Merge branch 'release/1.4.0'

Author: hirsch88

.env.example

@@ -5,6 +5,7 @@ APP_NAME=express-typescript-boilerplate
 APP_ENV=local
 APP_HOST=http://localhost
 APP_PORT=3000
+APP_URL_PREFIX=/api
 
 #
 # LOGGING
@@ -34,10 +35,4 @@ DB_SEEDS_DIR=./src/database/seeds
 #
 # Auth0
 #
-AUTH0_HOST=https://w3tecch.auth0.com
-AUTH0_OAUTH=/oauth
-AUTH0_API=/api/v2
-AUTH0_CLIENT_ID=auth0_client_id
-AUTH0_CLIENT_SECRET=auth0_client_secret
-AUTH0_AUDIENCE=https://my.auth0.com/api/v2/
-AUTH0_GRANT_TYPE=client_credentials
+AUTH0_HOST=http://localhost:3333

package.json

@@ -1,12 +1,15 @@
 {
   "name": "express-typescript-boilerplate",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "A delightful way to building a RESTful API with NodeJs & TypeScript",
   "main": "src/index.ts",
   "scripts": {
     "lint": "./node_modules/.bin/gulp lint",
-    "test": "NODE_ENV=test ./node_modules/.bin/jest ./test/unit --verbose --coverage",
-    "test:black-box": "NODE_ENV=test ./node_modules/.bin/jest ./test/black-box -i --verbose",
+    "test": "NODE_ENV=test ./node_modules/.bin/jest ./test/unit",
+    "test:pretty": "NODE_ENV=test ./node_modules/.bin/jest ./test/unit --verbose",
+    "test:coverage": "NODE_ENV=test ./node_modules/.bin/jest ./test/unit --coverage",
+    "test:black-box": "NODE_ENV=test ./node_modules/.bin/jest ./test/black-box -i",
+    "test:black-box:pretty": "NODE_ENV=test ./node_modules/.bin/jest ./test/black-box -i --verbose",
     "build": "./node_modules/.bin/gulp build",
     "clean": "./node_modules/.bin/gulp clean",
     "db:migrate": "./node_modules/.bin/knex migrate:latest",
@@ -56,6 +59,7 @@
     "@types/faker": "^4.1.0",
     "@types/helmet": "0.0.35",
     "@types/jest": "^19.2.3",
+    "@types/jsonwebtoken": "^7.2.0",
     "@types/knex": "0.0.50",
     "@types/lodash": "^4.14.64",
     "@types/morgan": "^1.7.32",
@@ -87,6 +91,7 @@
     "inversify": "^4.1.0",
     "inversify-express-utils": "^3.5.1",
     "jest": "^20.0.3",
+    "jsonwebtoken": "^7.4.1",
     "knex": "^0.12.0",
     "lodash": "^4.17.4",
     "morgan": "^1.7.0",

src/api/controllers/UserController.ts

@@ -1,10 +1,10 @@
 import { injectable, inject } from 'inversify';
-import { Controller, Get, Post, Put, Delete, RequestParam, RequestBody, Response } from 'inversify-express-utils';
+import { Controller, Get, Post, Put, Delete, RequestParam, RequestBody, Response, Request } from 'inversify-express-utils';
 import { my } from 'my-express';
 import { Log } from '../../core/log';
 import { UserService } from '../services/UsersService';
 import { Types } from '../../constants/Types';
-import { authenticate } from '../middlewares/authenticate';
+import { authenticate, populateUser } from '../middlewares';
 
 const log = new Log('api:ctrl.UserController');
 
@@ -16,18 +16,24 @@ const log = new Log('api:ctrl.UserController');
  * @class UserController
  */
 @injectable()
-@Controller('/v1/user')
+@Controller('/v1/user', authenticate)
 export class UserController {
 
     constructor( @inject(Types.UserService) private userService: UserService) { }
 
-    @Get('/', authenticate)
+    @Get('/')
     public async findAll( @Response() res: my.Response): Promise<any> {
         log.debug('findAll');
         const users = await this.userService.findAll();
         return res.found(users.toJSON());
     }
 
+    @Get('/me', populateUser)
+    public async findMe( @Request() req: my.Request, @Response() res: my.Response): Promise<any> {
+        log.debug('findMe');
+        return res.found(req.user);
+    }
+
     @Get('/:id')
     public async findOne( @Response() res: my.Response, @RequestParam('id') id: string): Promise<any> {
         log.debug('findOne ', id);

src/api/middlewares/authenticate.ts

@@ -1,19 +1,69 @@
+import { RequestAPI, RequiredUriUrl, Options, Request, RequestResponse } from 'request';
 import { my } from 'my-express';
 import { Log } from '../../core/log';
 
-const log = new Log('api:middleware.authenticate');
+// const log = new Log('api:middleware.authenticate');
 
