underpost 2.8.871 → 2.8.873

package/src/api/core/core.router.js

@@ -1,4 +1,4 @@
-import { adminGuard, authMiddleware } from '../../server/auth.js';
+import { adminGuard } from '../../server/auth.js';
 import { loggerFactory } from '../../server/logger.js';
 import { CoreController } from './core.controller.js';
 import express from 'express';
@@ -7,6 +7,7 @@ const logger = loggerFactory(import.meta);
 
 const CoreRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
   router.post(`/:id`, authMiddleware, adminGuard, async (req, res) => await CoreController.post(req, res, options));
   router.post(`/`, authMiddleware, adminGuard, async (req, res) => await CoreController.post(req, res, options));
   router.get(`/:id`, authMiddleware, adminGuard, async (req, res) => await CoreController.get(req, res, options));

package/src/api/default/default.controller.js

@@ -21,7 +21,12 @@ const DefaultController = {
   },
   get: async (req, res, options) => {
     try {
-      const result = await DefaultService.get(req, res, options);
+      const { page, limit } = req.query;
+      const result = await DefaultService.get(
+        { ...req, query: { ...req.query, page: parseInt(page), limit: parseInt(limit) } },
+        res,
+        options,
+      );
       return res.status(200).json({
         status: 'success',
         data: result,

package/src/api/default/default.router.js

@@ -1,4 +1,3 @@
-import { authMiddleware } from '../../server/auth.js';
 import { loggerFactory } from '../../server/logger.js';
 import { DefaultController } from './default.controller.js';
 import express from 'express';
@@ -7,9 +6,14 @@ const logger = loggerFactory(import.meta);
 
 const DefaultRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
   router.post(`/:id`, async (req, res) => await DefaultController.post(req, res, options));
   router.post(`/`, async (req, res) => await DefaultController.post(req, res, options));
-  router.get(`/:id`, async (req, res) => await DefaultController.get(req, res, options));
+  router.get(
+    `/:id`,
+    // authMiddleware,
+    async (req, res) => await DefaultController.get(req, res, options),
+  );
   router.get(`/`, async (req, res) => await DefaultController.get(req, res, options));
   router.put(`/:id`, async (req, res) => await DefaultController.put(req, res, options));
   router.put(`/`, async (req, res) => await DefaultController.put(req, res, options));

package/src/api/default/default.service.js

@@ -13,7 +13,16 @@ const DefaultService = {
     /** @type {import('./default.model.js').DefaultModel} */
     const Default = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Default;
     if (req.params.id) return await Default.findById(req.params.id);
-    return await Default.find();
+    const { query, page = 1, limit = 10, sort = { updatedAt: -1 } } = req.query;
+    const queryPayload = query ? JSON.parse(query) : {};
+    const skip = (page - 1) * limit;
+    const [data, total] = await Promise.all([
+      Default.find(queryPayload).sort(sort).limit(limit).skip(skip),
+      Default.countDocuments(queryPayload),
+    ]);
+
+    const totalPages = Math.ceil(total / limit);
+    return { data, total, page, totalPages };
   },
   put: async (req, res, options) => {
     /** @type {import('./default.model.js').DefaultModel} */

package/src/api/file/file.router.js

@@ -1,4 +1,4 @@
-import { adminGuard, authMiddleware } from '../../server/auth.js';
+import { adminGuard } from '../../server/auth.js';
 import { loggerFactory } from '../../server/logger.js';
 import { FileController } from './file.controller.js';
 import express from 'express';
@@ -6,6 +6,7 @@ const logger = loggerFactory(import.meta);
 
 const FileRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
   router.post(`/:id`, authMiddleware, async (req, res) => await FileController.post(req, res, options));
   router.post(`/`, authMiddleware, async (req, res) => await FileController.post(req, res, options));
   router.get(`/blob/:id`, async (req, res) => await FileController.get(req, res, options));

package/src/api/test/test.router.js

@@ -1,4 +1,3 @@
-import { authMiddleware } from '../../server/auth.js';
 import { loggerFactory } from '../../server/logger.js';
 import { TestController } from './test.controller.js';
 import express from 'express';
@@ -7,6 +6,7 @@ const logger = loggerFactory(import.meta);
 
 const TestRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
   router.post(`/:id`, async (req, res) => await TestController.post(req, res, options));
   router.post(`/`, authMiddleware, async (req, res) => await TestController.post(req, res, options));
   router.get(`/:id`, async (req, res) => await TestController.get(req, res, options));

