Merge pull request #2 from StrontiumJS/master

merge original

Author: Findeton

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "strontium",
-  "version": "2.5.1",
+  "version": "2.6.6",
   "description": "Strontium is a TypeScript toolkit for High Performance API servers built for Production not Projects.",
   "main": "lib/src/index.js",
   "types": "lib/src/index.d.ts",
@@ -68,7 +68,7 @@
     "base64url": "^3.0.0",
     "fastify": "^1.12.1",
     "inversify": "^5.0.1",
-    "jwa": "^1.1.6",
+    "jwa": "^1.2.0",
     "lodash": "^4.17.11",
     "mysql": "^2.16.0",
     "pg": "^7.5.0",

package.json

@@ -55,13 +55,12 @@ export class AsymmetricJWTSigner extends JWTSigner {
         }
 
         let claimBody = claimComponents[1]
-
-        let decodedSignature = new Buffer(decode(claimComponents[2]))
+        let claimSignature = claimComponents[2]
 
         // Delegate validation of the signature to the signer
         await this.signer.verify(
             new Buffer(`${claimHeader}.${claimBody}`),
-            decodedSignature
+            new Buffer(claimSignature)
         )
 
         // If no error occurred then the token is valid. Parse the claim and return

src/cryptography/drivers/node/AsymmetricJWTSigner.ts

@@ -1,17 +1,37 @@
 import { AsymmetricSigner } from "../../abstract/AsymmetricSigner"
+import { InvalidSignatureError } from "../../../errors/InvalidSignatureError"
 
 // Typescript Types not available for JWT - Proceed with caution
 // @ts-ignore
 import * as JWA from "jwa"
 
-const RS256 = JWA("RS256")
-
 export class RSASHA256Signer extends AsymmetricSigner {
+    private signer = JWA(this.algorithm)
+
+    constructor(
+        public publicKey: Buffer,
+        public privateKey?: Buffer,
+        private algorithm: "RS256" | "PS256" = "RS256"
+    ) {
+        super(publicKey, privateKey)
+    }
+
     public async sign(plaintext: Buffer): Promise<Buffer> {
-        return RS256.sign(plaintext, this.privateKey)
+        return this.signer.sign(plaintext, this.privateKey)
     }
 
     public async verify(plaintext: Buffer, signature: Buffer): Promise<Buffer> {
-        return RS256.verify(plaintext, signature, this.publicKey)
+        let isValid = await this.signer.verify(
+            plaintext,
+            signature.toString(),
+            this.publicKey
+        )
+
+        if (!isValid) {
+            throw new InvalidSignatureError()
+        }
+
+        // Spawn an empty buffer to fulfill the return type
+        return Buffer.from([])
     }
 }

src/cryptography/drivers/node/RSASHA256Signer.ts

@@ -0,0 +1,10 @@
+import { StrontiumError } from "./StrontiumError"
+
+/**
+ * An InvalidSignatureError is thrown when a Cryptographic signature does not match.
+ */
+export class InvalidSignatureError extends StrontiumError {
+    constructor() {
+        super(`The signature provided was not valid.`)
+    }
+}

src/errors/InvalidSignatureError.ts

@@ -104,6 +104,11 @@ export class FastifyServer implements Process {
         // Attach the container to the server
         this.server.decorateRequest("container", container)
 
+        let plugins = this.getPlugins(container)
+        for (let p of plugins) {
+            this.server.register(p)
+        }
+
         let middleware = this.getMiddleware(container)
         for (let m of middleware) {
             this.server.use(m)
@@ -129,6 +134,12 @@ export class FastifyServer implements Process {
         return []
     }
 
+    protected getPlugins(
+        container: Container
+    ): Array<Fastify.Plugin<any, any, any, any>> {
+        return []
+    }
+
     protected getRequestMetadata = (
         request: Fastify.FastifyRequest<any, any, any, any, any>
     ): { [key: string]: any } => ({})

src/http/drivers/FastifyServer.ts

@@ -1,6 +1,11 @@
 import { pgQueryPostProcessor } from "../pg/PGQueryPostProcessor"
 import { Repository } from "../../abstract/Repository"
-import { MySQLStore, PGStore, SQLStore } from "../../../datastore"
+import {
+    MySQLStore,
+    MySQLTransaction,
+    PGStore,
+    SQLStore,
+} from "../../../datastore"
 import { injectable } from "inversify"
 import { isUndefined, omitBy } from "lodash"
 
@@ -32,6 +37,7 @@ export abstract class TableRepository<
 
         if (store instanceof PGStore) {
             this.postProcessor = pgQueryPostProcessor
+            this.tableName = `"${this.tableName}"`
         }
     }
 
@@ -46,7 +52,10 @@ export abstract class TableRepository<
         // Filter the payload for any undefined keys
         let filteredPayload = (omitBy(payload, isUndefined) as unknown) as T
 
