@volcanicminds/backend 0.2.43 → 0.3.1

package/dist/lib/util/path.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path.js","sourceRoot":"","sources":["../../../lib/util/path.ts"],"names":[],"mappings":";;;AAAA,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAC5B,SAAgB,iBAAiB,CAAC,KAAoB,EAAE,KAAoB;IAE1E,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC;KACzD,CAAA;AACH,CAAC;AAND,8CAMC"}

package/index.ts

@@ -78,6 +78,9 @@ async function addFastifySwagger(fastify: FastifyInstance) {
   if (loadSwagger) {
     log.trace('Add swagger plugin')
 
+    const fs = require('fs')
+    const contents = fs.readFileSync('logo-dark.png', { encoding: 'base64' })
+
     await fastify.register(swagger, {
       swagger: {
         info: {
@@ -118,17 +121,14 @@ async function addFastifySwagger(fastify: FastifyInstance) {
         docExpansion: 'list',
         deepLinking: true,
         defaultModelsExpandDepth: 1
+      },
+      logo: {
+        type: 'image/png',
+        content: Buffer.from(contents, 'base64')
+      },
+      theme: {
+        title: SWAGGER_TITLE
       }
-      // uiHooks: {
-      //   onRequest: function (request, reply, next) {
-      //     next()
-      //   },
-      //   preHandler: function (request, reply, next) {
-      //     next()
-      //   }
-      // }
-      // staticCSP: true,
-      // transformStaticCSP: (header) => header
     })
   }
 }
@@ -142,8 +142,15 @@ const start = async (decorators) => {
   const fastify = await Fastify(opts)
 
   const { HOST: host = '0.0.0.0', PORT: port = '2230', GRAPHQL } = process.env
-  const { JWT_SECRET, JWT_EXPIRES_IN = '15d' } = process.env
-
+  const {
+    JWT_SECRET = '',
+    JWT_EXPIRES_IN = '15d',
+    JWT_REFRESH = 'true',
+    JWT_REFRESH_SECRET = '',
+    JWT_REFRESH_EXPIRES_IN = '180d'
+  } = process.env
+
+  const loadRefreshJWT = yn(JWT_REFRESH, true)
   const loadApollo = yn(GRAPHQL, false)
   const plugins = loaderPlugins.load()
 
@@ -156,10 +163,18 @@ const start = async (decorators) => {
   // JWT Validator
   log.t && log.trace(`Add JWT - expiresIn: ${JWT_EXPIRES_IN}`)
   await fastify.register(jwtValidator, {
-    secret: JWT_SECRET || 'supersecret',
+    secret: JWT_SECRET,
     sign: { expiresIn: JWT_EXPIRES_IN }
   })
 
+  if (loadRefreshJWT) {
+    await fastify.register(jwtValidator, {
+      namespace: 'refreshToken',
+      secret: JWT_REFRESH_SECRET || JWT_SECRET,
+      sign: { expiresIn: JWT_REFRESH_EXPIRES_IN }
+    })
+  }
+
   const apollo = loadApollo ? await attachApollo(fastify) : null
   await addFastifySwagger(fastify)
   await addApolloRouting(fastify, apollo)
@@ -168,6 +183,9 @@ const start = async (decorators) => {
   // defaults
   decorators = {
     userManager: {
+      isImplemented() {
+        return false
+      },
       isValidUser(data: any) {
         throw Error('Not implemented')
       },
@@ -207,7 +225,7 @@ const start = async (decorators) => {
       forgotPassword(email: string) {
         throw Error('Not implemented')
       },
-      userConfirmation(email: string) {
+      userConfirmation(user: any) {
         throw Error('Not implemented')
       },
       resetPassword(user: any, password: string) {
@@ -227,6 +245,9 @@ const start = async (decorators) => {
       }
     } as UserManagement,
     tokenManager: {
+      isImplemented() {
+        return false
+      },
       isValidToken(data: any) {
         throw Error('Not implemented')
       },

package/lib/api/auth/controller/auth.ts

@@ -4,31 +4,32 @@ import * as regExp from '../../../util/regexp'
 export async function register(req: FastifyRequest, reply: FastifyReply) {
   const { password1: password, password2, ...data } = req.data()
 
