@canmingir/link-express 1.6.11 → 1.7.0

package/src/routes/oauth.ts

@@ -0,0 +1,267 @@
+import Joi from "joi";
+import express, { Request, Response } from "express";
+import jwt from "jsonwebtoken";
+import axios from "axios";
+import config from "../config";
+import { AuthenticationError, AuthorizationError } from "../error";
+import Permission from "../models/Permission.model";
+
+const router = express.Router();
+
+const { project } = config();
+
+if (!project) {
+  throw new Error("Project configuration is required");
+}
+
+router.post(
+  "/",
+  async (req: Request, res: Response): Promise<Response | void> => {
+    const { appId, projectId, code, refreshToken, redirectUri, provider } =
+      Joi.attempt(
+        req.body,
+        Joi.object({
+          appId: Joi.string().required(),
+          projectId: Joi.string().optional(),
+          code: Joi.string().optional(),
+          refreshToken: Joi.string().optional(),
+          redirectUri: Joi.string().optional(),
+          provider: Joi.string().required(),
+        })
+          .required()
+          .options({ stripUnknown: true })
+      ) as {
+        appId: string;
+        projectId?: string;
+        code?: string;
+        refreshToken?: string;
+        redirectUri?: string;
+        provider: string;
+      };
+
+    if (!code && !refreshToken) {
+      return res.status(400).send("Missing OAuth Code and Refresh Token");
+    }
+
+    const providerConfig = project.oauth?.providers[provider] as {
+      clientId: string;
+      tokenUrl: string;
+      userUrl: string;
+      userIdentifier: string;
+      userFields: {
+        name: string;
+        displayName: string;
+        avatarUrl: string;
+        email: string;
+      };
+    };
+    if (!providerConfig) {
+      return res.status(400).send("Unsupported OAuth provider");
+    }
+
+    let accessTokenForAPI: string;
+    let newRefreshToken = refreshToken;
+
+    if (code && redirectUri) {
+      const params = new URLSearchParams();
+      params.append("grant_type", "authorization_code");
+      params.append("client_id", providerConfig.clientId);
+      params.append(
+        "client_secret",
+        process.env[`${provider.toUpperCase()}_CLIENT_SECRET`] as string
+      );
+      params.append("code", code);
+      params.append("redirect_uri", redirectUri);
+
+      const tokenResponse = await axios.post<{
+        access_token?: string;
+        refresh_token?: string;
+        error?: string;
+        error_description?: string;
+      }>(providerConfig.tokenUrl, params.toString(), {
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          Accept: "application/json",
+        },
+        timeout: 10000,
+      });
+
+      if (tokenResponse.data.error) {
+        throw new AuthorizationError(
+          tokenResponse.data.error_description || tokenResponse.data.error
+        );
+      }
+
+      if (!tokenResponse.data.access_token) {
+        throw new AuthenticationError(
+          "No access token received from OAuth provider"
+        );
+      }
+
+      accessTokenForAPI = tokenResponse.data.access_token;
+      newRefreshToken =
+        tokenResponse.data.refresh_token || tokenResponse.data.access_token;
+    } else {
+      accessTokenForAPI = refreshToken as string;
+    }
+
+    const userResponse = await axios.get<Record<string, unknown>>(
+      providerConfig.userUrl,
+      {
+        headers: {
+          Authorization: `Bearer ${accessTokenForAPI}`,
+          Accept: "application/json",
+        },
+        timeout: 10000,
+      }
+    );
+
+    console.log("User info response:", userResponse.data);
+
+    let userId: string;
+    const identifierField = providerConfig.userIdentifier;
+
+    if (userResponse.data[identifierField]) {
+      userId = String(userResponse.data[identifierField]);
