Посторонним вход запрещён

.env.example

@@ -10,3 +10,6 @@ DB_NAME=six-cities
 
 # UPLOAD
 UPLOAD_DIRECTORY=/home/node/app/upload
+
+# Auth
+JWT_SECRET=secret

package.json

@@ -39,6 +39,7 @@
     "got": "14.4.2",
     "http-status-codes": "2.3.0",
     "inversify": "6.0.2",
+    "jose": "5.9.6",
     "mime-types": "2.1.35",
     "mongodb": "6.9.0",
     "mongoose": "8.7.1",

src/main.rest.ts

@@ -2,6 +2,7 @@ import 'reflect-metadata';
 import { Container } from 'inversify';
 
 import { createRestApplicationContainer } from './rest/rest.container.js';
+import { createAuthContainer } from './shared/modules/auth/index.js';
 import { createUserContainer } from './shared/modules/user/index.js';
 import { createOfferContainer } from './shared/modules/offer/index.js';
 import { createCommentContainer } from './shared/modules/comment/index.js';
@@ -15,7 +16,8 @@ async function bootstrap() {
     createUserContainer(),
     createOfferContainer(),
     createCommentContainer(),
-    createCategoryContainer()
+    createCategoryContainer(),
+    createAuthContainer()
   );
 
   const application = container.get<RestApplication>(Component.RestApplication);

src/rest/rest.application.ts

@@ -1,7 +1,7 @@
 import { inject, injectable } from 'inversify';
 import express, { Express } from 'express';
 
-import { Controller, ExceptionFilter } from '../shared/libs/rest/index.js';
+import { Controller, ExceptionFilter, ParseTokenMiddleware } from '../shared/libs/rest/index.js';
 import { DatabaseClient } from '../shared/libs/database-client/index.js';
 import { Config, RestSchema } from '../shared/libs/config/index.js';
 import { Logger } from '../shared/libs/logger/index.js';
@@ -18,12 +18,14 @@ export class RestApplication {
     @inject(Component.CommentController)
     @inject(Component.CategoryController)
     @inject(Component.ExceptionFilter)
+    @inject(Component.AuthExceptionFilter)
     private readonly databaseClient: DatabaseClient,
     private readonly userController: Controller,
     private readonly offerController: Controller,
     private readonly commentController: Controller,
     private readonly categoryController: Controller,
-    private readonly appExceptionFilter: ExceptionFilter
+    private readonly appExceptionFilter: ExceptionFilter,
+    private readonly authExceptionFilter: ExceptionFilter
   ) {
     this.server = express();
   }
@@ -50,14 +52,17 @@ export class RestApplication {
 
   private initMiddleware() {
     this.logger.info('Инициализация middleware-ов');
+    const authenticateMiddleware = new ParseTokenMiddleware(this.config.get('JWT_SECRET'));
     this.server.use(express.json());
     this.server.use('/upload', express.static(this.config.get('UPLOAD_DIRECTORY')));
+    this.server.use(authenticateMiddleware.execute.bind(authenticateMiddleware));
     this.logger.info('Инициализация middleware-ов завершена');
   }
 
   private initExceptionFilters() {
     this.logger.info('Инициализация фильтров исключений');
     this.server.use(this.appExceptionFilter.catch.bind(this.appExceptionFilter));
+    this.server.use(this.authExceptionFilter.catch.bind(this.authExceptionFilter));
     this.logger.info('Инициализация фильтров исключений завершена');
   }
 

src/shared/libs/config/rest.schema.ts

@@ -12,6 +12,7 @@ export type RestSchema = {
   DB_PORT: string;
   DB_NAME: string;
   UPLOAD_DIRECTORY: string;
+  JWT_SECRET: string;
 };
 
 export const configRestSchema = convict<RestSchema>({
@@ -63,4 +64,10 @@ export const configRestSchema = convict<RestSchema>({
     env: 'UPLOAD_DIRECTORY',
     default: null,
   },
+  JWT_SECRET: {
+    doc: 'Secret for sign JWT',
+    format: String,
+    env: 'JWT_SECRET',
+    default: null,
+  },
 });

src/shared/libs/rest/controller/base-controller.abstract.ts

@@ -38,19 +38,19 @@ export abstract class BaseController implements Controller {
     this.logger.info(`Маршрут зарегистрирован: ${route.method.toUpperCase()} ${route.path}`);
   }
 
