npm - @design-edito/cli - Versions diffs - 0.0.78 → 0.0.79 - Mend

@design-edito/cli 0.0.78 → 0.0.79

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/make-template/assets/express-api/src/api/auth/_utils/index.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { randomUUID } from 'crypto'
+import { Duration } from '@design-edito/tools/agnostic/time/duration'
+import { Logs } from '@design-edito/tools/agnostic/misc/logs'
+import * as Database from '../../../database'
+import * as Email from '../../../email'
+import {
+  USER_EMAIL_VALIDATION_TOKEN_LIFETIME_MINUTES,
+  EMAILER_EMAIL,
+  EMAILER_NAME,
+  ROOT_USER_ID
+} from '../../../env'
+import {
+  IUserEmailValidationToken,
+  UserEmailValidationTokenModel
+} from '../../../schema/user-email-validation-token'
+export async function createAndSendUserEmailValidationToken (email: string, username: string) {
+  const tokenLifetimeMinutes = parseInt(USER_EMAIL_VALIDATION_TOKEN_LIFETIME_MINUTES)
+  const tokenLifetimeMs = Duration.minutes(tokenLifetimeMinutes).toMilliseconds()
+  const tokenExpiresOnTimestamp = Date.now() + tokenLifetimeMs
+  const tokenExpiresOn = new Date(tokenExpiresOnTimestamp)
+  const tokenValue = randomUUID()
+  const tokenDocument: IUserEmailValidationToken = {
+    email,
+    value: tokenValue,
+    expiresOn: tokenExpiresOn,
+  }
+  const tokenInserted = await Database.insertOne(UserEmailValidationTokenModel, tokenDocument, { initiatorId: ROOT_USER_ID })
+  if (!tokenInserted.success) {
+    console.log(Logs.styles.error('Token not inserted'))
+    console.log(Logs.styles.regular(tokenInserted.error.message))
+    console.log(tokenInserted.error.details)
+    // [WIP] what do here ?
+    // send mail to admin ?
+    // Retry ?
+    // Send fallback mail to user something like 'request a new token' ?
+    // Do nothing and try create and send token again when trying to login ?
+  }
+  const emailBody = Email.makeUserEmailVerificationTokenBody(username, tokenValue)
+  return await Email.send(
+    EMAILER_EMAIL,
+    EMAILER_NAME,
+    email,
+    username,
+    'Validate your email',
+    emailBody)
+}

package/make-template/assets/express-api/src/api/auth/index.ts ADDED Viewed

@@ -0,0 +1,25 @@
+// import { google } from './google'
+// import { googleCallback } from './google-callback'
+import { login } from './login'
+import { logout } from './logout'
+import { refreshToken } from './refresh-token'
+import { requestEmailVerificationToken } from './request-email-verification-token'
+import { requestNewPassword } from './request-new-password'
+import { signup } from './signup'
+import { submitNewPassword } from './submit-new-password'
+import { verifyEmail } from './verify-email'
+import { whoami } from './whoami'
+export {
+  // google,
+  // googleCallback,
+  login,
+  logout,
+  refreshToken,
+  requestEmailVerificationToken,
+  requestNewPassword,
+  signup,
+  submitNewPassword,
+  verifyEmail,
+  whoami
+}

