From 2bde8b850a566c47bc0499f8613d2899399d1479 Mon Sep 17 00:00:00 2001
From: Tom <mail@goblincaves.com>
Date: Thu, 31 Oct 2024 05:33:11 +0000
Subject: [PATCH] Added impersonation. More data available via auth service
 about the user. Added admin auth guard.

---
 src/app/app.component.html                    |  2 +-
 src/app/app.component.ts                      |  4 +-
 src/app/app.routes.ts                         |  6 +-
 src/app/hermes-client.service.ts              |  5 +-
 .../impersonation.component.html              | 19 +++++
 .../impersonation.component.scss              |  0
 .../impersonation.component.spec.ts           | 23 ++++++
 .../impersonation/impersonation.component.ts  | 82 +++++++++++++++++++
 src/app/navigation/navigation.component.html  |  7 +-
 src/app/navigation/navigation.component.ts    | 12 ++-
 .../policy-table/policy-table.component.ts    |  1 -
 .../{auth.guard.ts => auth.admin.guard.ts}    | 10 +--
 src/app/shared/auth/auth.user.guard.ts        | 15 ++++
 .../api/api-authentication.service.ts         | 53 +++++++-----
 src/app/tts-login/tts-login.component.html    |  4 +-
 src/app/tts-login/tts-login.component.ts      | 22 ++++-
 16 files changed, 218 insertions(+), 47 deletions(-)
 create mode 100644 src/app/impersonation/impersonation.component.html
 create mode 100644 src/app/impersonation/impersonation.component.scss
 create mode 100644 src/app/impersonation/impersonation.component.spec.ts
 create mode 100644 src/app/impersonation/impersonation.component.ts
 rename src/app/shared/auth/{auth.guard.ts => auth.admin.guard.ts} (69%)
 create mode 100644 src/app/shared/auth/auth.user.guard.ts

diff --git a/src/app/app.component.html b/src/app/app.component.html
index bf4f620..c906b11 100644
--- a/src/app/app.component.html
+++ b/src/app/app.component.html
@@ -1,4 +1,4 @@
 <main class="main">
     <navigation class="navigation" />
-        <router-outlet class="content" />
+    <router-outlet class="content" />
 </main>
\ No newline at end of file
diff --git a/src/app/app.component.ts b/src/app/app.component.ts
index 20620ad..8b8851a 100644
--- a/src/app/app.component.ts
+++ b/src/app/app.component.ts
@@ -3,7 +3,7 @@ import { Component, OnInit, Inject, PLATFORM_ID, NgZone, OnDestroy } from '@angu
 import { Router, RouterOutlet } from '@angular/router';
 import { FormsModule } from '@angular/forms'
 import { HermesClientService } from './hermes-client.service';
-import { AuthGuard } from './shared/auth/auth.guard'
+import { AuthUserGuard } from './shared/auth/auth.user.guard'
 import { Subscription } from 'rxjs';
 import { PolicyComponent } from "./policy/policy.component";
 import { NavigationComponent } from "./navigation/navigation.component";
@@ -14,7 +14,7 @@ import { ApiAuthenticationService } from './shared/services/api/api-authenticati
     selector: 'app-root',
     standalone: true,
     imports: [RouterOutlet, CommonModule, FormsModule, PolicyComponent, NavigationComponent],
-    providers: [AuthGuard],
+    providers: [AuthUserGuard],
     templateUrl: './app.component.html',
     styleUrl: './app.component.scss'
 })
diff --git a/src/app/app.routes.ts b/src/app/app.routes.ts
index 585ecc8..b1373a8 100644
--- a/src/app/app.routes.ts
+++ b/src/app/app.routes.ts
@@ -1,6 +1,6 @@
 import { Routes } from '@angular/router';
 import { PolicyComponent } from './policy/policy.component';
-import { AuthGuard } from './shared/auth/auth.guard';
+import { AuthUserGuard } from './shared/auth/auth.user.guard';
 import { LoginComponent } from './login/login.component';
 import { TtsLoginComponent } from './tts-login/tts-login.component';
 import { TwitchAuthCallbackComponent } from './twitch-auth-callback/twitch-auth-callback.component';
@@ -9,7 +9,7 @@ export const routes: Routes = [
     {
         path: 'policies',
         component: PolicyComponent,
-        canActivate: [AuthGuard],
+        canActivate: [AuthUserGuard],
     },
     {
         path: 'login',
@@ -18,7 +18,7 @@ export const routes: Routes = [
     {
         path: 'tts-login',
         component: TtsLoginComponent,
-        canActivate: [AuthGuard],
+        canActivate: [AuthUserGuard],
     },
     {
         path: 'auth',
diff --git a/src/app/hermes-client.service.ts b/src/app/hermes-client.service.ts
index eef3710..6eb10fa 100644
--- a/src/app/hermes-client.service.ts
+++ b/src/app/hermes-client.service.ts
@@ -42,8 +42,9 @@ export class HermesClientService {
         if (!this.connected)
             return;
 
