Way to get the user ID for the analytics team

kreut · Aug 1, 2024 · 2fc874e · 2fc874e
1 parent dae72ed
commit 2fc874e
Show file tree

Hide file tree

Showing 6 changed files with 79 additions and 8 deletions.
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
@@ -27,10 +27,39 @@
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Gate;
+use MiladRahimi\Jwt\Cryptography\Algorithms\Hmac\HS256;
+use MiladRahimi\Jwt\Cryptography\Keys\HmacKey;
+use MiladRahimi\Jwt\Generator;
 
 class UserController extends Controller
 {
 
+    /**
+     * @param Request $request
+     * @param User $user
+     * @return array
+     */
+    public function getSignedUserId(Request $request, User $user): array
+    {
+        try {
+            $response['type'] = 'error';
+            $authorized = Gate::inspect('getSignedUserId', $user);
+            if (!$authorized->allowed()) {
+                $response['message'] = $authorized->message();
+                return $response;
+            }
+            $key = new HmacKey(config('myconfig.analytics_user_id_api_key'));
+            $signer = new HS256($key);
+            $generator = new Generator($signer);
+            $jwt = $generator->generate(['id' => $request->user()->id, 'role'=> $request->user()->role]);
+            $response['token'] = $jwt;
+            $response['type'] = 'success';
+        } catch (Exception $e) {
+           $response['message'] = $e->getMessage();
+        }
+        return $response;
+    }
+
     /**
      * @param User $student
      * @param Course $course
@@ -264,7 +293,7 @@ public function getCookieUserJWT()
     {
         $response['type'] = 'success';
         $response['user_jwt'] = request()->cookie()['user_jwt'] ?? 'None';
-        return response($response)->withCookie(cookie('clicker_app',1));
+        return response($response)->withCookie(cookie('clicker_app', 1));
     }
 
 }
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
@@ -16,6 +16,17 @@ class UserPolicy
 
     private $admins;
 
+    /**
+     * @param User $user
+     * @return Response
+     */
+    public function getSignedUserId(User $user): Response
+    {
+        return in_array($user->role, [2, 3])
+            ? Response::allow()
+            : Response::deny("You are not allowed to retrieve a signed user id.");
+    }
+
     /**
      * @param User $user
      * @return Response
@@ -93,7 +104,7 @@ function loginAs(User $user, User $login_as_user, string $email): Response
     {
         $message = 'You are not allowed to log in as a different user.';
         if ($user->id == 7665) {
-            $has_access = strpos($email,'estrellamountain.edu') !== false;
+            $has_access = strpos($email, 'estrellamountain.edu') !== false;
             if (!$has_access) {
                 $message = "You are not allowed to log in as $email.";
             }

diff --git a/config/myconfig.php b/config/myconfig.php
@@ -28,4 +28,5 @@
     'centrifugo_domain' => env('CENTRIFUGO_DOMAIN', ''),
     'mysql8_db_password' => env('MYSQL8_DB_PASSWORD', ''),
     'openai_api_key' => env('OPENAI_API_KEY', ''),
+    'analytics_user_id_api_key' => env('ANALYTICS_USER_ID_API_KEY', ''),
 ];
diff --git a/resources/js/pages/analytics.vue b/resources/js/pages/analytics.vue
@@ -1,20 +1,37 @@
 <template>
   <div>
     <iframe
+      id="analytics-iframe"
       v-resize="{ log: false }"
       width="100%"
-      src="https://staging.lad.libretexts.org/"
+      src="https://lad.libretexts.org"
       frameborder="0"
+      @load="sendUserId"
     />
   </div>
 </template>
 
 <script>
+
+import axios from 'axios'
+
 export default {
-  name: 'analytics'
+  name: 'analytics',
+  methods: {
+    async sendUserId () {
+      try {
+        const { data } = await axios.get('api/users/signed-user-id')
+        if (data.type === 'error') {
+          this.$noty.error(data.message)
+          return false
+        }
+        const authToken = data.token
+        const iframe = document.getElementById('analytics-iframe')
+        iframe.contentWindow.postMessage({ type: 'AUTH_TOKEN', token: authToken }, 'https://lad.libretexts.org')
+      } catch (error) {
+        this.$noty.error(error.message)
+      }
+    }
+  }
 }
 </script>
-
-<style scoped>
-
-</style>
diff --git a/routes/api.php b/routes/api.php
@@ -716,6 +716,8 @@
     Route::delete('/users-with-no-role/{user}', 'UsersWithNoRoleController@destroy');
 
     Route::get('/users/set-cookie-user-jwt', 'UserController@setCookieUserJWT');
+    Route::get('/users/signed-user-id', 'UserController@getSignedUserId');
+
 
     Route::post('/submissions', 'SubmissionController@store');
     Route::get('/submissions/{assignment}/questions/{question}/pie-chart-data', 'SubmissionController@submissionPieChartData');

diff --git a/tests/Feature/AnalyticsTest.php b/tests/Feature/AnalyticsTest.php
@@ -24,6 +24,17 @@ public function setup(): void
         $this->assignment = factory(Assignment::class)->create(['course_id' => $this->course->id]);
     }
 
+
+    /** @test */
+    public function cannot_get_user_jwt_if_not_instructor_or_student()
+    {
+        $this->user->role = 5;
+        $this->user->save();
+        $this->actingAs($this->user)
+            ->getJson("/api/users/signed-user-id")
+            ->assertJson(['message' => 'You are not allowed to retrieve a signed user id.']);
+
+    }
     /** @test */
     public function cannot_access_all_routes_with_analytics_key()
     {