Include installation README

Author: Brayden

src/api/index.ts

@@ -0,0 +1,14 @@
+// This file is a template for adding your own API endpoints.
+// You can access these endpoints at the following URL:
+// https://starbasedb.YOUR-IDENTIFIER.workers.dev/api/your/path/here
+
+export async function handleApiRequest(request: Request): Promise<Response> {
+    const url = new URL(request.url);
+
+    // EXAMPLE:
+    // if (request.method === 'GET' && url.pathname === '/api/your/path/here') {
+    //     return new Response('Success', { status: 200 });
+    // }
+
+    return new Response('Not found', { status: 404 });
+}

src/index.ts

@@ -8,6 +8,7 @@ import { exportTableToJsonRoute } from './export/json';
 import { exportTableToCsvRoute } from './export/csv';
 import { importDumpRoute } from './import/dump';
 import { importTableFromJsonRoute } from './import/json';
+import { handleApiRequest } from "./api";
 
 const DURABLE_OBJECT_ID = 'sql-durable-object';
 
@@ -16,6 +17,7 @@ interface Env {
     DATABASE_DURABLE_OBJECT: DurableObjectNamespace;
     STUDIO_USER?: string;
     STUDIO_PASS?: string;
+    // ## DO NOT REMOVE: INSERT TEMPLATE INTERFACE ##
     AUTH: {
         handleAuth(pathname: string, verb: string, body: any): Promise<Response>;
     }
@@ -189,6 +191,8 @@ export class DatabaseDurableObject extends DurableObject {
                 return createResponse(undefined, 'Table name is required', 400);
             }
             return importTableFromJsonRoute(this.sql, this.operationQueue, this.ctx, this.processingOperation, tableName, request);
+        } else if (url.pathname.startsWith('/api')) {
+            return await handleApiRequest(request);
         } else {
             return createResponse(undefined, 'Unknown operation', 400);
         }
@@ -289,6 +293,8 @@ export default {
         let id: DurableObjectId = env.DATABASE_DURABLE_OBJECT.idFromName(DURABLE_OBJECT_ID);
 		let stub = env.DATABASE_DURABLE_OBJECT.get(id);
 
+        // ## DO NOT REMOVE: INSERT TEMPLATE ROUTING LOGIC ##
+
         /**
          * If the pathname starts with /auth, we want to pass the request off to another Worker
          * that is responsible for handling authentication.

templates/auth/src/README.md

@@ -0,0 +1,65 @@
+# Installation Guide
+Follow the below steps to deploy the user authentication template into your existing
+StarbaseDB instance. These steps will alter your StarbaseDB application logic so that
+it includes capabilities for handling the routing of `/auth` routes to a new Cloudflare
+Worker instance that will be deployed – which will handle all application logic for
+user authentication.
+
+## Step-by-step Instructions
+
+### Add service bindings to your StarbaseDB wrangler.toml
+This will let your StarbaseDB instance know that we are deploying another Worker
+and it should use that for our authentication application routing logic.
+
+```
+[[services]]
+binding = "AUTH"
+service = "starbasedb_auth"
+entrypoint = "AuthEntrypoint"
+```
+
+### Add AUTH to Env interface in `./src/index.ts`
+Updates your `./src/index.ts` inside your StarbaseDB project so that your project
+can now have a proper type-safe way of calling functionality that exists in this
+new Cloudflare Worker that handles authentication.
+
+```
+AUTH: {
+    handleAuth(pathname: string, verb: string, body: any): Promise<Response>;
+}
+```
+
+### Add routing logic in default export in `./src/index.ts`
+We will add the below block of code in our `export default` section of our
+StarbaseDB so that we can pick up on any `/auth` routes and immediately redirect
+them to the new Cloudflare Worker.
+
+```
+if (pathname.startsWith('/auth')) {
+    const body = await request.json();
+    return await env.AUTH.handleAuth(pathname, request.method, body);
+}
+```
+
+### Execute SQL statements in `migration.sql` to create required tables
+This will create the tables and constraints for user signup/login, and sessions
+required for the authentication operations to succeed.
+
+### Run typegen in main project
+With our newly added service bindings in our StarbaseDB `wrangler.toml` file we can
+now generate an updated typegen output so our project knows that `AUTH` exists.
+```
+npm run cf-typegen
+```
+
+### Deploy template project to Cloudflare
+Next, we will deploy our new authentication logic to a new Cloudflare Worker instance.
+```
+cd ./templates/auth
+npm run deploy
+```
+
+### Deploy updates in our main StarbaseDB
+With all of the changes we have made to our StarbaseDB instance we can now deploy
+the updates so that all of the new authentication application logic can exist and
+be accessible.

