From 1686917d879c7c384742e61a49b6f57ddb29e36d Mon Sep 17 00:00:00 2001
From: oDinZu <info@sharpetronics.com>
Date: Thu, 1 Dec 2022 20:04:06 -0500
Subject: [PATCH] add user auth for ddos protection

---
 Gemfile                                       |  2 +-
 Gemfile.lock                                  |  2 +-
 _config.yml                                   |  4 +-
 _layouts/product.html                         |  2 +-
 .../lib/a-get-collections.rb                  | 66 +++++++++++++------
 .../jekyll-strapi-api/lib/b-generate-posts.rb |  2 +-
 docker-compose.yml                            |  3 +-
 7 files changed, 54 insertions(+), 27 deletions(-)

diff --git a/Gemfile b/Gemfile
index a3729e8..d04ab92 100644
--- a/Gemfile
+++ b/Gemfile
@@ -28,8 +28,8 @@ group :dev_plugins do
   gem 'webrick', '~> 1.7' # dep for Jekyll 4.2.2; Ruby 3 doesn't have webrick by default anymore.
   gem 'json', '~> 2.1' # dep for transforming json data
   gem 'faraday' # a simple, but flexible HTTP client library, with support for multiple backends.
+  gem 'faraday-multipart' # send with UDP; No encoding of the data; currently being used with download-images.rb
   gem 'httpx' # swiss army knife of Ruby for HTTP
-  gem 'faraday-multipart' # send with UDP; No encoding of the data
   gem 'rails' # must use Rails for .blank support
 end
 
diff --git a/Gemfile.lock b/Gemfile.lock
index f442149..509d816 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -192,7 +192,7 @@ GEM
     thread_safe (0.3.6)
     tzinfo (1.2.10)
       thread_safe (~> 0.1)
-    tzinfo-data (1.2022.6)
+    tzinfo-data (1.2022.7)
       tzinfo (>= 1.0.0)
     unicode-display_width (1.8.0)
     wdm (0.1.1)
diff --git a/_config.yml b/_config.yml
index 1ec8461..d37a466 100644
--- a/_config.yml
+++ b/_config.yml
@@ -57,8 +57,9 @@ api:
       # The Ecommerce Jekyll configuration
       enabled: true # enable or disable ecommerce integration; defaults to false
 
-    # uri format: [endpoint]+[endpoint_ext]+[endpoint_param]
+    # uri format: [endpoint]+[endpoint_ext]+[endpoint_param] 
     endpoint: https://dash.sharpetronics.com # url to api; no trailing slash
+    endpoint_api_auth_ext: auth/local  # the ext for Strapi user authentication; no / allowed
     endpoint_ext: /api/ # (optional) the extension of endpoint e.g. https://www.example.com/api/
     endpoint_param: ?populate=deep # (optional) e.g. populate all json data; does not affect endpoint_uploads.
     endpoint_uploads: uploads # the location of all media files on api; this is required for downloading images
@@ -161,7 +162,6 @@ pagination:
 # their entries' file path in the `include:` list.
 
   exclude:
-    - docs/*
 #   - .sass-cache/
 #   - .jekyll-cache/
 #   - gemfiles/
diff --git a/_layouts/product.html b/_layouts/product.html
index ce73f5b..e225172 100644
--- a/_layouts/product.html
+++ b/_layouts/product.html
@@ -34,7 +34,7 @@ pagination:
           <!-- Product Image Banner -->
           <div class="col-6 col-12-small product-image">
             <section class="">
-              <a href="#"><img alt="{{ page.title }}" src="{{ page.banner_image }}" class="product-flex" /></a>
+              <img alt="{{ page.title }}" src="{{ page.banner_image }}" class="product-flex" />
               
