@rpcbase/server 0.73.0 → 0.76.0

package/admin/README.md

@@ -1 +1 @@
-admin middleware that exposes models, schemas etc
+admin middleware that exposes the local models, schemas etc

package/bin.js

@@ -6,13 +6,13 @@ require("dotenv").config({path: path.join(__dirname, "./.env")})
 const yargs = require("yargs/yargs")
 const {hideBin} = require("yargs/helpers")
 
+const pack = require("./package.json")
 const start_server_infrastructure = require("./cli/start_server_infrastructure")
 const build_server = require("./cli/build_server")
 const run_agent = require("./cli/run_agent")
 
 let is_command = false
 
-
 const args = yargs(hideBin(process.argv))
   .command("start", "runs server/infrastructure", () => {}, (args) => {
     is_command = true
@@ -22,12 +22,11 @@ const args = yargs(hideBin(process.argv))
     is_command = true
     run_agent()
   })
-  .command("build", "build server", () => {}, (args) => {
+  .command("build", "Build the server package", () => {}, (args) => {
     is_command = true
     build_server()
   })
   .option("verbose", {
-    alias: "v",
     type: "boolean",
     default: false,
     description: "Run with verbose logging"
@@ -38,6 +37,8 @@ if (!is_command) {
   console.log("server default com22mand")
 }
 
+
+// TODO: why was this needed
 // // add helpers to ensure proper process termination
 // const exit_clean = () => {
 //   process.exit()

package/express/dev_save_coverage.js

@@ -1,10 +1,10 @@
 /* @flow */
+// TODO: replace console debug
 
-const is_production = process.env.NODE_ENV === "production"
 
+const is_production = process.env.NODE_ENV === "production"
 
 module.exports = (app) => {
-
   app.post("/api/__dev_save_coverage", (req, res) => {
     console.log("sending coverage for", req.body.path_key)
     res.json(global.__coverage__)

package/express/index.js

@@ -3,9 +3,13 @@ const cors = require("cors")
 const express = require("express")
 const body_parser = require("body-parser")
 
+// functionality middlewares
+const auth = require("../src/auth")
+
 const dev_save_coverage = require("./dev_save_coverage")
 const session_middleware = require("./session_middleware")
 
+
 const is_production = process.env.IS_PRODUCTION === "yes"
 const {APP_DOMAIN, CLIENT_PORT} = process.env
 
@@ -57,6 +61,7 @@ module.exports = () => {
   app.get("/api/ping", (req, res) => res.json({message: "pong"}))
   app.post("/api/ping", (req, res) => res.json({message: "pong"}))
 
+  auth(app)
   dev_save_coverage(app)
 
   return app

package/express/session_middleware.js

@@ -58,9 +58,14 @@ setTimeout(async() => {
     store: new redis_store({client: redis_client}),
     proxy: true,
     saveUninitialized: false,
+    // WARNING
     // TODO: use session secret from env
     secret: "session secret wowow",
     resave: false,
+    cookie: {
+      // TODO: test this
+      maxAge: 1000 * 3600 * 24 * 100 // 100 days
+    }
   })
 
 // TODO: is this still necessary

package/index.js

@@ -1,12 +1,12 @@
 /* @flow */
-const client_router = require("./client/client_router")
 const database = require("./database")
 const express = require("./express")
-const rpc_router = require("./rpc/rpc_router")
+const client_router = require("./src/client/client_router")
+const rpc_router = require("./src/rpc/rpc_router")
 
 module.exports = {
-  client_router,
   database,
   express,
+  client_router,
   rpc_router,
 }

package/mailer/index.js

@@ -3,7 +3,8 @@ const postmark = require("postmark")
 
 const {POSTMARK_API_KEY, IS_PRODUCTION} = process.env
 
-const is_production = IS_PRODUCTION === "yes"
+const is_production = true //IS_PRODUCTION === "yes"
+console.warn("email sender forcing is production")
 
