prisma · gautvm · May 18, 2021 · May 18, 2021 · May 18, 2021 · May 18, 2021
diff --git a/typescript/rest-express-auth/.gitignore b/typescript/rest-express-auth/.gitignore
@@ -0,0 +1,3 @@
+node_modules/
+dist/
+*.env*
diff --git a/typescript/rest-express-auth/package.json b/typescript/rest-express-auth/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "rest-express-auth",
+  "version": "1.0.0",
+  "license": "MIT",
+  "scripts": {
+    "dev": "ts-node src/index.ts"
+  },
+  "keywords": [],
+  "author": "",
+  "dependencies": {
+    "@prisma/client": "^2.22.1",
+    "argon2": "^0.27.2",
+    "express": "^4.17.1",
+    "jsonwebtoken": "^8.5.1"
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.11",
+    "@types/jsonwebtoken": "^8.5.1",
+    "@types/node": "^15.3.0",
+    "ts-node": "^9.1.1",
+    "typescript": "^4.2.4"
+  }
+}
diff --git a/typescript/rest-express-auth/prisma/schema.prisma b/typescript/rest-express-auth/prisma/schema.prisma
@@ -0,0 +1,29 @@
+datasource db {
+  provider = "sqlite"
+  url      = "file:./dev.db"
+}
+
+generator client {
+  provider = "prisma-client-js"
+}
+
+model User {
+  id         Int     @id @default(autoincrement())
+  email      String  @unique
+  password   String
+  username       String
+  posts      Post[]
+  sessionID String?
+}
+
+model Post {
+  id        Int      @id @default(autoincrement())
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  title     String
+  content   String?
+  published Boolean  @default(false)
+  viewCount Int      @default(0)
+  author    User?    @relation(fields: [authorId], references: [id])
+  authorId  Int?
+}
diff --git a/typescript/rest-express-auth/src/index.ts b/typescript/rest-express-auth/src/index.ts
@@ -0,0 +1,22 @@
+import { auth as AuthRoutes } from './routes/Auth'
+import { account as AccountRoutes } from './routes/Account'
+import { post as PostRoutes } from './routes/Post'
+import express from 'express'
+
+declare global {
+  namespace Express {
+    interface Request {
+      user?: import('@prisma/client').User
+    }
+  }
+}
+
+const app = express()
+
+app.use(express.json())
+
+app.use('/auth', AuthRoutes)
+app.use('/account', AccountRoutes)
+app.use('/posts', PostRoutes)
+
+app.listen(3000, () => console.log(`🚀 Server ready at: http://localhost:3000`))
diff --git a/typescript/rest-express-auth/src/lib/prisma.ts b/typescript/rest-express-auth/src/lib/prisma.ts
@@ -0,0 +1,3 @@
+import { PrismaClient } from '@prisma/client'
+
+export const prisma = new PrismaClient()
diff --git a/typescript/rest-express-auth/src/middlewares/isAuth.ts b/typescript/rest-express-auth/src/middlewares/isAuth.ts
@@ -0,0 +1,55 @@
+import { PrismaClient, User } from '@prisma/client'
+import { NextFunction, Request, Response } from 'express'
+import jwt from 'jsonwebtoken'
+
+const prisma = new PrismaClient()
+
+export const isAuth = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) => {
+  if (!req.headers['authorization'])
+    return res
+      .status(400)
+      .json({ success: false, error: 'missing auth header' })
+
+  const authHeader = req.headers['authorization']
+  const authMethod = authHeader.split(' ')[0]
+  const accessToken = authHeader.split(' ')[1]
+
+  if (!authMethod || !accessToken) {
+    return res.json({ success: false, error: 'invalid auth header' })
+  } else if (authMethod !== 'Bearer') {
+    return res.json({ success: false, error: 'invalid auth method' })
+  }
+
+  let tokenBody: any
+
+  try {
+    tokenBody = jwt.verify(accessToken, 'secret')
+  } catch {
+    return res.json({
+      success: false,
+      error: 'invalid token',
+    })
+  }
+
+  if (!tokenBody.userID) {
+    return res.json({ success: false, error: 'invalid token' })
+  }
+
+  const user = await prisma.user.findUnique({
+    where: {
+      id: tokenBody.userID,
+    },
+  })
+