+    } else if (
+      project.oauth &&
+      project.oauth?.jwt.identifier &&
+      userResponse.data[project.oauth.jwt.identifier]
+    ) {
+      userId = String(userResponse.data[project.oauth.jwt.identifier]);
+    } else {
+      console.error("User identifier extraction failed:", {
+        availableFields: Object.keys(userResponse.data),
+        expectedField: identifierField,
+        fallbackField: project.oauth?.jwt.identifier,
+      });
+      throw new Error(
+        `Cannot find user identifier in ${provider} OAuth response`
+      );
+    }
+
+    let accessToken: string;
+
+    if (projectId) {
+      const permissions = await Permission.findAll({
+        where: { userId, projectId, appId },
+      });
+
+      if (!permissions.length) {
+        accessToken = jwt.sign(
+          {
+            sub: userId,
+            iss: "nuc",
+            aid: appId,
+            provider: provider,
+            iat: Math.floor(Date.now() / 1000),
+          },
+          process.env.JWT_SECRET as string,
+          { expiresIn: "12h" }
+        );
+      } else {
+        accessToken = jwt.sign(
+          {
+            sub: userId,
+            iss: "nuc",
+            aud: projectId,
+            oid: permissions[0].organizationId,
+            aid: appId,
+            rls: permissions.map((permission) => permission.role),
+            provider: provider,
+            iat: Math.floor(Date.now() / 1000),
+          },
+          process.env.JWT_SECRET as string,
+          { expiresIn: "12h" }
+        );
+      }
+    } else {
+      accessToken = jwt.sign(
+        {
+          sub: userId,
+          iss: "nuc",
+          aid: appId,
+          provider: provider,
+          iat: Math.floor(Date.now() / 1000),
+        },
+        process.env.JWT_SECRET as string,
+        { expiresIn: "12h" }
+      );
+    }
+
+    res.status(200).json({
+      accessToken,
+      refreshToken: newRefreshToken,
+    });
+  }
+);
+
+router.get("/user", async (req: Request, res: Response): Promise<Response> => {
+  const authHeader = req.headers.authorization;
+  const refreshTokenHeader = req.headers["x-refresh-token"] as
+    | string
+    | undefined;
+
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    return res.status(401).end();
+  }
+
+  if (!refreshTokenHeader) {
+    return res.status(400).send("Missing refresh token");
+  }
+
+  const token = authHeader.split(" ")[1];
+
+  const decoded = jwt.verify(token, process.env.JWT_SECRET as string) as {
+    sub: string;
+    provider: string;
+  };
+  const userId = decoded.sub;
+  const provider = decoded.provider;
+
+  if (!userId || !provider) {
+    return res.status(401).end();
+  }
+
+  const providerConfig = project.oauth?.providers[provider] as {
+    userUrl: string;
+    userFields: {
+      name: string;
+      displayName: string;
+      avatarUrl: string;
+      email: string;
+    };
+  };
+  if (!providerConfig) {
+    return res.status(400).send("Unsupported OAuth provider");
+  }
+
+  const userResponse = await axios.get<Record<string, unknown>>(
+    providerConfig.userUrl,
+    {
+      headers: {
+        Authorization: `Bearer ${refreshTokenHeader}`,
+        Accept: "application/json",
+      },
+      timeout: 10000,
+    }
+  );
+
+  const userFieldMapping = providerConfig.userFields;
+  const userDetails = {
+    id: userId,
+    provider: provider,
+    name: (userResponse.data[userFieldMapping.name] as string) || null,
+    displayName:
+      (userResponse.data[userFieldMapping.displayName] as string) || null,
+    avatarUrl:
+      (userResponse.data[userFieldMapping.avatarUrl] as string) || null,
+    email: (userResponse.data[userFieldMapping.email] as string) || null,
+  };
+
+  return res.status(200).json({
+    user: userDetails,
+  });
+});
+
+export default router;

