adds judging auth endpoint; removes broken code from tartanhacks (#144)

* adds judging auth endpoint * make judge field optional * changes return status to unauthorized on incorrect email * removed broken code from tartanhacks * removed changes to reg login
ScottyLabs · Mar 12, 2024 · bb2a693 · bb2a693
1 parent 4290950
commit bb2a693
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 17 deletions.
diff --git a/.gitignore b/.gitignore
@@ -24,4 +24,7 @@ npm-debug.log*
 # Istanbul output
 .nyc_output/
 .vscode/
-coverage
+coverage
+
+# asdf
+.tool-versions
diff --git a/src/_types/User.d.ts b/src/_types/User.d.ts
@@ -10,6 +10,7 @@ export interface IUser extends Document {
   email: string;
   password: string;
   admin: boolean;
+  judge?: boolean;
   name?: string;
   company?: ObjectId;
   lastLogin?: Date;

diff --git a/src/controllers/AuthController.ts b/src/controllers/AuthController.ts
@@ -4,7 +4,7 @@
 import { Request, Response } from "express";
 import { ObjectId } from "bson";
 import User from "../models/User";
-import { bad, error, notFound } from "../util/error";
+import { bad, error, notFound, unauthorized } from "../util/error";
 import * as EmailController from "./EmailController";
 import { isRegistrationOpen } from "./SettingsController";
 import { getByCode, getByToken } from "./UserController";
@@ -91,6 +91,48 @@ const loginWithInfo = async (
   }
 };
 
+/**
+ * Login with email and password, returning data
+ * in the format expected by judging
+ * @param email email of the account to login
+ * @param password email of the password to login
+ */
+export const loginJudging = async (
+  req: Request,
+  res: Response
+): Promise<void> => {
+  const { email: emailRaw, password } = req.body as {
+    email: string;
+    password: string;
+  };
+  const email = emailRaw?.trim()?.toLowerCase();
+  // Login with email & password
+  if (!email || !password) {
+    return bad(res, "Missing email or password");
+  } else {
+    const incorrectString = "Incorrect email or password";
+    try {
+      const user = await User.findOne({ email });
+      if (!user) {
+        return unauthorized(res, incorrectString);
+      } else {
+        if (!user.checkPassword(password)) {
+          return unauthorized(res, incorrectString);
+        } else {
+          // Return json of user without password hash
+          const json = {
+            isAdmin: user.admin,
+            userType: user.judge ? "JUDGE" : "PARTICIPANT",
+          };
+          res.json(json);
+        }
+      }
+    } catch (err) {
+      error(res, err);
+    }
+  }
+};
+
 /**
  * Login a user with email and password or with a token in the header
  */

diff --git a/src/controllers/CheckInController.ts b/src/controllers/CheckInController.ts
@@ -15,7 +15,6 @@ import {
 
 import Project from "../models/Project";
 import { findUserTeam } from "./TeamController";
-import axios from "axios";
 
 export const recalculatePoints = async (
   req: Request,
@@ -277,18 +276,6 @@ export const checkInUser = async (
     await checkIn.save();
     await profile.save();
 
-    if (item._id.equals(process.env.EXPO_EVENT_ID)) {
-      // checking into judging expo
-      const team = await findUserTeam(user._id);
-      const project = await Project.findOne({ team: team._id });
-      const judgingUrl = process.env.JUDGING_URL;
-      axios.put(`${judgingUrl}/checkin?helixProjectId=${project._id}`, {
-        headers: {
-          authorization: process.env.JUDGING_TOKEN,
-        },
-      });
-    }
-
     const json = checkIn.toJSON();
     res.json(json);
   } catch (err) {

diff --git a/src/routes/auth.ts b/src/routes/auth.ts
@@ -6,6 +6,7 @@ import {
   resetPassword,
   sendPasswordResetEmail,
   verify,
+  loginJudging,
 } from "../controllers/AuthController";
 import { asyncCatch } from "../util/asyncCatch";
 import { getUserByVerificationCode } from "../controllers/AuthController";
@@ -85,12 +86,41 @@ router.post("/register", asyncCatch(register));
  *          description: Success.
  *       403:
  *          description: Unauthorized.
- *       404:
- *          description: User does not exist.
  *       500:
  *          description: Internal Server Error.
  */
 router.post("/login", asyncCatch(login));
+/**
+ * @swagger
+ * /auth/login/judging:
+ *   post:
+ *     summary: Login user, returning data in the format expected by judging
+ *     tags: [Authentication Module]
+ *     description: > Verifies user credentials. Username and password must be specified
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             properties:
+ *               email:
+ *                 type: string
+ *                 format: email
+ *               password:
+ *                 type: string
+ *                 format: password
+ *     responses:
+ *       200:
+ *          description: Success.
+ *       400:
+ *          description: Malformed request.
+ *       403:
+ *          description: Incorrect email or password
+ *       500:
+ *          description: Internal Server Error.
+ */
+router.post("/login/judging", asyncCatch(loginJudging));
 
 /**
  * @swagger