BinaryStudioAcademy · anton-otroshchenko · Aug 29, 2024 · Aug 19, 2024 · Aug 19, 2024 · Aug 19, 2024
@@ -12,6 +12,12 @@ DB_DIALECT=pg
 DB_POOL_MIN=2
 DB_POOL_MAX=10
 
+#
+# TOKEN
+#
+SECRET_KEY=IfcxMIXtiR3LC2CX0inOB3ozBuuTYqb7
+EXPIRATION_TIME=24h
+
 #
 # AWS
 #
@@ -30,3 +36,4 @@ OPEN_AI_KEY=SOME_SECRET_KEY
 # SESSION
 #
 SESSION_KEY=SOME_SECRET_KEY
+
@@ -39,6 +39,8 @@
         "convict": "6.2.4",
         "dotenv": "16.4.5",
         "fastify": "4.28.1",
+        "fastify-plugin": "4.5.1",
+        "jose": "5.7.0",
         "knex": "3.1.0",
         "objection": "3.1.4",
         "openai": "4.56.0",

@@ -8,7 +8,7 @@ import {
     type UserSignInResponseDto,
 } from '~/bundles/users/users.js';
 import { HttpCode, HttpError } from '~/common/http/http.js';
-import { cryptService } from '~/common/services/services.js';
+import { cryptService, tokenService } from '~/common/services/services.js';
 
 import { UserValidationMessage } from './enums/enums.js';
 
@@ -46,7 +46,9 @@ class AuthService {
             });
         }
 
-        return user.toObject();
+        const id = user.toObject().id;
+        const token = await tokenService.createToken(id);
+        return { ...user.toObject(), token };
     }
 
     public async signUp(
@@ -60,7 +62,10 @@ class AuthService {
                 status: HttpCode.BAD_REQUEST,
             });
         }
-        return this.userService.create(userRequestDto);
+        const user = await this.userService.create(userRequestDto);
+        const id = user.id;
+        const token = await tokenService.createToken(id);
+        return { ...user, token };
     }
 }
 

@@ -1,16 +1,19 @@
-import { UserEntity } from '~/bundles/users/user.entity.js';
 import { type UserModel } from '~/bundles/users/user.model.js';
 import { type Repository } from '~/common/types/types.js';
 
+import { UserEntity } from '../../bundles/users/user.entity.js';
+
 class UserRepository implements Repository {
     private userModel: typeof UserModel;
 
     public constructor(userModel: typeof UserModel) {
         this.userModel = userModel;
     }
 
-    public find(): ReturnType<Repository['find']> {
-        return Promise.resolve(null);
+    public async find(userId: string): Promise<UserEntity | null> {
+        const user = await this.userModel.query().findById(userId).execute();
+
+        return user ? UserEntity.initialize(user) : null;
     }
 
     public async findByEmail(email: string): Promise<UserEntity | null> {

@@ -1,8 +1,8 @@
-import { UserEntity } from '~/bundles/users/user.entity.js';
 import { type UserRepository } from '~/bundles/users/user.repository.js';
 import { cryptService } from '~/common/services/services.js';
 import { type Service } from '~/common/types/types.js';
 
+import { UserEntity } from '../../bundles/users/user.entity.js';
 import {
     type UserGetAllResponseDto,
     type UserSignUpRequestDto,
@@ -16,8 +16,8 @@ class UserService implements Service {
         this.userRepository = userRepository;
     }
 
-    public find(): ReturnType<Service['find']> {
-        return Promise.resolve(null);
+    public async find(userId: string): Promise<UserEntity | null> {
+        return await this.userRepository.find(userId);
     }
 
     public async findByEmail(email: string): Promise<UserEntity | null> {

@@ -16,6 +16,7 @@ export {
     type UserSignUpRequestDto,
     type UserSignUpResponseDto,
 } from './types/types.js';
+export { type UserEntity } from './user.entity.js';
 export { UserModel } from './user.model.js';
 export {
     userSignInValidationSchema,

