@volcanicminds/backend 0.2.38 → 0.2.40

package/lib/api/auth/routes.ts

@@ -34,6 +34,7 @@ module.exports = {
             type: 'object',
             properties: {
               id: { type: 'string' },
+              _id: { type: 'string' },
               externalId: { type: 'string' },
               username: { type: 'string' },
               email: { type: 'string' },
@@ -71,6 +72,32 @@ module.exports = {
         }
       }
     },
+    {
+      method: 'POST',
+      path: '/validate-password',
+      roles: [],
+      handler: 'auth.validatePassword',
+      middlewares: [],
+      config: {
+        title: 'Validate password',
+        description: 'Validate password if valid and usable',
+        body: {
+          type: 'object',
+          properties: {
+            password: { type: 'string' }
+          }
+        },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
     {
       method: 'POST',
       path: '/change-password',
@@ -203,6 +230,7 @@ module.exports = {
             type: 'object',
             properties: {
               id: { type: 'string' },
+              _id: { type: 'string' },
               externalId: { type: 'string' },
               username: { type: 'string' },
               email: { type: 'string' },
@@ -251,6 +279,7 @@ module.exports = {
             }
           }
         },
+        body: { $ref: 'blockBodySchema' },
         response: {
           200: {
             description: 'Default response',

package/lib/api/token/controller/token.ts

@@ -0,0 +1,99 @@
+import { FastifyReply, FastifyRequest } from 'fastify'
+
+export async function count(req: FastifyRequest, reply: FastifyReply) {
+  return await req.server['tokenManager'].countQuery(req.data())
+}
+
+export async function find(req: FastifyRequest, reply: FastifyReply) {
+  const { headers, records } = await req.server['tokenManager'].findQuery(req.data())
+  return reply.type('application/json').headers(headers).send(records)
+}
+
+export async function findOne(req: FastifyRequest, reply: FastifyReply) {
+  const { id } = req.parameters()
+
+  const token = await req.server['tokenManager'].retrieveTokenById(id)
+  return token || reply.status(404).send()
+}
+
+export async function create(req: FastifyRequest, reply: FastifyReply) {
+  const data = req.data()
+
+  if (!data.name) {
+    return reply.status(404).send(Error('Token name not valid'))
+  }
+
+  // public is the default
+  const publicRole = global.roles?.public?.code || 'public'
+  data.roles = (data.requiredRoles || []).map((r) => global.roles[r]?.code).filter((r) => !!r)
+  if (!data.roles.includes(publicRole)) {
+    data.roles.push(publicRole)
+  }
+
+  let token = await req.server['tokenManager'].createToken(data)
+  if (!token || !token.getId() || !token.externalId) {
+    return reply.status(400).send(Error('Token not registered'))
+  }
+
+  const bearerToken = await reply.jwtSign({ sub: token.externalId })
+  if (!bearerToken) {
+    return reply.status(400).send(Error('Token not signed'))
+  }
+
+  token = await req.server['tokenManager'].updateTokenById(token.getId(), { token: bearerToken })
+  return token
+}
+
+export async function remove(req: FastifyRequest, reply: FastifyReply) {
+  const { id } = req.parameters()
+  if (!id) {
+    return reply.status(404).send()
+  }
+
+  let token = await req.server['tokenManager'].retrieveTokenById(id)
+  if (!token) {
+    return reply.status(403).send(Error('Token not found'))
+  }
+
+  token = await req.server['tokenManager'].removeTokenById(id)
+  return { ok: true }
+}
+
+export async function update(req: FastifyRequest, reply: FastifyReply) {
+  const { id } = req.parameters()
+  if (!id) {
+    return reply.status(404).send()
+  }
+
+  const token = await req.server['tokenManager'].retrieveTokenById(id)
+  if (!token || !token.getId()) {
+    return reply.status(404).send()
+  }
+
+  const data = req.data() || {}
+  return req.server['tokenManager'].updateTokenById(token.getId(), data)
+}
+
+export async function block(req: FastifyRequest, reply: FastifyReply) {
+  if (!req.hasRole(roles.admin) && !req.hasRole(roles.backoffice)) {
+    return reply.status(403).send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to block a user' })
+  }
+
+  const { id: userId } = req.parameters()
+  const { reason } = req.data()
+
+  const user = await req.server['tokenManager'].blockTokenById(userId, reason)
+  return { ok: !!user.getId() }
+}
+
+export async function unblock(req: FastifyRequest, reply: FastifyReply) {
+  if (!req.hasRole(roles.admin) && !req.hasRole(roles.backoffice)) {
+    return reply
+      .status(403)
+      .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to unblock a user' })
+  }
+
+  const { id: userId } = req.parameters()
+  const user = await req.server['tokenManager'].unblockTokenById(userId)
+  return { ok: !!user.getId() }
+}