 let client
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rpcbase/server",
-  "version": "0.73.0",
+  "version": "0.76.0",
   "license": "SSPL-1.0",
   "main": "./index.js",
   "bin": {
@@ -11,6 +11,7 @@
   },
   "dependencies": {
     "@rpcbase/agent": "0.9.0",
+    "@rpcbase/std": "0.3.0",
     "body-parser": "1.20.0",
     "connect-redis": "6.1.3",
     "cors": "2.8.5",

package/src/auth/check_session.js

@@ -0,0 +1,15 @@
+/* @flow */
+
+const check_session = async(payload, ctx) => {
+  const {req} = ctx
+  // console.log("session check", req.session)
+
+  const is_signed_in = !!req.session.user_id
+  return {
+    status: "ok",
+    is_signed_in,
+    user_id: req.session.user_id,
+  }
+}
+
+module.exports = check_session

package/src/auth/forgot_password_email.html

@@ -0,0 +1,515 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="x-apple-disable-message-reformatting" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="color-scheme" content="light dark" />
+    <meta name="supported-color-schemes" content="light dark" />
+    <title></title>
+    <style type="text/css" rel="stylesheet" media="all">
+    /* Base ------------------------------ */
+
+    @import url("https://fonts.googleapis.com/css?family=Nunito+Sans:400,700&display=swap");
+    body {
+      width: 100% !important;
+      height: 100%;
+      margin: 0;
+      -webkit-text-size-adjust: none;
+    }
+
+    a {
+      color: #3869D4;
+    }
+
+    a img {
+      border: none;
+    }
+
+    td {
+      word-break: break-word;
+    }
+
+    .preheader {
+      display: none !important;
+      visibility: hidden;
+      mso-hide: all;
+      font-size: 1px;
+      line-height: 1px;
+      max-height: 0;
+      max-width: 0;
+      opacity: 0;
+      overflow: hidden;
+    }
+    /* Type ------------------------------ */
+
+    body,
+    td,
+    th {
+      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
+    }
+
+    h1 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 22px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    h2 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 16px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    h3 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 14px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    td,
+    th {
+      font-size: 16px;
+    }
+
+    p,
+    ul,
+    ol,
+    blockquote {
+      margin: .4em 0 1.1875em;
+      font-size: 16px;
+      line-height: 1.625;
+    }
+
+    p.sub {
+      font-size: 13px;
+    }
+    /* Utilities ------------------------------ */
+
+    .align-right {
+      text-align: right;
+    }
+
+    .align-left {
+      text-align: left;
+    }
+
+    .align-center {
+      text-align: center;
+    }
+    /* Buttons ------------------------------ */
+
+    .button {
+      background-color: #3869D4;
+      border-top: 10px solid #3869D4;
+      border-right: 18px solid #3869D4;
+      border-bottom: 10px solid #3869D4;
+      border-left: 18px solid #3869D4;
+      display: inline-block;
+      color: #FFF;
+      text-decoration: none;
+      border-radius: 3px;
+      box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16);
+      -webkit-text-size-adjust: none;
+      box-sizing: border-box;
+    }
+
+    .button--green {
+      background-color: #22BC66;
+      border-top: 10px solid #22BC66;
+      border-right: 18px solid #22BC66;
+      border-bottom: 10px solid #22BC66;
+      border-left: 18px solid #22BC66;
+    }
+
+    .button--red {
+      background-color: #FF6136;
+      border-top: 10px solid #FF6136;
+      border-right: 18px solid #FF6136;
+      border-bottom: 10px solid #FF6136;
+      border-left: 18px solid #FF6136;
+    }
+
+    @media only screen and (max-width: 500px) {
+      .button {
+        width: 100% !important;
+        text-align: center !important;
+      }
+    }
+    /* Attribute list ------------------------------ */
+
+    .attributes {
+      margin: 0 0 21px;
+    }
+
+    .attributes_content {
+      background-color: #F4F4F7;
