Authentication

Author: Zoltán Takács

package-lock.json

@@ -19,6 +19,7 @@
     "cors": "^2.8.5",
     "express": "^4.16.4",
     "fs-extra": "^7.0.1",
+    "jsonwebtoken": "^8.5.1",
     "shortid": "^2.2.14"
   },
   "devDependencies": {

package.json

@@ -1,31 +1,32 @@
 const fs = require('fs-extra');
-const inmemoryStorage = require('./inmemoryStorage');
 
-const FILE_NAME = 'todos.json';
+const TODO_FILE_NAME = 'todos.json';
+const USER_FILE_NAME = 'users.json';
 
 const updateTodoFile = async todos => {
   try {
-    await fs.ensureFile(FILE_NAME);
+    await fs.ensureFile(TODO_FILE_NAME);
 
-    fs.writeJSON(FILE_NAME, todos);
+    fs.writeJSON(TODO_FILE_NAME, todos);
   } catch (err) {
     console.error(err);
   }
 };
 
-const readTodoFile = async () => {
-  const exists = await fs.pathExists(FILE_NAME);
+const readFile = async (fileName) => {
+  const exists = await fs.pathExists(fileName);
 
   if (!exists) {
     return [];
   }
 
-  const todos = await fs.readJsonSync(FILE_NAME);
+  const todos = await fs.readJsonSync(fileName);
 
   return todos;
 };
 
 module.exports = {
   updateTodoFile,
-  readTodoFile
+  readTodoFile: readFile.bind(null, TODO_FILE_NAME),
+  readUserFile: readFile.bind(null, USER_FILE_NAME)
 };

src/fileStorage.js

@@ -13,13 +13,15 @@ const fileStorage = require('./fileStorage');
 const inmemoryStorage = require('./inmemoryStorage');
 
 const initContext = () => {
-  const todoStorage = inmemoryStorage();
-  return { fileStorage, todoStorage };
+  const memoryStorage = inmemoryStorage();
+  return { fileStorage, memoryStorage: memoryStorage };
 };
 
 const initInMemoryStorage = async context => {
-  const fileContent = await context.fileStorage.readTodoFile();
-  context.todoStorage.setTodos(fileContent);
+  const todos = await context.fileStorage.readTodoFile();
+  const users = await context.fileStorage.readUserFile();
+  context.memoryStorage.setTodos(todos);
+  context.memoryStorage.setUsers(users);
 };
 
 const initApp = context => {
@@ -28,16 +30,18 @@ const initApp = context => {
   app.use(cors());
   app.use(bodyParser.json());
 
-  const todos = express.Router();
+  // const todos = express.Router();
 
-  todos.use(contextMiddleware(context));
+  // todos.use(contextMiddleware(context));
+  app.use(contextMiddleware(context));
 
   routes.forEach(route => {
     const method = route.method ? route.method.toLowerCase() : 'get';
-    return todos[method](route.path, route.handler);
+    const handlers = route.preHandlers ? route.preHandlers.concat(route.handler) : route.handler
+    return app[method](route.path, handlers);
   });
 
-  app.use('/todos', todos);
+  // app.use('/todos', todos);
   app.use(errorMiddleware);
 
   return app;

src/index.js

@@ -2,17 +2,22 @@ const shortid = require('shortid');
 
 module.exports = () => {
   let todos = [];
+  let users = [];
 
   const getTodos = filterFn => (filterFn ? filterFn(todos) : todos);
 
+  const getUserTodos = (userId, filterFn) =>
+    getTodos(filterFn).filter(todo => todo.userId === userId);
+
   const setTodos = initial => (todos = initial);
 
-  const getTodoById = id => todos.find(todo => todo.id === id);
+  const getTodoById = (id, userId) => todos.find(todo => todo.id === id && todo.userId === userId);
 
-  const addTodo = title => {
+  const addTodo = (title, userId) => {
     const todo = {
       id: shortid.generate(),
       title,
+      userId,
       completed: false
     };
 
