PEER-208 Add service logic for login

Signed-off-by: SeeuSim <[email protected]>

Author: SeeuSim

backend/user/src/controllers/auth/auth-controller.ts

@@ -0,0 +1,31 @@
+import type { Request, Response } from 'express';
+import { StatusCodes } from 'http-status-codes';
+
+import { loginService } from '@/services/auth';
+import type { ILoginPayload } from '@/services/auth/types';
+
+export async function login(req: Request, res: Response) {
+  const { username, password }: Partial<ILoginPayload> = req.body;
+  if (!username || !password) {
+    return res.status(StatusCodes.UNPROCESSABLE_ENTITY).json('Malformed Request');
+  }
+  const { code, data, error } = await loginService({ username, password });
+  if (error || code !== StatusCodes.OK || !data) {
+    const sanitizedErr = error?.message ?? 'An error occurred.';
+    return res.status(code).json(sanitizedErr);
+  }
+  return res
+    .status(StatusCodes.OK)
+    .cookie('jwtToken', data.cookie, { httpOnly: true })
+    .json(data.user);
+}
+
+export async function logout(_req: Request, res: Response) {
+  return res
+    .clearCookie('jwtToken', {
+      secure: true,
+      sameSite: 'none',
+    })
+    .status(StatusCodes.OK)
+    .json('User has been logged out.');
+}

backend/user/src/controllers/auth/index.ts

@@ -1,6 +1,6 @@
 import express from 'express';
 
-import { login, logout } from '@/controllers/auth/auth-controller';
+import { login, logout } from '@/controllers/auth';
 import { limiter } from '@/lib/ratelimit';
 
 const router = express.Router();

backend/user/src/routes/auth.ts

@@ -0,0 +1,88 @@
+import { eq, getTableColumns, sql } from 'drizzle-orm';
+import { StatusCodes } from 'http-status-codes';
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+
+import { db, users } from '@/lib/db';
+import type { ILoginPayload } from './types';
+
+// TODO: Set env var and rotate automatically
+const _JWT_SECRET_KEY = 'secret';
+
+const _FAILED_ATTEMPTS_ALLOWED = 3;
+const _getSchema = () => {
+  const { id, username, password, email, failedAttempts, unlockTime } = getTableColumns(users);
+  return {
+    id,
+    username,
+    password,
+    email,
+    failedAttempts,
+    unlockTime,
+  };
+};
+export const loginService = async (payload: ILoginPayload) => {
+  const rows = await db
+    .select(_getSchema())
+    .from(users)
+    .where(eq(users.username, payload.username))
+    .limit(1);
+
+  // 1. Cannot find
+  if (rows.length === 0) {
+    return {
+      code: StatusCodes.NOT_FOUND,
+      error: {
+        message: 'Not Found',
+      },
+    };
+  }
+  const { unlockTime, password, failedAttempts, ...user } = rows[0];
+
+  // 2. Locked out
+  if (unlockTime !== null) {
+    const currentTime = new Date();
+    if (unlockTime > currentTime) {
+      return {
+        code: StatusCodes.CONFLICT,
+        error: {
+          message: 'Too many failed attempts - try again later',
+        },
+      };
+    }
+  }
+
+  // 3. Wrong Password
+  const isPasswordValid = bcrypt.compareSync(payload.password, password);
+  if (!isPasswordValid) {
+    const newFailedAttempts = (failedAttempts ?? 0) + 1;
+    const updateValues = {
+      failedAttempts: newFailedAttempts,
+      unlockTime:
+        newFailedAttempts >= _FAILED_ATTEMPTS_ALLOWED ? sql`NOW() + INTERVAL '1 hour'` : undefined,
+    };
+    await db.update(users).set(updateValues).where(eq(users.username, payload.username));
+    return {
+      code: StatusCodes.UNAUTHORIZED,
+      error: {
+        message: 'Incorrect Password',
+      },
+    };
+  }
+
+  // 4. Correct Password
+  if ((failedAttempts !== null && failedAttempts > 0) || unlockTime !== null) {
+    await db.update(users).set({
+      failedAttempts: null,
+      unlockTime: null,
+    });
+  }
+  const jwtToken = jwt.sign({ id: user.id }, _JWT_SECRET_KEY);
+  return {
+    code: StatusCodes.OK,
+    data: {
+      cookie: jwtToken,
+      user,
+    },
+  };
+};

backend/user/src/services/auth/index.ts

@@ -1,4 +1,4 @@
-export interface LoginCredentials {
+export type ILoginPayload = {
   username: string;
   password: string;
-}
+};

backend/user/src/controllers/auth/types/auth-types.ts renamed to backend/user/src/services/auth/types.ts

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+npm i
+
+cd frontend
+npm i
+cd ..
+
+for package in backend/*; do
+  cd "$package"
+  npm i 
+  cd ../..
+done
+