create-express-mongo-ts 1.0.0

package/template/src/core/jwtUtils.ts

@@ -0,0 +1,96 @@
+import path from 'path';
+import { readFile } from 'fs';
+import { promisify } from 'util';
+import { sign, verify, TokenExpiredError as JwtTokenExpiredError } from 'jsonwebtoken';
+import { InternalError, BadTokenError, TokenExpiredError } from './ApiError';
+
+/*
+ * issuer — Software organization who issues the token.
+ * subject — Intended user of the token.
+ * audience — Basically identity of the intended recipient of the token.
+ * expiresIn — Expiration time after which the token will be invalid.
+ * algorithm — Encryption algorithm to be used to protect the token.
+ */
+
+export class JwtPayload {
+    aud: string;
+    sub: string;
+    iss: string;
+    iat: number;
+    exp: number;
+    prm: string;
+
+    constructor(
+        issuer: string,
+        audience: string,
+        subject: string,
+        param: string,
+        validity: number,
+    ) {
+        this.iss = issuer;
+        this.aud = audience;
+        this.sub = subject;
+        this.iat = Math.floor(Date.now() / 1000);
+        this.exp = this.iat + validity;
+        this.prm = param;
+    }
+}
+
+async function readPublicKey(): Promise<string> {
+    return promisify(readFile)(
+        path.join(__dirname, '../../keys/public.pem'),
+        'utf8',
+    );
+}
+
+async function readPrivateKey(): Promise<string> {
+    return promisify(readFile)(
+        path.join(__dirname, '../../keys/private.pem'),
+        'utf8',
+    );
+}
+
+async function encode(payload: JwtPayload): Promise<string> {
+    const cert = await readPrivateKey();
+    if (!cert) throw new InternalError('Token generation failure');
+    // @ts-expect-error cert is valid
+    return promisify(sign)({ ...payload }, cert, { algorithm: 'RS256' });
+}
+
+/**
+ * This method checks the token and returns the decoded data when token is valid in all respect
+ */
+async function validate(token: string): Promise<JwtPayload> {
+    const cert = await readPublicKey();
+    try {
+        // @ts-expect-error cert is valid
+        return (await promisify(verify)(token, cert)) as JwtPayload;
+    } catch (e) {
+        if (e instanceof JwtTokenExpiredError) {
+            throw new TokenExpiredError();
+        }
+        // throws error if the token has not been encrypted by the private key
+        throw new BadTokenError();
+    }
+}
+
+/**
+ * Returns the decoded payload if the signature is valid even if it is expired
+ */
+async function decode(token: string): Promise<JwtPayload> {
+    const cert = await readPublicKey();
+    try {
+        // @ts-expect-error cert is valid
+        return (await promisify(verify)(token, cert, {
+            ignoreExpiration: true,
+        })) as JwtPayload;
+    } catch (_e) {
+        throw new BadTokenError();
+    }
+}
+
+export default {
+    encode,
+    validate,
+    decode,
+};

package/template/src/core/logger.ts

@@ -0,0 +1,48 @@
+import { createLogger, transports, format } from 'winston';
+import fs from 'fs';
+import path from 'path';
+import DailyRotateFile from 'winston-daily-rotate-file';
+import { isProduction, logDirectory } from '../config.js';
+
+let dir = logDirectory;
+if (!dir) {
+    dir = path.resolve('logs');
+}
+
+// create directory if it is not present
+if (!fs.existsSync(dir)) {
+    // Create the directory if it does not exist
+    fs.mkdirSync(dir);
+}
+
+const logLevel = (!isProduction ? 'debug' : 'warn');
+
+const dailyRotateFile = new DailyRotateFile({
+    level: logLevel,
+    filename: dir + '/%DATE%.log',
+    datePattern: 'YYYY-MM-DD',
+    zippedArchive: true,
+    handleExceptions: true,
+    maxSize: '20m',
+    maxFiles: '14d',
+    format: format.combine(
+        format.errors({ stack: true }),
+        format.timestamp(),
+        format.json(),
+    ),
+});
+
+export default createLogger({
+    transports: [
+        new transports.Console({
+            level: logLevel,
+            format: format.combine(
+                format.errors({ stack: true }),
+                format.prettyPrint(),
+            ),
+        }),
+        dailyRotateFile,
+    ],
+    exceptionHandlers: [dailyRotateFile],
+    exitOnError: false, // do not exit on handled exceptions
+});

