authentication works but no cards and workplaces can be created

Signed-off-by: Yibing Chen <[email protected]>

.gitignore

@@ -0,0 +1,40 @@
+# Compiled source #
+###################
+*.com
+*.class
+*.dll
+*.exe
+*.o
+*.so
+
+# Packages #
+############
+# it's better to unpack these files and commit the raw source
+# git has its own built in compression methods
+*.7z
+*.dmg
+*.gz
+*.iso
+*.jar
+*.rar
+*.tar
+*.zip
+
+/_fontend
+_frontend
+
+# Logs and databases #
+######################
+*.log
+*.sql
+*.sqlite
+
+# OS generated files #
+######################
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db

README.md

@@ -0,0 +1,39 @@
+# Project-Approach-Tool
+
+## About
+
+The Project Approach Tool helps students and professionals determine their project approach by defining the necessary deliverables (called "stepping stones") to achieve the end goal, formulating the questions to be answered to get the necessary information, and choosing the methods to answer these questions and realize the deliverables.
+
+This tool is based on two frameworks: Stepping Stones by Miriam Losse (Saxion), and the DOT framework by Koen van Turnhout (HU, formerly HAN), and makes use of the card decks that have been developed to enable people in the use of these frameworks. 
+
+The project is currently being developed by Saxion, but we welcome anyone to contribute.
+
+## Installation and deployment
+
+See the readme files in the front-end and back-end folders.
+
+## Version history
+
+### v1 - Basic functionality - july 2020
+Allows an end user to define phases (groups of cards), select stepping stone and methods cards already present in the server, and to locally add question cards and any custom cards of preference. Relationships between phases can be indicated by adding arrows.
+Developed by Matyas Köne as part of his graduation project.
+
+### v2 - Online collaboration - january 2021
+In version 2, a full online collaboration system was introduced. With this system, multiple users can collaborate on a single project approach. The collaboration is real-time thanks to the use of a websocket connection, so that each user can receive changes from others.
+Also new in version 2 is an "on-boarding" system that helps new users to familiarize themselves with the Project Approach Tool. 
+Another new feature is that workspaces (project approaches) are now stored persistently and online, instead of locally for each user.
+Version 2 was developed by Lars Hendriks, a Saxion HBO-ICT software engineering student for his graduation project.
+
+### v3 - Virtual teacher - july 2021
+In version 3, an automatic feedback system was introduced called the "Virtual Teacher". Prior to this version, users of the Project Approach Tool experienced a lack of guidance because of their often low experience with the DOT Framework. 
+To combat this problem, an automatic feedback system was introduced that can give feedback to users based on their project approach. Currently, a flexible configurable rule engine is used to perform a variety of low-level checks.
+
+A few examples:
+- Does every project phase have at least one deliverable, question and activity?
+- What is the current balance between used research strategies?
+- How often is literature research used?
+
+The rule engine allows teachers to fully customize feedback. Meanwhile, students can choose which kinds of feedback they want to get, in order to tailor to as many students and project types as possible.
+The virtual teacher was developed by Robin van Alst, a Saxion HBO-ICT software engineering student for his graduation project.
+
+

backend/.eslintrc.json

@@ -0,0 +1,23 @@
+{
+    "env": {
+        "browser": true,
+        "commonjs": true,
+        "es2021": true
+    },
+    "extends": [
+        "google"
+    ],
+    "parserOptions": {
+        "ecmaVersion": 12
+    },
+    "rules": {
+        "max-len": ["error", { "code": 140 }],
+        "quotes": ["error", "double"],
+        "linebreak-style": 0,
+        "indent": 0,
+        "object-curly-spacing": ["error", "always"],
+        "space-before-function-paren": 0,
+        "comma-dangle": 0,
+        "new-cap": ["error", { "capIsNewExceptions": ["Router"] }]
+    }
+}

backend/.gitignore

@@ -0,0 +1,112 @@
+Created by https://www.gitignore.io/api/node
+# Edit at https://www.gitignore.io/?templates=node
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+json/adminKey.json*
+node_modules/
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# rollup.js default build output
+dist/
+
+# Uncomment the public line if your project uses Gatsby
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# https://create-react-app.dev/docs/using-the-public-folder/#docsNav
+# public
+
+# Storybook build outputs
+.out
+.storybook-out
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# Temporary folders
+tmp/
+temp/
+
+# End of https://www.gitignore.io/api/node

