nodejs-quickstart-structure 2.1.2 → 2.2.1

package/templates/common/auth/js/controllers/authController.js.ejs

@@ -1,19 +1,28 @@
 const bcrypt = require('bcryptjs');
-<% if (architecture === 'MVC') { -%>
+const crypto = require('crypto');
+<%_ if (architecture === 'MVC') { _%>
 const User = require('../models/User');
 const JwtService = require('../services/jwtService');
-<% if (caching !== 'None') { -%>
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+const { SocialAuthService } = require('../services/socialAuthService');
+<%_ } _%>
+<%_ if (caching !== 'None') { _%>
 const cacheService = require('<% if (caching === "Redis") { %>../config/redisClient<% } else { %>../config/memoryCache<% } %>');
-<% } -%>
+<%_ } _%>
 const logger = require('../utils/logger');
-<% } else { -%>
+<%_ } else { _%>
 const User = require('../../../infrastructure/database/models/User');
 const JwtService = require('../../../infrastructure/auth/jwtService');
-<% if (caching !== 'None') { -%>
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+const { SocialLoginUseCase } = require('../../../usecases/auth/socialLoginUseCase');
+const { GoogleProvider, GitHubProvider } = require('../../../infrastructure/auth/socialAuthService');
+const UserRepository = require('../../../infrastructure/repositories/UserRepository');
+<%_ } _%>
+<%_ if (caching !== 'None') { _%>
 const cacheService = require('<% if (caching === "Redis") { %>../../../infrastructure/caching/redisClient<% } else { %>../../../infrastructure/caching/memoryCache<% } %>');
-<% } -%>
+<%_ } _%>
 const logger = require('../../../infrastructure/log/logger');
-<% } -%>
+<%_ } _%>
 const HTTP_STATUS = require('<% if (architecture === "MVC") { %>../utils/httpCodes<% } else { %>../../../utils/httpCodes<% } %>');
 
 class AuthController {
@@ -21,6 +30,27 @@ class AuthController {
     this.login = this.login.bind(this);
     this.refresh = this.refresh.bind(this);
     this.logout = this.logout.bind(this);
+<% if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { -%>
+    this.socialExchange = this.socialExchange.bind(this);
+<% if (socialAuth.includes('Google')) { -%>
+    this.googleLogin = this.googleLogin.bind(this);
+    this.googleCallback = this.googleCallback.bind(this);
+<% } -%>
+<% if (socialAuth.includes('GitHub')) { -%>
+    this.githubLogin = this.githubLogin.bind(this);
+    this.githubCallback = this.githubCallback.bind(this);
+<% } -%>
+<% } -%>
+    this.setOAuthStateCookie = this.setOAuthStateCookie.bind(this);
+  }
+
+  setOAuthStateCookie(res, state) {
+    res.cookie('oauth_state', state, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 10 * 60 * 1000
+    });
   }
 
   async login(req, res, next) {
@@ -45,16 +75,16 @@ class AuthController {
       const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
       const accessToken = JwtService.generateToken({ id: userId, email: user.email, sid: refreshJti });
 
-<%_ if (caching !== 'None') { -%>
+<%_ if (caching !== 'None') { _%>
       const cacheKey = `refresh_tokens:${userId}`;
       const activeTokens = await cacheService.get(cacheKey) || [];
       activeTokens.push(refreshJti);
       await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
-<% } else { %>
+<%_ } else { _%>
       const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
       activeTokens.push(refreshJti);
       JwtService.activeRefreshTokens.set(userId, activeTokens);
-<%_ } -%>
+<%_ } _%>
 
       res.json({ token: accessToken, accessToken, refreshToken });
     } catch (error) {
@@ -78,7 +108,7 @@ class AuthController {
       const userId = String(decoded.id);
       const incomingJti = decoded.jti;
 
-<%_ if (caching !== 'None') { -%>
+<%_ if (caching !== 'None') { _%>
       const cacheKey = `refresh_tokens:${userId}`;
       let activeTokens = await cacheService.get(cacheKey) || [];
       
@@ -95,7 +125,7 @@ class AuthController {
       
       activeTokens.push(newRefreshJti);
       await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
-<% } else { %>
+<%_ } else { _%>
       let activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
       
       if (!activeTokens.includes(incomingJti)) {
@@ -111,7 +141,7 @@ class AuthController {
       