package/src/api/user/postman_collection.json

@@ -0,0 +1,216 @@
+{
+  "info": {
+    "_postman_id": "a1b2c3d4-e5f6-7890-1234-567890abcdef",
+    "name": "User API",
+    "description": "A collection of requests for the User API.",
+    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+  },
+  "item": [
+    {
+      "name": "user",
+      "item": [
+        {
+          "name": "Log in",
+          "request": {
+            "method": "POST",
+            "header": [
+              {
+                "key": "Content-Type",
+                "value": "application/json",
+                "type": "text"
+              }
+            ],
+            "body": {
+              "mode": "raw",
+              "raw": "{\n    \"email\": \"user@example.com\",\n    \"password\": \"Password123\"\n}",
+              "options": {
+                "raw": {
+                  "language": "json"
+                }
+              }
+            },
+            "url": {
+              "raw": "{{baseUrl}}/user/auth",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", "auth"]
+            },
+            "description": "This endpoint get a JWT for authenticated user"
+          },
+          "response": [
+            {
+              "name": "User logged in successfully",
+              "originalRequest": {
+                "method": "POST",
+                "header": [],
+                "body": {
+                  "mode": "raw",
+                  "raw": ""
+                },
+                "url": {
+                  "raw": "{{baseUrl}}/user/auth",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["user", "auth"]
+                }
+              },
+              "status": "OK",
+              "code": 200,
+              "_postman_previewlanguage": "json",
+              "header": [
+                {
+                  "key": "Content-Type",
+                  "value": "application/json"
+                }
+              ],
+              "cookie": [],
+              "body": "{\n    \"status\": \"success\",\n    \"data\": {\n        \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7Il9pZCI6IjY2YzM3N2Y1N2Y5OWU1OTY5YjgxZG...\",\n        \"user\": {\n            \"_id\": \"66c377f57f99e5969b81de89\",\n            \"email\": \"user@example.com\",\n            \"emailConfirmed\": false,\n            \"username\": \"user123\",\n            \"role\": \"user\",\n            \"profileImageId\": \"66c377f57f99e5969b81de87\"\n        }\n    }\n}"
+            }
+          ]
+        },
+        {
+          "name": "Create user",
+          "request": {
+            "method": "POST",
+            "header": [
+              {
+                "key": "Content-Type",
+                "value": "application/json",
+                "type": "text"
+              }
+            ],
+            "body": {
+              "mode": "raw",
+              "raw": "{\n    \"username\": \"user123\",\n    \"password\": \"Password123\",\n    \"email\": \"user@example.com\"\n}",
+              "options": {
+                "raw": {
+                  "language": "json"
+                }
+              }
+            },
+            "url": {
+              "raw": "{{baseUrl}}/user",
+              "host": ["{{baseUrl}}"],
+              "path": ["user"]
+            },
+            "description": "This endpoint will create a new user account"
+          },
+          "response": []
+        },
+        {
+          "name": "Get user data by ID",
+          "request": {
+            "auth": {
+              "type": "bearer",
+              "bearer": [
+                {
+                  "key": "token",
+                  "value": "{{authToken}}",
+                  "type": "string"
+                }
+              ]
+            },
+            "method": "GET",
+            "header": [],
+            "url": {
+              "raw": "{{baseUrl}}/user/:id",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", ":id"],
+              "variable": [
+                {
+                  "key": "id",
+                  "value": "your_user_id"
+                }
+              ]
+            },
+            "description": "This endpoint get user data by ID"
+          },
+          "response": []
+        },
+        {
+          "name": "Update user data by ID",
+          "request": {
+            "auth": {
+              "type": "bearer",
+              "bearer": [
+                {
+                  "key": "token",
+                  "value": "{{authToken}}",
+                  "type": "string"
+                }
+              ]
+            },
+            "method": "PUT",
+            "header": [
+              {
+                "key": "Content-Type",
+                "value": "application/json",
+                "type": "text"
+              }
+            ],
+            "body": {
+              "mode": "raw",
+              "raw": "{\n    \"username\": \"newuser123\",\n    \"password\": \"NewPassword123\",\n    \"email\": \"newuser@example.com\"\n}",
+              "options": {
+                "raw": {
+                  "language": "json"
+                }
+              }
+            },
+            "url": {
+              "raw": "{{baseUrl}}/user/:id",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", ":id"],
+              "variable": [
+                {
+                  "key": "id",
+                  "value": "your_user_id"
+                }
+              ]
+            },
+            "description": "This endpoint will update user data by ID"
+          },
+          "response": []
+        },
+        {
+          "name": "Delete user data by ID",
+          "request": {
+            "auth": {
+              "type": "bearer",
+              "bearer": [
+                {
+                  "key": "token",
+                  "value": "{{authToken}}",
+                  "type": "string"
+                }
+              ]
+            },
+            "method": "DELETE",
+            "header": [],
+            "url": {
+              "raw": "{{baseUrl}}/user/:id",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", ":id"],
+              "variable": [
+                {
+                  "key": "id",
+                  "value": "your_user_id"
+                }
+              ]
+            },
+            "description": "This endpoint deletes user data by ID, the path ID must match with the ID of the authenticated user"
+          },
+          "response": []
+        }
+      ]
+    }
+  ],
+  "variable": [
+    {
+      "key": "baseUrl",
+      "value": "http://localhost:3000/api"
+    },
+    {
+      "key": "authToken",
+      "value": ""
+    }
+  ]
+}

package/src/api/user/user.controller.js

@@ -3,68 +3,33 @@ import { UserService } from './user.service.js';
 
 const logger = loggerFactory(import.meta);
 
