From caac5eefa881fb0355155ce5ff1c5505df725862 Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Mon, 1 Aug 2022 14:12:55 +0800
Subject: [PATCH 1/8] feat(serve): add auth middleware and authenticator

- support "BaseAuthenticator" for user extending to customize authenticator.
- add built-in "HttpBasicAuthenticator" for authenticate http basic token.
- refactor type "KoaRouterConext" and "KoaNext".
- create "AuthMiddleware" to handle authenticator through implemented authenticators.
---
 .../serve/src/containers/modules/extension.ts |  5 +-
 packages/serve/src/containers/types.ts        |  3 +
 .../src/lib/auth/httpBasicAuthenticator.ts    | 90 +++++++++++++++++++
 packages/serve/src/lib/auth/index.ts          |  5 ++
 .../src/lib/middleware/auditLogMiddleware.ts  |  5 +-
 .../src/lib/middleware/authMiddleware.ts      | 66 ++++++++++++++
 .../src/lib/middleware/corsMiddleware.ts      |  5 +-
 packages/serve/src/lib/middleware/index.ts    |  3 +
 .../src/lib/middleware/rateLimitMiddleware.ts |  5 +-
 .../src/lib/middleware/requestIdMiddleware.ts |  5 +-
 .../lib/middleware/response-format/helpers.ts |  6 +-
 .../middleware/response-format/middleware.ts  |  5 +-
 .../strategy/cursorBasedStrategy.ts           |  4 +-
 .../strategy/keysetBasedStrategy.ts           |  4 +-
 .../strategy/offsetBasedStrategy.ts           |  4 +-
 .../src/lib/pagination/strategy/strategy.ts   |  4 +-
 .../lib/response-formatter/csvFormatter.ts    |  4 +-
 .../lib/response-formatter/jsonFormatter.ts   |  4 +-
 .../lib/route/route-component/baseRoute.ts    | 16 ++--
 .../lib/route/route-component/graphQLRoute.ts | 10 ++-
 .../route-component/paginationTransformer.ts  |  6 +-
 .../route-component/requestTransformer.ts     | 17 ++--
 .../lib/route/route-component/restfulRoute.ts | 11 +--
 packages/serve/src/models/appConfig.ts        |  3 -
 packages/serve/src/models/context.ts          |  7 ++
 .../src/models/extensions/authenticator.ts    | 34 +++++++
 packages/serve/src/models/extensions/index.ts |  1 +
 .../models/extensions/responseFormatter.ts    | 13 ++-
 .../src/models/extensions/routeMiddleware.ts  |  7 +-
 packages/serve/src/models/index.ts            |  5 +-
 .../{serveConfig.ts => serveOptions.ts}       |  4 +-
 packages/serve/src/models/userAuthOptions.ts  | 12 +++
 packages/serve/test/app.spec.ts               | 16 ++--
 .../auditLogMiddleware.spec.ts                | 10 +--
 .../requestIdMiddleware.spec.ts               | 18 ++--
 .../formatResponseMiddleware.spec.ts          | 15 ++--
 .../response-format/helpers.spec.ts           | 15 ++--
 .../testModeMiddleware.ts                     |  4 +-
 .../serve/test/response-formatter/csv.spec.ts |  6 +-
 .../test/response-formatter/json.spec.ts      |  6 +-
 .../paginationTransformer.spec.ts             | 12 +--
 .../requestTransformer.spec.ts                | 14 +--
 tsconfig.base.json                            |  4 +-
 43 files changed, 350 insertions(+), 143 deletions(-)
 create mode 100644 packages/serve/src/lib/auth/httpBasicAuthenticator.ts
 create mode 100644 packages/serve/src/lib/auth/index.ts
 create mode 100644 packages/serve/src/lib/middleware/authMiddleware.ts
 delete mode 100644 packages/serve/src/models/appConfig.ts
 create mode 100644 packages/serve/src/models/context.ts
 create mode 100644 packages/serve/src/models/extensions/authenticator.ts
 rename packages/serve/src/models/{serveConfig.ts => serveOptions.ts} (66%)
 create mode 100644 packages/serve/src/models/userAuthOptions.ts

diff --git a/packages/serve/src/containers/modules/extension.ts b/packages/serve/src/containers/modules/extension.ts
index db5eaa64..6156336a 100644
--- a/packages/serve/src/containers/modules/extension.ts
+++ b/packages/serve/src/containers/modules/extension.ts
@@ -1,8 +1,9 @@
 import { ExtensionLoader } from '@vulcan-sql/core';
 import { AsyncContainerModule } from 'inversify';
-import { ServeConfig } from '../../models/serveConfig';
+import { ServeConfig } from '../../models/serveOptions';
 import { BuiltInRouteMiddlewares } from '@vulcan-sql/serve/middleware';
 import { BuiltInFormatters } from '@vulcan-sql/serve/response-formatter';
+import { BuiltInAuthenticators } from '../../lib/auth';
 
 export const extensionModule = (options: ServeConfig) =>
   new AsyncContainerModule(async (bind) => {
@@ -13,6 +14,8 @@ export const extensionModule = (options: ServeConfig) =>
     loader.loadInternalExtensionModule(BuiltInRouteMiddlewares);
     // formatter (single module)
     loader.loadInternalExtensionModule(BuiltInFormatters);
+    // authenticator (single module)
+    loader.loadInternalExtensionModule(BuiltInAuthenticators);
 
     loader.bindExtensions(bind);
   });
diff --git a/packages/serve/src/containers/types.ts b/packages/serve/src/containers/types.ts
index 1cfddfe3..cb9a6916 100644
--- a/packages/serve/src/containers/types.ts
+++ b/packages/serve/src/containers/types.ts
@@ -5,10 +5,13 @@ export const TYPES = {
   PaginationTransformer: Symbol.for('PaginationTransformer'),
   Route: Symbol.for('Route'),
   RouteGenerator: Symbol.for('RouteGenerator'),
+  // Authenticator
+  UserAuthOptions: Symbol.for('UserAuthOptions'),
   // Application
   AppConfig: Symbol.for('AppConfig'),
   VulcanApplication: Symbol.for('VulcanApplication'),
   // Extensions
   Extension_RouteMiddleware: Symbol.for('Extension_RouteMiddleware'),
+  Extension_Authenticator: Symbol.for('Extension_Authenticator'),
   Extension_Formatter: Symbol.for('Extension_Formatter'),
 };
diff --git a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
new file mode 100644
index 00000000..55648694
--- /dev/null
+++ b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
@@ -0,0 +1,90 @@
+import * as fs from 'fs';
+import { isEmpty } from 'lodash';
+import {
+  BaseAuthenticator,
+  KoaContext,
+  AuthResult,
+  UserAuthOptions,
+} from '@vulcan-sql/serve/models';
+import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
+
+@VulcanInternalExtension()
+@VulcanExtensionId('basic')
+export class HttpBasicAuthenticator extends BaseAuthenticator {
+  public async authenticate(
+    usersOptions: Array<UserAuthOptions>,
+    context: KoaContext
+  ) {
+    const auth = context.request.headers['authorization']?.toLowerCase();
+    // if not exist basic method config, return failed.
+    if (isEmpty(usersOptions)) return { authenticated: false };
+    if (!(auth && auth.startsWith(this.getExtensionId()!)))
+      return { authenticated: false };
+
+    // validate auth token
+    const token = auth.trim().split(' ')[1];
+
+    for (const userOptions of usersOptions) {
+      if (userOptions.auth['token']) {
+        const result = await this.verifyToken(token, userOptions);
+        if (result.authenticated) return result;
+      }
+      if (userOptions.auth['file']) {
+        const result = await this.verifyTokenInFile(token, userOptions);
+        if (result.authenticated) return result;
+      }
+    }
+    // if not found matched token, return failed
+    return { authenticated: false };
+  }
+
+  private async verifyToken(srcToken: string, userOptions: UserAuthOptions) {
+    let ansToken = '';
+    const pattern = /^{{([\w]+|[ \w ]+)}}$/;
+    const matched = pattern.exec(userOptions.auth['token'] as string);
+    if (!matched) ansToken = ansToken || (userOptions.auth['token'] as string);
+    // matched[1] is env variable
+    if (matched) ansToken = ansToken || (process.env[matched[1]] as string);
+    if (srcToken === ansToken)
+      return {
+        authenticated: true,
+        user: {
+          name: userOptions.name,
+          method: this.getExtensionId()!, // method name
+          attr: userOptions.attr,
+        },
+      } as AuthResult;
+    return {
+      authenticated: false,
+    };
+  }
+
+  private async verifyTokenInFile(
+    srcToken: string,
+    userOptions: UserAuthOptions
+  ) {
+    let ansToken = '';
+    const filePath = userOptions.auth['filePath'] as string;
+    if (!fs.statSync(filePath).isFile()) return { authenticated: false };
+    const stream = fs.createReadStream(filePath);
+    // read each line
+    stream.on('data', (chunk) => {
+      const content = chunk.toString();
+      if (content.startsWith(`${userOptions.name}:`)) {
+        ansToken = content.split(':')[1];
+        return;
+      }
+    });
+
+    if (srcToken !== ansToken) return { authenticated: false };
+    // if matched return user data
+    return {
+      authenticated: true,
+      user: {
+        name: userOptions.name,
+        method: this.getExtensionId()!, // method name
+        attr: userOptions.attr,
+      },
+    } as AuthResult;
+  }
+}
diff --git a/packages/serve/src/lib/auth/index.ts b/packages/serve/src/lib/auth/index.ts
new file mode 100644
index 00000000..973b4ecc
--- /dev/null
+++ b/packages/serve/src/lib/auth/index.ts
@@ -0,0 +1,5 @@
+export * from './httpBasicAuthenticator';
+
+import { HttpBasicAuthenticator } from './httpBasicAuthenticator';
+
+export const BuiltInAuthenticators = [HttpBasicAuthenticator];
diff --git a/packages/serve/src/lib/middleware/auditLogMiddleware.ts b/packages/serve/src/lib/middleware/auditLogMiddleware.ts
index 72822129..931de4cf 100644
--- a/packages/serve/src/lib/middleware/auditLogMiddleware.ts
+++ b/packages/serve/src/lib/middleware/auditLogMiddleware.ts
@@ -3,8 +3,7 @@ import {
   LoggerOptions,
   VulcanInternalExtension,
 } from '@vulcan-sql/core';
-import { BuiltInMiddleware } from '@vulcan-sql/serve/models';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
+import { BuiltInMiddleware, KoaContext, Next } from '@vulcan-sql/serve/models';
 
 @VulcanInternalExtension('audit-log')
 export class AuditLoggingMiddleware extends BuiltInMiddleware<LoggerOptions> {
@@ -13,7 +12,7 @@ export class AuditLoggingMiddleware extends BuiltInMiddleware<LoggerOptions> {
     options: this.getOptions(),
   });
 
-  public async handle(context: KoaRouterContext, next: KoaNext) {
+  public async handle(context: KoaContext, next: Next) {
     if (!this.enabled) return next();
 
     const { path, request, params, response } = context;
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
new file mode 100644
index 00000000..d68a0ddd
--- /dev/null
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -0,0 +1,66 @@
+import { isEmpty } from 'lodash';
+import { inject, multiInject } from 'inversify';
+import { TYPES as CORE_TYPES, VulcanInternalExtension } from '@vulcan-sql/core';
+import {
+  Next,
+  KoaContext,
+  BuiltInMiddleware,
+  BaseAuthenticator,
+  UserAuthOptions,
+} from '@vulcan-sql/serve/models';
+import { TYPES } from '@vulcan-sql/serve/containers';
+
+export interface AuthOptions {
+  ['user-auth']?: Array<UserAuthOptions>;
+}
+
+export type AuthenticatorMap = {
+  [name: string]: BaseAuthenticator;
+};
+
+/** The middleware used to check request auth information.
+ *  It seek the 'auth' config to match data through built-in and customized authenticator by BaseAuthenticator
+ * */
+@VulcanInternalExtension('auth')
+export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
+  private authenticators: AuthenticatorMap;
+  constructor(
+    @inject(CORE_TYPES.ExtensionConfig) config: any,
+    @inject(CORE_TYPES.ExtensionName) name: string,
+    @multiInject(TYPES.Extension_Authenticator)
+    authenticators: BaseAuthenticator[]
+  ) {
+    super(config, name);
+
+    this.authenticators = authenticators.reduce<AuthenticatorMap>(
+      (prev, authenticator) => {
+        prev[authenticator.getExtensionId()!] = authenticator;
+        return prev;
+      },
+      {}
+    );
+  }
+
+  public async handle(context: KoaContext, next: Next) {
+    // return to skip the middleware, if disabled
+    if (!this.enabled) return next();
+
+    const options = (this.getOptions() as AuthOptions) || {};
+    if (isEmpty(options['user-auth'])) return next();
+
+    // authenticate each user by selected auth method in config
+    for (const name of Object.keys(this.authenticators)) {
+      const result = await this.authenticators[name].authenticate(
+        options['user-auth'] || [],
+        context
+      );
+      if (!result.authenticated) continue;
+
+      // set auth user information to context
+      context.state.user = result.user!;
+      await next();
+      return;
+    }
+    throw new Error('authentication failed.');
+  }
+}
diff --git a/packages/serve/src/lib/middleware/corsMiddleware.ts b/packages/serve/src/lib/middleware/corsMiddleware.ts
index d0dc608a..a8b6e095 100644
--- a/packages/serve/src/lib/middleware/corsMiddleware.ts
+++ b/packages/serve/src/lib/middleware/corsMiddleware.ts
@@ -1,6 +1,5 @@
 import * as cors from '@koa/cors';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
-import { BuiltInMiddleware } from '@vulcan-sql/serve/models';
+import { BuiltInMiddleware, KoaContext, Next } from '@vulcan-sql/serve/models';
 import { VulcanInternalExtension } from '@vulcan-sql/core';
 
 export type CorsOptions = cors.Options;
@@ -9,7 +8,7 @@ export type CorsOptions = cors.Options;
 export class CorsMiddleware extends BuiltInMiddleware<CorsOptions> {
   private koaCors = cors(this.getOptions());
 
-  public async handle(context: KoaRouterContext, next: KoaNext) {
+  public async handle(context: KoaContext, next: Next) {
     if (!this.enabled) return next();
     return this.koaCors(context, next);
   }
diff --git a/packages/serve/src/lib/middleware/index.ts b/packages/serve/src/lib/middleware/index.ts
index bab3afa3..b12ac1a3 100644
--- a/packages/serve/src/lib/middleware/index.ts
+++ b/packages/serve/src/lib/middleware/index.ts
@@ -2,9 +2,11 @@ export * from './corsMiddleware';
 export * from './requestIdMiddleware';
 export * from './auditLogMiddleware';
 export * from './rateLimitMiddleware';
+export * from './authMiddleware';
 export * from './response-format';
 
 import { CorsMiddleware } from './corsMiddleware';
+import { AuthMiddleware } from './authMiddleware';
 import { RateLimitMiddleware } from './rateLimitMiddleware';
 import { RequestIdMiddleware } from './requestIdMiddleware';
 import { AuditLoggingMiddleware } from './auditLogMiddleware';
@@ -15,6 +17,7 @@ import { ClassType, ExtensionBase } from '@vulcan-sql/core';
 export const BuiltInRouteMiddlewares: ClassType<ExtensionBase>[] = [
   CorsMiddleware,
   RateLimitMiddleware,
+  AuthMiddleware,
   RequestIdMiddleware,
   AuditLoggingMiddleware,
   ResponseFormatMiddleware,
diff --git a/packages/serve/src/lib/middleware/rateLimitMiddleware.ts b/packages/serve/src/lib/middleware/rateLimitMiddleware.ts
index 9e34f616..fd52381d 100644
--- a/packages/serve/src/lib/middleware/rateLimitMiddleware.ts
+++ b/packages/serve/src/lib/middleware/rateLimitMiddleware.ts
@@ -1,6 +1,5 @@
 import { RateLimit, RateLimitOptions } from 'koa2-ratelimit';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
-import { BuiltInMiddleware } from '@vulcan-sql/serve/models';
+import { BuiltInMiddleware, KoaContext, Next } from '@vulcan-sql/serve/models';
 import { VulcanInternalExtension } from '@vulcan-sql/core';
 
 export { RateLimitOptions };
@@ -9,7 +8,7 @@ export { RateLimitOptions };
 export class RateLimitMiddleware extends BuiltInMiddleware<RateLimitOptions> {
   private koaRateLimit = RateLimit.middleware(this.getOptions());
 
-  public async handle(context: KoaRouterContext, next: KoaNext) {
+  public async handle(context: KoaContext, next: Next) {
     if (!this.enabled) return next();
     return this.koaRateLimit(context, next);
   }
diff --git a/packages/serve/src/lib/middleware/requestIdMiddleware.ts b/packages/serve/src/lib/middleware/requestIdMiddleware.ts
index b9dcba31..2e04304f 100644
--- a/packages/serve/src/lib/middleware/requestIdMiddleware.ts
+++ b/packages/serve/src/lib/middleware/requestIdMiddleware.ts
@@ -4,8 +4,7 @@ import {
   asyncReqIdStorage,
   VulcanInternalExtension,
 } from '@vulcan-sql/core';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
-import { BuiltInMiddleware } from '@vulcan-sql/serve/models';
+import { BuiltInMiddleware, KoaContext, Next } from '@vulcan-sql/serve/models';
 import { TYPES as CORE_TYPES } from '@vulcan-sql/core';
 import { inject } from 'inversify';
 
@@ -32,7 +31,7 @@ export class RequestIdMiddleware extends BuiltInMiddleware<RequestIdOptions> {
     if (!this.options['name']) this.options['name'] = 'X-Request-ID';
     if (!this.options['fieldIn']) this.options['fieldIn'] = FieldInType.HEADER;
   }
-  public async handle(context: KoaRouterContext, next: KoaNext) {
+  public async handle(context: KoaContext, next: Next) {
     if (!this.enabled) return next();
 
     const { request } = context;
diff --git a/packages/serve/src/lib/middleware/response-format/helpers.ts b/packages/serve/src/lib/middleware/response-format/helpers.ts
index 39009b6d..2f6011b6 100644
--- a/packages/serve/src/lib/middleware/response-format/helpers.ts
+++ b/packages/serve/src/lib/middleware/response-format/helpers.ts
@@ -1,4 +1,4 @@
-import { KoaRouterContext } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { BaseResponseFormatter } from '@vulcan-sql/serve/models';
 
 export type ResponseFormatterMap = {
@@ -12,7 +12,7 @@ export type ResponseFormatterMap = {
  * @returns boolean, is received
  */
 export const isReceivedFormatRequest = (
-  context: KoaRouterContext,
+  context: KoaContext,
   format: string
 ) => {
   if (context.request.path.endsWith(`.${format}`)) return true;
@@ -32,7 +32,7 @@ export const checkUsableFormat = ({
   supportedFormats,
   defaultFormat,
 }: {
-  context: KoaRouterContext;
+  context: KoaContext;
   formatters: ResponseFormatterMap;
   supportedFormats: string[];
   defaultFormat: string;
diff --git a/packages/serve/src/lib/middleware/response-format/middleware.ts b/packages/serve/src/lib/middleware/response-format/middleware.ts
index f0f8fac0..6df0ac4a 100644
--- a/packages/serve/src/lib/middleware/response-format/middleware.ts
+++ b/packages/serve/src/lib/middleware/response-format/middleware.ts
@@ -1,8 +1,8 @@
+import { KoaContext, Next } from '@vulcan-sql/serve/models';
 import {
   BaseResponseFormatter,
   BuiltInMiddleware,
 } from '@vulcan-sql/serve/models';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
 import { checkUsableFormat, ResponseFormatterMap } from './helpers';
 import { VulcanInternalExtension } from '@vulcan-sql/core';
 import { TYPES as CORE_TYPES } from '@vulcan-sql/core';
@@ -40,8 +40,7 @@ export class ResponseFormatMiddleware extends BuiltInMiddleware<ResponseFormatOp
     this.supportedFormats = formats.map((format) => format.toLowerCase());
     this.defaultFormat = !options.default ? 'json' : options.default;
   }
-
-  public async handle(context: KoaRouterContext, next: KoaNext) {
+  public async handle(context: KoaContext, next: Next) {
     // return to skip the middleware, if disabled
     if (!this.enabled) return next();
 
diff --git a/packages/serve/src/lib/pagination/strategy/cursorBasedStrategy.ts b/packages/serve/src/lib/pagination/strategy/cursorBasedStrategy.ts
index 4c9a267e..90fe72a5 100644
--- a/packages/serve/src/lib/pagination/strategy/cursorBasedStrategy.ts
+++ b/packages/serve/src/lib/pagination/strategy/cursorBasedStrategy.ts
@@ -1,4 +1,4 @@
-import { RouterContext as KoaRouterContext } from 'koa-router';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import {
   normalizeStringValue,
   PaginationMode,
@@ -7,7 +7,7 @@ import {
 import { PaginationStrategy } from './strategy';
 
 export class CursorBasedStrategy extends PaginationStrategy<CursorPagination> {
-  public async transform(ctx: KoaRouterContext) {
+  public async transform(ctx: KoaContext) {
     const checkFelidInQueryString = ['limit', 'cursor'].every((field) =>
       Object.keys(ctx.request.query).includes(field)
     );
diff --git a/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts b/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts
index a39defca..1454208c 100644
--- a/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts
+++ b/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts
@@ -4,7 +4,7 @@ import {
   PaginationSchema,
   KeysetPagination,
 } from '@vulcan-sql/core';
-import { KoaRouterContext } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { PaginationStrategy } from './strategy';
 
 export class KeysetBasedStrategy extends PaginationStrategy<KeysetPagination> {
@@ -13,7 +13,7 @@ export class KeysetBasedStrategy extends PaginationStrategy<KeysetPagination> {
     super();
     this.pagination = pagination;
   }
-  public async transform(ctx: KoaRouterContext) {
+  public async transform(ctx: KoaContext) {
     if (!this.pagination.keyName)
       throw new Error(
         `The keyset pagination need to set "keyName" in schema for indicate what key need to do filter.`
diff --git a/packages/serve/src/lib/pagination/strategy/offsetBasedStrategy.ts b/packages/serve/src/lib/pagination/strategy/offsetBasedStrategy.ts
index 997f8a3e..00d28486 100644
--- a/packages/serve/src/lib/pagination/strategy/offsetBasedStrategy.ts
+++ b/packages/serve/src/lib/pagination/strategy/offsetBasedStrategy.ts
@@ -1,4 +1,4 @@
-import { RouterContext as KoaRouterContext } from 'koa-router';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import {
   normalizeStringValue,
   PaginationMode,
@@ -7,7 +7,7 @@ import {
 import { PaginationStrategy } from './strategy';
 
 export class OffsetBasedStrategy extends PaginationStrategy<OffsetPagination> {
-  public async transform(ctx: KoaRouterContext) {
+  public async transform(ctx: KoaContext) {
     const checkFelidInQueryString = ['limit', 'offset'].every((field) =>
       Object.keys(ctx.request.query).includes(field)
     );
diff --git a/packages/serve/src/lib/pagination/strategy/strategy.ts b/packages/serve/src/lib/pagination/strategy/strategy.ts
index 0aa372b3..ff177553 100644
--- a/packages/serve/src/lib/pagination/strategy/strategy.ts
+++ b/packages/serve/src/lib/pagination/strategy/strategy.ts
@@ -1,5 +1,5 @@
-import { KoaRouterContext } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 
 export abstract class PaginationStrategy<T> {
-  public abstract transform(ctx: KoaRouterContext): Promise<T>;
+  public abstract transform(ctx: KoaContext): Promise<T>;
 }
diff --git a/packages/serve/src/lib/response-formatter/csvFormatter.ts b/packages/serve/src/lib/response-formatter/csvFormatter.ts
index a0870c75..0b6454ef 100644
--- a/packages/serve/src/lib/response-formatter/csvFormatter.ts
+++ b/packages/serve/src/lib/response-formatter/csvFormatter.ts
@@ -6,7 +6,7 @@ import {
   VulcanInternalExtension,
 } from '@vulcan-sql/core';
 import { isArray, isObject, isUndefined } from 'lodash';
-import { KoaRouterContext } from '../route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import {
   BaseResponseFormatter,
   toBuffer,
@@ -109,7 +109,7 @@ export class CsvFormatter extends BaseResponseFormatter {
 
   public toResponse(
     stream: Stream.Readable | Stream.Transform,
-    ctx: KoaRouterContext
+    ctx: KoaContext
   ) {
     // get file name by url path. e.g: url = '/urls/orders', result = orders
     const size = ctx.url.split('/').length;
diff --git a/packages/serve/src/lib/response-formatter/jsonFormatter.ts b/packages/serve/src/lib/response-formatter/jsonFormatter.ts
index 3f0209ea..e1ec09e2 100644
--- a/packages/serve/src/lib/response-formatter/jsonFormatter.ts
+++ b/packages/serve/src/lib/response-formatter/jsonFormatter.ts
@@ -9,7 +9,7 @@ import {
   toBuffer,
 } from '../../models/extensions/responseFormatter';
 import { isUndefined } from 'lodash';
-import { KoaRouterContext } from '../route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 
 const logger = getLogger({ scopeName: 'SERVE' });
 
