Implemented User routes and Login system

docker-compose.yml

@@ -13,6 +13,8 @@ services:
       - DATABASE_DATABASE=aqm
       - DATABASE_ENTITIES=build/models/*.js
       - DATABASE_MIGRATIONS=build/migrations/*.js
+      - JWT_SECRET=default
+      - ACTIVATE_ROUTE_RESTRICTION=true
     ports:
       - 3030:3030
     networks:

package.json

@@ -12,21 +12,25 @@
       "start": "node build/index.js"
    },
    "dependencies": {
+      "bcrypt": "^5.0.1",
       "celebrate": "^15.0.1",
       "cors": "^2.8.5",
       "dotenv": "^16.0.1",
       "express": "^4.18.1",
       "express-async-errors": "^3.1.1",
       "helmet": "^5.1.0",
+      "jsonwebtoken": "^8.5.1",
       "pg": "^8.4.0",
       "reflect-metadata": "^0.1.13",
       "typeorm": "0.3.6"
    },
    "devDependencies": {
+      "@types/bcrypt": "^5.0.0",
       "@types/cors": "^2.8.12",
       "@types/express": "^4.17.13",
       "@types/helmet": "^4.0.0",
-      "@types/node": "^16.11.10",
+      "@types/jsonwebtoken": "^8.5.8",
+      "@types/node": "^18.0.0",
       "@typescript-eslint/eslint-plugin": "^5.28.0",
       "@typescript-eslint/parser": "^5.28.0",
       "eslint": "^7.32.0 || ^8.2.0",

src/@types/express.d.ts

@@ -0,0 +1,7 @@
+declare namespace Express {
+  export interface Request {
+    user: {
+      id: string;
+    }
+  }
+}

src/controllers/ControllerSession.ts

@@ -0,0 +1,21 @@
+import { Request, Response } from 'express';
+import ServiceCreateSession from '../service/ServiceCreateSession';
+
+class ControllerSession {
+  public async create(request: Request, response: Response): Promise<Response> {
+    const {
+      login,
+      password,
+    } = request.body;
+
+    const serviceCreateSession = new ServiceCreateSession();
+
+    const { user, token } = await serviceCreateSession.execute({ login, password });
+
+    delete user.password;
+
+    return response.status(200).json({ user, token });
+  }
+}
+
+export default ControllerSession;

src/controllers/ControllerUser.ts

@@ -0,0 +1,39 @@
+import { Request, Response } from 'express';
+import ServiceDeleteUser from '../service/ServiceDeleteUser';
+import ServiceCreateUser from '../service/ServiceCreateUser';
+
+class ControllerUser {
+  public async create(request: Request, response: Response): Promise<Response> {
+    const {
+      name,
+      login,
+      password,
+    } = request.body;
+
+    const serviceCreateUser = new ServiceCreateUser();
+
+    const user = await serviceCreateUser.execute({
+      name,
+      login,
+      password,
+    });
+
+    delete user.password;
+
+    return response.status(200).json(user);
+  }
+
+  public async delete(request: Request, response: Response): Promise<Response> {
+    const {
+      id,
+    } = request.params;
+
+    const serviceDeleteUser = new ServiceDeleteUser();
+
+    await serviceDeleteUser.execute(id);
+
+    return response.status(204).send();
+  }
+}
+
+export default ControllerUser;

src/middlewares/createSessionMiddleware.ts

@@ -0,0 +1,10 @@
+import { celebrate, Joi, Segments } from 'celebrate';
+
+const createSessionMiddleware = celebrate({
+  [Segments.BODY]: Joi.object().keys({
+    login: Joi.string().required(),
+    password: Joi.string().required(),
+  }),
+});
+
+export default createSessionMiddleware;

src/middlewares/createUserMiddleware.ts

@@ -0,0 +1,11 @@
+import { celebrate, Joi, Segments } from 'celebrate';
+
+const createUserMiddleware = celebrate({
+  [Segments.BODY]: Joi.object().keys({
+    name: Joi.string().required(),
+    login: Joi.string().required(),
+    password: Joi.string().required(),
+  }),
+});
+
+export default createUserMiddleware;

src/middlewares/validateSessionMiddleware.ts

@@ -0,0 +1,31 @@
+import { NextFunction, Request, Response } from 'express';
+import { verify } from 'jsonwebtoken';
+import AppError from '../errors/AppError';
+
+const validateSessionMiddleware = (
+  request: Request,
+  _response: Response,
+  next: NextFunction,
+): void => {
+  const authHeader = request.headers.authorization;
+
+  if (!authHeader) {
+    throw new AppError('JWT Token is Missing', 401);
+  }
+
+  const [, token] = authHeader.split(' ');
+
+  try {
+    const { sub } = verify(token, String(process.env.JWT_SECRET));
+
+    request.user = {
+      id: String(sub),
+    };
+
+    next();
+  } catch (error) {
+    throw new AppError('Invalid JWT Token', 401);
+  }
+};
+
+export default validateSessionMiddleware;

src/models/User.ts

@@ -18,7 +18,7 @@ class User {
     login: string;
 