@@ -21,22 +26,44 @@ module.exports = () => {
   };
 
   const patchTodo = (patchId, newProps) =>
-    todos.map(todo =>
-      todo.id === patchId ? Object.assign(todo, newProps) : todo
-    );
+    (todos = todos.map(todo => (todo.id === patchId ? Object.assign(todo, newProps) : todo)));
+
+  const deleteTodo = deleteId => (todos = todos.filter(todo => todo.id !== deleteId));
 
-  const deleteTodo = deleteId =>
-    (todos = todos.filter(todo => todo.id !== deleteId));
+  const clearUserTodos = userId => {
+    todos = todos.filter(todo => todo.userId !== userId);
+    return [];
+  };
+
+  const clearUserCompletedTodos = userId => {
+    todos = todos.filter(todo => (!todo.completed && todo.userId === userId) || todo.userId !== userId);
+    return todos.filter(todo => todo.userId === userId);
+  };
 
-  const clearTodos = filterFn => (filterFn ? filterFn(todos) : []);
+  const getUsers = () => users;
+
+  const setUsers = initial => (users = initial);
+
+  const getUserById = id => users.find(user => user.id === id);
+
+  const authenticateUser = (username, password) => {
+    const user = users.find(user => user.username === username && user.password === password);
+    return Object.assign({}, user, { password: undefined });
+  };
 
   return {
     getTodos,
+    getUserTodos,
     setTodos,
     getTodoById,
     addTodo,
     patchTodo,
     deleteTodo,
-    clearTodos
+    clearUserTodos,
+    clearUserCompletedTodos,
+    getUsers,
+    setUsers,
+    getUserById,
+    authenticateUser
   };
 };

src/inmemoryStorage.js

@@ -0,0 +1,4 @@
+module.exports = {
+  login: require('./login'),
+  renew: require('./renew')
+};

src/login/index.js

@@ -0,0 +1,17 @@
+const jwt = require('jsonwebtoken');
+
+module.exports = (req, res) => {
+  const { username, password } = req.body;
+
+  const me = req.context.memoryStorage.authenticateUser(username, password);
+
+  if (!me) {
+    throw new Error('The resource could not be found.|404|NOT_FOUND');
+  }
+
+  const token = jwt.sign({ userId: me.id }, 'almafa', {
+    expiresIn: '30 days'
+  });
+
+  return res.send({ token, me });
+};

src/login/login.js

@@ -0,0 +1,17 @@
+const jwt = require('jsonwebtoken');
+
+module.exports = (req, res) => {
+  const { prevJwt } = req.body;
+
+  const { userId } = jwt.verify(prevJwt, 'almafa');
+
+  const me = req.context.memoryStorage.getUserById(userId);
+
+  if (!me) {
+    throw new Error('The resource could not be found.|404|NOT_FOUND');
+  }
+
+  const token = jwt.sign({ userId: me.id }, 'almafa');
+
+  return res.send({ token, me });
+};

src/login/renew.js

@@ -0,0 +1,34 @@
+const jwt = require('jsonwebtoken');
+
+const auth = (req, res, next) => {
+  const token = req.get('authorization').replace(/Bearer\s?/g, '');
+
+  if (!token) {
+    throw new Error('Unauthorized|401|UNAUTHORIZED');
+  }
+
+  const { userId } = jwt.verify(token, 'almafa');
+
+  if (!userId) {
+    throw new Error('Unauthorized|401|UNAUTHORIZED');
+  }
+
+  const user = req.context.memoryStorage.getUserById(userId);
+
+  req.user = user;
+
+  next();
+};
+
+const checkPermission = permission => (req, res, next) => {
+  if (!req.user.permissions.includes(permission)) {
+    throw new Error('You have no permission for that!|403|FORBIDDEN');
+  }
+
+  next();
+};
+
+module.exports = {
+  auth,
+  checkPermission
+};

src/middlewares/auth.js

@@ -3,6 +3,10 @@ module.exports = (err, req, res, next) => {
 
   res
     .status(status)
-    .send({ message: status === '500' ? 'Something went wrong' : message, status: Number(status), code });
+    .send({
+      message: status === '500' ? 'Something went wrong' : message,
+      status: Number(status),
+      code
+    });
   next();
 };