@@ -76,7 +76,7 @@ export class JsonFormatter extends BaseResponseFormatter {
 
   public toResponse(
     stream: Stream.Readable | Stream.Transform,
-    ctx: KoaRouterContext
+    ctx: KoaContext
   ) {
     // set json stream to response in context ( data is json stream, no need to convert. )
     ctx.response.body = stream;
diff --git a/packages/serve/src/lib/route/route-component/baseRoute.ts b/packages/serve/src/lib/route/route-component/baseRoute.ts
index 88b35752..0e08932a 100644
--- a/packages/serve/src/lib/route/route-component/baseRoute.ts
+++ b/packages/serve/src/lib/route/route-component/baseRoute.ts
@@ -1,5 +1,4 @@
-import { Next as KoaNext } from 'koa';
-import { RouterContext as KoaRouterContext } from 'koa-router';
+import { AuthUserInfo, KoaContext } from '@vulcan-sql/serve/models';
 import {
   APISchema,
   TemplateEngine,
@@ -10,8 +9,6 @@ import { IRequestValidator } from './requestValidator';
 import { IRequestTransformer, RequestParameters } from './requestTransformer';
 import { IPaginationTransformer } from './paginationTransformer';
 
-export { KoaRouterContext, KoaNext };
-
 export interface TransformedRequest {
   reqParams: RequestParameters;
   pagination?: Pagination;
@@ -27,7 +24,7 @@ export interface RouteOptions {
 }
 
 export interface IRoute {
-  respond(ctx: KoaRouterContext): Promise<any>;
+  respond(ctx: KoaContext): Promise<any>;
 }
 
 export abstract class BaseRoute implements IRoute {
@@ -53,13 +50,11 @@ export abstract class BaseRoute implements IRoute {
     this.templateEngine = templateEngine;
   }
 
-  public abstract respond(ctx: KoaRouterContext): Promise<any>;
+  public abstract respond(ctx: KoaContext): Promise<any>;
 
-  protected abstract prepare(
-    ctx: KoaRouterContext
-  ): Promise<TransformedRequest>;
+  protected abstract prepare(ctx: KoaContext): Promise<TransformedRequest>;
 
-  protected async handle(transformed: TransformedRequest) {
+  protected async handle(user: AuthUserInfo, transformed: TransformedRequest) {
     const { reqParams } = transformed;
     // could template name or template path, use for template engine
     const { templateSource } = this.apiSchema;
@@ -67,6 +62,7 @@ export abstract class BaseRoute implements IRoute {
     const prepared = await this.dataSource.prepare(reqParams);
 
     const result = await this.templateEngine.execute(templateSource, {
+      ['user']: user,
       ['_prepared']: prepared,
     });
     return result;
diff --git a/packages/serve/src/lib/route/route-component/graphQLRoute.ts b/packages/serve/src/lib/route/route-component/graphQLRoute.ts
index bf5698e8..5f65a1bb 100644
--- a/packages/serve/src/lib/route/route-component/graphQLRoute.ts
+++ b/packages/serve/src/lib/route/route-component/graphQLRoute.ts
@@ -1,4 +1,5 @@
-import { BaseRoute, KoaRouterContext, RouteOptions } from './baseRoute';
+import { BaseRoute, RouteOptions } from './baseRoute';
+import { KoaContext } from '@vulcan-sql/serve/models';
 
 export class GraphQLRoute extends BaseRoute {
   public readonly operationName: string;
@@ -13,15 +14,16 @@ export class GraphQLRoute extends BaseRoute {
     // TODO: generate graphql type by api schema
   }
 
-  public async respond(ctx: KoaRouterContext) {
+  public async respond(ctx: KoaContext) {
     const transformed = await this.prepare(ctx);
-    await this.handle(transformed);
+    const authUser = ctx.state.user;
+    await this.handle(authUser, transformed);
     // TODO: get template engine handled result and return response by checking API schema
     return transformed;
   }
 
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  protected async prepare(_ctx: KoaRouterContext) {
+  protected async prepare(_ctx: KoaContext) {
     /**
      * TODO: the graphql need to transform from body.
      * Therefore, current request and pagination transformer not suitable (need to provide another graphql transform method or class)
diff --git a/packages/serve/src/lib/route/route-component/paginationTransformer.ts b/packages/serve/src/lib/route/route-component/paginationTransformer.ts
index 775fa3f2..d2d506de 100644
--- a/packages/serve/src/lib/route/route-component/paginationTransformer.ts
+++ b/packages/serve/src/lib/route/route-component/paginationTransformer.ts
@@ -1,4 +1,4 @@
-import { KoaRouterContext } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { APISchema, PaginationMode, Pagination } from '@vulcan-sql/core';
 import {
   CursorBasedStrategy,
@@ -9,14 +9,14 @@ import { injectable } from 'inversify';
 
 export interface IPaginationTransformer {
   transform(
-    ctx: KoaRouterContext,
+    ctx: KoaContext,
     apiSchema: APISchema
   ): Promise<Pagination | undefined>;
 }
 
 @injectable()
 export class PaginationTransformer {
-  public async transform(ctx: KoaRouterContext, apiSchema: APISchema) {
+  public async transform(ctx: KoaContext, apiSchema: APISchema) {
     const { pagination } = apiSchema;
 
     if (pagination) {
diff --git a/packages/serve/src/lib/route/route-component/requestTransformer.ts b/packages/serve/src/lib/route/route-component/requestTransformer.ts
index 0c204780..b66ccdbe 100644
--- a/packages/serve/src/lib/route/route-component/requestTransformer.ts
+++ b/packages/serve/src/lib/route/route-component/requestTransformer.ts
@@ -7,29 +7,26 @@ import {
 } from '@vulcan-sql/core';
 import { injectable } from 'inversify';
 import { assign } from 'lodash';
-import { KoaRouterContext } from './baseRoute';
+import { KoaContext } from '@vulcan-sql/serve/models';
 
 export interface RequestParameters {
   [name: string]: any;
 }
 
 export interface IRequestTransformer {
-  transform(
-    ctx: KoaRouterContext,
-    apiSchema: APISchema
-  ): Promise<RequestParameters>;
+  transform(ctx: KoaContext, apiSchema: APISchema): Promise<RequestParameters>;
 }
 
 @injectable()
 export class RequestTransformer implements IRequestTransformer {
   public static readonly fieldInMapper: {
-    [type in FieldInType]: (ctx: KoaRouterContext, fieldName: string) => string;
+    [type in FieldInType]: (ctx: KoaContext, fieldName: string) => string;
   } = {
-    [FieldInType.HEADER]: (ctx: KoaRouterContext, fieldName: string) =>
+    [FieldInType.HEADER]: (ctx: KoaContext, fieldName: string) =>
       ctx.request.header[fieldName] as string,
-    [FieldInType.QUERY]: (ctx: KoaRouterContext, fieldName: string) =>
+    [FieldInType.QUERY]: (ctx: KoaContext, fieldName: string) =>
       ctx.request.query[fieldName] as string,
-    [FieldInType.PATH]: (ctx: KoaRouterContext, fieldName: string) =>
+    [FieldInType.PATH]: (ctx: KoaContext, fieldName: string) =>
       ctx.params[fieldName] as string,
   };
 
@@ -45,7 +42,7 @@ export class RequestTransformer implements IRequestTransformer {
   };
 
   public async transform(
-    ctx: KoaRouterContext,
+    ctx: KoaContext,
     apiSchema: APISchema
   ): Promise<RequestParameters> {
     const paramList = await Promise.all(
diff --git a/packages/serve/src/lib/route/route-component/restfulRoute.ts b/packages/serve/src/lib/route/route-component/restfulRoute.ts
index 0156fe5e..ea94b7c8 100644
--- a/packages/serve/src/lib/route/route-component/restfulRoute.ts
+++ b/packages/serve/src/lib/route/route-component/restfulRoute.ts
@@ -1,5 +1,5 @@
-import { BaseRoute, KoaRouterContext, RouteOptions } from './baseRoute';
-
+import { BaseRoute, RouteOptions } from './baseRoute';
+import { KoaContext } from '@vulcan-sql/serve/models';
 export class RestfulRoute extends BaseRoute {
   public readonly urlPath: string;
 
@@ -9,16 +9,17 @@ export class RestfulRoute extends BaseRoute {
     this.urlPath = apiSchema.urlPath;
   }
 
-  public async respond(ctx: KoaRouterContext) {
+  public async respond(ctx: KoaContext) {
     const transformed = await this.prepare(ctx);
-    const result = await this.handle(transformed);
+    const authUser = ctx.state.user;
+    const result = await this.handle(authUser, transformed);
     ctx.response.body = {
       data: result.getData(),
       columns: result.getColumns(),
     };
   }
 
-  protected async prepare(ctx: KoaRouterContext) {
+  protected async prepare(ctx: KoaContext) {
     // get request data from context
     const reqParams = await this.reqTransformer.transform(ctx, this.apiSchema);
     // validate request format
diff --git a/packages/serve/src/models/appConfig.ts b/packages/serve/src/models/appConfig.ts
deleted file mode 100644
index 38a47864..00000000
--- a/packages/serve/src/models/appConfig.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-import { ServeConfig } from './serveConfig';
-
-export type AppConfig = Omit<ServeConfig, 'artifact' | 'template' | 'types'>;
diff --git a/packages/serve/src/models/context.ts b/packages/serve/src/models/context.ts
new file mode 100644
index 00000000..6793fc6f
--- /dev/null
+++ b/packages/serve/src/models/context.ts
@@ -0,0 +1,7 @@
+import { Next } from 'koa';
+import { RouterContext } from 'koa-router';
+import { AuthUserInfo } from './extensions/authenticator';
+
+type KoaContext = RouterContext<{ user: AuthUserInfo }>;
+
+export { KoaContext, Next };
diff --git a/packages/serve/src/models/extensions/authenticator.ts b/packages/serve/src/models/extensions/authenticator.ts
new file mode 100644
index 00000000..e410ff79
--- /dev/null
+++ b/packages/serve/src/models/extensions/authenticator.ts
@@ -0,0 +1,34 @@
+import { VulcanExtension, ExtensionBase } from '@vulcan-sql/core';
+import { KoaContext, UserAuthOptions } from '@vulcan-sql/serve/models';
+import { TYPES } from '../../containers/types';
+
+export interface AuthUserInfo {
+  name: string;
+  method: string;
+  attr: {
+    [field: string]: string | boolean | number;
+  };
+}
+
+export interface AuthResult {
+  authenticated: boolean;
+  user?: AuthUserInfo;
+}
+
+export interface IAuthenticator {
+  authenticate(
+    usersOptions: Array<UserAuthOptions>,
+    context: KoaContext
+  ): Promise<AuthResult>;
+}
+
+@VulcanExtension(TYPES.Extension_Authenticator)
+export abstract class BaseAuthenticator
+  extends ExtensionBase
+  implements IAuthenticator
+{
+  public abstract authenticate(
+    usersOptions: Array<UserAuthOptions>,
+    context: KoaContext
+  ): Promise<AuthResult>;
+}
diff --git a/packages/serve/src/models/extensions/index.ts b/packages/serve/src/models/extensions/index.ts
index 00c2d76a..1ebacdf1 100644
--- a/packages/serve/src/models/extensions/index.ts
+++ b/packages/serve/src/models/extensions/index.ts
@@ -1,2 +1,3 @@
 export * from './routeMiddleware';
 export * from './responseFormatter';
+export * from './authenticator';
diff --git a/packages/serve/src/models/extensions/responseFormatter.ts b/packages/serve/src/models/extensions/responseFormatter.ts
index 7aa49143..72a0d672 100644
--- a/packages/serve/src/models/extensions/responseFormatter.ts
+++ b/packages/serve/src/models/extensions/responseFormatter.ts
@@ -2,7 +2,7 @@ import { DataColumn, ExtensionBase, VulcanExtension } from '@vulcan-sql/core';
 import { has } from 'lodash';
 import * as Stream from 'stream';
 import { TYPES } from '../../containers/types';
-import { KoaRouterContext } from '../../lib/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 
 export type BodyResponse = {
   data: Stream.Readable;
@@ -20,11 +20,8 @@ export interface IFormatter {
     columns?: DataColumn[]
   ): Stream.Readable | Stream.Transform;
 
-  toResponse(
-    stream: Stream.Readable | Stream.Transform,
-    ctx: KoaRouterContext
-  ): void;
-  formatToResponse(ctx: KoaRouterContext): void;
+  toResponse(stream: Stream.Readable | Stream.Transform, ctx: KoaContext): void;
+  formatToResponse(ctx: KoaContext): void;
 }
 
 @VulcanExtension(TYPES.Extension_Formatter)
@@ -32,7 +29,7 @@ export abstract class BaseResponseFormatter
   extends ExtensionBase
   implements IFormatter
 {
-  public formatToResponse(ctx: KoaRouterContext) {
+  public formatToResponse(ctx: KoaContext) {
     // return empty csv stream data or column is not exist
     if (!has(ctx.response.body, 'data') || !has(ctx.response.body, 'columns')) {
       const stream = new Stream.Readable();
@@ -65,6 +62,6 @@ export abstract class BaseResponseFormatter
    */
   public abstract toResponse(
     stream: Stream.Readable | Stream.Transform,
-    ctx: KoaRouterContext
+    ctx: KoaContext
   ): void;
 }
diff --git a/packages/serve/src/models/extensions/routeMiddleware.ts b/packages/serve/src/models/extensions/routeMiddleware.ts
index e7cfa03f..252c72fa 100644
--- a/packages/serve/src/models/extensions/routeMiddleware.ts
+++ b/packages/serve/src/models/extensions/routeMiddleware.ts
@@ -1,5 +1,5 @@
 import { ExtensionBase, VulcanExtension } from '@vulcan-sql/core';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
+import { KoaContext, Next } from '@vulcan-sql/serve/models';
 import { inject } from 'inversify';
 import { isUndefined } from 'lodash';
 import { TYPES } from '../../containers/types';
@@ -12,10 +12,7 @@ export interface BuiltInMiddlewareConfig<Option = any> {
 
 @VulcanExtension(TYPES.Extension_RouteMiddleware)
 export abstract class BaseRouteMiddleware<C = any> extends ExtensionBase<C> {
-  public abstract handle(
-    context: KoaRouterContext,
-    next: KoaNext
-  ): Promise<void>;
+  public abstract handle(context: KoaContext, next: Next): Promise<void>;
 }
 
 export abstract class BuiltInMiddleware<
diff --git a/packages/serve/src/models/index.ts b/packages/serve/src/models/index.ts
index b0bd9ef4..b8035240 100644
--- a/packages/serve/src/models/index.ts
+++ b/packages/serve/src/models/index.ts
@@ -1,3 +1,4 @@
-export * from './serveConfig';
-export * from './appConfig';
+export * from './serveOptions';
+export * from './userAuthOptions';
+export * from './context';
 export * from './extensions';
diff --git a/packages/serve/src/models/serveConfig.ts b/packages/serve/src/models/serveOptions.ts
similarity index 66%
rename from packages/serve/src/models/serveConfig.ts
rename to packages/serve/src/models/serveOptions.ts
index 9a69ce9e..648c09d3 100644
--- a/packages/serve/src/models/serveConfig.ts
+++ b/packages/serve/src/models/serveOptions.ts
@@ -4,5 +4,7 @@ import { APIProviderType } from '@vulcan-sql/serve/route';
 // The serve package config
 export interface ServeConfig extends ICoreOptions {
   /* The API types would like to build */
-  types: Array<APIProviderType>;
+  ['types']: Array<APIProviderType>;
 }
+
+export type AppConfig = Omit<ServeConfig, 'artifact' | 'template' | 'types'>;
diff --git a/packages/serve/src/models/userAuthOptions.ts b/packages/serve/src/models/userAuthOptions.ts
new file mode 100644
index 00000000..eaa6cafa
--- /dev/null
+++ b/packages/serve/src/models/userAuthOptions.ts
@@ -0,0 +1,12 @@
+export interface AuthInfoOptions {
+  /** auth method */
+  method: string;
+  /** other fields, e.g: access key, credential ... */
+  [field: string]: string | boolean | number;
+}
+
+export interface UserAuthOptions {
+  name: string;
+  auth: AuthInfoOptions;
+  attr: { [field: string]: string | boolean | number };
+}
diff --git a/packages/serve/test/app.spec.ts b/packages/serve/test/app.spec.ts
index f987ebe7..c5f1e635 100644
--- a/packages/serve/test/app.spec.ts
+++ b/packages/serve/test/app.spec.ts
@@ -5,7 +5,6 @@ import faker from '@faker-js/faker';
 import { Request } from 'koa';
 import * as KoaRouter from 'koa-router';
 import * as http from 'http';
-import { VulcanApplication } from '@vulcan-sql/serve/app';
 import {
   APISchema,
   FieldDataType,
@@ -21,12 +20,13 @@ import {
 import {
   RouteGenerator,
   APIProviderType,
-  KoaRouterContext,
   RequestParameters,
   RequestTransformer,
   RequestValidator,
   PaginationTransformer,
 } from '@vulcan-sql/serve/route';
+import { VulcanApplication } from '@vulcan-sql/serve/app';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { Container } from 'inversify';
 import { extensionModule } from '../src/containers/modules';
 import { TYPES } from '@vulcan-sql/serve';
@@ -212,16 +212,16 @@ describe('Test vulcan server for calling restful APIs', () => {
     },
   ];
 
-  const fakeKoaContexts: Array<KoaRouterContext> = [
+  const fakeKoaContexts: Array<KoaContext> = [
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       params: {
         id: faker.datatype.number().toString(),
         uuid: faker.datatype.uuid(),
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       params: {
         uuid: faker.datatype.uuid(),
       },
@@ -233,7 +233,7 @@ describe('Test vulcan server for calling restful APIs', () => {
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         header: {
@@ -245,7 +245,7 @@ describe('Test vulcan server for calling restful APIs', () => {
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -306,7 +306,7 @@ describe('Test vulcan server for calling restful APIs', () => {
     ['query parameters', fakeSchemas[3], fakeKoaContexts[3]],
   ])(
     'Should be correct when given validated koa context request from %p',
-    async (_: string, schema: APISchema, ctx: KoaRouterContext) => {
+    async (_: string, schema: APISchema, ctx: KoaContext) => {
       // Arrange, close response format middlewares to make expected work.
       const app = container.get<VulcanApplication>(TYPES.VulcanApplication);
       await app.useMiddleware();
diff --git a/packages/serve/test/middlewares/built-in-middlewares/auditLogMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/auditLogMiddleware.spec.ts
index d70bacb4..cfaff04b 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/auditLogMiddleware.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/auditLogMiddleware.spec.ts
@@ -3,7 +3,7 @@ import * as sinon from 'ts-sinon';
 import { Request, Response } from 'koa';
 import { IncomingHttpHeaders } from 'http';
 import { ParsedUrlQuery } from 'querystring';
-import { KoaRouterContext } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import * as core from '@vulcan-sql/core';
 import * as uuid from 'uuid';
 import {
@@ -17,8 +17,8 @@ describe('Test audit logging middlewares', () => {
   });
   it('Should log correct info when when option is default and pass correct koa context', async () => {
     // Arrange
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
       path: faker.internet.url(),
       params: {
         uuid: faker.datatype.uuid(),
@@ -64,8 +64,8 @@ describe('Test audit logging middlewares', () => {
 
   it('Should log correct info when when option "displayRequestId: true" and pass correct koa context', async () => {
     // Arrange
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
       path: faker.internet.url(),
       params: {
         uuid: faker.datatype.uuid(),
diff --git a/packages/serve/test/middlewares/built-in-middlewares/requestIdMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/requestIdMiddleware.spec.ts
index b2c97e2d..3cbcd3ca 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/requestIdMiddleware.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/requestIdMiddleware.spec.ts
@@ -4,7 +4,7 @@ import { Request } from 'koa';
 import { IncomingHttpHeaders } from 'http';
 import { ParsedUrlQuery } from 'querystring';
 import { asyncReqIdStorage, FieldInType } from '@vulcan-sql/core';
-import { KoaRouterContext } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import * as uuid from 'uuid';
 import { RequestIdMiddleware } from '@vulcan-sql/serve/middleware';
 
@@ -16,8 +16,8 @@ describe('Test request-id middlewares', () => {
   it('Should get same request-id when option is default and pass "x-request-id"', async () => {
     // Arrange
     const expected = faker.datatype.uuid();
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         header: {
@@ -41,8 +41,8 @@ describe('Test request-id middlewares', () => {
   it('Should get same request-id when setup option "Test-Request-ID" in query and pass "test-request-id"', async () => {
     // Arrange
     const expected = faker.datatype.uuid();
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -75,8 +75,8 @@ describe('Test request-id middlewares', () => {
     // Arrange
     // the uuid.v4() result is the mock result in __mocks__/uuid.ts
     const expected = uuid.v4();
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -105,8 +105,8 @@ describe('Test request-id middlewares', () => {
     // Arrange
     // the uuid.v4() result is the mock result in __mocks__/uuid.ts
     const expected = uuid.v4();
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         header: {
diff --git a/packages/serve/test/middlewares/built-in-middlewares/response-format/formatResponseMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/response-format/formatResponseMiddleware.spec.ts
index e2af7eee..88a38dca 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/response-format/formatResponseMiddleware.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/response-format/formatResponseMiddleware.spec.ts
@@ -1,7 +1,6 @@
 import * as sinon from 'ts-sinon';
-import { KoaRouterContext } from '@vulcan-sql/serve';
 import { ResponseFormatMiddleware } from '@vulcan-sql/serve/middleware';
-
+import { KoaContext } from '@vulcan-sql/serve/models';
 describe('Test format response middleware', () => {
   afterEach(() => {
     sinon.default.restore();
@@ -9,8 +8,8 @@ describe('Test format response middleware', () => {
 
   it('Test to get default json format and empty supported format when not set any config for response formatter', async () => {
     // Arrange
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
     };
     // Act
     const middleware = new ResponseFormatMiddleware(
@@ -29,8 +28,8 @@ describe('Test format response middleware', () => {
 
   it('Test to get default "csv" format and empty supported format when set "default" is "csv', async () => {
     // Arrange
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
     };
     // Act
     const middleware = new ResponseFormatMiddleware(
@@ -52,8 +51,8 @@ describe('Test format response middleware', () => {
 
   it('Test to get ["hyper", "csv"] formats when set "formats" to ["hyper", "csv"]', async () => {
     // Arrange
-    const ctx: KoaRouterContext = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
     };
     // Act
     const middleware = new ResponseFormatMiddleware(
diff --git a/packages/serve/test/middlewares/built-in-middlewares/response-format/helpers.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/response-format/helpers.spec.ts
index 7b5bd042..59ea4fe4 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/response-format/helpers.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/response-format/helpers.spec.ts
@@ -2,7 +2,7 @@ import { Request } from 'koa';
 import * as sinon from 'ts-sinon';
 import faker from '@faker-js/faker';
 import * as responseHelpers from '@vulcan-sql/serve/middleware/response-format/helpers';
-import { BaseResponseFormatter, KoaRouterContext } from '@vulcan-sql/serve';
+import { BaseResponseFormatter } from '@vulcan-sql/serve';
 import {
   checkUsableFormat,
   isReceivedFormatRequest,
@@ -12,6 +12,7 @@ import {
   CsvFormatter,
   JsonFormatter,
 } from '@vulcan-sql/serve/response-formatter';
+import { KoaContext } from '@vulcan-sql/serve/models';
 
 class HyperFormatter extends BaseResponseFormatter {
   public format(): any {
@@ -53,7 +54,7 @@ it.each([
   ({ request, format, expected }) => {
     // Arrange
     const context = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         path: request.path,
@@ -99,7 +100,7 @@ describe('Test to call check usable format function', () => {
 
