@volcanicminds/backend 0.2.27 → 0.2.29

package/index.ts

@@ -6,6 +6,7 @@ dotenv.config()
 import yn from './lib/util/yn'
 import logger from './lib/util/logger'
 import * as mark from './lib/util/mark'
+import * as loaderPlugins from './lib/loader/plugins'
 import * as loaderRoles from './lib/loader/roles'
 import * as loaderRouter from './lib/loader/router'
 import * as loaderHooks from './lib/loader/hooks'
@@ -26,6 +27,7 @@ import fastifyApollo, { fastifyApolloDrainPlugin } from '@as-integrations/fastif
 import { myContextFunction, MyContext } from './lib/apollo/context'
 import resolvers from './lib/apollo/resolvers'
 import typeDefs from './lib/apollo/type-defs'
+import { UserManagement } from './types/global'
 
 global.log = logger
 
@@ -131,7 +133,7 @@ async function addFastifySwagger(fastify: FastifyInstance) {
   }
 }
 
-const start = async () => {
+const start = async (decorators) => {
   const begin = new Date().getTime()
   mark.print(logger)
   global.roles = loaderRoles.load()
@@ -140,41 +142,16 @@ const start = async () => {
   const fastify = await Fastify(opts)
 
   const { HOST: host = '0.0.0.0', PORT: port = '2230', GRAPHQL } = process.env
-  const { SRV_CORS, SRV_HELMET, SRV_RATELIMIT, SRV_COMPRESS, JWT_SECRET, JWT_EXPIRES_IN = '15d' } = process.env
+  const { JWT_SECRET, JWT_EXPIRES_IN = '15d' } = process.env
 
   const loadApollo = yn(GRAPHQL, false)
-  const addPluginCors = yn(SRV_CORS, false)
-  const addPluginHelmet = yn(SRV_HELMET, false)
-  const addPluginRateLimit = yn(SRV_RATELIMIT, false)
-  const addPluginCompress = yn(SRV_COMPRESS, false)
-
-  log.t && log.trace(`Attach Apollo Server ${loadApollo}`)
-  log.t && log.trace(`Add plugin CORS: ${addPluginCors}`)
-  log.t && log.trace(`Add plugin HELMET: ${!loadApollo ? addPluginHelmet : 'Not usable with Apollo'}`)
-  log.t && log.trace(`Add plugin COMPRESS: ${addPluginCompress}`)
-  log.t && log.trace(`Add plugin RATELIMIT: ${addPluginRateLimit}`)
+  const plugins = loaderPlugins.load()
 
   // Helmet is not usable with Apollo Server
-  !loadApollo && addPluginHelmet && (await fastify.register(helmet))
-  addPluginRateLimit && (await fastify.register(rateLimit))
-  addPluginCors &&
-    (await fastify.register(cors, {
-      origin: '*',
-      methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS', 'HEAD'],
-      maxAge: 31536000,
-      credentials: true,
-      allowedHeaders: [
-        'Content-Type',
-        'Content-Length',
-        'Authorization',
-        'Origin',
-        'v-total',
-        'v-count',
-        'v-page',
-        'v-pageSize'
-      ]
-    }))
-  addPluginCompress && (await fastify.register(compress))
+  !loadApollo && plugins?.helmet && (await fastify.register(helmet))
+  plugins?.rateLimit && (await fastify.register(rateLimit))
+  plugins?.cors && (await fastify.register(cors, plugins.cors || {}))
+  plugins?.compress && (await fastify.register(compress))
 
   // JWT Validator
   log.t && log.trace(`Add JWT - expiresIn: ${JWT_EXPIRES_IN}`)
@@ -188,6 +165,52 @@ const start = async () => {
   await addApolloRouting(fastify, apollo)
   await addFastifyRouting(fastify)
 
+  // defaults
+  decorators = {
+    userManager: {
+      createUser(data: any) {
+        throw Error('Not implemented')
+      },
+      resetExternalId(data: any) {
+        throw Error('Not implemented')
+      },
+      updateUserById(id: string, user: any) {
+        throw Error('Not implemented')
+      },
+      retrieveUserById(id: string) {
+        throw Error('Not implemented')
+      },
+      retrieveUserByEmail(email: string) {
+        throw Error('Not implemented')
+      },
+      retrieveUserByExternalId(externalId: string) {
+        throw Error('Not implemented')
+      },
+      retrieveUserByPassword(email: string, password: string) {
+        throw Error('Not implemented')
+      },
+      changePassword(email: string, password: string, oldPassword: string) {
+        throw Error('Not implemented')
+      },
+      enableUserById(id: string) {
+        throw Error('Not implemented')
+      },
+      disableUserById(id: string) {
+        throw Error('Not implemented')
+      },
+      isValidUser(data: any) {
+        throw Error('Not implemented')
+      }
+    } as UserManagement,
+    ...decorators
+  }
+
+  await Promise.all(
+    Object.keys(decorators || {}).map(async (key) => {
+      await fastify.decorate(key, decorators[key])
+    })
+  )
+
   await fastify
     .listen({
       port: Number(port),
@@ -216,7 +239,8 @@ export {
   Roles,
   Route,
   RouteConfig,
-  ConfiguredRoute
+  ConfiguredRoute,
+  UserManagement
 } from './types/global'
 