backend/README.md

@@ -0,0 +1,40 @@
+# ProjectApproachToolBackend
+
+API for the Project Approach tool.
+
+Before running the API run, npm install.
+
+## .env file:
+
+|  .env variable |                                                                 Description                                                                 |
+|:-------------------:|:------------------------------------------------------------------------------------------------------------------------------------------------:|
+|         PORT        |                                                      this is the port number for the server                                                      |
+|        DBURL        |                                                             this is the database url                                                             |
+|     CRYPTOSECRET    |                              this is the secret for the encrypting of personal data. <br /> HAS TO BE 32 CHARACTERS LONG!                              |
+|     MAILSERVICE     | this is the service used for for the invite mails.    <br/> <a href="https://nodemailer.com/smtp/well-known/">Click here for all available services<a> |
+|     MAILACCOUNT     |                                         the mail account used by the service to log into the mail account                                        |
+|       MAILPASS      |                                           the password used by the service to log into the mail account                                          |
+|       JWTTOKEN      |                                                    A JWT token used for the inviting of users                                                    |
+|       INVITEURL     |                                                         this is the url to the invite api                                                        |
+|      REDIRECTURL    |                                               this is the url to redirect to when the invite is accepted                                         |
+
+## For development:
+Run the project npm run start (This will restart the server if files are changed)
+
+## For deployment:
+Use forever start server.js (This will keep the API running even if the current session is closed).
+
+## Fixed admin account
+The systeme ensures that there is always at least one admin account. Note that the current solution was made out of pure necessity and could use some refactoring.
+To change the admin account, you first need access to an email address that you can grant "admin" privileges. You also need access to the back-end .env file.
+It is recommended to do this prior to deploying, from within your IDE. To change the admin account, follow the steps below:
+
+  1. make sure that the CRYPTOSECRET has been set up in the .env file. If you don't have an env file, create one based on the .env.template file in the back-end root.
+  2. get the email address of the soon-to-be admin user, e.g. "[email protected]"
+  3. run the cipher-cli script from within a terminal window.
+  4. choose "cipher"
+  5. enter the email address from step 2.
+  6. copy the ciphered output.
+  7. paste the ciphered output in the .env file, at TEACHER_EMAIL (e.g. TEACHER_EMAIL=1234......789)
+
+

backend/authenticationModule.js

@@ -0,0 +1,54 @@
+const admin = require("./firebaseModule");
+const teacherEmail = process.env.TEACHER_EMAIL;
+const mongoose = require("mongoose");
+const User = mongoose.model("User");
+
+function rejectAuth(res) {
+  res.status(403).send(res ? "Unauthorized: " + res : "Unauthorized");
+}
+
+//  The methode below verifies the id token for the routes,
+//  that can be found below this methode.
+module.exports = async function (req, res, next) {
+  if (req.params[0].includes("/api-docs/")) {
+    next();
+    return;
+  } else if (!req.headers.authorization) {
+    rejectAuth(res);
+    return;
+  }
+
+  const decodedToken = await admin
+    .auth()
+    .verifyIdToken(req.headers.authorization)
+    .catch(() => rejectAuth(res));
+  if (!decodedToken) {
+    rejectAuth(res);
+    return;
+  };
+
+
+  const dbUser = await User
+    .findOne({ uid: decodedToken.uid })
+    .catch(() => console.warn(`User ${decodedToken.uid} does not exist in the local DB.`));
+
+  if (dbUser && dbUser.email == teacherEmail && dbUser.role !== "admin") {
+    // user did not have teacher role, so it must be re-enabled.
+    dbUser.role = "admin";
+    await User.findOneAndUpdate({ uid: dbUser.uid }, dbUser);
+  }
+
+  if (dbUser != null) {
+    const authUser = await admin.auth().getUser(decodedToken.uid);
+    const userRole = authUser.customClaims ? authUser.customClaims["role"] : "";
+    if (userRole !== dbUser.role) {
+      await admin
+        .auth()
+        .setCustomUserClaims(decodedToken.uid, { role: dbUser.role });
+
+        dbUser.save();
+    }
+  }
+
+  next();
+};