From 69777ad1cb96456159a92ef7a1ac899b4041a2ad Mon Sep 17 00:00:00 2001
From: gparant <g.parant@thecodingmachine.com>
Date: Sun, 10 May 2020 17:31:27 +0200
Subject: [PATCH] Remove middleware to secure access API.

---
 back/src/App.ts                               | 19 +++++++----
 back/src/Controller/MapController.ts          |  3 +-
 back/src/Middleware/AuthenticateMiddleware.ts | 32 -------------------
 front/src/Connexion.ts                        | 20 ++++++------
 front/src/Phaser/Login/LogincScene.ts         | 24 +++++++-------
 5 files changed, 38 insertions(+), 60 deletions(-)
 delete mode 100644 back/src/Middleware/AuthenticateMiddleware.ts

diff --git a/back/src/App.ts b/back/src/App.ts
index 27006d8..06e08ca 100644
--- a/back/src/App.ts
+++ b/back/src/App.ts
@@ -6,27 +6,28 @@ import {Application, Request, Response} from 'express';
 import bodyParser = require('body-parser');
 import * as http from "http";
 import {MapController} from "./Controller/MapController";
-import {AuthenticateMiddleware} from "./Middleware/AuthenticateMiddleware";
 
 class App {
     public app: Application;
     public server: http.Server;
     public ioSocketController: IoSocketController;
     public authenticateController: AuthenticateController;
-    //public AuthenticateMiddleware: AuthenticateMiddleware;
     public mapController: MapController;
 
     constructor() {
         this.app = express();
 
         //config server http
-        this.config();
         this.server = http.createServer(this.app);
 
+        this.config();
+        this.crossOrigin();
+
+        //TODO add middleware with access token to secure api
+
         //create socket controllers
         this.ioSocketController = new IoSocketController(this.server);
         this.authenticateController = new AuthenticateController(this.app);
-        //this.AuthenticateMiddleware = new AuthenticateMiddleware(this.app);
         this.mapController = new MapController(this.app);
     }
 
@@ -34,9 +35,15 @@ class App {
     private config(): void {
         this.app.use(bodyParser.json());
         this.app.use(bodyParser.urlencoded({extended: false}));
+    }
+
+    private crossOrigin(){
         this.app.use((req: Request, res: Response, next) => {
-            res.header("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
-            res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+            res.setHeader("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
+            // Request methods you wish to allow
+            res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
+            // Request headers you wish to allow
+            res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
             next();
         });
     }
diff --git a/back/src/Controller/MapController.ts b/back/src/Controller/MapController.ts
index 2e35d5a..5a19644 100644
--- a/back/src/Controller/MapController.ts
+++ b/back/src/Controller/MapController.ts
@@ -1,5 +1,4 @@
 import express from "express";
-import path from "path";
 import {Application, Request, Response} from "express";
 import {OK} from "http-status-codes";
 import {ROOM_STARTED, ROOMS, URL_ROOM_STARTED} from "../Enum/EnvironmentVariable";
@@ -9,7 +8,7 @@ export class MapController {
 
     constructor(App: Application) {
         this.App = App;
-        this.getMpas();
+        this.getMaps();
         this.assetMaps();
     }
 
diff --git a/back/src/Middleware/AuthenticateMiddleware.ts b/back/src/Middleware/AuthenticateMiddleware.ts
deleted file mode 100644
index e482eaa..0000000
--- a/back/src/Middleware/AuthenticateMiddleware.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import {Application, Request, Response} from "express";
-import {BAD_REQUEST} from "http-status-codes";
-import Jwt, {JsonWebTokenError} from "jsonwebtoken";
-import {SECRET_KEY} from "../Enum/EnvironmentVariable";
-
-export class AuthenticateMiddleware{
-    App: Application;
-
-    constructor(App: Application) {
-        this.App = App;
-        this.tokenVerification();
-    }
-
-    tokenVerification() {
-        this.App.use((req: Request, res: Response, next: any) => {
-            let token = req.header("Access-Token");
-            if (!token) {
-                return res.status(BAD_REQUEST).send({
-                    message: "you must to be connected to get the map"
-                });
-            }
-            return Jwt.verify(token, SECRET_KEY, (err: JsonWebTokenError, tokenDecoded: object) => {
-                if (err) {
-                    return res.status(BAD_REQUEST).send({
-                        message: "you must to be connected to get the map"
-                    });
-                }
-                return next();
-            });
-        })
-    }
-}
diff --git a/front/src/Connexion.ts b/front/src/Connexion.ts
index d1c3938..e7d07ef 100644
--- a/front/src/Connexion.ts
+++ b/front/src/Connexion.ts
@@ -2,7 +2,7 @@ import {GameManager} from "./Phaser/Game/GameManager";
 
 const SocketIo = require('socket.io-client');
 import Axios from "axios";
-import {API_URL, ROOM} from "./Enum/EnvironmentVariable";
+import {API_URL} from "./Enum/EnvironmentVariable";
 
 enum EventMessage{
     WEBRTC_SIGNAL = "webrtc-signal",
@@ -211,14 +211,16 @@ export class Connexion implements ConnexionInterface {
                 throw err;
             });
     }
-    
-    loadMaps() : Promise<any>{
-        return Axios.get(`${API_URL}/maps`).then((res) => {
-            return res.data;
-        }).catch((err) => {
-            console.error(err);
-            throw err;
-        });
+
+    //TODO add middleware with access token to secure api
+    loadMaps() : Promise<any> {
+        return Axios.get(`${API_URL}/maps`)
+            .then((res) => {
+                return res.data;
+            }).catch((err) => {
+                console.error(err);
+                throw err;
+            });
     }
 
     /**
diff --git a/front/src/Phaser/Login/LogincScene.ts b/front/src/Phaser/Login/LogincScene.ts
index dc57741..b747fdf 100644
--- a/front/src/Phaser/Login/LogincScene.ts
+++ b/front/src/Phaser/Login/LogincScene.ts
@@ -93,17 +93,19 @@ export class LogincScene extends Phaser.Scene implements GameSceneInterface {
     }
 
     private async login(name: string) {
-        Promise.all([
-            gameManager.connect(name, this.selectedPlayer.texture.key),
-            gameManager.loadMaps()
-        ]).then((data) => {
-            if (!data) {
-                return;
-            }
-            let scene: any = data[1];
-            let game = new GameScene(scene.mapStart.key, `${API_URL}${scene.mapStart.url}`);
-            this.scene.add(scene.mapStart.key, game, false);
-            this.scene.start(scene.mapStart.key);
+        return gameManager.connect(name, this.selectedPlayer.texture.key).then(() => {
+            return gameManager.loadMaps().then((scene : any) => {
+                if (!scene) {
+                    return;
+                }
+                let game = new GameScene(scene.mapStart.key, `${API_URL}${scene.mapStart.url}`);
+                this.scene.add(scene.mapStart.key, game, false);
+                this.scene.start(scene.mapStart.key);
+                return scene;
+            }).catch((err) => {
+                console.error(err);
+                throw err;
+            });
         }).catch((err) => {
             console.error(err);
             throw err;
-- 
2.25.1