-        this.socket.close();
         this.connected = false;
+        this.logged_in = false;
+        this.socket.close();
         this.events.emit('tts_logoff', null);
     }
 
@@ -58,6 +59,8 @@ export class HermesClientService {
 	}
 
 	public login(api_key: string) {
+        if (!this.connected)
+            this.connect();
         if (this.logged_in)
             return;
         
diff --git a/src/app/impersonation/impersonation.component.html b/src/app/impersonation/impersonation.component.html
new file mode 100644
index 0000000..070a2a1
--- /dev/null
+++ b/src/app/impersonation/impersonation.component.html
@@ -0,0 +1,19 @@
+@if (isAdmin()) {
+<mat-card appearance="outlined">
+	<mat-card-header>
+		<mat-card-title> Impersonation</mat-card-title>
+		<mat-card-subtitle>Impersonate as another user</mat-card-subtitle>
+	</mat-card-header>
+	<mat-card-actions>
+		<mat-form-field>
+			<mat-label>User to impersonate</mat-label>
+			<mat-select (selectionChange)="onChange($event)" [(value)]="impersonated">
+				<mat-option>{{getUsername()}}</mat-option>
+				@for (user of users; track user) {
+					<mat-option [value]="user.id">{{ user.name }}</mat-option>
+				}
+			</mat-select>
+		</mat-form-field>
+	</mat-card-actions>
+</mat-card>
+}
\ No newline at end of file
diff --git a/src/app/impersonation/impersonation.component.scss b/src/app/impersonation/impersonation.component.scss
new file mode 100644
index 0000000..e69de29
diff --git a/src/app/impersonation/impersonation.component.spec.ts b/src/app/impersonation/impersonation.component.spec.ts
new file mode 100644
index 0000000..3eda4a3
--- /dev/null
+++ b/src/app/impersonation/impersonation.component.spec.ts
@@ -0,0 +1,23 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { ImpersonationComponent } from './impersonation.component';
+
+describe('ImpersonationComponent', () => {
+  let component: ImpersonationComponent;
+  let fixture: ComponentFixture<ImpersonationComponent>;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [ImpersonationComponent]
+    })
+    .compileComponents();
+
+    fixture = TestBed.createComponent(ImpersonationComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('should create', () => {
+    expect(component).toBeTruthy();
+  });
+});
diff --git a/src/app/impersonation/impersonation.component.ts b/src/app/impersonation/impersonation.component.ts
new file mode 100644
index 0000000..1ee6107
--- /dev/null
+++ b/src/app/impersonation/impersonation.component.ts
@@ -0,0 +1,82 @@
+import { Component, Inject, OnInit, PLATFORM_ID } from '@angular/core';
+import { ApiAuthenticationService } from '../shared/services/api/api-authentication.service';
+import { MatCardModule } from '@angular/material/card';
+import { MatSelectModule } from '@angular/material/select';
+import { HttpClient } from '@angular/common/http';
+import { isPlatformBrowser } from '@angular/common';
+import { environment } from '../../environments/environment';
+import EventService from '../shared/services/EventService';
+import { HermesClientService } from '../hermes-client.service';
+import { Router } from '@angular/router';
+
+@Component({
+    selector: 'impersonation',
+    standalone: true,
+    imports: [MatCardModule, MatSelectModule],
+    templateUrl: './impersonation.component.html',
+    styleUrl: './impersonation.component.scss'
+})
+export class ImpersonationComponent implements OnInit {
+    impersonated: string | undefined;
+    users: { id: string, name: string }[];
+
+    constructor(private hermes: HermesClientService, private auth: ApiAuthenticationService, private router: Router, private events: EventService, private http: HttpClient, @Inject(PLATFORM_ID) private platformId: Object) {
+        this.users = []
+    }
+
+    ngOnInit(): void {
+        if (!isPlatformBrowser(this.platformId)) {
+            return;
+        }
+
+        this.http.get(environment.API_HOST + '/admin/users', {
+            headers: {