package/make-template/assets/express-api/src/api/auth/login/index.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import bcrypt from 'bcrypt'
+import validator from 'validator'
+import zod from 'zod'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import { isNonNullObject } from '@design-edito/tools/agnostic/objects/is-object'
+import * as Database from '../../../database'
+import { Codes, makeFailureOutcome } from '../../../errors'
+import { ROOT_USER_ID } from '../../../env'
+import * as Jwt from '../../../jwt'
+import { Role, Status, LocalUserModel } from '../../../schema/user'
+import { makeEndpoint, nullAuthenticator } from '../../utils'
+export type ExpectedBody = {
+  email: string
+  password: string
+} | {
+  username: string
+  password: string
+}
+export type SuccessResponse = {
+  _id: string
+  username: string
+  email: string
+  role: Role
+  status: Status
+  verified: boolean
+}
+export const login = makeEndpoint<ExpectedBody, SuccessResponse>(
+  /* Authentication */
+  nullAuthenticator,
+  /* Validation */
+  async req => {
+    const { body } = req
+    if (!isNonNullObject(body)) return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Must be an object')
+    if ('email' in body) {
+      const withEmailSchema = zod.object({
+        email: zod.string().email('Invalid email format'),
+        password: zod.string().min(1, 'Password must be at least one character long')
+      })
+      try {
+        const withEmailValidated = withEmailSchema.parse(body)
+        return Outcome.makeSuccess(withEmailValidated)
+      } catch (err) {
+        const errStr = unknownToString(err)
+        return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+      }
+    } else if ('username' in body) {
+      const withUsernameSchema = zod.object({
+        username: zod.string()
+          .min(1)
+          .refine(input => validator.isSlug(input.toLowerCase()), {
+            message: 'Username must contain alphanumeric or non starting, trailing nor consecutive hyphens or underscores'
+          }),
+        password: zod.string().min(1, 'Password must be at least one character long')
+      })
+      try {
+        const withUsernameValidated = withUsernameSchema.parse(body)
+        return Outcome.makeSuccess(withUsernameValidated)
+      } catch (err) {
+        const errStr = unknownToString(err)
+        return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+      }
+    } else {
+      return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Missing username or email property')
+    }
+  },
+  /* Process */
+  async (body, _req, res) => {
+    const { password } = body
+    const query = 'email' in body ? { email: body.email } : { username: body.username }
+    const foundUser = await Database.findOne(LocalUserModel, query, { initiatorId: ROOT_USER_ID })
+    if (!foundUser.success) {
+      const err = foundUser.error
+      if (err.code === Codes.DB_ERROR) return foundUser
+      return makeFailureOutcome(Codes.INVALID_CREDENTIALS)
+    }
+    const passwordsMatch = await bcrypt.compare(password, foundUser.payload.password)
+    if (!passwordsMatch) return makeFailureOutcome(Codes.INVALID_CREDENTIALS)
+    const userData = foundUser.payload
+    const userId = userData._id.toString()
+    const accessToken = await Jwt.generateAccessToken(userId, 0)
+    const refreshToken = await Jwt.generateRefreshToken(userId, 0)
+    if (!accessToken.success) return accessToken // [WIP] maybe wrap this into a less verbose error?
+    if (!refreshToken.success) return refreshToken // [WIP] maybe wrap this into a less verbose error?
+    Jwt.attachAccessTokenToRes(res, accessToken.payload)
+    Jwt.attachRefreshTokenToRes(res, refreshToken.payload)
+    return Outcome.makeSuccess({
+      _id: userId,
+      username: userData.username,
+      email: userData.email,
+      role: userData.role,
+      status: userData.status,
+      verified: userData.verified
+    })
+  }
+)

package/make-template/assets/express-api/src/api/auth/logout/index.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import * as Database from '../../../database'
+import { ROOT_USER_ID } from '../../../env'
+import { Codes, makeFailureOutcome } from '../../../errors'
+import { BaseUserModel } from '../../../schema/user'
+import { UserRevokedTokenModel } from '../../../schema/user-revoked-auth-token'
+import { makeEndpoint, nullValidator } from '../../utils'
+export const logout = makeEndpoint<{}, {}>(
+  /* Authentication */
+  async (_req, res) => {
+    // [WIP] this generic "user authed and exists" stuff will have to live elsewhere
+    const { accessTokenPayload, accessTokenSigned } = res.locals
+    if (accessTokenPayload === undefined) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'No access token provided')
+    const { userId, exp } = accessTokenPayload
+    const now = Date.now()
+    const tokenHasExpired = now >= exp * 1000
+    if (tokenHasExpired) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Access token has expired')
+    const foundRevokedToken = await Database.findOne(UserRevokedTokenModel, { value: accessTokenSigned }, { initiatorId: ROOT_USER_ID })
+    if (foundRevokedToken.success) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Access token has been revoked')
+    const foundUser = await Database.findOne(BaseUserModel, { _id: userId }, { initiatorId: ROOT_USER_ID })
+    if (!foundUser.success) return makeFailureOutcome(Codes.USER_DOES_NOT_EXIST, `Could not find a user with id ${userId}`)
+    return Outcome.makeSuccess(true)
+  },
+  /* Validation */
+  nullValidator,
+  /* Process */
+  async (_body, _req, res) => {
+    const { accessTokenSigned, refreshTokenSigned } = res.locals
+    const now = new Date()
+    const toRevoke = [accessTokenSigned, refreshTokenSigned]
+      .filter(token => token !== undefined)
+      .map(token => ({ value: token, revokedOn: now }))
+    if (toRevoke.length === 0) return Outcome.makeSuccess({})
+    const blacklisted = await Database.insertMany(
+      UserRevokedTokenModel,
+      toRevoke,
+      { initiatorId: ROOT_USER_ID }
+    )
+    if (!blacklisted.success) return blacklisted
+    return Outcome.makeSuccess({})
+  }
+)

