Feature : Added server side verification for all routes . (#3491)

* added securitty for routing from server side

* fixed test cases fail for Routing

* taken suggestion from ai

* Update src/components/SecuredRoute/SecuredRoute.tsx

line 20

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update src/components/SecuredRoute/SecuredRoute.tsx

line 30

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* taken suggestion from ai

* added signOut button on PageNotFound page and fixed App.spec.tsx failed test cases

* added condition in secureRouteForUser such that if the admin or superAdmin have user Account also access to login through User section

* modify App.spec.tsx

* test cases

* taken suggestion from ai and fixed test cases

* Update src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

line 57

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fixed failing test cases

* Update src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx

line number 50

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* taken suggestion from ai

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: PurnenduMIshra129th

docs/docs/auto-docs/GraphQl/Queries/Queries/variables/VERIFY_ROLE.md

@@ -0,0 +1,9 @@
+[Admin Docs](/)
+
+***
+
+# Variable: VERIFY\_ROLE
+
+> `const` **VERIFY\_ROLE**: `DocumentNode`
+
+Defined in: [src/GraphQl/Queries/Queries.ts:867](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/GraphQl/Queries/Queries.ts#L867)

docs/docs/auto-docs/components/CheckIn/types/enumerations/UserRole.md

@@ -0,0 +1,31 @@
+[Admin Docs](/)
+
+***
+
+# Enumeration: UserRole
+
+Defined in: [src/components/CheckIn/types.ts:45](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/CheckIn/types.ts#L45)
+
+## Enumeration Members
+
+### ADMIN
+
+> **ADMIN**: `"admin"`
+
+Defined in: [src/components/CheckIn/types.ts:47](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/CheckIn/types.ts#L47)
+
+***
+
+### SUPER\_ADMIN
+
+> **SUPER\_ADMIN**: `"superAdmin"`
+
+Defined in: [src/components/CheckIn/types.ts:48](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/CheckIn/types.ts#L48)
+
+***
+
+### USER
+
+> **USER**: `"user"`
+
+Defined in: [src/components/CheckIn/types.ts:46](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/CheckIn/types.ts#L46)

docs/docs/auto-docs/components/CheckIn/types/type-aliases/VerifyRoleResponse.md

@@ -0,0 +1,23 @@
+[Admin Docs](/)
+
+***
+
+# Type Alias: VerifyRoleResponse
+
+> **VerifyRoleResponse**: `object`
+
+Defined in: [src/components/CheckIn/types.ts:51](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/CheckIn/types.ts#L51)
+
+## Type declaration
+
+### verifyRole
+
+> **verifyRole**: `object`
+
+#### verifyRole.isAuthorized
+
+> **isAuthorized**: `boolean`
+
+#### verifyRole.role
+
+> **role**: [`UserRole`](../enumerations/UserRole.md)

docs/docs/auto-docs/components/SecuredRoute/SecuredRoute/functions/default.md

@@ -6,7 +6,7 @@
 
 > **default**(): `Element`
 
-Defined in: [src/components/SecuredRoute/SecuredRoute.tsx:16](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/SecuredRoute/SecuredRoute.tsx#L16)
+Defined in: [src/components/SecuredRoute/SecuredRoute.tsx:19](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/SecuredRoute/SecuredRoute.tsx#L19)
 
 A route guard that checks if the user is logged in and has the necessary permissions.
 

docs/docs/auto-docs/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser/functions/default.md

@@ -6,7 +6,7 @@
 
 > **default**(): `Element`
 
-Defined in: [src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx:14](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L14)
+Defined in: [src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx:18](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/components/UserPortal/SecuredRouteForUser/SecuredRouteForUser.tsx#L18)
 
 A component that guards routes by checking if the user is logged in.
 If the user is logged in and does not have 'AdminFor' set, the child routes are rendered.

docs/docs/auto-docs/screens/PageNotFound/PageNotFound/functions/default.md

@@ -6,7 +6,7 @@
 
 > **default**(): `Element`
 
-Defined in: [src/screens/PageNotFound/PageNotFound.tsx:15](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/screens/PageNotFound/PageNotFound.tsx#L15)
+Defined in: [src/screens/PageNotFound/PageNotFound.tsx:16](https://github.com/PalisadoesFoundation/talawa-admin/blob/main/src/screens/PageNotFound/PageNotFound.tsx#L16)
 
 The `PageNotFound` component displays a 404 error page when a user navigates to a non-existent route.
 It shows a message indicating that the page was not found and provides a link to redirect users back

src/App.spec.tsx

@@ -4,13 +4,14 @@ import { Provider } from 'react-redux';
 import { MockedProvider } from '@apollo/react-testing';
 import { BrowserRouter } from 'react-router-dom';
 import { I18nextProvider } from 'react-i18next';
-import { describe, it, expect, vi } from 'vitest';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
 import App from './App';
 import { store } from 'state/store';
-import { CHECK_AUTH } from 'GraphQl/Queries/Queries';
+import { CHECK_AUTH, VERIFY_ROLE } from 'GraphQl/Queries/Queries';
 import i18nForTest from './utils/i18nForTest';
 import { StaticMockLink } from 'utils/StaticMockLink';
 