+      padding: 16px;
+    }
+
+    .attributes_item {
+      padding: 0;
+    }
+    /* Related Items ------------------------------ */
+
+    .related {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .related_item {
+      padding: 10px 0;
+      color: #CBCCCF;
+      font-size: 15px;
+      line-height: 18px;
+    }
+
+    .related_item-title {
+      display: block;
+      margin: .5em 0 0;
+    }
+
+    .related_item-thumb {
+      display: block;
+      padding-bottom: 10px;
+    }
+
+    .related_heading {
+      border-top: 1px solid #CBCCCF;
+      text-align: center;
+      padding: 25px 0 10px;
+    }
+    /* Discount Code ------------------------------ */
+
+    .discount {
+      width: 100%;
+      margin: 0;
+      padding: 24px;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F4F4F7;
+      border: 2px dashed #CBCCCF;
+    }
+
+    .discount_heading {
+      text-align: center;
+    }
+
+    .discount_body {
+      text-align: center;
+      font-size: 15px;
+    }
+    /* Social Icons ------------------------------ */
+
+    .social {
+      width: auto;
+    }
+
+    .social td {
+      padding: 0;
+      width: auto;
+    }
+
+    .social_icon {
+      height: 20px;
+      margin: 0 8px 10px 8px;
+      padding: 0;
+    }
+    /* Data table ------------------------------ */
+
+    .purchase {
+      width: 100%;
+      margin: 0;
+      padding: 35px 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .purchase_content {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .purchase_item {
+      padding: 10px 0;
+      color: #51545E;
+      font-size: 15px;
+      line-height: 18px;
+    }
+
+    .purchase_heading {
+      padding-bottom: 8px;
+      border-bottom: 1px solid #EAEAEC;
+    }
+
+    .purchase_heading p {
+      margin: 0;
+      color: #85878E;
+      font-size: 12px;
+    }
+
+    .purchase_footer {
+      padding-top: 15px;
+      border-top: 1px solid #EAEAEC;
+    }
+
+    .purchase_total {
+      margin: 0;
+      text-align: right;
+      font-weight: bold;
+      color: #333333;
+    }
+
+    .purchase_total--label {
+      padding: 0 15px 0 0;
+    }
+
+    body {
+      background-color: #F4F4F7;
+      color: #51545E;
+    }
+
+    p {
+      color: #51545E;
+    }
+
+    p.sub {
+      color: #6B6E76;
+    }
+
+    .email-wrapper {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F4F4F7;
+    }
+
+    .email-content {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    /* Masthead ----------------------- */
+
+    .email-masthead {
+      padding: 25px 0;
+      text-align: center;
+    }
+
+    .email-masthead_logo {
+      width: 94px;
+    }
+
+    .email-masthead_name {
+      font-size: 16px;
+      font-weight: bold;
+      color: #A8AAAF;
+      text-decoration: none;
+      text-shadow: 0 1px 0 white;
+    }
+    /* Body ------------------------------ */
+
+    .email-body {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #FFFFFF;
+    }
+
+    .email-body_inner {
+      width: 570px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 570px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #FFFFFF;
+    }
+
+    .email-footer {
+      width: 570px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 570px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+
+    .email-footer p {
+      color: #6B6E76;
+    }
+
+    .body-action {
+      width: 100%;
+      margin: 30px auto;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+
+    .body-sub {
+      margin-top: 25px;
+      padding-top: 25px;
+      border-top: 1px solid #EAEAEC;
+    }
+
+    .content-cell {
+      padding: 35px;
+    }
+    /*Media Queries ------------------------------ */
+
+    @media only screen and (max-width: 600px) {
+      .email-body_inner,
+      .email-footer {
+        width: 100% !important;
+      }
+    }
+
+    @media (prefers-color-scheme: dark) {
+      body,
+      .email-body,
+      .email-body_inner,
+      .email-content,
+      .email-wrapper,
+      .email-masthead,