templates/auth/src/email/index.ts

@@ -1,53 +1,60 @@
 import { createResponse, encryptPassword, verifyPassword } from "../utils";
 
 export async function signup(stub: any, env: any, body: any) {
-    if ((!body.email && !body.username) || !body.password) {
-        return new Response(JSON.stringify({error: "Missing required fields"}), {status: 400, headers: {'Content-Type': 'application/json'}});
-    }
+    try {
+        if ((!body.email && !body.username) || !body.password) {
+            return createResponse(undefined, "Missing required fields", 400);
+        }
 
-    const isValidPassword = verifyPassword(env, body.password);
-    if (!isValidPassword) {
-        const errorMessage = `Password must be at least ${env.PASSWORD_REQUIRE_LENGTH} characters, ` +
-            `${env.PASSWORD_REQUIRE_UPPERCASE ? "contain at least one uppercase letter, " : ""}` +
-            `${env.PASSWORD_REQUIRE_LOWERCASE ? "contain at least one lowercase letter, " : ""}` +
-            `${env.PASSWORD_REQUIRE_NUMBER ? "contain at least one number, " : ""}` +
-            `${env.PASSWORD_REQUIRE_SPECIAL ? "contain at least one special character, " : ""}`;
-        return createResponse(undefined, errorMessage, 400);
-    }
+        const isValidPassword = verifyPassword(env, body.password);
+        if (!isValidPassword) {
+            const errorMessage = `Password must be at least ${env.PASSWORD_REQUIRE_LENGTH} characters ` +
+                `${env.PASSWORD_REQUIRE_UPPERCASE ? ", contain at least one uppercase letter " : ""}` +
+                `${env.PASSWORD_REQUIRE_LOWERCASE ? ", contain at least one lowercase letter " : ""}` +
+                `${env.PASSWORD_REQUIRE_NUMBER ? ", contain at least one number " : ""}` +
+                `${env.PASSWORD_REQUIRE_SPECIAL ? ", contain at least one special character " : ""}`;
+            return createResponse(undefined, errorMessage, 400);
+        }
 
-    // Check to see if the username or email already exists
-    let verifyUserResponse = await stub.executeExternalQuery(`SELECT * FROM auth_users WHERE username = ? OR email = ?`, [body.username, body.email]);
-    if (verifyUserResponse.result.length > 0) {
-        return createResponse(undefined, "Username or email already exists", 400);
-    }
+        // Check to see if the username or email already exists
+        let verifyUserResponse = await stub.executeExternalQuery(`SELECT * FROM auth_users WHERE username = ? OR email = ?`, [body.username, body.email]);
+        if (verifyUserResponse?.result?.length > 0) {
+            return createResponse(undefined, "Username or email already exists", 400);
+        }
 
-    // Create the user
-    const encryptedPassword = await encryptPassword(body.password);
-    let createUserResponse = await stub.executeExternalQuery(
-      `INSERT INTO auth_users (username, password, email) 
-       VALUES (?, ?, ?) 
-       RETURNING id, username, email`,
-      [body.username, encryptedPassword, body.email]
-    );
+        // Create the user
+        const encryptedPassword = await encryptPassword(body.password);
+        let createUserResponse = await stub.executeExternalQuery(
+        `INSERT INTO auth_users (username, password, email) 
+        VALUES (?, ?, ?) 
+        RETURNING id, username, email`,
+        [body.username, encryptedPassword, body.email]
+        );
 