package/lib/api/token/routes.ts

@@ -0,0 +1,168 @@
+module.exports = {
+  config: {
+    title: 'Integration token functions',
+    description: 'Integration token functions',
+    controller: 'controller',
+    tags: ['token'],
+    deprecated: false,
+    version: false,
+    enable: true
+  },
+  routes: [
+    {
+      method: 'GET',
+      path: '/',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.find',
+      middlewares: [],
+      config: {
+        title: 'Find tokens',
+        description: 'Get tokens list',
+        query: { $ref: 'getQueryParamsSchema' },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'array',
+            items: { $ref: 'tokenSchema#' }
+          }
+        }
+      }
+    },
+    {
+      method: 'GET',
+      path: '/count',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.count',
+      middlewares: [],
+      config: {
+        title: 'Count tokens',
+        description: 'Count tokens',
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'number'
+          }
+        }
+      }
+    },
+    {
+      method: 'GET',
+      path: '/:id',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.findOne',
+      middlewares: [],
+      config: {
+        title: 'Find token',
+        description: 'Get token by id',
+        params: { $ref: 'tokenParamsSchema#' },
+        response: {
+          200: {
+            description: 'Default response',
+            $ref: 'tokenSchema#'
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.create',
+      middlewares: ['global.isAuthenticated'],
+      config: {
+        title: 'Create new token',
+        description: 'Create a new token',
+        body: { $ref: 'tokenBodySchema' },
+        response: {
+          200: {
+            description: 'Default response',
+            $ref: 'tokenSchema#'
+          }
+        }
+      }
+    },
+    {
+      method: 'PUT',
+      path: '/:id',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.update',
+      middlewares: ['global.isAuthenticated'],
+      config: {
+        title: 'Update existing token',
+        description: 'Update an existing token',
+        params: { $ref: 'tokenParamsSchema#' },
+        body: { $ref: 'tokenBodySchema' },
+        response: {
+          200: {
+            description: 'Default response',
+            $ref: 'tokenSchema#'
+          }
+        }
+      }
+    },
+    {
+      method: 'DELETE',
+      path: '/:id',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.remove',
+      middlewares: ['global.isAuthenticated'],
+      config: {
+        title: 'Unregister existing token (actually disables it)',
+        description: 'Unregister an existing token (actually disables it)',
+        params: { $ref: 'tokenParamsSchema#' },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/block/:id',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.block',
+      middlewares: ['global.isAuthenticated'],
+      config: {
+        title: 'Block a token by id',
+        description: 'Block a token by id',
+        params: { $ref: 'tokenParamsSchema#' },
+        body: { $ref: 'blockBodySchema' },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/unblock/:id',
+      roles: [roles.admin, roles.backoffice],
+      handler: 'token.unblock',
+      middlewares: ['global.isAuthenticated'],
+      config: {
+        title: 'Unblock a token by id',
+        description: 'Unblock a token by id',
+        params: { $ref: 'tokenParamsSchema#' },
+        response: {
+          200: {
+            description: 'Default response',
+            type: 'object',
+            properties: {
+              ok: { type: 'boolean' }
+            }
+          }
+        }
+      }
+    }
+  ]
+}

package/lib/api/users/controller/user.ts

@@ -8,5 +8,5 @@ export async function user(req: FastifyRequest, reply: FastifyReply) {
 
