@volcanicminds/backend 0.2.28 → 0.2.29

package/lib/api/auth/routes.ts

@@ -1,20 +1,111 @@
 module.exports = {
   config: {
-    title: 'User useful functions',
-    description: 'User useful functions',
+    title: 'Authentication functions',
+    description: 'Authentication functions',
     controller: 'controller',
     tags: ['auth'],
-
     deprecated: false,
-    version: false
+    version: false,
+    enable: true
   },
   routes: [
+    {
+      method: 'POST',
+      path: '/register',
+      roles: [],
+      handler: 'auth.register',
+      middlewares: ['global.preAuth', 'global.postAuth'],
+      config: {
+        title: 'Register new user',
+        description: 'Register a new user',
+        body: {
+          type: 'object',
+          properties: {
+            username: { type: 'string' },
+            email: { type: 'string' },
+            password1: { type: 'string' },
+            password2: { type: 'string' },
+            requiredRoles: { type: 'array', items: { type: 'string' } }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
+              email: { type: 'string' },
+              enabled: { type: 'boolean' },
+              roles: { type: 'array', items: { type: 'string' } }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/unregister',
+      roles: [],
+      handler: 'auth.unregister',
+      middlewares: ['global.preAuth', 'global.postAuth'],
+      config: {
+        title: 'Unregister existing user',
+        description: 'Unregister an existing user',
+        body: {
+          type: 'object',
+          properties: {
+            email: { type: 'string' },
+            password: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/change-password',
+      roles: [],
+      handler: 'auth.changePassword',
+      middlewares: [],
+      config: {
+        title: 'Change password',
+        description: 'Change password for an existing user',
+        body: {
+          type: 'object',
+          properties: {
+            email: { type: 'string' },
+            oldPassword: { type: 'string' },
+            newPassword1: { type: 'string' },
+            newPassword2: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
     {
       method: 'POST',
       path: '/login',
       roles: [],
       handler: 'auth.login',
-      middlewares: [],
+      middlewares: ['global.preAuth', 'global.postAuth'],
       config: {
         title: 'Login',
         description: 'Basic login authentication',
@@ -30,24 +121,26 @@ module.exports = {
             description: 'Default response',
             type: 'object',
             properties: {
-              id: { type: 'number' },
-              name: { type: 'string' },
-              token: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } }
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
+              email: { type: 'string' },
+              roles: { type: 'array', items: { type: 'string' } },
+              token: { type: 'string' }
             }
           }
         }
       }
     },
     {
-      method: 'GET',
-      path: '/demo',
+      method: 'POST',
+      path: '/invalidate-tokens',
       roles: [],
-      handler: 'auth.demo',
+      handler: 'auth.invalidateTokens',
       middlewares: ['global.isAuthenticated'],
       config: {
-        title: 'For debug purpose',
-        description: 'Demo login authentication',
+        title: 'Invalidate all tokens',
+        description: 'Invalidate all tokens',
         response: {
           200: {
             description: 'Default response',

package/lib/api/health/routes.ts

@@ -1,7 +1,7 @@
 module.exports = {
   config: {
-    title: 'Health useful functions',
-    description: 'Health useful functions',
+    title: 'Health functions',
+    description: 'Health functions',
     controller: 'controller',
     tags: ['health']
   },

package/lib/api/users/routes.ts

@@ -1,7 +1,7 @@
 module.exports = {
   config: {
-    title: 'User useful functions',
-    description: 'User useful functions',
+    title: 'User functions',
+    description: 'User functions',
     controller: 'controller',
     tags: ['users'],
     version: false
@@ -10,25 +10,27 @@ module.exports = {
     {
       method: 'GET',
       path: '/',
-      roles: [],
+      roles: [roles.public],
       handler: 'user.user',
       middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Get current user',
         description: 'Get current user',
         response: {
-          403: {
-            description: 'Unauthorized',
-            type: 'string'
-          },
           200: {
             description: 'Default response',
             type: 'object',
             properties: {
-              id: { type: 'number' },
-              name: { type: 'string' },
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
               email: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } }
+              enabled: { type: 'boolean' },
+              enabledAt: { type: 'string' },
+              roles: { type: 'array', items: { type: 'string' } },
+              createdAt: { type: 'string' },
+              version: { type: 'number' },
+              updatedAt: { type: 'string' }
             }
           }
         }
@@ -44,10 +46,6 @@ module.exports = {
         title: 'Check if is an admin',
         description: 'Check if the current user is an admin',
         response: {
-          403: {
-            description: 'Unauthorized',
-            type: 'string'
-          },
           200: {
             description: 'Default response',
             type: 'object',