-        if (connection instanceof MySQLStore) {
+        if (
+            connection instanceof MySQLStore ||
+            connection instanceof MySQLTransaction
+        ) {
             let insertQuery = `
                 INSERT INTO
                     ??
@@ -64,15 +73,13 @@ export abstract class TableRepository<
         } else {
             let query = `
                 INSERT INTO
-                    "${this.tableName}" (${Object.keys(filteredPayload).map(
-                () => "??"
-            )})
+                    ?? (${Object.keys(filteredPayload).map(() => "??")})
                 VALUES
                     (${Object.keys(filteredPayload).map(() => "?")})
                 RETURNING ??
             `
 
-            let parameters: Array<any> = []
+            let parameters: Array<any> = [this.tableName]
 
             Object.keys(filteredPayload).forEach((k: string) => {
                 parameters.push(k)
@@ -108,13 +115,13 @@ export abstract class TableRepository<
         connection: SQLStore = this.store
     ): Promise<Array<T>> {
         let [filterQuery, filterParameters] = compileSQLFilter(filter)
-        let parameters = [...filterParameters]
+        let parameters = [this.tableName, ...filterParameters]
 
         let lookupQuery = `	
             SELECT
                 ${this.queryFields.join(", ")}	
             FROM
-                "${this.tableName}"
+                ??
             ${filterQuery !== "" ? "WHERE" : ""}	
                 ${filterQuery}	
         `
@@ -157,11 +164,11 @@ export abstract class TableRepository<
 
         let lookupQuery = `	
             UPDATE
-                "${this.tableName}"
+                ??
             SET
                 ${Object.keys(filteredPayload).map(() => "?? = ?")}
             ${filterQuery !== "" ? "WHERE" : ""}	
-                ${filterQuery}	
+                ${filterQuery}
         `
 
         let payloadParameters: Array<any> = []
@@ -172,7 +179,7 @@ export abstract class TableRepository<
 
         let [processedQuery, processedParameters] = this.postProcessor(
             lookupQuery,
-            [...payloadParameters, ...filterParameters]
+            [this.tableName, ...payloadParameters, ...filterParameters]
         )
         await connection.query(processedQuery, processedParameters)
     }
@@ -182,11 +189,11 @@ export abstract class TableRepository<
         connection: SQLStore = this.store
     ): Promise<void> {
         let [filterQuery, filterParameters] = compileSQLFilter(filter)
-        let parameters = [...filterParameters]
+        let parameters = [this.tableName, ...filterParameters]
 
         let lookupQuery = `	
             DELETE FROM	
-                "${this.tableName}"
+                ??
             ${filterQuery !== "" ? "WHERE" : ""}	
                 ${filterQuery}	
         `

src/query/drivers/sql/TableRepository.ts

@@ -1,10 +1,18 @@
 import { ValidationError } from "../../../errors/http/ValidationError"
 
 export const isNumber = (input?: unknown): number => {
-    if (typeof input === "number") {
+    if (typeof input === "number" && !isNaN(input)) {
         return input
     }
 
+    if (typeof input === "string") {
+        let parsedNumber = Number(input)
+
+        if (!isNaN(parsedNumber)) {
+            return parsedNumber
+        }
+    }
+
     throw new ValidationError(
         "IS_NUMBER",
         "Value not a number",

src/validation/drivers/validators/isNumber.ts

@@ -99,5 +99,22 @@ describe("AsymmetricJWTSigner", () => {
                 admin: true,
             })
         })
+
+        it("Should throw if the JWT is invalid", async () => {
+            try {
+                await jwtSigner.verify(
+                    "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9" +
+                        "." +
+                        "eyJuYW1lIjoiSGVsbG8gV29ybGQiLCJhZG1pbiI6dHJ1ZX0" +
+                        "." +
+                        "abcdefg"
+                )
+                expect(true).to.equal(false)
+            } catch (e) {
+                expect(e.message).to.equal(
+                    "The signature provided was not valid."
+                )
+            }
+        })
     })
 })

tests/cryptography/drivers/node/AsymmetricJWTSigner.spec.ts

@@ -10,10 +10,16 @@ describe("isNumber", () => {
         expect(isNumber(123456789)).to.equal(123456789)
     })
 
+    it("should parse a string containing a number into a number", () => {
+        expect(isNumber("1")).to.equal(1)
+        expect(isNumber("0")).to.equal(0)
+        expect(isNumber("0.001")).to.equal(0.001)
+        expect(isNumber("-12423435.1")).to.equal(-12423435.1)
+        expect(isNumber("+100")).to.equal(100)
+    })
+
     it("should return a validation error if input is not a number", () => {
         expectToThrowCustomClass(() => isNumber({}), ValidationError)
-        expectToThrowCustomClass(() => isNumber("1"), ValidationError)
-        expectToThrowCustomClass(() => isNumber("0"), ValidationError)
         expectToThrowCustomClass(() => isNumber("das"), ValidationError)
         expectToThrowCustomClass(() => isNumber("true"), ValidationError)
         expectToThrowCustomClass(() => isNumber("false"), ValidationError)