/services/auth/routes/login.ts
@@ -1,5 +1,6 @@
 import {z, createRoute, OpenAPIHono} from "@hono/zod-openapi";
 import {login} from "../controllers/login.js";
+import {log} from "../../logger/logger.js";
 
 const app = new OpenAPIHono();
 
@@ -77,7 +78,7 @@ app.openapi(route, async (c) => {
 
     try {
         const {token, user} = await login(username.toLowerCase(), password);
-
+        log.info({username: username}, "logged in");
         // Set the JWT as an HTTP-only cookie
         //c.header("Set-Cookie", `auth_token=${token}; HttpOnly; Secure; Path=/; SameSite=None; Max-Age=3600`);
 
diff --git a/server/services/auth/routes/session.ts b/server/services/auth/routes/session.ts
index 281a7a0..74939dc 100644
--- a/server/services/auth/routes/session.ts
+++ b/server/services/auth/routes/session.ts
@@ -1,9 +1,9 @@
 import {z, createRoute, OpenAPIHono} from "@hono/zod-openapi";
 import {verify} from "hono/jwt";
+import {log} from "../../logger/logger.js";
+import {authMiddleware} from "../middleware/authMiddleware.js";
 
 const session = new OpenAPIHono();
-const tags = ["Auth"];
-const JWT_SECRET = process.env.JWT_SECRET!;
 
 const UserSchema = z.object({
     username: z
@@ -21,11 +21,12 @@ const UserSchema = z.object({
 
 session.openapi(
     createRoute({
-        tags,
+        tags: ["Auth"],
         summary: "Checks a user session based on there token",
         description: "Can post there via Authentiaction header or cookies",
         method: "get",
         path: "/",
+        middleware: authMiddleware,
         // request: {
         //     body: {
         //         content: {
@@ -79,8 +80,10 @@ session.openapi(
         try {
             const payload = await verify(token, process.env.JWT_SECRET!);
             return c.json({data: {token: token, user: payload.user}}, 200);
-        } catch (error) {}
-        return c.json({data: {token: "tsfds"}}, 200);
+        } catch (error) {
+            log.error(error, "Failed session check, user must be logged out");
+            return c.json({message: "Unauthorized"}, 401);
+        }
     }
 );
 
diff --git a/server/services/auth/routes/userRoles/getUserRoles.ts b/server/services/auth/routes/userRoles/getUserRoles.ts
index a9a9421..b3b3a69 100644
--- a/server/services/auth/routes/userRoles/getUserRoles.ts
+++ b/server/services/auth/routes/userRoles/getUserRoles.ts
@@ -3,6 +3,7 @@ import {apiHit} from "../../../../globalUtils/apiHits.js";
 import jwt from "jsonwebtoken";
 import {roleCheck} from "../../controllers/userRoles/getUserAccess.js";
 import type {CustomJwtPayload} from "../../../../types/jwtToken.js";
+import {authMiddleware} from "../../middleware/authMiddleware.js";
 
 const {verify} = jwt;
 const app = new OpenAPIHono();
@@ -17,7 +18,7 @@ app.openapi(
         summary: "Returns the useraccess table",
         method: "get",
         path: "/",
-
+        middleware: authMiddleware,
         responses: {
             200: {
                 content: {"application/json": {schema: responseSchema}},
diff --git a/server/services/auth/routes/userRoles/setUserRoles.ts b/server/services/auth/routes/userRoles/setUserRoles.ts
index 300349c..594ab43 100644
--- a/server/services/auth/routes/userRoles/setUserRoles.ts
+++ b/server/services/auth/routes/userRoles/setUserRoles.ts
@@ -2,6 +2,7 @@ import {createRoute, OpenAPIHono, z} from "@hono/zod-openapi";
 import {setUserAccess} from "../../controllers/userRoles/setUserRoles.js";
 import {apiHit} from "../../../../globalUtils/apiHits.js";
 import {apiReturn} from "../../../../globalUtils/apiReturn.js";
+import {authMiddleware} from "../../middleware/authMiddleware.js";
 
 const app = new OpenAPIHono();
 
@@ -27,6 +28,7 @@ app.openapi(
         summary: "Sets Users access",
         method: "post",
         path: "/",
+        middleware: authMiddleware,
         description: "When logged in you will be able to grant new permissions",
         request: {
             body: {
diff --git a/server/services/auth/utils/verifyToken.ts b/server/services/auth/utils/verifyToken.ts
new file mode 100644
index 0000000..e69de29