       // Act
       const result = checkUsableFormat({
-        context: sinon.stubInterface<KoaRouterContext>(),
+        context: sinon.stubInterface<KoaContext>(),
         formatters: input.formatters,
         supportedFormats: input.supportedFormats,
         defaultFormat,
@@ -128,7 +129,7 @@ describe('Test to call check usable format function', () => {
       // Act
       const checkUsableFormatAction = () =>
         checkUsableFormat({
-          context: sinon.stubInterface<KoaRouterContext>(),
+          context: sinon.stubInterface<KoaContext>(),
           formatters: {},
           supportedFormats: [],
           defaultFormat,
@@ -167,7 +168,7 @@ describe('Test to call check usable format function', () => {
 
       // Act
       const result = checkUsableFormat({
-        context: sinon.stubInterface<KoaRouterContext>(),
+        context: sinon.stubInterface<KoaContext>(),
         formatters,
         supportedFormats,
         defaultFormat,
@@ -208,7 +209,7 @@ describe('Test to call check usable format function', () => {
 
       // Act
       const result = checkUsableFormat({
-        context: sinon.stubInterface<KoaRouterContext>(),
+        context: sinon.stubInterface<KoaContext>(),
         formatters,
         supportedFormats,
         defaultFormat,
@@ -248,7 +249,7 @@ describe('Test to call check usable format function', () => {
 
       // Act
       const result = checkUsableFormat({
-        context: sinon.stubInterface<KoaRouterContext>(),
+        context: sinon.stubInterface<KoaContext>(),
         formatters,
         supportedFormats,
         defaultFormat,
diff --git a/packages/serve/test/middlewares/test-custom-middlewares/testModeMiddleware.ts b/packages/serve/test/middlewares/test-custom-middlewares/testModeMiddleware.ts
index 4948b565..13646be1 100644
--- a/packages/serve/test/middlewares/test-custom-middlewares/testModeMiddleware.ts
+++ b/packages/serve/test/middlewares/test-custom-middlewares/testModeMiddleware.ts
@@ -1,5 +1,5 @@
 import { BaseRouteMiddleware } from '@vulcan-sql/serve/models';
-import { KoaRouterContext, KoaNext } from '@vulcan-sql/serve/route';
+import { KoaContext, Next } from '@vulcan-sql/serve/models';
 
 export interface TestModeOptions {
   mode: boolean;
@@ -8,7 +8,7 @@ export interface TestModeOptions {
 export class TestModeMiddleware extends BaseRouteMiddleware {
   private mode = (this.getConfig()?.['mode'] as boolean) || false;
 
-  public async handle(context: KoaRouterContext, next: KoaNext) {
+  public async handle(context: KoaContext, next: Next) {
     context.response.set('test-mode', String(this.mode));
     await next();
   }
diff --git a/packages/serve/test/response-formatter/csv.spec.ts b/packages/serve/test/response-formatter/csv.spec.ts
index ef5b71de..f6db20a8 100644
--- a/packages/serve/test/response-formatter/csv.spec.ts
+++ b/packages/serve/test/response-formatter/csv.spec.ts
@@ -6,7 +6,7 @@ import {
   arrStringToCsvString,
   CsvFormatter,
 } from '@vulcan-sql/serve/response-formatter';
-import { KoaRouterContext } from '@vulcan-sql/serve';
+import { KoaContext } from '@vulcan-sql/serve';
 import { arrayToStream, streamToString } from '../test-utils';
 
 describe('Test array string to csv string', () => {
@@ -33,7 +33,7 @@ describe('Test to respond to csv', () => {
     const stubResponse = sinon.stubInterface<Response>();
     stubResponse.set.callsFake(() => null);
     const ctx = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       url: faker.internet.url(),
       response: stubResponse,
     };
@@ -104,7 +104,7 @@ describe('Test to respond to csv', () => {
         columns: input.columns,
       };
       const ctx = {
-        ...sinon.stubInterface<KoaRouterContext>(),
+        ...sinon.stubInterface<KoaContext>(),
         url: faker.internet.url(),
         response: stubResponse,
       };
diff --git a/packages/serve/test/response-formatter/json.spec.ts b/packages/serve/test/response-formatter/json.spec.ts
index 4538862e..d486b8b4 100644
--- a/packages/serve/test/response-formatter/json.spec.ts
+++ b/packages/serve/test/response-formatter/json.spec.ts
@@ -2,7 +2,7 @@ import { Response } from 'koa';
 import * as sinon from 'ts-sinon';
 import * as Stream from 'stream';
 import { JsonFormatter } from '@vulcan-sql/serve/response-formatter';
-import { KoaRouterContext } from '@vulcan-sql/serve';
+import { KoaContext } from '@vulcan-sql/serve';
 import faker from '@faker-js/faker';
 import { arrayToStream, streamToString } from '../test-utils';
 
@@ -12,7 +12,7 @@ describe('Test to respond to json', () => {
     const stubResponse = sinon.stubInterface<Response>();
     stubResponse.set.callsFake(() => null);
     const ctx = {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       url: faker.internet.url(),
       response: stubResponse,
     };
@@ -71,7 +71,7 @@ describe('Test to respond to json', () => {
         columns: input.columns,
       };
       const ctx = {
-        ...sinon.stubInterface<KoaRouterContext>(),
+        ...sinon.stubInterface<KoaContext>(),
         url: faker.internet.url(),
         response: stubResponse,
       };
diff --git a/packages/serve/test/route/route-component/paginationTransformer.spec.ts b/packages/serve/test/route/route-component/paginationTransformer.spec.ts
index 2d19037e..0de5449f 100644
--- a/packages/serve/test/route/route-component/paginationTransformer.spec.ts
+++ b/packages/serve/test/route/route-component/paginationTransformer.spec.ts
@@ -8,9 +8,9 @@ import {
 } from '@vulcan-sql/core';
 import {
   IPaginationTransformer,
-  KoaRouterContext,
   PaginationTransformer,
 } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { Container } from 'inversify';
 import { TYPES } from '@vulcan-sql/serve/containers';
 
@@ -47,9 +47,9 @@ describe('Test pagination transformer - transform successfully', () => {
       },
     },
   ];
-  const fakeKoaContexts: Array<KoaRouterContext> = [
+  const fakeKoaContexts: Array<KoaContext> = [
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -59,7 +59,7 @@ describe('Test pagination transformer - transform successfully', () => {
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -69,7 +69,7 @@ describe('Test pagination transformer - transform successfully', () => {
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -95,7 +95,7 @@ describe('Test pagination transformer - transform successfully', () => {
     ['keyset pagination', fakeSchemas[2], fakeKoaContexts[2]],
   ])(
     'Should success when give api schema and koa context request from %p',
-    async (_: string, schema: APISchema, ctx: KoaRouterContext) => {
+    async (_: string, schema: APISchema, ctx: KoaContext) => {
       // Arrange
       let expected = {};
       const query = ctx.request.query;
diff --git a/packages/serve/test/route/route-component/requestTransformer.spec.ts b/packages/serve/test/route/route-component/requestTransformer.spec.ts
index 135507b5..13d53118 100644
--- a/packages/serve/test/route/route-component/requestTransformer.spec.ts
+++ b/packages/serve/test/route/route-component/requestTransformer.spec.ts
@@ -9,10 +9,10 @@ import {
 } from '@vulcan-sql/core';
 import {
   IRequestTransformer,
-  KoaRouterContext,
   RequestParameters,
   RequestTransformer,
 } from '@vulcan-sql/serve/route';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { Container } from 'inversify';
 import { TYPES } from '@vulcan-sql/serve/containers';
 
@@ -87,16 +87,16 @@ describe('Test request transformer - transform successfully', () => {
       ],
     },
   ];
-  const fakeKoaContexts: Array<KoaRouterContext> = [
+  const fakeKoaContexts: Array<KoaContext> = [
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       params: {
         id: faker.datatype.number().toString(),
         uuid: faker.datatype.uuid(),
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       params: {
         uuid: faker.datatype.uuid(),
       },
@@ -108,7 +108,7 @@ describe('Test request transformer - transform successfully', () => {
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         header: {
@@ -120,7 +120,7 @@ describe('Test request transformer - transform successfully', () => {
       },
     },
     {
-      ...sinon.stubInterface<KoaRouterContext>(),
+      ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         query: {
@@ -144,7 +144,7 @@ describe('Test request transformer - transform successfully', () => {
     ['query parameters', fakeSchemas[3], fakeKoaContexts[3]],
   ])(
     'Should success when give api schema and koa context request from %p',
-    async (_: string, schema: APISchema, ctx: KoaRouterContext) => {
+    async (_: string, schema: APISchema, ctx: KoaContext) => {
       // Arrange
       const expected: RequestParameters = {};
       schema.request.map((param: RequestSchema) => {
diff --git a/tsconfig.base.json b/tsconfig.base.json
index ec1de97e..357f2910 100644
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -70,10 +70,8 @@
         "packages/integration-testing/src/index"
       ],
       "@vulcan-sql/serve": ["packages/serve/src/index"],
-      "@vulcan-sql/serve/app": ["packages/serve/src/lib/app"],
-      "@vulcan-sql/serve/config": ["packages/serve/src/lib/config"],
+      "@vulcan-sql/serve/app": ["packages/serve/src/lib/app.ts"],
       "@vulcan-sql/serve/containers": ["packages/serve/src/containers/index"],
-      "@vulcan-sql/serve/loader": ["packages/serve/src/lib/loader"],
       "@vulcan-sql/serve/middleware": [
         "packages/serve/src/lib/middleware/index"
       ],

From 51444cbaf05e088ddf9b3dd22b39799cb73c0711 Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Tue, 2 Aug 2022 12:05:43 +0800
Subject: [PATCH 2/8] feat(serve): add authenticator and auth middleware test
 cases

- modify the middleware order in "BuiltInRouteMiddlewares".
- fix "AuthMiddleware" to set user  auth data to correct place in context.
- add basic authenticator test cases.
- add auth middleware test cases.
---
 packages/serve/src/index.ts                   |   3 +
 ...Authenticator.ts => basicAuthenticator.ts} |  54 +--
 packages/serve/src/lib/auth/index.ts          |   6 +-
 .../src/lib/middleware/authMiddleware.ts      |   2 +-
 packages/serve/src/lib/middleware/index.ts    |   2 +-
 .../test/auth/basicAuthenticator.spec.ts      | 384 ++++++++++++++++++
 .../serve/test/auth/test-files/basic.htpasswd |   2 +
 .../authMiddleware.spec.ts                    | 179 ++++++++
 tsconfig.base.json                            |   4 +-
 9 files changed, 607 insertions(+), 29 deletions(-)
 rename packages/serve/src/lib/auth/{httpBasicAuthenticator.ts => basicAuthenticator.ts} (65%)
 create mode 100644 packages/serve/test/auth/basicAuthenticator.spec.ts
 create mode 100644 packages/serve/test/auth/test-files/basic.htpasswd
 create mode 100644 packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts

diff --git a/packages/serve/src/index.ts b/packages/serve/src/index.ts
index 5ef259f0..6d9f7e5f 100644
--- a/packages/serve/src/index.ts
+++ b/packages/serve/src/index.ts
@@ -1,5 +1,8 @@
 export * from './lib/route';
 export * from './lib/middleware';
+export * from './lib/response-formatter';
+export * from './lib/pagination';
+export * from './lib/auth';
 export * from './lib/app';
 export * from './lib/server';
 export * from './models';
diff --git a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts b/packages/serve/src/lib/auth/basicAuthenticator.ts
similarity index 65%
rename from packages/serve/src/lib/auth/httpBasicAuthenticator.ts
rename to packages/serve/src/lib/auth/basicAuthenticator.ts
index 55648694..74f34c5d 100644
--- a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
+++ b/packages/serve/src/lib/auth/basicAuthenticator.ts
@@ -1,4 +1,5 @@
 import * as fs from 'fs';
+import * as readline from 'readline';
 import { isEmpty } from 'lodash';
 import {
   BaseAuthenticator,
@@ -10,15 +11,16 @@ import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
 
 @VulcanInternalExtension()
 @VulcanExtensionId('basic')
-export class HttpBasicAuthenticator extends BaseAuthenticator {
+export class BasicAuthenticator extends BaseAuthenticator {
   public async authenticate(
     usersOptions: Array<UserAuthOptions>,
     context: KoaContext
   ) {
-    const auth = context.request.headers['authorization']?.toLowerCase();
     // if not exist basic method config, return failed.
     if (isEmpty(usersOptions)) return { authenticated: false };
-    if (!(auth && auth.startsWith(this.getExtensionId()!)))
+
+    const auth = context.request.headers['authorization'];
+    if (!(auth && auth.toLowerCase().startsWith(this.getExtensionId()!)))
       return { authenticated: false };
 
     // validate auth token
@@ -42,21 +44,24 @@ export class HttpBasicAuthenticator extends BaseAuthenticator {
     let ansToken = '';
     const pattern = /^{{([\w]+|[ \w ]+)}}$/;
     const matched = pattern.exec(userOptions.auth['token'] as string);
+    // if find env variable format, read env variable by matched[1], or read value of token directly.
+    ansToken = matched
+      ? (process.env[matched[1]] as string)
+      : (userOptions.auth['token'] as string);
+
     if (!matched) ansToken = ansToken || (userOptions.auth['token'] as string);
     // matched[1] is env variable
     if (matched) ansToken = ansToken || (process.env[matched[1]] as string);
-    if (srcToken === ansToken)
-      return {
-        authenticated: true,
-        user: {
-          name: userOptions.name,
-          method: this.getExtensionId()!, // method name
-          attr: userOptions.attr,
-        },
-      } as AuthResult;
+    if (srcToken !== ansToken) return { authenticated: false };
+
     return {
-      authenticated: false,
-    };
+      authenticated: true,
+      user: {
+        name: userOptions.name,
+        method: this.getExtensionId()!, // method name
+        attr: userOptions.attr,
+      },
+    } as AuthResult;
   }
 
   private async verifyTokenInFile(
@@ -64,17 +69,20 @@ export class HttpBasicAuthenticator extends BaseAuthenticator {
     userOptions: UserAuthOptions
   ) {
     let ansToken = '';
-    const filePath = userOptions.auth['filePath'] as string;
+    const filePath = userOptions.auth['file'] as string;
+
+    if (!fs.existsSync(filePath)) return { authenticated: false };
     if (!fs.statSync(filePath).isFile()) return { authenticated: false };
-    const stream = fs.createReadStream(filePath);
-    // read each line
-    stream.on('data', (chunk) => {
-      const content = chunk.toString();
-      if (content.startsWith(`${userOptions.name}:`)) {
-        ansToken = content.split(':')[1];
-        return;
-      }
+
+    const reader = readline.createInterface({
+      input: fs.createReadStream(filePath),
     });
+    for await (const line of reader) {
+      if (line.startsWith(`${userOptions.name}:`)) {
+        ansToken = line.split(':')[1].trim();
+        break;
+      }
+    }
 
     if (srcToken !== ansToken) return { authenticated: false };
     // if matched return user data
diff --git a/packages/serve/src/lib/auth/index.ts b/packages/serve/src/lib/auth/index.ts
index 973b4ecc..daf837e6 100644
--- a/packages/serve/src/lib/auth/index.ts
+++ b/packages/serve/src/lib/auth/index.ts
@@ -1,5 +1,5 @@
-export * from './httpBasicAuthenticator';
+export * from './basicAuthenticator';
 
-import { HttpBasicAuthenticator } from './httpBasicAuthenticator';
+import { BasicAuthenticator } from './basicAuthenticator';
 
-export const BuiltInAuthenticators = [HttpBasicAuthenticator];
+export const BuiltInAuthenticators = [BasicAuthenticator];
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
index d68a0ddd..46ca5acd 100644
--- a/packages/serve/src/lib/middleware/authMiddleware.ts
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -42,7 +42,7 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
   }
 
   public async handle(context: KoaContext, next: Next) {
-    // return to skip the middleware, if disabled
+    // return to stop the middleware, if disabled
     if (!this.enabled) return next();
 