package/template/src/core/utils.ts

@@ -0,0 +1,12 @@
+import User from "./../types/User";
+import objectManipulator from "lodash";
+
+export const enum Header {
+    API_KEY = 'x-api-key',
+    AUTHORIZATION = 'authorization',
+}
+
+export async function getUserData(user: User) {
+    const data = objectManipulator.pick(user, ['_id', 'name', 'roles', 'profilePicUrl', 'email']);
+    return data;
+}

package/template/src/database/index.ts

@@ -0,0 +1,56 @@
+import mongoose, { Query, Schema } from 'mongoose';
+import logger from '../core/logger';
+import { db } from '../config';
+
+export async function connectDB() {
+    const dbURI = `mongodb+srv://${db.user}:${encodeURIComponent(db.password)}@${
+        db.host
+    }/${db.name}`;
+
+    const options = {
+        autoIndex: true,
+        minPoolSize: db.minPoolSize,
+        maxPoolSize: db.maxPoolSize,
+        connectTimeoutMS: 60000,
+        socketTimeoutMS: 45000,
+    };
+    mongoose.set('strictQuery', true);
+
+    function setRunValidators(this: Query<unknown, unknown>) {
+        this.setOptions({ runValidators: true });
+    }
+
+    mongoose.plugin((schema: Schema) => {
+        schema.pre('findOneAndUpdate', setRunValidators);
+        schema.pre('updateMany', setRunValidators);
+        schema.pre('updateOne', setRunValidators);
+        schema.pre(/^update/, setRunValidators);
+    });
+    try {
+        await mongoose.connect(dbURI, options);
+        logger.info('Mongoose connection established');
+    } catch (err) {
+        logger.error('Mongoose connection error');
+        logger.error(err);
+        process.exit(1);
+    }
+
+    mongoose.connection.on('connected', () => {
+        logger.debug(`Mongoose connected to ${dbURI}`);
+    });
+
+    mongoose.connection.on('error', (err) => {
+        logger.error('Mongoose connection error: ' + err);
+    });
+
+    mongoose.connection.on('disconnected', () => {
+        logger.info('Mongoose disconnected');
+    });
+
+    process.on('SIGINT', () => {
+        mongoose.connection.close().finally(() => {
+            logger.info('Mongoose disconnected due to app termination');
+            process.exit(0);
+        });
+    });
+}

package/template/src/database/models/ApiKeys.ts

@@ -0,0 +1,62 @@
+import { Schema, model } from 'mongoose';
+import { Permission } from '../../types/permissions.js';
+import ApiKey from '../../types/ApiKey.js';
+
+export const DOCUMENT_NAME = 'ApiKey';
+export const COLLECTION_NAME = 'api_keys';
+
+
+const schema = new Schema<ApiKey>(
+    {
+        key: {
+            type: Schema.Types.String,
+            required: true,
+            unique: true,
+            maxlength: 1024,
+            trim: true,
+        },
+        version: {
+            type: Schema.Types.Number,
+            required: true,
+            min: 1,
+            max: 100,
+        },
+        permissions: {
+            type: [
+                {
+                    type: Schema.Types.String,
+                    required: true,
+                    enum: Object.values(Permission),
+                },
+            ],
+            required: true,
+        },
+        comments: {
+            type: [
+                {
+                    type: Schema.Types.String,
+                    required: true,
+                    trim: true,
+                    maxlength: 1000,
+                },
+            ],
+            required: true,
+        },
+        status: {
+            type: Schema.Types.Boolean,
+            default: true,
+        },
+    },
+    {
+        versionKey: false,
+        timestamps: true
+    }
+);
+
+schema.index({ key: 1, status: 1 });
+
+export const ApiKeyModel = model<ApiKey>(
+    DOCUMENT_NAME,
+    schema,
+    COLLECTION_NAME,
+);