       activeTokens.push(newRefreshJti);
       JwtService.activeRefreshTokens.set(userId, activeTokens);
-<%_ } -%>
+<%_ } _%>
       res.json({ accessToken: newAccessToken, refreshToken: newRefreshToken });
     } catch (error) {
       logger.error('Refresh token error:', error);
@@ -165,6 +195,319 @@ class AuthController {
       next(error);
     }
   }
+
+<% if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { -%>
+  async socialExchange(req, res, next) {
+    try {
+      const { code, provider, redirectUri } = req.body;
+      if (!code || !provider) {
+        return res.status(HTTP_STATUS.BAD_REQUEST).json({ message: 'Code and provider are required' });
+      }
+
+      <% if (architecture === 'Clean Architecture') { -%>
+      let useCase;
+      const userRepository = new UserRepository();
+      <% if (socialAuth.includes('Google')) { -%>
+      if (provider === 'Google') useCase = new SocialLoginUseCase(new GoogleProvider(), userRepository);
+      <% } -%>
+      <% if (socialAuth.includes('GitHub')) { -%>
+      if (provider === 'GitHub') useCase = new SocialLoginUseCase(new GitHubProvider(), userRepository);
+      <% } -%>
+
+      if (!useCase) {
+        return res.status(HTTP_STATUS.BAD_REQUEST).json({ message: 'Invalid social provider' });
+      }
+
+      const { user, accessToken, refreshToken } = await useCase.execute(code, redirectUri);
+      const userId = String(user.id || user._id);
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+
+      // Store refresh token
+      <% if (caching !== 'None') { -%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get(cacheKey) || [];
+      activeTokens.push(refreshJti);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <% } else { -%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <% } -%>
+
+      res.json({ token: accessToken, accessToken, refreshToken });
+      <% } else { -%>
+      let profile;
+<% if (socialAuth.includes('Google')) { -%>
+      if (provider === 'Google') {
+        profile = await SocialAuthService.getGoogleProfile(code, redirectUri);
+      }
+<% } -%>
+<% if (socialAuth.includes('GitHub')) { -%>
+      if (provider === 'GitHub') {
+        profile = await SocialAuthService.getGithubProfile(code);
+      }
+<% } -%>
+
+      if (!profile) {
+        return res.status(HTTP_STATUS.BAD_REQUEST).json({ message: 'Invalid social provider' });
+      }
+
+      if (!profile || !profile.email) {
+        return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Failed to retrieve profile from provider' });
+      }
+
+      <%_ if (database === 'MongoDB' || database === 'None') { _%>
+      let user = await User.findOne({ email: profile.email });
+      <%_ } else { _%>
+      let user = await User.findOne({ where: { email: profile.email } });
+      <%_ } _%>
+
+      if (!user) {
+        // Create new user without password
+        <%_ if (database === 'MongoDB' || database === 'None') { _%>
+        user = await User.create({ email: profile.email, name: profile.name, password: null });
+        <%_ if (socialAuth.includes('Google')) { _%>
+        if (provider === 'Google') user.googleId = profile.id;
+        <%_ } _%>
+        <%_ if (socialAuth.includes('GitHub')) { _%>
+        if (provider === 'GitHub') user.githubId = profile.id;
+        <%_ } _%>
+        await user.save();
+        <%_ } else { _%>
+        user = await User.create({ 
+          email: profile.email, 
+          name: profile.name, 
+          password: null,
+          <%_ if (socialAuth.includes('Google')) { _%>
+          googleId: provider === 'Google' ? profile.id : null,
+          <%_ } _%>
+          <%_ if (socialAuth.includes('GitHub')) { _%>
+          githubId: provider === 'GitHub' ? profile.id : null,
+          <%_ } _%>
+        });
+        <%_ } _%>
+      }
+
+      const userId = String(user.id || user._id);
+      
+      const refreshToken = JwtService.generateRefreshToken({ id: userId, email: user.email });
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+      const accessToken = JwtService.generateToken({ id: userId, email: user.email, sid: refreshJti });
+      
+      // Store refresh token
+      <%_ if (caching !== 'None') { -%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get(cacheKey) || [];
+      activeTokens.push(refreshJti);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <%_ } else { -%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <%_ } _%>
+
+      res.json({ token: accessToken, accessToken, refreshToken });
+      <% } %>
+    } catch (error) {
+      logger.error('Social exchange error:', error);
+      next(error);
+    }
+  }
+<% } -%>
+
+<% if (socialAuth.includes('Google')) { -%>
+  async googleLogin(req, res) {
+    const rootUrl = 'https://accounts.google.com/o/oauth2/v2/auth';
+    const state = crypto.randomBytes(16).toString('hex');
+    this.setOAuthStateCookie(res, state);
+
+    const options = {
+      redirect_uri: process.env.GOOGLE_CALLBACK_URL || 'http://localhost:3000/api/auth/google/callback',
+      client_id: process.env.GOOGLE_CLIENT_ID,
+      access_type: 'offline',
+      response_type: 'code',
+      prompt: 'consent',
+      scope: [
+        'https://www.googleapis.com/auth/userinfo.profile',
+        'https://www.googleapis.com/auth/userinfo.email',
+      ].join(' '),
+      state: state
+    };
+    const qs = new URLSearchParams(options);
+    res.redirect(`${rootUrl}?${qs.toString()}`);
+  }
+
+  async googleCallback(req, res, _next) {
+    try {
+      const { code, state } = req.query;
+      const savedState = req.cookies?.oauth_state;
+      res.clearCookie('oauth_state');
+
+      if (!state || state !== savedState) {
