Merge pull request #252 from Flexiana/findings

Findings
Flexiana · Jul 27, 2023 · 2265274 · 2265274
2 parents b5e8696 + e33d614
commit 2265274
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 6 deletions.
diff --git a/examples/jwt/src/backend/app/core.clj b/examples/jwt/src/backend/app/core.clj
@@ -8,6 +8,7 @@
     [xiana.interceptor :as x-interceptors]
     [xiana.interceptor.error]
     [xiana.jwt :as jwt]
+    [xiana.jwt.action :as jwt-a]
     [xiana.jwt.interceptors :as jwt-interceptors]
     [xiana.route :as x-routes]
     [xiana.webserver :as ws]))
@@ -19,7 +20,9 @@
               {:action       login/login-controller
                :interceptors {:except [jwt-interceptors/jwt-auth]}}}]
    ["/secret" {:post
-               {:action secret/protected-controller}}]])
+               {:action secret/protected-controller}}]
+   ["/token" {:get
+              {:action #'jwt-a/refresh-token}}]])
 
 (defn ->system
   [app-cfg]

diff --git a/examples/jwt/test/integration_test.clj b/examples/jwt/test/integration_test.clj
@@ -47,3 +47,25 @@
                              :body                 (json/write-str {:hello "hello"})})]
     (is (= 200 (:status response)))
     (is (= "Hello Xiana. request content: {:hello \"hello\"}" (:body response)))))
+
+(deftest refresh-token
+  (let [auth-token (auth email password)
+        response   (request {:method               :post
+                             :unexceptional-status (constantly true)
+                             :url                  "http://localhost:3333/secret"
+                             :headers              (merge {"Content-Type" "application/json;charset=utf-8"}
+                                                          (bearer auth-token))
+                             :body                 (json/write-str {:hello "hello"})})
+        new-token (request {:method               :get
+                            :unexceptional-status (constantly true)
+                            :url                  "http://localhost:3333/token"
+                            :headers              (merge {"Content-Type" "application/json;charset=utf-8"}
+                                                         (bearer auth-token))})]
+    (is (= 200 (:status response)))
+    (is (= "Hello Xiana. request content: {:hello \"hello\"}" (:body response)))
+    (is (= 200 (:status new-token)))
+    (is (map? (xiana.jwt/verify-jwt
+                :no-claims
+                (-> new-token :body (json/read-str :key-fn keyword) :auth-token)
+                (get-in @jwt-fixture/test-system [:xiana/jwt :auth]))))))
+
diff --git a/examples/jwt/test/jwt_fixture.clj b/examples/jwt/test/jwt_fixture.clj
@@ -3,9 +3,13 @@
     [app.core :refer [app-cfg ->system]]
     [piotr-yuxuan.closeable-map :refer [closeable-map]]))
 
+(defonce test-system (atom {}))
+
 (defn std-system-fixture
   [f]
-  (with-open [_ (-> app-cfg
-                    ->system
-                    closeable-map)]
-    (f)))
+  (with-open [_ (reset! test-system
+                        (-> app-cfg
+                            ->system
+                            closeable-map))]
+    (f)
+    (reset! test-system {})))
diff --git a/src/xiana/db.clj b/src/xiana/db.clj
@@ -203,4 +203,9 @@
                      query (into (execute datasource query))
                      db-queries (into (multi-execute! datasource db-queries))
                      :always seq)]
-       (assoc-in state [:response-data :db-data] db-data)))})
+       (assoc-in state [:response-data :db-data] db-data)))
+   :error
+   (fn [state]
+     (merge state
+            {:response {:status 500
+                        :body   (pr-str (:error state))}}))})
diff --git a/src/xiana/interceptor.clj b/src/xiana/interceptor.clj
@@ -3,6 +3,8 @@
   (:require
     [clojure.pprint :refer [pprint]]
     [clojure.walk :refer [keywordize-keys]]
+    [malli.core :as m]
+    [malli.transform :as mt]
     [ring.middleware.params :as middleware.params]
     [xiana.interceptor.muuntaja :as muuntaja]
     [xiana.session :as session])
@@ -140,3 +142,43 @@
             (if (get-request? request)
               (update state :request dissoc :body :body-params)
               state))})
+
+(defn- valid? [?schema data]
+  (let [value (m/decode ?schema data (mt/transformer
+                                       (mt/json-transformer)
+                                       (mt/string-transformer)
+                                       (mt/strip-extra-keys-transformer)))
+        details (m/explain ?schema value)]
+    (if (nil? details)
+      value
+      (throw (ex-info "Request schema validation error"
+                      {:xiana/response {:status 400
+                                        :body   (pr-str details)}})))))
+
+(def coercion
+  "On enter: validates request parameters
+  On leave: validates response body
+  on request error: responds {:status 400, :body \"Request coercion failed\"}
+  on response error: responds {:status 400, :body \"Response validation failed\"}"
+  {:enter (fn [state]
+            (if (= :options (-> state :request :request-method))
+              state
+              (let [path (get-in state [:request-data :match :path-params])
+                    query (get-in state [:request :query-params])
+                    form-params (or (not-empty (get-in state [:request :form-params]))
+                                    (not-empty (get-in state [:request :multipart-params]))
+                                    (not-empty (get-in state [:request :body-params])))
+                    method (get-in state [:request :request-method])
+                    schemas (merge (get-in state [:request-data :match :data :parameters])
+                                   (get-in state [:request-data :match :data method :parameters]))
+                    cc (cond-> {}
+                         (:path schemas)
+                         (assoc :path (valid? (:path schemas) path))
+
+                         (:query schemas)
+                         (assoc :query (valid? (:query schemas) query))
+
+                         (:form schemas)
+                         (assoc :form (valid? (:form schemas) form-params)))]
+
+                (update-in state [:request :params] merge cc))))})
diff --git a/src/xiana/jwt/action.clj b/src/xiana/jwt/action.clj
@@ -0,0 +1,10 @@
+(ns xiana.jwt.action
+  (:require
+    [xiana.jwt :as jwt]))
+
+(defn refresh-token
+  [state]
+  (let [jwt-authentication (get-in state [:session-data :jwt-authentication])
+        cfg (get-in state [:deps :xiana/jwt :auth])
+        jwt-token (jwt/sign :claims jwt-authentication cfg)]
+    (assoc state :response {:status 200 :body {:auth-token jwt-token}})))