From 7ef68d030b8a62cf99f897ff8d95ccb62032fc00 Mon Sep 17 00:00:00 2001
From: vinchent <vinchent@vinchent.xyz>
Date: Mon, 19 Aug 2024 21:39:36 +0200
Subject: [PATCH] Checking authentication on the backend

---
 Makefile                               |  2 +-
 cmd/api/handlers-api.go                |  4 ++++
 cmd/api/routes-api.go                  |  1 +
 cmd/web/templates/terminal.page.gohtml |  4 +++-
 static/js/common.js                    | 29 ++++++++++++++++++++++++++
 5 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 3998900..ce92185 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 STRIPE_SECRET=$(shell sed '2q;d' cred.txt)
-STRIPE_KEY=$(shell sed '2q;d' cred.txt)
+STRIPE_KEY=$(shell sed '1q;d' cred.txt)
 GOSTRIPE_PORT=4000
 API_PORT=4001
 DSN=vinchent:secret@tcp(localhost:3306)/widgets?parseTime=true&tls=false
diff --git a/cmd/api/handlers-api.go b/cmd/api/handlers-api.go
index 2767fd6..9575f4f 100644
--- a/cmd/api/handlers-api.go
+++ b/cmd/api/handlers-api.go
@@ -297,3 +297,7 @@ func (app *application) CreateAuthToken(w http.ResponseWriter, r *http.Request)
 
 	_ = app.writeJSON(w, http.StatusOK, payload)
 }
+
+func (app *application) CheckAuthentication(w http.ResponseWriter, r *http.Request) {
+	app.invalidCredentials(w)
+}
diff --git a/cmd/api/routes-api.go b/cmd/api/routes-api.go
index ff14740..9e3e079 100644
--- a/cmd/api/routes-api.go
+++ b/cmd/api/routes-api.go
@@ -23,6 +23,7 @@ func (app *application) routes() http.Handler {
 	mux.Post("/api/create-customer-and-subscribe-to-plan", app.CreateCustomerAndSubscribeToPlan)
 
 	mux.Post("/api/authenticate", app.CreateAuthToken)
+	mux.Post("/api/is-authenticated", app.CheckAuthentication)
 
 	return mux
 }
diff --git a/cmd/web/templates/terminal.page.gohtml b/cmd/web/templates/terminal.page.gohtml
index 0ad8087..73f1212 100644
--- a/cmd/web/templates/terminal.page.gohtml
+++ b/cmd/web/templates/terminal.page.gohtml
@@ -76,8 +76,10 @@ Virtual Terminal
 {{ define "js" }}
 <script src="https://js.stripe.com/v3/"></script>
 <script type="module">
-    import {stripeInit} from "/static/js/common.js";
+    import {stripeInit, checkAuth} from "/static/js/common.js";
     import {val} from "/static/js/stripe.js"
+
+    checkAuth({{.API}});
     stripeInit('{{.StripePubKey}}');
     document.getElementById("charge_amount").addEventListener("change", (evt) => {
         if (evt.target.value !== "") {
diff --git a/static/js/common.js b/static/js/common.js
index c43bed5..00df869 100644
--- a/static/js/common.js
+++ b/static/js/common.js
@@ -62,3 +62,32 @@ export function stripeInit(pubKey) {
         });
     })();
 }
+
+export function checkAuth(api) {
+    if (localStorage.getItem("token") === null) {
+        location.href = "/login";
+        return
+    } else {
+        let token = localStorage.getItem("token")
+        const myHeaders = new Headers();
+        myHeaders.append("Content-Type", "application/json");
+        myHeaders.append("Authorization", "Bearer " + token);
+
+        const requestOptions = {
+            method: "POST",
+            Headers: myHeaders,
+        }
+
+        fetch(api + "/api/is-authenticated", requestOptions)
+        .then(response => response.json())
+            .then(function(data) {
+                if (data.error === true) {
+                    console.log("not logged in");
+                    location.href = "/login"
+                } else {
+                    console.log("Logged in");
+                }
+            })
+    }
+}
+