@volcanicminds/backend 0.2.28 → 0.2.30

package/lib/api/auth/controller/auth.ts

@@ -1,31 +1,126 @@
 import { FastifyReply, FastifyRequest } from 'fastify'
-import { AuthenticatedUser } from '../../../../types/global'
+import * as regExp from '../../../util/regexp'
+
+export async function register(req: FastifyRequest, reply: FastifyReply) {
+  const { password1: password, password2, ...data } = req.data()
+
+  if (!data.username) {
+    return reply.status(404).send(Error('Username not valid'))
+  }
+  if (!data.email || !regExp.email.test(data.email)) {
+    return reply.status(404).send(Error('Email not valid'))
+  }
+  if (!password || !regExp.password.test(password)) {
+    return reply.status(404).send(Error('Password not valid'))
+  }
+  if (!password2 || password2 !== password) {
+    return reply.status(404).send(Error('Repeated password not match'))
+  }
+
+  // public is the default
+  const publicRole = global.roles?.public?.code || 'public'
+  data.roles = (data.requiredRoles || []).map((r) => global.roles[r]?.code).filter((r) => !!r)
+  if (!data.roles.includes(publicRole)) {
+    data.roles.push(publicRole)
+  }
+
+  const user = await req.server['userManager'].createUser({ ...data, password: password })
+  if (!user) {
+    return reply.status(400).send(Error('User not registered'))
+  }
+
+  return user
+}
+
+export async function unregister(req: FastifyRequest, reply: FastifyReply) {
+  const { email, password } = req.data()
+
+  let user = await req.server['userManager'].retrieveUserByPassword(email, password)
+  let isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong credentials'))
+  }
+
+  if (!user.enabled) {
+    return reply.status(403).send(Error('User not enabled'))
+  }
+
+  user = await req.server['userManager'].disableUserById(user?.id)
+  isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(400).send(Error('User not valid'))
+  }
+
+  return { ok: true }
+}
+
+export async function changePassword(req: FastifyRequest, reply: FastifyReply) {
+  const { email, oldPassword, newPassword1, newPassword2 } = req.data()
+
+  if (!newPassword1 || !regExp.password.test(newPassword1)) {
+    return reply.status(404).send(Error('New password not valid'))
+  }
+
+  if (!newPassword2 || newPassword2 !== newPassword1) {
+    return reply.status(404).send(Error('Repeated new password not match'))
+  }
+
+  let user = await req.server['userManager'].retrieveUserByPassword(email, oldPassword)
+  let isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong credentials'))
+  }
+
+  if (!user.enabled) {
+    return reply.status(403).send(Error('User not enabled'))
+  }
+
+  user = await req.server['userManager'].changePassword(email, newPassword1, oldPassword)
+  isValid = await req.server['userManager'].isValidUser(user)
+  return { ok: isValid }
+}
 
 export async function login(req: FastifyRequest, reply: FastifyReply) {
-  const { email = '', password = '' } = req.data()
-
-  // TODO: use UserManagement.find and check password
-  // demo code here
-  const username = email.substr(0, email.indexOf('@')) || 'jerry'
-  const roleList = [username === 'admin' ? roles.admin : username === 'vminds' ? roles.backoffice : roles.public]
-  const user =
-    username !== null
-      ? ({
-          id: 306, // user id
-          name: username, // optional
-          email: email,
-          roles: roleList
-        } as AuthenticatedUser)
-      : null
-
-  // TODO: review if email is important to include in token (for a security purpose)
+  const { email, password } = req.data()
+
+  if (!email || !regExp.email.test(email)) {
+    return reply.status(404).send(Error('Email not valid'))
+  }
+  if (!password || !regExp.password.test(password)) {
+    return reply.status(404).send(Error('Password not valid'))
+  }
+
+  const user = await req.server['userManager'].retrieveUserByPassword(email, password)
+  const isValid = await req.server['userManager'].isValidUser(user)
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong credentials'))
+  }
+
+  if (!user.enabled) {
+    return reply.status(403).send(Error('User not enabled'))
+  }
+
+  // log.trace('User: ' + JSON.stringify(user) + ' ' + roles)
   // https://www.iana.org/assignments/jwt/jwt.xhtml
-  const token = user !== null ? await reply.jwtSign({ sub: user.id, name: user.name, email: user.email }) : null
-  reply.send({ ...user, token: token || null, roles: roleList.map((r) => r.code) })
+  const token = user !== null ? await reply.jwtSign({ sub: user.externalId }) : null
+  return {
+    ...user,
+    token: token || null,
+    roles: (user.roles || [global.role?.public?.code || 'public']).map((r) => r?.code || r)
+  }
 }
 
