impl node_auth-app

.github/workflows/test.yml-template

@@ -0,0 +1,23 @@
+name: Test
+
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [20.x]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: npm install
+    - run: npm test

prisma.config.ts

@@ -0,0 +1,14 @@
+// This file was generated by Prisma, and assumes you have installed the following:
+// npm install --save-dev prisma dotenv
+import "dotenv/config";
+import { defineConfig } from "prisma/config";
+
+export default defineConfig({
+  schema: "prisma/schema.prisma",
+  migrations: {
+    path: "prisma/migrations",
+  },
+  datasource: {
+    url: process.env["DATABASE_URL"],
+  },
+});

prisma/migrations/20260206215804_init/migration.sql

@@ -0,0 +1,38 @@
+-- CreateTable
+CREATE TABLE "users_auth" (
+    "id" SERIAL NOT NULL,
+    "name" VARCHAR(255) NOT NULL,
+    "email" VARCHAR(255) NOT NULL,
+    "password" VARCHAR(255) NOT NULL,
+    "activationToken" VARCHAR(255),
+    "createdAt" TIMESTAMPTZ(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMPTZ(6) NOT NULL,
+
+    CONSTRAINT "users_auth_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "tokens_auth" (
+    "id" SERIAL NOT NULL,
+    "refreshToken" VARCHAR(255) NOT NULL,
+    "createdAt" TIMESTAMPTZ(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMPTZ(6) NOT NULL,
+    "userId" INTEGER NOT NULL,
+
+    CONSTRAINT "tokens_auth_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_auth_email_key" ON "users_auth"("email");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_auth_activationToken_key" ON "users_auth"("activationToken");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "tokens_auth_refreshToken_key" ON "tokens_auth"("refreshToken");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "tokens_auth_userId_key" ON "tokens_auth"("userId");
+
+-- AddForeignKey
+ALTER TABLE "tokens_auth" ADD CONSTRAINT "tokens_auth_userId_fkey" FOREIGN KEY ("userId") REFERENCES "users_auth"("id") ON DELETE RESTRICT ON UPDATE CASCADE;

prisma/migrations/20260209120310_add_user_reset_token/migration.sql

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[resetToken]` on the table `users_auth` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- AlterTable
+ALTER TABLE "users_auth" ADD COLUMN     "resetToken" VARCHAR(255);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_auth_resetToken_key" ON "users_auth"("resetToken");

prisma/migrations/20260210160621_add_pending_email/migration.sql

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[pendingEmail]` on the table `users_auth` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- AlterTable
+ALTER TABLE "users_auth" ADD COLUMN     "pendingEmail" VARCHAR(255);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_auth_pendingEmail_key" ON "users_auth"("pendingEmail");

prisma/migrations/20260211144328_add_pending_email_token/migration.sql

@@ -0,0 +1,21 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `resetToken` on the `users_auth` table. All the data in the column will be lost.
+  - A unique constraint covering the columns `[passwordResetToken]` on the table `users_auth` will be added. If there are existing duplicate values, this will fail.
+  - A unique constraint covering the columns `[pendingEmailToken]` on the table `users_auth` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- DropIndex
+DROP INDEX "users_auth_resetToken_key";
+
+-- AlterTable
+ALTER TABLE "users_auth" DROP COLUMN "resetToken",
+ADD COLUMN     "passwordResetToken" VARCHAR(255),
+ADD COLUMN     "pendingEmailToken" VARCHAR(255);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_auth_passwordResetToken_key" ON "users_auth"("passwordResetToken");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_auth_pendingEmailToken_key" ON "users_auth"("pendingEmailToken");

prisma/migrations/migration_lock.toml

@@ -0,0 +1,3 @@
+# Please do not edit this file manually
+# It should be added in your version-control system (e.g., Git)
+provider = "postgresql"

prisma/schema.prisma

@@ -0,0 +1,34 @@
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+}
+
+model User {
+  id                 Int      @id @default(autoincrement())
+  name               String   @db.VarChar(255)
+  email              String   @unique @db.VarChar(255)
+  password           String   @db.VarChar(255)
+  activationToken    String?  @unique @db.VarChar(255)
+  createdAt          DateTime @default(now()) @db.Timestamptz(6)
+  updatedAt          DateTime @updatedAt @db.Timestamptz(6)
+  passwordResetToken String?  @unique @db.VarChar(255)
+  pendingEmail       String?  @unique @db.VarChar(255)
+  pendingEmailToken  String?  @unique @db.VarChar(255)
+  tokens             Token[]
+
+  @@map("users_auth")
+}
+
+model Token {
+  id           Int      @id @default(autoincrement())
+  refreshToken String   @unique @db.VarChar(255)
+  createdAt    DateTime @default(now()) @db.Timestamptz(6)
+  updatedAt    DateTime @updatedAt @db.Timestamptz(6)
+  userId       Int      @unique
+  users        User     @relation(fields: [userId], references: [id])
+
+  @@map("tokens_auth")
+}