package/lib/hooks/onRequest.ts

@@ -6,8 +6,8 @@ module.exports = async (req, reply) => {
   log.i && (req.startedAt = new Date())
   req.data = () => getData(req)
   req.parameters = () => getParams(req)
-  req.roles = () => ((req.user && req.user.roles) || []).map((role: Role) => role?.code) || []
-  req.hasRole = (r: Role) => ((req.user && req.user.roles) || []).some((role: Role) => role?.code === r?.code)
+  req.roles = () => (req.user ? req.user.roles : [roles.public])
+  req.hasRole = (r: Role) => (req.user ? req.user.roles : [roles.public]).some((role) => role === r?.code)
 
   // authorization check
   const auth = req.headers?.authorization || ''
@@ -15,23 +15,17 @@ module.exports = async (req, reply) => {
   const isRoutePublic = (req.routeConfig.requiredRoles || []).some((role: Role) => role.code === roles.public.code)
 
   if (prefix === 'Bearer' && token != null) {
-    const user: AuthenticatedUser = {} as AuthenticatedUser
+    let user: AuthenticatedUser = {} as AuthenticatedUser
     try {
       const tokenData = reply.server.jwt.verify(token)
-      user.id = tokenData.sub
-      user.name = tokenData.name
-      user.email = tokenData.email
-      user.roles = [roles.public, roles.admin]
-
-      // if (global.npmDebugServerStarted) {
-      //   user.id = user.id || 123
-      //   user.name = user.name || 'Jerry Seinfeld'
-      //   user.email = user.email || 'jerry@george.com'
-      //   user.roles = [roles.public, roles.backoffice]
-      //   log.debug('Inject demo user ' + user.id)
-      // }
-
-      //TODO: recall plugin UserManagement for find user or error
+      user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
+      if (!user) {
+        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_FOUND', message: 'User not found' })
+      }
+      const isValid = await req.server['userManager'].isValidUser(user)
+      if (!isValid) {
+        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+      }
 
       // ok, we have the full user here
       req.user = user
@@ -43,13 +37,13 @@ module.exports = async (req, reply) => {
 
     if (req.routeConfig.requiredRoles?.length > 0) {
       const { method = '', url = '', requiredRoles } = req.routeConfig
-      const userRoles: string[] = req.user?.roles?.map(({ code }) => code) || []
+      const userRoles: string[] = req.user?.roles?.map((code) => code) || []
       const resolvedRoles = userRoles.length > 0 ? requiredRoles.filter((r) => userRoles.includes(r.code)) : []
 
       if (!resolvedRoles.length) {
         log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)
         return reply
-          .code(403)
+          .status(403)
           .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to call this route' })
       }
     }

package/lib/loader/plugins.ts

@@ -13,7 +13,6 @@ export function load() {
       configPlugins.forEach((plugin) => {
         plugins[plugin.name] = plugin.enable ? plugin.options : false
         log.t && log.trace(`* Plugin ${plugin.name} ${plugin.enable ? 'enabled' : 'disabled'}`)
-        log.error(plugin)
       })
     })
   })

package/lib/loader/router.ts

@@ -1,3 +1,4 @@
+import yn from '../util/yn'
 import { Route, ConfiguredRoute, RouteConfig } from '../../types/global'
 import { FastifyReply, FastifyRequest } from 'fastify'
 
@@ -8,6 +9,7 @@ const methods = ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'PATCH', 'OPTIONS']
 export function load(): ConfiguredRoute[] {
   const validRoutes: ConfiguredRoute[] = []
   const patterns = [`${__dirname}/../api/**/routes.{ts,js}`, `${process.cwd()}/src/api/**/routes.{ts,js}`]
+  const authMiddlewares = ['global.isAuthenticated', 'global.isAdmin']
 
   patterns.forEach((pattern) => {
     log.t && log.trace('Looking for ' + pattern)
@@ -20,11 +22,6 @@ export function load(): ConfiguredRoute[] {
       const routesjs = require(f)
       const { routes = [], config: defaultConfig = {} } = routesjs || {}
 
