create-craftjs 2.0.6 → 2.1.0

package/template/src/interfaces/type-request.ts

@@ -0,0 +1,11 @@
+import { Request } from "express";
+
+export interface IUser {
+  user_id: string;
+  user_full_name: string;
+  user_email: string;
+  jti: string;
+}
+export interface UserRequest extends Request {
+  user?: IUser;
+}

package/template/src/main.ts

@@ -1,7 +1,8 @@
-import { web } from "./config/web";
-import { connectDatabase } from "./config/database";
-import { env } from "./config/env";
-import { logger } from "./config/logger";
+import { web } from "@config/web";
+import { connectDatabase } from "@config/database";
+import { env } from "@config/env";
+import { logger } from "@config/logger";
+import { initRedis } from "@config/redis";
 
 async function startServer() {
   try {
@@ -11,6 +12,7 @@ async function startServer() {
       process.exit(0);
     }
     await connectDatabase();
+    await initRedis();
     web.listen(env.PORT, env.HOST, () => {
       logger.info(`🚀 Server is listening on: http://${env.HOST}:${env.PORT}`);
       logger.info(

package/template/src/middleware/auth-middleware.ts

@@ -1,51 +1,42 @@
 import { NextFunction, Response } from "express";
 import jwt from "jsonwebtoken";
-import { UserRequest } from "@utils/type-request";
-import { errorResponse } from "@utils/response";
+import { UserRequest } from "@interfaces/type-request";
 import { ResponseError } from "@utils/response-error";
 import { env } from "@config/env";
-import { UserRepository } from "@repositories/user-repository";
 import { asyncHandler } from "@utils/async-handler";
+import { authSessionProvider } from "@providers/auth-session-provider";
 
 export const authMiddleware = asyncHandler(
   async (req: UserRequest, res: Response, next: NextFunction) => {
-    const cookie = req.cookies["refresh_token"];
-    if (!cookie) {
-      return res
-        .status(401)
-        .json(errorResponse("Unauthorized:  Anda Belum Login.", 401));
-    }
-
     const token = req.get("Authorization")?.split(" ")[1];
     if (!token) {
-      return res
-        .status(401)
-        .json(
-          errorResponse("Unauthorized: Token Tidak Valid Atau Kadaluarsa.", 401)
-        );
+      throw new ResponseError(
+        401,
+        "Unauthorized: Token Tidak Valid Atau Kadaluarsa."
+      );
     }
-    let payload: {
+    const payload = jwt.verify(token, env.JWT_ACCESS_SECRET) as {
       user_id: string;
-      user_email: string;
-      user_full_name: string;
+      jti: string;
     };
 
-    try {
-      payload = jwt.verify(token, env.JWT_SECRET as string) as typeof payload;
-    } catch (err) {
+    const session = await authSessionProvider().get(
+      payload.user_id,
+      payload.jti
+    );
+
+    if (!session) {
       throw new ResponseError(
         401,
         "Unauthorized: Token Tidak Valid Atau Kadaluarsa."
       );
     }
 
-    const user = await UserRepository.findUserByEmail(payload.user_email);
-    if (!user) {
-      return res
-        .status(401)
-        .json(errorResponse("Unauthorized: Anda Belum Login.", 401));
-    }
-    req.user = user;
+    req.user = {
+      ...session,
+      jti: payload.jti,
+    };
+
     next();
   }
 );

package/template/src/providers/auth-session-provider.ts

@@ -0,0 +1,12 @@
+import { env } from "@config/env";
+import { AuthSessionProvider } from "@interfaces/auth-session";
+import { RedisAuthSessionProvider } from "@providers/redis-auth-session";
+import { DbAuthSessionProvider } from "@providers/db-auth-session";
+import { isRedisHealthy } from "@config/redis";
+
+export const authSessionProvider = (): AuthSessionProvider => {
+  if (env.REDIS_ENABLED && isRedisHealthy()) {
+    return new RedisAuthSessionProvider();
+  }
+  return new DbAuthSessionProvider();
+};

package/template/src/providers/db-auth-session.ts

@@ -0,0 +1,23 @@
+import { AuthSessionProvider } from "@interfaces/auth-session";
+import { UserRepository } from "@repositories/user-repository";
+
+export class DbAuthSessionProvider implements AuthSessionProvider {
+  async get(userId: string) {
+    const user = await UserRepository.findById(userId);
+    if (!user) return null;
+
+    return {
+      user_id: user.id,
+      user_email: user.email,
+      user_full_name: user.full_name,
+    };
+  }
+
+  async set() {
+    // no-op (DB fallback tidak simpan session)
+  }
+
+  async delete() {
+    // ❌ no-op
+  }
+}

