Merge 90349be into a16f016

andela · Aug 1, 2019 · 6a9e669 · 6a9e669
2 parents a16f016 + 90349be
commit 6a9e669
Show file tree

Hide file tree

Showing 16 changed files with 316 additions and 4 deletions.
diff --git a/.env.sample b/.env.sample
@@ -3,3 +3,4 @@ DB_URL_DEV=postgres://rambo:rambo@localhost:2800/haven
 DB_URL_PRODUCTION=postgres://authors:haven@localhost:2800/haven
 NODE_ENV=development
 BASE_URL=/api/v5
+JWT_KEY=passkey
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -31,6 +31,7 @@
     "debug": "^4.1.1",
     "dotenv": "^8.0.0",
     "express": "^4.17.1",
+    "jsonwebtoken": "^8.5.1",
     "morgan": "^1.9.1",
     "pg": "^7.11.0",
     "pg-hstore": "^2.3.3",
@@ -63,6 +64,7 @@
     "nodemon": "^1.19.1",
     "nyc": "^14.1.1",
     "prettier-eslint-cli": "^5.0.0",
-    "sinon": "^7.3.2"
+    "sinon": "^7.3.2",
+    "sinon-chai": "^3.3.0"
   }
 }
diff --git a/server/helpers/checkExistingUser.js b/server/helpers/checkExistingUser.js
@@ -18,4 +18,12 @@ const checkEmail = email => User.findOne({ where: { email } });
  */
 const checkUserName = userName => User.findOne({ where: { userName } });
 
-export { checkEmail, checkUserName };
+/**
+ * @name checkId
+ * @description function that checks if the username provided is in the database
+ * @param {String} id id to check in the database
+ * @returns {Boolean} True or false value indicating if username exists
+ */
+const checkId = id => User.findOne({ where: { id } });
+
+export { checkEmail, checkUserName, checkId };
diff --git a/server/helpers/findToken.js b/server/helpers/findToken.js
@@ -0,0 +1,16 @@
+import models from '../database/models';
+
+const { Session } = models;
+
+/**
+ * @name findUser
+ * @param {string} param
+ * @param {string} response
+ * @return {string} object
+ */
+const findToken = async (param) => {
+  const session = await Session.findOne({ active: true }, { where: param });
+  return session;
+};
+
+export default findToken;
diff --git a/server/helpers/generateToken.js b/server/helpers/generateToken.js
@@ -0,0 +1,11 @@
+import jwt from 'jsonwebtoken';
+
+/**
+ * @name generateToken
+ * @param {string} payload
+ * @param {string} expiresIn
+ * @return {string} token
+ */
+const generateToken = payload => jwt.sign(payload, process.env.JWT_KEY);
+
+export default generateToken;
diff --git a/server/helpers/index.js b/server/helpers/index.js
@@ -1,6 +1,14 @@
 import { serverResponse, serverError } from './serverResponse';
-import { checkEmail, checkUserName } from './checkExistingUser';
+import { checkEmail, checkUserName, checkId } from './checkExistingUser';
+import findToken from './findToken';
+import generateToken from './generateToken';
 
 export {
-  serverResponse, serverError, checkEmail, checkUserName
+  serverResponse,
+  serverError,
+  checkEmail,
+  checkUserName,
+  findToken,
+  generateToken,
+  checkId
 };
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
@@ -0,0 +1,5 @@
+import verifyToken from './verifyToken';
+
+const middlewares = { verifyToken };
+
+export default middlewares;
diff --git a/server/middlewares/verifyToken.js b/server/middlewares/verifyToken.js
@@ -0,0 +1,37 @@
+import jwt from 'jsonwebtoken';
+import { serverResponse, findToken, checkId } from '../helpers';
+
+
+/**
+ * @name verifyToken
+ * @param {object} request
+ * @param {object} response
+ * @param {object} next
+ * @return {string} object
+ */
+const verifyToken = async (request, response, next) => {
+  try {
+    const token = request.headers.authorization || request.query.token;
+    if (!token) {
+      return serverResponse(response, 401, { message: 'no token provided' });
+    }
+    const decoded = await jwt.verify(token, process.env.JWT_KEY);
+    const user = await checkId(decoded.id, response);
+    if (!user) {
+      return serverResponse(response, 404, {
+        message: 'user does not exist'
+      });
+    }
+    const session = await findToken(token);
+    if (!session) {
+      return serverResponse(response, 440, {
+        message: 'session expired'
+      });
+    }
+    next();
+  } catch (err) {
+    return serverResponse(response, 401, { message: err.name });
+  }
+};
+
+export default verifyToken;
diff --git a/test/helpers/findToken.test.js b/test/helpers/findToken.test.js
@@ -0,0 +1,26 @@
+import chai, { expect } from 'chai';
+import sinon from 'sinon';
+import sinonChai from 'sinon-chai';
+import models from '../../server/database/models';
+import { findToken } from '../../server/helpers';
+
+const { Session } = models;
+
+chai.use(sinonChai);
+
+describe(
+  'verify token middleware', () => {
+    afterEach(() => {
+      if (Session.findOne.restore) Session.findOne.restore();
+    });
+
+    it('find token', async () => {
+      const params = { token: 'auth' };
+      sinon.stub(Session, 'findOne').returns(true);
+      await findToken(params);
+    });
+  }
+);
+
+
+export default chai;
diff --git a/test/helpers/generateToken.test.js b/test/helpers/generateToken.test.js
@@ -0,0 +1,14 @@
+import chai from 'chai';
+import { generateToken } from '../../server/helpers';
+
+const { expect } = chai;
+
+describe('Test generateToken function', async () => {
+  it('should return a token', () => {
+    const payload = { id: 1 };
+    const token = generateToken(payload);
+    expect(token).to.be.a('string');
+  });
+});
+
+export default chai;
diff --git a/test/helpers/index.js b/test/helpers/index.js
@@ -0,0 +1,4 @@
+import generateToken from './generateToken.test';
+import findToken from './findToken.test';
+
+export { generateToken, findToken };
diff --git a/test/index.test.js b/test/index.test.js
@@ -2,6 +2,8 @@ import chai from 'chai';
 import chaiHttp from 'chai-http';
 import server from '../server';
 import './users';
+// import './helpers';
+// import './middlewares';
 
 const { expect } = chai;
 

diff --git a/test/middlewares/index.js b/test/middlewares/index.js
@@ -0,0 +1,3 @@
+import verifyToken from './verifyToken.test';
+
+export default { verifyToken };