     const options = (this.getOptions() as AuthOptions) || {};
diff --git a/packages/serve/src/lib/middleware/index.ts b/packages/serve/src/lib/middleware/index.ts
index b12ac1a3..a628c2a1 100644
--- a/packages/serve/src/lib/middleware/index.ts
+++ b/packages/serve/src/lib/middleware/index.ts
@@ -17,8 +17,8 @@ import { ClassType, ExtensionBase } from '@vulcan-sql/core';
 export const BuiltInRouteMiddlewares: ClassType<ExtensionBase>[] = [
   CorsMiddleware,
   RateLimitMiddleware,
-  AuthMiddleware,
   RequestIdMiddleware,
   AuditLoggingMiddleware,
+  AuthMiddleware,
   ResponseFormatMiddleware,
 ];
diff --git a/packages/serve/test/auth/basicAuthenticator.spec.ts b/packages/serve/test/auth/basicAuthenticator.spec.ts
new file mode 100644
index 00000000..9201bad8
--- /dev/null
+++ b/packages/serve/test/auth/basicAuthenticator.spec.ts
@@ -0,0 +1,384 @@
+import * as path from 'path';
+import * as sinon from 'ts-sinon';
+import { IncomingHttpHeaders } from 'http';
+import { Request } from 'koa';
+import { BasicAuthenticator } from '@vulcan-sql/serve/auth';
+import {
+  AuthResult,
+  KoaContext,
+  UserAuthOptions,
+} from '@vulcan-sql/serve/models';
+
+describe('Test http basic authenticator', () => {
+  const expectFailed = { authenticated: false };
+  const oriEnv = process.env;
+  const envVariable = 'TOKEN_VALUE';
+
+  const invalidToken = Buffer.from('invalid-user').toString('base64');
+  const user3Token = Buffer.from('user3').toString('base64');
+
+  const usersOptions = [
+    {
+      name: 'user1',
+      auth: {
+        method: 'basic',
+        token: Buffer.from('user1').toString('base64'),
+      },
+      attr: {
+        role: 'data engineer',
+      },
+    },
+    {
+      name: 'user2',
+      auth: {
+        method: 'basic',
+        token: Buffer.from('user2').toString('base64'),
+      },
+      attr: {
+        role: 'sales',
+      },
+    },
+    {
+      name: 'user3',
+      auth: {
+        method: 'basic',
+        // user3
+        token: `{{${envVariable}}}`,
+      },
+      attr: {
+        role: 'qa engineer',
+      },
+    },
+    {
+      name: 'user4',
+      auth: {
+        method: 'basic',
+        // user3
+        file: `${path.resolve(__dirname, './test-files/basic.htpasswd')}`,
+      },
+      attr: {
+        role: 'web engineer',
+      },
+    },
+  ] as Array<UserAuthOptions>;
+
+  afterEach(() => {
+    process.env = oriEnv;
+  });
+  it('Should auth failed when not find any basic method in "user-auth" config', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+    } as KoaContext;
+
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate([], ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+  it('Test to auth failed when request header not exist "authorization" key', async () => {
+    // Arrange
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(usersOptions, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it('Should auth failed when request header "authorization" not start with "basic"', async () => {
+    // Arrange
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: '',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(usersOptions, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it('Test to auth failed when request header "authorization" not match "token" value in "user-auth" config', async () => {
+    // Arrange
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `Basic ${invalidToken}`,
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(usersOptions, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it.each([
+    [`Basic ${usersOptions[0].auth['token']}`],
+    [`BASIC ${usersOptions[0].auth['token']}`],
+    [`basic ${usersOptions[0].auth['token']}`],
+  ])(
+    'Should auth successful when request header "authorization"  match "token" value in "user-auth" config',
+    async (authToken) => {
+      // Arrange
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        request: {
+          ...sinon.stubInterface<Request>(),
+          headers: {
+            ...sinon.stubInterface<IncomingHttpHeaders>(),
+            authorization: authToken,
+          },
+        },
+      } as KoaContext;
+
+      const expected = {
+        authenticated: true,
+        user: {
+          name: usersOptions[0].name,
+          method: usersOptions[0].auth.method,
+          attr: usersOptions[0].attr,
+        },
+      } as AuthResult;
+      // Act
+      const authenticator = new BasicAuthenticator({}, '');
+      const result = await authenticator.authenticate(usersOptions, ctx);
+
+      // Assert
+      expect(result).toEqual(expected);
+    }
+  );
+
+  it('Test to auth failed when request header "authorization" not match "token" env variable value in "user-auth" options', async () => {
+    // Arrange
+    process.env[envVariable] = user3Token;
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `Basic ${invalidToken}`,
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(usersOptions, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it.each([
+    [`Basic ${user3Token}`],
+    [`BASIC ${user3Token}`],
+    [`basic ${user3Token}`],
+  ])(
+    'Should auth successful when request header "authorization" not match "token" env variable value in "user-auth" options',
+    async (authToken) => {
+      // Arrange
+      process.env[envVariable] = user3Token as string;
+
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        request: {
+          ...sinon.stubInterface<Request>(),
+          headers: {
+            ...sinon.stubInterface<IncomingHttpHeaders>(),
+            authorization: authToken,
+          },
+        },
+      } as KoaContext;
+
+      const expected = {
+        authenticated: true,
+        user: {
+          name: usersOptions[2].name,
+          method: usersOptions[2].auth.method,
+          attr: usersOptions[2].attr,
+        },
+      } as AuthResult;
+      // Act
+      const authenticator = new BasicAuthenticator({}, '');
+      const result = await authenticator.authenticate(usersOptions, ctx);
+
+      // Assert
+      expect(result).toEqual(expected);
+    }
+  );
+
+  it('Should auth failed when "file" path not exist in "user-auth" options', async () => {
+    // Arrange
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          // user 4 token value
+          authorization: `Basic dXNlcjQ=`,
+        },
+      },
+    } as KoaContext;
+
+    // user4
+    const options = [
+      {
+        name: usersOptions[3].name,
+        auth: {
+          method: usersOptions[3].auth.method,
+          file: 'not-a-file-path',
+        },
+        attr: usersOptions[3].attr,
+      },
+    ] as Array<UserAuthOptions>;
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(options, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it('Test to auth failed when "file" is not a file in "user-auth" options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          // user 4 token value
+          authorization: `Basic dXNlcjQ=`,
+        },
+      },
+    } as KoaContext;
+
+    // user4
+    const options = [
+      {
+        name: usersOptions[3].name,
+        auth: {
+          method: usersOptions[3].auth.method,
+          file: path.resolve(__dirname, './test-files'),
+        },
+        attr: usersOptions[3].attr,
+      },
+    ] as Array<UserAuthOptions>;
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(options, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it('Should auth failed when request header "authorization" not match token in "file" path of the "user-auth" options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          // user 4 token value
+          authorization: `Basic ${Buffer.from('user5').toString('base64')}`,
+        },
+      },
+    } as KoaContext;
+
+    // user4
+    const options = [
+      {
+        name: usersOptions[3].name,
+        auth: {
+          method: usersOptions[3].auth.method,
+          file: path.resolve(__dirname, './test-files/basic.htpasswd'),
+        },
+        attr: usersOptions[3].attr,
+      },
+    ] as Array<UserAuthOptions>;
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(options, ctx);
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it('Should auth successful when request header "authorization" match token in "file" path of the "user-auth" options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          // user 4 token value
+          authorization: `Basic dXNlcjQ=`,
+        },
+      },
+    } as KoaContext;
+
+    // user4
+    const options = [
+      {
+        name: usersOptions[3].name,
+        auth: {
+          method: usersOptions[3].auth.method,
+          file: path.resolve(__dirname, './test-files/basic.htpasswd'),
+        },
+        attr: usersOptions[3].attr,
+      },
+    ] as Array<UserAuthOptions>;
+
+    const expected = {
+      authenticated: true,
+      user: {
+        name: usersOptions[3].name,
+        method: usersOptions[3].auth.method,
+        attr: usersOptions[3].attr,
+      },
+    } as AuthResult;
+    // Act
+    const authenticator = new BasicAuthenticator({}, '');
+    const result = await authenticator.authenticate(options, ctx);
+
+    // Assert
+    expect(result).toEqual(expected);
+  });
+});
diff --git a/packages/serve/test/auth/test-files/basic.htpasswd b/packages/serve/test/auth/test-files/basic.htpasswd
new file mode 100644
index 00000000..8ec589e2
--- /dev/null
+++ b/packages/serve/test/auth/test-files/basic.htpasswd
@@ -0,0 +1,2 @@
+user4:dXNlcjQ=
+
diff --git a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
new file mode 100644
index 00000000..5b4c231b
--- /dev/null
+++ b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
@@ -0,0 +1,179 @@
+import * as sinon from 'ts-sinon';
+import { Container } from 'inversify';
+import { AuthMiddleware } from '@vulcan-sql/serve/middleware';
+import {
+  AuthResult,
+  AuthUserInfo,
+  KoaContext,
+  UserAuthOptions,
+} from '@vulcan-sql/serve/models';
+import { Request } from 'koa';
+import { IncomingHttpHeaders } from 'http';
+import * as lodash from 'lodash';
+
+import { BasicAuthenticator } from '@vulcan-sql/serve';
+
+describe('Test auth middlewares', () => {
+  let stubBasicAuthenticator: sinon.StubbedInstance<BasicAuthenticator>;
+
+  beforeEach(() => {
+    stubBasicAuthenticator = sinon.stubInterface<BasicAuthenticator>();
+  });
+
+  afterEach(() => {
+    sinon.default.restore();
+  });
+
+  it('Should return to stop auth middleware when enabled = false', async () => {
+    // Arrange
+    const ctx: KoaContext = {
+      ...sinon.stubInterface<KoaContext>(),
+    };
+    // Act
+    const middleware = new AuthMiddleware(
+      {
+        enabled: false,
+      },
+      '',
+      []
+    );
+    // spy the async function to do test
+    const spy = jest.spyOn(lodash, 'isEmpty');
+
+    await middleware.handle(ctx, async () => Promise.resolve());
+
+    expect(spy).not.toHaveBeenCalled();
+  });
+
+  it.each([[[]], [undefined]])(
+    'Should return to stop auth middleware when "user-auth" = %p in options',
+    async (options) => {
+      // Arrange
+      const ctx: KoaContext = {
+        ...sinon.stubInterface<KoaContext>(),
+      };
+      // Act
+      const middleware = new AuthMiddleware(
+        {
+          options: {
+            'user-auth': options,
+          },
+        },
+        '',
+        []
+      );
+
+      // spy the async function to do test
+      const spy = jest.spyOn(lodash, 'isEmpty');
+
+      await middleware.handle(ctx, async () => Promise.resolve());
+
+      expect(spy).toHaveBeenCalled();
+    }
+  );
+
+  it('Should authenticate successful when request with basic authorization and match in "user-auth" config', async () => {
+    // Arrange
+    const user = {
+      name: 'user',
+      auth: {
+        method: 'basic',
+        token: `${Buffer.from('user').toString('base64')}`,
+      },
+      attr: {
+        role: 'engineer',
+      },
+    } as UserAuthOptions;
+
+    // stub authenticate result
+    stubBasicAuthenticator.authenticate.resolves({
+      authenticated: true,
+      user: {
+        name: user.name,
+        method: user.auth.method,
+        attr: user.attr,
+      },
+    } as AuthResult);
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `Basic ${user.auth['token']}`,
+        },
+      },
+      state: {
+        ...sinon.stubInterface<{ user: AuthUserInfo }>(),
+      },
+    };
+
+    const expected = {
+      name: user.name,
+      method: user.auth.method,
+      attr: user.attr,
+    } as AuthUserInfo;
+    // Act
+    const middleware = new AuthMiddleware(
+      {
+        options: {
+          ['user-auth']: [user],
+        },
+      },
+      '',
+      [stubBasicAuthenticator]
+    );
+
+    await middleware.handle(ctx, async () => Promise.resolve());
+
+    expect(ctx.state.user).toEqual(expected);
+  });
+
+  it('Should authenticate failed when request with basic authorization and not match in "user-auth" config', async () => {
+    // Arrange
+    const user = {
+      name: 'user',
+      auth: {
+        method: 'basic',
+        token: `${Buffer.from('user').toString('base64')}`,
+      },
+      attr: {
+        role: 'engineer',
+      },
+    } as UserAuthOptions;
+
+    // stub authenticate result
+    stubBasicAuthenticator.authenticate.resolves({
+      authenticated: false,
+    } as AuthResult);
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `Bear ${user.auth['token']}`,
+        },
+      },
+      state: {
+        ...sinon.stubInterface<{ user: AuthUserInfo }>(),
+      },
+    };
+    const expected = new Error('authentication failed.');
+    // Act
+    const middleware = new AuthMiddleware(
+      {
+        options: {
+          ['user-auth']: [user],
+        },
+      },
+      '',
+      [stubBasicAuthenticator]
+    );
+    const handleAction = middleware.handle(ctx, async () => Promise.resolve());
+    // Assert
+    expect(handleAction).rejects.toThrowError(expected);
+  });
+});
diff --git a/tsconfig.base.json b/tsconfig.base.json
index 357f2910..29adad67 100644
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -92,7 +92,9 @@
       "@vulcan-sql/serve/route/*": ["packages/serve/src/lib/route/*"],
       "@vulcan-sql/serve/utils": ["packages/serve/src/lib/utils/index"],
       "@vulcan-sql/serve/utils/*": ["packages/serve/src/lib/utils/*"],
-      "@vulcan-sql/test-utility": ["packages/test-utility/src/index"]
+      "@vulcan-sql/test-utility": ["packages/test-utility/src/index"],
+      "@vulcan-sql/serve/auth": ["packages/serve/src/lib/auth/index"],
+      "@vulcan-sql/serve/auth/*": ["packages/serve/src/lib/auth/*"]
     }
   },
   "exclude": ["node_modules", "tmp"]

From 898f0dba7295fe2f32addb04da13583329c96015 Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Tue, 2 Aug 2022 12:50:11 +0800
Subject: [PATCH 3/8] feat(serve): add cursor, offset, keyset pgination
 strategy test cases.

- refactor "KeysetBasedStrategy" for passing "keyName" directly.
- add cursor, offset, keyset pgination strategy test cases.
---
 .../serve/src/lib/auth/basicAuthenticator.ts  |   1 +
 .../src/lib/middleware/authMiddleware.ts      |   2 +-
 .../strategy/keysetBasedStrategy.ts           |  22 ++--
 .../route-component/paginationTransformer.ts  |   2 +-
 packages/serve/src/models/userAuthOptions.ts  |   3 +
 .../authMiddleware.spec.ts                    |   1 -
 .../pagination/cursorBasedStrategy.spec.ts    |  88 ++++++++++++++
 .../pagination/keysetBasedStrategy.spec.ts    | 114 ++++++++++++++++++
 .../pagination/offsetBasedStrategy.spec.ts    |  88 ++++++++++++++
 9 files changed, 308 insertions(+), 13 deletions(-)
 create mode 100644 packages/serve/test/pagination/cursorBasedStrategy.spec.ts
 create mode 100644 packages/serve/test/pagination/keysetBasedStrategy.spec.ts
 create mode 100644 packages/serve/test/pagination/offsetBasedStrategy.spec.ts

diff --git a/packages/serve/src/lib/auth/basicAuthenticator.ts b/packages/serve/src/lib/auth/basicAuthenticator.ts
index 74f34c5d..1e309e2a 100644
--- a/packages/serve/src/lib/auth/basicAuthenticator.ts
+++ b/packages/serve/src/lib/auth/basicAuthenticator.ts
@@ -9,6 +9,7 @@ import {
 } from '@vulcan-sql/serve/models';
 import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
 
+/** The http basic authenticator  */
 @VulcanInternalExtension()
 @VulcanExtensionId('basic')
 export class BasicAuthenticator extends BaseAuthenticator {
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
index 46ca5acd..a5344572 100644
--- a/packages/serve/src/lib/middleware/authMiddleware.ts
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -19,7 +19,7 @@ export type AuthenticatorMap = {
 };
 
 /** The middleware used to check request auth information.
- *  It seek the 'auth' config to match data through built-in and customized authenticator by BaseAuthenticator
+ *  It seek the 'auth' module name to match data through built-in and customized authenticator by BaseAuthenticator
  * */
 @VulcanInternalExtension('auth')
 export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
diff --git a/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts b/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts
index 1454208c..b4c6905d 100644
--- a/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts
+++ b/packages/serve/src/lib/pagination/strategy/keysetBasedStrategy.ts
@@ -1,36 +1,38 @@
 import {
   normalizeStringValue,
   PaginationMode,
-  PaginationSchema,
   KeysetPagination,
 } from '@vulcan-sql/core';
 import { KoaContext } from '@vulcan-sql/serve/models';
 import { PaginationStrategy } from './strategy';
 
 export class KeysetBasedStrategy extends PaginationStrategy<KeysetPagination> {
-  private pagination: PaginationSchema;
-  constructor(pagination: PaginationSchema) {
+  private keyName?: string;
+  constructor(keyName?: string) {
     super();
-    this.pagination = pagination;
+    this.keyName = keyName;
   }
   public async transform(ctx: KoaContext) {
-    if (!this.pagination.keyName)
+    if (!this.keyName)
       throw new Error(
         `The keyset pagination need to set "keyName" in schema for indicate what key need to do filter.`
       );
-    const { keyName } = this.pagination;
-    const checkFelidInQueryString = ['limit', keyName].every((field) =>
+    const checkFelidInQueryString = ['limit', this.keyName].every((field) =>
       Object.keys(ctx.request.query).includes(field)
     );
     if (!checkFelidInQueryString)
       throw new Error(
-        `The ${PaginationMode.KEYSET} must provide limit and offset in query string.`
+        `The ${PaginationMode.KEYSET} must provide limit and key name in query string.`
       );
     const limitVal = ctx.request.query['limit'] as string;
-    const keyNameVal = ctx.request.query[keyName] as string;
+    const keyNameVal = ctx.request.query[this.keyName] as string;
     return {
       limit: normalizeStringValue(limitVal, 'limit', Number.name),
-      [keyName]: normalizeStringValue(keyNameVal, keyName, String.name),
+      [this.keyName]: normalizeStringValue(
+        keyNameVal,
+        this.keyName,
+        String.name
+      ),
     } as KeysetPagination;
   }
 }
diff --git a/packages/serve/src/lib/route/route-component/paginationTransformer.ts b/packages/serve/src/lib/route/route-component/paginationTransformer.ts
index d2d506de..3aa0ea1d 100644
--- a/packages/serve/src/lib/route/route-component/paginationTransformer.ts
+++ b/packages/serve/src/lib/route/route-component/paginationTransformer.ts
@@ -27,7 +27,7 @@ export class PaginationTransformer {
 
       const offset = new OffsetBasedStrategy();
       const cursor = new CursorBasedStrategy();
-      const keyset = new KeysetBasedStrategy(pagination);
+      const keyset = new KeysetBasedStrategy(pagination.keyName);
       const strategyMapper = {
         [PaginationMode.OFFSET]: offset.transform.bind(offset),
         [PaginationMode.CURSOR]: cursor.transform.bind(cursor),
diff --git a/packages/serve/src/models/userAuthOptions.ts b/packages/serve/src/models/userAuthOptions.ts
index eaa6cafa..6f92c58c 100644
--- a/packages/serve/src/models/userAuthOptions.ts
+++ b/packages/serve/src/models/userAuthOptions.ts
@@ -6,7 +6,10 @@ export interface AuthInfoOptions {
 }
 
 export interface UserAuthOptions {
+  /* user name */
   name: string;
+  /* auth method and credential */
   auth: AuthInfoOptions;
+  /* the user attribute which could used after auth successful */
   attr: { [field: string]: string | boolean | number };
 }
diff --git a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
index 5b4c231b..8d7734f9 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
@@ -1,5 +1,4 @@
 import * as sinon from 'ts-sinon';
-import { Container } from 'inversify';
 import { AuthMiddleware } from '@vulcan-sql/serve/middleware';
 import {
   AuthResult,
diff --git a/packages/serve/test/pagination/cursorBasedStrategy.spec.ts b/packages/serve/test/pagination/cursorBasedStrategy.spec.ts
new file mode 100644
index 00000000..8564ed63
--- /dev/null
+++ b/packages/serve/test/pagination/cursorBasedStrategy.spec.ts
@@ -0,0 +1,88 @@
+import faker from '@faker-js/faker';
+import { PaginationMode } from '@vulcan-sql/core/models';
+import { KoaContext } from '@vulcan-sql/serve';
+import { CursorBasedStrategy } from '@vulcan-sql/serve/pagination';
+import { Request } from 'koa';
+import { ParsedUrlQuery } from 'querystring';
+import * as sinon from 'ts-sinon';
+
+describe('Test cursor based pagination strategy', () => {
+  afterEach(() => {
+    sinon.default.restore();
+  });
+
+  it('Should throw error when "cursor" field not in query string for request context', async () => {
+    // Arrange
+    const expected = new Error(
+      `The ${PaginationMode.CURSOR} must provide limit and cursor in query string.`
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          limit: '50',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new CursorBasedStrategy();
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should throw error when "limit" field not in query string for request context', async () => {
+    // Arrange
+    const expected = new Error(
+      `The ${PaginationMode.CURSOR} must provide limit and cursor in query string.`
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          cursor: '50',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new CursorBasedStrategy();
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should transform successful when "limit" and "cursor" existed in query string for request context format correct', async () => {
+    // Arrange
+    const expected = {
+      cursor: faker.date.recent().toISOString(),
+      limit: faker.datatype.number({ min: 1, max: 100 }),
+    };
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          cursor: expected.cursor,
+          limit: expected.limit.toString(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new CursorBasedStrategy();
+    const result = await strategy.transform(ctx);
+
+    // Assert
+    expect(result).toEqual(expected);
+  });
+});
diff --git a/packages/serve/test/pagination/keysetBasedStrategy.spec.ts b/packages/serve/test/pagination/keysetBasedStrategy.spec.ts
new file mode 100644
index 00000000..1d147a94
--- /dev/null
+++ b/packages/serve/test/pagination/keysetBasedStrategy.spec.ts
@@ -0,0 +1,114 @@
+import faker from '@faker-js/faker';
+import { PaginationMode } from '@vulcan-sql/core/models';
+import { KoaContext } from '@vulcan-sql/serve';
+import { KeysetBasedStrategy } from '@vulcan-sql/serve/pagination';
+import { Request } from 'koa';
+import { ParsedUrlQuery } from 'querystring';
+import * as sinon from 'ts-sinon';
+
+describe('Test keyset based pagination strategy', () => {
+  afterEach(() => {
+    sinon.default.restore();
+  });
+
+  it('Should throw error when "keyName" not provide query at initialization', async () => {
+    // Arrange
+    const expected = new Error(
+      'The keyset pagination need to set "keyName" in schema for indicate what key need to do filter.'
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new KeysetBasedStrategy();
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should throw error when "keyName" field not in query string for request context', async () => {
+    // Arrange
+    const expected = new Error(
+      `The ${PaginationMode.KEYSET} must provide limit and key name in query string.`
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          limit: '50',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new KeysetBasedStrategy(faker.random.word());
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should throw error when "limit" field not in query string for request context', async () => {
+    // Arrange
+    const keyName = faker.random.word().toLowerCase();
+    const expected = new Error(
+      `The ${PaginationMode.KEYSET} must provide limit and key name in query string.`
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          keyName: faker.random.word(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new KeysetBasedStrategy(keyName);
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should transform successful when "limit" and "keyName" existed in query string for request context format correct', async () => {
+    // Arrange
+    const keyName = faker.random.word().toLowerCase();
+
+    const expected = {
+      limit: faker.datatype.number({ min: 1, max: 100 }),
+      [keyName]: faker.random.word(),
+    };
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          limit: expected.limit.toString(),
+          [keyName]: expected[keyName],
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new KeysetBasedStrategy(keyName);
+    const result = await strategy.transform(ctx);
+
+    // Assert
+    expect(result).toEqual(expected);
+  });
+});
diff --git a/packages/serve/test/pagination/offsetBasedStrategy.spec.ts b/packages/serve/test/pagination/offsetBasedStrategy.spec.ts
new file mode 100644
index 00000000..c2a6c40d
--- /dev/null
+++ b/packages/serve/test/pagination/offsetBasedStrategy.spec.ts
@@ -0,0 +1,88 @@
+import faker from '@faker-js/faker';
+import { PaginationMode } from '@vulcan-sql/core/models';
+import { KoaContext } from '@vulcan-sql/serve';
+import { OffsetBasedStrategy } from '@vulcan-sql/serve/pagination';
+import { Request } from 'koa';
+import { ParsedUrlQuery } from 'querystring';
+import * as sinon from 'ts-sinon';
+
+describe('Test offset based pagination strategy', () => {
+  afterEach(() => {
+    sinon.default.restore();
+  });
+
+  it('Should throw error when "offset" field not in query string for request context', async () => {
+    // Arrange
+    const expected = new Error(
+      `The ${PaginationMode.OFFSET} must provide limit and offset in query string.`
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          limit: '50',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new OffsetBasedStrategy();
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should throw error when "limit" field not in query string for request context', async () => {
+    // Arrange
+    const expected = new Error(
+      `The ${PaginationMode.OFFSET} must provide limit and offset in query string.`
+    );
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          offset: '50',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new OffsetBasedStrategy();
+    const transformAction = strategy.transform(ctx);
+
+    // Assert
+    expect(transformAction).rejects.toThrowError(expected);
+  });
+
+  it('Should transform successful when "limit" and "offset" existed in query string for request context format correct', async () => {
+    // Arrange
+    const expected = {
+      offset: faker.datatype.number({ min: 1, max: 100 }),
+      limit: faker.datatype.number({ min: 1, max: 100 }),
+    };
+
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        query: {
+          ...sinon.stubInterface<ParsedUrlQuery>(),
+          offset: expected.offset.toString(),
+          limit: expected.limit.toString(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const strategy = new OffsetBasedStrategy();
+    const result = await strategy.transform(ctx);
+
+    // Assert
+    expect(result).toEqual(expected);
+  });
+});

From ba1b91f3d26f271ac8089c6b7d29cf4f89b9e689 Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Wed, 24 Aug 2022 16:15:37 +0800
Subject: [PATCH 4/8] fix(serve): make authenticator and auth middleware have
 different result status.