-  public send<T>(res: Response, statusCode: number, data: T) {
-    res.type(this.DEFAULT_CONTENT_TYPE).status(statusCode).json(data);
+  public send<T>(response: Response, statusCode: number, data: T) {
+    response.type(this.DEFAULT_CONTENT_TYPE).status(statusCode).json(data);
   }
 
-  public created<T>(res: Response, data: T): void {
-    this.send(res, StatusCodes.CREATED, data);
+  public created<T>(response: Response, data: T): void {
+    this.send(response, StatusCodes.CREATED, data);
   }
 
-  public noContent<T>(res: Response, data: T): void {
-    this.send(res, StatusCodes.NO_CONTENT, data);
+  public noContent<T>(response: Response, data: T): void {
+    this.send(response, StatusCodes.NO_CONTENT, data);
   }
 
-  public ok<T>(res: Response, data: T): void {
-    this.send(res, StatusCodes.OK, data);
+  public ok<T>(response: Response, data: T): void {
+    this.send(response, StatusCodes.OK, data);
   }
 }

src/shared/libs/rest/controller/controller.interface.ts

@@ -4,8 +4,8 @@ import { Route } from '../types/index.js';
 export interface Controller {
   readonly router: Router;
   addRoute(route: Route): void;
-  send<T>(res: Response, statusCode: number, data: T): void;
-  ok<T>(res: Response, data: T): void;
-  created<T>(res: Response, data: T): void;
-  noContent<T>(res: Response, data: T): void;
+  send<T>(response: Response, statusCode: number, data: T): void;
+  ok<T>(response: Response, data: T): void;
+  created<T>(response: Response, data: T): void;
+  noContent<T>(response: Response, data: T): void;
 }

src/shared/libs/rest/exception-filter/app-exception-filter.ts

@@ -1,4 +1,4 @@
-import { Request, Response, NextFunction } from 'express';
+import { NextFunction, Request, Response } from 'express';
 import { inject, injectable } from 'inversify';
 
 import { ExceptionFilter } from './exception-filter.interface.js';
@@ -13,22 +13,37 @@ export class AppExceptionFilter implements ExceptionFilter {
     this.logger.info('Register AppExceptionFilter');
   }
 
-  private handleHttpError(error: HttpError, _req: Request, res: Response, _next: NextFunction) {
+  private handleHttpError(
+    error: HttpError,
+    _request: Request,
+    response: Response,
+    _next: NextFunction
+  ) {
     this.logger.error(`[${error.detail}]: ${error.httpStatusCode} — ${error.message}`, error);
 
-    res.status(error.httpStatusCode).json(new Error(error.message));
+    response.status(error.httpStatusCode).json(new Error(error.message));
   }
 
-  private handleOtherError(error: Error, _req: Request, res: Response, _next: NextFunction) {
+  private handleOtherError(
+    error: Error,
+    _request: Request,
+    response: Response,
+    _next: NextFunction
+  ) {
     this.logger.error(error);
-    res.status(StatusCodes.INTERNAL_SERVER_ERROR).json(new Error(error.message));
+    response.status(StatusCodes.INTERNAL_SERVER_ERROR).json(new Error(error.message));
   }
 
-  public catch(error: Error | HttpError, req: Request, res: Response, next: NextFunction): void {
+  public catch(
+    error: Error | HttpError,
+    request: Request,
+    response: Response,
+    next: NextFunction
+  ): void {
     if (error instanceof HttpError) {
-      return this.handleHttpError(error, req, res, next);
+      return this.handleHttpError(error, request, response, next);
     }
 