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!data.username) {
-    return reply.status(404).send(Error('Username not valid'))
+    return reply.status(400).send(Error('Username not valid'))
   }
   if (!data.email || !regExp.email.test(data.email)) {
-    return reply.status(404).send(Error('Email not valid'))
+    return reply.status(400).send(Error('Email not valid'))
   }
   if (!password || !regExp.password.test(password)) {
-    return reply.status(404).send(Error('Password not valid'))
+    return reply.status(400).send(Error('Password not valid'))
   }
   if (!password2 || password2 !== password) {
-    return reply.status(404).send(Error('Repeated password not match'))
+    return reply.status(400).send(Error('Repeated password not match'))
   }
 
   let existings = await req.server['userManager'].retrieveUserByEmail(data.email)
   if (existings) {
-    return reply.status(404).send(Error('Email already registered'))
+    return reply.status(400).send(Error('Email already registered'))
   }
 
-  console.log('role ' + data.requiredRoles)
   if ((data.requiredRoles || []).includes('admin')) {
-    console.log('requiredRoles ' + data.requiredRoles)
     existings = await req.server['userManager'].findQuery({ 'roles:in': 'admin' })
-    console.log('existings ' + existings)
-    if (existings) {
-      return reply.status(404).send(Error('User admin already registered'))
+    if (existings?.records?.length) {
+      return reply.status(400).send(Error('User admin already registered'))
     }
   }
 
@@ -89,6 +90,10 @@ export async function validatePassword(req: FastifyRequest, reply: FastifyReply)
 export async function changePassword(req: FastifyRequest, reply: FastifyReply) {
   const { email, oldPassword, newPassword1, newPassword2 } = req.data()
 
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!newPassword1 || !regExp.password.test(newPassword1)) {
     return reply.status(400).send(Error('New password is not valid'))
   }
@@ -116,6 +121,10 @@ export async function changePassword(req: FastifyRequest, reply: FastifyReply) {
 export async function forgotPassword(req: FastifyRequest, reply: FastifyReply) {
   const { username, email } = req.data()
 
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!username && (!email || (email && !regExp.email.test(email)))) {
     return reply.status(400).send(Error('Missing a valid user identifier'))
   }
@@ -170,6 +179,10 @@ export async function confirmEmail(req: FastifyRequest, reply: FastifyReply) {
 export async function resetPassword(req: FastifyRequest, reply: FastifyReply) {
   const { code, newPassword1, newPassword2 } = req.data()
 
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!newPassword1 || !regExp.password.test(newPassword1)) {
     return reply.status(400).send(Error('New password not valid'))
   }
@@ -197,15 +210,21 @@ export async function resetPassword(req: FastifyRequest, reply: FastifyReply) {
 export async function login(req: FastifyRequest, reply: FastifyReply) {
   const { email, password } = req.data()
 
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!email || !regExp.email.test(email)) {
-    return reply.status(404).send(Error('Email not valid'))
+    return reply.status(400).send(Error('Email not valid'))
   }
   if (!password || !regExp.password.test(password)) {
-    return reply.status(404).send(Error('Password not valid'))
+    return reply.status(400).send(Error('Password not valid'))
   }
 
   const user = await req.server['userManager'].retrieveUserByPassword(email, password)
   const isValid = await req.server['userManager'].isValidUser(user)
+  // const user = { confirmed: true, blocked: false, externalId: 123456, roles: [{ code: 'admin' }] }
+  // const isValid = true
 
   if (!isValid) {
     return reply.status(403).send(Error('Wrong credentials'))
@@ -219,13 +238,46 @@ export async function login(req: FastifyRequest, reply: FastifyReply) {
     return reply.status(403).send(Error('User blocked'))
   }
 
-  // log.trace('User: ' + JSON.stringify(user) + ' ' + roles)
   // https://www.iana.org/assignments/jwt/jwt.xhtml
-  const token = user !== null ? await reply.jwtSign({ sub: user.externalId }) : null
+  const token = await reply.jwtSign({ sub: user.externalId })
+  const refreshToken = reply.server.jwt['refreshToken']
+    ? await reply.server.jwt['refreshToken'].sign({ sub: user.externalId })
+    : undefined
+
   return {
     ...user,
-    token: token || null,
-    roles: (user.roles || [global.role?.public?.code || 'public']).map((r) => r?.code || r)
+    roles: (user.roles || [global.role?.public?.code || 'public']).map((r) => r?.code || r),
+    token: token,
+    refreshToken
+  }
+}
+
+export async function refreshToken(req: FastifyRequest, reply: FastifyReply) {
+  const { token, refreshToken } = req.data()
+
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
+  const tokenData = (await reply.server.jwt.decode(token)) as any
+  const refreshTokenData = await reply.server.jwt['refreshToken'].verify(refreshToken)
+
+  if (tokenData?.sub && tokenData?.sub !== refreshTokenData?.sub) {
+    return reply.status(403).send(Error('Mismatched tokens'))
+  }
+
+  const user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
+  const isValid = await req.server['userManager'].isValidUser(user)
+  // const user = { confirmed: true, blocked: false, externalId: 123456, roles: [{ code: 'admin' }] }
+  // const isValid = true
+
+  if (!isValid) {
+    return reply.status(403).send(Error('Wrong refresh token'))
+  }
+
+  const newToken = await reply.jwtSign({ sub: user.externalId })
+  return {
+    token: newToken
   }
 }
 
