@skillstew/common 1.0.0 → 1.0.2

package/build/errors/AppError.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApplicationError = exports.InfrastructureError = exports.DomainError = exports.AppError = void 0;
+class AppError extends Error {
+    constructor(message, code, context) {
+        super(message);
+        this.message = message;
+        this.code = code;
+        this.context = context;
+        this.name = this.constructor.name;
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.AppError = AppError;
+class DomainError extends AppError {
+}
+exports.DomainError = DomainError;
+class InfrastructureError extends AppError {
+}
+exports.InfrastructureError = InfrastructureError;
+class ApplicationError extends AppError {
+}
+exports.ApplicationError = ApplicationError;

package/build/errors/JwtErrors.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenRoleMismatchError = exports.InvalidTokenRoleError = exports.InvalidTokenError = exports.AccessTokenVerifyError = exports.RefreshTokenVerifyError = exports.EmailVerificationJwtVerifyError = exports.JwtError = void 0;
+const AppError_1 = require("./AppError");
+const JwtErrorCodes_1 = require("./codes/JwtErrorCodes");
+class JwtError extends AppError_1.InfrastructureError {
+    constructor(code) {
+        super(JwtErrorCodes_1.JwtErrorCodes[code], code);
+    }
+    toJSON() {
+        return { error: this.name, message: this.message, code: this.code };
+    }
+}
+exports.JwtError = JwtError;
+class EmailVerificationJwtVerifyError extends JwtError {
+    constructor() {
+        super("EMAIL_VERIFICATION_JWT_VERIFY_ERROR");
+    }
+}
+exports.EmailVerificationJwtVerifyError = EmailVerificationJwtVerifyError;
+class RefreshTokenVerifyError extends JwtError {
+    constructor() {
+        super("REFRESH_TOKEN_VERIFY_ERROR");
+    }
+}
+exports.RefreshTokenVerifyError = RefreshTokenVerifyError;
+class AccessTokenVerifyError extends JwtError {
+    constructor() {
+        super("ACCESS_TOKEN_VERIFY_ERROR");
+    }
+}
+exports.AccessTokenVerifyError = AccessTokenVerifyError;
+class InvalidTokenError extends JwtError {
+    constructor() {
+        super("INVALID_TOKEN_ERROR");
+    }
+}
+exports.InvalidTokenError = InvalidTokenError;
+class InvalidTokenRoleError extends JwtError {
+    constructor() {
+        super("INVALID_TOKEN_ROLE_ERROR");
+    }
+}
+exports.InvalidTokenRoleError = InvalidTokenRoleError;
+class TokenRoleMismatchError extends JwtError {
+    constructor() {
+        super("TOKEN_ROLE_MISMATCH_ERROR");
+    }
+}
+exports.TokenRoleMismatchError = TokenRoleMismatchError;

package/build/errors/UnauthenticatedError.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnauthenticatedError = void 0;
+const AppError_1 = require("./AppError");
+class UnauthenticatedError extends AppError_1.ApplicationError {
+    constructor() {
+        super("Unauthenticated", "USER_UNAUTHENTICATED");
+    }
+    toJSON() {
+        return { name: this.name, message: this.message };
+    }
+}
+exports.UnauthenticatedError = UnauthenticatedError;

package/build/errors/codes/JwtErrorCodes.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtErrorCodes = void 0;
+var JwtErrorCodes;
+(function (JwtErrorCodes) {
+    JwtErrorCodes["EMAIL_VERIFICATION_JWT_VERIFY_ERROR"] = "Invalid email verification jwt";
+    JwtErrorCodes["REFRESH_TOKEN_VERIFY_ERROR"] = "Invalid refresh token";
+    JwtErrorCodes["ACCESS_TOKEN_VERIFY_ERROR"] = "Invalid access token";
+    JwtErrorCodes["INVALID_TOKEN_ERROR"] = "Invalid token";
+    JwtErrorCodes["INVALID_TOKEN_ROLE_ERROR"] = "Invalid role identifier";
+    JwtErrorCodes["TOKEN_ROLE_MISMATCH_ERROR"] = "Role mismatch between payload and header";
+})(JwtErrorCodes || (exports.JwtErrorCodes = JwtErrorCodes = {}));

package/build/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./errors/AppError"), exports);
+__exportStar(require("./errors/JwtErrors"), exports);
+__exportStar(require("./errors/UnauthenticatedError"), exports);
+__exportStar(require("./errors/codes/JwtErrorCodes"), exports);
+__exportStar(require("./jwt-utils/JwtHelper"), exports);
+__exportStar(require("./middlewares/authMiddleware"), exports);
+__exportStar(require("./types/UserRoles"), exports);

