feat: make edit course page private

front/app/_orgs/[orgslug]/(withmenu)/course/[courseid]/edit/page.tsx

@@ -13,6 +13,7 @@ import NewActivityModal from "@components/Pages/CourseEdit/NewActivity";
 import { createActivity, createFileActivity } from "@services/courses/activities";
 import { getOrganizationContextInfo } from "@services/organizations/orgs";
 import Modal from "@components/UI/Modal/Modal";
+import AuthProvider from "@components/Security/AuthProvider";
 
 function CourseEdit(params: any) {
   // Initial Course State
@@ -117,7 +118,7 @@ function CourseEdit(params: any) {
 
   const closeNewActivityModal = () => {
     console.log("closeNewActivityModal");
-    
+
     setNewActivityModal(false);
   };
 
@@ -225,6 +226,7 @@ function CourseEdit(params: any) {
 
   return (
     <>
+      <AuthProvider />
       <Page>
         <Title>
           Edit Course {" "}
@@ -252,8 +254,8 @@ function CourseEdit(params: any) {
             Save
           </button>
         </Title>-
-          
+
-          <Modal
+        <Modal
           isDialogOpen={newActivityModal}
           onOpenChange={setNewActivityModal}
           minHeight="no-min"
@@ -266,7 +268,7 @@ function CourseEdit(params: any) {
           ></NewActivityModal>}
           dialogTitle="Create Activity"
           dialogDescription="Choose between types of activities to add to the course"
-          
+
         />
 
         <br />

front/app/organizations/page.tsx

@@ -1,12 +1,12 @@
 "use client"; //todo: use server components
 import Link from "next/link";
 import React from "react";
-import Layout from "../../components/UI/Layout";
 import { Title } from "../../components/UI/Elements/Styles/Title";
 import { deleteOrganizationFromBackend } from "@services/organizations/orgs";
 import useSWR, { mutate } from "swr";
 import { swrFetcher } from "@services/utils/requests";
 import { getAPIUrl, getUriWithOrg } from "@services/config/config";
+import AuthProvider from "@components/Security/AuthProvider";
 
 const Organizations = () => {
   const { data : organizations , error } = useSWR(`${getAPIUrl()}orgs/user/page/1/limit/10`, swrFetcher)
@@ -18,6 +18,7 @@ const Organizations = () => {
 
   return (
     <>
+    <AuthProvider/>
       <Title>
         Your Organizations{" "}
         <Link href={"/organizations/new"}>

front/components/Security/AuthProvider.tsx

@@ -5,7 +5,9 @@ import { useRouter, usePathname } from "next/navigation";
 
 export const AuthContext: any = React.createContext({});
 
-const NON_AUTHENTICATED_ROUTES = ["/login", "/signup"];
+const PRIVATE_ROUTES = ["/course/*/edit",];
+const NON_AUTHENTICATED_ROUTES = ["/login", "/register"];
+
 export interface Auth {
   access_token: string;
   isAuthenticated: boolean;
@@ -15,6 +17,8 @@ export interface Auth {
 
 const AuthProvider = ({ children }: any) => {
   const router = useRouter();
+  const pathname = usePathname();
+
   const [auth, setAuth] = React.useState<Auth>({ access_token: "", isAuthenticated: false, userInfo: {}, isLoading: true });
 
   async function checkRefreshToken() {
@@ -24,6 +28,7 @@ const AuthProvider = ({ children }: any) => {
     }
   }
 
+
   async function checkAuth() {
     try {
       let access_token = await checkRefreshToken();
@@ -34,13 +39,24 @@ const AuthProvider = ({ children }: any) => {
         userInfo = await getUserInfo(access_token);
         setAuth({ access_token, isAuthenticated: true, userInfo, isLoading });
 
-        
+        // Redirect to home if user is trying to access a NON_AUTHENTICATED_ROUTES route
+
+        if (NON_AUTHENTICATED_ROUTES.some((route) => new RegExp(`^${route.replace("*", ".*")}$`).test(pathname))) {
+          router.push("/");
+        }
+
+
       } else {
         setAuth({ access_token, isAuthenticated: false, userInfo, isLoading });
-        //router.push("/login");
+        
+        // Redirect to login if user is trying to access a private route
+        if (PRIVATE_ROUTES.some((route) => new RegExp(`^${route.replace("*", ".*")}$`).test(pathname))) {
+          router.push("/login");
+        }
+
       }
     } catch (error) {
-      router.push("/");
+      
     }
   }
 

src/routers/auth.py

@@ -9,29 +9,6 @@ from fastapi.responses import JSONResponse
 
 router = APIRouter()
 
-# DEPRECATED
-@router.post("/token", response_model=Token)
-async def login_for_access_token(request: Request, form_data: OAuth2PasswordRequestForm = Depends()):
-    """
-    OAuth2 compatible token login, get access token for future requests
-    """
-    user = await authenticate_user(request, form_data.username, form_data.password)
-    if not user:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Incorrect Email or password",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
-    access_token = create_access_token(
-        data={"sub": user.username}, expires_delta=access_token_expires
-    )
-    
-    response = JSONResponse(content={"access_token" : access_token ,"token_type": "bearer"})
-    response.set_cookie(key="user_token", value=access_token, httponly=True, expires=3600,secure=True)
-    
-    return response
-
 @router.post('/refresh')
 def refresh(Authorize: AuthJWT = Depends()):
     """