@@ -241,6 +293,10 @@ export async function invalidateTokens(req: FastifyRequest, reply: FastifyReply)
 }
 
 export async function block(req: FastifyRequest, reply: FastifyReply) {
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!req.hasRole(roles.admin) && !req.hasRole(roles.backoffice)) {
     return reply.status(403).send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to block a user' })
   }
@@ -253,6 +309,10 @@ export async function block(req: FastifyRequest, reply: FastifyReply) {
 }
 
 export async function unblock(req: FastifyRequest, reply: FastifyReply) {
+  if (!req.server['userManager'].isImplemented()) {
+    throw Error('Not implemented')
+  }
+
   if (!req.hasRole(roles.admin) && !req.hasRole(roles.backoffice)) {
     return reply
       .status(403)

package/lib/api/auth/routes.ts

@@ -74,7 +74,7 @@ module.exports = {
       path: '/forgot-password',
       roles: [],
       handler: 'auth.forgotPassword',
-      middlewares: ['global.dispatchForgotPasswordLink'],
+      middlewares: ['global.preForgotPasswordHandler', 'global.dispatchForgotPasswordLink'],
       config: {
         title: 'Forgot password',
         description: 'Forgot password for an existing user given the email or username',
@@ -125,19 +125,22 @@ module.exports = {
         description: 'Basic login authentication',
         body: { $ref: 'authLoginBodySchema#' },
         response: {
-          200: {
-            description: 'Default response',
-            type: 'object',
-            properties: {
-              id: { type: 'string' },
-              _id: { type: 'string' },
-              externalId: { type: 'string' },
-              username: { type: 'string' },
-              email: { type: 'string' },
-              roles: { type: 'array', items: { type: 'string' } },
-              token: { type: 'string' }
-            }
-          }
+          200: { $ref: 'authLoginResponseSchema#' }
+        }
+      }
+    },
+    {
+      method: 'POST',
+      path: '/refresh-token',
+      roles: [],
+      handler: 'auth.refreshToken',
+      middlewares: [],
+      config: {
+        title: 'Refresh authentication token',
+        description: 'Refresh login authentication token',
+        body: { $ref: 'authRefreshTokenBodySchema#' },
+        response: {
+          200: { $ref: 'authRefreshTokenResponseSchema#' }
         }
       }
     },

package/lib/api/token/controller/token.ts

@@ -38,7 +38,7 @@ export async function create(req: FastifyRequest, reply: FastifyReply) {
   const bearerToken = await reply.jwtSign(
     { sub: token.externalId },
     {
-      sign: { expiresIn: undefined }
+      sign: { expiresIn: data?.expiresIn || undefined }
     }
   )
   if (!bearerToken) {

package/lib/api/token/routes.ts

@@ -72,7 +72,7 @@ module.exports = {
       config: {
         title: 'Create new token',
         description: 'Create a new token',
-        body: { $ref: 'tokenBodySchema' },
+        body: { $ref: 'tokenCreateBodySchema' },
         response: {
           200: {
             description: 'Default response',
@@ -91,7 +91,7 @@ module.exports = {
         title: 'Update existing token',
         description: 'Update an existing token',
         params: { $ref: 'onlyIdSchema#' },
-        body: { $ref: 'tokenBodySchema' },
+        body: { $ref: 'tokenUpdateBodySchema' },
         response: {
           200: {
             description: 'Default response',

package/lib/config/plugins.ts

@@ -3,8 +3,41 @@
 module.exports = [
   {
     name: 'cors',
-    enable: false,
-    options: {}
+    enable: true,
+    options: {
+      origin: '*',
+      methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS', 'HEAD'],
+      maxAge: 31536000,
+      credentials: true,
+      allowedHeaders: [
+        'Accept',
+        'Accept-Language',
+        'Content-Language',
+        'Content-Type',
+        'Content-Length',
+        'Authorization',
+        'Origin',
+        'v-total',
+        'v-count',
+        'v-page',
+        'v-pageSize',
+        'v-pageCount'
+      ],
+      exposedHeaders: [
+        'Accept',
+        'Accept-Language',
+        'Content-Language',
+        'Content-Type',
+        'Content-Length',
+        'Authorization',
+        'Origin',
+        'v-total',
+        'v-count',
+        'v-page',
+        'v-pageSize',
+        'v-pageCount'
+      ]
+    }
   },
   {
     name: 'rateLimit',