               <!-- Product Gallery Grid -->
               {%- include product-grid-gallery.html -%}
diff --git a/_plugins/jekyll-strapi-api/lib/a-get-collections.rb b/_plugins/jekyll-strapi-api/lib/a-get-collections.rb
index e311f70..64d4fe8 100644
--- a/_plugins/jekyll-strapi-api/lib/a-get-collections.rb
+++ b/_plugins/jekyll-strapi-api/lib/a-get-collections.rb
@@ -3,7 +3,7 @@
 
 # Author(s): Charles Sharpe(@odinzu_me) aka SharpeTronics, LLC,
 # License: GPLv3
-# Version: 1.6
+# Version: 1.7
 
 # This is Free Software released under GPLv3. Any misuse of this software
 # will be followed up with GPL enforcement via Software Freedom Law Center:
@@ -28,9 +28,9 @@ require 'json' # https://ruby-doc.org/stdlib-3.0.2/libdoc/json/rdoc/JSON.html
 require 'fileutils' # https://ruby-doc.org/stdlib-2.4.1/libdoc/fileutils/rdoc/FileUtils.html
 require 'yaml' # load jekyll yaml config
 require 'faraday' # https://lostisland.github.io/faraday/usage/
-require 'httpx/adapters/faraday' # https://honeyryderchuck.gitlab.io/httpx/
+require 'httpx/adapters/faraday' # https://os85.gitlab.io/httpx/rdoc/
 require 'addressable/uri' # https://github.com/sporkmonger/addressable If you need to normalize URIs, e.g. http://www.詹姆斯.com/
-require 'faraday/multipart' # https://github.com/lostisland/faraday-multipart
+#require 'faraday/multipart' # https://github.com/lostisland/faraday-multipart
 require 'active_support/core_ext/object/blank' # load only the specific extension for .blank? support
 
 Jekyll.logger.debug "A SharpeTronics bot be building this...[*_-]\n".green.bold
@@ -38,6 +38,7 @@ Jekyll.logger.debug "A SharpeTronics bot be building this...[*_-]\n".green.bold
 config_yml = "_config.yml"
 f = YAML.load(File.read(config_yml.to_s)) # r - read file
 api_endpoint = f['api']['endpoint']
+endpoint_api_auth_ext = f['api']['endpoint_api_auth_ext']
 endpoint_param = f['api']['endpoint_param']
 endpoint_ext = f['api']['endpoint_ext']
 Jekyll.logger.debug "DEBUG: API_ENDPDOINT for GET COLLECTIONS: " "#{api_endpoint}".to_s.yellow.bold
@@ -45,28 +46,49 @@ media_dir = f['api']['local_media_dir']
 Jekyll.logger.debug "CONFIG DEBUG: MEDIA_DIR: " "#{media_dir}".to_s.yellow.bold
 # authenticated or public API data
 # import API_TOKEN from the environment. e.g. export API_TOKEN=example
-api_token = ENV['API_TOKEN']
+strapi_bot_user_email = ENV['STRAPI_BOT_USER_EMAIL']
+strapi_bot_user_pass = ENV['STRAPI_BOT_USER_PASS']
+strapi_token = nil
+
+# authenticate user before accessing the json data and store JWT
+auth_login = "#{api_endpoint}#{endpoint_ext}#{endpoint_api_auth_ext}"
+#auth_login_ext = "#{endpoint_api_auth_ext}"
+Jekyll.logger.debug "HTTP DEBUG: AUTH LOGIN: " "#{auth_login}".to_s.yellow.bold
+
 # check if api_token is auth or unauth
-if "#{api_token}".blank?
+if "#{strapi_bot_user_email}".blank? || "#{strapi_bot_user_pass}".blank?
     # logs data to screen
-    puts "TOKEN MISSING! Testing a public request without a bearer token... ".red
-    options = {
-      headers: ""
-    }
+    puts "STRAPI AUTH DATA IS MISSING from .env!".red
+  else
+
+    connection = Faraday.new(auth_login) do |b|
+      b.request :json # This will set the "Content-Type" header to application/json and call .to_json on the body
+      b.response(:json, content_type: /\bjson$/)
+      b.adapter :httpx # default is Net:HTTP see README.md
+    end
+    
+    response = connection.post(auth_login, { "identifier": strapi_bot_user_email, "password": strapi_bot_user_pass })
+    strapi_token = response.body["jwt"]
+    
+    Jekyll.logger.debug "HTTP DEBUG: BULIDING CONNECTION: #{response}".to_s.yellow.bold
+    puts ""
+    puts "API_AUTH_LOGIN SUCCESS! Downloading JWT...".cyan.bold
+    puts ""
+  end # close if/else
+
+    Jekyll.logger.debug "Strapi Token Test: #{strapi_token}".to_s.yellow.bold
+
+# check if api_token is auth or unauth
+if "#{strapi_token}".blank?
+    # logs data to screen
+    puts "STRAPI BEARER TOKEN IS MISSING!".red
   else
     # build the connection to the API
     api_builder = Faraday.new do |builder|
-      # add the class directly instead of using lookups
-      builder.use Faraday::Request::UrlEncoded
-      builder.use Faraday::Response::RaiseError
-
-      # add by symbol, lookup from Faraday::Request
-      # Faraday::Response and Faraday::Adapter registries
-      builder.request :authorization, 'Bearer Token', api_token # include bearer token "options" and authenticated header
-      builder.request :json # encode req bodies as JSON and automatically set the Content-Type header
-      builder.response :json # decode response bodies as JSON
-
-      builder.adapter :httpx # must add adapter; default is Net:HTTP see README.md
+      builder.request :authorization, 'Bearer', strapi_token # include bearer token "options" and authenticated header
+      builder.request :json # This will set the "Content-Type" header to application/json and call .to_json on the body
+      builder.response(:json, content_type: /\bjson$/)
+      builder.adapter :httpx # default is Net:HTTP see README.md
     end
     Jekyll.logger.debug "HTTP DEBUG: BULIDING CONNECTION: #{api_builder}".to_s.yellow.bold
     # logs auth status to screen
@@ -130,6 +152,10 @@ uri_authors = "#{api_endpoint}#{endpoint_ext}#{authors_type}#{endpoint_param}"
 Jekyll.logger.debug "HTTP DEBUG: AUTHORS URI: " "#{uri_authors}".to_s.yellow.bold
 
