feat: Create an Auth Guard in API (#76)

* feat: create UnauthorizedError

* feat: implement Next Auth in handleApiRequest

* refactor: create HandleApiRequestArgs

* feat: implement new handleApiRequest

* docs: add unauthorized error

* refactor: move test token into needToBeAuthenticated condition

* fix: handleApiRequest tests

* fix: linter

* test: Create tests for  BusinessError

* test: recreate handle-api-request.test.ts

* fix: handleApiRequest import

* fix: mocks

* fix: test

* test: create tests for HashService

* fix: test

* test: add tests for SignInUseCase

* test: add tests for SignInUseCase

* test: add tests for handlePrismaError

* fix:  linter

* fix: Makefile

Author: vbetsch

Makefile

@@ -65,5 +65,5 @@ clean:
 # Aliases
 run: up dev
 checks: lint tests
-ci: checks build
+ci: lint coverage build
 .PHONY: run checks ci

src/app/api/auth/register/route.ts

@@ -46,9 +46,14 @@ export async function POST(
 ): Promise<NextResponse<HttpResponseDto<RegisterDataDto>>> {
   const payload: RegisterPayloadDto = await request.json();
   const registerUseCase: RegisterUseCase = container.resolve(RegisterUseCase);
-  return await handleApiRequest<RegisterDataDto>(async () => {
-    const userCreated: UserModelDto = await registerUseCase.handle(payload);
-    const response: RegisterDataDto = { userCreated };
-    return response;
-  }, StatusCodes.CREATED);
+  return await handleApiRequest<RegisterDataDto>({
+    request: request,
+    needToBeAuthenticated: false,
+    callback: async () => {
+      const userCreated: UserModelDto = await registerUseCase.handle(payload);
+      const response: RegisterDataDto = { userCreated };
+      return response;
+    },
+    successStatusCode: StatusCodes.CREATED,
+  });
 }

src/app/api/vaults/[id]/route.ts

@@ -29,6 +29,12 @@ import type { HttpOptions } from '@shared/dto/input/options/abstract/http-option
  *           application/json:
  *             schema:
  *               $ref: '#/components/schemas/HttpErrorDto'
+ *       401:
+ *         description: Unauthorized
+ *         content:
+ *           application/json:
+ *             schema:
+ *               $ref: '#/components/schemas/HttpErrorDto'
  *       500:
  *         description: Internal Server Error
  *         content:
@@ -42,8 +48,10 @@ export async function DELETE(
 ): Promise<NextResponse> {
   const deleteVaultUseCase: DeleteVaultUseCase =
     container.resolve(DeleteVaultUseCase);
-  return await handleApiRequest<void>(
-    async () => deleteVaultUseCase.handle(await options.params),
-    StatusCodes.NO_CONTENT
-  );
+  return await handleApiRequest<void>({
+    request: request,
+    needToBeAuthenticated: true,
+    callback: async () => deleteVaultUseCase.handle(await options.params),
+    successStatusCode: StatusCodes.NO_CONTENT,
+  });
 }

src/app/api/vaults/route.ts

@@ -24,22 +24,32 @@ import type { CreateVaultPayloadDto } from '@shared/dto/input/payloads/create-va
  *           application/json:
  *             schema:
  *               $ref: '#/components/schemas/GetMyVaultsBodyDto'
+ *       401:
+ *         description: Unauthorized
+ *         content:
+ *           application/json:
+ *             schema:
+ *               $ref: '#/components/schemas/HttpErrorDto'
  *       500:
  *         description: Internal Server Error
  *         content:
  *           application/json:
  *             schema:
  *               $ref: '#/components/schemas/HttpErrorDto'
  */
-export async function GET(): Promise<
-  NextResponse<HttpResponseDto<GetMyVaultsDataDto>>
-> {
+export async function GET(
+  request: NextRequest
+): Promise<NextResponse<HttpResponseDto<GetMyVaultsDataDto>>> {
   const getMyVaultsUseCase: GetMyVaultsUseCase =
     container.resolve(GetMyVaultsUseCase);
-  return await handleApiRequest<GetMyVaultsDataDto>(async () => {
-    const myVaults: VaultModelDto[] = await getMyVaultsUseCase.handle();
-    const response: GetMyVaultsDataDto = { myVaults };
-    return response;
+  return await handleApiRequest<GetMyVaultsDataDto>({
+    request: request,
+    needToBeAuthenticated: true,
+    callback: async () => {
+      const myVaults: VaultModelDto[] = await getMyVaultsUseCase.handle();
+      const response: GetMyVaultsDataDto = { myVaults };
+      return response;
+    },
   });
 }
 