+                'Authorization': 'Bearer ' + localStorage.getItem('jwt')
+            }
+        }).subscribe((data: any) => {
+            this.users = data.filter((d: any) => d.name != this.auth.getUsername());
+            const id = this.auth.getImpersonatedId();
+            if (this.users.find(u => u.id == id)) {
+                this.impersonated = id;
+            }
+        });
+    }
+
+    public isAdmin() {
+        return this.auth.isAdmin();
+    }
+
+    public getUsername() {
+        return this.auth.getUsername();
+    }
+
+    public onChange(e: any) {
+        console.log('impersonate befre', e.value);
+        if (!e.value) {
+            this.http.delete(environment.API_HOST + '/admin/impersonate', {
+                headers: {
+                    'Authorization': 'Bearer ' + localStorage.getItem('jwt')
+                },
+                body: {
+                    impersonation: e.value
+                }
+            }).subscribe((data: any) => {
+                this.hermes.disconnect();
+                this.events.emit('impersonation', e.value);
+                this.router.navigate(['/tts-login']);
+            });
+        } else {
+            this.http.put(environment.API_HOST + '/admin/impersonate', {
+                impersonation: e.value
+            }, {
+                headers: {
+                    'Authorization': 'Bearer ' + localStorage.getItem('jwt')
+                }
+            }).subscribe((data: any) => {
+                this.hermes.disconnect();
+                this.events.emit('impersonation', e.value);
+                this.router.navigate(['/tts-login']);
+            });
+        }
+    }
+}
diff --git a/src/app/navigation/navigation.component.html b/src/app/navigation/navigation.component.html
index beadf50..9f59bf9 100644
--- a/src/app/navigation/navigation.component.html
+++ b/src/app/navigation/navigation.component.html
@@ -1,10 +1,11 @@
 <nav>
+    <impersonation />
     <ul>
         <li>
             <a
                 routerLink="/login"
                 routerLinkActive="active"
-                *ngIf="!twitch_logged_in">
+                *ngIf="!isLoggedIn()">
                 Login
             </a>
         </li>
@@ -12,7 +13,7 @@
             <a
                 routerLink="/tts-login"
                 routerLinkActive="active"
-                *ngIf="twitch_logged_in && !tts_logged_in">
+                *ngIf="isLoggedIn() && !isTTSLoggedIn()">
                 TTS Login
             </a>
         </li>
@@ -20,7 +21,7 @@
             <a
                 routerLink="/policies"
                 routerLinkActive="active"
-                *ngIf="twitch_logged_in && tts_logged_in">
+                *ngIf="isLoggedIn() && isTTSLoggedIn()">
                 Policies
             </a>
         </li>
diff --git a/src/app/navigation/navigation.component.ts b/src/app/navigation/navigation.component.ts
index 3712df4..e93eb80 100644
--- a/src/app/navigation/navigation.component.ts
+++ b/src/app/navigation/navigation.component.ts
@@ -3,22 +3,28 @@ import { RouterModule } from '@angular/router';
 import { CommonModule } from '@angular/common';
 import { HermesClientService } from '../hermes-client.service';
 import { ApiAuthenticationService } from '../shared/services/api/api-authentication.service';
+import { ImpersonationComponent } from '../impersonation/impersonation.component';
+import { MatCardModule } from '@angular/material/card';
 
 @Component({
   selector: 'navigation',
   standalone: true,
-  imports: [CommonModule, RouterModule],
+  imports: [CommonModule, RouterModule, ImpersonationComponent, MatCardModule],
   templateUrl: './navigation.component.html',
   styleUrl: './navigation.component.scss'
 })
 export class NavigationComponent {
     constructor(private auth: ApiAuthenticationService, private hermes: HermesClientService) { }
 
-    get twitch_logged_in() {
+    isLoggedIn() {
         return this.auth.isAuthenticated();
     }
 