+      .email-footer {
+        background-color: #333333 !important;
+        color: #FFF !important;
+      }
+      p,
+      ul,
+      ol,
+      blockquote,
+      h1,
+      h2,
+      h3,
+      span,
+      .purchase_item {
+        color: #FFF !important;
+      }
+      .attributes_content,
+      .discount {
+        background-color: #222 !important;
+      }
+      .email-masthead_name {
+        text-shadow: none !important;
+      }
+    }
+
+    :root {
+      color-scheme: light dark;
+      supported-color-schemes: light dark;
+    }
+    </style>
+    <!--[if mso]>
+    <style type="text/css">
+      .f-fallback  {
+        font-family: Arial, sans-serif;
+      }
+    </style>
+  <![endif]-->
+  </head>
+  <body>
+    <span class="preheader">Your password reset link is ready</span>
+    <table class="email-wrapper" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+      <tr>
+        <td align="center">
+          <table class="email-content" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+            <tr>
+              <td class="email-masthead">
+                <a href="https://example.com" class="f-fallback email-masthead_name">
+                [Product Name]
+              </a>
+              </td>
+            </tr>
+            <!-- Email Body -->
+            <tr>
+              <td class="email-body" width="100%" cellpadding="0" cellspacing="0">
+                <table class="email-body_inner" align="center" width="570" cellpadding="0" cellspacing="0" role="presentation">
+                  <!-- Body content -->
+                  <tr>
+                    <td class="content-cell">
+                      <div class="f-fallback">
+                        <h1>Your password reset link</h1>
+                        <p>The password reset link you have requested is ready. If you did not request a password reset, ignore this email.</p>
+                        <!-- Action -->
+                        <table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+                          <tr>
+                            <td align="center">
+                              <!-- Border based button
+           https://litmus.com/blog/a-guide-to-bulletproof-buttons-in-email-design -->
+                              <table width="100%" border="0" cellspacing="0" cellpadding="0" role="presentation">
+                                <tr>
+                                  <td align="center">
+                                    <a href="<%= reset_url %>" class="f-fallback button" target="_blank">Reset My Password</a>
+                                  </td>
+                                </tr>
+                              </table>
+                            </td>
+                          </tr>
+                        </table>
+
+                        <table class="body-sub" role="presentation">
+                          <tr>
+                            <td>
+                              <p class="f-fallback sub">If you’re having trouble with the button above, copy and paste the URL below into your web browser.</p>
+                              <p class="f-fallback sub"><%= reset_url %></p>
+                            </td>
+                          </tr>
+                        </table>
+                      </div>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+            <tr>
+              <td>
+                <table class="email-footer" align="center" width="570" cellpadding="0" cellspacing="0" role="presentation">
+                  <tr>
+                    <td class="content-cell" align="center">
+                      <p class="f-fallback sub align-center">&copy; 2022 [Product Name]. All rights reserved.</p>
+                      <p class="f-fallback sub align-center">
+                        [Company Name, LLC]
+                        <br>1234 Street Rd.
+                        <br>Suite 1234
+                      </p>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </body>
+</html>