-    if (createUserResponse.result.length === 0) {
-        return createResponse(undefined, "Failed to create user", 500);
-    }
+        console.log('Flag 6')
+        if (createUserResponse?.result?.length === 0) {
+            return createResponse(undefined, "Failed to create user", 500);
+        }
 
-    // Create a session for the user
-    const sessionToken = crypto.randomUUID();
-    let createSessionResponse = await stub.executeExternalQuery(
-      `INSERT INTO auth_sessions (user_id, session_token) 
-       VALUES (?, ?) 
-       RETURNING user_id, session_token, created_at`,
-      [createUserResponse.result[0].id, sessionToken]
-    );
+        console.log('Flag 7')
+        // Create a session for the user
+        const sessionToken = crypto.randomUUID();
+        let createSessionResponse = await stub.executeExternalQuery(
+        `INSERT INTO auth_sessions (user_id, session_token) 
+        VALUES (?, ?) 
+        RETURNING user_id, session_token, created_at`,
+        [createUserResponse.result[0].id, sessionToken]
+        );
 
-    if (createSessionResponse.result.length === 0) {
-        return createResponse(undefined, "Failed to create session", 500);
-    }
+        if (createSessionResponse?.result?.length === 0) {
+            return createResponse(undefined, "Failed to create session", 500);
+        }
 
-    return createResponse(createSessionResponse.result[0], undefined, 200);
+        return createResponse(createSessionResponse.result[0], undefined, 200);
+    } catch (error) {
+        console.error('Signup Error:', error);
+        return createResponse(undefined, "Username or email already exists", 500);
+    }
 }
 
 export async function login(stub: any, body: any) {
@@ -57,7 +64,7 @@ export async function login(stub: any, body: any) {
 
     const encryptedPassword = await encryptPassword(body.password);
     let verifyUserResponse = await stub.executeExternalQuery(`SELECT * FROM auth_users WHERE (username = ? OR email = ?) AND password = ?`, [body.username, body.email, encryptedPassword]);
-    if (verifyUserResponse.result.length === 0) {
+    if (verifyUserResponse?.result?.length === 0) {
         return createResponse(undefined, "User not found", 404);
     }
 
@@ -72,7 +79,7 @@ export async function login(stub: any, body: any) {
       [user.id, sessionToken]
     );
 
-    if (createSessionResponse.result.length === 0) {
+    if (createSessionResponse?.result?.length === 0) {
         return createResponse(undefined, "Failed to create session", 500);
     }
 

templates/auth/src/index.ts

@@ -10,40 +10,6 @@ export default class AuthEntrypoint extends WorkerEntrypoint {
     // Currently, entrypoints without a named handler are not supported
     async fetch() { return new Response(null, {status: 404}); }
 
-    /**
-     * Sets up the auth tables if they don't exist
-     * @returns 
-     */
-    async setupAuthTables() {
-        const createUserTableQuery = `
-            CREATE TABLE IF NOT EXISTS auth_users (
-                id INTEGER PRIMARY KEY AUTOINCREMENT,
-                username TEXT UNIQUE,
-                password TEXT NOT NULL,
-                email TEXT UNIQUE,
-                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-                deleted_at TIMESTAMP DEFAULT NULL,
-                email_confirmed_at TIMESTAMP DEFAULT NULL,
-                CHECK ((username IS NOT NULL AND email IS NULL) OR (username IS NULL AND email IS NOT NULL) OR (username IS NOT NULL AND email IS NOT NULL))
-            );
-        `;
-
-        const createSessionTableQuery = `
-            CREATE TABLE IF NOT EXISTS auth_sessions (
-                id INTEGER PRIMARY KEY AUTOINCREMENT,
-                user_id INTEGER NOT NULL,
-                session_token TEXT NOT NULL UNIQUE,
-                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-                deleted_at TIMESTAMP DEFAULT NULL,
-                FOREIGN KEY (user_id) REFERENCES auth_users (id)
-            );
-        `;
-
-        // Make a request to the binded database
-        let response = await this.stub.executeExternalQuery(`${createUserTableQuery} ${createSessionTableQuery}`, []);
-        return response;
-    }
-
     /**
      * Handles the auth requests, forwards to the appropriate handler
      * @param pathname 
@@ -52,17 +18,15 @@ export default class AuthEntrypoint extends WorkerEntrypoint {
      * @returns 
      */
     async handleAuth(pathname: string, verb: string, body: any) {
-        console.log('Handling Auth in Service Binding: ', body)
-
         let id: DurableObjectId = this.env.DATABASE_DURABLE_OBJECT.idFromName(DURABLE_OBJECT_ID);
 		this.stub = this.env.DATABASE_DURABLE_OBJECT.get(id);
 