package/make-template/assets/express-api/src/api/auth/refresh-token/index.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import jwt from 'jsonwebtoken'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import * as Database from '../../../database'
+import { JWT_SECRET, REFRESH_TOKEN_MAX_REFRESH_COUNT, ROOT_USER_ID } from '../../../env'
+import { Codes, makeFailureOutcome } from '../../../errors'
+import * as Jwt from '../../../jwt'
+import { BaseUserModel } from '../../../schema/user'
+import { makeEndpoint, nullValidator } from '../../utils'
+import { UserRevokedTokenModel } from '../../../schema/user-revoked-auth-token'
+export const refreshToken = makeEndpoint<{}, {}>(
+  /* Authentication */
+  async (req, res) => {
+    const refreshToken = req.cookies?.refreshToken
+    const tokenIsString = typeof refreshToken === 'string'
+    const foundRevokedToken = await Database.findOne(UserRevokedTokenModel, { value: refreshToken }, { initiatorId: ROOT_USER_ID })
+    if (foundRevokedToken.success) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Refresh token has been revoked')
+    if (!tokenIsString) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'No refresh token provided')
+    try {
+      const decoded = jwt.verify(refreshToken, JWT_SECRET)
+      if (!Jwt.isValidPayload(decoded)) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Malformed refresh token')
+      const { userId, exp, refreshCount } = decoded
+      const now = Math.floor(Date.now() / 1000)
+      const tokenHasExpired = now >= exp
+      if (tokenHasExpired) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Refresh token has expired')
+      if (refreshCount >= REFRESH_TOKEN_MAX_REFRESH_COUNT) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Refresh token has reached maximum refresh count')
+      const foundUser = await Database.findOne(BaseUserModel, { _id: userId }, { initiatorId: ROOT_USER_ID })
+      if (!foundUser.success) return makeFailureOutcome(Codes.USER_DOES_NOT_EXIST, `Could not find a user with id ${userId}`)
+      res.locals.refreshTokenSigned = refreshToken
+      res.locals.refreshTokenPayload = decoded
+    } catch (err) {
+      return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, `Bad refresh token: ${unknownToString(err)}`)
+    }
+    return Outcome.makeSuccess(true)
+  },
+  /* Request body validation (none) */
+  nullValidator,
+  /* Process request */
+  async (_body, _req, res) => {
+    if (res.locals.refreshTokenPayload === undefined) return makeFailureOutcome(Codes.USER_NOT_AUTHENTICATED, 'Refresh token has expired')
+    const { userId, refreshCount } = res.locals.refreshTokenPayload
+    const newAccessToken = await Jwt.generateAccessToken(userId, 0)
+    const newRefreshToken = await Jwt.generateRefreshToken(userId, refreshCount + 1)
+    if (!newAccessToken.success) return newAccessToken // [WIP] maybe wrap this into a less verbose error?
+    if (!newRefreshToken.success) return newRefreshToken // [WIP] maybe wrap this into a less verbose error?
+    Jwt.attachAccessTokenToRes(res, newAccessToken.payload)
+    Jwt.attachRefreshTokenToRes(res, newRefreshToken.payload)
+    return Outcome.makeSuccess({})
+  }
+)