   @Column({ name: 'password' })
-    password: string;
+    password?: string;
 
   @CreateDateColumn({ name: 'created_at' })
     createdAt: Date;

src/routes/index.ts

@@ -3,12 +3,23 @@ import systemRouter from './system.routes';
 import rawDataRouter from './dataRaw.routes';
 import stationRouter from './station.routes';
 import dashboardRouter from './dashboard.routes';
+import sessionRouter from './session.routes';
+import userRouter from './user.routes';
+
+import validateSessionMiddleware from '../middlewares/validateSessionMiddleware';
 
 const routes = Router();
 
 routes.use('/', systemRouter);
 routes.use('/data-raw', rawDataRouter);
-routes.use('/station', stationRouter);
 routes.use('/dashboard', dashboardRouter);
+routes.use('/session', sessionRouter);
+
+if (String(process.env.ACTIVATE_ROUTE_RESTRICTION) === 'true') {
+  routes.use(validateSessionMiddleware);
+}
+
+routes.use('/user', userRouter);
+routes.use('/station', stationRouter);
 
 export default routes;

src/routes/session.routes.ts

@@ -0,0 +1,10 @@
+import { Router } from 'express';
+import ControllerSession from '../controllers/ControllerSession';
+import createSessionMiddleware from '../middlewares/createSessionMiddleware';
+
+const sessionRouter = Router();
+const controllerSession = new ControllerSession();
+
+sessionRouter.post('/', createSessionMiddleware, controllerSession.create);
+
+export default sessionRouter;

src/routes/user.routes.ts

@@ -0,0 +1,11 @@
+import { Router } from 'express';
+import ControllerUser from '../controllers/ControllerUser';
+import createUserMiddleware from '../middlewares/createUserMiddleware';
+
+const userRouter = Router();
+const controllerUser = new ControllerUser();
+
+userRouter.post('/', createUserMiddleware, controllerUser.create);
+userRouter.delete('/:id', controllerUser.delete);
+
+export default userRouter;

src/service/ServiceCreateSession.ts

@@ -0,0 +1,47 @@
+import { compare } from 'bcrypt';
+import { sign } from 'jsonwebtoken';
+import { aqmDataSouce } from '../config/database';
+import User from '../models/User';
+import AppError from '../errors/AppError';
+
+interface Request {
+  login: string,
+
+  password: string
+}
+
+interface Response {
+  user: User;
+
+  token: string;
+}
+
+class ServiceCreateSession {
+  public async execute({ login, password }: Request): Promise<Response> {
+    const userRepository = aqmDataSouce.getRepository(User);
+
+    const user = await userRepository.findOne({ where: { login } });
+
+    if (user === null) {
+      throw new AppError('Incorrect Login/Password', 401);
+    }
+
+    const isMatched = await compare(password, String(user.password));
+
+    if (!isMatched) {
+      throw new AppError('Incorrect Login/Password', 401);
+    }
+
+    const token = sign({}, String(process.env.JWT_SECRET), {
+      subject: user.id,
+      expiresIn: '30d',
+    });
+
+    return {
+      user,
+      token,
+    };
+  }
+}
+
+export default ServiceCreateSession;

src/service/ServiceCreateUser.ts

@@ -0,0 +1,36 @@
+import { hash } from 'bcrypt';
+import AppError from '../errors/AppError';
+import { aqmDataSouce } from '../config/database';
+import User from '../models/User';
+
+interface Request {
+  name: string,
+
+  login: string,
+
+  password: string
+}
+
+class ServiceCreateUser {
+  public async execute({ name, login, password }: Request): Promise<User> {
+    const userRepository = aqmDataSouce.getRepository(User);
+
+    const existingUser = await userRepository.findOne({ where: { login } });
+
+    if (existingUser !== null) {
+      throw new AppError('Login Already Exists', 409);
+    }
+
+    const hashedPassword = await hash(password, 8);
+
+    const user = userRepository.create({
+      name,
+      login,
+      password: hashedPassword,
+    });
+
+    return userRepository.save(user);
+  }
+}
+
+export default ServiceCreateUser;

src/service/ServiceDeleteUser.ts

@@ -0,0 +1,12 @@
+import { aqmDataSouce } from '../config/database';
+import User from '../models/User';
+
+class ServiceDeleteUser {
+  public async execute(id: string): Promise<void> {
+    const userRepository = aqmDataSouce.getRepository(User);
+
+    await userRepository.delete(id);
+  }
+}
+
+export default ServiceDeleteUser;