+  if (!user) {
+    return res.json({ success: false, error: 'User does not exist' })
+  }
+
+  req.user = user
+
+  next()
+}
diff --git a/typescript/rest-express-auth/src/routes/Account.ts b/typescript/rest-express-auth/src/routes/Account.ts
@@ -0,0 +1,17 @@
+import { prisma } from '../lib/prisma'
+import { isAuth } from '../middlewares/isAuth'
+import { Router } from 'express'
+
+export const account = Router()
+
+account.put('/update', (req, res) => {})
+
+account.delete('/delete', isAuth, async (req, res) => {
+  await prisma.user.delete({
+    where: {
+      id: req.user?.id,
+    },
+  })
+
+  return res.json({ success: true })
+})
diff --git a/typescript/rest-express-auth/src/routes/Auth.ts b/typescript/rest-express-auth/src/routes/Auth.ts
@@ -0,0 +1,94 @@
+import { prisma } from '../lib/prisma'
+import { isAuth } from '../middlewares/isAuth'
+import { generateID } from '../utils/generateID'
+import { Router } from 'express'
+import jwt from 'jsonwebtoken'
+import argon2 from 'argon2'
+
+export const auth = Router()
+
+auth.post('/signup', async (req, res) => {
+  const { email, password, username } = req.body
+
+  if (!email || !password || !username) {
+    return res.json({
+      success: false,
+      error: 'Missing request body properties',
+    })
+  }
+
+  const result = await prisma.user.findFirst({
+    where: {
+      username,
+    },
+  })
+
+  if (result) return res.json({ success: false, error: 'User already exists' })
+
+  const hashedPassword = await argon2.hash(password)
+
+  const user = await prisma.user.create({
+    data: {
+      email: email,
+      password: hashedPassword,
+      username: username,
+    },
+  })
+
+  const accessToken = jwt.sign({ userID: user.id }, 'secret')
+
+  return res.json({ success: true, accessToken: accessToken })
+})
+
+auth.post('/login', async (req, res) => {
+  const { username, password } = req.body
+
+  if (!username || !password) {
+    return res.json({
+      success: false,
+      error: 'Missing request body properties',
+    })
+  }
+
+  const user = await prisma.user.findFirst({
+    where: {
+      username,
+    },
+  })
+
+  if (!user) {
+    return res.json({ success: false, error: 'User not found' })
+  }
+
+  if (await argon2.verify(user.password, password)) {
+    const sessionID = await generateID(30)
+
+    await prisma.user.update({
+      where: {
+        id: user.id,
+      },
+      data: {
+        sessionID: sessionID,
+      },
+    })
+
+    const accessToken = jwt.sign({ userID: user.id, sessionID }, 'secret')
+
+    return res.json({ success: true, accessToken: accessToken })
+  } else {
+    return res.json({ success: false, error: 'Invalid password' })
+  }
+})
+
+auth.post('/logout', isAuth, async (req, res) => {
+  await prisma.user.update({
+    where: {
+      id: req.user?.id,
+    },
+    data: {
+      sessionID: '',
+    },
+  })
+
+  res.json({ success: true })
+})
diff --git a/typescript/rest-express-auth/src/routes/Post.ts b/typescript/rest-express-auth/src/routes/Post.ts
@@ -0,0 +1,10 @@
+import { prisma } from '../lib/prisma'
+import { Router } from 'express'
+
+export const post = Router()
+
+post.get('/get', async (req, res) => {
+  const result = await prisma.post.findMany({})
+
+  return res.json(result)
+})
diff --git a/typescript/rest-express-auth/src/utils/generateID.ts b/typescript/rest-express-auth/src/utils/generateID.ts
@@ -0,0 +1,5 @@
+import crypto from 'crypto'
+
+export const generateID = async (length: number) => {
+  return crypto.randomBytes(length).toString('base64')
+}
diff --git a/typescript/rest-express-auth/tsconfig.json b/typescript/rest-express-auth/tsconfig.json
@@ -0,0 +1,9 @@
+{
+  "compilerOptions": {
+    "sourceMap": true,
+    "outDir": "dist",
+    "strict": true,
+    "lib": ["esnext"],
+    "esModuleInterop": true
+  }
+}