-      // adjust default config
-      if (!defaultConfig.enable) defaultConfig.enable = true
-      if (defaultConfig.deprecated == null) defaultConfig.deprecated = false
-      if (defaultConfig.controller == null) defaultConfig.controller = 'controller'
-
       log.t && log.trace(`* Add ${routes.length} routes from ${file}`)
 
       routes.forEach((route: Route, index: number) => {
@@ -35,14 +32,15 @@ export function load(): ConfiguredRoute[] {
           handler,
           config = {} as RouteConfig,
           middlewares = [],
-          roles: requiredRole = []
+          roles: rs = []
         } = route
 
-        if (
-          !config?.security &&
-          (requiredRole.some((r) => r.code !== roles.public.code) ||
-            middlewares.some((m) => m === 'global.isAuthenticated'))
-        ) {
+        const requiredRoles = !rs.length ? [roles.public] : rs
+        const reqAuth: boolean =
+          middlewares.some((m) => authMiddlewares.includes(m)) ||
+          requiredRoles.every((r) => r.code !== roles.public.code)
+
+        if (!config?.security && reqAuth) {
           config.security = 'bearer'
         }
 
@@ -50,11 +48,11 @@ export function load(): ConfiguredRoute[] {
         const {
           title = '',
           description = '',
-          enable = defaultConfig.enable || true,
-          deprecated = defaultConfig.deprecated || false,
-          tags = defaultConfig.tags || false,
+          enable = yn(defaultConfig.enable, true),
+          deprecated = yn(defaultConfig.deprecated, false),
+          tags = defaultConfig.tags,
           version = defaultConfig.version || '',
-          security = defaultConfig.security || undefined,
+          security = defaultConfig.security,
           query,
           params,
           body,
@@ -90,25 +88,26 @@ export function load(): ConfiguredRoute[] {
           }
         }
 
-        if (errors.length == 0) {
-          enable
-            ? log.t &&
-              log.trace(
-                `* Method [${method}] path ${endpoint} handler ${handler} enabled with ${
-                  middlewares?.length || 0
-                } middlewares`
-              )
-            : log.w && log.warn(`* Method [${method}] path ${endpoint} handler ${handler} disabled. Skip.`)
-
+        const toAdd = enable && errors.length === 0
+        toAdd
+          ? log.t &&
+            log.trace(
+              `* Method [${method}] path ${endpoint} handler ${handler} enabled with ${
+                middlewares?.length || 0
+              } middlewares`
+            )
+          : log.w && log.warn(`* Method [${method}] path ${endpoint} handler ${handler} disabled. Skip.`)
+
+        toAdd &&
           validRoutes.push({
             handler,
             method,
             path: '/' + endpoint,
             middlewares,
-            roles: requiredRole,
+            roles: requiredRoles,
             enable,
             base,
-            file: path.join(base, defaultConfig.controller, handlerParts[0]),
+            file: path.join(base, defaultConfig.controller || 'controller', handlerParts[0]),
             func: handlerParts[1],
             // swagger: doc
             doc: {
@@ -124,7 +123,6 @@ export function load(): ConfiguredRoute[] {
               response
             }
           })
-        }
       })
     })
   })
@@ -133,26 +131,65 @@ export function load(): ConfiguredRoute[] {
   return validRoutes
 }
 
-function normalizeMiddlewarePath(base: string, middleware: string = '') {
+async function tryToLoadFile(fileName: string) {
+  return new Promise((resolve, reject) => {
+    try {
+      const required = fileName ? require(fileName) : null
+      resolve(required)
+    } catch (err) {
+      reject(err)
+    }
+  })
+}
+
+async function loadMiddleware(base: string, middleware: string = '') {
   const key = 'global.'
-  const idx = middleware.indexOf(key)
-  return idx == 0
-    ? path.resolve(__dirname + '/../middleware/' + middleware.substring(key.length))
-    : path.resolve(base + '/middleware/' + middleware)
+  const isGlobal = middleware.indexOf(key) > -1
+  let required: any = null
+
+  if (isGlobal) {
+    const name = middleware.substring(key.length)
+    required = await tryToLoadFile(path.resolve(process.cwd() + '/src/middleware/' + name)).catch(async () => {
+      return await tryToLoadFile(path.resolve(__dirname + '/../middleware/' + name))
+    })
+  } else {
+    required = await tryToLoadFile(path.resolve(base + '/middleware/' + middleware))
+  }
+
+  if (!required) {
+    log.error(`Middleware ${middleware} not loaded`)
+    throw new Error(`Middleware ${middleware} not loaded`)
+  }
+  return required
 }
 
