@skillstew/common 1.0.0 → 1.0.1

package/package.json

@@ -1,10 +1,16 @@
 {
   "name": "@skillstew/common",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "main": "index.js",
   "scripts": {},
   "keywords": [],
   "author": "",
   "license": "ISC",
-  "description": ""
+  "description": "",
+  "dependencies": {
+    "@types/express": "^5.0.3",
+    "@types/jsonwebtoken": "^9.0.10",
+    "express": "^5.1.0",
+    "jsonwebtoken": "^9.0.2"
+  }
 }

package/src/errors/AppError.ts

@@ -0,0 +1,20 @@
+export abstract class AppError extends Error {
+  public readonly name: string;
+  constructor(
+    public readonly message: string,
+    public readonly code: string,
+    public readonly context?: Record<string, unknown>,
+  ) {
+    super(message);
+    this.name = this.constructor.name;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+
+  abstract toJSON(): object;
+}
+
+export abstract class DomainError extends AppError {}
+
+export abstract class InfrastructureError extends AppError {}
+
+export abstract class ApplicationError extends AppError {}

package/src/errors/JwtErrors.ts

@@ -0,0 +1,47 @@
+import { InfrastructureError } from "./AppError";
+import { JwtErrorCodes } from "./codes/JwtErrorCodes";
+
+export class JwtError extends InfrastructureError {
+  constructor(code: keyof typeof JwtErrorCodes) {
+    super(JwtErrorCodes[code], code);
+  }
+  toJSON(): object {
+    return { error: this.name, message: this.message, code: this.code };
+  }
+}
+
+export class EmailVerificationJwtVerifyError extends JwtError {
+  constructor() {
+    super("EMAIL_VERIFICATION_JWT_VERIFY_ERROR");
+  }
+}
+
+export class RefreshTokenVerifyError extends JwtError {
+  constructor() {
+    super("REFRESH_TOKEN_VERIFY_ERROR");
+  }
+}
+
+export class AccessTokenVerifyError extends JwtError {
+  constructor() {
+    super("ACCESS_TOKEN_VERIFY_ERROR");
+  }
+}
+
+export class InvalidTokenError extends JwtError {
+  constructor() {
+    super("INVALID_TOKEN_ERROR");
+  }
+}
+
+export class InvalidTokenRoleError extends JwtError {
+  constructor() {
+    super("INVALID_TOKEN_ROLE_ERROR");
+  }
+}
+
+export class TokenRoleMismatchError extends JwtError {
+  constructor() {
+    super("TOKEN_ROLE_MISMATCH_ERROR");
+  }
+}

package/src/errors/UnauthenticatedError.ts

@@ -0,0 +1,10 @@
+import { ApplicationError } from "./AppError";
+
+export class UnauthenticatedError extends ApplicationError {
+  constructor() {
+    super("Unauthenticated", "USER_UNAUTHENTICATED");
+  }
+  toJSON(): object {
+    return { name: this.name, message: this.message };
+  }
+}

package/src/errors/codes/JwtErrorCodes.ts

@@ -0,0 +1,8 @@
+export enum JwtErrorCodes {
+  EMAIL_VERIFICATION_JWT_VERIFY_ERROR = "Invalid email verification jwt",
+  REFRESH_TOKEN_VERIFY_ERROR = "Invalid refresh token",
+  ACCESS_TOKEN_VERIFY_ERROR = "Invalid access token",
+  INVALID_TOKEN_ERROR = "Invalid token",
+  INVALID_TOKEN_ROLE_ERROR = "Invalid role identifier",
+  TOKEN_ROLE_MISMATCH_ERROR = "Role mismatch between payload and header",
+}

package/src/jwt-utils/JwtHelper.ts

@@ -0,0 +1,74 @@
+import jwt, { JwtHeader } from "jsonwebtoken";
+import { UserRoles } from "../types/UserRoles";
+import {
+  AccessTokenVerifyError,
+  InvalidTokenError,
+  InvalidTokenRoleError,
+  TokenRoleMismatchError,
+} from "../errors/JwtErrors";
+
+function isUserRole(role: string): role is UserRoles {
+  return ["ADMIN", "EXPERT", "USER"].includes(role);
+}
+
+export type tokenBody =
+  | {
+      userId: string;
+      email: string;
+      role: Exclude<UserRoles, "ADMIN">;
+    }
+  | {
+      userId: string;
+      username: string;
+      role: "ADMIN";
+    };
+
+export type JWTPayload = tokenBody & {
+  iat: number;
+  exp: number;
+};
+
+export class JwtHelper {
+  private _AccessSecrets: Record<UserRoles, string>;
+  constructor({
+    userAccessTokenSecret,
+    expertAccessTokenSecret,
+    adminAccessTokenSecret,
+  }: {
+    userAccessTokenSecret: string;
+    expertAccessTokenSecret: string;
+    adminAccessTokenSecret: string;
+  }) {
+    this._AccessSecrets = {
+      USER: userAccessTokenSecret,
+      ADMIN: adminAccessTokenSecret,
+      EXPERT: expertAccessTokenSecret,
+    };
+  }
+
+  verifyAccessToken = (jwtToken: string) => {
+    const decoded = jwt.decode(jwtToken, { complete: true }) as any;
+    if (!decoded || !decoded.header) {
+      throw new InvalidTokenError();
+    }
+
+    const header = decoded.header as JwtHeader & { kid?: string };
+    const role = header.kid as UserRoles | undefined;
+
+    if (!role || !isUserRole(role)) {
+      throw new InvalidTokenRoleError();
+    }
+    let payload: JWTPayload;
+    try {
+      payload = <JWTPayload>jwt.verify(jwtToken, this._AccessSecrets[role]);
+    } catch (err) {
+      throw new AccessTokenVerifyError();
+    }
+
+    if (!(role === payload.role)) {
+      throw new TokenRoleMismatchError();
+    }
+
+    return payload;
+  };
+}

