V0 (#33)

* feat: check user roles

* refactor: nit

* test: ensure and admin can assign and unassign a task

* fix: authorization plugin has no dependency

* fix: update migrations dir path

* fix: eslint

* refactor: nit

* Update .env.example

Signed-off-by: Jean <[email protected]>

* refactor: use knex

* refactor: migrations

* fix: remove useless c8 ignore comments

* docs: update path

* refactor: change JWT auth for cookie session auth

* chore: ci - env must have required property 'COOKIE_NAME'

* fix: uncomment unauthenticated test

* refactor: leverage fastify sensible decorators

* chore: use tsx

* feat: add pagination to tasks

* refactor: use COUNT(*) OVER() AS rowNum for tasks pagination

* refactor: decorate request for authorization

* fix: use transaction for login controller

* refactor: register cookie plugin in session plugin

* test: mock app.compare implementation instead of reassignation

* test: spy logger to ensure 500 error is due to Transaction failure

* feat: allow to upload task image

* refactor: improve scripts typing

* docs: static and multipart plugin

* chore: dangerous DB  operations should be explicitly authorized

* refactor: use node test runner utitities

* refactor: check file size before mime-type

* fix: identifier typo

* feat: do not use rm -rf

* fix: storage path disclosure

* fix: nit

---------

Signed-off-by: Jean <[email protected]>

Author: jean-michelet

.env.example

@@ -2,6 +2,10 @@
 # @see {@link https://www.youtube.com/watch?v=HMM7GJC5E2o}
 NODE_ENV=production
 
+CAN_CREATE_DATABASE=0
+CAN_DROP_DATABASE=0
+CAN_SEED_DATABASE=0
+
 # Database
 MYSQL_HOST=localhost
 MYSQL_PORT=3306
@@ -14,5 +18,6 @@ FASTIFY_CLOSE_GRACE_DELAY=1000
 LOG_LEVEL=info
 
 # Security
-JWT_SECRET=
-RATE_LIMIT_MAX=
+COOKIE_SECRET=
+COOKIE_NAME=
+RATE_LIMIT_MAX=4 # 4 for tests

.github/workflows/ci.yml

@@ -9,6 +9,7 @@ on:
     paths-ignore:
       - "docs/**"
       - "*.md"
+      - "*.example"
   pull_request:
     paths-ignore:
       - "docs/**"
@@ -50,11 +51,10 @@ jobs:
       - name: Lint Code
         run: npm run lint
 
-      - name: Generate JWT Secret
-        id: gen-jwt
+      - name: Generate COOKIE Secret
         run: |
-          JWT_SECRET=$(openssl rand -hex 32)
-          echo "JWT_SECRET=$JWT_SECRET" >> $GITHUB_ENV
+          COOKIE_SECRET=$(openssl rand -hex 32)
+          echo "COOKIE_SECRET=$COOKIE_SECRET" >> $GITHUB_ENV
 
       - name: Generate dummy .env for scripts using -env-file=.env flag
         run: touch .env
@@ -66,6 +66,8 @@ jobs:
           MYSQL_DATABASE: test_db
           MYSQL_USER: test_user
           MYSQL_PASSWORD: test_password
-          # JWT_SECRET is dynamically generated and loaded from the environment
+          # COOKIE_SECRET is dynamically generated and loaded from the environment
+          COOKIE_NAME: 'sessid'
           RATE_LIMIT_MAX: 4
+          CAN_SEED_DATABASE: 1
         run: npm run db:migrate && npm run test

.gitignore

@@ -137,3 +137,6 @@ bun.lockb
 package-lock.json
 pnpm-lock.yaml
 yarn.lock
+
+# uploaded files
+uploads/tasks/*

@types/fastify/fastify.d.ts

@@ -2,8 +2,6 @@
 
 ![CI](https://github.com/fastify/demo/workflows/CI/badge.svg)
 
-> :warning: **Please note:** This repository is still under active development.
-
 The aim of this repository is to provide a concrete example of a Fastify application using what are considered best practices by the Fastify community.
 
 **Prerequisites:** You need to have Node.js version 22 or higher installed.

README.md

@@ -2,13 +2,19 @@ services:
   db:
     image: mysql:8.4
     environment:
-      MYSQL_DATABASE: ${MYSQL_DATABASE}
-      MYSQL_USER: ${MYSQL_USER}
-      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_ROOT_PASSWORD: root_password       
+      MYSQL_DATABASE: ${MYSQL_DATABASE}        
+      MYSQL_USER: ${MYSQL_USER}                
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD} 
     ports:
       - 3306:3306
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
     volumes:
       - db_data:/var/lib/mysql
-
+      
 volumes:
   db_data:

docker-compose.yml

@@ -3,6 +3,7 @@ CREATE TABLE tasks (
   name VARCHAR(255) NOT NULL,
   author_id INT NOT NULL,
   assigned_user_id INT,
+  filename VARCHAR(255),
   status VARCHAR(50) NOT NULL,
   created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
   updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,

migrations/002.do.tasks.sql

@@ -0,0 +1,4 @@
+CREATE TABLE roles (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  name VARCHAR(255) NOT NULL
+);

migrations/004.do.roles.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS roles;

migrations/004.undo.roles.sql

@@ -0,0 +1,7 @@
+CREATE TABLE user_roles (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  user_id INT NOT NULL,
+  role_id INT NOT NULL,
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE
+);