package/src/auth/index.js

@@ -0,0 +1,50 @@
+/* @flow */
+const async_wrapper = require("../helpers/async_wrapper")
+
+const sign_up = require("./sign_up")
+const sign_in = require("./sign_in")
+const sign_out = require("./sign_out")
+const reset_password = require("./reset_password")
+const set_new_password = require("./set_new_password")
+const check_session = require("./check_session")
+
+const sign_up_handler = async(req, res) => {
+  const result = await sign_up(req.body, {req})
+  res.json(result)
+}
+
+const sign_in_handler = async(req, res) => {
+  const result = await sign_in(req.body, {req})
+  res.json(result)
+}
+
+const sign_out_handler = async(req, res) => {
+  const result = await sign_out(req.body, {req})
+  res.json(result)
+}
+
+const reset_password_handler = async(req, res) => {
+  const result = await reset_password(req.body, {req})
+  res.json(result)
+}
+
+const set_new_password_handler = async(req, res) => {
+  const result = await set_new_password(req.body, {req})
+  res.json(result)
+}
+
+const check_session_handler = async(req, res) => {
+  const result = await check_session(req.body, {req})
+  res.json(result)
+}
+
+module.exports = (app) => {
+  app.post("/api/v1/auth/sign_up", async_wrapper(sign_up_handler))
+  app.post("/api/v1/auth/sign_in", async_wrapper(sign_in_handler))
+  app.post("/api/v1/auth/sign_out", async_wrapper(sign_out_handler))
+
+  app.post("/api/v1/auth/reset_password", async_wrapper(reset_password_handler))
+  app.post("/api/v1/auth/set_new_password", async_wrapper(set_new_password_handler))
+
+  app.post("/api/v1/auth/check_session", async_wrapper(check_session_handler))
+}

package/src/auth/reset_password.js

@@ -0,0 +1,70 @@
+/* @flow */
+const _template = require("lodash/template")
+const fs = require("fs")
+const path = require("path")
+const isEmail = require("validator/lib/isEmail")
+
+const {hash_password, compare_hash} = require("@rpcbase/std/crypto/hash")
+const get_random_str = require("@rpcbase/std/crypto/get_random_str")
+
+const mailer = require("../../mailer")
+const mongoose = require("../../mongoose")
+const ResetPasswordToken = require("../models/ResetPasswordToken")
+
+
+const {APP_DOMAIN} = process.env
+
+const email_tpl = _template(
+  fs.readFileSync(path.join(__dirname, "./forgot_password_email.html"), "utf8")
+)
+
+
+const reset_password = async({email}, ctx) => {
+  const User = mongoose.model("User")
+
+  if (!isEmail(email)) {
+    throw new Error("reset_password:: invalid email")
+  }
+
+  const user = await User.findOne({email}, null, {ctx})
+
+  if (!user) {
+    // TODO: add random delay to prevent detecting if account exists based on response time
+    return {status: "ok"}
+  }
+
+  const token = get_random_str(32)
+  const token_hash = await hash_password(token)
+
+  console.log("WOWOOWOWOW", await compare_hash(token, token_hash))
+
+  console.log("token", token)
+  console.log("token_hash", token_hash)
+
+  const reset_token = new ResetPasswordToken({
+    user_id: user._id,
+    token_hash,
+  })
+
+  await reset_token.save()
+
+  const reset_url = `https://${APP_DOMAIN}/set-new-password?id=${user._id}&token=${token}`
+
+  const res = await mailer.sendEmail({
+    From: "hello@commit-queue.com",
+    To: user.email,
+    Subject: "Your password reset link",
+    HtmlBody: email_tpl({
+      reset_url,
+    }),
+  })
+
+  // cleanup if email wasn't sent
+  if (res.Message !== "OK") {
+    await reset_token.delete()
+  }
+
+  return {status: "ok"}
+}
+
+module.exports = reset_password