+async function loadMiddlewares(base: string, middlewares: string[] = []) {
+  const midds = {}
+  await Promise.all(
+    middlewares.map(async (m) => {
+      const middleware = await loadMiddleware(base, m)
+      Object.keys(middleware).map((name) => (midds[name] = [...(midds[name] || []), middleware[name]]))
+    })
+  )
+  // log.debug(base + ' middleware ' + middlewares.length + ' -> ' + Object.keys(midds))
+  return midds
+}
+
+// preParsing, preValidation, preHandler, preSerialization, ..
+
 export function apply(server: any, routes: ConfiguredRoute[]): void {
   log.t && log.trace(`Apply ${routes.length} routes to server with pid ${process.pid}`)
 
   routes.forEach(async ({ handler, method, path, middlewares, roles, enable, base, file, func, doc }) => {
     if (enable) {
       log.t && log.trace(`* Add path ${method} ${path} on handle ${handler}`)
+      const midds = await loadMiddlewares(base, middlewares)
 
       server.route({
         method: method,
         path: path,
         schema: doc,
-        preHandler: (middlewares || []).map((m) => require(normalizeMiddlewarePath(base, m))),
+        ...midds,
         config: {
           requiredRoles: roles || []
         },

package/lib/loader/schemas.ts

@@ -15,9 +15,13 @@ export function apply(server: any): void {
       schemaNames.map((name) => {
         const schema = schemaClass[name]
         if (schema != null) {
-          log.trace(`* Schema [${schema.$id}] loaded from ${schemaFileName}`)
-          server.addSchema(schema)
-          schemaCount++
+          if (schema?.$id) {
+            log.trace(`* Schema [${schema.$id}] loaded from ${schemaFileName}`)
+            server.addSchema(schema)
+            schemaCount++
+          } else {
+            log.warn(`* Schema [${schema.$id}] not loaded from ${schemaFileName}`)
+          }
         }
       })
     })

package/lib/middleware/isAdmin.ts

@@ -1,11 +1,11 @@
 import { FastifyReply, FastifyRequest } from 'fastify'
 
-const log = global.log
-module.exports = (req: FastifyRequest, res: FastifyReply, next: any) => {
+export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
   try {
     if (req.user && req.user.id && req.hasRole(roles.admin)) {
-      return next()
+      return done()
     }
+
     throw new Error('User without this privilege')
   } catch (err) {
     log.e && log.error(`Upps, something just happened ${err}`)

package/lib/middleware/isAuthenticated.ts

@@ -1,14 +1,14 @@
 import { FastifyReply, FastifyRequest } from 'fastify'
 
-const log = global.log
-module.exports = (req: FastifyRequest, res: FastifyReply, next: any) => {
+export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
   try {
     if (!!req.user?.id) {
-      return next()
+      return done()
     }
-    throw new Error('User not authenticated')
+
+    throw new Error('Unauthorized')
   } catch (err) {
     log.e && log.error(`Upps, something just happened ${err}`)
-    res.code(403).send(err)
+    return res.code(401).send(err) // must be authorized first
   }
 }

package/lib/middleware/postAuth.ts

@@ -0,0 +1,5 @@
+import { FastifyReply, FastifyRequest } from 'fastify'
+
+export async function preSerialization(req: FastifyRequest, res: FastifyReply, payload) {
+  return payload
+}

package/lib/middleware/preAuth.ts

@@ -0,0 +1,3 @@
+import { FastifyReply, FastifyRequest } from 'fastify'
+
+export async function preHandler(req: FastifyRequest, res: FastifyReply) {}

package/lib/util/generate.ts

@@ -0,0 +1,6 @@
+const { customAlphabet } = require('nanoid')
+const nanoid = customAlphabet('AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz0123456789')
+
+export function newAuthCode() {
+  return nanoid(Number(process.env.AUTH_CODE_SIZE) || 10)
+}

