add middleware for redirection

next.config.js

@@ -12,6 +12,7 @@ const nextConfig = {
 		NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT,
 		NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT,
 		NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
+		ACCESS_TOKEN_PUBLIC_KEY: process.env.ACCESS_TOKEN_PUBLIC_KEY,
 	},
 	// webpack: config => {
 	// 	config.node = {

package.json

@@ -23,8 +23,10 @@
 		"eslint": "8.36.0",
 		"eslint-config-next": "13.2.4",
 		"form-data": "^4.0.0",
+		"jose": "^4.14.6",
+		"jsonwebtoken": "^9.0.2",
 		"jwt-decode": "^3.1.2",
-		"le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.68",
+		"le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.69",
 		"next": "13.2.4",
 		"prettier": "^2.8.7",
 		"react": "18.2.0",
@@ -33,5 +35,8 @@
 		"sass": "^1.59.2",
 		"sharp": "^0.32.1",
 		"typescript": "4.9.5"
+	},
+	"devDependencies": {
+		"@types/jsonwebtoken": "^9.0.2"
 	}
 }

src/front/Api/Auth/Id360/index.ts

@@ -0,0 +1,30 @@
+import BaseApiService from "@Front/Api/BaseApiService";
+//import { FrontendVariables } from "@Front/Config/VariablesFront";
+
+export default class Auth extends BaseApiService {
+	private static instance: Auth;
+
+	private constructor() {
+		super();
+	}
+
+	public static getInstance(): Auth {
+		return (this.instance = this.instance ?? new this());
+	}
+
+	// public async login(): {
+
+	// }
+
+	// public async getIdnotJwt(autorizationCode: string | string[]): Promise<any> {
+	// 	const variables = FrontendVariables.getInstance();
+	// 	const baseBackUrl = variables.BACK_API_PROTOCOL + variables.BACK_API_HOST;
+	// 	const url = new URL(`${baseBackUrl}/api/v1/idnot-user/${autorizationCode}`);
+	// 	try {
+	// 		return await this.postRequest<any>(url);
+	// 	} catch (err) {
+	// 		this.onError(err);
+	// 		return Promise.reject(err);
+	// 	}
+	// }
+}

src/front/Api/Auth/IdNot/User.ts

@@ -2,7 +2,7 @@ import BaseApiService from "@Front/Api/BaseApiService";
 
 export default class User extends BaseApiService {
 	private static instance: User;
-	private readonly baseURl = this.getBaseUrl().concat("/idnot/user");
+	private readonly baseURl = `${this.getBaseUrl()}/idnot/user`;
 
 	private constructor() {
 		super();
@@ -17,7 +17,18 @@ export default class User extends BaseApiService {
 	}
 
 	public async login(uid: string) {
-		const url = new URL(this.baseURl.concat("/login/").concat(uid));
+		const url = new URL(`${this.baseURl}/login/${uid}`);
+		try {
+			return await this.postRequest(url);
+		} catch (err) {
+			this.onError(err);
+			return Promise.reject(err);
+		}
+	}
+
+	public async verifyJwt(jwt: string) {
+		console.log(this.baseURl);
+		const url = new URL(`${this.baseURl}/verify-token/${jwt}`);
 		try {
 			return await this.postRequest(url);
 		} catch (err) {
@@ -27,7 +38,7 @@ export default class User extends BaseApiService {
 	}
 
 	public async refreshToken(refreshToken: string): Promise<{ accessToken: string }> {
-		const url = new URL(this.baseURl.concat("/refresh-token"));
+		const url = new URL(`${this.baseURl}/refresh-token`);
 		try {
 			return await this.postRequest(url, {}, refreshToken);
 		} catch (err) {

src/front/Api/BaseApiService.ts

@@ -11,13 +11,13 @@ export default abstract class BaseApiService {
 
 	protected constructor() {
 		BaseApiService.baseUrl ??=
-			FrontendVariables.getInstance().BACK_API_PROTOCOL +
-			FrontendVariables.getInstance().BACK_API_HOST +
-			FrontendVariables.getInstance().BACK_API_ROOT_URL +
-			FrontendVariables.getInstance().BACK_API_VERSION;
+			this.variables.BACK_API_PROTOCOL +
+			this.variables.BACK_API_HOST +
+			this.variables.BACK_API_ROOT_URL +
+			this.variables.BACK_API_VERSION;
 	}
 