package/src/routes/{organizations.js → organizations.ts}

@@ -1,8 +1,10 @@
-const router = require("express").Router();
-const Organization = require("../models/Organization");
-const Permission = require("../models/Permission");
+import express, { Request, Response } from "express";
+import Organization from "../models/Organization.model";
+import Permission from "../models/Permission.model";
 
-router.post("/", async (req, res) => {
+const router = express.Router();
+
+router.post("/", async (req: Request, res: Response) => {
   const organization = req.body;
 
   Organization.create(organization).then((organization) => {
@@ -10,7 +12,7 @@ router.post("/", async (req, res) => {
   });
 });
 
-router.get("/", async (req, res) => {
+router.get("/", async (req: Request, res: Response) => {
   const { userId } = req.session;
 
   const organizations = await Organization.findAll({
@@ -27,7 +29,7 @@ router.get("/", async (req, res) => {
   res.status(200).json(organizations);
 });
 
-router.get("/:id", async (req, res) => {
+router.get("/:id", async (req: Request, res: Response) => {
   const { organizationId } = req.session;
   const { id } = req.params;
 
@@ -36,7 +38,7 @@ router.get("/:id", async (req, res) => {
   }
 
   const organization = await Organization.findByPk(organizationId);
-  res.status(200).json(organization);
+  return res.status(200).json(organization);
 });
 
-module.exports = router;
+export default router;

package/src/routes/{permissions.js → permissions.ts}

@@ -1,7 +1,9 @@
-const router = require("express").Router();
-const Permission = require("../models/Permission");
+import express, { Request, Response } from "express";
+import Permission from "../models/Permission.model";
 
-router.post("/", async (req, res) => {
+const router = express.Router();
+
+router.post("/", async (req: Request, res: Response) => {
   const { userId } = req.body;
   const { projectId, organizationId, appId, roles } = req.session;
   const permissionInstance = await Permission.create({
@@ -14,7 +16,7 @@ router.post("/", async (req, res) => {
   res.status(201).json(permissionInstance);
 });
 
-router.get("/", async (req, res) => {
+router.get("/", async (req: Request, res: Response) => {
   const { projectId, organizationId } = req.session;
 
   const permissions = await Permission.findAll({
@@ -31,7 +33,7 @@ router.get("/", async (req, res) => {
   }
 });
 
-router.delete("/:userId", async (req, res) => {
+router.delete("/:userId", async (req: Request, res: Response) => {
   const { projectId, organizationId } = req.session;
   const userId = req.params.userId;
 
@@ -47,4 +49,4 @@ router.delete("/:userId", async (req, res) => {
   }
 });
 
-module.exports = router;
+export default router;

package/src/routes/{projects.js → projects.ts}

@@ -1,16 +1,22 @@
-const Joi = require("joi");
-const router = require("express").Router();
-const Project = require("../models/Project");
-const Organization = require("../models/Organization");
-const Permission = require("../models/Permission");
-const schemas = require("../schemas");
-const config = require("../config");
-
-router.post("/", async (req, res) => {
+import Joi from "joi";
+import express, { Request, Response } from "express";
+import Project from "../models/Project.model";
+import Organization from "../models/Organization.model";
+import Permission from "../models/Permission.model";
+import * as schemas from "../schemas";
+import config from "../config";
+
+const router = express.Router();
+
+router.post("/", async (req: Request, res: Response) => {
   const project = Joi.attempt(req.body, schemas.Project);
 
-  if (config.link && config.link.project) {
-    Joi.attempt(project.type, config.link.project.type);
+  const appConfig = config();
+  if (appConfig.link && appConfig.link.project) {
+    Joi.attempt(
+      project.type,
+      (appConfig.link.project as { type: Joi.Schema }).type
+    );
   }
 
   const projectInstance = await Project.create(project);
@@ -26,7 +32,7 @@ router.post("/", async (req, res) => {
   res.status(201).json(projectInstance);
 });
 
-router.get("/", async (req, res) => {
+router.get("/", async (req: Request, res: Response) => {
   const { userId, appId } = req.session;
 
   const projects = await Project.findAll({
@@ -50,7 +56,7 @@ router.get("/", async (req, res) => {
   res.status(200).json(projects);
 });
 
-router.get("/:id", async (req, res) => {
+router.get("/:id", async (req: Request, res: Response) => {
   const { userId, organizationId } = req.session;
   const { id } = req.params;
 
