Merge pull request #61 from wednesday-solutions/feat/auth

feat: move all auth to paths.js

Author: alichherawalla

.eslintignore

@@ -0,0 +1,64 @@
+.DS_Store
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.local
+
+# next.js build output
+.next
+__tests__/__load__/libs

__tests__/server/api/orders/index.test.js

@@ -14,7 +14,11 @@ import { redis } from 'services/redis';
 import { mockData } from 'utils/mockData';
 const { MOCK_ORDER_DETAILS: mockOrderDetails, MOCK_ORDER: mockOrder } =
     mockData;
-
+jest.mock('middlewares/auth', () => ({
+    checkJwt: (req, res, next) => {
+        next();
+    }
+}));
 describe('Order  tests', () => {
     const date = '1994-10-24';
     const amt = 25000;

__tests__/server/api/referencedOrders/index.test.js

@@ -4,7 +4,11 @@ import app from 'server';
 import { mockData } from 'utils/mockData';
 
 const { MOCK_UNSHARDED_REFERENCED_ORDERS: mockReferencedOrders } = mockData;
-
+jest.mock('middlewares/auth', () => ({
+    checkJwt: (req, res, next) => {
+        next();
+    }
+}));
 describe('fetchAllReferencedOrders tests', () => {
     let MODEL_NAME;
     let ENDPOINT;

__tests__/server/api/unshardedReferencedOrders/index.test.js

@@ -5,7 +5,11 @@ import kebabCase from 'lodash/kebabCase';
 
 const { MOCK_UNSHARDED_REFERENCED_ORDERS: mockUnshardedReferencedOrders } =
     mockData;
-
+jest.mock('middlewares/auth', () => ({
+    checkJwt: (req, res, next) => {
+        next();
+    }
+}));
 describe('fetchAllUnshardedReferencedOrders tests', () => {
     let MODEL_NAME;
     let ENDPOINT;

__tests__/server/middlewares/auth/paths.test.js

@@ -0,0 +1,205 @@
+import { authMiddlewareFunc } from 'server/middlewares/auth/utils';
+import { paths } from 'server/middlewares/auth/paths';
+import { SCOPE_TYPE } from 'utils/constants';
+import { isEqual } from 'lodash';
+
+jest.mock('server/middlewares/auth/utils', () => ({
+    authMiddlewareFunc: jest.fn()
+}));
+
+const testPaths = [
+    {
+        path: '/assign-roles',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN],
+        method: 'PUT'
+    },
+    {
+        path: '/roles',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN],
+        method: 'POST'
+    },
+    {
+        path: '/stores',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN],
+        method: 'POST'
+    },
+    {
+        path: '/aggregate/order-amount',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN],
+        method: 'GET'
+    },
+    {
+        path: '/orders',
+        method: 'POST'
+    },
+    {
+        path: '/orders/:_id',
+        method: 'GET'
+    },
+    {
+        path: '/orders',
+        method: 'GET'
+    },
+    {
+        path: '/referenced-orders',
+        method: 'GET'
+    },
+    {
+        path: '/unsharded-orders',
+        method: 'GET'
+    },
+    {
+        path: '/unsharded-referenced-orders',
+        method: 'GET'
+    },
+    {
+        path: '/stores',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/stores/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/stores/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'PATCH',
+        hasCustomAuth: true
+    },
+
+    {
+        path: '/stores/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'DELETE',
+        hasCustomAuth: true
+    },
+    {
+        path: '/store-products',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'POST',
+        hasCustomAuth: true
+    },
+    {
+        path: '/store-products',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/store-products/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/store-products/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.STORE_ADMIN],
+        method: 'DELETE',
+        hasCustomAuth: true
+    },
+    {
+        path: '/suppliers',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN],
+        method: 'POST'
+    },
+    {
+        path: '/suppliers/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/suppliers',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/suppliers/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'PATCH',
+        hasCustomAuth: true
+    },
+    {
+        path: '/suppliers/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'DELETE',
+        hasCustomAuth: true
+    },
+    {
+        path: '/supplier-products',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'POST',
+        hasCustomAuth: true
+    },
+    {
+        path: '/supplier-products',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/supplier-products/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'GET',
+        hasCustomAuth: true
+    },
+    {
+        path: '/supplier-products/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'PATCH',
+        hasCustomAuth: true
+    },
+    {
+        path: '/supplier-products/:_id',
+        scopes: [SCOPE_TYPE.SUPER_ADMIN, SCOPE_TYPE.SUPPLIER_ADMIN],
+        method: 'DELETE',
+        hasCustomAuth: true
+    }
+];
+describe('paths', () => {
+    it('check if all the paths are present', async () => {
+        let i = 0;
+        function checkIfPathMatches(path, testPath) {
+            return path.path.toUpperCase() === testPath.path.toUpperCase();
+        }
+        function checkIfMethodMatches(path, testPath) {
+            return path.method.toUpperCase() === testPath.method.toUpperCase();
+        }
+        function checkIfScopesMatch(path, testPath) {
+            return isEqual(path.scopes, testPath.scopes);
+        }
+        await Promise.all(
+            testPaths.map(async testPath => {
+                let foundPath = false;
+                await Promise.all(
+                    paths.map(async path => {
+                        if (
+                            checkIfMethodMatches(path, testPath) &&
+                            checkIfPathMatches(path, testPath) &&
+                            checkIfScopesMatch(path, testPath)
+                        ) {
+                            foundPath = true;
+
+                            if (testPath.hasCustomAuth) {
+                                path.authMiddleware(
+                                    { params: {}, user: {}, body: {} },
+                                    {},
+                                    () => {}
+                                );
+                                expect(
+                                    authMiddlewareFunc
+                                ).toHaveBeenCalledTimes(++i);
+                            }
+                        }
+                    })
+                );
+                expect(foundPath).toBe(true);
+            })
+        );
+    });
+});