---
 package.json                                  |  2 +
 .../src/lib/middleware/authMiddleware.ts      | 40 ++++++++++++------
 .../src/models/extensions/authenticator.ts    | 42 +++++++++++++------
 yarn.lock                                     | 10 +++++
 4 files changed, 69 insertions(+), 25 deletions(-)

diff --git a/package.json b/package.json
index e33525ff..e764a2b3 100644
--- a/package.json
+++ b/package.json
@@ -38,6 +38,7 @@
     "@nrwl/js": "14.0.3",
     "@nrwl/linter": "14.0.3",
     "@nrwl/workspace": "14.0.3",
+    "@types/bcryptjs": "^2.4.2",
     "@types/from2": "^2.3.1",
     "@types/glob": "^7.2.0",
     "@types/inquirer": "^8.0.0",
@@ -54,6 +55,7 @@
     "@types/uuid": "^8.3.4",
     "@typescript-eslint/eslint-plugin": "~5.18.0",
     "@typescript-eslint/parser": "~5.18.0",
+    "bcryptjs": "^2.4.3",
     "commitizen": "^4.2.5",
     "cz-conventional-changelog": "^3.3.0",
     "eslint": "~8.12.0",
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
index a5344572..594a98ec 100644
--- a/packages/serve/src/lib/middleware/authMiddleware.ts
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -6,16 +6,17 @@ import {
   KoaContext,
   BuiltInMiddleware,
   BaseAuthenticator,
-  UserAuthOptions,
+  AuthStatus,
 } from '@vulcan-sql/serve/models';
 import { TYPES } from '@vulcan-sql/serve/containers';
 
 export interface AuthOptions {
-  ['user-auth']?: Array<UserAuthOptions>;
+  // different auth type settings
+  [authType: string]: any;
 }
 
 export type AuthenticatorMap = {
-  [name: string]: BaseAuthenticator;
+  [name: string]: BaseAuthenticator<any>;
 };
 
 /** The middleware used to check request auth information.
@@ -24,11 +25,12 @@ export type AuthenticatorMap = {
 @VulcanInternalExtension('auth')
 export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
   private authenticators: AuthenticatorMap;
+
   constructor(
     @inject(CORE_TYPES.ExtensionConfig) config: any,
     @inject(CORE_TYPES.ExtensionName) name: string,
     @multiInject(TYPES.Extension_Authenticator)
-    authenticators: BaseAuthenticator[]
+    authenticators: BaseAuthenticator<any>[]
   ) {
     super(config, name);
 
@@ -46,21 +48,35 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
     if (!this.enabled) return next();
 
     const options = (this.getOptions() as AuthOptions) || {};
-    if (isEmpty(options['user-auth'])) return next();
+    if (isEmpty(options)) return next();
 
-    // authenticate each user by selected auth method in config
+    // pass current context to authenticate different users of auth type with with config
     for (const name of Object.keys(this.authenticators)) {
-      const result = await this.authenticators[name].authenticate(
-        options['user-auth'] || [],
-        context
-      );
-      if (!result.authenticated) continue;
+      // skip the disappeared auth type name in options
+      if (!options[name]) continue;
+
+      // authenticate
+      const authenticator = this.authenticators[name];
+      if (authenticator.activate) await authenticator.activate();
+      const result = await authenticator.authenticate(context);
+      // if state is incorrect, change to next authentication
+      if (result.status === AuthStatus.INCORRECT) continue;
+      // if state is failed, return directly
+      if (result.status === AuthStatus.FAIL) {
+        context.status = 401;
+        context.body = {
+          type: result.type,
+          message: result.message || 'authentication failed',
+        };
+        return;
+      }
 
       // set auth user information to context
       context.state.user = result.user!;
       await next();
       return;
     }
-    throw new Error('authentication failed.');
+
+    throw new Error('all types of authentication failed.');
   }
 }
diff --git a/packages/serve/src/models/extensions/authenticator.ts b/packages/serve/src/models/extensions/authenticator.ts
index e410ff79..f9b9ee16 100644
--- a/packages/serve/src/models/extensions/authenticator.ts
+++ b/packages/serve/src/models/extensions/authenticator.ts
@@ -1,34 +1,50 @@
 import { VulcanExtension, ExtensionBase } from '@vulcan-sql/core';
-import { KoaContext, UserAuthOptions } from '@vulcan-sql/serve/models';
+import { KoaContext } from '@vulcan-sql/serve/models';
 import { TYPES } from '../../containers/types';
 
 export interface AuthUserInfo {
   name: string;
-  method: string;
   attr: {
     [field: string]: string | boolean | number;
   };
 }
 
+export enum AuthStatus {
+  /**
+   * SUCCESS: Request format correct and match the one of user credentials
+   * INCORRECT: Request format is incorrect for authenticator needed, skip and check next authenticator
+   * FAIL: Request format correct, but not match the user credentials
+   */
+  SUCCESS = 'SUCCESS',
+  FAIL = 'FAIL',
+  INCORRECT = 'INCORRECT',
+}
 export interface AuthResult {
-  authenticated: boolean;
+  status: AuthStatus;
+  /* auth type */
+  type: string;
+  /* auth result message */
+  message?: string;
   user?: AuthUserInfo;
+  [key: string]: any;
 }
 
 export interface IAuthenticator {
-  authenticate(
-    usersOptions: Array<UserAuthOptions>,
-    context: KoaContext
-  ): Promise<AuthResult>;
+  authenticate(context: KoaContext): Promise<AuthResult>;
 }
 
-@VulcanExtension(TYPES.Extension_Authenticator)
-export abstract class BaseAuthenticator
+@VulcanExtension(TYPES.Extension_Authenticator, { enforcedId: true })
+export abstract class BaseAuthenticator<AuthTypeOption>
   extends ExtensionBase
   implements IAuthenticator
 {
-  public abstract authenticate(
-    usersOptions: Array<UserAuthOptions>,
-    context: KoaContext
-  ): Promise<AuthResult>;
+  public abstract authenticate(context: KoaContext): Promise<AuthResult>;
+
+  protected getOptions(): AuthTypeOption | undefined {
+    if (this.getConfig())
+      return this.getConfig()?.['options'][
+        this.getExtensionId()!
+      ] as AuthTypeOption;
+    return undefined;
+  }
 }
diff --git a/yarn.lock b/yarn.lock
index 23630a00..c975bdd7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1021,6 +1021,11 @@
   dependencies:
     "@babel/types" "^7.3.0"
 
+"@types/bcryptjs@^2.4.2":
+  version "2.4.2"
+  resolved "https://registry.yarnpkg.com/@types/bcryptjs/-/bcryptjs-2.4.2.tgz#e3530eac9dd136bfdfb0e43df2c4c5ce1f77dfae"
+  integrity sha512-LiMQ6EOPob/4yUL66SZzu6Yh77cbzJFYll+ZfaPiPPFswtIlA/Fs1MzdKYA7JApHU49zQTbJGX3PDmCpIdDBRQ==
+
 "@types/bluebird@*":
   version "3.5.36"
   resolved "https://registry.yarnpkg.com/@types/bluebird/-/bluebird-3.5.36.tgz#00d9301d4dc35c2f6465a8aec634bb533674c652"
@@ -1777,6 +1782,11 @@ base@^0.11.1:
     mixin-deep "^1.2.0"
     pascalcase "^0.1.1"
 
+bcryptjs@^2.4.3:
+  version "2.4.3"
+  resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb"
+  integrity sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==
+
 binary-extensions@^2.0.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.2.0.tgz#75f502eeaf9ffde42fc98829645be4ea76bd9e2d"

From 8e9c78005304e8303eaee58d9cdeff0fa298adce Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Wed, 24 Aug 2022 17:40:29 +0800
Subject: [PATCH 5/8] fix(serve): refactor http basic and add simple-token,
 password-file authenticator.

---
 package.json                                  |   2 +
 .../serve/src/lib/auth/basicAuthenticator.ts  |  99 -------------
 .../src/lib/auth/httpBasicAuthenticator.ts    | 137 ++++++++++++++++++
 packages/serve/src/lib/auth/index.ts          |  14 +-
 .../src/lib/auth/passwordFileAuthenticator.ts | 110 ++++++++++++++
 .../src/lib/auth/simpleTokenAuthenticator.ts  |  84 +++++++++++
 .../src/lib/middleware/authMiddleware.ts      |   6 +-
 yarn.lock                                     |  10 ++
 8 files changed, 355 insertions(+), 107 deletions(-)
 delete mode 100644 packages/serve/src/lib/auth/basicAuthenticator.ts
 create mode 100644 packages/serve/src/lib/auth/httpBasicAuthenticator.ts
 create mode 100644 packages/serve/src/lib/auth/passwordFileAuthenticator.ts
 create mode 100644 packages/serve/src/lib/auth/simpleTokenAuthenticator.ts

diff --git a/package.json b/package.json
index e764a2b3..92f47920 100644
--- a/package.json
+++ b/package.json
@@ -42,6 +42,7 @@
     "@types/from2": "^2.3.1",
     "@types/glob": "^7.2.0",
     "@types/inquirer": "^8.0.0",
+    "@types/is-base64": "^1.1.1",
     "@types/jest": "27.4.1",
     "@types/js-yaml": "^4.0.5",
     "@types/koa": "^2.13.4",
@@ -61,6 +62,7 @@
     "eslint": "~8.12.0",
     "eslint-config-prettier": "8.1.0",
     "from2": "^2.3.0",
+    "is-base64": "^1.1.0",
     "jest": "27.5.1",
     "mongoose": "^6.5.2",
     "nx": "14.0.3",
diff --git a/packages/serve/src/lib/auth/basicAuthenticator.ts b/packages/serve/src/lib/auth/basicAuthenticator.ts
deleted file mode 100644
index 1e309e2a..00000000
--- a/packages/serve/src/lib/auth/basicAuthenticator.ts
+++ /dev/null
@@ -1,99 +0,0 @@
-import * as fs from 'fs';
-import * as readline from 'readline';
-import { isEmpty } from 'lodash';
-import {
-  BaseAuthenticator,
-  KoaContext,
-  AuthResult,
-  UserAuthOptions,
-} from '@vulcan-sql/serve/models';
-import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
-
-/** The http basic authenticator  */
-@VulcanInternalExtension()
-@VulcanExtensionId('basic')
-export class BasicAuthenticator extends BaseAuthenticator {
-  public async authenticate(
-    usersOptions: Array<UserAuthOptions>,
-    context: KoaContext
-  ) {
-    // if not exist basic method config, return failed.
-    if (isEmpty(usersOptions)) return { authenticated: false };
-
-    const auth = context.request.headers['authorization'];
-    if (!(auth && auth.toLowerCase().startsWith(this.getExtensionId()!)))
-      return { authenticated: false };
-
-    // validate auth token
-    const token = auth.trim().split(' ')[1];
-
-    for (const userOptions of usersOptions) {
-      if (userOptions.auth['token']) {
-        const result = await this.verifyToken(token, userOptions);
-        if (result.authenticated) return result;
-      }
-      if (userOptions.auth['file']) {
-        const result = await this.verifyTokenInFile(token, userOptions);
-        if (result.authenticated) return result;
-      }
-    }
-    // if not found matched token, return failed
-    return { authenticated: false };
-  }
-
-  private async verifyToken(srcToken: string, userOptions: UserAuthOptions) {
-    let ansToken = '';
-    const pattern = /^{{([\w]+|[ \w ]+)}}$/;
-    const matched = pattern.exec(userOptions.auth['token'] as string);
-    // if find env variable format, read env variable by matched[1], or read value of token directly.
-    ansToken = matched
-      ? (process.env[matched[1]] as string)
-      : (userOptions.auth['token'] as string);
-
-    if (!matched) ansToken = ansToken || (userOptions.auth['token'] as string);
-    // matched[1] is env variable
-    if (matched) ansToken = ansToken || (process.env[matched[1]] as string);
-    if (srcToken !== ansToken) return { authenticated: false };
-
-    return {
-      authenticated: true,
-      user: {
-        name: userOptions.name,
-        method: this.getExtensionId()!, // method name
-        attr: userOptions.attr,
-      },
-    } as AuthResult;
-  }
-
-  private async verifyTokenInFile(
-    srcToken: string,
-    userOptions: UserAuthOptions
-  ) {
-    let ansToken = '';
-    const filePath = userOptions.auth['file'] as string;
-
-    if (!fs.existsSync(filePath)) return { authenticated: false };
-    if (!fs.statSync(filePath).isFile()) return { authenticated: false };
-
-    const reader = readline.createInterface({
-      input: fs.createReadStream(filePath),
-    });
-    for await (const line of reader) {
-      if (line.startsWith(`${userOptions.name}:`)) {
-        ansToken = line.split(':')[1].trim();
-        break;
-      }
-    }
-
-    if (srcToken !== ansToken) return { authenticated: false };
-    // if matched return user data
-    return {
-      authenticated: true,
-      user: {
-        name: userOptions.name,
-        method: this.getExtensionId()!, // method name
-        attr: userOptions.attr,
-      },
-    } as AuthResult;
-  }
-}
diff --git a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
new file mode 100644
index 00000000..cedccf1f
--- /dev/null
+++ b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
@@ -0,0 +1,137 @@
+import * as fs from 'fs';
+import * as readline from 'readline';
+import {
+  BaseAuthenticator,
+  KoaContext,
+  AuthStatus,
+  AuthResult,
+} from '@vulcan-sql/serve/models';
+import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
+
+interface AuthUserOptions {
+  /* user name */
+  name: string;
+  /* the user attribute which could used after auth successful */
+  attr: { [field: string]: string | boolean | number };
+}
+
+interface PasswordFileOptions {
+  /** password file path */
+  ['path']: string;
+  /** each user information */
+  ['users']: Array<AuthUserOptions>;
+}
+
+interface TokenListOptions {
+  /* user name */
+  name: string;
+  /* hashed password by bcrypt */
+  password: string;
+  /* the user attribute which could used after auth successful */
+  attr: { [field: string]: string | boolean | number };
+}
+
+export interface BasicOptions {
+  ['password-file']?: PasswordFileOptions;
+  ['token-users']?: Array<TokenListOptions>;
+}
+
+type UserCredentialsMap = {
+  [name: string]: {
+    /* hashed password by bcrypt */
+    password: string;
+    /* the user attribute which could used after auth successful */
+    attr: { [field: string]: string | boolean | number };
+  };
+};
+
+/** The http basic authenticator  */
+@VulcanInternalExtension()
+@VulcanExtensionId('basic')
+export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
+  private usersCredentials: UserCredentialsMap = {};
+  private options: BasicOptions = {};
+  /** read basic options to initialize and load user credentials */
+  public override async onActivate() {
+    this.options = (this.getOptions() as BasicOptions) || this.options;
+    // load "token-users" in options
+    for (const option of this.options['token-users'] || []) {
+      const { name, password, attr } = option;
+      if (!password.startsWith('$2y$'))
+        throw new Error(`Must hash bcrypt for ${this.getExtensionId()} type.`);
+
+      this.usersCredentials[name] = { password, attr };
+    }
+    // load "password-file" in options
+    if (!this.options['password-file']) return;
+    const { path, users } = this.options['password-file'];
+
+    if (!fs.existsSync(path) || !fs.statSync(path).isFile()) return;
+    const reader = readline.createInterface({
+      input: fs.createReadStream(path),
+    });
+    // username:hashed-password
+    for await (const line of reader) {
+      const name = line.split(':')[0] || '';
+      const password = line.split(':')[1] || '';
+      if (!password.startsWith('$2y$'))
+        throw new Error(`Must hash bcrypt for ${this.getExtensionId()} type.`);
+
+      // if users exist the same name, add attr to here, or as empty
+      this.usersCredentials[name] = {
+        password,
+        attr: users.find((user) => user.name === name)?.attr || {},
+      };
+    }
+  }
+
+  public async authenticate(context: KoaContext) {
+    const authRequest = context.request.headers['authorization'];
+    if (
+      !authRequest ||
+      !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
+    )
+      return {
+        status: AuthStatus.INCORRECT,
+        type: this.getExtensionId()!,
+      };
+
+    // validate request auth token
+    const token = authRequest.trim().split(' ')[1];
+    const bareToken = Buffer.from(token, 'base64').toString();
+
+    try {
+      return await this.verify(bareToken);
+    } catch (err) {
+      context.set('WWW-Authenticate', this.getExtensionId()!);
+      // if not found matched user credential, return failed
+      return {
+        status: AuthStatus.FAIL,
+        type: this.getExtensionId()!,
+        message: (err as Error).message,
+      };
+    }
+  }
+
+  private async verify(baredToken: string) {
+    const username = baredToken.split(':')[0] || '';
+    const password = baredToken.split(':')[1] || '';
+    // if authenticated, return user data
+    if (
+      !(username in this.usersCredentials) ||
+      !(this.usersCredentials[username].password === password)
+    )
+      throw new Error(
+        `authenticate user by ${this.getExtensionId()} type failed.`
+      );
+
+    return {
+      status: AuthStatus.SUCCESS,
+      type: this.getExtensionId()!, // method name
+      user: {
+        name: username,
+        attr: this.usersCredentials[username].attr,
+      },
+    } as AuthResult;
+  }
+}
diff --git a/packages/serve/src/lib/auth/index.ts b/packages/serve/src/lib/auth/index.ts
index daf837e6..988de126 100644
--- a/packages/serve/src/lib/auth/index.ts
+++ b/packages/serve/src/lib/auth/index.ts
@@ -1,5 +1,13 @@
-export * from './basicAuthenticator';
+export * from './simpleTokenAuthenticator';
+export * from './passwordFileAuthenticator';
+export * from './httpBasicAuthenticator';
 
-import { BasicAuthenticator } from './basicAuthenticator';
+import { SimpleTokenAuthenticator } from './simpleTokenAuthenticator';
+import { PasswordFileAuthenticator } from './passwordFileAuthenticator';
+import { BasicAuthenticator } from './httpBasicAuthenticator';
 
-export const BuiltInAuthenticators = [BasicAuthenticator];
+export const BuiltInAuthenticators = [
+  BasicAuthenticator,
+  SimpleTokenAuthenticator,
+  PasswordFileAuthenticator,
+];
diff --git a/packages/serve/src/lib/auth/passwordFileAuthenticator.ts b/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
new file mode 100644
index 00000000..cfb794cb
--- /dev/null
+++ b/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
@@ -0,0 +1,110 @@
+import * as fs from 'fs';
+import * as readline from 'readline';
+import {
+  BaseAuthenticator,
+  KoaContext,
+  AuthStatus,
+  AuthResult,
+} from '@vulcan-sql/serve/models';
+import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
+
+interface AuthUserOptions {
+  /* user name */
+  name: string;
+  /* the user attribute which could used after auth successful */
+  attr: { [field: string]: string | boolean | number };
+}
+export interface PasswordFileOptions {
+  /** password file path */
+  ['path']: string;
+  /** each user information */
+  ['users']: Array<AuthUserOptions>;
+}
+
+type UserCredentialsMap = {
+  [name: string]: {
+    /* hashed password by bcrypt */
+    hashPassword: string;
+    /* the user attribute which could used after auth successful */
+    attr: { [field: string]: string | boolean | number };
+  };
+};
+
+/** The password-file authenticator  */
+@VulcanInternalExtension()
+@VulcanExtensionId('password-file')
+export class PasswordFileAuthenticator extends BaseAuthenticator<PasswordFileOptions> {
+  private usersCredentials: UserCredentialsMap = {};
+  private options: PasswordFileOptions = { path: '', users: [] };
+
+  /** read password file and users info to initialize user credentials */
+  public override async onActivate() {
+    this.options = (this.getOptions() as PasswordFileOptions) || this.options;
+    const { path, users } = this.options;
+    if (!fs.existsSync(path) || !fs.statSync(path).isFile()) return;
+    const reader = readline.createInterface({
+      input: fs.createReadStream(path),
+    });
+    // <username>:<hashed-password>
+    for await (const line of reader) {
+      const name = line.split(':')[0] || '';
+      const hashPassword = line.split(':')[1] || '';
+      if (!hashPassword.startsWith('$2y$'))
+        throw new Error(`"${this.getExtensionId()}" type must hash bcrypt.`);
+
+      // if users exist the same name, add attr to here, or as empty
+      this.usersCredentials[name] = {
+        hashPassword,
+        attr: users.find((user) => user.name === name)?.attr || {},
+      };
+    }
+  }
+
+  public async authenticate(context: KoaContext) {
+    const authRequest = context.request.headers['authorization'];
+    if (
+      !authRequest ||
+      !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
+    )
+      return {
+        status: AuthStatus.INCORRECT,
+        type: this.getExtensionId()!,
+      };
+    // validate request auth token
+    const token = authRequest.trim().split(' ')[1];
+    const bareToken = Buffer.from(token, 'base64').toString();
+    try {
+      return await this.verify(bareToken);
+    } catch (err) {
+      // if not found matched user credential, return failed
+      return {
+        status: AuthStatus.FAIL,
+        type: this.getExtensionId()!,
+        message: (err as Error).message,
+      };
+    }
+  }
+
+  private async verify(baredToken: string) {
+    const username = baredToken.split(':')[0] || '';
+    // hashed password in token
+    const hashPassword = baredToken.split(':')[1] || '';
+    // if authenticated, return user data
+    if (
+      !(username in this.usersCredentials) ||
+      !(this.usersCredentials[username].hashPassword === hashPassword)
+    )
+      throw new Error(
+        `authenticate user by ${this.getExtensionId()} type authentication failed.`
+      );
+
+    return {
+      status: AuthStatus.SUCCESS,
+      type: this.getExtensionId()!, // method name
+      user: {
+        name: username,
+        attr: this.usersCredentials[username].attr,
+      },
+    } as AuthResult;
+  }
+}
diff --git a/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts b/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
new file mode 100644
index 00000000..5ff6f429
--- /dev/null
+++ b/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
@@ -0,0 +1,84 @@
+import {
+  BaseAuthenticator,
+  KoaContext,
+  AuthResult,
+  AuthStatus,
+} from '@vulcan-sql/serve/models';
+import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
+import isBase64 = require('is-base64');
+
+export type SimpleTokenOptions = Array<{
+  /* user name */
+  name: string;
+  /* token value */
+  token: string;
+  /* the user attribute which could used after auth successful */
+  attr: { [field: string]: string | boolean | number };
+}>;
+
+type UserCredentialsMap = {
+  /* token value */
+  [token: string]: {
+    name: string;
+    /* the user attribute which could used after auth successful */
+    attr: { [field: string]: string | boolean | number };
+  };
+};
+
+/** The simple-token authenticator  */
+@VulcanInternalExtension()
+@VulcanExtensionId('simple-token')
+export class SimpleTokenAuthenticator extends BaseAuthenticator<SimpleTokenOptions> {
+  private options: SimpleTokenOptions = [];
+  private usersCredentials: UserCredentialsMap = {};
+  /** read simple-token and users info to initialize user credentials */
+  public override async onActivate() {
+    this.options = (this.getOptions() as SimpleTokenOptions) || this.options;
+    for (const option of this.options) {
+      const { name, token, attr } = option;
+      if (!isBase64(token))
+        throw new Error(`"${this.getExtensionId()!}" type must encode base64.`);
+      this.usersCredentials[token] = { name, attr };
+    }
+  }
+
+  public async authenticate(context: KoaContext) {
+    const authRequest = context.request.headers['authorization'];
+    if (
+      !authRequest ||
+      !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
+    )
+      return {
+        status: AuthStatus.INCORRECT,
+        type: this.getExtensionId()!,
+      };
+    // validate request auth token
+    const token = authRequest.trim().split(' ')[1];
+    try {
+      return await this.verify(token);
+    } catch (err) {
+      // if not found matched user credential, return failed
+      return {
+        status: AuthStatus.FAIL,
+        type: this.getExtensionId()!,
+        message: (err as Error).message,
+      };
+    }
+  }
+  private async verify(base64Token: string) {
+    // if authenticated
+    if (!(base64Token in this.usersCredentials))
+      throw new Error(
+        `authenticate user by ${this.getExtensionId()} type authentication failed.`
+      );
+
+    return {
+      status: AuthStatus.SUCCESS,
+      type: this.getExtensionId()!, // method name
+      user: {
+        name: this.usersCredentials[base64Token].name,
+        attr: this.usersCredentials[base64Token].attr,
+      },
+    } as AuthResult;
+  }
+}
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
index 594a98ec..5371cbdf 100644
--- a/packages/serve/src/lib/middleware/authMiddleware.ts
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -54,11 +54,8 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
     for (const name of Object.keys(this.authenticators)) {
       // skip the disappeared auth type name in options
       if (!options[name]) continue;
-
       // authenticate
-      const authenticator = this.authenticators[name];
-      if (authenticator.activate) await authenticator.activate();
-      const result = await authenticator.authenticate(context);
+      const result = await this.authenticators[name].authenticate(context);
       // if state is incorrect, change to next authentication
       if (result.status === AuthStatus.INCORRECT) continue;
       // if state is failed, return directly
@@ -70,7 +67,6 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
         };
         return;
       }
-
       // set auth user information to context
       context.state.user = result.user!;
       await next();
diff --git a/yarn.lock b/yarn.lock
index c975bdd7..35e8a46d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1136,6 +1136,11 @@
   dependencies:
     "@types/through" "*"
 
+"@types/is-base64@^1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@types/is-base64/-/is-base64-1.1.1.tgz#a17d2b0075f637f80f9ab5f76f0071a65f6965d4"
+  integrity sha512-JgnGhP+MeSHEQmvxcobcwPEP4Ew56voiq9/0hmP/41lyQ/3gBw/ZCIRy2v+QkEOdeCl58lRcrf6+Y6WMlJGETA==
+
 "@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0", "@types/istanbul-lib-coverage@^2.0.1":
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz#8467d4b3c087805d63580480890791277ce35c44"
@@ -3532,6 +3537,11 @@ is-arrayish@^0.2.1:
   resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
   integrity sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=
 
+is-base64@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/is-base64/-/is-base64-1.1.0.tgz#8ce1d719895030a457c59a7dcaf39b66d99d56b4"
+  integrity sha512-Nlhg7Z2dVC4/PTvIFkgVVNvPHSO2eR/Yd0XzhGiXCXEvWnptXlXa/clQ8aePPiMuxEGcWfzWbGw2Fe3d+Y3v1g==
+
 is-binary-path@~2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-2.1.0.tgz#ea1f7f3b80f064236e83470f86c09c254fb45b09"

From a1c857223199f25c09a3c4310bc2ee8e1007005d Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Thu, 25 Aug 2022 10:50:14 +0800
Subject: [PATCH 6/8] refactor(serve): add http basic authenticator