package/src/auth/set_new_password.js

@@ -0,0 +1,63 @@
+/* @flow */
+const _template = require("lodash/template")
+const fs = require("fs")
+const path = require("path")
+const isEmail = require("validator/lib/isEmail")
+
+const {hash_password, compare_hash} = require("@rpcbase/std/crypto/hash")
+const get_random_str = require("@rpcbase/std/crypto/get_random_str")
+
+const mailer = require("../../mailer")
+const mongoose = require("../../mongoose")
+const ResetPasswordToken = require("../models/ResetPasswordToken")
+
+const {APP_DOMAIN} = process.env
+
+const email_tpl = _template(
+  fs.readFileSync(path.join(__dirname, "./set_new_password_email.html"), "utf8")
+)
+
+const set_new_password = async({user_id, token, password}, ctx) => {
+  const User = mongoose.model("User")
+
+  const reset_tokens = await ResetPasswordToken.find({user_id})
+    .limit(100)
+
+  if (reset_tokens.length === 0) {
+    return {
+      message: "Unable to validate reset token, please try again in a moment"
+    }
+  }
+
+  let is_match = false
+
+  for (let i = 0; i < reset_tokens.length; i++) {
+    const op = await compare_hash(token, reset_tokens[i].token_hash)
+    if (op) {
+      is_match = true
+      break
+    }
+  }
+
+  if (!is_match) {
+    return {
+      message: "Invalid or expired token, please try again in a moment"
+    }
+  }
+
+  // token is valid, update the user password
+  const user = await User.findOne({_id: user_id}, null, {ctx})
+  const hashed_password = await hash_password(password)
+  user.password_hash = hashed_password
+
+  await user.save()
+
+  // WARNING:
+  // TODO: important! notify the user that their password has been reset
+
+  return {
+    status: "ok"
+  }
+}
+
+module.exports = set_new_password

package/src/auth/set_new_password_email.html

@@ -0,0 +1,3 @@
+todo: implement notification email
+
+your password has been reset

package/src/auth/sign_in.js

@@ -0,0 +1,40 @@
+/* @flow */
+const {compare_hash} = require("@rpcbase/std/crypto/hash")
+
+const mongoose = require("../../mongoose")
+
+const fail = () => ({
+  errors: {form: "Invalid email or password"}
+})
+
+const sign_in = async({email, password}, ctx) => {
+  const User = mongoose.model("User")
+
+  const {req} = ctx
+
+  // find the matching user
+  // TODO: document ctx param
+  // const user = await User.findOne({email}, null, {ctx})
+  const user = await User.findOne({email}, null)
+
+
+  if (!user) {
+    return fail()
+  }
+
+  const hashed_pass = user.password_hash
+
+  const is_match = await compare_hash(password, hashed_pass)
+
+  if (is_match) {
+    req.session.user_id = user._id.toString()
+    await req.session.save()
+    return {
+      status: "ok"
+    }
+  } else {
+    return fail()
+  }
+}
+
+module.exports = sign_in

package/src/auth/sign_out.js

@@ -0,0 +1,11 @@
+/* @flow */
+
+const sign_out = async(payload, ctx) => {
+  const {req} = ctx
+  await req.session.destroy()
+  return {
+    status: "ok"
+  }
+}
+
+module.exports = sign_out

package/src/auth/sign_up.js

@@ -0,0 +1,57 @@
+/* @flow */
+const {hash_password} = require("@rpcbase/std/crypto/hash")
+
+const mongoose = require("../../mongoose")
+
+const sign_up = async({email, password}, ctx) => {
+  const User = mongoose.model("User")
+  const Invite = mongoose.model("Invite")
+
+  const {req} = ctx
+
+  // check if the user already exists
+  const existing_user = await User.findOne({email}, null, {ctx})
+
+  if (existing_user) {
+    return {
+      status: "error",
+      message: "User already exists"
+    }
+  }
+
+  // check if we have an invite for this user
+  const invite = await Invite.findOne({email}, null, {ctx})
+  if (invite && !invite.is_ready) {
+    console.log("found an invite, but not ready", email)
+    return {
+      status: "error",
+      message: "Your invite is still pending approval. Expect an email in the next weeks to activate your account."
+    }
+  } else if (!invite) {
+    console.log("no invite for signup email:", email)
+    return {
+      status: "error",
+      message: "No valid invite was found for this email"
+    }
+  }
+
+  const hash = await hash_password(password)
+
+  const user = new User({
+    email,
+    password_hash: hash
+  })
+
+  // sign the user in
+  req.session.user_id = user._id.toString()
+
+  await req.session.save()
+  await user.save({ctx})
+
+  return {
+    status: "ok",
+    user_id: user._id
+  }
+}
+
+module.exports = sign_up

package/src/client/README.md

@@ -0,0 +1,2 @@
+client router serves the client from the server
+in production the client could be served from the CDN, but the server is also suitable

package/{client → src/client}/client_router.js

@@ -3,6 +3,8 @@ const fs = require("fs")
 const path = require("path")
 const glob = require("glob")
 