-    this.handleOtherError(error, req, res, next);
+    this.handleOtherError(error, request, response, next);
   }
 }

src/shared/libs/rest/exception-filter/exception-filter.interface.ts

@@ -1,5 +1,5 @@
 import { NextFunction, Request, Response } from 'express';
 
 export interface ExceptionFilter {
-  catch(error: Error, req: Request, res: Response, next: NextFunction): void;
+  catch(error: Error, request: Request, response: Response, next: NextFunction): void;
 }

src/shared/libs/rest/middleware/document-exists.middleware.ts

@@ -12,7 +12,11 @@ export class DocumentExistsMiddleware implements Middleware {
     private readonly paramName: string
   ) {}
 
-  public async execute({ params }: Request, _res: Response, next: NextFunction): Promise<void> {
+  public async execute(
+    { params }: Request,
+    _response: Response,
+    next: NextFunction
+  ): Promise<void> {
     const documentId = params[this.paramName];
     const exists = await this.service.exists(documentId);
 

src/shared/libs/rest/middleware/index.ts

@@ -3,3 +3,5 @@ export * from './validate-dto.middleware.js';
 export * from './validate-objectid.middleware.js';
 export * from './document-exists.middleware.js';
 export * from './upload-file.middleware.js';
+export * from './parse-token.middleware.js';
+export * from './private-route.middleware.js';

src/shared/libs/rest/middleware/middleware.interface.ts

@@ -1,5 +1,5 @@
 import { NextFunction, Request, Response } from 'express';
 
 export interface Middleware {
-  execute(req: Request, res: Response, next: NextFunction): void;
+  execute(request: Request, response: Response, next: NextFunction): void;
 }

src/shared/libs/rest/middleware/parse-token.middleware.ts

@@ -0,0 +1,50 @@
+import { NextFunction, Request, Response } from 'express';
+import { jwtVerify } from 'jose';
+import { StatusCodes } from 'http-status-codes';
+import { createSecretKey } from 'node:crypto';
+import { ENCODING } from '../../../../constants/index.js';
+
+import { Middleware } from './middleware.interface.js';
+import { HttpError } from '../errors/index.js';
+import { TokenPayload } from '../../../modules/auth/index.js';
+
+function isTokenPayload(payload: unknown): payload is TokenPayload {
+  return (
+    typeof payload === 'object' &&
+    payload !== null &&
+    'email' in payload &&
+    typeof payload.email === 'string' &&
+    'name' in payload &&
+    typeof payload.name === 'string' &&
+    'id' in payload &&
+    typeof payload.id === 'string'
+  );
+}
+
+export class ParseTokenMiddleware implements Middleware {
+  constructor(private readonly jwtSecret: string) {}
+
+  public async execute(request: Request, _response: Response, next: NextFunction): Promise<void> {
+    const authorizationHeader = request.headers?.authorization?.split(' ');
+    if (!authorizationHeader) {
+      return next();
+    }
+
+    const [, token] = authorizationHeader;
+
+    try {
+      const { payload } = await jwtVerify(token, createSecretKey(this.jwtSecret, ENCODING));
+
+      if (isTokenPayload(payload)) {
+        request.tokenPayload = { ...payload };
+        return next();
+      } else {
+        throw new Error('Не корректный токен');
+      }
+    } catch {
+      return next(
+        new HttpError(StatusCodes.UNAUTHORIZED, 'Неверный токен', 'AuthenticateMiddleware')
+      );
+    }
+  }
+}

