Larascript-Framework · ben-shepherd · Oct 14, 2024 · Sep 23, 2024 · Sep 23, 2024 · Sep 24, 2024
diff --git a/.env.example b/.env.example
@@ -3,6 +3,7 @@ APP_EVENT_DRIVER=sync
 APP_WORKER_DRIVER=queue
 
 JWT_SECRET=
+JWT_EXPIRES_IN_MINUTES=60
 
 DATABASE_DEFAULT_CONNECTION=default
 DATABASE_DEFAULT_PROVIDER=

diff --git a/assets/banner_black.png b/assets/banner_black.png
diff --git a/assets/banner_blank.png b/assets/banner_blank.png
diff --git a/changelist.md b/changelist.md
@@ -0,0 +1,43 @@
+## Version 1.0.1 (Beta)
+
+### Security Enhancements
+- Added security features to Express routes
+- Implemented rate limiting
+- Added configurable token expiration
+- Introduced user scopes, resource scopes, and API token scopes
+- Implemented permission groups, user groups, and roles
+
+### Authentication and Authorization
+- Refactored security rules and middleware
+- Updated authorization middleware to include scopes
+- Improved handling of custom identifiers
+
+### Request Handling
+- Refactored CurrentRequest into RequestContext
+- Added IP address handling to RequestContext
+- Moved RequestContext into an app container
+
+### Route Resources
+- Added 'index' and 'all' filters to RouteResources
+- Renamed 'name' to 'path' in IRouteResourceOptions
+- Updated to allow for partial scopes
+
+### Command Handling
+- Fixed argument processing in ListRoutesCommand
+- Enabled registration of commands with configs in the same module
+
+### Code Refactoring and Optimization
+- Consolidated security interfaces into a single file
+- Removed debug console logs
+- Fixed incorrect import paths
+- Refactored Express domain files
+
+### Bug Fixes
+- Resolved a potential "headers already sent" issue
+- Fixed migration failures related to missing files
+- Corrected custom identifier handling
+
+### Miscellaneous
+- Updated Observer with awaitable methods
+- Improved route logging to include security rules
+- Various comment updates for improved clarity
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "larascript-framework",
-  "version": "1.0.1",
+  "version": "1.1.1",
   "description": "A Node.js framework inspired by Laravel made with TypeScript",
   "main": "index.js",
   "scripts": {
@@ -35,6 +35,7 @@
     "sequelize": "^6.37.3",
     "sqlite3": "^5.1.7",
     "uuid": "^10.0.0",
+    "winston": "^3.15.0",
     "zod": "^3.23.8"
   },
   "devDependencies": {

diff --git a/readme.md b/readme.md
@@ -72,7 +72,17 @@ Follow these steps to quickly set up your project:
 
    This will install all the necessary dependencies for your project.
 
-3. **Start Database Containers**:
+3. **Add write permissions to logs directory**
+
+    After installing dependencies, you need to add write permissions to the logs directory:
+
+    ```
+    chmod -R 755 /path/to/larascript/storage/logs
+    ```
+
+    This ensures that your application can write log files as needed.
+
+4. **Start Database Containers**:
 
    To set up your database environment, run:
 
@@ -82,7 +92,7 @@ Follow these steps to quickly set up your project:
 
    This command will start the necessary database containers for your project.
 
-4. **Run the setup command (optional)**:
+5. **Run the setup command (optional)**:
 
    If you want to populate the .env file with configured settings, use:
 
@@ -92,7 +102,7 @@ Follow these steps to quickly set up your project:
 
    This step is optional but can be helpful for quickly configuring your environment.
 
-5. **Run database migrations**:
+6. **Run database migrations**:
 
    To set up your database schema, run:
 
@@ -102,7 +112,7 @@ Follow these steps to quickly set up your project:
 
    This command will apply all pending database migrations.
 
-6. **Start developing**:
+7. **Start developing**:
 
    To start your development server, use:
 

diff --git a/src/app.ts b/src/app.ts
@@ -4,6 +4,7 @@ import appConfig from '@src/config/app';
 import CommandNotFoundException from '@src/core/domains/console/exceptions/CommandNotFoundException';
 import CommandBootService from '@src/core/domains/console/service/CommandBootService';
 import Kernel, { KernelOptions } from '@src/core/Kernel';
+import { App } from '@src/core/services/App';
 
 (async () => {
     try {
@@ -16,22 +17,22 @@ import Kernel, { KernelOptions } from '@src/core/Kernel';
          */
         await Kernel.boot(appConfig, options);
 