package/template/src/providers/redis-auth-session.ts

@@ -0,0 +1,33 @@
+import { AuthSessionProvider } from "@interfaces/auth-session";
+import { getRedis } from "@config/redis";
+
+export class RedisAuthSessionProvider implements AuthSessionProvider {
+  async get(userId: string, jti: string) {
+    try {
+      const redis = getRedis();
+      const data = await redis.get(`session:${userId}:${jti}`);
+      return data ? JSON.parse(data) : null;
+    } catch {
+      return null;
+    }
+  }
+
+  async set(userId: string, jti: string, data: any, ttl: number) {
+    try {
+      const redis = getRedis();
+      await redis.set(
+        `session:${userId}:${jti}`,
+        JSON.stringify(data),
+        "EX",
+        ttl
+      );
+    } catch {}
+  }
+
+  async delete(userId: string, jti: string) {
+    try {
+      const redis = getRedis();
+      await redis.del(`session:${userId}:${jti}`);
+    } catch {}
+  }
+}

package/template/src/repositories/auth-token-repository.ts

@@ -1,5 +1,5 @@
 import { prismaClient } from "@config/database";
-
+import { getRedis } from "@config/redis";
 export class AuthTokenRepository {
   static async create(data: any) {
     return prismaClient.authRefreshToken.create({ data });

package/template/src/services/auth-service.ts

@@ -1,28 +1,27 @@
-import {
-  toUserDetailResponse,
-  toUserResponse,
-  UserDetailResponse,
-  UserResponse,
-  loginRequest,
-  CreateUserRequest,
-  UpdateUserRequest,
-} from "@dtos/user-dto";
+import { toUserResponse, UserResponse } from "@dtos/user-dto";
 import { ResponseError } from "@utils/response-error";
 import { UserValidation } from "@validations/user-validation";
 import { Validation } from "@utils/validation";
 import * as argon2 from "argon2";
-import { User } from "@prisma/client";
 import jwt from "jsonwebtoken";
 import { Request } from "express";
 import { UserRepository } from "@repositories/user-repository";
-import { UserRequest } from "@utils/type-request";
-import { prismaClient } from "@config/database";
+import { UserRequest } from "@interfaces/type-request";
 import { env } from "@config/env";
 import { decryptCookie, encryptCookie } from "@utils/cookieEncrypt";
 import { AuthTokenRepository } from "@repositories/auth-token-repository";
+import { authSessionProvider } from "@providers/auth-session-provider";
+import {
+  AuthUpdateRequest,
+  AuthMeResponse,
+  toAuthMeResponse,
+  LoginRequest,
+  RegisterRequest,
+} from "@dtos/auth-dto";
+const { v4: uuidv4 } = require("uuid");
 
 export class AuthService {
-  static async register(request: CreateUserRequest): Promise<UserResponse> {
+  static async register(request: RegisterRequest): Promise<UserResponse> {
     const data = Validation.validate(UserValidation.REGISTER, request);
     const emailExits = await UserRepository.countByEmail(data.email);
 
@@ -40,94 +39,140 @@ export class AuthService {
     return toUserResponse(response);
   }
 
-  static async login(request: loginRequest) {
+  static async login(request: LoginRequest) {
     const data = Validation.validate(UserValidation.LOGIN, request);
-    const userExits = await UserRepository.findUserByEmail(data.email);
+    const user = await UserRepository.findUserByEmail(data.email);
 
-    if (!userExits) {
+    if (!user) {
       throw new ResponseError(401, "Gagal Login! Detail login salah");
     }
 