-    get tts_logged_in() {
+    isAdmin() {
+        return this.isLoggedIn() && this.auth.isAdmin()
+    }
+
+    isTTSLoggedIn() {
         return this.hermes?.logged_in ?? false;
     }
 }
diff --git a/src/app/policy-table/policy-table.component.ts b/src/app/policy-table/policy-table.component.ts
index 11e7024..5f6780c 100644
--- a/src/app/policy-table/policy-table.component.ts
+++ b/src/app/policy-table/policy-table.component.ts
@@ -83,7 +83,6 @@ export class PolicyTableComponent implements OnInit, OnDestroy {
                 }
             } else if (response.request.type == "get_permissions") {
                 this.groups = Object.assign({}, ...response.data.groups.map((g: any) => ({ [g.id]: g })));
-                console.log(this.groups);
             }
         });
         this.hermes.fetchPolicies();
diff --git a/src/app/shared/auth/auth.guard.ts b/src/app/shared/auth/auth.admin.guard.ts
similarity index 69%
rename from src/app/shared/auth/auth.guard.ts
rename to src/app/shared/auth/auth.admin.guard.ts
index 5043a29..9e426f3 100644
--- a/src/app/shared/auth/auth.guard.ts
+++ b/src/app/shared/auth/auth.admin.guard.ts
@@ -5,17 +5,11 @@ import { ApiAuthenticationService } from '../services/api/api-authentication.ser
 @Injectable({
     providedIn: 'root'
 })
-export class AuthGuard implements CanActivate {
+export class AuthAdminGuard implements CanActivate {
 
   constructor(private auth: ApiAuthenticationService, private router: Router) {}
 
   async canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
-    if (this.auth.isAuthenticated()) {
-      console.log('Valid OAuth');
-      return true;
-    }
-
-    console.log("Invalid OAuth");
-    return false;
+    return this.auth.isAuthenticated() && this.auth.isAdmin();
   }
 }
\ No newline at end of file
diff --git a/src/app/shared/auth/auth.user.guard.ts b/src/app/shared/auth/auth.user.guard.ts
new file mode 100644
index 0000000..ae0db33
--- /dev/null
+++ b/src/app/shared/auth/auth.user.guard.ts
@@ -0,0 +1,15 @@
+import { Injectable } from '@angular/core';
+import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from '@angular/router';
+import { ApiAuthenticationService } from '../services/api/api-authentication.service';
+
+@Injectable({
+  providedIn: 'root'
+})
+export class AuthUserGuard implements CanActivate {
+
+  constructor(private auth: ApiAuthenticationService, private router: Router) { }
+
+  async canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
+    return this.auth.isAuthenticated();
+  }
+}
\ No newline at end of file
diff --git a/src/app/shared/services/api/api-authentication.service.ts b/src/app/shared/services/api/api-authentication.service.ts
index 6a1f02b..2836ff3 100644
--- a/src/app/shared/services/api/api-authentication.service.ts
+++ b/src/app/shared/services/api/api-authentication.service.ts
@@ -6,11 +6,13 @@ import EventService from '../EventService';
   providedIn: 'root'
 })
 export class ApiAuthenticationService {
-    private authenticated: boolean;
-    private lastCheck: Date;
+  private authenticated: boolean;
+  private user: any;
+  private lastCheck: Date;
 
   constructor(private http: HttpClient, private events: EventService) {
     this.authenticated = false;
+    this.user = null;
     this.lastCheck = new Date();
   }
 
@@ -18,35 +20,48 @@ export class ApiAuthenticationService {
     return this.authenticated;
   }
 
+  isAdmin() {
+    return this.isAuthenticated() && this.user.role == 'ADMIN';
+  }
+
+  getImpersonatedId() {
+    return this.user.impersonation.id;
+  }
+
+  getUsername() {
+    return this.user.name;
+  }
+
   update() {
     const jwt = localStorage.getItem('jwt');
     if (!jwt) {
-        this.updateAuthenticated(false);
-        return;
+      this.updateAuthenticated(false, null);
+      return;
     }
 