 export async function isAdmin(req: FastifyRequest, reply: FastifyReply) {
   const user: AuthenticatedUser | undefined = req.user
-  reply.send({ isAdmin: user?.id && req.hasRole(roles.admin) })
+  reply.send({ isAdmin: user?.getId() && req.hasRole(roles.admin) })
 }

package/lib/hooks/onRequest.ts

@@ -1,5 +1,5 @@
 import { getParams, getData } from '../util/common'
-import { AuthenticatedUser, Role } from '../../types/global'
+import { AuthenticatedUser, AuthenticatedToken, Role } from '../../types/global'
 
 module.exports = async (req, reply) => {
   // request enrichment
@@ -11,24 +11,42 @@ module.exports = async (req, reply) => {
 
   // authorization check
   const auth = req.headers?.authorization || ''
-  const [prefix, token] = auth.split(' ')
+  const [prefix, bearerToken] = auth.split(' ')
   const isRoutePublic = (req.routeConfig.requiredRoles || []).some((role: Role) => role.code === roles.public.code)
 
-  if (prefix === 'Bearer' && token != null) {
+  if (prefix === 'Bearer' && bearerToken != null) {
     let user: AuthenticatedUser = {} as AuthenticatedUser
+    let token: AuthenticatedToken = {} as AuthenticatedToken
+
+    console.log('bearer ' + bearerToken)
+
     try {
-      const tokenData = reply.server.jwt.verify(token)
+      const tokenData = reply.server.jwt.verify(bearerToken)
       user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
+      console.log(user)
       if (!user) {
+        token = await req.server['tokenManager'].retrieveTokenByExternalId(tokenData?.sub)
+        console.log(token)
+      }
+      if (!user && !token) {
         return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_FOUND', message: 'User not found' })
       }
-      const isValid = await req.server['userManager'].isValidUser(user)
-      if (!isValid) {
-        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+      if (user) {
+        const isValid = await req.server['userManager'].isValidUser(user)
+        if (!isValid) {
+          return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+        }
+        // ok, we have the full user here
+        req.user = user
+      }
+      if (token) {
+        const isValid = await req.server['tokenManager'].isValidToken(token)
+        if (!isValid) {
+          return reply.status(404).send({ statusCode: 404, code: 'TOKEN_NOT_VALID', message: 'Token not valid' })
+        }
+        // ok, we have the full user here
+        req.token = token
       }
-
-      // ok, we have the full user here
-      req.user = user
     } catch (error) {
       if (!isRoutePublic) {
         throw error
@@ -38,8 +56,10 @@ module.exports = async (req, reply) => {
 
   if (req.routeConfig.requiredRoles?.length > 0) {
     const { method = '', url = '', requiredRoles } = req.routeConfig
-    const userRoles: string[] = req.user?.roles?.map((code) => code) || [roles.public?.code || 'public']
-    const resolvedRoles = userRoles.length > 0 ? requiredRoles.filter((r) => userRoles.includes(r.code)) : []
+    const authRoles: string[] = ((req.user?.roles || req.token?.roles)?.map((code) => code) as string[]) || [
+      roles.public?.code || 'public'
+    ]
+    const resolvedRoles = authRoles.length > 0 ? requiredRoles.filter((r) => authRoles.includes(r.code)) : []
 
     if (!resolvedRoles.length) {
       log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)

package/lib/middleware/isAdmin.ts

@@ -2,7 +2,7 @@ import { FastifyReply, FastifyRequest } from 'fastify'
 
 export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
   try {
-    if (req.user && req.user.id && req.hasRole(roles.admin)) {
+    if (req.user && req.user.getId() && req.hasRole(roles.admin)) {
       return done()
     }
 

package/lib/middleware/isAuthenticated.ts

@@ -2,7 +2,7 @@ import { FastifyReply, FastifyRequest } from 'fastify'
 
 export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
   try {
-    if (!!req.user?.id) {
+    if (!!req.user?.getId()) {
       return done()
     }
 