package/build/jwt-utils/JwtHelper.js

@@ -0,0 +1,43 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtHelper = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const JwtErrors_1 = require("../errors/JwtErrors");
+function isUserRole(role) {
+    return ["ADMIN", "EXPERT", "USER"].includes(role);
+}
+class JwtHelper {
+    constructor({ userAccessTokenSecret, expertAccessTokenSecret, adminAccessTokenSecret, }) {
+        this.verifyAccessToken = (jwtToken) => {
+            const decoded = jsonwebtoken_1.default.decode(jwtToken, { complete: true });
+            if (!decoded || !decoded.header) {
+                throw new JwtErrors_1.InvalidTokenError();
+            }
+            const header = decoded.header;
+            const role = header.kid;
+            if (!role || !isUserRole(role)) {
+                throw new JwtErrors_1.InvalidTokenRoleError();
+            }
+            let payload;
+            try {
+                payload = jsonwebtoken_1.default.verify(jwtToken, this._AccessSecrets[role]);
+            }
+            catch (err) {
+                throw new JwtErrors_1.AccessTokenVerifyError();
+            }
+            if (!(role === payload.role)) {
+                throw new JwtErrors_1.TokenRoleMismatchError();
+            }
+            return payload;
+        };
+        this._AccessSecrets = {
+            USER: userAccessTokenSecret,
+            ADMIN: adminAccessTokenSecret,
+            EXPERT: expertAccessTokenSecret,
+        };
+    }
+}
+exports.JwtHelper = JwtHelper;

package/build/middlewares/authMiddleware.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthMiddleware = void 0;
+const UnauthenticatedError_1 = require("../errors/UnauthenticatedError");
+const JwtHelper_1 = require("../jwt-utils/JwtHelper");
+class AuthMiddleware {
+    constructor(userAccessTokenSecret, expertAccessTokenSecret, adminAccessTokenSecret) {
+        this.verify = (req, _res, next) => {
+            var _a;
+            try {
+                const token = (_a = req.headers["authorization"]) === null || _a === void 0 ? void 0 : _a.split(" ")[1];
+                if (!token) {
+                    throw new UnauthenticatedError_1.UnauthenticatedError();
+                }
+                const payload = this._jwtHelper.verifyAccessToken(token);
+                req.user = Object.assign(Object.assign({ id: payload.userId }, (payload.role === "ADMIN"
+                    ? { userame: payload.username }
+                    : { email: payload.email })), { role: payload.role });
+                next();
+            }
+            catch (err) {
+                next(err);
+            }
+        };
+        this._jwtHelper = new JwtHelper_1.JwtHelper({
+            userAccessTokenSecret,
+            expertAccessTokenSecret,
+            adminAccessTokenSecret,
+        });
+    }
+}
+exports.AuthMiddleware = AuthMiddleware;

package/build/types/UserRoles.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.USER_ROLES = void 0;
+exports.USER_ROLES = ["USER", "EXPERT", "ADMIN"];

package/package.json

@@ -1,10 +1,22 @@
 {
   "name": "@skillstew/common",
-  "version": "1.0.0",
-  "main": "index.js",
-  "scripts": {},
+  "version": "1.0.2",
+  "main": "./build/index.js",
+  "types": "./build/index.d.ts",
+  "scripts": {
+    "del": "del ./build/*",
+    "build": "npm run del && tsc",
+    "pub": "git add . && git commit -m \"Updates to common\" && npm version patch && npm run build && npm publish"
+  },
   "keywords": [],
   "author": "",
   "license": "ISC",
-  "description": ""
+  "description": "",
+  "dependencies": {
+    "@types/express": "^5.0.3",
+    "@types/jsonwebtoken": "^9.0.10",
+    "del-cli": "^6.0.0",
+    "express": "^5.1.0",
+    "jsonwebtoken": "^9.0.2"
+  }
 }

package/src/errors/AppError.ts

@@ -0,0 +1,20 @@
+export abstract class AppError extends Error {
+  public readonly name: string;
+  constructor(
+    public readonly message: string,
+    public readonly code: string,
+    public readonly context?: Record<string, unknown>,
+  ) {
+    super(message);
+    this.name = this.constructor.name;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+
+  abstract toJSON(): object;
+}
+
+export abstract class DomainError extends AppError {}
+
+export abstract class InfrastructureError extends AppError {}
+
+export abstract class ApplicationError extends AppError {}