 /**

package/lib/api/auth/controller/auth.ts

@@ -1,31 +1,126 @@
 import { FastifyReply, FastifyRequest } from 'fastify'
-import { AuthenticatedUser } from '../../../../types/global'
+import * as regExp from '../../../util/regexp'
+
+export async function register(req: FastifyRequest, reply: FastifyReply) {
+  const { password1: password, password2, ...data } = req.data()
+
+  if (!data.username) {
+    return reply.status(404).send(Error('Username not valid'))
+  }
+  if (!data.email || !regExp.email.test(data.email)) {
+    return reply.status(404).send(Error('Email not valid'))
+  }
+  if (!password || !regExp.password.test(password)) {
+    return reply.status(404).send(Error('Password not valid'))
+  }
+  if (!password2 || password2 !== password) {
+    return reply.status(404).send(Error('Repeated password not match'))
+  }
+
+  // public is the default
+  const publicRole = global.roles?.public?.code || 'public'
+  data.roles = (data.requiredRoles || []).map((r) => global.roles[r]?.code).filter((r) => !!r)
+  if (!data.roles.includes(publicRole)) {
+    data.roles.push(publicRole)
+  }
+
+  const user = await req.server['userManager'].createUser({ ...data, password: password })
+  if (!user) {
+    return reply.status(400).send(Error('User not registered'))
+  }
+
+  return user
+}
+
+export async function unregister(req: FastifyRequest, reply: FastifyReply) {
+  const { email, password } = req.data()
+
+  let user = await req.server['userManager'].retrieveUserByPassword(email, password)
+  let isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong credentials'))
+  }
+
+  if (!user.enabled) {
+    return reply.status(403).send(Error('User not enabled'))
+  }
+
+  user = await req.server['userManager'].disableUserById(user?.id)
+  isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(400).send(Error('User not valid'))
+  }
+
+  return { ok: true }
+}
+
+export async function changePassword(req: FastifyRequest, reply: FastifyReply) {
+  const { email, oldPassword, newPassword1, newPassword2 } = req.data()
+
+  if (!newPassword1 || !regExp.password.test(newPassword1)) {
+    return reply.status(404).send(Error('New password not valid'))
+  }
+
+  if (!newPassword2 || newPassword2 !== newPassword1) {
+    return reply.status(404).send(Error('Repeated new password not match'))
+  }
+
+  let user = await req.server['userManager'].retrieveUserByPassword(email, oldPassword)
+  let isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong credentials'))
+  }
+
+  if (!user.enabled) {
+    return reply.status(403).send(Error('User not enabled'))
+  }
+
+  user = await req.server['userManager'].changePassword(email, newPassword1, oldPassword)
+  isValid = await req.server['userManager'].isValidUser(user)
+  return { ok: isValid }
+}
 
 export async function login(req: FastifyRequest, reply: FastifyReply) {
-  const { email = '', password = '' } = req.data()
-
-  // TODO: use UserManagement.find and check password
-  // demo code here
-  const username = email.substr(0, email.indexOf('@')) || 'jerry'
-  const roleList = [username === 'admin' ? roles.admin : username === 'vminds' ? roles.backoffice : roles.public]
-  const user =
-    username !== null
-      ? ({
-          id: 306, // user id
-          name: username, // optional
-          email: email,
-          roles: roleList
-        } as AuthenticatedUser)
-      : null
-
-  // TODO: review if email is important to include in token (for a security purpose)
+  const { email, password } = req.data()
+
+  if (!email || !regExp.email.test(email)) {
+    return reply.status(404).send(Error('Email not valid'))
+  }
+  if (!password || !regExp.password.test(password)) {
+    return reply.status(404).send(Error('Password not valid'))
+  }
+
+  const user = await req.server['userManager'].retrieveUserByPassword(email, password)
+  const isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong credentials'))
+  }
+
+  if (!user.enabled) {
+    return reply.status(403).send(Error('User not enabled'))
+  }
+
+  // log.trace('User: ' + JSON.stringify(user) + ' ' + roles)
   // https://www.iana.org/assignments/jwt/jwt.xhtml
-  const token = user !== null ? await reply.jwtSign({ sub: user.id, name: user.name, email: user.email }) : null
-  reply.send({ ...user, token: token || null, roles: roleList.map((r) => r.code) })
+  const token = user !== null ? await reply.jwtSign({ sub: user.externalId }) : null
+  return {
+    ...user,
+    token: token || null,
+    roles: (user.roles || [global.role?.public?.code || 'public']).map((r) => r?.code || r)
+  }
 }
 
