Посторонним вход запрещён

custom.d.ts

@@ -0,0 +1,6 @@
+import { TokenPayload } from './src/shared/modules/auth/index.js';
+declare module 'express-serve-static-core' {
+  export interface Request {
+    tokenPayload: TokenPayload;
+  }
+}

package.json

@@ -56,6 +56,7 @@
     "got": "13.0.0",
     "http-status-codes": "2.3.0",
     "inversify": "6.0.1",
+    "jose": "4.15.4",
     "mime-types": "2.1.35",
     "mongoose": "7.5.3",
     "multer": "1.4.5-lts.1",

src/main.rest.ts

@@ -6,13 +6,15 @@ import {createRestApplicationContainer} from './rest/rest.container.js';
 import {createUserContainer} from './shared/modules/user/index.js';
 import {createOfferContainer} from './shared/modules/offer/index.js';
 import {createCommentContainer} from './shared/modules/comment/index.js';
+import {createAuthContainer} from './shared/modules/auth/index.js';
 
 async function bootstrap() {
   const appContainer = Container.merge(
     createRestApplicationContainer(),
     createOfferContainer(),
     createUserContainer(),
     createCommentContainer(),
+    createAuthContainer(),
   );
 
   const application = appContainer.get<RestApplication>(Component.RestApplication);

src/rest/rest.application.ts

@@ -7,6 +7,7 @@ import {Component} from '../shared/types/index.js';
 import {DatabaseClient} from '../shared/libs/database-client/index.js';
 import {getMongoURI} from '../shared/helpers/index.js';
 import {Controller, ExceptionFilter} from '../shared/libs/rest/index.js';
+import {ParseTokenMiddleware} from '../shared/libs/rest/middleware/parse-token.middleware.js';
 
 @injectable()
 export class RestApplication {
@@ -20,7 +21,7 @@ export class RestApplication {
     @inject(Component.ExceptionFilter) private readonly appExceptionFilter: ExceptionFilter,
     @inject(Component.UserController) private readonly userController: Controller,
     @inject(Component.OfferController) private readonly offerController: Controller,
-
+    @inject(Component.AuthExceptionFilter) private readonly authExceptionFilter: ExceptionFilter,
   ) {
     this.server = express();
     this.server.disable('x-powered-by');
@@ -50,14 +51,17 @@ export class RestApplication {
   }
 
   private async _initMiddleware() {
+    const authenticateMiddleware = new ParseTokenMiddleware(this.config.get('JWT_SECRET'));
     this.server.use(express.json());
     this.server.use(
       '/upload',
       express.static(this.config.get('UPLOAD_DIRECTORY'))
     );
+    this.server.use(authenticateMiddleware.execute.bind(authenticateMiddleware));
   }
 
   private async _initExceptionFilters() {
+    this.server.use(this.authExceptionFilter.catch.bind(this.authExceptionFilter));
     this.server.use(this.appExceptionFilter.catch.bind(this.appExceptionFilter));
   }
 

src/shared/libs/config/rest.schema.ts

@@ -12,6 +12,7 @@ export type RestSchema = {
   DB_PORT: string;
   DB_NAME: string;
   UPLOAD_DIRECTORY: string;
+  JWT_SECRET: string;
 }
 
 export const configRestSchema = convict<RestSchema>({
@@ -63,6 +64,12 @@ export const configRestSchema = convict<RestSchema>({
     env: 'UPLOAD_DIRECTORY',
     default: 'upload'
   },
+  JWT_SECRET: {
+    doc: 'Secret for sign JWT',
+    format: String,
+    env: 'JWT_SECRET',
+    default: 'ytfytfytf'
+  },
 });
 