-	protected getBaseUrl() {
+	protected getBaseUrl(): string {
 		return BaseApiService.baseUrl;
 	}
 

src/front/Components/LayoutTemplates/DefaultCollaboratorDashboard/index.tsx

@@ -91,7 +91,7 @@ export default class DefaultCollaboratorDashboard extends React.Component<IProps
 		const jwt = JwtService.getInstance().decodeJwt();
 		if (!jwt) return;
 		const query: IGetUsersparams = {
-			where: { office_uid: jwt!.office_Id },
+			where: { office_uid: jwt.office_Id },
 			include: { contact: true },
 		};
 

src/front/Components/Layouts/Login/index.tsx

@@ -19,7 +19,7 @@ export default function Login() {
 	const redirectUserOnConnection = useCallback(() => {
 		async function getUser() {
 			try {
-				await UserStore.instance.connect("jelkvelknvlkn");
+				await UserStore.instance.connect("er3ojfdlfnd");
 				await JwtService.getInstance().checkJwt();
 				router.push(Module.getInstance().get().modules.pages.Folder.props.path);
 			} catch (e) {

src/front/Services/JwtService/JwtService.ts

@@ -6,7 +6,7 @@ enum PROVIDER_OPENID {
 	idNot = "idNot",
 }
 
-interface IUserJwtPayload {
+export interface IUserJwtPayload {
 	userId: string;
 	email: string | null;
 	openId: {
@@ -19,6 +19,11 @@ interface IUserJwtPayload {
 	exp: number;
 }
 
+export interface ICustomerJwtPayload {
+	customerId: string;
+	email: string;
+}
+
 export default class JwtService {
 	private static instance: JwtService;
 	private constructor() {}

src/front/Stores/UserStore.ts

@@ -4,6 +4,7 @@ import User from "@Front/Api/Auth/IdNot/User";
 import Customer from "@Front/Api/Auth/franceConnect/Customer";
 import CookieService from "@Front/Services/CookieService/CookieService";
 import EventEmitter from "@Front/Services/EventEmitter";
+import JwtService from "@Front/Services/JwtService/JwtService";
 
 export default class UserStore {
 	public static readonly instance = new this();
@@ -17,6 +18,11 @@ export default class UserStore {
 		return !!this.accessToken;
 	}
 
+	public getRole(): string | undefined {
+		const decodedPayload = JwtService.getInstance().decodeJwt();
+		return decodedPayload?.role;
+	}
+
 	public async connect(idnotUid: string) {
 		try {
 			//call connection function

src/middleware.ts

@@ -0,0 +1,49 @@
+import { ICustomerJwtPayload, IUserJwtPayload } from "@Front/Services/JwtService/JwtService";
+import jwt_decode from "jwt-decode";
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+
+export async function middleware(request: NextRequest) {
+	const cookies = request.cookies.get("leCoffreAccessToken");
+	if (!cookies) return NextResponse.redirect(new URL("/login", request.url));
+	const userDecodedToken = jwt_decode(cookies.value) as IUserJwtPayload;
+	const customerDecodedToken = jwt_decode(cookies.value) as ICustomerJwtPayload;
+	if (!userDecodedToken && !customerDecodedToken) return NextResponse.redirect(new URL("/login", request.url));
+	const requestUrlPath = request.nextUrl.pathname;
+	if (
+		requestUrlPath.startsWith("/collaborators") ||
+		requestUrlPath.startsWith("/document-types") ||
+		requestUrlPath.startsWith("/customer") ||
+		requestUrlPath.startsWith("/offices") ||
+		requestUrlPath.startsWith("/roles") ||
+		requestUrlPath.startsWith("/users")
+	) {
+		if (userDecodedToken.role !== "admin" && userDecodedToken.role !== "super-admin")
+			return NextResponse.redirect(new URL("/404", request.url));
+	}
+	if (requestUrlPath.startsWith("/folders")) {
+		if (userDecodedToken.role !== "notary" && userDecodedToken.role !== "admin" && userDecodedToken.role !== "super-admin")
+			return NextResponse.redirect(new URL("/404", request.url));
+	}
+	if (requestUrlPath.startsWith("/my-account") && !userDecodedToken) return NextResponse.redirect(new URL("/404", request.url));
+
+	if (requestUrlPath.startsWith("/client-dashboard") || request.nextUrl.pathname.split("/")[2] !== customerDecodedToken.customerId)
+		return NextResponse.redirect(new URL("/404", request.url));
+
+	return NextResponse.next();
+}
+
+export const config = {
+	matcher: [
+		"/client-dashboard/:path*",
+		"/collaborators/:path*",
+		"/customer/:path*",
+		"/document-types/:path*",
+		"/folders/:path*",
+		"/my-account/:path*",
+		"/offices/:path*",
+		"/roles/:path*",
+		"/users/:path*",
+		"/",
+	],
+};