-export async function demo(req: FastifyRequest, reply: FastifyReply) {
-  // JSON.stringify(req.user)
+export async function invalidateTokens(req: FastifyRequest, reply: FastifyReply) {
+  let isValid = await req.server['userManager'].isValidUser(req.user)
+  if (!isValid) {
+    return reply.status(403).send(Error('User not linked'))
+  }
 
-  reply.send({ ok: req.user })
+  const user = await req.server['userManager'].resetExternalId(req.user?.id)
+  isValid = await req.server['userManager'].isValidUser(user)
+  return { ok: isValid }
 }

package/lib/api/auth/routes.ts

@@ -1,20 +1,111 @@
 module.exports = {
   config: {
-    title: 'User useful functions',
-    description: 'User useful functions',
+    title: 'Authentication functions',
+    description: 'Authentication functions',
     controller: 'controller',
     tags: ['auth'],
-
     deprecated: false,
-    version: false
+    version: false,
+    enable: true
   },
   routes: [
+    {
+      method: 'POST',
+      path: '/register',
+      roles: [],
+      handler: 'auth.register',
+      middlewares: ['global.preAuth', 'global.postAuth'],
+      config: {
+        title: 'Register new user',
+        description: 'Register a new user',
+        body: {
+          type: 'object',
+          properties: {
+            username: { type: 'string' },
+            email: { type: 'string' },
+            password1: { type: 'string' },
+            password2: { type: 'string' },
+            requiredRoles: { type: 'array', items: { type: 'string' } }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
+              email: { type: 'string' },
+              enabled: { type: 'boolean' },
+              roles: { type: 'array', items: { type: 'string' } }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/unregister',
+      roles: [],
+      handler: 'auth.unregister',
+      middlewares: ['global.preAuth', 'global.postAuth'],
+      config: {
+        title: 'Unregister existing user',
+        description: 'Unregister an existing user',
+        body: {
+          type: 'object',
+          properties: {
+            email: { type: 'string' },
+            password: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/change-password',
+      roles: [],
+      handler: 'auth.changePassword',
+      middlewares: [],
+      config: {
+        title: 'Change password',
+        description: 'Change password for an existing user',
+        body: {
+          type: 'object',
+          properties: {
+            email: { type: 'string' },
+            oldPassword: { type: 'string' },
+            newPassword1: { type: 'string' },
+            newPassword2: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
     {
       method: 'POST',
       path: '/login',
       roles: [],
       handler: 'auth.login',
-      middlewares: [],
+      middlewares: ['global.preAuth', 'global.postAuth'],
       config: {
         title: 'Login',
         description: 'Basic login authentication',
@@ -30,24 +121,26 @@ module.exports = {
             description: 'Default response',
             type: 'object',
             properties: {
-              id: { type: 'number' },
-              name: { type: 'string' },
-              token: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } }
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
+              email: { type: 'string' },
+              roles: { type: 'array', items: { type: 'string' } },
+              token: { type: 'string' }
             }
           }
         }
       }
     },
     {
-      method: 'GET',
-      path: '/demo',
+      method: 'POST',
+      path: '/invalidate-tokens',
       roles: [],
-      handler: 'auth.demo',
+      handler: 'auth.invalidateTokens',
       middlewares: ['global.isAuthenticated'],
       config: {
-        title: 'For debug purpose',
-        description: 'Demo login authentication',
+        title: 'Invalidate all tokens',
+        description: 'Invalidate all tokens',
         response: {
           200: {
             description: 'Default response',

package/lib/api/health/routes.ts

@@ -1,7 +1,7 @@
 module.exports = {
   config: {
-    title: 'Health useful functions',
-    description: 'Health useful functions',
+    title: 'Health functions',
+    description: 'Health functions',
     controller: 'controller',
     tags: ['health']
   },

package/lib/api/users/routes.ts

@@ -1,7 +1,7 @@
 module.exports = {
   config: {
-    title: 'User useful functions',
-    description: 'User useful functions',
+    title: 'User functions',
+    description: 'User functions',
     controller: 'controller',
     tags: ['users'],
     version: false
@@ -10,25 +10,27 @@ module.exports = {
     {
       method: 'GET',
       path: '/',
-      roles: [],
+      roles: [roles.public],
       handler: 'user.user',
       middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Get current user',
         description: 'Get current user',
         response: {
-          403: {
-            description: 'Unauthorized',
-            type: 'string'
-          },
           200: {
             description: 'Default response',
             type: 'object',
             properties: {
-              id: { type: 'number' },
-              name: { type: 'string' },
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
               email: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } }
+              enabled: { type: 'boolean' },
+              enabledAt: { type: 'string' },
+              roles: { type: 'array', items: { type: 'string' } },
+              createdAt: { type: 'string' },
+              version: { type: 'number' },
+              updatedAt: { type: 'string' }
             }
           }
         }
@@ -44,10 +46,6 @@ module.exports = {
         title: 'Check if is an admin',
         description: 'Check if the current user is an admin',
         response: {
-          403: {
-            description: 'Unauthorized',
-            type: 'string'
-          },
           200: {
             description: 'Default response',
             type: 'object',