 

src/shared/libs/rest/index.ts

@@ -12,3 +12,4 @@ export * from './middleware/validate-objectid.middleware.js';
 export * from './middleware/validate-dto.middleware.js';
 export * from './middleware/document-exista.middleware.js';
 export * from './middleware/upload-file.middleware.js';
+export * from './middleware/private-route.middleware.js';

src/shared/libs/rest/middleware/parse-token.middleware.ts

@@ -0,0 +1,46 @@
+import {NextFunction, Request, Response} from 'express';
+import {jwtVerify} from 'jose';
+import {StatusCodes} from 'http-status-codes';
+import {createSecretKey} from 'node:crypto';
+import {Middleware} from './middleware.interface.js';
+import {HttpError} from '../errors/index.js';
+import {TokenPayload} from '../../../modules/auth/index.js';
+
+function isTokenPayload(payload: unknown): payload is TokenPayload {
+  return (
+    (typeof payload === 'object' && payload !== null) &&
+    ('email' in payload && typeof payload.email === 'string') &&
+    ('name' in payload && typeof payload.name === 'string') &&
+    ('avatarUrl' in payload && typeof payload.avatarUrl === 'string') &&
+    ('isPro' in payload && typeof payload.isPro === 'boolean') &&
+    ('id' in payload && typeof payload.id === 'string')
+  );
+}
+
+export class ParseTokenMiddleware implements Middleware {
+  constructor(private readonly jwtSecret: string) {
+  }
+
+  public async execute(req: Request, _res: Response, next: NextFunction): Promise<void> {
+    const authorizationHeader = req.headers?.authorization?.split(' ');
+    if (!authorizationHeader) {
+      return next();
+    }
+    const [, token] = authorizationHeader;
+    try {
+      const {payload} = await jwtVerify(token, createSecretKey(this.jwtSecret, 'utf-8'));
+      if (isTokenPayload(payload)) {
+        req.tokenPayload = {...payload};
+        return next();
+      } else {
+        throw new Error('Bad token');
+      }
+    } catch {
+      return next(new HttpError(
+        StatusCodes.UNAUTHORIZED,
+        'Invalid token',
+        'AuthenticateMiddleware')
+      );
+    }
+  }
+}

src/shared/libs/rest/middleware/private-route.middleware.ts

@@ -0,0 +1,16 @@
+import { StatusCodes } from 'http-status-codes';
+import { NextFunction, Request, Response } from 'express';
+import { Middleware } from './middleware.interface.js';
+import { HttpError } from '../errors/index.js';
+export class PrivateRouteMiddleware implements Middleware {
+  public async execute({ tokenPayload }: Request, _res: Response, next: NextFunction): Promise<void> {
+    if (! tokenPayload) {
+      throw new HttpError(
+        StatusCodes.UNAUTHORIZED,
+        'Unauthorized',
+        'PrivateRouteMiddleware'
+      );
+    }
+    return next();
+  }
+}

src/shared/modules/auth/auth-service.interface.ts

@@ -0,0 +1,5 @@
+import { LoginUserDto, UserEntity } from '../user/index.js';
+export interface AuthService {
+  authenticate(user: UserEntity): Promise<string>;
+  verify(dto: LoginUserDto): Promise<UserEntity>;
+}

src/shared/modules/auth/auth.constant.ts

@@ -0,0 +1,2 @@
+export const JWT_ALGORITHM = 'HS256';
+export const JWT_EXPIRED = '2d';

src/shared/modules/auth/auth.container.ts

@@ -0,0 +1,12 @@
+import { Container } from 'inversify';
+import { AuthService } from './auth-service.interface.js';
+import { Component } from '../../types/index.js';
+import { DefaultAuthService } from './default-auth.service.js';
+import { ExceptionFilter } from '../../libs/rest/index.js';
+import { AuthExceptionFilter } from './auth.exception-filter.js';
+export function createAuthContainer() {
+  const authContainer = new Container();
+  authContainer.bind<AuthService>(Component.AuthService).to(DefaultAuthService).inSingletonScope();
+  authContainer.bind<ExceptionFilter>(Component.AuthExceptionFilter).to(AuthExceptionFilter).inSingletonScope();
+  return authContainer;
+}