-        console.log('[App]: Started');
+        App.container('logger').info('[App]: Started');
 
         /**
          * Execute commands
          */
         await cmdBoot.boot(args);
 
-    }
+    }
     catch (err) {
 
         // We can safetly ignore CommandNotFoundExceptions 
         if(err instanceof CommandNotFoundException) {
             return;
         }
 
-        console.error('[App]: Failed to start', err);
+        App.container('logger').error('[App]: Failed to start', err);
         throw err;
     }
 })();
diff --git a/src/app/commands/ExampleCommand.ts b/src/app/commands/ExampleCommand.ts
@@ -5,7 +5,7 @@ export default class ExampleCommand extends BaseCommand {
     signature: string = 'app:example';
 
     async execute() {
-        console.log('Hello world!')
+        // Handle the logic
     }
 
 }
diff --git a/src/app/events/listeners/ExampleListener.ts b/src/app/events/listeners/ExampleListener.ts
@@ -2,8 +2,9 @@ import EventListener from "@src/core/domains/events/services/EventListener";
 
 export class ExampleListener extends EventListener<{userId: string}> {
 
+    // eslint-disable-next-line no-unused-vars
     handle = async (payload: { userId: string}) => {
-        console.log('[ExampleListener]', payload.userId)
+        // Handle the logic
     }
-
+
 }
diff --git a/src/app/migrations/2024-09-06-create-api-token-table.ts b/src/app/migrations/2024-09-06-create-api-token-table.ts
@@ -1,6 +1,6 @@
+import ApiToken from "@src/app/models/auth/ApiToken";
 import BaseMigration from "@src/core/domains/migrations/base/BaseMigration";
 import { DataTypes } from "sequelize";
-import ApiToken from "@src/app/models/auth/ApiToken";
 
 export class CreateApiTokenMigration extends BaseMigration {
 
@@ -17,6 +17,7 @@ export class CreateApiTokenMigration extends BaseMigration {
         await this.schema.createTable(this.table, {
             userId: DataTypes.STRING,
             token: DataTypes.STRING,
+            scopes: DataTypes.JSON,
             revokedAt: DataTypes.DATE
         })
     }

diff --git a/src/app/migrations/2024-09-06-create-user-table.ts b/src/app/migrations/2024-09-06-create-user-table.ts
@@ -1,6 +1,6 @@
+import User from "@src/app/models/auth/User";
 import BaseMigration from "@src/core/domains/migrations/base/BaseMigration";
 import { DataTypes } from "sequelize";
-import User from "@src/app/models/auth/User";
 
 export class CreateUserModelMigration extends BaseMigration {
 
@@ -22,6 +22,7 @@ export class CreateUserModelMigration extends BaseMigration {
         await this.schema.createTable(this.table, {
             email: DataTypes.STRING,
             hashedPassword: DataTypes.STRING,
+            groups: DataTypes.JSON,
             roles: DataTypes.JSON,
             firstName: stringNullable,
             lastName: stringNullable,

diff --git a/src/app/models/auth/ApiToken.ts b/src/app/models/auth/ApiToken.ts
@@ -1,7 +1,9 @@
 import User from '@src/app/models/auth/User';
+import ApiTokenObserver from '@src/app/observers/ApiTokenObserver';
 import Model from '@src/core/base/Model';
 import IApiTokenModel, { IApiTokenData } from '@src/core/domains/auth/interfaces/IApitokenModel';
 import IUserModel from '@src/core/domains/auth/interfaces/IUserModel';
+import Scopes from '@src/core/domains/auth/services/Scopes';
 
 /**
  * ApiToken model
@@ -20,9 +22,26 @@ class ApiToken extends Model<IApiTokenData> implements IApiTokenModel {
     public fields: string[] = [
         'userId',
         'token',
+        'scopes',
         'revokedAt'
     ]
 
+    public json: string[] = [
+        'scopes'
+    ]
+
+    /**
+     * Construct an ApiToken model from the given data.
+     *
+     * @param {IApiTokenData} [data=null] The data to construct the model from.
+     *
+     * @constructor
+     */
+    constructor(data: IApiTokenData | null = null) {
+        super(data)
+        this.observeWith(ApiTokenObserver)
+    }
+
     /**
      * Disable createdAt and updatedAt timestamps
      */
@@ -39,6 +58,21 @@ class ApiToken extends Model<IApiTokenData> implements IApiTokenModel {
         })
     }   
 
