Merge pull request #4 from Gambitier/authentication

Authentication & Authorization

Author: gambitier

Projects/BooksLibrary/.env.sample

@@ -6,4 +6,6 @@ API_VERSION=0.0.1
 DB_USER_NAME = someusername
 DB_USER_PASSWORD = somepass
 DB_NAME = somename
-DB_HOST = host
+DB_HOST = host
+
+USER_ACCESS_TOKEN_SECRET = test

Projects/BooksLibrary/package-lock.json

@@ -12,6 +12,7 @@
     "author": "akash jadhav",
     "license": "ISC",
     "devDependencies": {
+        "@types/bcryptjs": "^2.4.2",
         "@types/cors": "^2.8.12",
         "@types/express": "^4.17.13",
         "@types/express-fileupload": "^1.2.2",
@@ -28,6 +29,7 @@
         "typescript": "^4.6.2"
     },
     "dependencies": {
+        "bcryptjs": "^2.4.3",
         "cors": "^2.8.5",
         "dotenv": "^16.0.0",
         "express": "^4.17.3",

Projects/BooksLibrary/package.json

@@ -0,0 +1,162 @@
+{
+	"info": {
+		"_postman_id": "0a362e15-a9cb-49f7-bec7-d9ae7272d0a4",
+		"name": "API",
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+	},
+	"item": [
+		{
+			"name": "API Version",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{BaseUrl}}",
+					"host": [
+						"{{BaseUrl}}"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "Create User",
+			"request": {
+				"method": "POST",
+				"header": [],
+				"body": {
+					"mode": "raw",
+					"raw": "{\r\n    \"Email\": \"akash@gmail.com\",\r\n    \"FirstName\": \"                    Akash                    \",\r\n    \"LastName\": \"Jadhav\",\r\n    \"Password\": \"Test@123\"\r\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{BaseUrl}}/users",
+					"host": [
+						"{{BaseUrl}}"
+					],
+					"path": [
+						"users"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "user login",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test(\"Status code is 200\", function () {\r",
+							"    pm.response.to.have.status(200);\r",
+							"});\r",
+							"pm.test(\"Body matches string\", function () {\r",
+							"    pm.expect(pm.response.text()).to.include(\"AccessToken\");\r",
+							"});\r",
+							"var jsonData = pm.response.json();\r",
+							"pm.collectionVariables.set(\"AccessToken\", jsonData.Data.entity.AccessToken);"
+						],
+						"type": "text/javascript"
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [],
+				"body": {
+					"mode": "raw",
+					"raw": "{\r\n    \"Email\": \"Kiran.kharade@yopmail.com\",\r\n    \"Password\": \"Test@123\"\r\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{BaseUrl}}/auth/login",
+					"host": [
+						"{{BaseUrl}}"
+					],
+					"path": [
+						"auth",
+						"login"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "user get by id",
+			"protocolProfileBehavior": {
+				"disableBodyPruning": true
+			},
+			"request": {
+				"method": "GET",
+				"header": [
+					{
+						"key": "authorization",
+						"value": "Bearer {{AccessToken}}",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "{\r\n    \"Email\": \"Kiran.kharade@yopmail.com\",\r\n    \"Password\": \"Test@123\"\r\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{BaseUrl}}/users/15ee7f17-43c6-46e9-a19b-f82440ef8011",
+					"host": [
+						"{{BaseUrl}}"
+					],
+					"path": [
+						"users",
+						"15ee7f17-43c6-46e9-a19b-f82440ef8011"
+					]
+				}
+			},
+			"response": []
+		}
+	],
+	"event": [
+		{
+			"listen": "prerequest",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		},
+		{
+			"listen": "test",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		}
+	],
+	"variable": [
+		{
+			"key": "BaseUrl",
+			"value": "http://localhost:7272/api/v1",
+			"type": "string"
+		},
+		{
+			"key": "AccessToken",
+			"value": "",
+			"type": "string"
+		}
+	]
+}