src/shared/modules/auth/auth.exception-filter.ts

@@ -0,0 +1,27 @@
+import {inject, injectable} from 'inversify';
+import {NextFunction, Request, Response} from 'express';
+import {ExceptionFilter} from '../../libs/rest/index.js';
+import {Component} from '../../types/index.js';
+import {Logger} from '../../libs/logger/index.js';
+import {BaseUserException} from './errors/index.js';
+
+@injectable()
+export class AuthExceptionFilter implements ExceptionFilter {
+  constructor(
+    @inject(Component.Logger) private readonly logger: Logger
+  ) {
+    this.logger.info('Register AuthExceptionFilter');
+  }
+
+  public catch(error: unknown, _req: Request, res: Response, next: NextFunction): void {
+    if (!(error instanceof BaseUserException)) {
+      return next(error);
+    }
+    this.logger.error(`[AuthModule] ${error.message}`, error);
+    res.status(error.httpStatusCode)
+      .json({
+        type: 'AUTHORIZATION',
+        error: error.message,
+      });
+  }
+}

src/shared/modules/auth/default-auth.service.ts

@@ -0,0 +1,52 @@
+import {inject, injectable} from 'inversify';
+import * as crypto from 'node:crypto';
+import {SignJWT} from 'jose';
+import {AuthService} from './auth-service.interface.js';
+import {Component} from '../../types/index.js';
+import {Logger} from '../../libs/logger/index.js';
+import {LoginUserDto, UserEntity, UserService} from '../user/index.js';
+import {TokenPayload} from './types/TokenPayload.js';
+import {Config, RestSchema} from '../../libs/config/index.js';
+import {UserNotFoundException, UserPasswordIncorrectException} from './errors/index.js';
+import {JWT_ALGORITHM, JWT_EXPIRED} from './auth.constant.js';
+
+@injectable()
+export class DefaultAuthService implements AuthService {
+  constructor(
+    @inject(Component.Logger) private readonly logger: Logger,
+    @inject(Component.UserService) private readonly userService: UserService,
+    @inject(Component.Config) private readonly config: Config<RestSchema>,
+  ) {
+  }
+
+  public async authenticate(user: UserEntity): Promise<string> {
+    const jwtSecret = this.config.get('JWT_SECRET');
+    const secretKey = crypto.createSecretKey(jwtSecret, 'utf-8');
+    const tokenPayload: TokenPayload = {
+      email: user.email,
+      name: user.name,
+      avatarUrl: user.avatarUrl,
+      isPro: user.isPro,
+      id: user.id,
+    };
+    this.logger.info(`Create token for ${user.email}`);
+    return new SignJWT(tokenPayload)
+      .setProtectedHeader({alg: JWT_ALGORITHM})
+      .setIssuedAt()
+      .setExpirationTime(JWT_EXPIRED)
+      .sign(secretKey);
+  }
+
+  public async verify(dto: LoginUserDto): Promise<UserEntity> {
+    const user = await this.userService.findByEmail(dto.email);
+    if (!user) {
+      this.logger.warn(`User with ${dto.email} not found`);
+      throw new UserNotFoundException();
+    }
+    if (!user.verifyPassword(dto.password, this.config.get('SALT'))) {
+      this.logger.warn(`Incorrect password for ${dto.email}`);
+      throw new UserPasswordIncorrectException();
+    }
+    return user;
+  }
+}

src/shared/modules/auth/errors/base-user.exception.ts

@@ -0,0 +1,6 @@
+import { HttpError } from '../../../libs/rest/index.js';
+export class BaseUserException extends HttpError {
+  constructor(httpStatusCode: number, message: string) {
+    super(httpStatusCode, message);
+  }
+}

src/shared/modules/auth/errors/index.ts

@@ -0,0 +1,3 @@
+export * from './user-not-found.exeption.js';
+export * from './base-user.exception.js';
+export * from './user-password-incorrect.exeption.js';