-const UserController = {
-  post: async (req, res, options) => {
-    try {
-      const result = await UserService.post(req, res, options);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
-    }
-  },
-  get: async (req, res, options) => {
-    try {
-      const result = await UserService.get(req, res, options);
-      if (result instanceof Buffer) return res.status(200).end(result);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
-    }
-  },
-  delete: async (req, res, options) => {
-    try {
-      const result = await UserService.delete(req, res, options);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
+const handleRequest = (serviceMethod) => async (req, res, options) => {
+  try {
+    const result = await serviceMethod(req, res, options);
+    if (res.headersSent) {
+      return;
     }
-  },
-  put: async (req, res, options) => {
-    try {
-      const result = await UserService.put(req, res, options);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
+    if (result instanceof Buffer) {
+      return res.status(200).end(result);
     }
-  },
+    return res.status(200).json({
+      status: 'success',
+      data: result,
+    });
+  } catch (error) {
+    logger.error(error, error.stack);
+    return res.status(400).json({
+      status: 'error',
+      message: error.message,
+    });
+  }
+};
+
+const UserController = {
+  post: handleRequest(UserService.post),
+  get: handleRequest(UserService.get),
+  delete: handleRequest(UserService.delete),
+  put: handleRequest(UserService.put),
 };
 
 export { UserController };

package/src/api/user/user.model.js

@@ -1,7 +1,7 @@
 import { Schema, model } from 'mongoose';
 import validator from 'validator';
 import { userRoleEnum } from '../../client/components/core/CommonJs.js';
-
+import crypto from 'crypto';
 // https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
 
 const UserSchema = new Schema(
@@ -22,6 +22,19 @@ const UserSchema = new Schema(
     password: { type: String, trim: true, required: 'Password is required' },
     username: { type: String, trim: true, unique: true, required: 'Username is required' },
     role: { type: String, enum: userRoleEnum, default: 'guest' },
+    activeSessions: {
+      type: [
+        {
+          tokenHash: { type: String, required: true },
+          ip: { type: String },
+          userAgent: { type: String },
+          expiresAt: { type: Date, required: true },
+          host: { type: String },
+          path: { type: String },
+        },
+      ],
+      default: [],
+    },
     profileImageId: { type: Schema.Types.ObjectId, ref: 'File' },
     phoneNumbers: [
       {
@@ -63,15 +76,24 @@ const UserDto = {
       return { _id: 1, username: 1, email: 1, role: 1, emailConfirmed: 1, profileImageId: 1 };
     },
     getAll: () => {
-      return { _id: 1, name: 1 };
+      return { _id: 1 };
     },
   },
   auth: {
-    // TODO: -> set login device, location, ip, fingerprint
-    //          and validate on authorization middleware
-    //       -> dynamic refresh 100 tokens per session with 12h interval
-    //       -> back secret per user, registrarion user model -> secret: { type: String }
-    payload: (user) => ({ _id: user._id.toString(), role: user.role, email: user.email }),
+    payload: (user, jwtid, ip, userAgent, host, path) => {
+      const tokenPayload = {
+        _id: user._id.toString(),
+        role: user.role,
+        email: user.email,
+        ip,
+        userAgent,
+        host,
+        path,
+        jwtid: jwtid ?? crypto.randomBytes(8).toString('hex'),
+        refreshExpiresAt: Date.now() + parseInt(process.env.REFRESH_EXPIRE_MINUTES) * 60 * 1000,
+      };
+      return tokenPayload;
+    },
   },
 };
 

package/src/api/user/user.router.js

@@ -1,25 +1,28 @@
-import { authMiddleware, hashPassword } from '../../server/auth.js';
+import { hashPassword } from '../../server/auth.js';
 import fs from 'fs-extra';
 import { loggerFactory } from '../../server/logger.js';
 import { UserController } from './user.controller.js';
 import express from 'express';
 import { DataBaseProvider } from '../../db/DataBaseProvider.js';
 import { FileFactory } from '../file/file.service.js';
+import { s4 } from '../../client/components/core/CommonJs.js';
 
 const logger = loggerFactory(import.meta);
 
 const UserRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
 
   (async () => {
     // admin user seed
     try {
       const models = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models;
+      let adminUser;
       if (models.User) {
-        const adminUser = await models.User.findOne({ role: 'admin' });
+        adminUser = await models.User.findOne({ role: 'admin' });
         if (!adminUser) {
           const defaultPassword = process.env.DEFAULT_ADMIN_PASSWORD || 'changethis';
-          const hashedPassword = hashPassword(defaultPassword);
+          const hashedPassword = await hashPassword(defaultPassword);
 
           const result = await models.User.create({
             username: 'admin',