OAuth2 step 2 ok

Author: simonredfern

server/controllers/RequestController.ts

@@ -44,7 +44,25 @@ export class OBPController {
   async get(@Session() session: any, @Req() request: Request, @Res() response: Response): Response {
     const path = request.query.path
     const oauthConfig = session['clientConfig']
-    return response.json(await this.obpClientService.get(path, oauthConfig))
+
+    // Check if user is authenticated
+    if (!oauthConfig || !oauthConfig.oauth2?.accessToken) {
+      return response.status(401).json({
+        code: 401,
+        message: 'OBP-20001: User not logged in. Authentication is required!'
+      })
+    }
+
+    try {
+      const result = await this.obpClientService.get(path, oauthConfig)
+      return response.json(result)
+    } catch (error: any) {
+      console.error('RequestController.get error:', error)
+      return response.status(error.status || 500).json({
+        code: error.status || 500,
+        message: error.message || 'Internal server error'
+      })
+    }
   }
 
   @Post('/create')
@@ -56,7 +74,25 @@ export class OBPController {
     const path = request.query.path
     const data = request.body
     const oauthConfig = session['clientConfig']
-    return response.json(await this.obpClientService.create(path, data, oauthConfig))
+
+    // Check if user is authenticated
+    if (!oauthConfig || !oauthConfig.oauth2?.accessToken) {
+      return response.status(401).json({
+        code: 401,
+        message: 'OBP-20001: User not logged in. Authentication is required!'
+      })
+    }
+
+    try {
+      const result = await this.obpClientService.create(path, data, oauthConfig)
+      return response.json(result)
+    } catch (error: any) {
+      console.error('RequestController.create error:', error)
+      return response.status(error.status || 500).json({
+        code: error.status || 500,
+        message: error.message || 'Internal server error'
+      })
+    }
   }
 
   @Put('/update')
@@ -68,7 +104,25 @@ export class OBPController {
     const path = request.query.path
     const data = request.body
     const oauthConfig = session['clientConfig']
-    return response.json(await this.obpClientService.update(path, data, oauthConfig))
+
+    // Check if user is authenticated
+    if (!oauthConfig || !oauthConfig.oauth2?.accessToken) {
+      return response.status(401).json({
+        code: 401,
+        message: 'OBP-20001: User not logged in. Authentication is required!'
+      })
+    }
+
+    try {
+      const result = await this.obpClientService.update(path, data, oauthConfig)
+      return response.json(result)
+    } catch (error: any) {
+      console.error('RequestController.update error:', error)
+      return response.status(error.status || 500).json({
+        code: error.status || 500,
+        message: error.message || 'Internal server error'
+      })
+    }
   }
 
   @Delete('/delete')
@@ -79,6 +133,24 @@ export class OBPController {
   ): Response {
     const path = request.query.path
     const oauthConfig = session['clientConfig']
-    return response.json(await this.obpClientService.discard(path, oauthConfig))
+
+    // Check if user is authenticated
+    if (!oauthConfig || !oauthConfig.oauth2?.accessToken) {
+      return response.status(401).json({
+        code: 401,
+        message: 'OBP-20001: User not logged in. Authentication is required!'
+      })
+    }
+
+    try {
+      const result = await this.obpClientService.discard(path, oauthConfig)
+      return response.json(result)
+    } catch (error: any) {
+      console.error('RequestController.delete error:', error)
+      return response.status(error.status || 500).json({
+        code: error.status || 500,
+        message: error.message || 'Internal server error'
+      })
+    }
   }
 }

server/controllers/StatusController.ts

@@ -58,19 +58,33 @@ export class StatusController {
   ): Response {
     const oauthConfig = session['clientConfig']
     const version = this.obpClientService.getOBPVersion()
-    const currentUser = await this.obpClientService.get(
-      `/obp/${version}/users/current`,
-      oauthConfig
-    )
-    const apiVersions = await this.checkApiVersions(oauthConfig, version)
-    const messageDocs = await this.checkMessagDocs(oauthConfig, version)
-    const resourceDocs = await this.checkResourceDocs(oauthConfig, version)
+
+    // Check if user is authenticated
+    const isAuthenticated = oauthConfig && oauthConfig.oauth2?.accessToken
+
+    let currentUser = null
+    let apiVersions = false
+    let messageDocs = false
+    let resourceDocs = false
+
+    if (isAuthenticated) {
+      try {
+        currentUser = await this.obpClientService.get(`/obp/${version}/users/current`, oauthConfig)
+        apiVersions = await this.checkApiVersions(oauthConfig, version)
+        messageDocs = await this.checkMessagDocs(oauthConfig, version)
+        resourceDocs = await this.checkResourceDocs(oauthConfig, version)
+      } catch (error) {
+        console.error('StatusController: Error fetching authenticated data:', error)
+      }
+    }
+
     return response.json({
       status: apiVersions && messageDocs && resourceDocs,
       apiVersions,
       messageDocs,
       resourceDocs,
       currentUser,
+      isAuthenticated,
       commitId
     })
   }

server/middlewares/OAuth2CallbackMiddleware.ts

@@ -300,11 +300,23 @@ export default class OAuth2CallbackMiddleware implements ExpressMiddlewareInterf
 
       session['oauth2_user'] = user
 
+      // Create clientConfig for OBP API calls with OAuth2 Bearer token
+      // This allows OBPClientService to work with OAuth2 authentication
+      session['clientConfig'] = {
+        baseUri: process.env.VITE_OBP_API_HOST || 'http://localhost:8080',
+        version: process.env.VITE_OBP_API_VERSION || 'v5.1.0',
+        oauth2: {
+          accessToken: tokens.accessToken,
+          tokenType: tokens.tokenType || 'Bearer'
+        }
+      }
+
       console.log('OAuth2CallbackMiddleware: User authenticated successfully')
       console.log('  User ID (sub):', user.sub)
       console.log('  Username:', user.username)
       console.log('  Email:', user.email)
       console.log('  Name:', user.name)
+      console.log('OAuth2CallbackMiddleware: Created clientConfig for OBP API calls')
 
       // Clear OAuth2 flow parameters (keep tokens and user data)
       delete session['oauth2_state']