+// Mock external dependencies
 vi.mock('@mui/x-charts/PieChart', () => ({
   pieArcLabelClasses: vi.fn(),
   PieChart: vi.fn().mockImplementation(() => <>Test</>),
@@ -55,19 +56,45 @@ const MOCKS = [
       },
     },
   },
+  {
+    request: {
+      query: VERIFY_ROLE,
+    },
+    result: {
+      data: {
+        verifyRole: {
+          isAuthorized: true,
+          role: 'user',
+        },
+      },
+    },
+  },
 ];
 
 const link = new StaticMockLink(MOCKS, true);
-const link2 = new StaticMockLink([], true);
+const link2 = new StaticMockLink(
+  [
+    {
+      request: { query: CHECK_AUTH },
+      result: { data: { checkAuth: null } }, // Simulating logged-out state
+    },
+    {
+      request: { query: VERIFY_ROLE },
+      result: { data: { verifyRole: { isAuthorized: false, role: '' } } },
+    }, // Ensure verifyRole exists, even if null
+  ],
+  true,
+);
+
+const wait = (ms = 100): Promise<void> =>
+  new Promise((resolve) => setTimeout(resolve, ms));
 
-async function wait(ms = 100): Promise<void> {
-  await new Promise((resolve) => {
-    setTimeout(resolve, ms);
+describe('App Component Tests', () => {
+  beforeEach(() => {
+    window.history.pushState({}, '', '/');
   });
-}
 
-describe('Testing the App Component', () => {
-  it('Component should be rendered properly and user is logged in', async () => {
+  it('should render properly when user is logged in', async () => {
     render(
       <MockedProvider addTypename={false} link={link}>
         <BrowserRouter>
@@ -84,15 +111,16 @@ describe('Testing the App Component', () => {
 
     window.history.pushState({}, '', '/orglist');
     await wait();
+
     expect(window.location.pathname).toBe('/orglist');
     expect(
       screen.getByText(
         'An open source application by Palisadoes Foundation volunteers',
       ),
-    ).toBeTruthy();
+    ).toBeInTheDocument();
   });
 
-  it('Component should be rendered properly and user is logged out', async () => {
+  it('should render properly when user is logged out', async () => {
     render(
       <MockedProvider addTypename={false} link={link2}>
         <BrowserRouter>

src/GraphQl/Queries/Queries.ts

@@ -864,6 +864,14 @@ export const GET_COMMUNITY_SESSION_TIMEOUT_DATA = gql`
     }
   }
 `;
+export const VERIFY_ROLE = gql`
+  query verifyRole {
+    verifyRole {
+      isAuthorized
+      role
+    }
+  }
+`;
 
 // get the list of Action Item Categories
 export { ACTION_ITEM_CATEGORY_LIST } from './ActionItemCategoryQueries';

src/components/CheckIn/types.ts

@@ -42,3 +42,15 @@ export interface InterfaceTableData {
   id: string;
   checkInData: InterfaceTableCheckIn;
 }
+export enum UserRole {
+  USER = 'user',
+  ADMIN = 'admin',
+  SUPER_ADMIN = 'superAdmin',
+}
+
+export type VerifyRoleResponse = {
+  verifyRole: {
+    isAuthorized: boolean;
+    role: UserRole;
+  };
+};

src/components/SecuredRoute/SecuredRoute.tsx

@@ -1,5 +1,8 @@
-import React from 'react';
-import { Navigate, Outlet } from 'react-router-dom';
+import { useQuery } from '@apollo/client';
+import { UserRole, type VerifyRoleResponse } from 'components/CheckIn/types';
+import { VERIFY_ROLE } from 'GraphQl/Queries/Queries';
+import React, { useEffect } from 'react';
+import { Navigate, Outlet, useLocation } from 'react-router-dom';
 import { toast } from 'react-toastify';
 import PageNotFound from 'screens/PageNotFound/PageNotFound';
 import useLocalStorage from 'utils/useLocalstorage';
@@ -14,14 +17,57 @@ const { getItem, setItem } = useLocalStorage();
  * @returns The JSX element representing the secured route.
  */
 const SecuredRoute = (): JSX.Element => {
-  const isLoggedIn = getItem('IsLoggedIn');
-  const adminFor = getItem('AdminFor');
-
-  return isLoggedIn === 'TRUE' ? (
-    <>{adminFor != null ? <Outlet /> : <PageNotFound />}</>
-  ) : (
-    <Navigate to="/" replace />
+  const location = useLocation();
+  const { data, loading, error, refetch } = useQuery<VerifyRoleResponse>(
+    VERIFY_ROLE,
+    {
+      skip: !getItem('token'),
+      context: {
+        headers: {
+          Authorization: `Bearer ${getItem('token')}`,
+        },
+      },
+    },
   );
+  const [token, setToken] = React.useState(getItem('token'));
+
+  useEffect(() => {
+    const newToken = getItem('token');
+    if (newToken !== token) {
+      setToken(newToken);
+    }
+  }, []);
+
+  useEffect(() => {
+    refetch(); // Refetch when token updates
+  }, [token]);
+
+  if (loading) {
+    return <div> Loading.....</div>;
+  } else if (error) {
+    return <div>Error During Routing ...</div>;
+  } else {
+    if (!data?.verifyRole) {
+      return <Navigate to="/" replace />;
+    }
+    const { isAuthorized = false, role = '' } = (data as VerifyRoleResponse)
+      .verifyRole;
+    const restrictedRoutesForAdmin = ['/member', '/users', '/communityProfile'];
+    if (isAuthorized) {
+      if (role == UserRole.SUPER_ADMIN) {
+        return <Outlet />;
+      } else if (role == UserRole.ADMIN) {
+        if (restrictedRoutesForAdmin.includes(location.pathname)) {
+          return <PageNotFound />;
+        }
+        return <Outlet />;
+      } else {
+        return <PageNotFound />;
+      }
+    } else {
+      return <Navigate to="/" replace />;
+    }
+  }
 };
 
 // Time constants for session timeout and inactivity interval