-        await this.setupAuthTables();
-
         if (verb === "POST" && pathname === "/auth/signup") {
-            return emailSignup(this.stub, this.env, body);
+            return await emailSignup(this.stub, this.env, body);
         } else if (verb === "POST" && pathname === "/auth/login") {
-            return emailLogin(this.stub, body);
+            return await emailLogin(this.stub, body);
+        } else if (verb === "POST" && pathname === "/auth/logout") {
+            return await this.handleLogout(body);
         }
 
         return new Response(null, {status: 405});
@@ -74,7 +38,7 @@ export default class AuthEntrypoint extends WorkerEntrypoint {
      * @param body 
      * @returns 
      */
-    async handleLogout(request: Request, body: any) {
+    async handleLogout(body: any) {
         await this.stub.executeExternalQuery(`UPDATE auth_sessions SET deleted_at = CURRENT_TIMESTAMP WHERE user_id = ?`, [body.user_id]);
         return createResponse(JSON.stringify({
             success: true,

templates/auth/src/migration.sql

@@ -0,0 +1,34 @@
+CREATE TABLE IF NOT EXISTS auth_users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT COLLATE NOCASE,
+    password TEXT NOT NULL,
+    email TEXT COLLATE NOCASE,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    deleted_at TIMESTAMP DEFAULT NULL,
+    email_confirmed_at TIMESTAMP DEFAULT NULL,
+    UNIQUE(username),
+    UNIQUE(email),
+    CHECK ((username IS NOT NULL AND email IS NULL) OR (username IS NULL AND email IS NOT NULL) OR (username IS NOT NULL AND email IS NOT NULL))
+);
+
+CREATE TRIGGER IF NOT EXISTS prevent_username_email_overlap 
+BEFORE INSERT ON auth_users
+BEGIN
+    SELECT CASE 
+        WHEN EXISTS (
+            SELECT 1 FROM auth_users 
+            WHERE (NEW.username IS NOT NULL AND (NEW.username = username OR NEW.username = email))
+               OR (NEW.email IS NOT NULL AND (NEW.email = username OR NEW.email = email))
+        )
+    THEN RAISE(ABORT, 'Username or email already exists')
+    END;
+END;
+
+CREATE TABLE IF NOT EXISTS auth_sessions (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    session_token TEXT NOT NULL UNIQUE,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    deleted_at TIMESTAMP DEFAULT NULL,
+    FOREIGN KEY (user_id) REFERENCES auth_users (id)
+);

templates/auth/wrangler.toml

@@ -5,11 +5,6 @@ compatibility_date = "2024-09-25"
 [durable_objects]
 bindings = [{ name = "DATABASE_DURABLE_OBJECT", class_name = "DatabaseDurableObject", script_name = "starbasedb" }]
 
-# Allows for us to send user management emails such as email confirmation.
-send_email = [
-    {name = "<NAME_FOR_BINDING1>"}
-]
-
 [vars]
 REQUIRE_EMAIL_CONFIRM = 1
 PASSWORD_REQUIRE_LENGTH = 13

wrangler.toml

@@ -5,6 +5,7 @@ compatibility_date = "2024-09-25"
 account_id = ""
 
 # Service Bindings
+## DO NOT REMOVE: INSERT TEMPLATE SERVICE BINDINGS ##
 [[services]]
 binding = "AUTH"
 service = "starbasedb_auth"