 /**
  * authenticate middleware
  * -----------------------
- * This middleware can be used to check if all credentials are given and
- * verify them.
+ * This middleware secures your resources with the auth0 authentication.
  *
  * @param req
  * @param res
  * @param next
  */
-export const authenticate = (req: my.Request, res: my.Response, next: my.NextFunction) => {
-    log.info('authenticate');
-    next();
+export const authenticate = (request: RequestAPI<Request, Options, RequiredUriUrl>, log: Log) =>
+    (req: my.Request, res: my.Response, next: my.NextFunction) => {
+        const token = getToken(req);
+
+        if (token === null) {
+            log.warn('No token given');
+            return res.failed(403, 'You are not allowed to request this resource!');
+        }
+        log.debug('Token is provided');
+
+        // Request user info at auth0 with the provided token
+        request({
+            method: 'POST',
+            url: `${process.env.AUTH0_HOST}/tokeninfo`,
+            form: {
+                id_token: token
+            }
+        }, (error: any, response: RequestResponse, body: any) => {
+            // Verify if the requests was successful and append user
+            // information to our extended express request object
+            if (!error && response.statusCode === 200) {
+                req.tokeninfo = JSON.parse(body);
+                log.info(`Retrieved user ${req.tokeninfo.email}`);
+                return next();
+            }
+
+            // Catch auth0 exception and return it as it is
+            log.warn(`Could not retrieve the user, because of`, body);
+            let statusCode = 401;
+            if (response && response.statusCode) {
+                statusCode = response.statusCode;
+            } else {
+                log.warn('It seems your oauth server is down!');
+            }
+            res.failed(statusCode, body);
+
+        });
+
+    };
+
+/**
+ * Returns the access token of the given request header
+ */
+const getToken = (req: my.Request): string | null => {
+    const authorization = req.headers.authorization;
+
+    // Retrieve the token form the Authorization header
+    if (authorization && authorization.split(' ')[0] === 'Bearer') {
+        return authorization.split(' ')[1];
+    }
+
+    // No token was provided by the client
+    return null;
 };

src/api/middlewares/index.ts

@@ -0,0 +1,19 @@
+import * as request from 'request';
+import container from '../../container';
+import { Log } from '../../core/log';
+import { Types } from '../../constants/Types';
+import { UserService } from '../services/UsersService';
+
+import { authenticate as Authenticate } from './authenticate';
+import { populateUser as PopulateUser } from './populateUser';
+
+
+/**
+ * Middlewares
+ * ------------------------------------
+ * We build them up here so we can easily use them in the controllers and
+ * also be able to test the middlewares without any big effort.
+ */
+export const authenticate = Authenticate(request, new Log('api:middleware.authenticate'));
+export const populateUser = PopulateUser(() => container.get<UserService>(Types.UserService), new Log('api:middleware.populateUser'));
+

src/api/middlewares/populateUser.ts

@@ -0,0 +1,37 @@
+import * as request from 'request';
+import { Container } from 'inversify';
+import { my } from 'my-express';
+import { Log } from '../../core/log';
+import { UserService } from '../services/UsersService';
+
+// const log = new Log('api:middleware.populateUser');
+
+/**
+ * populateUser middleware
+ * -----------------------
+ * This middleware gets the logged-in user form the database and store it in
+ * the request object
+ *
+ * @param req
+ * @param res
+ * @param next
+ */
+export const populateUser = (lazyUserService: () => UserService, log: Log) =>
+    (req: my.Request, res: my.Response, next: my.NextFunction) => {
+
+        if (!req.tokeninfo || !req.tokeninfo.user_id) {
+            return res.failed(400, 'Missing token information!');
+        }
+
+        const userService = lazyUserService();
+        userService.findByUserId(req.tokeninfo.user_id)
+            .then((user) => {
+                req.user = user.toJSON();
+                log.debug(`populated user with the id=${req.user.id} to the request object`);
+                next();
+            })
+            .catch((error) => {
+                log.warn(`could not populate user to the request object`);
+                next(error);
+            });
+    };

src/api/models/User.ts

@@ -1,4 +1,4 @@
-import { Bookshelf } from '../../core/Bookshelf';
+import { Bookshelf } from '../../core/Database';
 import { Tables } from '../../constants/Tables';
 
 /**
@@ -14,6 +14,10 @@ export class User extends Bookshelf.Model<User> {
         return await User.where<User>({ id: id }).fetch();
     }
 
+    public static async fetchByUserId(userId: string): Promise<User> {
+        return await User.where<User>({ auth_0_user_id: userId }).fetch();
+    }
+
     public get tableName(): string { return Tables.Users; }
     public get hasTimestamps(): boolean { return true; }
 

src/api/repositories/UserRepository.ts

@@ -35,6 +35,17 @@ export class UserRepository {
         return User.fetchById(id);
     }
 
+    /**
+     * Retrieves one user entity of the database
+     *
+     * @static
+     * @param {number} id of the user
+     * @returns {Promise<User>}
+     */
+    public static async findByUserId(userId: string): Promise<User> {
+        return User.fetchByUserId(userId);
+    }
+
     /**
      * Creates a new user entity in the database and returns
      * the new created entity

src/api/requests/UserCreateRequest.ts

@@ -22,5 +22,10 @@ export class UserCreateRequest extends RequestBody {
     @IsEmail()
     email: string;
 
+    picture: string;
+
+    @IsNotEmpty()
+    auth0UserId: string;
+
 }
 

src/api/requests/UserUpdateRequest.ts

@@ -25,6 +25,11 @@ export class UserUpdateRequest extends RequestBody {
     @IsEmail()
     email: string;
 
+    picture: string;
+
+    @IsNotEmpty()
+    auth0UserId: string;
+
     setFirstName(value: string): void {
         this.update('firstName', value);
     }