try this new method of doing auth

Author: devksingh4

src/api/components/index.ts

@@ -1,3 +1,5 @@
+import { AppRoles } from "common/roles.js";
+import { FastifyZodOpenApiSchema } from "fastify-zod-openapi";
 import { z } from "zod";
 
 export const ts = z.coerce
@@ -10,9 +12,28 @@ export const groupId = z.string().min(1).openapi({
   example: "d8cbb7c9-2f6d-4b7e-8ba6-b54f8892003b",
 });
 
-export function withTags<T>(tags: string[], schema: T) {
+export function withTags<T extends FastifyZodOpenApiSchema>(
+  tags: string[],
+  schema: T,
+) {
   return {
     tags,
     ...schema,
   };
 }
+
+type RoleSchema = {
+  "x-required-roles": AppRoles[];
+  description: string;
+};
+
+export function withRoles<T extends FastifyZodOpenApiSchema>(
+  roles: AppRoles[],
+  schema: T,
+): T & RoleSchema {
+  return {
+    "x-required-roles": roles,
+    description: `Requires one of the following roles: ${roles.join(", ")}.${schema.description ? "\n\n" + schema.description : ""}`,
+    ...schema,
+  };
+}

src/api/index.ts

@@ -11,9 +11,9 @@ import { RunEnvironment, runEnvironments } from "../common/roles.js";
 import { InternalServerError } from "../common/errors/index.js";
 import eventsPlugin from "./routes/events.js";
 import cors from "@fastify/cors";
-import fastifyZodValidationPlugin from "./plugins/validate.js";
 import { environmentConfig, genericConfig } from "../common/config.js";
 import organizationsPlugin from "./routes/organizations.js";
+import authorizeFromSchemaPlugin from "./plugins/authorizeFromSchema.js";
 import icalPlugin from "./routes/ics.js";
 import vendingPlugin from "./routes/vending.js";
 import * as dotenv from "dotenv";
@@ -93,15 +93,18 @@ async function init(prettyPrint: boolean = false) {
       return event.requestContext.requestId;
     },
   });
+  app.setValidatorCompiler(validatorCompiler);
+  app.setSerializerCompiler(serializerCompiler);
+  await app.register(authorizeFromSchemaPlugin);
   await app.register(fastifyAuthPlugin);
-  await app.register(fastifyZodValidationPlugin);
   await app.register(FastifyAuthProvider);
   await app.register(errorHandlerPlugin);
   await app.register(fastifyZodOpenApiPlugin);
   await app.register(fastifySwagger, {
     openapi: {
       info: {
         title: "ACM @ UIUC Core API",
+        description: "ACM @ UIUC Core Management Platform",
         version: "1.0.0",
       },
       servers: [
@@ -119,11 +122,11 @@ async function init(prettyPrint: boolean = false) {
         {
           name: "Events",
           description:
-            "Retrieve ACM-wide and organization-specific calendars and event metadata.",
+            "Retrieve ACM @ UIUC-wide and organization-specific calendars and event metadata.",
         },
         {
           name: "Generic",
-          description: "Retrieve metadata about a user or ACM.",
+          description: "Retrieve metadata about a user or ACM @ UIUC .",
         },
         {
           name: "iCalendar Integration",
@@ -139,6 +142,10 @@ async function init(prettyPrint: boolean = false) {
           name: "Logging",
           description: "View audit logs for various services.",
         },
+        {
+          name: "Membership",
+          description: "Purchasing or checking ACM @ UIUC membership.",
+        },
       ],
       openapi: "3.0.3" satisfies ZodOpenApiVersion, // If this is not specified, it will default to 3.1.0
     },