jest.config.json

@@ -5,7 +5,8 @@
         "**/server/**",
         "!**/node_modules/**",
         "!**/dist/**",
-        "!**/models/**"
+        "!**/models/**",
+        "!__tests__/__load__/libs/**/*.*"
     ],
     "coverageReporters": ["json-summary", "text", "lcov"],
     "testPathIgnorePatterns": ["<rootDir>/dist/"],

server/api/routes/index.js

@@ -7,7 +7,6 @@ import {
     aggregatedOrderAmountValidator,
     fetchAggregatedOrderAmount
 } from 'api/aggregate/orders';
-import { checkJwt } from 'middlewares/auth';
 import { rateLimiter as limiter } from 'middlewares/rateLimiter';
 
 const router = express.Router();
@@ -20,13 +19,12 @@ const rateLimiter = limiter({
 });
 
 router.post('/login', loginValidator, rateLimiter, login);
-router.post('/roles', rateLimiter, checkJwt, roleValidator, roles);
-router.put('/assign-roles', checkJwt, assignRoleValidator, assignRoles);
+router.post('/roles', rateLimiter, roleValidator, roles);
+router.put('/assign-roles', assignRoleValidator, assignRoles);
 router.post('/cron-job', cronJobValidator, cronJob);
 
 router.get(
     '/aggregate/order-amount',
-    checkJwt,
     aggregatedOrderAmountValidator,
     fetchAggregatedOrderAmount
 );

server/index.js

@@ -11,6 +11,7 @@ import log from 'utils/logger';
 import { isTestEnv } from 'utils';
 import { initQueues } from 'utils/queue';
 import { injectRequestId } from 'middlewares/injectRequestId';
+import { checkJwt } from 'middlewares/auth';
 import { middleware as contextMiddleware } from 'express-http-context';
 
 /**
@@ -28,6 +29,7 @@ app.use(express.json());
 // get information from html forms
 app.use(bodyParser.json({ limit: '10mb' }));
 app.use(bodyParser.urlencoded({ extended: true }));
+app.use(checkJwt);
 
 // used for getting and setting request-scoped context anywhere
 app.use(contextMiddleware);