@@ -73,7 +79,7 @@ router.get("/:id", async (req, res) => {
   }
 });
 
-router.delete("/:id", async (req, res) => {
+router.delete("/:id", async (req: Request, res: Response) => {
   const { userId, organizationId } = req.session;
   const { id } = req.params;
 
@@ -97,7 +103,7 @@ router.delete("/:id", async (req, res) => {
   }
 });
 
-router.patch("/:id", async (req, res) => {
+router.patch("/:id", async (req: Request, res: Response) => {
   const { userId, organizationId } = req.session;
   const { id } = req.params;
 
@@ -122,4 +128,4 @@ router.patch("/:id", async (req, res) => {
   }
 });
 
-module.exports = router;
+export default router;

package/src/routes/settings.ts

@@ -0,0 +1,31 @@
+import express, { Request, Response } from "express";
+import * as settings from "../lib/settings";
+import { AuthorizationError } from "../error";
+
+const router = express.Router({ mergeParams: true });
+
+interface SettingsRequest extends Request {
+  params: {
+    projectId: string;
+  };
+}
+
+router.get("/", async (req: SettingsRequest, res: Response) => {
+  if (req.params.projectId !== req.session.projectId) {
+    throw new AuthorizationError();
+  }
+
+  const setting = await settings.get(req.session);
+  res.json(setting);
+});
+
+router.patch("/", async (req: SettingsRequest, res: Response) => {
+  if (req.params.projectId !== req.session.projectId) {
+    throw new AuthorizationError();
+  }
+
+  await settings.upsert(req.session, req.body, req.params);
+  res.end();
+});
+
+export default router;

package/src/schemas/{Organization.js → Organization.ts}

@@ -1,4 +1,4 @@
-const Joi = require("joi");
+import Joi from "joi";
 
 const Organization = {
   create: Joi.object({
@@ -10,4 +10,4 @@ const Organization = {
   }).required(),
 };
 
-module.exports = Organization;
+export = Organization;

package/src/schemas/{Permission.js → Permission.ts}

@@ -1,4 +1,4 @@
-const Joi = require("joi");
+import Joi from "joi";
 
 const Permission = {
   create: Joi.object({
@@ -17,4 +17,4 @@ const Permission = {
   }).required(),
 };
 
-module.exports = Permission;
+export = Permission;

package/src/schemas/{Project.js → Project.ts}

@@ -1,4 +1,4 @@
-const Joi = require("joi");
+import Joi from "joi";
 
 const Project = Joi.object({
   name: Joi.string().required(),
@@ -11,4 +11,4 @@ const Project = Joi.object({
   coach: Joi.string().optional(),
 });
 
-module.exports = Project;
+export = Project;

package/src/schemas/index.ts

@@ -0,0 +1,5 @@
+import Permission from "./Permission";
+import Organization from "./Organization";
+import Project from "./Project";
+
+export { Permission, Organization, Project };

package/src/sequelize.ts

@@ -0,0 +1,13 @@
+export {
+  Table,
+  Column,
+  Model,
+  DataType,
+  Default,
+  PrimaryKey,
+  AllowNull,
+  BelongsTo,
+  HasMany,
+  IsIn,
+  ForeignKey,
+} from "sequelize-typescript";

package/src/{test.js → test.ts}

@@ -1,17 +1,15 @@
-require("dotenv").config({ path: ".env.test" });
-const path = require("path");
-const fs = require("fs");
-const platform = require("./platform");
+import dotenv from "dotenv";
+import path from "path";
+import fs from "fs";
+import platform from "./platform";
+
+dotenv.config({ path: ".env.test" });
 
 platform
   .init({
     postgres: { uri: "sqlite::memory:", debug: true },
     dynamodb: {
       region: "us-test-1",
-      credentials: {
-        accessKeyId: "test",
-        secretAccessKey: "test",
-      },
     },
   })
   .then(async () => {
@@ -28,11 +26,11 @@ const seedsDir = path.join(workingDir, "src", "seeds");
 
 const models = require(modelsDir);
 