@@ -74,6 +74,20 @@ class BaseConfig implements Config {
                     default: null,
                 },
             },
+            TOKEN: {
+                SECRET_KEY: {
+                    doc: 'Secret key for token generation',
+                    format: String,
+                    env: 'SECRET_KEY',
+                    default: null,
+                },
+                EXPIRATION_TIME: {
+                    doc: 'Token expiration time',
+                    format: String,
+                    env: 'EXPIRATION_TIME',
+                    default: null,
+                },
+            },
             AWS: {
                 ACCESS_KEY_ID: {
                     doc: 'AWS access key id',

@@ -13,6 +13,10 @@ type EnvironmentSchema = {
         POOL_MIN: number;
         POOL_MAX: number;
     };
+    TOKEN: {
+        SECRET_KEY: string;
+        EXPIRATION_TIME: string;
+    };
     AWS: {
         ACCESS_KEY_ID: string;
         SECRET_ACCESS_KEY: string;

@@ -1 +1,2 @@
 export { USER_PASSWORD_SALT_ROUNDS } from './user.constants.js';
+export { WHITE_ROUTES } from './white-routes.constants.js';
@@ -0,0 +1,14 @@
+import { ApiPath, AuthApiPath } from 'shared';
+
+const WHITE_ROUTES = [
+    {
+        path: `/api/v1${ApiPath.AUTH}${AuthApiPath.SIGN_IN}`,
+        method: 'POST',
+    },
+    {
+        path: `/api/v1${ApiPath.AUTH}${AuthApiPath.SIGN_UP}`,
+        method: 'POST',
+    },
+];
+
+export { WHITE_ROUTES };
@@ -0,0 +1,58 @@
+import fp from 'fastify-plugin';
+import { HttpCode, HttpError, HttpHeader } from 'shared';
+
+import { userService } from '~/bundles/users/users.js';
+import { tokenService } from '~/common/services/services.js';
+
+import { ErrorMessage, Hook } from './enums/enums.js';
+import { type Route } from './types/types.js';
+import { isRouteInWhiteList } from './utils/utils.js';
+
+type Options = {
+    routesWhiteList: Route[];
+};
+
+const authenticateJWT = fp<Options>((fastify, { routesWhiteList }, done) => {
+    fastify.decorateRequest('user', null);
+
+    fastify.addHook(Hook.PRE_HANDLER, async (request) => {
+        if (isRouteInWhiteList(routesWhiteList, request)) {
+            return;
+        }
+
+        const authHeader = request.headers[HttpHeader.AUTHORIZATION];
+
+        if (!authHeader) {
+            throw new HttpError({
+                message: ErrorMessage.MISSING_TOKEN,
+                status: HttpCode.UNAUTHORIZED,
+            });
+        }
+
+        const [, token] = authHeader.split(' ');
+
+        const userId = await tokenService.getUserIdFromToken(token as string);
+
+        if (!userId) {
+            throw new HttpError({
+                message: ErrorMessage.INVALID_TOKEN,
+                status: HttpCode.UNAUTHORIZED,
+            });
+        }
+
+        const user = await userService.find(userId);
+
+        if (!user) {
+            throw new HttpError({
+                message: ErrorMessage.MISSING_USER,
+                status: HttpCode.BAD_REQUEST,
+            });
+        }
+
+        request.user = user;
+    });
+
+    done();
+});
+
+export { authenticateJWT };
@@ -0,0 +1,2 @@
+export { ErrorMessage } from './error-message.enum.js';
+export { Hook } from './hook.enum.js';
@@ -0,0 +1,7 @@
+const ErrorMessage = {
+    MISSING_TOKEN: 'You are not logged in',
+    INVALID_TOKEN: 'Token is no longer valid. Please log in again.',
+    MISSING_USER: 'User with this id does not exist.',
+} as const;
+
+export { ErrorMessage };
@@ -0,0 +1,5 @@
+const Hook = {
+    PRE_HANDLER: 'preHandler',
+} as const;
+
+export { Hook };
@@ -0,0 +1,6 @@
+type Route = {
+    path: string;
+    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+};
+
+export { type Route };
@@ -0,0 +1 @@
+export { type Route } from './route.type.js';
@@ -0,0 +1,15 @@
+import { type FastifyRequest } from 'fastify';
+
+import { type Route } from '../types/types.js';
+
+const isRouteInWhiteList = (
+    routesWhiteList: Route[],
+    request: FastifyRequest,
+): boolean => {
+    return routesWhiteList.some(
+        (route) =>
+            route.path === request.url && route.method === request.method,
+    );
+};
+
+export { isRouteInWhiteList };
@@ -0,0 +1 @@
+export { isRouteInWhiteList } from './check-white-routes.util.js';
@@ -0,0 +1 @@
+export { authenticateJWT } from './auth/auth-jwt.plugin.js';
@@ -23,6 +23,8 @@ import {
     type ValidationSchema,
 } from '~/common/types/types.js';
 