---
 package.json                                  |  1 +
 .../src/lib/auth/httpBasicAuthenticator.ts    | 37 ++++++++++---------
 types/apache-md5.d.ts                         |  5 +++
 yarn.lock                                     |  5 +++
 4 files changed, 31 insertions(+), 17 deletions(-)
 create mode 100644 types/apache-md5.d.ts

diff --git a/package.json b/package.json
index 92f47920..0cb9b7b0 100644
--- a/package.json
+++ b/package.json
@@ -8,6 +8,7 @@
   "private": true,
   "dependencies": {
     "@koa/cors": "^3.3.0",
+    "apache-md5": "^1.1.7",
     "class-validator": "^0.13.2",
     "commander": "^9.4.0",
     "dayjs": "^1.11.2",
diff --git a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
index cedccf1f..70fa3ccb 100644
--- a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
+++ b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
@@ -1,5 +1,6 @@
 import * as fs from 'fs';
 import * as readline from 'readline';
+import md5 from 'apache-md5';
 import {
   BaseAuthenticator,
   KoaContext,
@@ -25,8 +26,8 @@ interface PasswordFileOptions {
 interface TokenListOptions {
   /* user name */
   name: string;
-  /* hashed password by bcrypt */
-  password: string;
+  /* hashed password by apache md5 */
+  hashPassword: string;
   /* the user attribute which could used after auth successful */
   attr: { [field: string]: string | boolean | number };
 }
@@ -38,8 +39,8 @@ export interface BasicOptions {
 
 type UserCredentialsMap = {
   [name: string]: {
-    /* hashed password by bcrypt */
-    password: string;
+    /* hashed password by apache md5 */
+    hashPassword: string;
     /* the user attribute which could used after auth successful */
     attr: { [field: string]: string | boolean | number };
   };
@@ -56,11 +57,9 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
     this.options = (this.getOptions() as BasicOptions) || this.options;
     // load "token-users" in options
     for (const option of this.options['token-users'] || []) {
-      const { name, password, attr } = option;
-      if (!password.startsWith('$2y$'))
-        throw new Error(`Must hash bcrypt for ${this.getExtensionId()} type.`);
-
-      this.usersCredentials[name] = { password, attr };
+      const { name, hashPassword, attr } = option;
+      this.isMD5Hashed(hashPassword);
+      this.usersCredentials[name] = { hashPassword, attr };
     }
     // load "password-file" in options
     if (!this.options['password-file']) return;
@@ -70,16 +69,14 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
     const reader = readline.createInterface({
       input: fs.createReadStream(path),
     });
-    // username:hashed-password
+    // username:hashPassword
     for await (const line of reader) {
       const name = line.split(':')[0] || '';
-      const password = line.split(':')[1] || '';
-      if (!password.startsWith('$2y$'))
-        throw new Error(`Must hash bcrypt for ${this.getExtensionId()} type.`);
-
+      const hashPassword = line.split(':')[1] || '';
+      this.isMD5Hashed(hashPassword);
       // if users exist the same name, add attr to here, or as empty
       this.usersCredentials[name] = {
-        password,
+        hashPassword,
         attr: users.find((user) => user.name === name)?.attr || {},
       };
     }
@@ -103,8 +100,8 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
     try {
       return await this.verify(bareToken);
     } catch (err) {
+      // if not found matched user credential, add WWW-Authenticate and return failed
       context.set('WWW-Authenticate', this.getExtensionId()!);
-      // if not found matched user credential, return failed
       return {
         status: AuthStatus.FAIL,
         type: this.getExtensionId()!,
@@ -115,11 +112,12 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
 
   private async verify(baredToken: string) {
     const username = baredToken.split(':')[0] || '';
+    // bare password from Basic specification
     const password = baredToken.split(':')[1] || '';
     // if authenticated, return user data
     if (
       !(username in this.usersCredentials) ||
-      !(this.usersCredentials[username].password === password)
+      !(md5(password) === this.usersCredentials[username].hashPassword)
     )
       throw new Error(
         `authenticate user by ${this.getExtensionId()} type failed.`
@@ -134,4 +132,9 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
       },
     } as AuthResult;
   }
+
+  private isMD5Hashed(value: string) {
+    if (!value.startsWith('$apr1$'))
+      throw new Error(`"${this.getExtensionId()}" type must hash apache md5.`);
+  }
 }
diff --git a/types/apache-md5.d.ts b/types/apache-md5.d.ts
new file mode 100644
index 00000000..f74fb521
--- /dev/null
+++ b/types/apache-md5.d.ts
@@ -0,0 +1,5 @@
+declare module 'apache-md5' {
+  declare function apacheMd5(password: string, salt?: string): string;
+
+  export default apacheMd5;
+}
diff --git a/yarn.lock b/yarn.lock
index 35e8a46d..8268c5b3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1621,6 +1621,11 @@ anymatch@^3.0.3, anymatch@~3.1.2:
     normalize-path "^3.0.0"
     picomatch "^2.0.4"
 
+apache-md5@^1.1.7:
+  version "1.1.7"
+  resolved "https://registry.yarnpkg.com/apache-md5/-/apache-md5-1.1.7.tgz#dcef1802700cc231d60c5e08fd088f2f9b36375a"
+  integrity sha512-JtHjzZmJxtzfTSjsCyHgPR155HBe5WGyUyHTaEkfy46qhwCFKx1Epm6nAxgUG3WfUZP1dWhGqj9Z2NOBeZ+uBw==
+
 arg@^4.1.0:
   version "4.1.3"
   resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"

From c95709b3d4a5b9b4edb8a976c0a02ea7a27acead Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Thu, 25 Aug 2022 16:47:34 +0800
Subject: [PATCH 7/8] fix(serve): update authenticator and auth middleware test
 cases

- update "httpBasicAuthenticator" to change apache-md5 to general md5 for hashing.
- refactor to update "httpBasicAuthenticator" test cases.
- add "simpleTokenAuthenticator" test cases.
- add "passwordFileAuthenticator" test cases.
- update "authMiddleware" to activate authenticator and update test cases.
---
 package.json                                  |   4 +-
 packages/serve/src/containers/types.ts        |   3 +-
 .../src/lib/auth/httpBasicAuthenticator.ts    |  73 ++--
 .../src/lib/auth/passwordFileAuthenticator.ts |  58 +--
 .../src/lib/auth/simpleTokenAuthenticator.ts  |  36 +-
 .../src/lib/middleware/authMiddleware.ts      |   1 +
 .../src/models/extensions/authenticator.ts    |  12 +-
 packages/serve/src/models/index.ts            |   1 -
 packages/serve/src/models/userAuthOptions.ts  |  15 -
 .../test/auth/basicAuthenticator.spec.ts      | 340 +++++++-----------
 .../auth/passwordFileAuthenticator.spec.ts    | 216 +++++++++++
 .../auth/simpleTokenAuthenticator.spec.ts     | 163 +++++++++
 .../serve/test/auth/test-files/basic.htpasswd |   4 +-
 .../serve/test/auth/test-files/password-file  |   2 +
 .../authMiddleware.spec.ts                    | 238 ++++++------
 types/apache-md5.d.ts                         |   5 -
 yarn.lock                                     |  42 ++-
 17 files changed, 762 insertions(+), 451 deletions(-)
 delete mode 100644 packages/serve/src/models/userAuthOptions.ts
 create mode 100644 packages/serve/test/auth/passwordFileAuthenticator.spec.ts
 create mode 100644 packages/serve/test/auth/simpleTokenAuthenticator.spec.ts
 create mode 100644 packages/serve/test/auth/test-files/password-file
 delete mode 100644 types/apache-md5.d.ts

diff --git a/package.json b/package.json
index 0cb9b7b0..5aaace4a 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,6 @@
   "private": true,
   "dependencies": {
     "@koa/cors": "^3.3.0",
-    "apache-md5": "^1.1.7",
     "class-validator": "^0.13.2",
     "commander": "^9.4.0",
     "dayjs": "^1.11.2",
@@ -23,6 +22,7 @@
     "koa-router": "^10.1.1",
     "koa2-ratelimit": "^1.1.1",
     "lodash": "^4.17.21",
+    "md5": "^2.3.0",
     "nunjucks": "^3.2.3",
     "openapi3-ts": "^2.0.2",
     "ora": "^5.4.1",
@@ -52,6 +52,7 @@
     "@types/koa2-ratelimit": "^0.9.3",
     "@types/koa__cors": "^3.3.0",
     "@types/lodash": "^4.14.182",
+    "@types/md5": "^2.3.2",
     "@types/node": "16.11.7",
     "@types/supertest": "^2.0.12",
     "@types/uuid": "^8.3.4",
@@ -63,7 +64,6 @@
     "eslint": "~8.12.0",
     "eslint-config-prettier": "8.1.0",
     "from2": "^2.3.0",
-    "is-base64": "^1.1.0",
     "jest": "27.5.1",
     "mongoose": "^6.5.2",
     "nx": "14.0.3",
diff --git a/packages/serve/src/containers/types.ts b/packages/serve/src/containers/types.ts
index cb9a6916..69e8aebc 100644
--- a/packages/serve/src/containers/types.ts
+++ b/packages/serve/src/containers/types.ts
@@ -5,8 +5,7 @@ export const TYPES = {
   PaginationTransformer: Symbol.for('PaginationTransformer'),
   Route: Symbol.for('Route'),
   RouteGenerator: Symbol.for('RouteGenerator'),
-  // Authenticator
-  UserAuthOptions: Symbol.for('UserAuthOptions'),
+
   // Application
   AppConfig: Symbol.for('AppConfig'),
   VulcanApplication: Symbol.for('VulcanApplication'),
diff --git a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
index 70fa3ccb..170eaee2 100644
--- a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
+++ b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
@@ -1,6 +1,6 @@
 import * as fs from 'fs';
 import * as readline from 'readline';
-import md5 from 'apache-md5';
+import * as md5 from 'md5';
 import {
   BaseAuthenticator,
   KoaContext,
@@ -8,6 +8,7 @@ import {
   AuthResult,
 } from '@vulcan-sql/serve/models';
 import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
+import { isEmpty } from 'lodash';
 
 interface AuthUserOptions {
   /* user name */
@@ -16,38 +17,44 @@ interface AuthUserOptions {
   attr: { [field: string]: string | boolean | number };
 }
 
-interface PasswordFileOptions {
+interface HTPasswdFileOptions {
   /** password file path */
   ['path']: string;
   /** each user information */
   ['users']: Array<AuthUserOptions>;
 }
 
-interface TokenListOptions {
+export interface AuthUserListOptions {
   /* user name */
   name: string;
-  /* hashed password by apache md5 */
-  hashPassword: string;
+  /* hashed password by md5 */
+  md5Password: string;
   /* the user attribute which could used after auth successful */
   attr: { [field: string]: string | boolean | number };
 }
 
 export interface BasicOptions {
-  ['password-file']?: PasswordFileOptions;
-  ['token-users']?: Array<TokenListOptions>;
+  ['htpasswd-file']?: HTPasswdFileOptions;
+  ['users-list']?: Array<AuthUserListOptions>;
 }
 
 type UserCredentialsMap = {
   [name: string]: {
-    /* hashed password by apache md5 */
-    hashPassword: string;
+    /* hashed password by md5 */
+    md5Password: string;
     /* the user attribute which could used after auth successful */
     attr: { [field: string]: string | boolean | number };
   };
 };
 
-/** The http basic authenticator  */
-@VulcanInternalExtension()
+/** The http basic authenticator.
+ *
+ *  Able to set user credentials by file path through "htpasswd-file" or list directly in config by "users-list".
+ *  The password must hash by md5 when setting into "htpasswd-file" or "users-list".
+ *
+ *  It authenticate by passing encode base64 {username}:{password} to authorization
+ */
+@VulcanInternalExtension('auth')
 @VulcanExtensionId('basic')
 export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
   private usersCredentials: UserCredentialsMap = {};
@@ -55,43 +62,44 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
   /** read basic options to initialize and load user credentials */
   public override async onActivate() {
     this.options = (this.getOptions() as BasicOptions) || this.options;
-    // load "token-users" in options
-    for (const option of this.options['token-users'] || []) {
-      const { name, hashPassword, attr } = option;
-      this.isMD5Hashed(hashPassword);
-      this.usersCredentials[name] = { hashPassword, attr };
+    // load "users-list" in options
+    for (const option of this.options['users-list'] || []) {
+      const { name, md5Password, attr } = option;
+      this.usersCredentials[name] = { md5Password, attr };
     }
-    // load "password-file" in options
-    if (!this.options['password-file']) return;
-    const { path, users } = this.options['password-file'];
+    // load "htpasswd-file" in options
+    if (!this.options['htpasswd-file']) return;
+    const { path, users } = this.options['htpasswd-file'];
 
     if (!fs.existsSync(path) || !fs.statSync(path).isFile()) return;
     const reader = readline.createInterface({
       input: fs.createReadStream(path),
     });
-    // username:hashPassword
+    // username:md5Password
     for await (const line of reader) {
       const name = line.split(':')[0] || '';
-      const hashPassword = line.split(':')[1] || '';
-      this.isMD5Hashed(hashPassword);
+      const md5Password = line.split(':')[1] || '';
       // if users exist the same name, add attr to here, or as empty
       this.usersCredentials[name] = {
-        hashPassword,
-        attr: users.find((user) => user.name === name)?.attr || {},
+        md5Password,
+        attr: users?.find((user) => user.name === name)?.attr || {},
       };
     }
   }
 
   public async authenticate(context: KoaContext) {
+    const incorrect = {
+      status: AuthStatus.INCORRECT,
+      type: this.getExtensionId()!,
+    };
+    if (isEmpty(this.options)) return incorrect;
+
     const authRequest = context.request.headers['authorization'];
     if (
       !authRequest ||
       !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
     )
-      return {
-        status: AuthStatus.INCORRECT,
-        type: this.getExtensionId()!,
-      };
+      return incorrect;
 
     // validate request auth token
     const token = authRequest.trim().split(' ')[1];
@@ -117,10 +125,10 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
     // if authenticated, return user data
     if (
       !(username in this.usersCredentials) ||
-      !(md5(password) === this.usersCredentials[username].hashPassword)
+      !(md5(password) === this.usersCredentials[username].md5Password)
     )
       throw new Error(
-        `authenticate user by ${this.getExtensionId()} type failed.`
+        `authenticate user by "${this.getExtensionId()}" type failed.`
       );
 
     return {
@@ -132,9 +140,4 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
       },
     } as AuthResult;
   }
-
-  private isMD5Hashed(value: string) {
-    if (!value.startsWith('$apr1$'))
-      throw new Error(`"${this.getExtensionId()}" type must hash apache md5.`);
-  }
 }
diff --git a/packages/serve/src/lib/auth/passwordFileAuthenticator.ts b/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
index cfb794cb..48678895 100644
--- a/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
+++ b/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
@@ -1,5 +1,6 @@
 import * as fs from 'fs';
 import * as readline from 'readline';
+import * as bcrypt from 'bcryptjs';
 import {
   BaseAuthenticator,
   KoaContext,
@@ -7,69 +8,77 @@ import {
   AuthResult,
 } from '@vulcan-sql/serve/models';
 import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
+import { isEmpty } from 'lodash';
 
-interface AuthUserOptions {
+export interface PasswordFileUserOptions {
   /* user name */
   name: string;
   /* the user attribute which could used after auth successful */
   attr: { [field: string]: string | boolean | number };
 }
-export interface PasswordFileOptions {
+interface PasswordFileOptions {
   /** password file path */
-  ['path']: string;
+  ['path']?: string;
   /** each user information */
-  ['users']: Array<AuthUserOptions>;
+  ['users']?: Array<PasswordFileUserOptions>;
 }
 
 type UserCredentialsMap = {
   [name: string]: {
     /* hashed password by bcrypt */
-    hashPassword: string;
+    bcryptPassword: string;
     /* the user attribute which could used after auth successful */
     attr: { [field: string]: string | boolean | number };
   };
 };
 
-/** The password-file authenticator  */
-@VulcanInternalExtension()
+/** The password-file authenticator.
+ *
+ * Setting the password file with {username}:{bcrypt-password} format, we use the bcrypt round 10.
+ * Then authenticate by passing encode base64 {username}:{password} to authorization.
+ */
+@VulcanInternalExtension('auth')
 @VulcanExtensionId('password-file')
 export class PasswordFileAuthenticator extends BaseAuthenticator<PasswordFileOptions> {
   private usersCredentials: UserCredentialsMap = {};
-  private options: PasswordFileOptions = { path: '', users: [] };
+  private options: PasswordFileOptions = {};
 
   /** read password file and users info to initialize user credentials */
   public override async onActivate() {
     this.options = (this.getOptions() as PasswordFileOptions) || this.options;
     const { path, users } = this.options;
-    if (!fs.existsSync(path) || !fs.statSync(path).isFile()) return;
+    if (!path || !fs.existsSync(path) || !fs.statSync(path).isFile()) return;
     const reader = readline.createInterface({
       input: fs.createReadStream(path),
     });
-    // <username>:<hashed-password>
+    // <username>:<bcrypt-password>
     for await (const line of reader) {
       const name = line.split(':')[0] || '';
-      const hashPassword = line.split(':')[1] || '';
-      if (!hashPassword.startsWith('$2y$'))
-        throw new Error(`"${this.getExtensionId()}" type must hash bcrypt.`);
+      const bcryptPassword = line.split(':')[1] || '';
+      if (!isEmpty(bcryptPassword) && !bcryptPassword.startsWith('$2y$'))
+        throw new Error(`"${this.getExtensionId()}" type must bcrypt in file.`);
 
       // if users exist the same name, add attr to here, or as empty
       this.usersCredentials[name] = {
-        hashPassword,
-        attr: users.find((user) => user.name === name)?.attr || {},
+        bcryptPassword,
+        attr: users?.find((user) => user.name === name)?.attr || {},
       };
     }
   }
 
   public async authenticate(context: KoaContext) {
+    const incorrect = {
+      status: AuthStatus.INCORRECT,
+      type: this.getExtensionId()!,
+    };
+    if (isEmpty(this.options)) return incorrect;
+
     const authRequest = context.request.headers['authorization'];
     if (
       !authRequest ||
       !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
     )
-      return {
-        status: AuthStatus.INCORRECT,
-        type: this.getExtensionId()!,
-      };
+      return incorrect;
     // validate request auth token
     const token = authRequest.trim().split(' ')[1];
     const bareToken = Buffer.from(token, 'base64').toString();
@@ -87,15 +96,18 @@ export class PasswordFileAuthenticator extends BaseAuthenticator<PasswordFileOpt
 
   private async verify(baredToken: string) {
     const username = baredToken.split(':')[0] || '';
-    // hashed password in token
-    const hashPassword = baredToken.split(':')[1] || '';
+    // bare password in token
+    const password = baredToken.split(':')[1] || '';
     // if authenticated, return user data
     if (
       !(username in this.usersCredentials) ||
-      !(this.usersCredentials[username].hashPassword === hashPassword)
+      !bcrypt.compareSync(
+        password,
+        this.usersCredentials[username].bcryptPassword
+      )
     )
       throw new Error(
-        `authenticate user by ${this.getExtensionId()} type authentication failed.`
+        `authenticate user by "${this.getExtensionId()}" type failed.`
       );
 
     return {
diff --git a/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts b/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
index 5ff6f429..c574a4e5 100644
--- a/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
+++ b/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
@@ -5,19 +5,19 @@ import {
   AuthStatus,
 } from '@vulcan-sql/serve/models';
 import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
-import isBase64 = require('is-base64');
+import { isEmpty } from 'lodash';
 
 export type SimpleTokenOptions = Array<{
   /* user name */
   name: string;
-  /* token value */
+  /* token value, could be any format */
   token: string;
   /* the user attribute which could used after auth successful */
   attr: { [field: string]: string | boolean | number };
 }>;
 
 type UserCredentialsMap = {
-  /* token value */
+  /* token value, could be any format */
   [token: string]: {
     name: string;
     /* the user attribute which could used after auth successful */
@@ -25,8 +25,11 @@ type UserCredentialsMap = {
   };
 };
 
-/** The simple-token authenticator  */
-@VulcanInternalExtension()
+/** The simple-token authenticator. setting the token and authenticate by token directly.
+ *
+ * Token could be any format e.g: md5, base64 encode, sha..., but must set it in the token field of "simple-token" list too.
+ *  */
+@VulcanInternalExtension('auth')
 @VulcanExtensionId('simple-token')
 export class SimpleTokenAuthenticator extends BaseAuthenticator<SimpleTokenOptions> {
   private options: SimpleTokenOptions = [];
@@ -36,22 +39,23 @@ export class SimpleTokenAuthenticator extends BaseAuthenticator<SimpleTokenOptio
     this.options = (this.getOptions() as SimpleTokenOptions) || this.options;
     for (const option of this.options) {
       const { name, token, attr } = option;
-      if (!isBase64(token))
-        throw new Error(`"${this.getExtensionId()!}" type must encode base64.`);
       this.usersCredentials[token] = { name, attr };
     }
   }
 
   public async authenticate(context: KoaContext) {
+    const incorrect = {
+      status: AuthStatus.INCORRECT,
+      type: this.getExtensionId()!,
+    };
+    if (isEmpty(this.options)) return incorrect;
+
     const authRequest = context.request.headers['authorization'];
     if (
       !authRequest ||
       !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
     )
-      return {
-        status: AuthStatus.INCORRECT,
-        type: this.getExtensionId()!,
-      };
+      return incorrect;
     // validate request auth token
     const token = authRequest.trim().split(' ')[1];
     try {
@@ -65,19 +69,19 @@ export class SimpleTokenAuthenticator extends BaseAuthenticator<SimpleTokenOptio
       };
     }
   }
-  private async verify(base64Token: string) {
+  private async verify(token: string) {
     // if authenticated
-    if (!(base64Token in this.usersCredentials))
+    if (!(token in this.usersCredentials))
       throw new Error(
-        `authenticate user by ${this.getExtensionId()} type authentication failed.`
+        `authenticate user by "${this.getExtensionId()}" type failed.`
       );
 
     return {
       status: AuthStatus.SUCCESS,
       type: this.getExtensionId()!, // method name
       user: {
-        name: this.usersCredentials[base64Token].name,
-        attr: this.usersCredentials[base64Token].attr,
+        name: this.usersCredentials[token].name,
+        attr: this.usersCredentials[token].attr,
       },
     } as AuthResult;
   }
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
index 5371cbdf..cac68594 100644
--- a/packages/serve/src/lib/middleware/authMiddleware.ts
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -36,6 +36,7 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
 
     this.authenticators = authenticators.reduce<AuthenticatorMap>(
       (prev, authenticator) => {
+        if (authenticator.activate) authenticator.activate();
         prev[authenticator.getExtensionId()!] = authenticator;
         return prev;
       },
diff --git a/packages/serve/src/models/extensions/authenticator.ts b/packages/serve/src/models/extensions/authenticator.ts
index f9b9ee16..c97818ee 100644
--- a/packages/serve/src/models/extensions/authenticator.ts
+++ b/packages/serve/src/models/extensions/authenticator.ts
@@ -41,10 +41,12 @@ export abstract class BaseAuthenticator<AuthTypeOption>
   public abstract authenticate(context: KoaContext): Promise<AuthResult>;
 
