feat(authentication): user sign-up and authentication

 - update user tests to test for token generation
 - hash user password
 - authenticate user
 - save user data to the database
 - add unit test for user login
 - add user login endpoint
 - document login endpoint
 - add build script to package.json

[Finishes #166789868]

.gitignore

@@ -49,3 +49,6 @@ package-lock.json
 
 #editorconfig
 .editorconfig
+
+#dist
+dist

.nycrc

@@ -1,6 +1,7 @@
 {
   "exclude": [
     "tests",
-    "src/db/"
+    "src/db/",
+    "src/index.js"
   ]
 }

README.md

@@ -19,9 +19,9 @@ However, for the purpose of testing and configurations, one endpoint has been cr
 
 > create database to postgresql
 ```
-> createdb authorsHavenDb
+> createdb authorshavendb
 ```
-remember to change the password in config.json file for development
+remember to change the password in config.js file for development
 
 > create your config file
 ```

example.env

@@ -1,5 +1,6 @@
 DATABASE_USERNAME_DEV="your-database-username"
-SECRET_KEY="your-database-password"
+DATABASE_PASSWORD="your-database-password"
+SECRET_JWT_KEY="your-own-secret-key"
 HEROKU_DATABASE_USERNAME="heroku-database-username"
 HEROKU_SECRET_KEY="heroku-database-password"
 HEROKU_HOST="heroku-host"

package.json

@@ -9,7 +9,8 @@
     "coverage": "npm test && nyc report --reporter=text-lcov | coveralls",
     "drop_tables": "sequelize db:migrate:undo:all",
     "create_tables": "sequelize db:migrate",
-    "start": "babel-node ./src/index.js",
+    "start": "node dist/index.js",
+    "build": "babel src --out-dir dist",
     "dev": "nodemon --exec babel-node ./src/index.js"
   },
   "engines": {
@@ -18,32 +19,35 @@
   "author": "Andela Simulations Programme",
   "license": "MIT",
   "dependencies": {
+    "bcrypt": "^3.0.6",
+    "body-parser": "^1.19.0",
     "dotenv": "^6.2.0",
     "ejs": "^2.6.1",
     "errorhandler": "^1.5.0",
     "express": "^4.17.1",
     "express-session": "^1.15.6",
+    "jsonwebtoken": "^8.5.1",
     "method-override": "^2.3.10",
     "methods": "^1.1.2",
     "morgan": "^1.9.1",
     "nyc": "^14.1.1",
     "pg": "^7.11.0",
     "pg-hstore": "^2.3.3",
+    "regenerator-runtime": "^0.13.2",
     "request": "^2.87.0",
     "sequelize": "^5.8.12",
     "sequelize-cli": "^5.5.0",
-    "body-parser": "^1.19.0",
-    "underscore": "^1.9.1",
     "swagger-jsdoc": "^1.3.0",
     "swagger-ui-express": "^4.0.2",
+    "underscore": "^1.9.1"
+  },
+  "devDependencies": {
+    "mocha": "^6.1.4",
     "babel-cli": "^6.26.0",
     "babel-core": "^6.26.3",
     "babel-polyfill": "^6.26.0",
     "babel-register": "^6.26.0",
-    "babel-preset-env": "^1.7.0"
-  },
-  "devDependencies": {
-    "mocha": "^6.1.4",
+    "babel-preset-env": "^1.7.0",
     "chai": "^4.2.0",
     "chai-http": "^4.3.0",
     "coveralls": "^3.0.4",

src/controllers/userControllers.js

@@ -1,3 +1,5 @@
+import jwt from 'jsonwebtoken';
+import bcrypt from 'bcrypt';
 import model from '../db/models/index';
 
 const { Users } = model;
@@ -14,17 +16,25 @@ class UserManager {
    */
   static async registerUser(req, res) {
     try {
-      const { username, email, password } = req.body;
+      const {
+        username, email, password, bio, image
+      } = req.body;
       const user = {
-        username, email, hash: password
+        username, email, hash: password, bio, image: null
       };
 
+      const payload = { username, email };
+      const token = await jwt.sign(payload, process.env.SECRET_JWT_KEY, { expiresIn: '24h' });
+
       await Users.create(user);
       return res.status(201).json({
         message: 'user registered succesfully',
         user: {
-          username,
           email,
+          token,
+          username,
+          bio,
+          image
         }
       });
     } catch (error) {
@@ -33,5 +43,50 @@ class UserManager {
       });
     }
   }
+
+  /**
+   *
+   * @param {object} req
+   * @param {object} res
+   * @returns {Object} user object
+   */
+  static async login(req, res) {
+    try {
+      const findUser = await Users.findOne({
+        where: { email: req.body.email }
+      });
+
+      if (findUser) {
+        const { username, email, hash } = findUser.dataValues;
+        const userData = { username, email, hash };
+
+        if (bcrypt.compareSync(req.body.password, userData.hash)) {
+          const payload = {
+            username: userData.username,
+            email: userData.email
+          };
+          const token = jwt.sign(payload, process.env.SECRET_JWT_KEY, { expiresIn: '24h' });
+          return res.status(200).json({
+            message: 'login succesfull',
+            user: {
+              token,
+              email: payload.email,
+              username: payload.username
+            }
+          });
+        }
+        return res.status(401).json({
+          message: 'incorrect password'
+        });
+      }
+      return res.status(404).json({
+        message: `user with email: ${req.body.email} does not exist`