-    const isPasswordValid = await argon2.verify(
-      userExits.password,
-      data.password
-    );
+    const isPasswordValid = await argon2.verify(user.password, data.password);
     if (!isPasswordValid) {
       throw new ResponseError(401, "Gagal Login! Detail login salah");
     }
-
-    const refreshToken = jwt.sign(
+    const jti = uuidv4();
+    const accessToken = jwt.sign(
       {
-        user_id: userExits.id,
-        user_full_name: userExits.full_name,
-        user_email: userExits.email,
+        user_id: user.id,
+        jti: jti,
       },
-      env.JWT_SECRET as string,
+      env.JWT_ACCESS_SECRET as string,
       {
-        expiresIn: "1d",
+        expiresIn: "5m",
       }
     );
-
-    const accessToken = jwt.sign(
+    const refreshToken = jwt.sign(
       {
-        user_id: userExits.id,
-        user_fullName: userExits.full_name,
-        user_email: userExits.email,
+        user_id: user.id,
+        jti: jti,
       },
-      env.JWT_SECRET as string,
+      env.JWT_REFRESH_SECRET as string,
       {
-        expiresIn: "5m",
+        expiresIn: "1d",
       }
     );
+    const sessionProvider = authSessionProvider();
+    await sessionProvider.set(
+      user.id,
+      jti,
+      {
+        user_id: user.id,
+        user_email: user.email,
+        user_full_name: user.full_name,
+      },
+      300
+    );
     const encryptedRefreshToken = encryptCookie(refreshToken);
     await AuthTokenRepository.create({
-      user_id: userExits.id,
+      user_id: user.id,
       token: refreshToken,
       expires_at: new Date(Date.now() + 24 * 60 * 60 * 1000),
     });
-    const user = toUserResponse(userExits);
-    return { user, refreshToken: encryptedRefreshToken, accessToken };
+    const dataUser = toUserResponse(user);
+    return { dataUser, refreshToken: encryptedRefreshToken, accessToken };
   }
 
-  static async me(user: User): Promise<UserDetailResponse> {
-    return toUserDetailResponse(user);
+  static async me(req: UserRequest): Promise<AuthMeResponse> {
+    if (!req.user) {
+      throw new ResponseError(401, "Unauthorized: Anda Belum Login.");
+    }
+    return toAuthMeResponse(req.user);
   }
 
-  static async updateProfile(
-    user: User,
-    request: UpdateUserRequest
-  ): Promise<UserResponse> {
-    const data = Validation.validate(UserValidation.UPDATE, request);
-    if (data.full_name) {
-      user.full_name = data.full_name;
+  static async updateProfile(req: UserRequest, request: AuthUpdateRequest) {
+    if (!req.user) {
+      throw new ResponseError(401, "Unauthorized : Anda Belum Login.");
+    }
+    const updateData: any = {};
+    const validatedData = Validation.validate(UserValidation.UPDATE, request);
+    if (validatedData.full_name) {
+      updateData.full_name = validatedData.full_name;
     }
-    if (data.email && data.email !== user.email) {
-      const emailExists = await UserRepository.findemailExistsNotUserLoggedIn(
-        data.email,
-        user.id
+
+    let emailChanged = false;
+    if (validatedData.email && validatedData.email !== req.user.user_email) {
+      const exists = await UserRepository.findemailExistsNotUserLoggedIn(
+        validatedData.email,
+        req.user.user_id
       );
-      if (emailExists != 0) {
-        throw new ResponseError(409, "Email Sudah Ada");
+
+      if (exists > 0) {
+        throw new ResponseError(409, "Email Sudah Terdaftar");
       }
-      user.email = data.email;
+      updateData.email = validatedData.email;
+      emailChanged = true;
     }
-    const result = await UserRepository.updateUser(
-      {
-        full_name: user.full_name,
-        email: user.email,
-      },
-      user.id
+
+    const updatedUser = await UserRepository.update(
+      req.user.user_id,
+      updateData
     );
-    return toUserResponse(result);
+    if (emailChanged) {
+      const newJti = uuidv4();
+      const newAccessToken = jwt.sign(
+        { user_id: req.user.user_id, jti: newJti },
+        env.JWT_ACCESS_SECRET as string,
+        { expiresIn: "5m" }
+      );
+
+      const provider = authSessionProvider();
+      await provider.set(
+        req.user.user_id,
+        newJti,
+        {
+          ...req.user,
+          user_email: updatedUser.email,
+          user_full_name: updatedUser.full_name,
+        },
+        300
+      );
+
+      await provider.delete(req.user.user_id, req.user.jti);
+
+      return {
+        rotated: true,
+        accessToken: newAccessToken,
+      };
+    }
+
+    return {
+      rotated: false,
+    };
   }
 
   static async logout(req: UserRequest) {
-    const refreshToken = req.cookies.refresh_token;
-    if (!req.user || !refreshToken) {
+    if (!req.user) {
       throw new ResponseError(401, "Unauthorized: Anda Belum Login.");
     }
-    const decryptToken = decryptCookie(refreshToken);
-    await AuthTokenRepository.revokeToken(decryptToken);
+    const { user_id, jti } = req.user;
+    await authSessionProvider().delete(user_id, jti);
+    const encryptedRefreshToken = req.cookies.refresh_token;
+
+    if (encryptedRefreshToken) {
+      const refreshToken = decryptCookie(encryptedRefreshToken);
+      await AuthTokenRepository.revokeToken(refreshToken);
+    }
     return true;
   }
 