   protected getOptions(): AuthTypeOption | undefined {
-    if (this.getConfig())
-      return this.getConfig()?.['options'][
-        this.getExtensionId()!
-      ] as AuthTypeOption;
-    return undefined;
+    if (!this.getConfig()) return undefined;
+    if (!this.getConfig()['options']) return undefined;
+    const options = this.getConfig()['options'][
+      this.getExtensionId()!
+    ] as AuthTypeOption;
+
+    return options;
   }
 }
diff --git a/packages/serve/src/models/index.ts b/packages/serve/src/models/index.ts
index b8035240..be1e9767 100644
--- a/packages/serve/src/models/index.ts
+++ b/packages/serve/src/models/index.ts
@@ -1,4 +1,3 @@
 export * from './serveOptions';
-export * from './userAuthOptions';
 export * from './context';
 export * from './extensions';
diff --git a/packages/serve/src/models/userAuthOptions.ts b/packages/serve/src/models/userAuthOptions.ts
deleted file mode 100644
index 6f92c58c..00000000
--- a/packages/serve/src/models/userAuthOptions.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-export interface AuthInfoOptions {
-  /** auth method */
-  method: string;
-  /** other fields, e.g: access key, credential ... */
-  [field: string]: string | boolean | number;
-}
-
-export interface UserAuthOptions {
-  /* user name */
-  name: string;
-  /* auth method and credential */
-  auth: AuthInfoOptions;
-  /* the user attribute which could used after auth successful */
-  attr: { [field: string]: string | boolean | number };
-}
diff --git a/packages/serve/test/auth/basicAuthenticator.spec.ts b/packages/serve/test/auth/basicAuthenticator.spec.ts
index 9201bad8..a719f69b 100644
--- a/packages/serve/test/auth/basicAuthenticator.spec.ts
+++ b/packages/serve/test/auth/basicAuthenticator.spec.ts
@@ -1,86 +1,70 @@
 import * as path from 'path';
+import * as md5 from 'md5';
 import * as sinon from 'ts-sinon';
 import { IncomingHttpHeaders } from 'http';
-import { Request } from 'koa';
-import { BasicAuthenticator } from '@vulcan-sql/serve/auth';
+import { Request, BaseResponse } from 'koa';
 import {
-  AuthResult,
-  KoaContext,
-  UserAuthOptions,
-} from '@vulcan-sql/serve/models';
+  BasicAuthenticator,
+  AuthUserListOptions,
+} from '@vulcan-sql/serve/auth';
+import { AuthResult, AuthStatus, KoaContext } from '@vulcan-sql/serve/models';
+
+const authenticate = async (
+  ctx: KoaContext,
+  options: any
+): Promise<AuthResult> => {
+  const authenticator = new BasicAuthenticator({ options }, '');
+  await authenticator.activate();
+  return await authenticator.authenticate(ctx);
+};
 
 describe('Test http basic authenticator', () => {
-  const expectFailed = { authenticated: false };
-  const oriEnv = process.env;
-  const envVariable = 'TOKEN_VALUE';
-
-  const invalidToken = Buffer.from('invalid-user').toString('base64');
-  const user3Token = Buffer.from('user3').toString('base64');
-
-  const usersOptions = [
+  const expectIncorrect = {
+    status: AuthStatus.INCORRECT,
+    type: 'basic',
+  };
+  const expectFailed = {
+    status: AuthStatus.FAIL,
+    type: 'basic',
+    message: 'authenticate user by "basic" type failed.',
+  };
+  const invalidToken = Buffer.from('invalidUser:test').toString('base64');
+  const userTokenInList = Buffer.from('user1:test1').toString('base64');
+
+  const userLists = [
     {
       name: 'user1',
-      auth: {
-        method: 'basic',
-        token: Buffer.from('user1').toString('base64'),
-      },
+      md5Password: md5('test1'),
       attr: {
         role: 'data engineer',
       },
     },
     {
       name: 'user2',
-      auth: {
-        method: 'basic',
-        token: Buffer.from('user2').toString('base64'),
-      },
+      md5Password: md5('test2'),
       attr: {
         role: 'sales',
       },
     },
-    {
-      name: 'user3',
-      auth: {
-        method: 'basic',
-        // user3
-        token: `{{${envVariable}}}`,
-      },
-      attr: {
-        role: 'qa engineer',
-      },
-    },
-    {
-      name: 'user4',
-      auth: {
-        method: 'basic',
-        // user3
-        file: `${path.resolve(__dirname, './test-files/basic.htpasswd')}`,
-      },
-      attr: {
-        role: 'web engineer',
-      },
-    },
-  ] as Array<UserAuthOptions>;
+  ] as Array<AuthUserListOptions>;
 
-  afterEach(() => {
-    process.env = oriEnv;
-  });
-  it('Should auth failed when not find any basic method in "user-auth" config', async () => {
-    // Arrange
-    const ctx = {
-      ...sinon.stubInterface<KoaContext>(),
-    } as KoaContext;
+  it.each([[{}], [{ 'non-basic': {} }], [{ basic: {} }]])(
+    'Should auth incorrect when options = %p in options',
+    async (options) => {
+      // Arrange
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+      } as KoaContext;
 
-    // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate([], ctx);
+      // Act
+      const result = await authenticate(ctx, options);
 
-    // Assert
-    expect(result).toEqual(expectFailed);
-  });
+      // Assert
+      expect(result).toEqual(expectIncorrect);
+    }
+  );
   it('Test to auth failed when request header not exist "authorization" key', async () => {
     // Arrange
-
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
       request: {
@@ -92,16 +76,14 @@ describe('Test http basic authenticator', () => {
     } as KoaContext;
 
     // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(usersOptions, ctx);
+    const result = await authenticate(ctx, { basic: {} });
 
     // Assert
-    expect(result).toEqual(expectFailed);
+    expect(result).toEqual(expectIncorrect);
   });
 
   it('Should auth failed when request header "authorization" not start with "basic"', async () => {
     // Arrange
-
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
       request: {
@@ -114,16 +96,14 @@ describe('Test http basic authenticator', () => {
     } as KoaContext;
 
     // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(usersOptions, ctx);
+    const result = await authenticate(ctx, { basic: {} });
 
     // Assert
-    expect(result).toEqual(expectFailed);
+    expect(result).toEqual(expectIncorrect);
   });
 
-  it('Test to auth failed when request header "authorization" not match "token" value in "user-auth" config', async () => {
+  it('Should auth failed when request header "authorization" not matched in empty "users-list" options', async () => {
     // Arrange
-
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
       request: {
@@ -133,23 +113,22 @@ describe('Test http basic authenticator', () => {
           authorization: `Basic ${invalidToken}`,
         },
       },
-    } as KoaContext;
+      set: sinon.stubInterface<BaseResponse>().set,
+    };
+    // expect set header to response
+    const expectedHeader = ['WWW-Authenticate', 'basic'];
 
     // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(usersOptions, ctx);
+    const result = await authenticate(ctx, { basic: { 'users-list': [] } });
 
     // Assert
     expect(result).toEqual(expectFailed);
+    expect(ctx.set.getCall(0).args).toEqual(expectedHeader);
   });
 
-  it.each([
-    [`Basic ${usersOptions[0].auth['token']}`],
-    [`BASIC ${usersOptions[0].auth['token']}`],
-    [`basic ${usersOptions[0].auth['token']}`],
-  ])(
-    'Should auth successful when request header "authorization"  match "token" value in "user-auth" config',
-    async (authToken) => {
+  it.each([['Basic'], ['BASIC'], ['basic']])(
+    'Should auth successful when request header "authorization" matched in "users-list" options',
+    async (authScheme) => {
       // Arrange
       const ctx = {
         ...sinon.stubInterface<KoaContext>(),
@@ -157,124 +136,57 @@ describe('Test http basic authenticator', () => {
           ...sinon.stubInterface<Request>(),
           headers: {
             ...sinon.stubInterface<IncomingHttpHeaders>(),
-            authorization: authToken,
+            authorization: `${authScheme} ${userTokenInList}`,
           },
         },
       } as KoaContext;
 
       const expected = {
-        authenticated: true,
+        status: AuthStatus.SUCCESS,
+        type: 'basic',
         user: {
-          name: usersOptions[0].name,
-          method: usersOptions[0].auth.method,
-          attr: usersOptions[0].attr,
+          name: userLists[0].name,
+          attr: userLists[0].attr,
         },
       } as AuthResult;
-      // Act
-      const authenticator = new BasicAuthenticator({}, '');
-      const result = await authenticator.authenticate(usersOptions, ctx);
-
-      // Assert
-      expect(result).toEqual(expected);
-    }
-  );
-
-  it('Test to auth failed when request header "authorization" not match "token" env variable value in "user-auth" options', async () => {
-    // Arrange
-    process.env[envVariable] = user3Token;
-
-    const ctx = {
-      ...sinon.stubInterface<KoaContext>(),
-      request: {
-        ...sinon.stubInterface<Request>(),
-        headers: {
-          ...sinon.stubInterface<IncomingHttpHeaders>(),
-          authorization: `Basic ${invalidToken}`,
-        },
-      },
-    } as KoaContext;
-
-    // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(usersOptions, ctx);
-
-    // Assert
-    expect(result).toEqual(expectFailed);
-  });
-
-  it.each([
-    [`Basic ${user3Token}`],
-    [`BASIC ${user3Token}`],
-    [`basic ${user3Token}`],
-  ])(
-    'Should auth successful when request header "authorization" not match "token" env variable value in "user-auth" options',
-    async (authToken) => {
-      // Arrange
-      process.env[envVariable] = user3Token as string;
-
-      const ctx = {
-        ...sinon.stubInterface<KoaContext>(),
-        request: {
-          ...sinon.stubInterface<Request>(),
-          headers: {
-            ...sinon.stubInterface<IncomingHttpHeaders>(),
-            authorization: authToken,
-          },
-        },
-      } as KoaContext;
 
-      const expected = {
-        authenticated: true,
-        user: {
-          name: usersOptions[2].name,
-          method: usersOptions[2].auth.method,
-          attr: usersOptions[2].attr,
-        },
-      } as AuthResult;
       // Act
-      const authenticator = new BasicAuthenticator({}, '');
-      const result = await authenticator.authenticate(usersOptions, ctx);
+      const result = await authenticate(ctx, {
+        basic: { 'users-list': userLists },
+      });
 
       // Assert
       expect(result).toEqual(expected);
     }
   );
 
-  it('Should auth failed when "file" path not exist in "user-auth" options', async () => {
+  it('Should auth failed when "htpasswd-file" path not exist in options', async () => {
     // Arrange
-
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         headers: {
           ...sinon.stubInterface<IncomingHttpHeaders>(),
-          // user 4 token value
-          authorization: `Basic dXNlcjQ=`,
+          authorization: `Basic ${userTokenInList}`,
         },
       },
-    } as KoaContext;
+      set: sinon.stubInterface<BaseResponse>().set,
+    };
+    // expect set header to response
+    const expectedHeader = ['WWW-Authenticate', 'basic'];
 
-    // user4
-    const options = [
-      {
-        name: usersOptions[3].name,
-        auth: {
-          method: usersOptions[3].auth.method,
-          file: 'not-a-file-path',
-        },
-        attr: usersOptions[3].attr,
-      },
-    ] as Array<UserAuthOptions>;
     // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(options, ctx);
+    const result = await authenticate(ctx, {
+      basic: { 'htpasswd-file': {} },
+    });
 
     // Assert
     expect(result).toEqual(expectFailed);
+    expect(ctx.set.getCall(0).args).toEqual(expectedHeader);
   });
 
-  it('Test to auth failed when "file" is not a file in "user-auth" options', async () => {
+  it('Should auth failed when "htpasswd-file" path is not a file in options', async () => {
     // Arrange
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
@@ -282,32 +194,27 @@ describe('Test http basic authenticator', () => {
         ...sinon.stubInterface<Request>(),
         headers: {
           ...sinon.stubInterface<IncomingHttpHeaders>(),
-          // user 4 token value
-          authorization: `Basic dXNlcjQ=`,
+          authorization: `Basic ${userTokenInList}`,
         },
       },
-    } as KoaContext;
+      set: sinon.stubInterface<BaseResponse>().set,
+    };
+    // expect set header to response
+    const expectedHeader = ['WWW-Authenticate', 'basic'];
 
-    // user4
-    const options = [
-      {
-        name: usersOptions[3].name,
-        auth: {
-          method: usersOptions[3].auth.method,
-          file: path.resolve(__dirname, './test-files'),
-        },
-        attr: usersOptions[3].attr,
-      },
-    ] as Array<UserAuthOptions>;
     // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(options, ctx);
+    const result = await authenticate(ctx, {
+      basic: {
+        'htpasswd-file': { path: path.resolve(__dirname, './test-files') },
+      },
+    });
 
     // Assert
     expect(result).toEqual(expectFailed);
+    expect(ctx.set.getCall(0).args).toEqual(expectedHeader);
   });
 
-  it('Should auth failed when request header "authorization" not match token in "file" path of the "user-auth" options', async () => {
+  it('Should auth failed when request header "authorization" not match in "htpasswd-file" path of options', async () => {
     // Arrange
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
@@ -315,68 +222,61 @@ describe('Test http basic authenticator', () => {
         ...sinon.stubInterface<Request>(),
         headers: {
           ...sinon.stubInterface<IncomingHttpHeaders>(),
-          // user 4 token value
-          authorization: `Basic ${Buffer.from('user5').toString('base64')}`,
+          authorization: `Basic ${invalidToken}`,
         },
       },
-    } as KoaContext;
+      set: sinon.stubInterface<BaseResponse>().set,
+    };
+    // expect set header to response
+    const expectedHeader = ['WWW-Authenticate', 'basic'];
 
-    // user4
-    const options = [
-      {
-        name: usersOptions[3].name,
-        auth: {
-          method: usersOptions[3].auth.method,
-          file: path.resolve(__dirname, './test-files/basic.htpasswd'),
+    // Act
+    const result = await authenticate(ctx, {
+      basic: {
+        'htpasswd-file': {
+          path: path.resolve(__dirname, './test-files/basic.htpasswd'),
         },
-        attr: usersOptions[3].attr,
       },
-    ] as Array<UserAuthOptions>;
-    // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(options, ctx);
+    });
 
     // Assert
     expect(result).toEqual(expectFailed);
+    expect(ctx.set.getCall(0).args).toEqual(expectedHeader);
   });
 
-  it('Should auth successful when request header "authorization" match token in "file" path of the "user-auth" options', async () => {
+  it('Should auth successfully when request header "authorization" match in "htpasswd-file" path of options', async () => {
     // Arrange
+    const userTokenInFile = Buffer.from('user3:test3').toString('base64');
     const ctx = {
       ...sinon.stubInterface<KoaContext>(),
       request: {
         ...sinon.stubInterface<Request>(),
         headers: {
           ...sinon.stubInterface<IncomingHttpHeaders>(),
-          // user 4 token value
-          authorization: `Basic dXNlcjQ=`,
-        },
-      },
-    } as KoaContext;
-
-    // user4
-    const options = [
-      {
-        name: usersOptions[3].name,
-        auth: {
-          method: usersOptions[3].auth.method,
-          file: path.resolve(__dirname, './test-files/basic.htpasswd'),
+          authorization: `Basic ${userTokenInFile}`,
         },
-        attr: usersOptions[3].attr,
       },
-    ] as Array<UserAuthOptions>;
-
+      set: sinon.stubInterface<BaseResponse>().set,
+    };
+    const userInFile = { name: 'user3', attr: { job: 'sales' } };
     const expected = {
-      authenticated: true,
+      status: AuthStatus.SUCCESS,
+      type: 'basic',
       user: {
-        name: usersOptions[3].name,
-        method: usersOptions[3].auth.method,
-        attr: usersOptions[3].attr,
+        name: userInFile.name,
+        attr: userInFile.attr,
       },
     } as AuthResult;
+
     // Act
-    const authenticator = new BasicAuthenticator({}, '');
-    const result = await authenticator.authenticate(options, ctx);
+    const result = await authenticate(ctx, {
+      basic: {
+        'htpasswd-file': {
+          path: path.resolve(__dirname, './test-files/basic.htpasswd'),
+          users: [userInFile],
+        },
+      },
+    });
 
     // Assert
     expect(result).toEqual(expected);
diff --git a/packages/serve/test/auth/passwordFileAuthenticator.spec.ts b/packages/serve/test/auth/passwordFileAuthenticator.spec.ts
new file mode 100644
index 00000000..87c3294c
--- /dev/null
+++ b/packages/serve/test/auth/passwordFileAuthenticator.spec.ts
@@ -0,0 +1,216 @@
+import * as path from 'path';
+import * as sinon from 'ts-sinon';
+import { IncomingHttpHeaders } from 'http';
+import { Request, BaseResponse } from 'koa';
+import { PasswordFileAuthenticator } from '@vulcan-sql/serve/auth';
+import { AuthResult, AuthStatus, KoaContext } from '@vulcan-sql/serve/models';
+
+const authenticate = async (
+  ctx: KoaContext,
+  options: any
+): Promise<AuthResult> => {
+  const authenticator = new PasswordFileAuthenticator({ options }, '');
+  await authenticator.activate();
+  return await authenticator.authenticate(ctx);
+};
+
+describe('Test password-file authenticator', () => {
+  const expectIncorrect = {
+    status: AuthStatus.INCORRECT,
+    type: 'password-file',
+  };
+  const expectFailed = {
+    status: AuthStatus.FAIL,
+    type: 'password-file',
+    message: 'authenticate user by "password-file" type failed.',
+  };
+  const invalidToken = Buffer.from('invalidUser:test').toString('base64');
+
+  const userLists = [
+    {
+      name: 'user3',
+      password: 'test3',
+      attr: {
+        role: 'data engineer',
+      },
+    },
+    {
+      name: 'user4',
+      password: 'test4',
+      attr: {
+        role: 'sales',
+      },
+    },
+  ];
+
+  it.each([[{}], [{ 'simple-token': [] }], [{ basic: {} }]])(
+    'Should auth incorrect when options = %p in options',
+    async (options) => {
+      // Arrange
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+      } as KoaContext;
+
+      // Act
+      const result = await authenticate(ctx, options);
+
+      // Assert
+      expect(result).toEqual(expectIncorrect);
+    }
+  );
+  it('Test to auth failed when request header not exist "authorization" key', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const result = await authenticate(ctx, {
+      'password-file': { path: '', users: [] },
+    });
+
+    // Assert
+    expect(result).toEqual(expectIncorrect);
+  });
+
+  it('Should auth failed when request header "authorization" not start with "password-file"', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: '',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const result = await authenticate(ctx, {
+      'password-file': { path: '', users: [] },
+    });
+
+    // Assert
+    expect(result).toEqual(expectIncorrect);
+  });
+
+  it('Should auth failed when "path" is empty in "password-file" options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `password-file ${invalidToken}`,
+        },
+      },
+    };
+
+    // Act
+    const result = await authenticate(ctx, {
+      'password-file': { path: '', users: [] },
+    });
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+  it('Should auth failed when "path" is not file in "password-file" options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `password-file ${invalidToken}`,
+        },
+      },
+      set: sinon.stubInterface<BaseResponse>().set,
+    };
+    // Act
+    const result = await authenticate(ctx, {
+      'password-file': { path: path.resolve(__dirname, './test-files') },
+    });
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it('Should auth failed when request header "authorization" not match in "password-file" path of options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `password-file ${invalidToken}`,
+        },
+      },
+    };
+
+    // Act
+    const result = await authenticate(ctx, {
+      'password-file': {
+        path: path.resolve(__dirname, './password-file'),
+      },
+    });
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it.each([
+    ['PASSWORD-FILE', userLists[0]],
+    ['PASSWORD-FILE', userLists[1]],
+    ['Password-File', userLists[0]],
+    ['Password-File', userLists[1]],
+    ['password-file', userLists[0]],
+    ['password-file', userLists[1]],
+  ])(
+    'Should auth successful when request header "authorization" matched in "password-file" options',
+    async (authScheme, userData) => {
+      // Arrange
+      const { name, password } = userData;
+      const token = Buffer.from(`${name}:${password}`).toString('base64');
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        request: {
+          ...sinon.stubInterface<Request>(),
+          headers: {
+            ...sinon.stubInterface<IncomingHttpHeaders>(),
+            authorization: `${authScheme} ${token}`,
+          },
+        },
+      } as KoaContext;
+
+      const expected = {
+        status: AuthStatus.SUCCESS,
+        type: 'password-file',
+        user: {
+          name: userData.name,
+          attr: userData.attr,
+        },
+      } as AuthResult;
+
+      // Act
+      const result = await authenticate(ctx, {
+        'password-file': {
+          path: path.resolve(__dirname, './test-files/password-file'),
+          users: userLists,
+        },
+      });
+
+      // Assert
+      expect(result).toEqual(expected);
+    }
+  );
+});
diff --git a/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts b/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts
new file mode 100644
index 00000000..5671d496
--- /dev/null
+++ b/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts
@@ -0,0 +1,163 @@
+import * as md5 from 'md5';
+import * as sinon from 'ts-sinon';
+import { IncomingHttpHeaders } from 'http';
+import { Request } from 'koa';
+import {
+  SimpleTokenAuthenticator,
+  SimpleTokenOptions,
+} from '@vulcan-sql/serve/auth';
+import { AuthResult, AuthStatus, KoaContext } from '@vulcan-sql/serve/models';
+
+const authenticate = async (
+  ctx: KoaContext,
+  options: any
+): Promise<AuthResult> => {
+  const authenticator = new SimpleTokenAuthenticator({ options }, '');
+  await authenticator.activate();
+  return await authenticator.authenticate(ctx);
+};
+
+describe('Test simple-token authenticator', () => {
+  const expectIncorrect = {
+    status: AuthStatus.INCORRECT,
+    type: 'simple-token',
+  };
+  const expectFailed = {
+    status: AuthStatus.FAIL,
+    type: 'simple-token',
+    message: 'authenticate user by "simple-token" type failed.',
+  };
+  const invalidToken = Buffer.from('invalidUser:test').toString('base64');
+
+  const userLists = [
+    {
+      name: 'user1',
+      token: Buffer.from('user1:test1').toString('base64'),
+      attr: {
+        role: 'data engineer',
+      },
+    },
+    {
+      name: 'user2',
+      token: md5('user1:test1'),
+      attr: {
+        role: 'sales',
+      },
+    },
+  ] as SimpleTokenOptions;
+
+  it.each([[{}], [{ basic: {} }], [{ 'simple-token': [] }]])(
+    'Should auth incorrect when options = %p in options',
+    async (options) => {
+      // Arrange
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+      } as KoaContext;
+
+      // Act
+      const result = await authenticate(ctx, options);
+
+      // Assert
+      expect(result).toEqual(expectIncorrect);
+    }
+  );
+  it('Test to auth failed when request header not exist "authorization" key', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const result = await authenticate(ctx, { 'simple-token': userLists });
+
+    // Assert
+    expect(result).toEqual(expectIncorrect);
+  });
+
+  it('Should auth failed when request header "authorization" not start with "simple-token"', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: '',
+        },
+      },
+    } as KoaContext;
+
+    // Act
+    const result = await authenticate(ctx, { 'simple-token': userLists });
+
+    // Assert
+    expect(result).toEqual(expectIncorrect);
+  });
+
+  it('Should auth failed when request header "authorization" not matched in empty simple-token" options', async () => {
+    // Arrange
+    const ctx = {
+      ...sinon.stubInterface<KoaContext>(),
+      request: {
+        ...sinon.stubInterface<Request>(),
+        headers: {
+          ...sinon.stubInterface<IncomingHttpHeaders>(),
+          authorization: `SIMPLE-TOKEN ${invalidToken}`,
+        },
+      },
+    };
+
+    // Act
+    const result = await authenticate(ctx, { 'simple-token': userLists });
+
+    // Assert
+    expect(result).toEqual(expectFailed);
+  });
+
+  it.each([
+    ['SIMPLE-TOKEN', userLists[0]],
+    ['SIMPLE-TOKEN', userLists[1]],
+    ['Simple-Token', userLists[0]],
+    ['Simple-Token', userLists[1]],
+    ['simple-token', userLists[0]],
+    ['simple-token', userLists[1]],
+  ])(
+    'Should auth successful when request header "authorization" matched in "simple-token" options',
+    async (authScheme, userData) => {
+      // Arrange
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        request: {
+          ...sinon.stubInterface<Request>(),
+          headers: {
+            ...sinon.stubInterface<IncomingHttpHeaders>(),
+            authorization: `${authScheme} ${userData.token}`,
+          },
+        },
+      } as KoaContext;
+
+      const expected = {
+        status: AuthStatus.SUCCESS,
+        type: 'simple-token',
+        user: {
+          name: userData.name,
+          attr: userData.attr,
+        },
+      } as AuthResult;
+
+      // Act
+      const result = await authenticate(ctx, {
+        'simple-token': userLists,
+      });
+
+      // Assert
+      expect(result).toEqual(expected);
+    }
+  );
+});
diff --git a/packages/serve/test/auth/test-files/basic.htpasswd b/packages/serve/test/auth/test-files/basic.htpasswd
index 8ec589e2..39865ab4 100644
--- a/packages/serve/test/auth/test-files/basic.htpasswd
+++ b/packages/serve/test/auth/test-files/basic.htpasswd
@@ -1,2 +1,2 @@
-user4:dXNlcjQ=
-
+user3:8ad8757baa8564dc136c1e07507f4a98
+user4:86985e105f79b95d6bc918fb45ec7727
\ No newline at end of file
diff --git a/packages/serve/test/auth/test-files/password-file b/packages/serve/test/auth/test-files/password-file
new file mode 100644
index 00000000..3b7026ec
--- /dev/null
+++ b/packages/serve/test/auth/test-files/password-file
@@ -0,0 +1,2 @@
+user3:$2y$10$oeNSyfKotnJn8zpVH1zx3uvLiXXKgS0JBgpO4Hp7GHE3GQguIR9nm
+user4:$2y$10$rxs7YXnA4H4rzgdAaEk1X.SMkY3zmt/LyufDCxN7xF2Pd6CDH7VFu
\ No newline at end of file
diff --git a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
index 8d7734f9..f18e47fb 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
@@ -2,23 +2,18 @@ import * as sinon from 'ts-sinon';
 import { AuthMiddleware } from '@vulcan-sql/serve/middleware';
 import {
   AuthResult,
+  AuthStatus,
   AuthUserInfo,
   KoaContext,
-  UserAuthOptions,
 } from '@vulcan-sql/serve/models';
-import { Request } from 'koa';
-import { IncomingHttpHeaders } from 'http';
 import * as lodash from 'lodash';
-
-import { BasicAuthenticator } from '@vulcan-sql/serve';
+import {
+  BasicAuthenticator,
+  PasswordFileAuthenticator,
+  SimpleTokenAuthenticator,
+} from '@vulcan-sql/serve';
 
 describe('Test auth middlewares', () => {
-  let stubBasicAuthenticator: sinon.StubbedInstance<BasicAuthenticator>;
-
-  beforeEach(() => {
-    stubBasicAuthenticator = sinon.stubInterface<BasicAuthenticator>();
-  });
-
   afterEach(() => {
     sinon.default.restore();
   });
@@ -44,8 +39,8 @@ describe('Test auth middlewares', () => {
     expect(spy).not.toHaveBeenCalled();
   });
 