-export async function demo(req: FastifyRequest, reply: FastifyReply) {
-  // JSON.stringify(req.user)
+export async function invalidateTokens(req: FastifyRequest, reply: FastifyReply) {
+  let isValid = await req.server['userManager'].isValidUser(req.user)
+  if (!isValid) {
+    return reply.status(403).send(Error('User not linked'))
+  }
 
-  reply.send({ ok: req.user })
+  const user = await req.server['userManager'].resetExternalId(req.user?.id)
+  isValid = await req.server['userManager'].isValidUser(user)
+  return { ok: isValid }
 }

package/lib/api/auth/routes.ts

@@ -1,20 +1,111 @@
 module.exports = {
   config: {
-    title: 'User useful functions',
-    description: 'User useful functions',
+    title: 'Authentication functions',
+    description: 'Authentication functions',
     controller: 'controller',
     tags: ['auth'],
-
     deprecated: false,
-    version: false
+    version: false,
+    enable: true
   },
   routes: [
+    {
+      method: 'POST',
+      path: '/register',
+      roles: [],
+      handler: 'auth.register',
+      middlewares: ['global.preAuth', 'global.postAuth'],
+      config: {
+        title: 'Register new user',
+        description: 'Register a new user',
+        body: {
+          type: 'object',
+          properties: {
+            username: { type: 'string' },
+            email: { type: 'string' },
+            password1: { type: 'string' },
+            password2: { type: 'string' },
+            requiredRoles: { type: 'array', items: { type: 'string' } }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
+              email: { type: 'string' },
+              enabled: { type: 'boolean' },
+              roles: { type: 'array', items: { type: 'string' } }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/unregister',
+      roles: [],
+      handler: 'auth.unregister',
+      middlewares: ['global.preAuth', 'global.postAuth'],
+      config: {
+        title: 'Unregister existing user',
+        description: 'Unregister an existing user',
+        body: {
+          type: 'object',
+          properties: {
+            email: { type: 'string' },
+            password: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/change-password',
+      roles: [],
+      handler: 'auth.changePassword',
+      middlewares: [],
+      config: {
+        title: 'Change password',
+        description: 'Change password for an existing user',
+        body: {
+          type: 'object',
+          properties: {
+            email: { type: 'string' },
+            oldPassword: { type: 'string' },
+            newPassword1: { type: 'string' },
+            newPassword2: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
     {
       method: 'POST',
       path: '/login',
       roles: [],
       handler: 'auth.login',
-      middlewares: [],
+      middlewares: ['global.preAuth', 'global.postAuth'],
       config: {
         title: 'Login',
         description: 'Basic login authentication',
@@ -30,24 +121,26 @@ module.exports = {
             description: 'Default response',
             type: 'object',
             properties: {
-              id: { type: 'number' },
-              name: { type: 'string' },
-              token: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } }
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
+              email: { type: 'string' },
+              roles: { type: 'array', items: { type: 'string' } },
+              token: { type: 'string' }
             }
           }
         }
       }
     },
     {
-      method: 'GET',
-      path: '/demo',
+      method: 'POST',
+      path: '/invalidate-tokens',
       roles: [],
-      handler: 'auth.demo',
+      handler: 'auth.invalidateTokens',
       middlewares: ['global.isAuthenticated'],
       config: {
-        title: 'For debug purpose',
-        description: 'Demo login authentication',
+        title: 'Invalidate all tokens',
+        description: 'Invalidate all tokens',
         response: {
           200: {
             description: 'Default response',

package/lib/api/health/routes.ts

@@ -1,7 +1,7 @@
 module.exports = {
   config: {
-    title: 'Health useful functions',
-    description: 'Health useful functions',
+    title: 'Health functions',
+    description: 'Health functions',
     controller: 'controller',
     tags: ['health']
   },