+    /**
+     * Checks if the given scope(s) are present in the scopes of this ApiToken
+     * @param scopes The scope(s) to check
+     * @returns True if all scopes are present, false otherwise
+     */
+    public hasScope(scopes: string | string[], exactMatch: boolean = true): boolean {
+        const currentScopes = this.getAttribute('scopes') ?? [];
+
+        if(exactMatch) {
+            return Scopes.exactMatch(currentScopes, scopes);
+        }
+
+        return Scopes.partialMatch(currentScopes, scopes);
+    }
+
 }
 
 export default ApiToken
diff --git a/src/app/models/auth/User.ts b/src/app/models/auth/User.ts
@@ -1,7 +1,23 @@
 import ApiToken from "@src/app/models/auth/ApiToken";
 import UserObserver from "@src/app/observers/UserObserver";
 import Model from "@src/core/base/Model";
-import IUserModel, { IUserData } from "@src/core/domains/auth/interfaces/IUserModel";
+import IUserModel from "@src/core/domains/auth/interfaces/IUserModel";
+import IModelAttributes from "@src/core/interfaces/IModelData";
+
+/**
+ * User structure
+ */
+export interface IUserData extends IModelAttributes {
+    email: string;
+    password?: string;
+    hashedPassword: string;
+    roles: string[];
+    groups: string[];
+    firstName?: string;
+    lastName?: string;
+    createdAt?: Date;
+    updatedAt?: Date;
+}
 
 /**
  * User model
@@ -31,7 +47,8 @@ export default class User extends Model<IUserData> implements IUserModel {
     guarded: string[] = [
         'hashedPassword',
         'password',
-        'roles'
+        'roles',
+        'groups',
     ];
 
     /**
@@ -56,9 +73,44 @@ export default class User extends Model<IUserData> implements IUserModel {
      * These fields will be returned as JSON when the model is serialized.
      */
     json = [
+        'groups',
         'roles'
     ]
 
+    /**
+     * Checks if the user has the given role
+     *
+     * @param role The role to check
+     * @returns True if the user has the role, false otherwise
+     */
+    hasRole(roles: string | string[]): boolean {
+        roles = typeof roles === 'string' ? [roles] : roles;
+        const userRoles = this.getAttribute('roles') ?? [];
+
+        for(const role of roles) {
+            if(!userRoles.includes(role)) return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Checks if the user has the given role
+     *
+     * @param role The role to check
+     * @returns True if the user has the role, false otherwise
+     */
+    hasGroup(groups: string | string[]): boolean {
+        groups = typeof groups === 'string' ? [groups] : groups;
+        const userGroups = this.getAttribute('groups') ?? [];
+
+        for(const group of groups) {
+            if(!userGroups.includes(group)) return false;
+        }
+
+        return true;
+    }
+
     /**
      * @returns The tokens associated with this user
      *

diff --git a/src/app/observers/ApiTokenObserver.ts b/src/app/observers/ApiTokenObserver.ts
@@ -0,0 +1,53 @@
+import UserRepository from "@src/app/repositories/auth/UserRepository";
+import { IApiTokenData } from "@src/core/domains/auth/interfaces/IApitokenModel";
+import IUserModel from "@src/core/domains/auth/interfaces/IUserModel";
+import Observer from "@src/core/domains/observer/services/Observer";
+import { App } from "@src/core/services/App";
+
+interface IApiTokenObserverData extends IApiTokenData {
+
+}
+
+export default class ApiTokenObserver extends Observer<IApiTokenObserverData> {  
+
+    protected readonly userRepository = new UserRepository();
+
+    /**
+     * Called when a data object is being created.
+     * @param data The model data being created.
+     * @returns The processed model data.
+     */
+    async creating(data: IApiTokenObserverData): Promise<IApiTokenObserverData> {
+        data = await this.addGroupScopes(data)
+        return data
+    }
+
+    /**
+     * Adds scopes from groups the user is a member of to the scopes of the ApiToken being created.
+     * @param data The ApiToken data being created.
+     * @returns The ApiToken data with the added scopes.
+     */
+
+    async addGroupScopes(data: IApiTokenObserverData): Promise<IApiTokenObserverData> {
+        const user = await this.userRepository.findById(data.userId) as IUserModel;
+
+        if(!user) {
+            return data
+        }
+
+        const userGroups = user.getAttribute('groups') ?? [];
+
+        for(const userGroup of userGroups) {
+            const group = App.container('auth').config.permissions.groups.find(g => g.name === userGroup);
+            const scopes = group?.scopes ?? [];
+
+            data.scopes = [
+                ...data.scopes,
+                ...scopes
+            ]
+        }
+
+        return data
+    }
+
+}