Projects/BooksLibrary/postman/API.postman_collection.json

@@ -0,0 +1,33 @@
+import express from 'express';
+import { Authorizer } from '../../auth/authorizer';
+import { ApiError } from '../../common/api.error';
+import { Loader } from '../../startup/loader';
+
+///////////////////////////////////////////////////////////////////////////////////////
+
+export class BaseController {
+    _authorizer: Authorizer = null;
+
+    constructor() {
+        this._authorizer = Loader.authorizer;
+    }
+
+    setContext = async (context: string, request: express.Request, response: express.Response, authorize = true) => {
+        if (context === undefined || context === null) {
+            throw new ApiError(500, 'Invalid request context');
+        }
+        const tokens = context.split('.');
+        if (tokens.length < 2) {
+            throw new ApiError(500, 'Invalid request context');
+        }
+        const resourceType = tokens[0];
+        request.context = context;
+        request.resourceType = resourceType;
+        if (request.params.id !== undefined && request.params.id !== null) {
+            request.resourceId = request.params.id;
+        }
+        if (authorize) {
+            await Loader.authorizer.authorize(request, response);
+        }
+    };
+}

Projects/BooksLibrary/src/api/controllers/base.controller.ts

@@ -1,20 +1,22 @@
 import { UserValidator } from 'api/validators/user.validator';
 import { Authorizer } from 'auth/authorizer';
 import { ResponseHandler } from 'common/response.handler';
-import { UserDomainModel } from 'domain.types/user/user.domain.model';
+import { UserDomainModel, UserLoginDetails } from 'domain.types/user/user.domain.model';
 import { UserDetailsDto } from 'domain.types/user/user.dto';
 import express from 'express';
 import { UserService } from 'services/user.service';
 import { Loader } from 'startup/loader';
+import { BaseController } from './base.controller';
 
-export class UserController {
+export class UserController extends BaseController {
     //#region member variables and constructors
 
     _service: UserService = null;
 
     _authorizer: Authorizer = null;
 
     constructor() {
+        super();
         this._service = Loader.container.resolve(UserService);
         this._authorizer = Loader.authorizer;
     }
@@ -26,7 +28,26 @@ export class UserController {
     };
 
     getById = async (request: express.Request, response: express.Response): Promise<void> => {
-        throw new Error('Method not implemented.');
+        try {
+            await this.setContext('User.getById', request, response);
+
+            const userId: string = await UserValidator.get(request, response);
+
+            const userdetails: UserDetailsDto = await this._service.getById(userId);
+
+            ResponseHandler.success(
+                request,
+                response,
+                'User get by id!',
+                200,
+                {
+                    entity: userdetails,
+                },
+                false
+            );
+        } catch (err) {
+            ResponseHandler.handleError(request, response, err);
+        }
     };
 
     search = async (request: express.Request, response: express.Response): Promise<void> => {
@@ -35,7 +56,7 @@ export class UserController {
 
     create = async (request: express.Request, response: express.Response): Promise<void> => {
         try {
-            // request.context = 'User.create';
+            this.setContext('User.create', request, response);
 
             const domainData: UserDomainModel = await UserValidator.create(request, response);
 
@@ -55,4 +76,34 @@ export class UserController {
             ResponseHandler.handleError(request, response, err);
         }
     };
+
+    loginWithPassword = async (request: express.Request, response: express.Response): Promise<void> => {
+        try {
+            // request.context = 'User.create';
+
+            const domainData: UserLoginDetails = await UserValidator.loginWithPassword(request, response);
+
+            const userdetails = await this._service.loginWithPassword(domainData);
+
+            const message = `User '${userdetails.user.FirstName}' logged in successfully!`;
+
+            const data = {
+                AccessToken: userdetails.accessToken,
+                User: userdetails.user,
+            };
+
+            ResponseHandler.success(
+                request,
+                response,
+                message,
+                200,
+                {
+                    entity: data,
+                },
+                false
+            );
+        } catch (err) {
+            ResponseHandler.handleError(request, response, err);
+        }
+    };
 }