src/api/plugins/authorizeFromSchema.ts

@@ -0,0 +1,33 @@
+import { FastifyPluginAsync } from "fastify";
+import { AppRoles } from "common/roles.js";
+import { InternalServerError } from "common/errors/index.js";
+import fp from "fastify-plugin";
+
+declare module "fastify" {
+  interface FastifyInstance {
+    authorizeFromSchema: (
+      request: FastifyRequest,
+      reply: FastifyReply,
+    ) => Promise<void>;
+  }
+}
+
+const authorizeFromSchemaPlugin: FastifyPluginAsync = fp(async (fastify) => {
+  fastify.decorate("authorizeFromSchema", async (request, reply) => {
+    const schema = request.routeOptions?.schema;
+
+    if (!schema || !("x-required-roles" in schema)) {
+      throw new InternalServerError({
+        message:
+          "Server has not specified authentication roles for this route.",
+      });
+    }
+
+    const roles = (schema as { "x-required-roles": AppRoles[] })[
+      "x-required-roles"
+    ];
+    await fastify.authorize(request, reply, roles);
+  });
+});
+
+export default authorizeFromSchemaPlugin;

src/api/plugins/validate.ts

@@ -83,16 +83,14 @@ const eventsPlugin: FastifyPluginAsyncZodOpenApi = async (
   fastify,
   _options,
 ) => {
-  fastify.setValidatorCompiler(validatorCompiler);
-  fastify.setSerializerCompiler(serializerCompiler);
   const limitedRoutes: FastifyPluginAsync = async (fastify) => {
     fastify.register(rateLimiter, {
       limit: 30,
       duration: 60,
       rateLimitIdentifier: "events",
     });
     fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().get(
-      "/",
+      "",
       {
         schema: withTags(["Events"], {
           querystring: z.object({
@@ -230,6 +228,13 @@ const eventsPlugin: FastifyPluginAsyncZodOpenApi = async (
         //   }),
         // },
         body: postRequestSchema,
+        params: z.object({
+          id: z.string().min(1).optional().openapi({
+            description:
+              "Event ID to modify (leave empty to create a new event).",
+            example: "6667e095-8b04-4877-b361-f636f459ba42",
+          }),
+        }),
       }) satisfies FastifyZodOpenApiSchema,
       onRequest: async (request, reply) => {
         await fastify.authorize(request, reply, [AppRoles.EVENTS_MANAGER]);
@@ -241,9 +246,7 @@ const eventsPlugin: FastifyPluginAsyncZodOpenApi = async (
       }
       try {
         let originalEvent;
-        const userProvidedId = (
-          request.params as Record<string, string | undefined>
-        ).id;
+        const userProvidedId = request.params.id;
         const entryUUID = userProvidedId || randomUUID();
         if (userProvidedId) {
           const response = await fastify.dynamoClient.send(

src/api/routes/events.ts

@@ -76,8 +76,6 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
       };
     }
   };
-  fastify.setValidatorCompiler(validatorCompiler);
-  fastify.setSerializerCompiler(serializerCompiler);
   fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().patch(
     "/profile",
     {

src/api/routes/iam.ts

@@ -44,8 +44,6 @@ function generateHostName(host: string) {
 }
 
 const icalPlugin: FastifyPluginAsync = async (fastify, _options) => {
-  fastify.setValidatorCompiler(validatorCompiler);
-  fastify.setSerializerCompiler(serializerCompiler);
   fastify.register(rateLimiter, {
     limit: OrganizationList.length,
     duration: 30,

src/api/routes/ics.ts

@@ -74,8 +74,6 @@ type LinkryGetRequest = {
 };
 
 const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
-  fastify.setValidatorCompiler(validatorCompiler);
-  fastify.setSerializerCompiler(serializerCompiler);
   const limitedRoutes: FastifyPluginAsync = async (fastify) => {
     fastify.register(rateLimiter, {
       limit: 30,

src/api/routes/linkry.ts

@@ -25,8 +25,6 @@ const responseSchema = z.array(loggingEntryFromDatabase);
 type ResponseType = z.infer<typeof responseSchema>;
 
 const logsPlugin: FastifyPluginAsync = async (fastify, _options) => {
-  fastify.setValidatorCompiler(validatorCompiler);
-  fastify.setSerializerCompiler(serializerCompiler);
   fastify.register(rateLimiter, {
     limit: 10,
     duration: 30,