package/src/errors/JwtErrors.ts

@@ -0,0 +1,47 @@
+import { InfrastructureError } from "./AppError";
+import { JwtErrorCodes } from "./codes/JwtErrorCodes";
+
+export class JwtError extends InfrastructureError {
+  constructor(code: keyof typeof JwtErrorCodes) {
+    super(JwtErrorCodes[code], code);
+  }
+  toJSON(): object {
+    return { error: this.name, message: this.message, code: this.code };
+  }
+}
+
+export class EmailVerificationJwtVerifyError extends JwtError {
+  constructor() {
+    super("EMAIL_VERIFICATION_JWT_VERIFY_ERROR");
+  }
+}
+
+export class RefreshTokenVerifyError extends JwtError {
+  constructor() {
+    super("REFRESH_TOKEN_VERIFY_ERROR");
+  }
+}
+
+export class AccessTokenVerifyError extends JwtError {
+  constructor() {
+    super("ACCESS_TOKEN_VERIFY_ERROR");
+  }
+}
+
+export class InvalidTokenError extends JwtError {
+  constructor() {
+    super("INVALID_TOKEN_ERROR");
+  }
+}
+
+export class InvalidTokenRoleError extends JwtError {
+  constructor() {
+    super("INVALID_TOKEN_ROLE_ERROR");
+  }
+}
+
+export class TokenRoleMismatchError extends JwtError {
+  constructor() {
+    super("TOKEN_ROLE_MISMATCH_ERROR");
+  }
+}

package/src/errors/UnauthenticatedError.ts

@@ -0,0 +1,10 @@
+import { ApplicationError } from "./AppError";
+
+export class UnauthenticatedError extends ApplicationError {
+  constructor() {
+    super("Unauthenticated", "USER_UNAUTHENTICATED");
+  }
+  toJSON(): object {
+    return { name: this.name, message: this.message };
+  }
+}

package/src/errors/codes/JwtErrorCodes.ts

@@ -0,0 +1,8 @@
+export enum JwtErrorCodes {
+  EMAIL_VERIFICATION_JWT_VERIFY_ERROR = "Invalid email verification jwt",
+  REFRESH_TOKEN_VERIFY_ERROR = "Invalid refresh token",
+  ACCESS_TOKEN_VERIFY_ERROR = "Invalid access token",
+  INVALID_TOKEN_ERROR = "Invalid token",
+  INVALID_TOKEN_ROLE_ERROR = "Invalid role identifier",
+  TOKEN_ROLE_MISMATCH_ERROR = "Role mismatch between payload and header",
+}

package/src/index.ts

@@ -0,0 +1,9 @@
+export * from "./errors/AppError";
+export * from "./errors/JwtErrors";
+export * from "./errors/UnauthenticatedError";
+export * from "./errors/codes/JwtErrorCodes";
+
+export * from "./jwt-utils/JwtHelper";
+export * from "./middlewares/authMiddleware";
+
+export * from "./types/UserRoles";

package/src/jwt-utils/JwtHelper.ts

@@ -0,0 +1,74 @@
+import jwt, { JwtHeader } from "jsonwebtoken";
+import { UserRoles } from "../types/UserRoles";
+import {
+  AccessTokenVerifyError,
+  InvalidTokenError,
+  InvalidTokenRoleError,
+  TokenRoleMismatchError,
+} from "../errors/JwtErrors";
+
+function isUserRole(role: string): role is UserRoles {
+  return ["ADMIN", "EXPERT", "USER"].includes(role);
+}
+
+export type tokenBody =
+  | {
+      userId: string;
+      email: string;
+      role: Exclude<UserRoles, "ADMIN">;
+    }
+  | {
+      userId: string;
+      username: string;
+      role: "ADMIN";
+    };
+
+export type JWTPayload = tokenBody & {
+  iat: number;
+  exp: number;
+};
+
+export class JwtHelper {
+  private _AccessSecrets: Record<UserRoles, string>;
+  constructor({
+    userAccessTokenSecret,
+    expertAccessTokenSecret,
+    adminAccessTokenSecret,
+  }: {
+    userAccessTokenSecret: string;
+    expertAccessTokenSecret: string;
+    adminAccessTokenSecret: string;
+  }) {
+    this._AccessSecrets = {
+      USER: userAccessTokenSecret,
+      ADMIN: adminAccessTokenSecret,
+      EXPERT: expertAccessTokenSecret,
+    };
+  }
+
+  verifyAccessToken = (jwtToken: string) => {
+    const decoded = jwt.decode(jwtToken, { complete: true }) as any;
+    if (!decoded || !decoded.header) {
+      throw new InvalidTokenError();
+    }
+
+    const header = decoded.header as JwtHeader & { kid?: string };
+    const role = header.kid as UserRoles | undefined;
+
+    if (!role || !isUserRole(role)) {
+      throw new InvalidTokenRoleError();
+    }
+    let payload: JWTPayload;
+    try {
+      payload = <JWTPayload>jwt.verify(jwtToken, this._AccessSecrets[role]);
+    } catch (err) {
+      throw new AccessTokenVerifyError();
+    }
+
+    if (!(role === payload.role)) {
+      throw new TokenRoleMismatchError();
+    }
+
+    return payload;
+  };
+}