+      });
+    } catch (error) {
+      return res.status(500).json({
+        message: 'internal server error! please try again later'
+      });
+    }
+  }
 }
 export default UserManager;

src/db/config/config.js

@@ -11,11 +11,10 @@ const config = {
   },
   test: {
     username: envConfig.db_username_test,
-    password: envConfig.db_password,
+    password: envConfig.db_password_test,
     database: 'ah_db_test',
-    host: '127.0.0.1',
-    dialect: 'postgres',
-    operatorsAliases: false
+    host: 'localhost',
+    dialect: 'postgres'
   },
   production: {
     username: envConfig.db_username_pro,

src/db/config/envirnoment.js

@@ -8,7 +8,7 @@ envConfig.db_password = process.env.DATABASE_PASSWORD;
 envConfig.port = process.env.PORT || 7000;
 
 envConfig.db_username_test = process.env.DATABASE_USERNAME_TEST;
-envConfig.db_password_test = process.env.DATABASE_PASSWORD;
+envConfig.db_password_test = process.env.DATABASE_PASSWORD_TEST;
 
 envConfig.db_username_pro = process.env.HEROKU_DATABASE_USERNAME;
 envConfig.db_password_pro = process.env.HEROKU_SECRET_KEY;

src/db/models/users.js

@@ -1,3 +1,5 @@
+import bcrypt from 'bcrypt';
+
 export default (sequelize, DataTypes) => {
   const Users = sequelize.define('Users', {
     username: {
@@ -30,7 +32,18 @@ export default (sequelize, DataTypes) => {
       }
     }],
     hash: DataTypes.STRING
-  }, {});
+  }, {
+    hooks: {
+      beforeCreate: async (user) => {
+        user.hash = await bcrypt.hashSync(user.hash, 8);
+      },
+    },
+    instanceMethods: {
+      validatePassword: async function(hash) {
+        return await bcrypt.compareSync(hash, this.password);
+      }
+    }
+  });
   Users.associate = () => {
   };
   return Users;

src/index.js

@@ -1,3 +1,4 @@
+import 'regenerator-runtime';
 import express from 'express';
 import logger from 'morgan';
 import bodyParser from 'body-parser';
@@ -8,16 +9,17 @@ import config from './db/config/envirnoment';
 
 const app = express(); // setup express application
 
-// Access swagger ui documentation on this route
-app.use('/api-docs', swaggerUI.serve, swaggerUI.setup(swaggerJSDoc));
-
 app.use(logger('dev')); // log requests to the console
 
 // Parse incoming requests data
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(routes);
-app.get('*', (req, res) => res.status(200).send({
+
+// Access swagger ui documentation on this route
+app.use('/', swaggerUI.serve, swaggerUI.setup(swaggerJSDoc));
+
+app.use('/*', (req, res) => res.status(200).send({
   message: 'Welcome to the default Authors Haven API route',
 }));
 

src/routes/api/users.js

@@ -4,5 +4,6 @@ import userController from '../../controllers/userControllers';
 const router = express.Router();
 
 router.post('/users', userController.registerUser);
+router.post('/users/login', userController.login);
 
 export default router;

swagger.json

@@ -5,7 +5,7 @@
         "version": "1.0.0",
         "description": "Authors Haven Documentation with Swagger"
       },
-      "host": "ah-lobos-backend-swagger.herokuapp.com",
+      "host": "ah-lobos-staging.herokuapp.com",
       "basePath": "/",
     "tags": [
       {
@@ -34,6 +34,24 @@
                 "type": "string"
               }
             }
+        },
+        "login": {
+            "required": [
+              "username",
+              "email",
+              "password"
+            ],
+            "properties": {
+              "username": {
+                "type": "string"
+              },
+              "email": {
+                "type": "string"
+              },
+              "password": {
+                "type": "string"
+              }
+            }
         }
     },
     "paths": {
@@ -65,6 +83,41 @@
                 }
               }
             }
+        },
+        "/api/users/login": {
+            "post": {
+              "tags": ["users"],
+              "description": "Login a user",
+              "parameters": [
+                {
+                  "name": "body",
+                  "in": "body",
+                  "description": "User login",
+                  "require": true,
+                  "schema": {
+                    "$ref": "#/definitions/login"
+                  }
+                }
+              ],
+              "produces": ["application/json"],
+              "responses": {
+                "200": {
+                  "description": "login succesfull",
+                  "schema": {
+                    "$ref": "#/definitions/login"
+                  }
+                },
+                "404": {
+                    "description": "user with email does not exist"
+                },
+                "401": {
+                    "description": "incorrect password"
+                },
+                "500": {
+                    "description": "internal server error! please try again later"
+                }
+              }
+            }
         }
     }
 }