package/src/middlewares/authMiddleware.ts

@@ -0,0 +1,39 @@
+import { RequestHandler } from "express";
+import { UnauthenticatedError } from "../errors/UnauthenticatedError";
+import { JwtHelper } from "../jwt-utils/JwtHelper";
+
+export class AuthMiddleware {
+  private _jwtHelper: JwtHelper;
+
+  constructor(
+    userAccessTokenSecret: string,
+    expertAccessTokenSecret: string,
+    adminAccessTokenSecret: string,
+  ) {
+    this._jwtHelper = new JwtHelper({
+      userAccessTokenSecret,
+      expertAccessTokenSecret,
+      adminAccessTokenSecret,
+    });
+  }
+
+  verify: RequestHandler = (req, _res, next) => {
+    try {
+      const token = req.headers["authorization"]?.split(" ")[1];
+      if (!token) {
+        throw new UnauthenticatedError();
+      }
+      const payload = this._jwtHelper.verifyAccessToken(token);
+      req.user = {
+        id: payload.userId,
+        ...(payload.role === "ADMIN"
+          ? { userame: payload.username }
+          : { email: payload.email }),
+        role: payload.role,
+      };
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+}

package/src/types/UserRoles.ts

@@ -0,0 +1,2 @@
+export const USER_ROLES = ["USER", "EXPERT", "ADMIN"] as const;
+export type UserRoles = (typeof USER_ROLES)[number];

package/src/types/express/index.d.ts

@@ -0,0 +1,16 @@
+import { RequestUser } from "../../3-presentation/types/RequestType";
+import { UserRoles } from "../../0-domain/entities/UserRoles";
+
+export interface RequestUser {
+  id: string | number;
+  email: string;
+  role: UserRoles;
+}
+
+declare global {
+  namespace Express {
+    interface Request {
+      user: RequestUser;
+    }
+  }
+}

package/tsconfig.json

@@ -11,7 +11,7 @@
     // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
 
     /* Language and Environment */
-    "target": "es2016",                                  /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
+    "target": "es2016" /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */,
     // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
     // "jsx": "preserve",                                /* Specify what JSX code is generated. */
     // "libReplacement": true,                           /* Enable lib replacement. */
@@ -26,13 +26,15 @@
     // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
 
     /* Modules */
-    "module": "commonjs",                                /* Specify what module code is generated. */
+    "module": "commonjs" /* Specify what module code is generated. */,
     // "rootDir": "./",                                  /* Specify the root folder within your source files. */
     // "moduleResolution": "node10",                     /* Specify how TypeScript looks up a file from a given module specifier. */
     // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
     // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
     // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
-    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    "typeRoots": [
+      "./src/types"
+    ] /* Specify multiple folders that act like './node_modules/@types'. */,
     // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
     // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
     // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
@@ -80,12 +82,12 @@
     // "isolatedDeclarations": true,                     /* Require sufficient annotation on exports so other tools can trivially generate declaration files. */
     // "erasableSyntaxOnly": true,                       /* Do not allow runtime constructs that are not part of ECMAScript. */
     // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
-    "esModuleInterop": true,                             /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
+    "esModuleInterop": true /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */,
     // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
-    "forceConsistentCasingInFileNames": true,            /* Ensure that casing is correct in imports. */
+    "forceConsistentCasingInFileNames": true /* Ensure that casing is correct in imports. */,
 
     /* Type Checking */
-    "strict": true,                                      /* Enable all strict type-checking options. */
+    "strict": true /* Enable all strict type-checking options. */,
     // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
     // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
     // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
@@ -108,6 +110,6 @@
 
     /* Completeness */
     // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
-    "skipLibCheck": true                                 /* Skip type checking all .d.ts files. */
+    "skipLibCheck": true /* Skip type checking all .d.ts files. */
   }
 }