package/make-template/assets/express-api/src/api/auth/request-email-verification-token/index.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import zod from 'zod'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { isNonNullObject } from '@design-edito/tools/agnostic/objects/is-object'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import * as Database from '../../../database'
+import { ROOT_USER_ID } from '../../../env'
+import { Codes, makeFailureOutcome } from '../../../errors'
+import { LocalUserModel } from '../../../schema/user'
+import { UserEmailValidationTokenModel } from '../../../schema/user-email-validation-token'
+import { makeEndpoint, nullAuthenticator } from '../../utils'
+import { createAndSendUserEmailValidationToken } from '../_utils'
+export type ExpectedBody = { email: string }
+export const requestEmailVerificationToken = makeEndpoint<ExpectedBody, {}>(
+  /* Auth */
+  nullAuthenticator,
+  /* Validation */
+  async req => {
+    const { body } = req
+    if (!isNonNullObject(body)) return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Must be an object')
+      const validationSchema = zod.object({ email: zod.string().email('Invalid email format') })
+      try {
+        const validated = validationSchema.parse(body)
+        return Outcome.makeSuccess(validated)
+      } catch (err) {
+        const errStr = unknownToString(err)
+        return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+      }
+  },
+  /* Process */
+  async body => {
+    const { email } = body
+    const userLookup = await Database.findOne(LocalUserModel, { email }, { initiatorId: ROOT_USER_ID })
+    if (!userLookup.success) return makeFailureOutcome(Codes.USER_EMAIL_DOES_NOT_EXIST, email)
+    const tokensDeletion = await Database.deleteMany(UserEmailValidationTokenModel, { email }, { initiatorId: ROOT_USER_ID })
+    if (!tokensDeletion.success) { /* [WIP] what do ? */ }
+    const userData = userLookup.payload
+    if (userData.verified === true) return makeFailureOutcome(Codes.USER_EMAIL_ALREADY_VERIFIED, email) // [WIP] maybe this discloses user data?
+    await createAndSendUserEmailValidationToken(email, userData.username)
+    return Outcome.makeSuccess({})
+  }
+)

package/make-template/assets/express-api/src/api/auth/request-new-password/index.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { randomUUID } from 'crypto'
+import zod from 'zod'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { isNonNullObject } from '@design-edito/tools/agnostic/objects/is-object'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import { Duration } from '@design-edito/tools/agnostic/time/duration'
+import * as Database from '../../../database'
+import * as Email from '../../../email'
+import { EMAILER_EMAIL, EMAILER_NAME, ROOT_USER_ID } from '../../../env'
+import { makeFailureOutcome, Codes } from '../../../errors'
+import { LocalUserModel } from '../../../schema/user'
+import { UserPasswordRenewalTokenModel } from '../../../schema/user-password-renewal-token'
+import { makeEndpoint, nullAuthenticator } from '../../utils'
+export type ExpectedBody = {
+  email: string
+}
+export const requestNewPassword = makeEndpoint<ExpectedBody, {}>(
+  /* Authentication */
+  nullAuthenticator,
+  /* Validation */
+  async req => {
+    const { body } = req
+    if (!isNonNullObject(body)) return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Must be an object')
+    const validationSchema = zod.object({ email: zod.string().email('Invalid email format') })
+    try {
+      const validated = validationSchema.parse(body)
+      return Outcome.makeSuccess(validated)
+    } catch (err) {
+      const errStr = unknownToString(err)
+      return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+    }
+  },
+  /* Process */
+  async body => {
+    const foundUser = await Database.findOne(LocalUserModel, { email: body.email }, { initiatorId: ROOT_USER_ID })
+    if (!foundUser.success) return makeFailureOutcome(Codes.USER_EMAIL_DOES_NOT_EXIST, body.email)
+    await Database.deleteMany(UserPasswordRenewalTokenModel, { email: body.email }, { initiatorId: ROOT_USER_ID })
+    const token = randomUUID()
+    const now = Date.now()
+    const tokenLifetimeMs = Duration.hours(1).toMilliseconds()
+    const expiresOn = new Date(now + tokenLifetimeMs)
+    const tokenSaved = await Database.insertOne(
+      UserPasswordRenewalTokenModel,
+      { value: token, email: body.email, expiresOn },
+      { initiatorId: ROOT_USER_ID }
+    )
+    if (!tokenSaved.success) return tokenSaved
+    const emailBody = Email.makeUserPasswordRenewalTokenBody(body.email, token)
+    await Email.send(
+      EMAILER_EMAIL,
+      EMAILER_NAME,
+      foundUser.payload.email,
+      foundUser.payload.username,
+      'New password request',
+      emailBody)
+    return Outcome.makeSuccess({})
+  }
+)