package/template/src/database/models/Keystore.ts

@@ -0,0 +1,45 @@
+import { Schema, model } from 'mongoose';
+import Keystore from '../../types/Keystore';
+
+export const DOCUMENT_NAME = 'Keystore';
+export const COLLECTION_NAME = 'keystores';
+
+
+
+const schema = new Schema<Keystore>(
+    {
+        client: {
+            type: Schema.Types.ObjectId,
+            required: true,
+            ref: 'User',
+        },
+        primaryKey: {
+            type: Schema.Types.String,
+            required: true,
+            trim: true,
+        },
+        secondaryKey: {
+            type: Schema.Types.String,
+            required: true,
+            trim: true,
+        },
+        status: {
+            type: Schema.Types.Boolean,
+            default: true,
+        },
+    },
+    {
+        versionKey: false,
+        timestamps: true
+    },
+);
+
+schema.index({ client: 1 });
+schema.index({ client: 1, primaryKey: 1, status: 1 });
+schema.index({ client: 1, primaryKey: 1, secondaryKey: 1 });
+
+export const KeystoreModel = model<Keystore>(
+    DOCUMENT_NAME,
+    schema,
+    COLLECTION_NAME,
+);

package/template/src/database/models/Role.ts

@@ -0,0 +1,27 @@
+import { Schema, model } from 'mongoose';
+import Role, { RoleCode } from './../../types/Role.js';
+
+export const DOCUMENT_NAME = 'Role';
+export const COLLECTION_NAME = 'roles';
+
+const schema = new Schema<Role>(
+    {
+        code: {
+            type: Schema.Types.String,
+            required: true,
+            enum: Object.values(RoleCode),
+        },
+        status: {
+            type: Schema.Types.Boolean,
+            default: true,
+        },
+    },
+    {
+        timestamps: true,
+        versionKey: false,
+    },
+);
+
+schema.index({ code: 1, status: 1 });
+
+export const RoleModel = model<Role>(DOCUMENT_NAME, schema, COLLECTION_NAME);

package/template/src/database/models/User.ts

@@ -0,0 +1,64 @@
+import { model, Schema } from "mongoose";
+import bcryptjs from "bcryptjs";
+import User from "../../types/User";
+
+
+export const DOCUMENT_NAME = 'User';
+export const COLLECTION_NAME = 'users';
+
+
+const schema = new Schema<User>({
+    name: {
+        type: Schema.Types.String,
+        trim: true,
+        maxLength: 200,
+    },
+    email: {
+        type: Schema.Types.String,
+        unique: true,
+        trim: true,
+        toLowerCase: true,
+        select: false
+    },
+    password: {
+        type: Schema.Types.String,
+        select: false,
+    },
+    roles: {
+        type: [
+            {
+                type: Schema.Types.ObjectId,
+                ref: 'Role',
+            },
+        ],
+        required: true,
+        select: false,
+    },
+    verified: {
+        type: Schema.Types.Boolean,
+        default: false,
+    },
+    status: {
+        type: Schema.Types.Boolean,
+        default: true,
+    }
+}, {
+    timestamps: true,
+    versionKey: false
+});
+
+schema.index({ _id: 1, status: 1 });
+schema.index({ status: 1 });
+
+// Pre hook to save the password as hashed password
+schema.pre("save", async function (next) {
+    if (!this.isModified("password")) {
+        return next();
+    }
+    this.password = await bcryptjs.hash(this.password, 12);
+    next();
+});
+
+
+
+export const UserModel = model<User>(DOCUMENT_NAME, schema, COLLECTION_NAME);