-    // /api/auth/jwt
-    this.http.get('/api/auth/jwt', {
-        headers: {
-            'Authorization': 'Bearer ' + jwt
-        }
+    // /api/auth/validate
+    this.http.get('/api/auth/validate', {
+      headers: {
+        'Authorization': 'Bearer ' + jwt
+      }
     }).subscribe((data: any) => {
-        console.log('jwt validation', data);
-        this.updateAuthenticated(data?.authenticated);
+      console.log('jwt validation', data);
+      this.updateAuthenticated(data?.authenticated, data?.user);
     });
   }
 
-  private updateAuthenticated(value: boolean) {
+  private updateAuthenticated(authenticated: boolean, user: any) {
     const previous = this.authenticated;
-    this.authenticated = value;
+    this.authenticated = authenticated;
+    this.user = user;
     this.lastCheck = new Date();
 
-    if (previous != value) {
-        if (value) {
-            this.events.emit('login', null);
-        } else {
-            this.events.emit('logoff', null);
-        }
+    if (previous != authenticated) {
+      if (authenticated) {
+        this.events.emit('login', null);
+      } else {
+        this.events.emit('logoff', null);
+      }
     }
   }
 }
diff --git a/src/app/tts-login/tts-login.component.html b/src/app/tts-login/tts-login.component.html
index b5b2d7a..16dffac 100644
--- a/src/app/tts-login/tts-login.component.html
+++ b/src/app/tts-login/tts-login.component.html
@@ -4,8 +4,8 @@
         <mat-label>API Key</mat-label>
         <mat-select
             [(value)]="selected_api_key">
-            @for (key of api_keys; track key) {
-            <mat-option [value]="key">{{key}}</mat-option>
+            @for (key of api_keys; track key.id) {
+            <mat-option [value]="key.id">{{key.label}}</mat-option>
             }
         </mat-select>
     </mat-form-field>
diff --git a/src/app/tts-login/tts-login.component.ts b/src/app/tts-login/tts-login.component.ts
index 34446e1..4002a1c 100644
--- a/src/app/tts-login/tts-login.component.ts
+++ b/src/app/tts-login/tts-login.component.ts
@@ -9,6 +9,7 @@ import { HttpClient } from '@angular/common/http';
 import { Router } from '@angular/router';
 import { Subscription } from 'rxjs';
 import { environment } from '../../environments/environment';
+import { HermesClientService } from '../hermes-client.service';
 
 @Component({
     selector: 'tts-login',
@@ -18,12 +19,12 @@ import { environment } from '../../environments/environment';
     styleUrl: './tts-login.component.scss'
 })
 export class TtsLoginComponent implements OnInit, OnDestroy {
-    api_keys: string[];
+    api_keys: { id: string, label: string }[];
     selected_api_key: string|undefined;
 
     private subscription: Subscription|undefined;
 
-    constructor(private events: EventService, private http: HttpClient, private router: Router) {
+    constructor(private hermes: HermesClientService, private events: EventService, private http: HttpClient, private router: Router) {
         this.api_keys = [];
     }
 
@@ -32,13 +33,25 @@ export class TtsLoginComponent implements OnInit, OnDestroy {
             headers: {
                 'Authorization': 'Bearer ' + localStorage.getItem('jwt')
             }
-        }).subscribe((data: any) => this.api_keys = data.map((d: any) => d.id));
+        }).subscribe((data: any) => this.api_keys = data);
 
         this.subscription = this.events.listen('tts_login_ack', _ => {
             if (document.location.href.includes('/tts-login')) {
                 this.router.navigate(['/policies'])
             }
         });
+        this.events.listen('tts_logoff', _ => {
+            this.selected_api_key = undefined;
+        });
+        this.events.listen('impersonation', _ => {
+            this.selected_api_key = undefined;
+
+            this.http.get(environment.API_HOST + '/keys', {
+                headers: {
+                    'Authorization': 'Bearer ' + localStorage.getItem('jwt')
+                }
+            }).subscribe((data: any) => this.api_keys = data);
+        });
     }
 
     ngOnDestroy(): void {
@@ -47,9 +60,10 @@ export class TtsLoginComponent implements OnInit, OnDestroy {
     }
 
     login() {
+        console.log('api key for login', this.selected_api_key)
         if (!this.selected_api_key)
             return;
 
-        this.events.emit('tts_login', this.selected_api_key);
+        this.hermes.login(this.selected_api_key);
     }
 }