package/make-template/assets/express-api/src/api/auth/signup/index.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import bcrypt from 'bcrypt'
+import validator from 'validator'
+import zod from 'zod'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { isNonNullObject } from '@design-edito/tools/agnostic/objects/is-object'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import { Logs } from '@design-edito/tools/agnostic/misc/logs'
+import * as Database from '../../../database'
+import { ROOT_USER_ID } from '../../../env'
+import { Codes, makeFailureOutcome } from '../../../errors'
+import { BaseUserModel, LocalUserModel, GoogleUserModel, Role, Status } from '../../../schema/user'
+import { makeEndpoint, nullAuthenticator } from '../../utils'
+import { createAndSendUserEmailValidationToken } from '../_utils'
+export type ExpectedBody = {
+  username: string
+  email: string
+  password: string
+}
+export type SuccessResponse = {
+  _id: string
+  username: string
+  email: string
+  role: Role
+  status: Status
+  verified: boolean
+}
+export const signup = makeEndpoint<ExpectedBody, SuccessResponse>(
+  /* Authentication (none) */
+  nullAuthenticator,
+  /* Body validation */
+  async req => {
+    const { body } = req
+    if (!isNonNullObject(body)) return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Must be an object')
+    const validationSchema = zod.object({
+      username: zod.string()
+        .min(1)
+        .refine(input => validator.isSlug(input.toLowerCase()), {
+          message: 'Username must contain alphanumeric or non starting, trailing nor consecutive hyphens or underscores'
+        }),
+      email: zod.string().email('Invalid email format'),
+      password: zod.string().min(1, 'Password must be at least one character long')
+    })
+    try {
+      const validated = validationSchema.parse(body)
+      return Outcome.makeSuccess(validated)
+    } catch (err) {
+      const errStr = unknownToString(err)
+      return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+    }
+  },
+  /* Process request */
+  async body => {
+    const { username, email, password } = body
+    const rootQueryContext: Database.OperationContext = { initiatorId: ROOT_USER_ID }
+    const foundUsername = await Database.findOne(BaseUserModel, { username }, rootQueryContext)
+    if (foundUsername.success) return makeFailureOutcome(Codes.USERNAME_ALREADY_TAKEN, username)
+    const foundEmail = await Database.findOne(GoogleUserModel, { email }, rootQueryContext)
+    if (foundEmail.success) return makeFailureOutcome(Codes.EMAIL_ADDRESS_ALREADY_TAKEN, email)
+    const inserted = await Database.insertOne(
+      LocalUserModel,
+      {
+        username,
+        role: Role.USER,
+        status: Status.ACTIVE,
+        email,
+        password: await bcrypt.hash(password, 10),
+        verified: false
+      },
+      rootQueryContext
+    )
+    if (!inserted.success) return inserted
+    // Create validation token, store it, send email
+    const sent = await createAndSendUserEmailValidationToken(email, username)
+    const strippedUserData: SuccessResponse = {
+      _id: inserted.payload._id.toString(),
+      username: inserted.payload.username,
+      email: inserted.payload.email,
+      role: inserted.payload.role,
+      status: inserted.payload.status,
+      verified: inserted.payload.verified
+    }
+    if (sent.success) return Outcome.makeSuccess(strippedUserData)
+    else {
+      console.log(Logs.styles.error('Email not sent'))
+      console.log(Logs.styles.regular(unknownToString(sent.error)))
+      // [WIP] what do here ?
+      // send mail to admin ?
+      // Retry ?
+      // Send fallback mail to user something like "request a new token" ?
+      // Do nothing and try create and send token again when trying to login ?
+      return Outcome.makeSuccess(strippedUserData)
+    }
+  }
+)