package/template/src/database/repositories/ApiKeyRepo.ts

@@ -0,0 +1,26 @@
+import { Permission } from '../../types/permissions';
+import ApiKey from '../../types/ApiKey';
+import { ApiKeyModel } from '../models/ApiKeys';
+
+async function findByKey(key: string): Promise<ApiKey | null> {
+    return ApiKeyModel.findOne({ key: key, status: true }).lean().exec();
+}
+
+async function create(
+    key: string,
+    comments: string[],
+    permissions: Permission[],
+    version: number = 1,
+) {
+    return ApiKeyModel.create({
+        key,
+        comments,
+        permissions,
+        version,
+    });
+}
+
+export default {
+    findByKey,
+    create
+};

package/template/src/database/repositories/KeystoreRepo.ts

@@ -0,0 +1,53 @@
+import Keystore from '../../types/Keystore';
+import User from '../../types/User';
+import { KeystoreModel } from '../models/Keystore';
+import { Types } from 'mongoose';
+
+async function create(
+    client: User,
+    primaryKey: string,
+    secondaryKey: string,
+): Promise<Keystore> {
+    const keystore = await KeystoreModel.create({
+        client: client,
+        primaryKey: primaryKey,
+        secondaryKey: secondaryKey,
+    });
+
+    return keystore.toObject();
+}
+
+async function remove(id: Types.ObjectId) {
+    return KeystoreModel.findByIdAndDelete(id).lean().exec();
+}
+
+async function findForKey(client: User, key: string) {
+    return KeystoreModel.findOne({
+        client: client,
+        primaryKey: key,
+        status: true,
+    })
+        .lean()
+        .exec();
+}
+
+async function find(
+    client: User,
+    primaryKey: string,
+    secondaryKey: string,
+): Promise<Keystore | null> {
+    return KeystoreModel.findOne({
+        client: client,
+        primaryKey: primaryKey,
+        secondaryKey: secondaryKey,
+    })
+        .lean()
+        .exec();
+}
+
+export default {
+    create,
+    remove,
+    findForKey,
+    find
+};

package/template/src/database/repositories/UserRepo.ts

@@ -0,0 +1,63 @@
+import User from "../../types/User";
+import { InternalError } from "../../core/ApiError";
+import { RoleModel } from "../models/Role";
+import { UserModel } from "../models/User";
+import KeystoreRepo from "./KeystoreRepo";
+import { Types } from "mongoose";
+
+async function findByEmail(email: string) {
+    return await UserModel.findOne({ email: email })
+        .select(
+            "+name +email +password +roles"
+        )
+        .populate({
+            path: "roles",
+            match: { status: true },
+            select: { code: 1 }
+        })
+        .lean()
+        .exec();
+}
+
+async function create(
+    user: User,
+    accessTokenKey: string,
+    refreshTokenKey: string,
+    roleCode: string
+) {
+    const role = await RoleModel.findOne({ code: roleCode })
+        .select("+code")
+        .lean()
+        .exec();
+
+    if (!role) throw new InternalError("Role must be defined.");
+
+    user.roles = [role];
+    const userCreated = await UserModel.create(user);
+    
+    const keystore = await KeystoreRepo.create(
+        userCreated, accessTokenKey, refreshTokenKey
+    );
+    return {
+        user: { ...userCreated.toObject(), roles: user.roles },
+        keystore: keystore
+    };
+}
+
+
+async function findById(id: Types.ObjectId) {
+    return await UserModel.findOne({ _id: id, status: true })
+        .select("+email +password +name +roles")
+        .populate({
+            path: "roles",
+            match: { status: true }
+        })
+        .lean()
+        .exec();
+}
+
+export default {
+    findByEmail,
+    create,
+    findById
+};

