Merge pull request #9 from DouglasNeuroInformatics/dev

Release v2

Author: joshunrau

.bruno/Auth/Login.bru

@@ -0,0 +1,18 @@
+meta {
+  name: Login
+  type: http
+  seq: 1
+}
+
+post {
+  url: {{BASE_URL}}/v1/auth/login
+  body: json
+  auth: none
+}
+
+body:json {
+  {
+    "username": "admin",
+    "password": "password"
+  }
+}

.bruno/Cats/Get Cats.bru

@@ -0,0 +1,11 @@
+meta {
+  name: Get Cats
+  type: http
+  seq: 1
+}
+
+get {
+  url: {{BASE_URL}}/v1/cats
+  body: none
+  auth: none
+}

.bruno/bruno.json

@@ -0,0 +1,6 @@
+{
+  "version": "1",
+  "name": "libnest",
+  "type": "collection",
+  "ignore": ["node_modules", ".git"]
+}

.bruno/collection.bru

@@ -0,0 +1,32 @@
+vars:pre-request {
+  BASE_URL: http://localhost:5500
+}
+
+script:pre-request {
+  const axios = require("axios");
+  
+  const getVar = (key) => {
+    const value = bru.getVar(key);
+    if (value === undefined) {
+      throw new Error(`Could not get variable: ${key}`)
+    }
+    return value;
+  }
+  
+  if (!req.url.endsWith('/auth/login')) {
+    const baseUrl = 'http://localhost:5500';
+    const username = 'admin';
+    const password = 'password';
+    const response = await axios.post(`${baseUrl}/v1/auth/login`, {
+      username,
+      password
+    });
+    req.setHeader('Authorization', `Bearer ${response.data.accessToken}`)
+  }
+  
+  
+  
+  
+  
+  
+}

.env.example

@@ -0,0 +1,3 @@
+API_PORT=5500
+MONGO_URI=mongodb://localhost:27017
+SECRET_KEY=a2c2ee0ef53a858201ee8a5fc4b5955ccd4bb7c8fee8d00a

.gitignore

@@ -133,4 +133,4 @@ dist
 /docs/
 
 # local scripts for linking
-bin/_*.*
+local/

example/app.test.ts

@@ -0,0 +1,119 @@
+import { randomBytes } from 'node:crypto';
+import type { IncomingMessage, Server, ServerResponse } from 'node:http';
+
+import type { NestExpressApplication } from '@nestjs/platform-express';
+import request from 'supertest';
+import { afterAll, beforeAll, describe, expect, it, vi } from 'vitest';
+
+import appContainer from './app.js';
+
+import type { BaseEnv } from '../src/schemas/env.schema.js';
+import type { CreateCatDto } from './cats/dto/create-cat.dto.js';
+
+const env = {
+  API_PORT: '5500',
+  DEBUG: 'false',
+  MONGO_URI: 'mongodb://localhost:27017',
+  NODE_ENV: 'test',
+  SECRET_KEY: '2622d72669dd194b98cffd9098b0d04b',
+  VERBOSE: 'false'
+} satisfies { [K in keyof BaseEnv]?: string };
+
+describe('e2e (example)', () => {
+  let app: NestExpressApplication;
+  let server!: Server<typeof IncomingMessage, typeof ServerResponse>;
+
+  beforeAll(async () => {
+    Object.entries(env).forEach(([key, value]) => {
+      vi.stubEnv(key, value);
+    });
+    app = appContainer.getApplicationInstance();
+    await app.init();
+    server = app.getHttpServer();
+  });
+
+  afterAll(async () => {
+    if (app) {
+      await app.close();
+      app.flushLogs();
+    }
+  });
+
+  describe('/spec.json', () => {
+    it('should configure the documentation', async () => {
+      const response = await request(server).get('/spec.json');
+      expect(response.status).toBe(200);
+    });
+  });
+
+  describe('/auth/login', () => {
+    it('should return status code 400 if the request body does not include login credentials', async () => {
+      const response = await request(server).post('/v1/auth/login');
+      expect(response.status).toBe(400);
+    });
+    it('should return status code 400 if the request body does not include a username', async () => {
+      const response = await request(server).post('/v1/auth/login').send({ username: 'admin' });
+      expect(response.status).toBe(400);
+    });
+    it('should return status code 400 if the request body does not include a password', async () => {
+      const response = await request(server).post('/v1/auth/login').send({ password: 'password' });
+      expect(response.status).toBe(400);
+    });
+    it('should return status code 400 if the request body includes a username and password, but are empty strings', async () => {
+      const response = await request(server).post('/v1/auth/login').send({ password: '', username: '' });
+      expect(response.status).toBe(400);
+    });
+    it('should return status code 400 if the request body includes a username and password, but password is a number', async () => {
+      const response = await request(server).post('/v1/auth/login').send({ password: 123, username: 'admin' });
+      expect(response.status).toBe(400);
+    });
+    it('should return status code 401 if the user does not exist', async () => {
+      const response = await request(server).post('/v1/auth/login').send({ password: 'password', username: 'user' });
+      expect(response.status).toBe(401);
+    });
+    it('should return status code 200 and an access token if the credentials are correct', async () => {
+      const response = await request(server).post('/v1/auth/login').send({ password: 'password', username: 'admin' });
+      expect(response.status).toBe(200);
+      expect(response.body).toStrictEqual({
+        accessToken: expect.stringMatching(/^[A-Za-z0-9-_]+\.([A-Za-z0-9-_]+)\.[A-Za-z0-9-_]+$/)
+      });
+    });
+  });
+
+  describe('/cats', () => {
+    let accessToken: string;
+
+    beforeAll(async () => {
+      const response = await request(server).post('/v1/auth/login').send({ password: 'password', username: 'admin' });
+      accessToken = response.body.accessToken;
+    });
+
+    it('should return status code 401 if there is no access token provided', async () => {
+      const response = await request(server).get('/v1/cats');
+      expect(response.status).toBe(401);
+    });
+
+    it('should return status code 401 if there is an invalid access token provided', async () => {
+      const response = await request(server)
+        .get('/v1/cats')
+        .set('Authorization', `Bearer ${randomBytes(12).toString('base64')}`);
+      expect(response.status).toBe(401);
+    });
+
+    it('should allow a GET request', async () => {
+      const response = await request(server).get('/v1/cats').set('Authorization', `Bearer ${accessToken}`);
+      expect(response.status).toBe(200);
+    });
+
+    it('should allow a POST request', async () => {
+      const response = await request(server)
+        .post('/v1/cats')
+        .set('Authorization', `Bearer ${accessToken}`)
+        .send({
+          age: 1,
+          name: 'Winston'
+        } satisfies CreateCatDto);
+      expect(response.status).toBe(201);
+    });
+  });
+});