package/lib/config/plugins.ts

@@ -0,0 +1,24 @@
+'use strict'
+
+module.exports = [
+  {
+    name: 'cors',
+    enable: false,
+    options: {}
+  },
+  {
+    name: 'rateLimit',
+    enable: false,
+    options: {}
+  },
+  {
+    name: 'helmet',
+    enable: false,
+    options: {}
+  },
+  {
+    name: 'compress',
+    enable: false,
+    options: {}
+  }
+]

package/lib/hooks/onRequest.ts

@@ -6,8 +6,8 @@ module.exports = async (req, reply) => {
   log.i && (req.startedAt = new Date())
   req.data = () => getData(req)
   req.parameters = () => getParams(req)
-  req.roles = () => ((req.user && req.user.roles) || []).map((role: Role) => role?.code) || []
-  req.hasRole = (r: Role) => ((req.user && req.user.roles) || []).some((role: Role) => role?.code === r?.code)
+  req.roles = () => (req.user ? req.user.roles : [roles.public])
+  req.hasRole = (r: Role) => (req.user ? req.user.roles : [roles.public]).some((role) => role === r?.code)
 
   // authorization check
   const auth = req.headers?.authorization || ''
@@ -15,23 +15,17 @@ module.exports = async (req, reply) => {
   const isRoutePublic = (req.routeConfig.requiredRoles || []).some((role: Role) => role.code === roles.public.code)
 
   if (prefix === 'Bearer' && token != null) {
-    const user: AuthenticatedUser = {} as AuthenticatedUser
+    let user: AuthenticatedUser = {} as AuthenticatedUser
     try {
       const tokenData = reply.server.jwt.verify(token)
-      user.id = tokenData.sub
-      user.name = tokenData.name
-      user.email = tokenData.email
-      user.roles = [roles.public, roles.admin]
-
-      // if (global.npmDebugServerStarted) {
-      //   user.id = user.id || 123
-      //   user.name = user.name || 'Jerry Seinfeld'
-      //   user.email = user.email || 'jerry@george.com'
-      //   user.roles = [roles.public, roles.backoffice]
-      //   log.debug('Inject demo user ' + user.id)
-      // }
-
-      //TODO: recall plugin UserManagement for find user or error
+      user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
+      if (!user) {
+        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_FOUND', message: 'User not found' })
+      }
+      const isValid = await req.server['userManager'].isValidUser(user)
+      if (!isValid) {
+        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+      }
 
       // ok, we have the full user here
       req.user = user
@@ -43,13 +37,13 @@ module.exports = async (req, reply) => {
 
     if (req.routeConfig.requiredRoles?.length > 0) {
       const { method = '', url = '', requiredRoles } = req.routeConfig
-      const userRoles: string[] = req.user?.roles?.map(({ code }) => code) || []
+      const userRoles: string[] = req.user?.roles?.map((code) => code) || []
       const resolvedRoles = userRoles.length > 0 ? requiredRoles.filter((r) => userRoles.includes(r.code)) : []
 
       if (!resolvedRoles.length) {
         log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)
         return reply
-          .code(403)
+          .status(403)
           .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to call this route' })
       }
     }

package/lib/loader/plugins.ts

@@ -0,0 +1,22 @@
+import { config } from 'dotenv'
+
+const glob = require('glob')
+
+export function load() {
+  const plugins: any = {}
+
+  const patterns = [`${__dirname}/../config/plugins.{ts,js}`, `${process.cwd()}/src/config/plugins.{ts,js}`]
+  patterns.forEach((pattern) => {
+    log.t && log.trace('Looking for ' + pattern)
+    glob.sync(pattern).forEach((f: string) => {
+      const configPlugins = require(f)
+      configPlugins.forEach((plugin) => {
+        plugins[plugin.name] = plugin.enable ? plugin.options : false
+        log.t && log.trace(`* Plugin ${plugin.name} ${plugin.enable ? 'enabled' : 'disabled'}`)
+      })
+    })
+  })
+  const enabledPulgins = Object.keys(plugins).filter((p) => !!plugins[p])
+  log.d && log.debug(`Plugins loaded: ${enabledPulgins.length > 0 ? enabledPulgins.join(', ') : 0}`)
+  return plugins
+}