src/controllers/auth.controller.js

@@ -0,0 +1,100 @@
+import { userService } from '../services/user.service.js';
+import { authService } from '../services/auth.service.js';
+
+const register = async (req, res) => {
+  const { name, email, password } = req.body;
+
+  await authService.register(name, email, password);
+
+  res.send({ message: 'Registration successful' });
+};
+
+const activate = async (req, res) => {
+  const { activationToken } = req.params;
+
+  const activatedUser = await authService.activate(activationToken);
+
+  res.send(userService.normalize(activatedUser));
+};
+
+const sendAuthentication = async (res, user) => {
+  const {
+    user: normalizedUser,
+    accessToken,
+    refreshToken,
+  } = await authService.authenticate(user);
+
+  res.cookie('refreshToken', refreshToken, {
+    maxAge: 30 * 24 * 60 * 60 * 1000,
+    httpOnly: true,
+  });
+  res.send({ user: normalizedUser, accessToken });
+};
+
+const login = async (req, res) => {
+  const { email, password } = req.body;
+
+  const user = await authService.login(email, password);
+
+  await sendAuthentication(res, user);
+};
+
+const refresh = async (req, res) => {
+  const { refreshToken } = req.cookies;
+
+  const user = await authService.refresh(refreshToken);
+
+  await sendAuthentication(res, user);
+};
+
+const logout = async (req, res) => {
+  const { refreshToken } = req.cookies;
+
+  await authService.logout(refreshToken);
+
+  res.clearCookie('refreshToken');
+  res.send({ message: 'Logout successful' });
+};
+
+const resetPasswordNotification = async (req, res) => {
+  const { email } = req.body;
+
+  await authService.resetPasswordNotification(email);
+
+  res.clearCookie('refreshToken');
+  res.send({ message: 'Password reset email sent' });
+};
+
+const confirmPasswordReset = async (req, res) => {
+  const { passwordResetToken } = req.params;
+  const { password, confirmation } = req.body;
+
+  await authService.confirmPasswordReset(
+    passwordResetToken,
+    password,
+    confirmation,
+  );
+
+  res.clearCookie('refreshToken');
+  res.send({ message: 'Password reset successful' });
+};
+
+const confirmEmailChange = async (req, res) => {
+  const { pendingEmailToken } = req.params;
+
+  await authService.confirmEmailChange(pendingEmailToken);
+
+  res.clearCookie('refreshToken');
+  res.send({ message: 'Email updated successfully' });
+};
+
+export const authController = {
+  register,
+  activate,
+  login,
+  refresh,
+  logout,
+  resetPasswordNotification,
+  confirmPasswordReset,
+  confirmEmailChange,
+};

src/controllers/user.controller.js

@@ -0,0 +1,55 @@
+import { authService } from '../services/auth.service.js';
+import { userService } from '../services/user.service.js';
+
+const getProfile = async (req, res) => {
+  const { refreshToken } = req.cookies;
+  const profile = await userService.getProfile(req.userId, refreshToken);
+
+  res.send(profile);
+};
+
+const updateName = async (req, res) => {
+  const { name } = req.body;
+  const { refreshToken } = req.cookies;
+
+  await authService.updateName(req.userId, name, refreshToken);
+
+  res.send({ message: 'Name changed successfully' });
+};
+
+const updatePassword = async (req, res) => {
+  const { password, newPassword, confirmation } = req.body;
+  const { refreshToken } = req.cookies;
+
+  await authService.updatePassword(
+    refreshToken,
+    req.userId,
+    password,
+    newPassword,
+    confirmation,
+  );
+
+  res.clearCookie('refreshToken');
+  res.send({ message: 'Password changed successfully' });
+};
+
+const updateEmailNotification = async (req, res) => {
+  const { newEmail, password } = req.body;
+  const { refreshToken } = req.cookies;
+
+  await authService.updateEmailNotification(
+    refreshToken,
+    req.userId,
+    newEmail,
+    password,
+  );
+
+  res.send({ message: 'Change email notification sent' });
+};
+
+export const userController = {
+  getProfile,
+  updateName,
+  updatePassword,
+  updateEmailNotification,
+};

src/index.js

@@ -1 +1,21 @@
 'use strict';
+import cors from 'cors';
+import express from 'express';
+import cookieParser from 'cookie-parser';
+import { authRouter } from './routes/auth.route.js';
+import { userRouter } from './routes/user.route.js';
+import { authMiddleware } from './middlewares/auth.middleware.js';
+import { errorMiddleware } from './middlewares/error.middleware.js';
+
+const app = express();
+const PORT = process.env.PORT || 3005;
+
+app.use(cors());
+
+app.use(express.json());
+app.use(cookieParser());
+app.use(authRouter);
+app.use('/profile', authMiddleware, userRouter);
+app.use(errorMiddleware);
+
+app.listen(PORT);

src/middlewares/auth.middleware.js

@@ -0,0 +1,31 @@
+import { jwtService } from '../services/jwt.service.js';
+import { userService } from '../services/user.service.js';
+import { ApiError } from '../utils/api.error.js';
+import { logger } from '../utils/logger.js';
+
+export const authMiddleware = async (req, res, next) => {
+  const authHeader = req.headers.authorization ?? '';
+
+  if (!authHeader.startsWith('Bearer ')) {
+    logger.error('Authorization header missing or malformed');
+    throw ApiError.unauthorized();
+  }
+
+  const token = authHeader.split(' ')[1];
+  const userData = jwtService.verify(token);
+
+  if (!userData) {
+    logger.error('Invalid or expired token');
+    throw ApiError.unauthorized();
+  }
+
+  const user = await userService.getById(userData.id);
+
+  if (!user) {
+    logger.error('User not found for token', { userId: userData.id });
+    throw ApiError.notFound();
+  }
+
+  req.userId = user.id;
+  next();
+};

src/middlewares/catch-error.middleware.js

@@ -0,0 +1,9 @@
+export const catchError = (action) => {
+  return async (req, res, next) => {
+    try {
+      await action(req, res, next);
+    } catch (error) {
+      next(error);
+    }
+  };
+};

src/middlewares/check-login.middleware.js

@@ -0,0 +1,14 @@
+import { ApiError } from '../utils/api.error.js';
+import { logger } from '../utils/logger.js';
+
+export const checkNotLoggedIn = (req, res, next) => {
+  const { refreshToken } = req.cookies;
+
+  if (refreshToken) {
+    logger.info('Already logged in user attempt', {
+      userId: req.userId,
+    });
+    throw ApiError.forbidden();
+  }
+  next();
+};