Add new hooks

Author: hirsch88

.env.example

@@ -34,10 +34,4 @@ DB_SEEDS_DIR=./src/database/seeds
 #
 # Auth0
 #
-AUTH0_HOST=https://w3tecch.auth0.com
-AUTH0_OAUTH=/oauth
-AUTH0_API=/api/v2
-AUTH0_CLIENT_ID=auth0_client_id
-AUTH0_CLIENT_SECRET=auth0_client_secret
-AUTH0_AUDIENCE=https://my.auth0.com/api/v2/
-AUTH0_GRANT_TYPE=client_credentials
+AUTH0_HOST=http://localhost:3333

src/api/controllers/UserController.ts

@@ -1,10 +1,11 @@
 import { injectable, inject } from 'inversify';
-import { Controller, Get, Post, Put, Delete, RequestParam, RequestBody, Response } from 'inversify-express-utils';
+import { Controller, Get, Post, Put, Delete, RequestParam, RequestBody, Response, Request } from 'inversify-express-utils';
 import { my } from 'my-express';
 import { Log } from '../../core/log';
 import { UserService } from '../services/UsersService';
 import { Types } from '../../constants/Types';
 import { authenticate } from '../middlewares/authenticate';
+import { populateUser } from '../middlewares/populateUser';
 
 const log = new Log('api:ctrl.UserController');
 
@@ -16,18 +17,24 @@ const log = new Log('api:ctrl.UserController');
  * @class UserController
  */
 @injectable()
-@Controller('/v1/user')
+@Controller('/v1/user', authenticate)
 export class UserController {
 
     constructor( @inject(Types.UserService) private userService: UserService) { }
 
-    @Get('/', authenticate)
+    @Get('/')
     public async findAll( @Response() res: my.Response): Promise<any> {
         log.debug('findAll');
         const users = await this.userService.findAll();
         return res.found(users.toJSON());
     }
 
+    @Get('/me', populateUser)
+    public async findMe( @Request() req: my.Request, @Response() res: my.Response): Promise<any> {
+        log.debug('findMe');
+        return res.found(req.user);
+    }
+
     @Get('/:id')
     public async findOne( @Response() res: my.Response, @RequestParam('id') id: string): Promise<any> {
         log.debug('findOne ', id);

src/api/middlewares/authenticate.ts

@@ -1,3 +1,4 @@
+import * as request from 'request';
 import { my } from 'my-express';
 import { Log } from '../../core/log';
 
@@ -6,14 +7,56 @@ const log = new Log('api:middleware.authenticate');
 /**
  * authenticate middleware
  * -----------------------
- * This middleware can be used to check if all credentials are given and
- * verify them.
+ * This middleware secures your resources with the auth0 authentication.
  *
  * @param req
  * @param res
  * @param next
  */
 export const authenticate = (req: my.Request, res: my.Response, next: my.NextFunction) => {
-    log.info('authenticate');
-    next();
+    const token = getToken(req);
+
+    if (token === null) {
+        log.warn('No token given');
+        return res.failed(403, 'You are not allowed to request this resource!');
+    }
+    log.debug('Token is provided');
+
+    // Request user info at auth0 with the provided token
+    request.post({
+        url: `${process.env.AUTH0_HOST}/tokeninfo`,
+        form: {
+            id_token: token
+        }
+    }, (error: any, response: request.RequestResponse, body: any) => {
+
+        // Verify if the requests was successful and append user
+        // information to our extended express request object
+        if (!error && response.statusCode === 200) {
+            req.tokeninfo = JSON.parse(body);
+            log.info(`Retrieved user ${req.tokeninfo.email}`);
+            return next();
+        }
+
+        // Catch auth0 exception and return it as it is
+        log.warn(`Could not retrieve the user, because of`, body);
+        res.failed(response.statusCode || 401, body);
+
+    });
+
+};
+
+/**
+ * Returns the access token of the given request header
+ */
+const getToken = (req: my.Request): string | null => {
+    const authorization = req.headers.authorization;
+
+    // Retrieve the token form the Authorization header
+    if (authorization && authorization.split(' ')[0] === 'Bearer') {
+        return authorization.split(' ')[1];
+    }
+
+    // No token was provided by the client
+    return null;
 };