package/lib/schemas/common.ts

@@ -0,0 +1,31 @@
+export const getQueryParamsSchema = {
+  $id: 'getQueryParamsSchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    page: {
+      type: 'number',
+      description: 'Page **number** (default 1)'
+    },
+    pageSize: {
+      type: 'number',
+      description: 'Page **size** (default 25)'
+    },
+    sort: {
+      type: 'array',
+      description:
+        'Sorting **order** (default ascending).<br/>\
+        Otherwise, use the postfix `:desc` or `:asc` (like `&sort=myfield:desc`)',
+      items: { type: 'string' }
+    }
+  }
+}
+
+export const blockBodySchema = {
+  $id: 'blockBodySchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    reason: { type: 'string' }
+  }
+}

package/lib/schemas/token.ts

@@ -0,0 +1,37 @@
+export const tokenParamsSchema = {
+  $id: 'tokenParamsSchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    id: {
+      type: 'string',
+      description: 'Token id'
+    }
+  }
+}
+
+export const tokenBodySchema = {
+  $id: 'tokenBodySchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    name: { type: 'string' },
+    description: { type: 'string' },
+    requiredRoles: { type: 'array', items: { type: 'string' } }
+  }
+}
+
+export const tokenSchema = {
+  $id: 'tokenSchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    id: { type: 'string' },
+    _id: { type: 'string' },
+    externalId: { type: 'string' },
+    name: { type: 'string' },
+    description: { type: 'string' },
+    token: { type: 'string' },
+    roles: { type: 'array', items: { type: 'string' } }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@volcanicminds/backend",
-  "version": "0.2.38",
+  "version": "0.2.40",
   "codename": "turin",
   "license": "MIT",
   "description": "The volcanic (minds) backend",

package/types/global.d.ts

@@ -1,12 +1,18 @@
 import { FastifyRequest, FastifyReply } from 'fastify'
 
 export interface AuthenticatedUser {
-  id: number
+  getId(): any
   username: string
   email: string
   roles: Role[]
 }
 
+export interface AuthenticatedToken {
+  getId(): any
+  name: string
+  roles: Role[]
+}
+
 export interface Role {
   code: string
   name: string
@@ -69,25 +75,45 @@ export interface ConfiguredRoute {
 }
 
 export interface UserManagement {
+  isValidUser(data: any): boolean
   createUser(data: any): any | null
   resetExternalId(data: any): any | null
   updateUserById(id: string, user: any): any | null
   retrieveUserById(id: string): any | null
   retrieveUserByEmail(email: string): any | null
+  retrieveUserByResetPasswordToken(code: string): any | null
+  retrieveUserByConfirmationToken(code: string): any | null
+  retrieveUserByUsername(username: string): any | null
   retrieveUserByExternalId(externalId: string): any | null
   retrieveUserByPassword(email: string, password: string): any | null
   changePassword(email: string, password: string, oldPassword: string): any | null
   forgotPassword(email: string): any | null
-  userConfirmation(user: any)
   resetPassword(user: any, password: string): any | null
-  enableUserById(id: string): any | null
-  disableUserById(id: string): any | null
-  isValidUser(data: any): boolean
+  userConfirmation(user: any)
+  blockUserById(id: string, reason: string): any | null
+  unblockUserById(id: string): any | null
+  countQuery(data: any): any | null
+  findQuery(data: any): any | null
+}
+
+export interface TokenManagement {
+  isValidToken(data: any): boolean
+  createToken(data: any): any | null
+  resetExternalId(id: string): any | null
+  updateTokenById(id: string, token: any): any | null
+  retrieveTokenById(id: string): any | null
+  retrieveTokenByExternalId(id: string): any | null
+  blockTokenById(id: string, reason: string): any | null
+  unblockTokenById(id: string): any | null
+  countQuery(data: any): any | null
+  findQuery(data: any): any | null
+  removeTokenById(id: string): any | null
 }
 
 declare module 'fastify' {
   export interface FastifyRequest {
     user?: AuthenticatedUser
+    token?: AuthenticatedToken
     startedAt?: Date
     data(): Data
     parameters(): Data
@@ -102,6 +128,7 @@ declare module 'fastify' {
 
 export interface FastifyRequest extends FastifyRequest {
   user?: AuthenticatedUser
+  token?: AuthenticatedToken
   startedAt?: Date
   data(): Data
   parameters(): Data