Overhaul auth management (#35)

* Overhaul auth management Update MSAL integration, mirrors changes we did to OPGEE with some PACTA-specific differences * Add logging defaults
RMI-PACTA · Oct 11, 2023 · cb51418 · cb51418
1 parent bd972e1
commit cb51418
Show file tree

Hide file tree

Showing 14 changed files with 382 additions and 291 deletions.
diff --git a/frontend/.eslintrc.json b/frontend/.eslintrc.json
@@ -1,7 +1,8 @@
 {
   "env": {
     "browser": true,
-    "es2021": true
+    "es2021": true,
+    "node": true
   },
   "ignorePatterns": [
     "openapi/generated/**/*.ts"
@@ -34,6 +35,7 @@
         "commentPattern": "fallthrough"
       }
     ],
+    "no-useless-return": 0,
     "@typescript-eslint/explicit-function-return-type": 0,
     "@typescript-eslint/strict-boolean-expressions": 0,
     "@typescript-eslint/promise-function-async": 0,

diff --git a/frontend/composables/useAPI.ts b/frontend/composables/useAPI.ts
@@ -1,45 +1,46 @@
-import { UserClient, type DefaultService as UserDefaultService } from '@/openapi/generated/user'
-import { PACTAClient, type DefaultService as PACTADefaultService } from '@/openapi/generated/pacta'
+import { UserClient } from '@/openapi/generated/user'
+import { PACTAClient } from '@/openapi/generated/pacta'
 
-interface API {
-  userClient: UserDefaultService
-  pactaClient: PACTADefaultService
-  userClientWithCustomToken: (tkn: string) => UserDefaultService
-}
+import type { BaseHttpRequest } from '@/openapi/generated/pacta/core/BaseHttpRequest'
+import type { OpenAPIConfig } from '@/openapi/generated/pacta/core/OpenAPI'
+
+type HttpRequestConstructor = new (config: OpenAPIConfig) => BaseHttpRequest
 
-export const useAPI = (): API => {
+// Note: This is a low-level composable intended to be used by other
+// composables, like usePACTA or useMSAL, it probably shouldn't be used by end
+// clients.
+export const useAPI = () => {
   const { public: { apiServerURL, authServerURL } } = useRuntimeConfig()
+
   const baseCfg = {
     CREDENTIALS: 'include' as const, // To satisfy typing of 'include' | 'same-origin' | etc
     WITH_CREDENTIALS: true,
   }
 
-  // If we're on the server, forward our cookie header along to the backend
-  // API for auth. We don't do this for the UserClient because it uses separate
-  // auth.
-  let headers: Record<string, string> = {}
-  if (process.server) {
-    headers = useRequestHeaders(['cookie'])
-  }
-
-  const userCfg = {
-    ...baseCfg,
-    BASE: authServerURL,
-  }
-  const userClient = new UserClient(userCfg)
-
-  const pactaClient = new PACTAClient({
+  const pactaCfg = {
     ...baseCfg,
     BASE: apiServerURL,
-    HEADERS: headers,
-  })
+  }
 
   return {
-    userClient: userClient.default,
-    pactaClient: pactaClient.default,
-    userClientWithCustomToken: (tkn: string) => {
+    // The three different PACTA clients are for authentication in different
+    // cases (client/server, cookies/no cookies, etc).
+    pactaClient: new PACTAClient(pactaCfg).default,
+    pactaClientWithHttpRequestClass: (req: HttpRequestConstructor) => {
+      return new PACTAClient(pactaCfg, req).default
+    },
+    pactaClientWithAuth: (tkn: string) => {
+      return new PACTAClient({
+        ...pactaCfg,
+        TOKEN: tkn,
+      }).default
+    },
+    // Auth for the user service comes from Azure and needs to be manually
+    // appended to each UserService request.
+    userClientWithAuth: (tkn: string) => {
       const newCfg = {
-        ...userCfg,
+        ...baseCfg,
+        BASE: authServerURL,
         TOKEN: tkn,
       }
       return new UserClient(newCfg).default