@@ -137,15 +182,19 @@ export class AuthService {
       throw new ResponseError(401, "Unauthorized: Anda Belum Login.");
     }
     const refreshToken = decryptCookie(encryptedRefreshToken);
-    let decoded: any;
+    let decoded: { user_id: string; jti: string };
     try {
-      decoded = jwt.verify(refreshToken, env.JWT_SECRET as string);
-    } catch (err) {
+      decoded = jwt.verify(
+        refreshToken,
+        env.JWT_REFRESH_SECRET as string
+      ) as typeof decoded;
+    } catch {
       throw new ResponseError(
         401,
         "Unauthorized: Token Tidak Valid Atau Kadaluarsa."
       );
     }
+
     const tokenRecord = await AuthTokenRepository.findValidToken(
       decoded.user_id,
       refreshToken
@@ -156,22 +205,31 @@ export class AuthService {
         "Unauthorized: Token Tidak Valid Atau Kadaluarsa."
       );
     }
-    const user = await prismaClient.user.findUnique({
-      where: { id: decoded.user_id },
-    });
+
+    const user = await UserRepository.findById(decoded.user_id);
 
     if (!user) {
       throw new ResponseError(401, "Unauthorized: Uset Tidak Ditemukan.");
     }
-    const payload = {
-      user_id: user.id,
-      user_full_name: user.full_name,
-      user_email: user.email,
-    };
+    const newJti = uuidv4();
+    const accessToken = jwt.sign(
+      { user_id: user.id, jti: newJti },
+      env.JWT_ACCESS_SECRET as string,
+      { expiresIn: "5m" }
+    );
+    const provider = authSessionProvider();
+
+    await provider.set(
+      user.id,
+      newJti,
+      {
+        user_id: user.id,
+        user_email: user.email,
+        user_full_name: user.full_name,
+      },
+      300
+    );
 
-    const accessToken = jwt.sign(payload, env.JWT_SECRET as string, {
-      expiresIn: "5m",
-    });
     return { accessToken };
   }
 }

package/template/src/services/user-service.ts

@@ -26,7 +26,7 @@ export class UserService {
     data.password = await argon2.hash(data.password);
 
     const response = await UserRepository.create({
-      fullName: data.full_name,
+      full_name: data.full_name,
       email: data.email,
       password: data.password,
     });
@@ -117,9 +117,15 @@ export class UserService {
       }
       user.email = data.email;
     }
+
+    if (data.password) {
+      user.password = await argon2.hash(data.password);
+    }
+
     const result = await UserRepository.update(id, {
-      fullName: user.full_name,
+      full_name: user.full_name,
       email: user.email,
+      password: user.password,
     });
     return toUserResponse(result);
   }

package/template/test/user.test.ts

@@ -1,12 +1,13 @@
+/// <reference types="jest" />
 import supertest from "supertest";
 import { web } from "../src/config/web";
 import { logger } from "../src/config/logger";
-describe("POST /api/users", () => {
+describe("POST /api/auth/register", () => {
   it("should register new user", async () => {
     const response = await supertest(web).post("/api/auth/register").send({
       full_name: "test",
       email: "testing@gmail.com",
-      password: "12345678",
+      password: "123456",
     });
     logger.debug(response.body);
     expect(response.status).toBe(201);

package/template/tsconfig.json

@@ -9,9 +9,10 @@
       "@services/*": ["./src/services/*"],
       "@repositories/*": ["./src/repositories/*"],
       "@routes/*": ["./src/routes/*"],
+      "@interfaces/*": ["./src/interfaces/*"],
       "@middleware/*": ["./src/middleware/*"],
+      "@providers/*": ["./src/providers/*"],
       "@dtos/*": ["./src/dtos/*"],
-      "@types/*": ["./src/types/*"],
       "@utils/*": ["./src/utils/*"],
       "@validations/*": ["./src/validations/*"],
       "@views/*": ["./src/views/*"],

package/template/src/utils/type-request.ts

@@ -1,6 +0,0 @@
-import { User } from "@prisma/client";
-import { Request } from "express";
-
-export interface UserRequest extends Request {
-  user?: User;
-}