src/shared/modules/auth/errors/user-not-found.exeption.ts

@@ -0,0 +1,7 @@
+import { StatusCodes } from 'http-status-codes';
+import { BaseUserException } from './base-user.exception.js';
+export class UserNotFoundException extends BaseUserException {
+  constructor() {
+    super(StatusCodes.NOT_FOUND, 'User not found');
+  }
+}

src/shared/modules/auth/errors/user-password-incorrect.exeption.ts

@@ -0,0 +1,7 @@
+import { StatusCodes } from 'http-status-codes';
+import { BaseUserException } from './base-user.exception.js';
+export class UserPasswordIncorrectException extends BaseUserException {
+  constructor() {
+    super(StatusCodes.UNAUTHORIZED, 'Incorrect user name or password');
+  }
+}

src/shared/modules/auth/index.ts

@@ -0,0 +1,4 @@
+export * from './auth-service.interface.js';
+export * from './types/TokenPayload.js';
+export * from './auth.container.js';
+export * from './default-auth.service.js';

src/shared/modules/auth/types/TokenPayload.ts

@@ -0,0 +1,7 @@
+export type TokenPayload = {
+  email: string;
+  name: string;
+  avatarUrl: string;
+  isPro: boolean;
+  id: string;
+};

src/shared/modules/comment/comment.controller.ts

@@ -3,7 +3,7 @@ import {Request, Response} from 'express';
 import {
   BaseController,
   DocumentExistsMiddleware,
-  HttpMethod,
+  HttpMethod, PrivateRouteMiddleware,
   ValidateDtoMiddleware,
   ValidateObjectIdMiddleware
 } from '../../libs/rest/index.js';
@@ -30,13 +30,21 @@ export class CommentController extends BaseController {
       path: '/:offerId',
       method: HttpMethod.Get,
       handler: this.index,
-      middlewares: [new ValidateObjectIdMiddleware('offerId'), new DocumentExistsMiddleware(this.offerService, 'Offer', 'offerId'),]
+      middlewares: [
+        new ValidateObjectIdMiddleware('offerId'),
+        new DocumentExistsMiddleware(this.offerService, 'Offer', 'offerId')
+      ]
     });
     this.addRoute({
       path: '/:offerId',
       method: HttpMethod.Post,
       handler: this.create,
-      middlewares: [new ValidateObjectIdMiddleware('offerId'), new ValidateDtoMiddleware(CreateOfferDto), new DocumentExistsMiddleware(this.offerService, 'Offer', 'offerId')]
+      middlewares: [
+        new ValidateObjectIdMiddleware('offerId'),
+        new ValidateDtoMiddleware(CreateOfferDto),
+        new DocumentExistsMiddleware(this.offerService, 'Offer', 'offerId'),
+        new PrivateRouteMiddleware(),
+      ]
     });
   }
 
@@ -47,10 +55,10 @@ export class CommentController extends BaseController {
   }
 
   public async create(
-    {body}: Request<Record<string, unknown>, Record<string, unknown>, CreateCommentDto>,
+    {body, tokenPayload}: Request<Record<string, unknown>, Record<string, unknown>, CreateCommentDto>,
     res: Response
   ): Promise<void> {
-    const comment = await this.commentService.create(body);
+    const comment = await this.commentService.create({...body, authorId: tokenPayload.id});
     this.created(res, fillDTO(CommentRdo, comment));
   }
 }

src/shared/modules/comment/dto/create-comment.dto.ts

@@ -13,7 +13,6 @@ export class CreateCommentDto {
   @Max(5, {message: CreateCommentValidationMessages.rating.maxValue})
   public rating: number;
 
-  @IsMongoId({message: CreateCommentValidationMessages.offerId.invalidId})
   public authorId: string;
 
   @IsMongoId({message: CreateCommentValidationMessages.offerId.invalidId})