@@ -74,6 +84,12 @@ export async function GET(): Promise<
  *           application/json:
  *             schema:
  *               $ref: '#/components/schemas/BusinessErrorDto'
+ *       401:
+ *         description: Unauthorized
+ *         content:
+ *           application/json:
+ *             schema:
+ *               $ref: '#/components/schemas/HttpErrorDto'
  *       500:
  *         description: Internal Server Error
  *         content:
@@ -87,10 +103,15 @@ export async function POST(
   const payload: CreateVaultPayloadDto = await request.json();
   const createVaultUseCase: CreateVaultUseCase =
     container.resolve(CreateVaultUseCase);
-  return await handleApiRequest<CreateVaultDataDto>(async () => {
-    const vaultCreated: VaultModelDto =
-      await createVaultUseCase.handle(payload);
-    const response: CreateVaultDataDto = { vaultCreated };
-    return response;
-  }, StatusCodes.CREATED);
+  return await handleApiRequest<CreateVaultDataDto>({
+    request: request,
+    needToBeAuthenticated: true,
+    callback: async () => {
+      const vaultCreated: VaultModelDto =
+        await createVaultUseCase.handle(payload);
+      const response: CreateVaultDataDto = { vaultCreated };
+      return response;
+    },
+    successStatusCode: StatusCodes.CREATED,
+  });
 }

src/modules/api/errors/http/unauthorized.error.ts

@@ -0,0 +1,8 @@
+import { HttpError } from '@shared/errors/http-error';
+import { StatusCodes } from 'http-status-codes';
+
+export class UnauthorizedError extends HttpError {
+  public constructor() {
+    super('Unauthorized', StatusCodes.UNAUTHORIZED);
+  }
+}

src/modules/api/helpers/api/handle-api-request.ts

@@ -1,26 +1,54 @@
 import { HttpError } from '@shared/errors/http-error';
 import { StatusCodes } from 'http-status-codes';
+import type { NextRequest } from 'next/server';
 import { NextResponse } from 'next/server';
 import type { HttpResponseDto } from '@shared/dto/output/responses/abstract/http.response.dto';
 import { ApiLogger } from '@api/logs/api.logger';
 import { InternalServerError } from '@api/errors/http/internal-server.error';
 import { BusinessError } from '@shared/errors/business-error';
+import type { JWT } from 'next-auth/jwt';
+import { getToken } from 'next-auth/jwt';
+import { UnauthorizedError } from '@api/errors/http/unauthorized.error';
+import type { Session } from 'next-auth';
+import { getServerSession } from 'next-auth';
+import { authOptions } from '@lib/auth';
+
+export type HandleApiRequestArgs<Data> = {
+  request: NextRequest;
+  needToBeAuthenticated: boolean;
+  callback: () => Promise<Data>;
+  successStatusCode?: StatusCodes;
+};
 
 export async function handleApiRequest<Data>(
-  callback: () => Promise<Data>,
-  successStatusCode?: StatusCodes
+  args: HandleApiRequestArgs<Data>
 ): Promise<NextResponse<HttpResponseDto<Data>>> {
   try {
-    const data: Awaited<Data> = await callback();
+    if (args.needToBeAuthenticated) {
+      const token: JWT | null = await getToken({
+        req: args.request,
+        secret: process.env.NEXTAUTH_SECRET,
+      });
+      if (!token) {
+        throw new UnauthorizedError();
+      }
+
+      const session: Session | null = await getServerSession(authOptions);
+      if (!session) {
+        throw new UnauthorizedError();
+      }
+    }
+
+    const data: Awaited<Data> = await args.callback();
 
-    if (successStatusCode === StatusCodes.NO_CONTENT) {
+    if (args.successStatusCode === StatusCodes.NO_CONTENT) {
       return new NextResponse(null, { status: StatusCodes.NO_CONTENT });
     }
 
     return NextResponse.json(
       { data },
       {
-        status: successStatusCode || StatusCodes.OK,
+        status: args.successStatusCode || StatusCodes.OK,
       }
     );
   } catch (error: unknown) {