 # the actual GET with header data; retrieve all product and posts json data from API
+# check auth_login status code
+auth_login_connect = response.status
+Jekyll.logger.debug "HTTP DEBUG: THE AUTH LOGIN STATUS CODE: #{auth_login_connect}".to_s.cyan.bold
+
 posts_api_connect = api_builder.get(uri_posts)
 Jekyll.logger.debug "HTTP DEBUG: THE COLLECTION is: #{posts_type} with STATUS CODE: #{posts_api_connect.status}".to_s.cyan.bold
 
diff --git a/_plugins/jekyll-strapi-api/lib/b-generate-posts.rb b/_plugins/jekyll-strapi-api/lib/b-generate-posts.rb
index 15679e6..577803e 100644
--- a/_plugins/jekyll-strapi-api/lib/b-generate-posts.rb
+++ b/_plugins/jekyll-strapi-api/lib/b-generate-posts.rb
@@ -3,7 +3,7 @@
 
 # Author(s): Charles Sharpe(@odinzu_me) aka SharpeTronics, LLC,
 # License: GPLv3
-# Version: 1.6
+# Version: 1.7
 
 # This is Free Software released under GPLv3. Any misuse of this software
 # will be followed up with GPL enforcement via Software Freedom Law Center:
diff --git a/docker-compose.yml b/docker-compose.yml
index a6051be..760bf47 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -73,5 +73,6 @@ services:
       ports:
         - 4000:4000
       environment:
-        - API_TOKEN=$API_TOKEN
+        - STRAPI_BOT_USER_EMAIL=$STRAPI_BOT_USER_EMAIL
+        - STRAPI_BOT_USER_PASS=$STRAPI_BOT_USER_PASS
       command: jekyll serve --lsi --watch --verbose --trace