:sparkles: Finished latest implementation of session/access auth

backend/lib/routes/profile/get.js

@@ -28,10 +28,7 @@ module.exports = {
     options: {
         ...pluginConfig.docs,
         tags: ['api'],
-        /** Protect this route with authentication? */
-        // TODO: change this once sessionToken is passed in headers
-        auth: false,
-        // auth: 'default_jwt',
+        auth: 'default_jwt',
         cors: true,
         handler: async function (request, h) {
             const { profile_id } = request.params

backend/lib/routes/user/list-profiles.js

@@ -37,10 +37,7 @@ module.exports = {
     options: {
         ...pluginConfig.docs,
         tags: ['api'],
-        /** Protect this route with authentication? */
-        // TODO: change this once sessionToken is passed in headers
-        auth: false,
-        // auth: 'default_jwt',
+        auth: 'default_jwt',
         cors: true,
         handler: async function (request, h) {
             const { userService, profileService } = request.server.services()

backend/lib/routes/user/user-by-email.js

@@ -18,9 +18,7 @@ module.exports = {
     options: {
         ...pluginConfig.docs.get,
         tags: ['api'],
-        auth: false,
-        // TODO: change this once sessionToken is passed in headers
-        // auth: 'default_jwt',
+        auth: 'default_jwt',
         cors: true,
         handler: async function (request, h) {
             const email = request.params.email

backend/lib/services/user.js

@@ -116,7 +116,7 @@ module.exports = class UserService extends Schmervice.Service {
     }
 
     /**
-     * Use knew to find first user with useremail
+     * Use to find first user with useremail
      * @param {*} username
      * @param {*} txn
      * @returns

frontend/src/services/profile.service.js

@@ -8,8 +8,11 @@ import { Profile } from '../entities/profile/profile.js'
  * @param {number} userId
  * @returns {array} instantiated Profile objects (see: /entites/profile)
  */
-const fetchProfilesByUserId = async userId => {
-    const profilesForUserId = await db.get(`/user/${userId}/profiles`)
+const fetchProfilesByUserId = async (userId, sessionToken) => {
+    const profilesForUserId = await db.get(
+        `/user/${userId}/profiles`,
+        sessionToken,
+    )
     const validProfileInstances = []
     for (let profileData of profilesForUserId) {
         const profile = new Profile(profileData)
@@ -25,10 +28,10 @@ const createProfileForUserId = async (userId, responses) => {
     return profile
 }
 
-const fetchProfileByProfileId = async profileId => {
+const fetchProfileByProfileId = async (profileId, sessionToken) => {
     let profile
     try {
-        const profileData = await db.get(`/profile/${profileId}`)
+        const profileData = await db.get(`/profile/${profileId}`, sessionToken)
         profile = new Profile(profileData)
         if (!profile.isValid()) {
             throw '[Profile Service error]: Invalid or incomplete profile returned.'

frontend/src/services/user.service.js

@@ -14,8 +14,8 @@ const signupUser = async user => {
     return await db.post(`/user/signup`, payload)
 }
 
-const fetchUserByEmail = async userEmail => {
-    return await db.get(`/user/fetchbymail/${userEmail}`)
+const fetchUserByEmail = async (userEmail, sessionToken) => {
+    return await db.get(`/user/fetchbymail/${userEmail}`, sessionToken)
 }
 
 export { signupUser, fetchUserByEmail }

frontend/src/views/OnboardingView.vue

@@ -76,10 +76,17 @@ export default {
             // TODO: Validate All routes hit by these methods using tokens in headers
             // NOTE: This can be accomplished using sessionData.sessionToken,
             // as it currently has the raw session token in it
-            const userId = await this.grabUserIdByEmail(sessionData.email)
-            currentProfileId = await this.grabProfileIdByUserId(userId)
+            const userId = await this.grabUserIdByEmail(
+                sessionData.email,
+                sessionData.sessionToken,
+            )
+            currentProfileId = await this.grabProfileIdByUserId(
+                userId,
+                sessionData.sessionToken,
+            )
             this.responses = await this.grabResponsesByProfileId(
                 currentProfileId,
+                sessionData.sessionToken,
             )
             this.currentStep = this.responses.length + 3
             this.goToStep(this.currentStep)
@@ -119,14 +126,17 @@ export default {
                 return validatedToken
             }
         },
-        async grabUserIdByEmail(email) {
-            const user = await fetchUserByEmail(email)
+        async grabUserIdByEmail(email, sessionToken) {
+            const user = await fetchUserByEmail(email, sessionToken)
             if (!user) {
                 throw new Error('User NOT found by email')
             } else return user.user_id
         },
-        async grabProfileIdByUserId(userId) {
-            const profilesFromUserId = await fetchProfilesByUserId(userId)
+        async grabProfileIdByUserId(userId, sessionToken) {
+            const profilesFromUserId = await fetchProfilesByUserId(
+                userId,
+                sessionToken,
+            )
             if (
                 profilesFromUserId.length === 1 &&
                 profilesFromUserId.status !== 401
@@ -139,17 +149,23 @@ export default {
                 throw new Error('No Profile for User ID found')
             }
         },
-        async grabProfileByProfileId(profileId) {
-            const profile = await fetchProfileByProfileId(profileId)
+        async grabProfileByProfileId(profileId, sessionToken) {
+            const profile = await fetchProfileByProfileId(
+                profileId,
+                sessionToken,
+            )
             if (!profile || profile.status === 401) {
                 throw new Error(`No Profile Found for profileId ${profileId}`)
             } else {
                 return profile
             }
         },
-        async grabResponsesByProfileId(profileId) {
+        async grabResponsesByProfileId(profileId, sessionToken) {
             const responses = []
-            const profile = await this.grabProfileByProfileId(profileId)
+            const profile = await this.grabProfileByProfileId(
+                profileId,
+                sessionToken,
+            )
             if (!profile.responses.length || profile.responses.status === 401) {
                 throw new Error(`No Responses Found for profileId ${profileId}`)
             } else {