-  it.each([[[]], [undefined]])(
-    'Should return to stop auth middleware when "user-auth" = %p in options',
+  it.each([[{}], [undefined]])(
+    'Should return to skip auth middleware when options = %p',
     async (options) => {
       // Arrange
       const ctx: KoaContext = {
@@ -54,9 +49,7 @@ describe('Test auth middlewares', () => {
       // Act
       const middleware = new AuthMiddleware(
         {
-          options: {
-            'user-auth': options,
-          },
+          options: options,
         },
         '',
         []
@@ -71,108 +64,131 @@ describe('Test auth middlewares', () => {
     }
   );
 
-  it('Should authenticate successful when request with basic authorization and match in "user-auth" config', async () => {
-    // Arrange
-    const user = {
-      name: 'user',
-      auth: {
-        method: 'basic',
-        token: `${Buffer.from('user').toString('base64')}`,
-      },
-      attr: {
-        role: 'engineer',
-      },
-    } as UserAuthOptions;
-
-    // stub authenticate result
-    stubBasicAuthenticator.authenticate.resolves({
-      authenticated: true,
-      user: {
-        name: user.name,
-        method: user.auth.method,
-        attr: user.attr,
-      },
-    } as AuthResult);
+  it.each([
+    ['basic', sinon.stubInterface<BasicAuthenticator>()],
+    ['simple-token', sinon.stubInterface<SimpleTokenAuthenticator>()],
+    ['password-file', sinon.stubInterface<PasswordFileAuthenticator>()],
+  ])(
+    'Should auth successful when request match "%p" authorization',
+    async (type, authenticator) => {
+      // Arrange
+      const expected = {
+        name: 'user1',
+        attr: { role: 'engineer' },
+      };
 
-    const ctx = {
-      ...sinon.stubInterface<KoaContext>(),
-      request: {
-        ...sinon.stubInterface<Request>(),
-        headers: {
-          ...sinon.stubInterface<IncomingHttpHeaders>(),
-          authorization: `Basic ${user.auth['token']}`,
+      const options = {};
+
+      // stub authenticator
+      authenticator.getExtensionId.returns(type);
+      authenticator.authenticate.resolves({
+        status: AuthStatus.SUCCESS,
+        type,
+        user: {
+          name: expected.name,
+          attr: expected.attr,
         },
-      },
-      state: {
-        ...sinon.stubInterface<{ user: AuthUserInfo }>(),
-      },
-    };
+      } as AuthResult);
 
-    const expected = {
-      name: user.name,
-      method: user.auth.method,
-      attr: user.attr,
-    } as AuthUserInfo;
-    // Act
-    const middleware = new AuthMiddleware(
-      {
-        options: {
-          ['user-auth']: [user],
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        state: {
+          ...sinon.stubInterface<{ user: AuthUserInfo }>(),
         },
-      },
-      '',
-      [stubBasicAuthenticator]
-    );
+      };
 
-    await middleware.handle(ctx, async () => Promise.resolve());
+      // Act
+      const middleware = new AuthMiddleware(
+        { options: { [type]: options } },
+        '',
+        [authenticator]
+      );
 
-    expect(ctx.state.user).toEqual(expected);
-  });
+      await middleware.handle(ctx, async () => Promise.resolve());
 
-  it('Should authenticate failed when request with basic authorization and not match in "user-auth" config', async () => {
-    // Arrange
-    const user = {
-      name: 'user',
-      auth: {
-        method: 'basic',
-        token: `${Buffer.from('user').toString('base64')}`,
-      },
-      attr: {
-        role: 'engineer',
-      },
-    } as UserAuthOptions;
+      expect(ctx.state.user).toEqual(expected);
+    }
+  );
 
-    // stub authenticate result
-    stubBasicAuthenticator.authenticate.resolves({
-      authenticated: false,
-    } as AuthResult);
+  it.each([
+    ['basic', sinon.stubInterface<BasicAuthenticator>()],
+    ['simple-token', sinon.stubInterface<SimpleTokenAuthenticator>()],
+    ['password-file', sinon.stubInterface<PasswordFileAuthenticator>()],
+  ])(
+    'Should auth successful when request match %p authorization',
+    async (type, authenticator) => {
+      // Arrange
+      const expected = {
+        type,
+        message: `authenticate user by "${authenticator.getExtensionId()}" type failed.`,
+      };
 
-    const ctx = {
-      ...sinon.stubInterface<KoaContext>(),
-      request: {
-        ...sinon.stubInterface<Request>(),
-        headers: {
-          ...sinon.stubInterface<IncomingHttpHeaders>(),
-          authorization: `Bear ${user.auth['token']}`,
-        },
-      },
-      state: {
-        ...sinon.stubInterface<{ user: AuthUserInfo }>(),
-      },
-    };
-    const expected = new Error('authentication failed.');
-    // Act
-    const middleware = new AuthMiddleware(
-      {
-        options: {
-          ['user-auth']: [user],
-        },
-      },
-      '',
-      [stubBasicAuthenticator]
-    );
-    const handleAction = middleware.handle(ctx, async () => Promise.resolve());
-    // Assert
-    expect(handleAction).rejects.toThrowError(expected);
-  });
+      const options = {};
+
+      // stub authenticator
+      authenticator.getExtensionId.returns(type);
+      authenticator.authenticate.resolves({
+        status: AuthStatus.FAIL,
+        type,
+        message: expected.message,
+      } as AuthResult);
+
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        status: sinon.stubInterface<any>(),
+        body: sinon.stubInterface<Record<string, any>>(),
+      };
+
+      // Act
+      const middleware = new AuthMiddleware(
+        { options: { [type]: options } },
+        '',
+        [authenticator]
+      );
+
+      await middleware.handle(ctx, async () => Promise.resolve());
+
+      expect(ctx.status).toEqual(401);
+      expect(ctx.body).toEqual(expected);
+    }
+  );
+
+  it.each([
+    ['basic', sinon.stubInterface<BasicAuthenticator>()],
+    ['simple-token', sinon.stubInterface<SimpleTokenAuthenticator>()],
+    ['password-file', sinon.stubInterface<PasswordFileAuthenticator>()],
+  ])(
+    'Should auth successful when request match  authorization',
+    async (type, authenticator) => {
+      // Arrange
+      const expected = new Error('all types of authentication failed.');
+
+      const options = {};
+
+      // stub authenticator
+      authenticator.getExtensionId.returns(type);
+      authenticator.authenticate.resolves({
+        status: AuthStatus.INCORRECT,
+        type,
+      } as AuthResult);
+
+      const ctx = {
+        ...sinon.stubInterface<KoaContext>(),
+        status: sinon.stubInterface<any>(),
+        body: sinon.stubInterface<Record<string, any>>(),
+      };
+
+      // Act
+      const middleware = new AuthMiddleware(
+        { options: { [type]: options } },
+        '',
+        [authenticator]
+      );
+
+      const handle = async () =>
+        await middleware.handle(ctx, async () => Promise.resolve());
+
+      expect(handle()).rejects.toThrow(expected);
+    }
+  );
 });
diff --git a/types/apache-md5.d.ts b/types/apache-md5.d.ts
deleted file mode 100644
index f74fb521..00000000
--- a/types/apache-md5.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-declare module 'apache-md5' {
-  declare function apacheMd5(password: string, salt?: string): string;
-
-  export default apacheMd5;
-}
diff --git a/yarn.lock b/yarn.lock
index 8268c5b3..d388a2f7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1130,9 +1130,9 @@
   integrity sha512-EqX+YQxINb+MeXaIqYDASb6U6FCHbWjkj4a1CKDBks3d/QiB2+PqBLyO72vLDgAO1wUI4O+9gweRcQK11bTL/w==
 
 "@types/inquirer@^8.0.0":
-  version "8.2.2"
-  resolved "https://registry.yarnpkg.com/@types/inquirer/-/inquirer-8.2.2.tgz#7ec5f166026b55b10df011521c8a63920cb84a7a"
-  integrity sha512-HXoFOl+KS4yvmUjisi83VpuSBOeeXIzdJfoT/v2pUruqybpHy0Dz1DyXy3E2jNH0cSVKJZV92VOnFBwJR6k83A==
+  version "8.2.3"
+  resolved "https://registry.yarnpkg.com/@types/inquirer/-/inquirer-8.2.3.tgz#985515d04879a0d0c1f5f49ec375767410ba9dab"
+  integrity sha512-ZlBqD+8WIVNy3KIVkl+Qne6bGLW2erwN0GJXY9Ri/9EMbyupee3xw3H0Mmv5kJoLyNpfd/oHlwKxO0DUDH7yWA==
   dependencies:
     "@types/through" "*"
 
@@ -1243,6 +1243,11 @@
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.182.tgz#05301a4d5e62963227eaafe0ce04dd77c54ea5c2"
   integrity sha512-/THyiqyQAP9AfARo4pF+aCGcyiQ94tX/Is2I7HofNRqoYLgN1PBoOWu2/zTA5zMxzP5EFutMtWtGAFRKUe961Q==
 
+"@types/md5@^2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@types/md5/-/md5-2.3.2.tgz#529bb3f8a7e9e9f621094eb76a443f585d882528"
+  integrity sha512-v+JFDu96+UYJ3/UWzB0mEglIS//MZXgRaJ4ubUPwOM0gvLc/kcQ3TWNYwENEK7/EcXGQVrW8h/XqednSjBd/Og==
+
 "@types/mime@^1":
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.2.tgz#93e25bf9ee75fe0fd80b594bc4feb0e862111b5a"
@@ -1621,11 +1626,6 @@ anymatch@^3.0.3, anymatch@~3.1.2:
     normalize-path "^3.0.0"
     picomatch "^2.0.4"
 
-apache-md5@^1.1.7:
-  version "1.1.7"
-  resolved "https://registry.yarnpkg.com/apache-md5/-/apache-md5-1.1.7.tgz#dcef1802700cc231d60c5e08fd088f2f9b36375a"
-  integrity sha512-JtHjzZmJxtzfTSjsCyHgPR155HBe5WGyUyHTaEkfy46qhwCFKx1Epm6nAxgUG3WfUZP1dWhGqj9Z2NOBeZ+uBw==
-
 arg@^4.1.0:
   version "4.1.3"
   resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
@@ -2000,6 +2000,11 @@ chardet@^0.7.0:
   resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e"
   integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==
 
+charenc@0.0.2:
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667"
+  integrity sha512-yrLQ/yVUFXkzg7EDQsPieE/53+0RlaWTs+wBrvW36cyilJ2SaDWfl4Yj7MtLTXleV9uEKefbAGUPv2/iWSooRA==
+
 chokidar@^3.5.1:
   version "3.5.3"
   resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd"
@@ -2288,6 +2293,11 @@ cross-spawn@^7.0.2, cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+crypt@0.0.2:
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b"
+  integrity sha512-mCxBlsHFYh9C+HVpiEacem8FEBnMXgU9gy4zmNC+SXAZNB/1idgp/aulFJ4FgCi7GPEVbfyng092GqL2k2rmow==
+
 cssom@^0.4.4:
   version "0.4.4"
   resolved "https://registry.yarnpkg.com/cssom/-/cssom-0.4.4.tgz#5a66cf93d2d0b661d80bf6a44fb65f5c2e4e0a10"
@@ -3542,11 +3552,6 @@ is-arrayish@^0.2.1:
   resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
   integrity sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=
 
-is-base64@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-base64/-/is-base64-1.1.0.tgz#8ce1d719895030a457c59a7dcaf39b66d99d56b4"
-  integrity sha512-Nlhg7Z2dVC4/PTvIFkgVVNvPHSO2eR/Yd0XzhGiXCXEvWnptXlXa/clQ8aePPiMuxEGcWfzWbGw2Fe3d+Y3v1g==
-
 is-binary-path@~2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-2.1.0.tgz#ea1f7f3b80f064236e83470f86c09c254fb45b09"
@@ -3554,7 +3559,7 @@ is-binary-path@~2.1.0:
   dependencies:
     binary-extensions "^2.0.0"
 
-is-buffer@^1.1.5:
+is-buffer@^1.1.5, is-buffer@~1.1.6:
   version "1.1.6"
   resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
   integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
@@ -4602,6 +4607,15 @@ map-visit@^1.0.0:
   dependencies:
     object-visit "^1.0.0"
 
+md5@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/md5/-/md5-2.3.0.tgz#c3da9a6aae3a30b46b7b0c349b87b110dc3bda4f"
+  integrity sha512-T1GITYmFaKuO91vxyoQMFETst+O71VUPEU3ze5GNzDm0OWdP8v1ziTaAEPUr/3kLsY3Sftgz242A1SetQiDL7g==
+  dependencies:
+    charenc "0.0.2"
+    crypt "0.0.2"
+    is-buffer "~1.1.6"
+
 media-typer@0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"

From dde285f3c276158a79dd50a9c8500587e8ccc399 Mon Sep 17 00:00:00 2001
From: kokokuo <v6610688@gmail.com>
Date: Tue, 30 Aug 2022 12:25:39 +0800
Subject: [PATCH 8/8] chore(serve): rename the auth status type, active the
 authenticator when active auth middleware

---
 packages/serve/src/lib/app.ts                         |  1 +
 packages/serve/src/lib/auth/httpBasicAuthenticator.ts |  2 +-
 .../serve/src/lib/auth/passwordFileAuthenticator.ts   |  2 +-
 .../serve/src/lib/auth/simpleTokenAuthenticator.ts    |  2 +-
 packages/serve/src/lib/middleware/authMiddleware.ts   | 11 ++++++++---
 packages/serve/src/models/extensions/authenticator.ts |  4 ++--
 packages/serve/test/auth/basicAuthenticator.spec.ts   |  2 +-
 .../serve/test/auth/passwordFileAuthenticator.spec.ts |  2 +-
 .../serve/test/auth/simpleTokenAuthenticator.spec.ts  |  2 +-
 .../built-in-middlewares/authMiddleware.spec.ts       |  2 +-
 10 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/packages/serve/src/lib/app.ts b/packages/serve/src/lib/app.ts
index bcdc4b4e..a779957f 100644
--- a/packages/serve/src/lib/app.ts
+++ b/packages/serve/src/lib/app.ts
@@ -85,6 +85,7 @@ export class VulcanApplication {
   /** load built-in and extensions middleware classes for app used */
   public async useMiddleware() {
     for (const middleware of this.routeMiddlewares) {
+      if (middleware.activate) await middleware.activate();
       this.app.use(middleware.handle.bind(middleware));
     }
   }
diff --git a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
index 170eaee2..797b85c2 100644
--- a/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
+++ b/packages/serve/src/lib/auth/httpBasicAuthenticator.ts
@@ -89,7 +89,7 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
 
   public async authenticate(context: KoaContext) {
     const incorrect = {
-      status: AuthStatus.INCORRECT,
+      status: AuthStatus.INDETERMINATE,
       type: this.getExtensionId()!,
     };
     if (isEmpty(this.options)) return incorrect;
diff --git a/packages/serve/src/lib/auth/passwordFileAuthenticator.ts b/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
index 48678895..56fdb232 100644
--- a/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
+++ b/packages/serve/src/lib/auth/passwordFileAuthenticator.ts
@@ -68,7 +68,7 @@ export class PasswordFileAuthenticator extends BaseAuthenticator<PasswordFileOpt
 
   public async authenticate(context: KoaContext) {
     const incorrect = {
-      status: AuthStatus.INCORRECT,
+      status: AuthStatus.INDETERMINATE,
       type: this.getExtensionId()!,
     };
     if (isEmpty(this.options)) return incorrect;
diff --git a/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts b/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
index c574a4e5..28494833 100644
--- a/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
+++ b/packages/serve/src/lib/auth/simpleTokenAuthenticator.ts
@@ -45,7 +45,7 @@ export class SimpleTokenAuthenticator extends BaseAuthenticator<SimpleTokenOptio
 
   public async authenticate(context: KoaContext) {
     const incorrect = {
-      status: AuthStatus.INCORRECT,
+      status: AuthStatus.INDETERMINATE,
       type: this.getExtensionId()!,
     };
     if (isEmpty(this.options)) return incorrect;
diff --git a/packages/serve/src/lib/middleware/authMiddleware.ts b/packages/serve/src/lib/middleware/authMiddleware.ts
index cac68594..30582112 100644
--- a/packages/serve/src/lib/middleware/authMiddleware.ts
+++ b/packages/serve/src/lib/middleware/authMiddleware.ts
@@ -36,13 +36,18 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
 
     this.authenticators = authenticators.reduce<AuthenticatorMap>(
       (prev, authenticator) => {
-        if (authenticator.activate) authenticator.activate();
         prev[authenticator.getExtensionId()!] = authenticator;
         return prev;
       },
       {}
     );
   }
+  public override async onActivate() {
+    for (const authId of Object.keys(this.authenticators)) {
+      const authenticator = this.authenticators[authId];
+      if (authenticator.activate) await authenticator.activate();
+    }
+  }
 
   public async handle(context: KoaContext, next: Next) {
     // return to stop the middleware, if disabled
@@ -57,8 +62,8 @@ export class AuthMiddleware extends BuiltInMiddleware<AuthOptions> {
       if (!options[name]) continue;
       // authenticate
       const result = await this.authenticators[name].authenticate(context);
-      // if state is incorrect, change to next authentication
-      if (result.status === AuthStatus.INCORRECT) continue;
+      // if state is indeterminate, change to next authentication
+      if (result.status === AuthStatus.INDETERMINATE) continue;
       // if state is failed, return directly
       if (result.status === AuthStatus.FAIL) {
         context.status = 401;
diff --git a/packages/serve/src/models/extensions/authenticator.ts b/packages/serve/src/models/extensions/authenticator.ts
index c97818ee..d85fec91 100644
--- a/packages/serve/src/models/extensions/authenticator.ts
+++ b/packages/serve/src/models/extensions/authenticator.ts
@@ -12,12 +12,12 @@ export interface AuthUserInfo {
 export enum AuthStatus {
   /**
    * SUCCESS: Request format correct and match the one of user credentials
-   * INCORRECT: Request format is incorrect for authenticator needed, skip and check next authenticator
+   * INDETERMINATE: Request format is unclear for authenticator needed, skip and check next authenticator
    * FAIL: Request format correct, but not match the user credentials
    */
   SUCCESS = 'SUCCESS',
   FAIL = 'FAIL',
-  INCORRECT = 'INCORRECT',
+  INDETERMINATE = 'INDETERMINATE',
 }
 export interface AuthResult {
   status: AuthStatus;
diff --git a/packages/serve/test/auth/basicAuthenticator.spec.ts b/packages/serve/test/auth/basicAuthenticator.spec.ts
index a719f69b..8dc6f44d 100644
--- a/packages/serve/test/auth/basicAuthenticator.spec.ts
+++ b/packages/serve/test/auth/basicAuthenticator.spec.ts
@@ -20,7 +20,7 @@ const authenticate = async (
 
 describe('Test http basic authenticator', () => {
   const expectIncorrect = {
-    status: AuthStatus.INCORRECT,
+    status: AuthStatus.INDETERMINATE,
     type: 'basic',
   };
   const expectFailed = {
diff --git a/packages/serve/test/auth/passwordFileAuthenticator.spec.ts b/packages/serve/test/auth/passwordFileAuthenticator.spec.ts
index 87c3294c..e61fdf06 100644
--- a/packages/serve/test/auth/passwordFileAuthenticator.spec.ts
+++ b/packages/serve/test/auth/passwordFileAuthenticator.spec.ts
@@ -16,7 +16,7 @@ const authenticate = async (
 
 describe('Test password-file authenticator', () => {
   const expectIncorrect = {
-    status: AuthStatus.INCORRECT,
+    status: AuthStatus.INDETERMINATE,
     type: 'password-file',
   };
   const expectFailed = {
diff --git a/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts b/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts
index 5671d496..967433c7 100644
--- a/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts
+++ b/packages/serve/test/auth/simpleTokenAuthenticator.spec.ts
@@ -19,7 +19,7 @@ const authenticate = async (
 
 describe('Test simple-token authenticator', () => {
   const expectIncorrect = {
-    status: AuthStatus.INCORRECT,
+    status: AuthStatus.INDETERMINATE,
     type: 'simple-token',
   };
   const expectFailed = {
diff --git a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
index f18e47fb..da161562 100644
--- a/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
+++ b/packages/serve/test/middlewares/built-in-middlewares/authMiddleware.spec.ts
@@ -168,7 +168,7 @@ describe('Test auth middlewares', () => {
       // stub authenticator
       authenticator.getExtensionId.returns(type);
       authenticator.authenticate.resolves({
-        status: AuthStatus.INCORRECT,
+        status: AuthStatus.INDETERMINATE,
         type,
       } as AuthResult);