example/app.ts

@@ -0,0 +1,48 @@
+import { z } from 'zod';
+
+import { $BaseEnv, AppContainer, AuthModule, CryptoService } from '../src/index.js';
+import { CatsModule } from './cats/cats.module.js';
+
+export default await AppContainer.create({
+  docs: {
+    config: {
+      title: 'Example API'
+    },
+    path: '/spec.json'
+  },
+  envSchema: $BaseEnv,
+  imports: [
+    AuthModule.forRootAsync({
+      inject: [CryptoService],
+      useFactory: (cryptoService: CryptoService) => {
+        return {
+          defineAbility: (ability, payload: { isAdmin: boolean }) => {
+            if (payload.isAdmin) {
+              ability.can('manage', 'all');
+            }
+          },
+          loginCredentialsSchema: z.object({
+            password: z.string().min(1),
+            username: z.string().min(1)
+          }),
+          userQuery: async ({ username }) => {
+            if (username !== 'admin') {
+              return null;
+            }
+            return {
+              hashedPassword: await cryptoService.hashPassword('password'),
+              tokenPayload: {
+                isAdmin: true
+              }
+            };
+          }
+        };
+      }
+    }),
+    CatsModule
+  ],
+  prisma: {
+    dbPrefix: null
+  },
+  version: '1'
+});

…ories/__tests__/stubs/cats.controller.ts example/cats/cats.controller.tssrc/core/factories/__tests__/stubs/cats.controller.ts renamed to example/cats/cats.controller.ts src/core/factories/__tests__/stubs/cats.controller.ts renamed to example/cats/cats.controller.ts

@@ -1,5 +1,6 @@
 import { Body, Controller, Get, Post } from '@nestjs/common';
 
+import { RouteAccess } from '../../src/index.js';
 import { CatsService } from './cats.service.js';
 import { CreateCatDto } from './dto/create-cat.dto.js';
 
@@ -10,11 +11,13 @@ export class CatsController {
   constructor(private readonly catsService: CatsService) {}
 
   @Post()
-  async create(@Body() createCatDto: CreateCatDto) {
+  @RouteAccess({ action: 'create', subject: 'Cat' })
+  async create(@Body() createCatDto: CreateCatDto): Promise<Cat> {
     return this.catsService.create(createCatDto);
   }
 
   @Get()
+  @RouteAccess({ action: 'read', subject: 'Cat' })
   async findAll(): Promise<Cat[]> {
     return this.catsService.findAll();
   }