package/lib/api/users/routes.ts

@@ -1,7 +1,7 @@
 module.exports = {
   config: {
-    title: 'User useful functions',
-    description: 'User useful functions',
+    title: 'User functions',
+    description: 'User functions',
     controller: 'controller',
     tags: ['users'],
     version: false
@@ -10,25 +10,27 @@ module.exports = {
     {
       method: 'GET',
       path: '/',
-      roles: [],
+      roles: [roles.public],
       handler: 'user.user',
       middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Get current user',
         description: 'Get current user',
         response: {
-          403: {
-            description: 'Unauthorized',
-            type: 'string'
-          },
           200: {
             description: 'Default response',
             type: 'object',
             properties: {
-              id: { type: 'number' },
-              name: { type: 'string' },
+              id: { type: 'string' },
+              externalId: { type: 'string' },
+              username: { type: 'string' },
               email: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } }
+              enabled: { type: 'boolean' },
+              enabledAt: { type: 'string' },
+              roles: { type: 'array', items: { type: 'string' } },
+              createdAt: { type: 'string' },
+              version: { type: 'number' },
+              updatedAt: { type: 'string' }
             }
           }
         }
@@ -44,10 +46,6 @@ module.exports = {
         title: 'Check if is an admin',
         description: 'Check if the current user is an admin',
         response: {
-          403: {
-            description: 'Unauthorized',
-            type: 'string'
-          },
           200: {
             description: 'Default response',
             type: 'object',

package/lib/hooks/onRequest.ts

@@ -6,8 +6,8 @@ module.exports = async (req, reply) => {
   log.i && (req.startedAt = new Date())
   req.data = () => getData(req)
   req.parameters = () => getParams(req)
-  req.roles = () => ((req.user && req.user.roles) || []).map((role: Role) => role?.code) || []
-  req.hasRole = (r: Role) => ((req.user && req.user.roles) || []).some((role: Role) => role?.code === r?.code)
+  req.roles = () => (req.user ? req.user.roles : [roles.public])
+  req.hasRole = (r: Role) => (req.user ? req.user.roles : [roles.public]).some((role) => role === r?.code)
 
   // authorization check
   const auth = req.headers?.authorization || ''
@@ -15,23 +15,17 @@ module.exports = async (req, reply) => {
   const isRoutePublic = (req.routeConfig.requiredRoles || []).some((role: Role) => role.code === roles.public.code)
 
   if (prefix === 'Bearer' && token != null) {
-    const user: AuthenticatedUser = {} as AuthenticatedUser
+    let user: AuthenticatedUser = {} as AuthenticatedUser
     try {
       const tokenData = reply.server.jwt.verify(token)
-      user.id = tokenData.sub
-      user.name = tokenData.name
-      user.email = tokenData.email
-      user.roles = [roles.public, roles.admin]
-
-      // if (global.npmDebugServerStarted) {
-      //   user.id = user.id || 123
-      //   user.name = user.name || 'Jerry Seinfeld'
-      //   user.email = user.email || 'jerry@george.com'
-      //   user.roles = [roles.public, roles.backoffice]
-      //   log.debug('Inject demo user ' + user.id)
-      // }
-
-      //TODO: recall plugin UserManagement for find user or error
+      user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
+      if (!user) {
+        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_FOUND', message: 'User not found' })
+      }
+      const isValid = await req.server['userManager'].isValidUser(user)
+      if (!isValid) {
+        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+      }
 
       // ok, we have the full user here
       req.user = user
@@ -40,18 +34,18 @@ module.exports = async (req, reply) => {
         throw error
       }
     }
+  }
 
-    if (req.routeConfig.requiredRoles?.length > 0) {
-      const { method = '', url = '', requiredRoles } = req.routeConfig
-      const userRoles: string[] = req.user?.roles?.map(({ code }) => code) || []
-      const resolvedRoles = userRoles.length > 0 ? requiredRoles.filter((r) => userRoles.includes(r.code)) : []
+  if (req.routeConfig.requiredRoles?.length > 0) {
+    const { method = '', url = '', requiredRoles } = req.routeConfig
+    const userRoles: string[] = req.user?.roles?.map((code) => code) || []
+    const resolvedRoles = userRoles.length > 0 ? requiredRoles.filter((r) => userRoles.includes(r.code)) : []
 