src/shared/libs/rest/middleware/private-route.middleware.ts

@@ -0,0 +1,19 @@
+import { StatusCodes } from 'http-status-codes';
+import { NextFunction, Request, Response } from 'express';
+
+import { Middleware } from './middleware.interface.js';
+import { HttpError } from '../errors/index.js';
+
+export class PrivateRouteMiddleware implements Middleware {
+  public async execute(
+    { tokenPayload }: Request,
+    _response: Response,
+    next: NextFunction
+  ): Promise<void> {
+    if (!tokenPayload) {
+      throw new HttpError(StatusCodes.UNAUTHORIZED, 'Unauthorized', 'PrivateRouteMiddleware');
+    }
+
+    return next();
+  }
+}

src/shared/libs/rest/middleware/upload-file.middleware.ts

@@ -11,10 +11,10 @@ export class UploadFileMiddleware implements Middleware {
     private fieldName: string
   ) {}
 
-  public async execute(req: Request, res: Response, next: NextFunction): Promise<void> {
+  public async execute(request: Request, response: Response, next: NextFunction): Promise<void> {
     const storage = diskStorage({
       destination: this.uploadDirectory,
-      filename: (_req, file, callback) => {
+      filename: (_request, file, callback) => {
         const fileExtension = extension(file.mimetype);
         const filename = randomUUID();
         callback(null, `${filename}.${fileExtension}`);
@@ -23,6 +23,6 @@ export class UploadFileMiddleware implements Middleware {
 
     const uploadSingleFileMiddleware = multer({ storage }).single(this.fieldName);
 
-    uploadSingleFileMiddleware(req, res, next);
+    uploadSingleFileMiddleware(request, response, next);
   }
 }

src/shared/libs/rest/middleware/validate-dto.middleware.ts

@@ -8,12 +8,12 @@ import { Middleware } from './middleware.interface.js';
 export class ValidateDtoMiddleware implements Middleware {
   constructor(private dto: ClassConstructor<object>) {}
 
-  public async execute({ body }: Request, res: Response, next: NextFunction): Promise<void> {
+  public async execute({ body }: Request, response: Response, next: NextFunction): Promise<void> {
     const dtoInstance = plainToInstance(this.dto, body);
     const errors = await validate(dtoInstance);
 
     if (errors.length > 0) {
-      res.status(StatusCodes.BAD_REQUEST).send(errors);
+      response.status(StatusCodes.BAD_REQUEST).send(errors);
       return;
     }
 

src/shared/libs/rest/middleware/validate-objectid.middleware.ts

@@ -8,7 +8,7 @@ import { HttpError } from '../errors/index.js';
 export class ValidateObjectIdMiddleware implements Middleware {
   constructor(private param: string) {}
 
-  public execute({ params }: Request, _res: Response, next: NextFunction): void {
+  public execute({ params }: Request, _response: Response, next: NextFunction): void {
     const objectId = params[this.param];
 
     if (Types.ObjectId.isValid(objectId)) {

src/shared/modules/auth/auth-service.interface.ts

@@ -0,0 +1,6 @@
+import { LoginUserDto, UserEntity } from '../user/index.js';
+
+export interface AuthService {
+  authenticate(user: UserEntity): Promise<string>;
+  verify(dto: LoginUserDto): Promise<UserEntity>;
+}

src/shared/modules/auth/auth.container.ts

@@ -0,0 +1,18 @@
+import { Container } from 'inversify';
+
+import { AuthService } from './auth-service.interface.js';
+import { Component } from '../../types/index.js';
+import { DefaultAuthService } from './default-auth.service.js';
+import { ExceptionFilter } from '../../libs/rest/index.js';
+import { AuthExceptionFilter } from './auth.exception-filter.js';
+
+export function createAuthContainer() {
+  const authContainer = new Container();
+  authContainer.bind<AuthService>(Component.AuthService).to(DefaultAuthService).inSingletonScope();
+  authContainer
+    .bind<ExceptionFilter>(Component.AuthExceptionFilter)
+    .to(AuthExceptionFilter)
+    .inSingletonScope();
+
+  return authContainer;
+}