+const async_wrapper = require("../helpers/async_wrapper")
+
 const src_path = path.join(process.cwd(), "./src/")
 const build_dir = path.join(process.cwd(), "build/")
 const client_build_dir = path.join(build_dir, "./client")
@@ -10,11 +12,6 @@ const client_build_dir = path.join(build_dir, "./client")
 
 // TODO: add build time static assets compression
 
-const async_wrapper = fn => (req, res, next) => {
-  Promise.resolve(fn(req, res, next))
-    .catch(next)
-}
-
 const get_client_routes = () => {
   const client_files = glob.sync(path.join(client_build_dir, "./**/*"))
   const routes = client_files

package/src/helpers/async_wrapper.js

@@ -0,0 +1,8 @@
+/* @flow */
+
+const async_wrapper = fn => (req, res, next) => {
+  Promise.resolve(fn(req, res, next))
+    .catch(next)
+}
+
+module.exports = async_wrapper

package/src/models/ResetPasswordToken.js

@@ -0,0 +1,14 @@
+/* @flow */
+const mongoose = require("../../mongoose")
+
+const ResetPasswordToken = mongoose.model("ResetPasswordToken", {
+  user_id: String,
+  token_hash: String,
+  created_at: {
+    type: Date,
+    expires: 360, // 6min
+    default: Date.now,
+  }
+})
+
+module.exports = ResetPasswordToken

package/{rpc → src/rpc}/rpc_router.js

@@ -4,16 +4,12 @@ const path = require("path")
 const glob = require("glob")
 const debug = require("debug")
 
+const async_wrapper = require("../helpers/async_wrapper")
+
 const src_path = path.join(process.cwd(), "./src/")
 const build_dir = path.join(process.cwd(), "build/")
 
 
-const async_wrapper = fn => (req, res, next) => {
-  Promise.resolve(fn(req, res, next))
-    .catch(next)
-}
-
-
 const rpc_router = (app) => {
   const rpc_routes = glob.sync(path.join(build_dir, "./rpc/*"))
 

package/crypto/index.js

@@ -1,45 +0,0 @@
-/* @flow */
-const crypto = require("crypto")
-
-const ALGORITHM = "aes-256-cbc"
-const {CRYPTO_SECRET} = process.env
-
-if (!CRYPTO_SECRET || CRYPTO_SECRET === "") {
-  throw new Error("CRYPTO_SECRET not found in env")
-}
-
-const key = crypto.createHash("sha256")
-  .update(String(CRYPTO_SECRET))
-  .digest()
-
-
-const encrypt = (text) => {
-  const iv = crypto.randomBytes(16)
-  const cipher = crypto.createCipheriv(ALGORITHM, key, iv)
-
-  const encrypted = Buffer.concat([
-    cipher.update(text),
-    cipher.final()
-  ])
-
-  return {
-    iv: iv.toString("hex"),
-    content: encrypted.toString("hex")
-  }
-}
-
-const decrypt = (hash) => {
-  const decipher = crypto.createDecipheriv(
-    ALGORITHM, key, Buffer.from(hash.iv, "hex")
-  )
-
-  const decrpyted = Buffer.concat([
-    decipher.update(Buffer.from(hash.content, "hex")),
-    decipher.final(),
-  ])
-
-  return decrpyted.toString()
-}
-
-
-module.exports = {encrypt, decrypt}