-      if (!resolvedRoles.length) {
-        log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)
-        return reply
-          .code(403)
-          .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to call this route' })
-      }
+    if (!resolvedRoles.length) {
+      log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)
+      return reply
+        .status(403)
+        .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to call this route' })
     }
   }
 }

package/lib/loader/plugins.ts

@@ -13,7 +13,6 @@ export function load() {
       configPlugins.forEach((plugin) => {
         plugins[plugin.name] = plugin.enable ? plugin.options : false
         log.t && log.trace(`* Plugin ${plugin.name} ${plugin.enable ? 'enabled' : 'disabled'}`)
-        log.error(plugin)
       })
     })
   })

package/lib/loader/router.ts

@@ -1,3 +1,4 @@
+import yn from '../util/yn'
 import { Route, ConfiguredRoute, RouteConfig } from '../../types/global'
 import { FastifyReply, FastifyRequest } from 'fastify'
 
@@ -8,6 +9,7 @@ const methods = ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'PATCH', 'OPTIONS']
 export function load(): ConfiguredRoute[] {
   const validRoutes: ConfiguredRoute[] = []
   const patterns = [`${__dirname}/../api/**/routes.{ts,js}`, `${process.cwd()}/src/api/**/routes.{ts,js}`]
+  const authMiddlewares = ['global.isAuthenticated', 'global.isAdmin']
 
   patterns.forEach((pattern) => {
     log.t && log.trace('Looking for ' + pattern)
@@ -20,11 +22,6 @@ export function load(): ConfiguredRoute[] {
       const routesjs = require(f)
       const { routes = [], config: defaultConfig = {} } = routesjs || {}
 
-      // adjust default config
-      if (!defaultConfig.enable) defaultConfig.enable = true
-      if (defaultConfig.deprecated == null) defaultConfig.deprecated = false
-      if (defaultConfig.controller == null) defaultConfig.controller = 'controller'
-
       log.t && log.trace(`* Add ${routes.length} routes from ${file}`)
 
       routes.forEach((route: Route, index: number) => {
@@ -35,14 +32,15 @@ export function load(): ConfiguredRoute[] {
           handler,
           config = {} as RouteConfig,
           middlewares = [],
-          roles: requiredRole = []
+          roles: rs = []
         } = route
 
-        if (
-          !config?.security &&
-          (requiredRole.some((r) => r.code !== roles.public.code) ||
-            middlewares.some((m) => m === 'global.isAuthenticated'))
-        ) {
+        const requiredRoles = !rs.length ? [roles.public] : rs
+        const reqAuth: boolean =
+          middlewares.some((m) => authMiddlewares.includes(m)) ||
+          requiredRoles.every((r) => r.code !== roles.public.code)
+
+        if (!config?.security && reqAuth) {
           config.security = 'bearer'
         }
 
@@ -50,11 +48,11 @@ export function load(): ConfiguredRoute[] {
         const {
           title = '',
           description = '',
-          enable = defaultConfig.enable || true,
-          deprecated = defaultConfig.deprecated || false,
-          tags = defaultConfig.tags || false,
+          enable = yn(defaultConfig.enable, true),
+          deprecated = yn(defaultConfig.deprecated, false),
+          tags = defaultConfig.tags,
           version = defaultConfig.version || '',
-          security = defaultConfig.security || undefined,
+          security = defaultConfig.security,
           query,
           params,
           body,
@@ -90,25 +88,26 @@ export function load(): ConfiguredRoute[] {
           }
         }
 
-        if (errors.length == 0) {
-          enable
-            ? log.t &&
-              log.trace(
-                `* Method [${method}] path ${endpoint} handler ${handler} enabled with ${
-                  middlewares?.length || 0
-                } middlewares`
-              )
-            : log.w && log.warn(`* Method [${method}] path ${endpoint} handler ${handler} disabled. Skip.`)
-
+        const toAdd = enable && errors.length === 0
+        toAdd
+          ? log.t &&
+            log.trace(
+              `* Method [${method}] path ${endpoint} handler ${handler} enabled with ${
+                middlewares?.length || 0
+              } middlewares`
+            )
+          : log.w && log.warn(`* Method [${method}] path ${endpoint} handler ${handler} disabled. Skip.`)
+
+        toAdd &&
           validRoutes.push({
             handler,
             method,
             path: '/' + endpoint,
             middlewares,
-            roles: requiredRole,
+            roles: requiredRoles,
             enable,
             base,
-            file: path.join(base, defaultConfig.controller, handlerParts[0]),
+            file: path.join(base, defaultConfig.controller || 'controller', handlerParts[0]),
             func: handlerParts[1],
             // swagger: doc
             doc: {
@@ -124,7 +123,6 @@ export function load(): ConfiguredRoute[] {
               response
             }
           })
-        }
       })
     })
   })
@@ -133,26 +131,65 @@ export function load(): ConfiguredRoute[] {
   return validRoutes
 }
 