package/lib/util/regexp.ts

@@ -1,32 +1,34 @@
-module.exports = {
-  /*
-   * min 3 max 33, one special character (. _ -) only in the middle
-   * username can have uppercase or lowercase chars
-   */
-  username: /(?=^.{3,33}$)^[a-z][a-z0-9]*[._-]?[a-z0-9]+$/gi,
-  emailAlt:
-    /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/,
-  /*
-   * email can have multiple words
-   * email can use . - or + for smart labeling
-   */
-  email: /^\w+([\.+-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/,
-  /*
-   * password must contain 1 number (0-9)
-   * password must contain 1 uppercase chars
-   * password must contain 1 lowercase chars
-   * password must contain 1 non-alpha number
-   * password is 8-64 characters with no space
-   */
-  password: /^(?=.*\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[^\w\d\s:])([^\s]){8,64}$/gi,
-  zipCode: /(^\d{5}$)|(^\d{5}-\d{4}$)/,
-  taxCodePersona: /^[a-zA-Z]{6}[0-9]{2}[abcdehlmprstABCDEHLMPRST]{1}[0-9]{2}([a-zA-Z]{1}[0-9]{3})[a-zA-Z]{1}$/,
-  /*
-   * taxCode can have 2 letter (IT,DE,..) and 11 digits
-   */
-  taxCodeCompany: /^([A-Z]{2}|)[0-9]{11}$/,
-  iban: /^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$/,
-  mobilePhone: /^((00|\+)39)?3[0-9]{8,9}$/,
-  landLinePhone: /^(((00|\+)39))?[\s]?(0{1}[1-9]{1,3})[\s]?(\d{4,6})$/,
-  tollFreePhone: /^((00|\+)39)?(800|803|167)\d{3,6}$/
-}
+/*
+ * min 3 max 33, one special character (. _ -) only in the middle
+ * username can have uppercase or lowercase chars
+ */
+export const username = /(?=^.{3,33}$)^[a-z][a-z0-9]*[._-]?[a-z0-9]+$/gi
+export const emailAlt =
+  /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+
+/*
+ * email can have multiple words
+ * email can use . - or + for smart labeling
+ */
+export const email = /^\w+([\.+-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/
+
+/*
+ * password must contain 1 number (0-9)
+ * password must contain 1 uppercase chars
+ * password must contain 1 lowercase chars
+ * password must contain 1 non-alpha number
+ * password is 8-64 characters with no space
+ */
+export const password = /^(?=.*\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[^\w\d\s:])([^\s]){8,16}$/
+export const zipCode = /(^\d{5}$)|(^\d{5}-\d{4}$)/
+export const taxCodePersona =
+  /^[a-zA-Z]{6}[0-9]{2}[abcdehlmprstABCDEHLMPRST]{1}[0-9]{2}([a-zA-Z]{1}[0-9]{3})[a-zA-Z]{1}$/
+
+/*
+ * taxCode can have 2 letter (IT,DE,..) and 11 digits
+ */
+export const taxCodeCompany = /^([A-Z]{2}|)[0-9]{11}$/
+export const iban = /^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$/
+export const mobilePhone = /^((00|\+)39)?3[0-9]{8,9}$/
+export const landLinePhone = /^(((00|\+)39))?[\s]?(0{1}[1-9]{1,3})[\s]?(\d{4,6})$/
+export const tollFreePhone = /^((00|\+)39)?(800|803|167)\d{3,6}$/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@volcanicminds/backend",
-  "version": "0.2.28",
+  "version": "0.2.29",
   "codename": "turin",
   "license": "MIT",
   "description": "The volcanic (minds) backend",

package/types/global.d.ts

@@ -2,7 +2,7 @@ import { FastifyRequest, FastifyReply } from 'fastify'
 
 export interface AuthenticatedUser {
   id: number
-  name: string
+  username: string
   email: string
   roles: Role[]
 }
@@ -68,6 +68,20 @@ export interface ConfiguredRoute {
   }
 }
 
+export interface UserManagement {
+  createUser(data: any): any | null
+  resetExternalId(data: any): any | null
+  updateUserById(id: string, user: any): any | null
+  retrieveUserById(id: string): any | null
+  retrieveUserByEmail(email: string): any | null
+  retrieveUserByExternalId(externalId: string): any | null
+  retrieveUserByPassword(email: string, password: string): any | null
+  changePassword(email: string, password: string, oldPassword: string): any | null
+  enableUserById(id: string): any | null
+  disableUserById(id: string): any | null
+  isValidUser(data: any): boolean
+}
+
 declare module 'fastify' {
   export interface FastifyRequest {
     user?: AuthenticatedUser