package/lib/loader/hooks.ts

@@ -1,3 +1,5 @@
+import { normalizePatterns } from '../util/path'
+
 const hooks = [
   'onRequest',
   'onError',
@@ -18,7 +20,7 @@ const glob = require('glob')
 const path = require('path')
 
 export function apply(server: any): void {
-  const patterns = [`${__dirname}/../hooks/*.{ts,js}`, `${process.cwd()}/src/hooks/*.{ts,js}`]
+  const patterns = normalizePatterns(['..', 'hooks', '*.{ts,js}'], ['src', 'hooks', '*.{ts,js}'])
   const allHooks: any = hooks.reduce((acc, v) => ({ ...acc, [v]: [] as Function[] }), {})
 
   patterns.forEach((pattern) => {

package/lib/loader/plugins.ts

@@ -1,11 +1,12 @@
 import { config } from 'dotenv'
+import { normalizePatterns } from '../util/path'
 
 const glob = require('glob')
 
 export function load() {
   const plugins: any = {}
 
-  const patterns = [`${__dirname}/../config/plugins.{ts,js}`, `${process.cwd()}/src/config/plugins.{ts,js}`]
+  const patterns = normalizePatterns(['..', 'config', 'plugins.{ts,js}'], ['src', 'config', 'plugins.{ts,js}'])
   patterns.forEach((pattern) => {
     log.t && log.trace('Looking for ' + pattern)
     glob.sync(pattern).forEach((f: string) => {

package/lib/loader/roles.ts

@@ -1,10 +1,11 @@
 import { Role, Roles } from '../../types/global'
+import { normalizePatterns } from '../util/path'
 const glob = require('glob')
 
 export function load() {
   const roles: Roles = {}
 
-  const patterns = [`${__dirname}/../config/roles.{ts,js}`, `${process.cwd()}/src/config/roles.{ts,js}`]
+  const patterns = normalizePatterns(['..', 'config', 'roles.{ts,js}'], ['src', 'config', 'roles.{ts,js}'])
   patterns.forEach((pattern) => {
     log.t && log.trace('Looking for ' + pattern)
     glob.sync(pattern).forEach((f: string) => {

package/lib/loader/router.ts

@@ -1,6 +1,7 @@
 import yn from '../util/yn'
 import { Route, ConfiguredRoute, RouteConfig } from '../../types/global'
 import { FastifyReply, FastifyRequest } from 'fastify'
+import { normalizePatterns } from '../util/path'
 
 const glob = require('glob')
 const path = require('path')
@@ -8,7 +9,7 @@ const methods = ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'PATCH', 'OPTIONS']
 
 export function load(): ConfiguredRoute[] {
   const validRoutes: ConfiguredRoute[] = []
-  const patterns = [`${__dirname}/../api/**/routes.{ts,js}`, `${process.cwd()}/src/api/**/routes.{ts,js}`]
+  const patterns = normalizePatterns(['..', 'api', '**', 'routes.{ts,js}'], ['src', 'api', '**', 'routes.{ts,js}'])
   const authMiddlewares = ['global.isAuthenticated', 'global.isAdmin']
 
   patterns.forEach((pattern) => {

package/lib/loader/schemas.ts

@@ -1,8 +1,10 @@
+import { normalizePatterns } from '../util/path'
+
 const glob = require('glob')
 const path = require('path')
 
 export function apply(server: any): void {
-  const patterns = [`${__dirname}/../schemas/*.{ts,js}`, `${process.cwd()}/src/schemas/*.{ts,js}`]
+  const patterns = normalizePatterns(['..', 'schemas', '*.{ts,js}'], ['src', 'schemas', '*.{ts,js}'])
 
   let schemaCount = 0
   patterns.forEach((pattern) => {

package/lib/middleware/isAdmin.ts

@@ -9,6 +9,6 @@ export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
     throw new Error('User without this privilege')
   } catch (err) {
     log.e && log.error(`Upps, something just happened ${err}`)
-    res.code(403).send(err)
+    res.code(403).send(new Error('User without this privilege'))
   }
 }