+import { WHITE_ROUTES } from '../constants/constants.js';
+import { authenticateJWT } from '../plugins/plugins.js';
 import {
     type ServerApp,
     type ServerAppApi,
@@ -124,6 +126,10 @@ class BaseServerApp implements ServerApp {
     }
 
     private registerPlugins(): void {
+        this.app.register(authenticateJWT, {
+            routesWhiteList: WHITE_ROUTES,
+        });
+
         this.app.register(fastifyMultipart, {
             limits: {
                 fileSize: Number.POSITIVE_INFINITY,

@@ -1,8 +1,13 @@
 import { config } from '../config/config.js';
 import { CryptService } from './crypt/crypt.service.js';
 import { FileService } from './file/file.service.js';
+import { TokenService } from './token/token.services.js';
 
 const cryptService = new CryptService();
 const fileService = new FileService(config);
 
-export { cryptService, fileService };
+const secretKey = config.ENV.TOKEN.SECRET_KEY;
+const expirationTime = config.ENV.TOKEN.EXPIRATION_TIME;
+const tokenService = new TokenService(secretKey, expirationTime);
+
+export { cryptService, fileService, tokenService };
@@ -0,0 +1,35 @@
+import { type JWTPayload as TokenPayload } from 'jose';
+import { jwtVerify, SignJWT } from 'jose';
+
+class TokenService {
+    private SECRET_KEY: Uint8Array;
+    private EXPIRATION_TIME: string;
+
+    public constructor(secretKey: string, expirationTime: string) {
+        this.SECRET_KEY = new TextEncoder().encode(secretKey);
+        this.EXPIRATION_TIME = expirationTime;
+    }
+
+    public async createToken(userId: string): Promise<string> {
+        return await new SignJWT({ userId })
+            .setProtectedHeader({ alg: 'HS256' })
+            .setExpirationTime(this.EXPIRATION_TIME)
+            .sign(this.SECRET_KEY);
+    }
+
+    public async verifyToken(token: string): Promise<TokenPayload | null> {
+        try {
+            const { payload } = await jwtVerify(token, this.SECRET_KEY);
+            return payload;
+        } catch {
+            return null;
+        }
+    }
+
+    public async getUserIdFromToken(token: string): Promise<string | null> {
+        const payload = await this.verifyToken(token);
+        return (payload?.['userId'] as string) || null;
+    }
+}
+
+export { TokenService };
@@ -0,0 +1,9 @@
+import 'fastify';
+
+import { type UserEntity } from '~/bundles/users/users.js';
+
+declare module 'fastify' {
+    interface FastifyRequest {
+        user: UserEntity;
+    }
+}
@@ -1,6 +1,7 @@
 type UserSignInResponseDto = {
     id: string;
     email: string;
+    token?: string;
 };
 
 export { type UserSignInResponseDto };
@@ -2,6 +2,7 @@ type UserSignUpResponseDto = {
     id: string;
     fullName: string;
     email: string;
+    token?: string;
 };
 
 export { type UserSignUpResponseDto };
@@ -5,6 +5,8 @@ const HttpCode = {
     NOT_FOUND: 404,
     UNPROCESSED_ENTITY: 422,
     INTERNAL_SERVER_ERROR: 500,
+    UNAUTHORIZED: 401,
+    FORBIDDEN: 403,
 } as const;
 
 export { HttpCode };
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		export { USER_PASSWORD_SALT_ROUNDS } from './user.constants.js';
		export { WHITE_ROUTES } from './white-routes.constants.js';
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		export { ErrorMessage } from './error-message.enum.js';
		export { Hook } from './hook.enum.js';
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		export { isRouteInWhiteList } from './check-white-routes.util.js';
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		export { authenticateJWT } from './auth/auth-jwt.plugin.js';