-function project(id) {
+function project(id: string): void {
   process.env.PROJECT_ID = id;
 }
 
-async function reset() {
+async function reset(): Promise<void> {
   const {
     Postgres: { sequelize },
   } = platform.module();
@@ -57,7 +55,7 @@ async function reset() {
     }
   });
 
-  async function seed() {
+  async function seed(): Promise<void> {
     const { seed: organizations } = require("./seeds/Organization.json");
     const { seed: projects } = require("./seeds/Project.json");
     const { seed: permissions } = require("./seeds/Permission.json");
@@ -78,7 +76,7 @@ async function reset() {
     await Project.bulkCreate(allProjects);
 
     const seedFileNames = fs.readdirSync(seedsDir);
-    let orderedSeeds = [];
+    let orderedSeeds: { sequence: number; seed: unknown[]; modelName: string }[] = [];
 
     seedFileNames.forEach(async (seedFileName) => {
       if (seedFileName === "index.js") return;
@@ -102,4 +100,4 @@ async function reset() {
   await seed();
 }
 
-module.exports = { reset, project };
+export { reset, project };

package/src/types/Organization.ts

@@ -0,0 +1,9 @@
+import type { PermissionType } from "./Permission";
+import type { ProjectType } from "./Project";
+
+export interface OrganizationType {
+  id: string;
+  name: string;
+  permissions?: PermissionType[];
+  projects?: ProjectType[];
+}

package/src/types/Permission.ts

@@ -0,0 +1,13 @@
+import type { OrganizationType } from "./Organization";
+import type { ProjectType } from "./Project";
+
+export interface PermissionType {
+  id: string;
+  appId: string;
+  organizationId: string;
+  projectId: string;
+  userId: string;
+  role: string;
+  organization?: OrganizationType;
+  project?: ProjectType;
+}

package/src/types/Project.ts

@@ -0,0 +1,14 @@
+import type { OrganizationType } from "./Organization";
+import type { PermissionType } from "./Permission";
+
+export interface ProjectType {
+  id: string;
+  name: string;
+  icon: string;
+  description: string | null;
+  type: string | null;
+  organizationId: string | null;
+  coach: string | null;
+  organization?: OrganizationType;
+  permissions?: PermissionType[];
+}

package/src/types/index.ts

@@ -0,0 +1,5 @@
+import type { PermissionType } from "./Permission";
+import type { OrganizationType } from "./Organization";
+import type { ProjectType } from "./Project";
+
+export type { PermissionType, OrganizationType, ProjectType };

package/tsconfig.json

@@ -0,0 +1,32 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["ES2020"],
+    "declaration": true,
+    "outDir": "./dist",
+    "rootDir": "./",
+    "removeComments": true,
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "strictFunctionTypes": true,
+    "strictBindCallApply": true,
+    "strictPropertyInitialization": false,
+    "noImplicitThis": true,
+    "alwaysStrict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "moduleResolution": "node",
+    "resolveJsonModule": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true
+  },
+  "include": ["src/**/*", "index.ts", "prepare.ts"],
+  "exclude": ["node_modules", "dist", "**/*.spec.ts", "**/*.test.ts"]
+}

package/.eslintrc.js

@@ -1,20 +0,0 @@
-module.exports = {
-  env: {
-    es6: true,
-    node: true,
-    mocha: true,
-  },
-  extends: ["eslint:recommended", "plugin:prettier/recommended"],
-  parserOptions: {
-    ecmaVersion: 2022,
-    sourceType: "module",
-  },
-  ignorePatterns: "/node_modules",
-  rules: {
-    eqeqeq: ["error", "always"],
-    "no-console": "off",
-    "no-eval": "error",
-    "no-var": "error",
-    "prefer-arrow-callback": "error",
-  },
-};

package/index.js

@@ -1 +0,0 @@
-module.exports = require("./src/platform");