-function normalizeMiddlewarePath(base: string, middleware: string = '') {
+async function tryToLoadFile(fileName: string) {
+  return new Promise((resolve, reject) => {
+    try {
+      const required = fileName ? require(fileName) : null
+      resolve(required)
+    } catch (err) {
+      reject(err)
+    }
+  })
+}
+
+async function loadMiddleware(base: string, middleware: string = '') {
   const key = 'global.'
-  const idx = middleware.indexOf(key)
-  return idx == 0
-    ? path.resolve(__dirname + '/../middleware/' + middleware.substring(key.length))
-    : path.resolve(base + '/middleware/' + middleware)
+  const isGlobal = middleware.indexOf(key) > -1
+  let required: any = null
+
+  if (isGlobal) {
+    const name = middleware.substring(key.length)
+    required = await tryToLoadFile(path.resolve(process.cwd() + '/src/middleware/' + name)).catch(async () => {
+      return await tryToLoadFile(path.resolve(__dirname + '/../middleware/' + name))
+    })
+  } else {
+    required = await tryToLoadFile(path.resolve(base + '/middleware/' + middleware))
+  }
+
+  if (!required) {
+    log.error(`Middleware ${middleware} not loaded`)
+    throw new Error(`Middleware ${middleware} not loaded`)
+  }
+  return required
 }
 
+async function loadMiddlewares(base: string, middlewares: string[] = []) {
+  const midds = {}
+  await Promise.all(
+    middlewares.map(async (m) => {
+      const middleware = await loadMiddleware(base, m)
+      Object.keys(middleware).map((name) => (midds[name] = [...(midds[name] || []), middleware[name]]))
+    })
+  )
+  // log.debug(base + ' middleware ' + middlewares.length + ' -> ' + Object.keys(midds))
+  return midds
+}
+
+// preParsing, preValidation, preHandler, preSerialization, ..
+
 export function apply(server: any, routes: ConfiguredRoute[]): void {
   log.t && log.trace(`Apply ${routes.length} routes to server with pid ${process.pid}`)
 
   routes.forEach(async ({ handler, method, path, middlewares, roles, enable, base, file, func, doc }) => {
     if (enable) {
       log.t && log.trace(`* Add path ${method} ${path} on handle ${handler}`)
+      const midds = await loadMiddlewares(base, middlewares)
 
       server.route({
         method: method,
         path: path,
         schema: doc,
-        preHandler: (middlewares || []).map((m) => require(normalizeMiddlewarePath(base, m))),
+        ...midds,
         config: {
           requiredRoles: roles || []
         },

package/lib/loader/schemas.ts

@@ -15,9 +15,13 @@ export function apply(server: any): void {
       schemaNames.map((name) => {
         const schema = schemaClass[name]
         if (schema != null) {
-          log.trace(`* Schema [${schema.$id}] loaded from ${schemaFileName}`)
-          server.addSchema(schema)
-          schemaCount++
+          if (schema?.$id) {
+            log.trace(`* Schema [${schema.$id}] loaded from ${schemaFileName}`)
+            server.addSchema(schema)
+            schemaCount++
+          } else {
+            log.warn(`* Schema [${schema.$id}] not loaded from ${schemaFileName}`)
+          }
         }
       })
     })

package/lib/middleware/isAdmin.ts

@@ -1,11 +1,11 @@
 import { FastifyReply, FastifyRequest } from 'fastify'
 
-const log = global.log
-module.exports = (req: FastifyRequest, res: FastifyReply, next: any) => {
+export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
   try {
     if (req.user && req.user.id && req.hasRole(roles.admin)) {
-      return next()
+      return done()
     }
+
     throw new Error('User without this privilege')
   } catch (err) {
     log.e && log.error(`Upps, something just happened ${err}`)