log requests in cliet side and add /users /incidents api

2 files changed, 51 insertions, 53 deletions

diff --git a/cmd/api/main.go b/cmd/api/main.go
index 77579d2..85ea74a 100644
--- a/cmd/api/main.go
+++ b/cmd/api/main.go
@@ -125,48 +125,41 @@ func main() {
 		log.Fatal(err)
 	}
 
-	router := http.NewServeMux()
+	mux := http.NewServeMux()
 
-	router.Handle("/api/public", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	mux.Handle("/api/public", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
 		w.Write([]byte(`{"message":"public"}`))
 	}))
 
-	router.Handle("/api/private", EnsureValidToken()(
+	mux.Handle("/api/users", EnsureValidToken()(
 		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			fmt.Printf("in /api/private handler\n")
-			w.Header().Set("Access-Control-Allow-Credentials", "true")
 			w.Header().Set("Access-Control-Allow-Origin", "*")
-			w.Header().Set("Access-Control-Allow-Headers", "Authorization")
-
 			w.Header().Set("Content-Type", "application/json")
 			w.WriteHeader(http.StatusOK)
-			w.Write([]byte(`{"message":"private"}`))
+			w.Write([]byte(`{"message":"users"}`))
 		}),
 	))
 
-	router.Handle("/api/private-scoped", EnsureValidToken()(
+	mux.Handle("/api/incidents", EnsureValidToken()(
 		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			w.Header().Set("Access-Control-Allow-Credentials", "true")
 			w.Header().Set("Access-Control-Allow-Origin", "*")
-			w.Header().Set("Access-Control-Allow-Headers", "Authorization")
-
 			w.Header().Set("Content-Type", "application/json")
 
 			token := r.Context().Value(jwtmiddleware.ContextKey{}).(*validator.ValidatedClaims)
 			claims := token.CustomClaims.(*CustomClaims)
 			if !claims.HasPermission("read:incidents") {
 				w.WriteHeader(http.StatusForbidden)
-				w.Write([]byte(`{"message":"insufficient scope."}`))
+				w.Write([]byte(`{"message":"'read:incidents' permission is required."}`))
 				return
 			}
 
 			w.WriteHeader(http.StatusOK)
-			w.Write([]byte(`{"message":"private-scoped"}`))
+			w.Write([]byte(`{"message":"incidents"}`))
 		}),
 	))
 
-	log.Fatal(http.ListenAndServe("localhost:3000", router))
+	log.Fatal(http.ListenAndServe("localhost:3000", mux))
 }
diff --git a/cmd/ui/index.html b/cmd/ui/index.html
index bc88357..1b69784 100644
--- a/cmd/ui/index.html
+++ b/cmd/ui/index.html
@@ -12,41 +12,45 @@
       <p>{{message}}</p>
       <p>
         <button type="button" @click="fetchPublicData">Public</button>
-        <button type="button" @click="fetchPrivateData">Private</button>
-        <button type="button" @click="fetchPrivateScopedData">Private Scoped</button>
+        <button type="button" @click="fetchUsers">Users</button>
+        <button type="button" @click="fetchIncidents">Incidents</button>
         <a href="/logout">Logout</a>
       </p>
 
-      <h1>Access Token</h1>
-      <textarea rows="4" cols="200" disabled=disabled><%= .Token.AccessToken %></textarea>
-      <%= range $key, $value := .AccessTokenClaims %>
-      <li><strong><%= $key %></strong>: <%= $value %></li>
-      <%= end %>
+      <details>
+        <summary>Tokens</summary>
 
-      <h1>Id Token</h1>
-      <ul>
-        <li>issuer: <%=.IdToken.Issuer%></li>
-        <li>audience: <%=.IdToken.Audience%></li>
-        <li>subject: <%=.IdToken.Subject%></li>
-        <li>expire: <%=.IdToken.Expiry%></li>
-        <li>issued at: <%=.IdToken.IssuedAt%></li>
-        <li>nonce: <%=.IdToken.Nonce%></li>
-      </ul>
-      <textarea rows="4" cols="200" disabled=disabled><%= .IdToken %></textarea>
+        <h1>Access Token</h1>
+        <textarea rows="4" cols="200" disabled=disabled><%= .Token.AccessToken %></textarea>
+        <%= range $key, $value := .AccessTokenClaims %>
+        <li><strong><%= $key %></strong>: <%= $value %></li>
+        <%= end %>
 
-      <h1>Id Token Claims</h1>
-      <%= range $key, $value := .Profile %>
-      <li><strong><%= $key %></strong>: <%= $value %></li>
-      <%= end %>
+        <h1>Id Token</h1>
+        <ul>
+          <li>issuer: <%=.IdToken.Issuer%></li>
+          <li>audience: <%=.IdToken.Audience%></li>
+          <li>subject: <%=.IdToken.Subject%></li>
+          <li>expire: <%=.IdToken.Expiry%></li>
+          <li>issued at: <%=.IdToken.IssuedAt%></li>
+          <li>nonce: <%=.IdToken.Nonce%></li>
+        </ul>
+        <textarea rows="4" cols="200" disabled=disabled><%= .IdToken %></textarea>
 
-      <textarea rows="4" cols="200" disabled=disabled><%=.IdTokenRaw%></textarea>
+        <h1>Id Token Claims</h1>
+        <%= range $key, $value := .Profile %>
+        <li><strong><%= $key %></strong>: <%= $value %></li>
+        <%= end %>
+
+        <textarea rows="4" cols="200" disabled=disabled><%=.IdTokenRaw%></textarea>
+      </details>
     </div>
     <script>
       const { createApp } = Vue;
       createApp({
         data() {
           return {
-            message: "hello vue!"
+            message: "hello, world!"
           }
         },
         methods: {
@@ -54,27 +58,28 @@
             let element = document.querySelector('#app');
             return `Bearer ${element.dataset['token']}`;
           },
-          fetchPublicData() {
-            fetch("http://localhost:3000/api/public")
-              .then((x) => x.json())
-              .then((x) => this.message = x.message)
-              .catch((error) => this.message = error.message)
-          },
-          fetchPrivateData() {
+          defaultHeaders() {
             let headers = new Headers();
             headers.append("Authorization", this.accessToken())
-            fetch("http://localhost:3000/api/private", { headers: headers })
-              .then((x) => x.json())
-              .then((x) => this.message = x.message)
-              .catch((error) => this.message = error.message)
+            return headers;
           },
-          fetchPrivateScopedData() {
-            let headers = new Headers();
-            headers.append("Authorization", this.accessToken())
-            fetch("http://localhost:3000/api/private-scoped", { headers: headers })
+          get(path, headers) {
+            const url = "http://localhost:3000" + path;
+            console.log("fetching " + url);
+            fetch(url, { headers: headers })
               .then((x) => x.json())
+              .then((x) => { console.log(x); return x; })
               .then((x) => this.message = x.message)
               .catch((error) => this.message = error.message)
+          },
+          fetchPublicData() {
+            this.get("/api/public", new Headers())
+          },
+          fetchUsers() {
+            this.get("/api/users", this.defaultHeaders())
+          },
+          fetchIncidents() {
+            this.get("/api/incidents", this.defaultHeaders())
           }
         }
       }).mount('#app')