package/make-template/assets/express-api/src/api/auth/submit-new-password/index.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import bcrypt from 'bcrypt'
+import zod from 'zod'
+import { isNonNullObject } from '@design-edito/tools/agnostic/objects/is-object'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import * as Database from '../../../database'
+import { ROOT_USER_ID } from '../../../env'
+import { makeFailureOutcome, Codes } from '../../../errors'
+import { LocalUserModel } from '../../../schema/user'
+import { UserPasswordRenewalTokenModel } from '../../../schema/user-password-renewal-token'
+import { makeEndpoint, nullAuthenticator } from '../../utils'
+export type ExpectedBody = {
+  email: string
+  token: string
+  password: string
+}
+export const submitNewPassword = makeEndpoint<ExpectedBody, {}>(
+  nullAuthenticator,
+  async req => {
+    const { body } = req
+    if (!isNonNullObject(body)) return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Must be an object')
+    const validationSchema = zod.object({
+      email: zod.string().email('Invalid email format'),
+      token: zod.string(),
+      password: zod.string().min(1, 'Password must be at least one character long')
+    })
+    try {
+      const validated = validationSchema.parse(body)
+      return Outcome.makeSuccess(validated)
+    } catch (err) {
+      const errStr = unknownToString(err)
+      return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+    }
+  },
+  async body => {
+    const deletedToken = await Database.deleteOne(
+      UserPasswordRenewalTokenModel,
+      { value: body.token, email: body.email, expiresOn: { $gte: Date.now() } },
+      { initiatorId: ROOT_USER_ID }
+    )
+    if (!deletedToken.success) return makeFailureOutcome(Codes.USER_PASSWORD_RENEWAL_TOKEN_DOES_NOT_EXIST, body.email, body.token)
+    const foundUser = await Database.findOne(
+      LocalUserModel,
+      { email: body.email },
+      { initiatorId: ROOT_USER_ID }
+    )
+    if (!foundUser.success) return makeFailureOutcome(Codes.USER_EMAIL_DOES_NOT_EXIST, body.email)
+    const updatedUser = await Database.updateOne(
+      LocalUserModel,
+      { _id: foundUser.payload._id },
+      { $set: { password: await bcrypt.hash(body.password, 10) } },
+      { initiatorId: ROOT_USER_ID }
+    )
+    if (!updatedUser.success) return updatedUser
+    return Outcome.makeSuccess({})
+  }
+)

package/make-template/assets/express-api/src/api/auth/verify-email/index.ts ADDED Viewed

@@ -0,0 +1,79 @@
+import zod from 'zod'
+import { Outcome } from '@design-edito/tools/agnostic/misc/outcome'
+import { isNonNullObject } from '@design-edito/tools/agnostic/objects/is-object'
+import { unknownToString } from '@design-edito/tools/agnostic/errors/unknown-to-string'
+import * as Database from '../../../database'
+import { ROOT_USER_ID } from '../../../env'
+import { Codes, makeFailureOutcome } from '../../../errors'
+import { UserEmailValidationTokenModel } from '../../../schema/user-email-validation-token'
+import { LocalUserModel, Role, Status } from '../../../schema/user'
+import { makeEndpoint, nullAuthenticator } from '../../utils'
+export type ExpectedBody = {
+  email: string
+  token: string
+}
+export type SuccessResponse = {
+  _id: string
+  username: string
+  email: string
+  role: Role
+  status: Status
+  verified: boolean
+}
+export const verifyEmail = makeEndpoint<ExpectedBody, SuccessResponse>(
+  /* Auth */
+  nullAuthenticator,
+  /* Validation */
+  async req => {
+    const { body } = req
+    if (!isNonNullObject(body)) return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, 'Must be an object')
+    const validationSchema = zod.object({
+      email: zod.string().email('Invalid email format'),
+      token: zod.string()
+    })
+    try {
+      const validated = validationSchema.parse(body)
+      return Outcome.makeSuccess(validated)
+    } catch (err) {
+      const errStr = unknownToString(err)
+      return makeFailureOutcome(Codes.INVALID_REQUEST_BODY, body, errStr)
+    }
+  },
+  /* Process */
+  async body => {
+    const { email, token } = body
+    if (token === undefined) return makeFailureOutcome(Codes.USER_EMAIL_VERIFICATION_TOKEN_NOT_PROVIDED)
+    const now = new Date()
+    const rootQueryContext = { initiatorId: ROOT_USER_ID }
+    const tokenDeletion = await Database.deleteOne(
+      UserEmailValidationTokenModel,
+      { email, value: token, expiresOn: { $gte: now } },
+      rootQueryContext
+    )
+    if (!tokenDeletion.success) return makeFailureOutcome(Codes.USER_EMAIL_VERIFICATION_TOKEN_DOES_NOT_EXIST)
+    const userUpdation = await Database.updateOne(
+      LocalUserModel,
+      { email },
+      { $set: { verified: true } },
+      rootQueryContext
+    )
+    if (!userUpdation.success) return makeFailureOutcome(
+      Codes.USER_EMAIL_VERIFICATION_PROCESS_FAILED,
+      userUpdation.error.message
+    )
+    const updatedUser = userUpdation.payload
+    return Outcome.makeSuccess({
+      _id: updatedUser._id.toString(),
+      username: updatedUser.username,
+      email: updatedUser.email,
+      role: updatedUser.role,
+      status: updatedUser.status,
+      verified: updatedUser.verified
+    })
+  }
+)