package/src/middlewares/authMiddleware.ts

@@ -0,0 +1,39 @@
+import { RequestHandler } from "express";
+import { UnauthenticatedError } from "../errors/UnauthenticatedError";
+import { JwtHelper } from "../jwt-utils/JwtHelper";
+
+export class AuthMiddleware {
+  private _jwtHelper: JwtHelper;
+
+  constructor(
+    userAccessTokenSecret: string,
+    expertAccessTokenSecret: string,
+    adminAccessTokenSecret: string,
+  ) {
+    this._jwtHelper = new JwtHelper({
+      userAccessTokenSecret,
+      expertAccessTokenSecret,
+      adminAccessTokenSecret,
+    });
+  }
+
+  verify: RequestHandler = (req, _res, next) => {
+    try {
+      const token = req.headers["authorization"]?.split(" ")[1];
+      if (!token) {
+        throw new UnauthenticatedError();
+      }
+      const payload = this._jwtHelper.verifyAccessToken(token);
+      req.user = {
+        id: payload.userId,
+        ...(payload.role === "ADMIN"
+          ? { userame: payload.username }
+          : { email: payload.email }),
+        role: payload.role,
+      };
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+}

package/src/types/UserRoles.ts

@@ -0,0 +1,2 @@
+export const USER_ROLES = ["USER", "EXPERT", "ADMIN"] as const;
+export type UserRoles = (typeof USER_ROLES)[number];

package/src/types/express/index.d.ts

@@ -0,0 +1,16 @@
+import { RequestUser } from "../../3-presentation/types/RequestType";
+import { UserRoles } from "../../0-domain/entities/UserRoles";
+
+export interface RequestUser {
+  id: string | number;
+  email: string;
+  role: UserRoles;
+}
+
+declare global {
+  namespace Express {
+    interface Request {
+      user: RequestUser;
+    }
+  }
+}

package/tsconfig.json

@@ -11,7 +11,7 @@
     // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
 
     /* Language and Environment */
-    "target": "es2016",                                  /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
+    "target": "es2016" /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */,
     // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
     // "jsx": "preserve",                                /* Specify what JSX code is generated. */
     // "libReplacement": true,                           /* Enable lib replacement. */
@@ -26,13 +26,15 @@
     // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
 
     /* Modules */
-    "module": "commonjs",                                /* Specify what module code is generated. */
+    "module": "commonjs" /* Specify what module code is generated. */,
     // "rootDir": "./",                                  /* Specify the root folder within your source files. */
     // "moduleResolution": "node10",                     /* Specify how TypeScript looks up a file from a given module specifier. */
     // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
     // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
     // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
-    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    "typeRoots": [
+      "./src/types"
+    ] /* Specify multiple folders that act like './node_modules/@types'. */,
     // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
     // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
     // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
@@ -59,7 +61,7 @@
     // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
     // "noEmit": true,                                   /* Disable emitting files from a compilation. */
     // "outFile": "./",                                  /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
-    // "outDir": "./",                                   /* Specify an output folder for all emitted files. */
+    "outDir": "./build" /* Specify an output folder for all emitted files. */,
     // "removeComments": true,                           /* Disable emitting comments. */
     // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
     // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
@@ -80,12 +82,12 @@
     // "isolatedDeclarations": true,                     /* Require sufficient annotation on exports so other tools can trivially generate declaration files. */
     // "erasableSyntaxOnly": true,                       /* Do not allow runtime constructs that are not part of ECMAScript. */
     // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
-    "esModuleInterop": true,                             /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
+    "esModuleInterop": true /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */,
     // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
-    "forceConsistentCasingInFileNames": true,            /* Ensure that casing is correct in imports. */
+    "forceConsistentCasingInFileNames": true /* Ensure that casing is correct in imports. */,
 
     /* Type Checking */
-    "strict": true,                                      /* Enable all strict type-checking options. */
+    "strict": true /* Enable all strict type-checking options. */,
     // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
     // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
     // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
@@ -108,6 +110,6 @@
 
     /* Completeness */
     // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
-    "skipLibCheck": true                                 /* Skip type checking all .d.ts files. */
+    "skipLibCheck": true /* Skip type checking all .d.ts files. */
   }
 }