src/api/middlewares/populateUser.ts

@@ -0,0 +1,37 @@
+import * as request from 'request';
+import { my } from 'my-express';
+import { Log } from '../../core/log';
+import { UserService } from '../services/UsersService';
+import { Types } from '../../constants/Types';
+import container from '../../container';
+
+const log = new Log('api:middleware.populateUser');
+
+/**
+ * populateUser middleware
+ * -----------------------
+ * This middleware gets the logged-in user form the database and store it in
+ * the request object
+ *
+ * @param req
+ * @param res
+ * @param next
+ */
+export const populateUser = (req: my.Request, res: my.Response, next: my.NextFunction) => {
+
+    if (!req.tokeninfo || !req.tokeninfo.user_id) {
+        return res.failed(400, 'Missing token information!');
+    }
+
+    const userService = container.get<UserService>(Types.UserService);
+    userService.findByUserId(req.tokeninfo.user_id)
+        .then((user) => {
+            req.user = user.toJSON();
+            log.debug(`populated user with the id=${req.user.id} to the request object`);
+            next();
+        })
+        .catch((error) => {
+            log.warn(`could not populate user to the request object`);
+            next(error);
+        });
+};

src/api/models/User.ts

@@ -14,6 +14,10 @@ export class User extends Bookshelf.Model<User> {
         return await User.where<User>({ id: id }).fetch();
     }
 
+    public static async fetchByUserId(userId: string): Promise<User> {
+        return await User.where<User>({ auth_0_user_id: userId }).fetch();
+    }
+
     public get tableName(): string { return Tables.Users; }
     public get hasTimestamps(): boolean { return true; }
 

src/api/repositories/UserRepository.ts

@@ -35,6 +35,17 @@ export class UserRepository {
         return User.fetchById(id);
     }
 
+    /**
+     * Retrieves one user entity of the database
+     *
+     * @static
+     * @param {number} id of the user
+     * @returns {Promise<User>}
+     */
+    public static async findByUserId(userId: string): Promise<User> {
+        return User.fetchByUserId(userId);
+    }
+
     /**
      * Creates a new user entity in the database and returns
      * the new created entity

src/api/services/UsersService.ts

@@ -50,6 +50,21 @@ export class UserService {
         return user;
     }
 
+    /**
+     * Returns the user with the given user_id or throws a Not-Found exception
+     *
+     * @param {number} id of the user
+     * @returns {Promise<User>}
+     */
+    public async findByUserId(userId: string): Promise<User> {
+        let user = await this.userRepo.findByUserId(userId);
+        if (user === null) {
+            log.warn(`User with the userId=${userId} was not found!`);
+            throw new NotFoundException(userId);
+        }
+        return user;
+    }
+
     /**
      * We will validate the data and create a new user and
      * return it, so the client get its new id

src/core/api/extendExpressResponse.ts

@@ -53,7 +53,7 @@ export const extendExpressResponse = (req: my.Request, res: my.Response, next: e
      * 400-500 - Failed
      * This is used when a request has failed
      */
-    res.failed = (status: number, message: string, error: any) => {
+    res.failed = (status: number, message: string, error?: any) => {
         return res.status(status).json(bodyFailed(message, error));
     };
 
@@ -76,11 +76,11 @@ export function bodySuccessful<T>(data: T, options: my.ResponseOptions = {}): an
 /**
  * This body parse is used for error messages to the client
  */
-export function bodyFailed(message: string, error: any): any {
+export function bodyFailed(message: string, error?: any): any {
     return {
         success: false,
         message: message,
-        error: error
+        ...{ error: error }
     };
 }
 

src/database/factories/index.ts

@@ -16,10 +16,13 @@ factory.define(User, (faker: Faker.FakerStatic) => {
     const gender = faker.random.number(1);
     const fn = faker.name.firstName(gender);
     const ln = faker.name.lastName(gender);
+    const e = faker.internet.email(fn, ln);
     return {
         firstName: fn,
         lastName: ln,
-        email: faker.internet.email(fn, ln)
+        email: e,
+        auth0UserId: 'auth0|' + e,
+        picture: faker.internet.avatar()
     };
 });
 

src/database/migrations/20170120183349_create_users_table.ts

@@ -9,6 +9,8 @@ exports.up = (db: Knex): Promise<any> => {
             table.string('first_name').notNullable();
             table.string('last_name').notNullable();
             table.string('email').notNullable().unique();
+            table.string('auth_0_user_id').unique();
+            table.string('picture');
 
             table.timestamp('updated_at').defaultTo(db.fn.now());
             table.timestamp('created_at').defaultTo(db.fn.now());