package/template/src/helpers/generateApiKey.ts

@@ -0,0 +1,23 @@
+import crypto from 'crypto';
+import ApiKeyRepo from '../database/repositories/ApiKeyRepo';
+import { Permission } from '../types/permissions';
+import { connectDB } from '../database';
+
+export async function createApiKey(
+    comments: string[],
+    permissions: Permission[],
+) {
+    const key = crypto.randomBytes(32).toString('hex');
+
+    const newKey = await ApiKeyRepo.create(key, comments, permissions, 1);
+
+    if (!newKey) {
+        throw Error('Failed to generate API Key.');
+    }
+
+    console.log('Your API key:', key);
+    return key;
+}
+connectDB().then(async () => {
+    await createApiKey(['API Key for testing.'], [Permission.GENERAL]);
+})

package/template/src/helpers/validator.ts

@@ -0,0 +1,38 @@
+import mongoose from 'mongoose';
+import z from 'zod';
+
+export enum ValidationSource {
+    BODY = 'body',
+    HEADER = 'headers',
+    QUERY = 'query',
+    PARAM = 'params',
+}
+
+export const ZodObjectId = z
+    .string()
+    .refine((value: string) => mongoose.Types.ObjectId.isValid(value), {
+        message: 'Invalid mongoDB object Id.',
+    });
+
+export const ZodUrlEndpoint = z
+    .string()
+    .refine((value: string) => !value.includes('://'), {
+        message: 'Invalid endpoint: URLs with protocol are not allowed',
+    });
+
+export const ZodAuthBearer = z.string().refine(
+    (value: string) => {
+        if (!value.startsWith('Bearer ')) return false;
+
+        const parts = value.split(' ');
+        if (parts.length !== 2) return false;
+
+        const token = parts[1];
+        if (!token || token.trim().length === 0) return false;
+
+        return true;
+    },
+    {
+        message: "Invalid Authorization header. Expected: 'Bearer <token>'",
+    },
+);

package/template/src/index.ts

@@ -0,0 +1,36 @@
+process.on('uncaughtException', (err) => {
+    console.error('Uncaught Exception:', err);
+    process.exit(1);
+});
+
+process.on('unhandledRejection', (reason, promise) => {
+    console.error('Unhandled Rejection at:', promise, 'reason:', reason);
+    process.exit(1);
+});
+
+import logger from './core/logger.js';
+import { port } from './config.js';
+import { connectDB } from './database/index.js';
+import { app } from './app.js';
+
+async function start() {
+    try {
+        await connectDB(); // Connect DB first
+        logger.info('Database connected');
+        logger.info('App loaded');
+
+        app.listen(port, () => {
+            logger.info(`Server running on port: ${port}`);
+        });
+    } catch (err) {
+        logger.error('Startup error');
+        logger.error(err);
+        process.exit(1);
+    }
+}
+
+start()
+    .catch((err) => {
+        logger.error('Fatal startup error.', err);
+        process.exit(1);
+    })

package/template/src/middlewares/authorize.middleware.ts

@@ -0,0 +1,26 @@
+import { RequestHandler } from 'express';
+import { RoleCode } from '../types/Role';
+import { ProtectedRequest } from '../types/app-requests';
+import { ForbiddenError } from '../core/ApiError';
+
+export const authorize = (...allowedRoles: RoleCode[]): RequestHandler => {
+    return (req, _res, next) => {
+        try {
+            const protectedReq = req as ProtectedRequest;
+
+            if (!protectedReq.user) {
+                throw new ForbiddenError('Authentication required');
+            }
+
+            if (!allowedRoles.includes(protectedReq.user.role)) {
+                throw new ForbiddenError(
+                    `Forbidden: required roles [${allowedRoles.join(', ')}], found: ${protectedReq.user.role}`,
+                );
+            }
+
+            next();
+        } catch (error) {
+            next(error);
+        }
+    };
+};