Adding beta white list; removing admin-only filter

trifectalabs · Jun 23, 2017 · 636bde9 · 636bde9
1 parent df807fb
commit 636bde9
Show file tree

Hide file tree

Showing 6 changed files with 63 additions and 19 deletions.
diff --git a/api/app/Module.scala b/api/app/Module.scala
@@ -12,6 +12,7 @@ class Module(environment: Environment, configuration: Configuration) extends Abs
     bind(classOf[MiniSegmentsDao]).to(classOf[PostgresMiniSegmentsDao])
     bind(classOf[SegmentRatingsDao]).to(classOf[PostgresSegmentRatingsDao])
     bind(classOf[TileCacheExpirationsDao]).to(classOf[PostgresTileCacheExpirationsDao])
+    bind(classOf[BetaUserWhitelistDao]).to(classOf[PostgresBetaUserWhitelistDao])
 
     // Services
     bind(classOf[RoutingService]).to(classOf[RoutingServiceImpl])

diff --git a/api/app/db/Tables.scala b/api/app/db/Tables.scala
@@ -96,4 +96,12 @@ class Users(tag: Tag) extends Table[User](tag, "users") {
 
   val tileCacheExpirations = TableQuery[TileCacheExpirations]
 
+  class BetaUserWhitelist(tag: Tag) extends Table[(String)](tag, "beta_user_whitelist") {
+    def email = column[String]("email")
+
+    override def * = (email)
+  }
+
+  val betaUserWhitelist = TableQuery[BetaUserWhitelist]
+
 }
diff --git a/api/app/db/dao/BetaUserWhitelistDao.scala b/api/app/db/dao/BetaUserWhitelistDao.scala
@@ -0,0 +1,13 @@
+package db.dao
+
+import java.util.UUID
+import org.joda.time.DateTime
+
+import com.trifectalabs.roadquality.v0.models.SegmentRating
+
+import scala.concurrent.Future
+
+// TODO: Remove after beta
+trait BetaUserWhitelistDao {
+  def exists(email: String): Future[Boolean]
+}
diff --git a/api/app/db/dao/PostgresBetaUserWhitelistDao.scala b/api/app/db/dao/PostgresBetaUserWhitelistDao.scala
@@ -0,0 +1,22 @@
+package db.dao
+
+import javax.inject.{Inject, Singleton}
+
+import db.MyPostgresDriver
+import db.Tables._
+import play.api.db.slick.{DatabaseConfigProvider, HasDatabaseConfigProvider}
+
+import scala.concurrent.{ExecutionContext, Future}
+
+// TODO: Remove after beta
+@Singleton
+class PostgresBetaUserWhitelistDao @Inject() (protected val dbConfigProvider: DatabaseConfigProvider)(implicit ec: ExecutionContext)
+  extends BetaUserWhitelistDao with HasDatabaseConfigProvider[MyPostgresDriver] {
+  import _root_.db.TablesHelper._
+  import profile.api._
+
+  override def exists(email: String): Future[Boolean] = {
+    db.run(betaUserWhitelist.filter(m => m.email === email.trim).exists.result)
+  }
+
+}
diff --git a/api/app/util/actions/AuthenticatedRequest.scala b/api/app/util/actions/AuthenticatedRequest.scala
@@ -54,9 +54,7 @@ object Authenticated extends ActionBuilder[AuthenticatedRequest] {
       case Some(user) => {
         try {
           block {
-            val r = new AuthenticatedRequest(user, request)
-            r.requireAdmin
-            r
+            new AuthenticatedRequest(user, request)
           }
         } catch {
           case e: UnauthenticatedException => Future(Unauthorized(e.msg))

diff --git a/web/app/util/OAuth2.scala b/web/app/util/OAuth2.scala
@@ -16,9 +16,9 @@ import play.api.Configuration
 
 import com.trifectalabs.roadquality.v0.models.{ User, UserRole }
 import com.trifectalabs.roadquality.v0.models.json._
-import db.dao.UsersDao
+import db.dao.{ UsersDao, BetaUserWhitelistDao }
 
-class OAuth2 @Inject() (configuration: Configuration, ws: WSClient, userDao: UsersDao, jwt: JwtUtil) extends Controller {
+class OAuth2 @Inject() (configuration: Configuration, ws: WSClient, userDao: UsersDao, jwt: JwtUtil, betaList: BetaUserWhitelistDao) extends Controller {
   lazy val stravaAuthUri = configuration.getString("strava.auth.uri").get
   lazy val stravaTokenUri = configuration.getString("strava.auth.token_uri").get
   lazy val stravaClientId = configuration.getString("strava.client.id").get
@@ -34,22 +34,24 @@ class OAuth2 @Inject() (configuration: Configuration, ws: WSClient, userDao: Use
     } yield {
       if (state == oauthState) {
         getStravaUserData(code).flatMap { userData =>
-          userDao.upsert(
-            userData.firstName,
-            userData.lastName,
-            userData.email,
-            userData.city,
-            userData.province,
-            userData.country,
-            None,
-            userData.sex,
-            userData.stravaToken).map { user =>
-              val jwtToken = jwt.createToken(user)
-                if (user.role == UserRole.Admin)
+          betaList.exists(userData.email).flatMap { isBetaUser =>
+            if (isBetaUser) {
+              userDao.upsert(
+                userData.firstName,
+                userData.lastName,
+                userData.email,
+                userData.city,
+                userData.province,
+                userData.country,
+                None,
+                userData.sex,
+                userData.stravaToken).map { user =>
+                  val jwtToken = jwt.createToken(user)
                   Redirect(s"/app?token=$jwtToken")
-                else
-                  Redirect("/")
+                }
             }
+            else Future(Redirect("/"))
+          }
         }.recover {
           case ex: IllegalStateException => Unauthorized(ex.getMessage)
         }