package/lib/middleware/isAuthenticated.ts

@@ -9,6 +9,6 @@ export function preHandler(req: FastifyRequest, res: FastifyReply, done: any) {
     throw new Error('Unauthorized')
   } catch (err) {
     log.e && log.error(`Upps, something just happened ${err}`)
-    return res.code(401).send(err) // must be authorized first
+    return res.code(401).send(new Error('Unauthorized')) // must be authorized first
   }
 }

package/lib/middleware/preForgotPasswordHandler.ts

@@ -0,0 +1,3 @@
+import { FastifyReply, FastifyRequest } from 'fastify'
+
+export async function preHandler(req: FastifyRequest, res: FastifyReply) {}

package/lib/schemas/auth.ts

@@ -7,6 +7,7 @@ export const authLoginBodySchema = {
     password: { type: 'string' }
   }
 }
+
 export const authForgotPasswordBodySchema = {
   $id: 'authForgotPasswordBodySchema',
   type: 'object',
@@ -30,6 +31,41 @@ export const authRegisterBodySchema = {
   }
 }
 
+export const authLoginResponseSchema = {
+  $id: 'authLoginResponseSchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    id: { type: 'string' },
+    _id: { type: 'string' },
+    externalId: { type: 'string' },
+    username: { type: 'string' },
+    email: { type: 'string' },
+    roles: { type: 'array', items: { type: 'string' } },
+    token: { type: 'string' },
+    refreshToken: { type: 'string' }
+  }
+}
+
+export const authRefreshTokenBodySchema = {
+  $id: 'authRefreshTokenBodySchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    token: { type: 'string' },
+    refreshToken: { type: 'string' }
+  }
+}
+
+export const authRefreshTokenResponseSchema = {
+  $id: 'authRefreshTokenResponseSchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    token: { type: 'string' }
+  }
+}
+
 export const authRegisterResponseSchema = {
   $id: 'authRegisterResponseSchema',
   type: 'object',

package/lib/schemas/token.ts

@@ -1,14 +1,25 @@
-export const tokenBodySchema = {
-  $id: 'tokenBodySchema',
+export const tokenCreateBodySchema = {
+  $id: 'tokenCreateBodySchema',
   type: 'object',
   nullable: true,
   properties: {
     name: { type: 'string' },
     description: { type: 'string' },
+    expiresIn: { type: 'string', default: undefined },
     requiredRoles: { type: 'array', items: { type: 'string' } }
   }
 }
 
+export const tokenUpdateBodySchema = {
+  $id: 'tokenUpdateBodySchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    name: { type: 'string' },
+    description: { type: 'string' }
+  }
+}
+
 export const tokenSchema = {
   $id: 'tokenSchema',
   type: 'object',

package/lib/util/path.ts

@@ -0,0 +1,8 @@
+const path = require('path')
+export function normalizePatterns(path1: Array<string>, path2: Array<string>): Array<string> {
+  // replaceAll is needed for windows
+  return [
+    path.join(__dirname, ...path1).replaceAll('\\', '/'),
+    path.join(process.cwd(), ...path2).replaceAll('\\', '/')
+  ]
+}

package/nodemon.json

@@ -0,0 +1,7 @@
+{
+  "watch": ["lib"],
+  "verbose": true,
+  "ext": "js,ts,json,jsonc",
+  "ignore": [".git", "coverage", "dist", "lib/**/*.spec.ts", "node_modules"],
+  "exec": "ts-node ./lib/index.ts"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@volcanicminds/backend",
-  "version": "0.2.43",
+  "version": "0.3.1",
   "codename": "turin",
   "license": "MIT",
   "description": "The volcanic (minds) backend",
@@ -71,7 +71,6 @@
     "semver": "^7.3.8"
   },
   "devDependencies": {
-    "jest": "^29.3.1",
     "nodemon": "^2.0.20",
     "ts-node": "^10.9.1",
     "typescript": "^4.9.3"

package/types/global.d.ts

@@ -75,6 +75,7 @@ export interface ConfiguredRoute {
 }
 
 export interface UserManagement {
+  isImplemented(): boolean
   isValidUser(data: any): boolean
   createUser(data: any): any | null
   resetExternalId(data: any): any | null
@@ -97,6 +98,7 @@ export interface UserManagement {
 }
 
 export interface TokenManagement {
+  isImplemented(): boolean
   isValidToken(data: any): boolean
   createToken(data: any): any | null
   resetExternalId(id: string): any | null