+        return res.status(HTTP_STATUS.FORBIDDEN).json({ message: 'Invalid state parameter' });
+      }
+
+      const redirectUri = process.env.GOOGLE_CALLBACK_URL || 'http://localhost:3000/api/auth/google/callback';
+
+      <%_ if (architecture === 'Clean Architecture') { _%>
+      const useCase = new SocialLoginUseCase(new GoogleProvider(), new UserRepository());
+      const { user, accessToken, refreshToken } = await useCase.execute(code, redirectUri);
+      const userId = String(user.id || user._id);
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+
+      // Store refresh token
+      <%_ if (caching !== 'None') { _%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get(cacheKey) || [];
+      activeTokens.push(refreshJti);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <%_ } else { _%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <% } %>
+
+      res.cookie('accessToken', accessToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.redirect('/');
+      <%_ } else { _%>
+      const profile = await SocialAuthService.getGoogleProfile(code, redirectUri);
+      
+      <%_ if (database === 'MongoDB' || database === 'None') { -%>
+      let user = await User.findOne({ email: profile.email });
+      <%_ } else { -%>
+      let user = await User.findOne({ where: { email: profile.email } });
+      <%_ } -%>
+
+      if (!user) {
+        user = await User.create({ 
+          email: profile.email, 
+          name: profile.name, 
+          password: null,
+          googleId: profile.id
+        });
+      }
+
+      const userId = String(user.id || user._id);
+      const refreshToken = JwtService.generateRefreshToken({ id: userId, email: user.email });
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+      const accessToken = JwtService.generateToken({ id: userId, email: user.email, sid: refreshJti });
+
+      // Store refresh token
+      <%_ if (caching !== 'None') { -%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get(cacheKey) || [];
+      activeTokens.push(refreshJti);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <%_ } else { _%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <% } %>
+
+      res.cookie('accessToken', accessToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.redirect('/');
+      <% } %>
+    } catch (error) {
+      logger.error('Google callback error:', error);
+      res.redirect('/login?error=social_auth_failed');
+    }
+  }
+<% } -%>
+
+<% if (socialAuth.includes('GitHub')) { -%>
+  async githubLogin(req, res) {
+    const rootUrl = 'https://github.com/login/oauth/authorize';
+    const state = crypto.randomBytes(16).toString('hex');
+    this.setOAuthStateCookie(res, state);
+
+    const options = {
+      client_id: process.env.GITHUB_CLIENT_ID,
+      redirect_uri: process.env.GITHUB_CALLBACK_URL || 'http://localhost:3000/api/auth/github/callback',
+      scope: 'user:email',
+      state: state
+    };
+    const qs = new URLSearchParams(options);
+    res.redirect(`${rootUrl}?${qs.toString()}`);
+  }
+
+  async githubCallback(req, res, _next) {
+    try {
+      const { code, state } = req.query;
+      const savedState = req.cookies?.oauth_state;
+      res.clearCookie('oauth_state');
+
+      if (!state || state !== savedState) {
+        return res.status(HTTP_STATUS.FORBIDDEN).json({ message: 'Invalid state parameter' });
+      }
+
+      <%_ if (architecture === 'Clean Architecture') { _%>
+      const useCase = new SocialLoginUseCase(new GitHubProvider(), new UserRepository());
+      const { user, accessToken, refreshToken } = await useCase.execute(code);
+      const userId = String(user.id || user._id);
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+
+      // Store refresh token
+      <%_ if (caching !== 'None') { _%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get(cacheKey) || [];
+      activeTokens.push(refreshJti);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <%_ } else { _%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <% } %>
+
+      res.cookie('accessToken', accessToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.redirect('/');
+      <%_ } else { _%>
+      const profile = await SocialAuthService.getGithubProfile(code);
+      
+      <%_ if (database === 'MongoDB' || database === 'None') { -%>
+      let user = await User.findOne({ email: profile.email });
+      <%_ } else { -%>
+      let user = await User.findOne({ where: { email: profile.email } });
+      <%_ } -%>
+
+      if (!user) {
+        user = await User.create({ 
+          email: profile.email, 
+          name: profile.name, 
+          password: null,
+          githubId: profile.id
+        });
+      }
+
+      const userId = String(user.id || user._id);
+      const refreshToken = JwtService.generateRefreshToken({ id: userId, email: user.email });
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+      const accessToken = JwtService.generateToken({ id: userId, email: user.email, sid: refreshJti });
+
+      // Store refresh token
+      <%_ if (caching !== 'None') { -%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get(cacheKey) || [];
+      activeTokens.push(refreshJti);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <%_ } else { -%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <% } %>
+
+      res.cookie('accessToken', accessToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax' });
+      res.redirect('/');
+      <%_ } _%>
+    } catch (error) {
+      logger.error('GitHub callback error:', error);
+      res.redirect('/login?error=social_auth_failed');
+    }
+  }
+<% } -%>
 }
 
 module.exports = AuthController;