se agrego el jwt y validaciones en endpoints, y helpers

Author: bgonzalez

controller/auth.controller.js

@@ -1,14 +1,38 @@
 const { response, request } = require('express');
 const { log } = require('../helpers/log');
+const { generate_jwt } = require('../helpers/jeisonguebtoken');
+const { compare_pass } = require('../helpers/encrypt');
+const user_model = require('../models/user');
 
 const login = async (req = request, res = response) => {
     try {
         const { username = '', password = '' } = req.body;
-        if (!username || !password) {
-            throw new Error('[ERROR] Username and Password required');
-        }
+        const user_db = await user_model.findOne({ email: username }) || await user_model.findOne({ username });
 
-        const token = '';
+        // verify user <email> or <username> exist
+        if (!!!user_db) {
+            return res.status(400).json({
+                message: '[ERROR] - Invalid <username> / <password> ',
+                error: 'invalid <username>'
+            });
+        }
+        // vevrify user <status> --> active
+        if (!!!user_db.active) {
+            return res.status(400).json({
+                message: '[ERROR] - Invalid <status>',
+                error: 'user <status> inactive'
+            });
+        }
+        // verify password correct
+        if (!!!compare_pass(password, user_db.password)) {
+            return res.status(400).json({
+                message: '[ERROR] - Invalid <username> / <password> ',
+                error: 'invalid <password>'
+            });
+        }
+        // generate token
+        const { token } = await generate_jwt(user_db.id);
+
         res.json({
             message: '[SUCCESS] - LOGIN SUCCESS',
             token

controller/user.controller.js

@@ -64,10 +64,8 @@ const post_user = async (req = request, res = response) => {
             image,
             google
         });
-
         // encrypyt password
         new_user.password = encrypt_pass(password);
-
         // save db
         await new_user.save();
 
@@ -129,6 +127,34 @@ const put_user = async (req = request, res = response) => {
         });
     }
 
+}
+/**
+ * Handles a PATCH request for updating a user
+ * and returns a JSON response with a success message and an empty data object.
+ * @param [req] - The `req` parameter represents the request object, which contains information about
+ * the incoming HTTP request such as headers, query parameters, and request body.
+ * @param [res] - The `res` parameter is the response object that is used to send a response back to
+ * the client. It contains methods and properties that allow you to control the response, such as
+ * `json()` which is used to send a JSON response.
+ */
+const patch_user = async (req = reques, res = response) => {
+    try {
+        const { _uid, ...user } = req.body;
+        const user_db = await user_model.findByIdAndUpdate({ id: _uid}, user);
+        
+        log(user, user_db);
+        res.json({
+            message: '[SUCCESS] - PATCH USER SUCCESS',
+            data: user_db
+        });
+    } catch (error) {
+        log(error);
+        res.status(500).json({
+            message: '[ERROR] - PATCH USER ERROR',
+            error
+        });
+    }
+    
 }
 /**
  * Handles a DELETE request for deleting a
@@ -158,21 +184,6 @@ const delete_user = async (req = request, res = response) => {
         });
     }
 }
-/**
- * Handles a PATCH request for updating a user
- * and returns a JSON response with a success message and an empty data object.
- * @param [req] - The `req` parameter represents the request object, which contains information about
- * the incoming HTTP request such as headers, query parameters, and request body.
- * @param [res] - The `res` parameter is the response object that is used to send a response back to
- * the client. It contains methods and properties that allow you to control the response, such as
- * `json()` which is used to send a JSON response.
- */
-const patch_user = (req = reques, res = response) => {
-    res.json({
-        message: 'PATCH - USER SUCCESS',
-        data: {}
-    });
-}
 
 module.exports = {
     get_users,

helpers/db-validators.js

@@ -1,11 +1,21 @@
 const Role = require("../models/role");
 
+/**
+ * Checks if a given role exists in the database and throws an error if it
+ * does not.
+ * @param [role] - The `role` parameter is a string that represents the role that needs to be
+ * validated.
+ */
 const validate_rol = async (role = '') => {
     const if_exist = await Role.findOne({ role });
     if (!if_exist) {
         throw new Error(`${role} is not register`);
     }
 }
+/**
+ * Checks if a user with a given ID exists and throws an error if not.
+ * @param [id] - The `id` parameter is the user ID that needs to be validated.
+ */
 const validate_user_id = async (id = '') => {
     const if_exist = await Role.findById({ id });
     if (!!!if_exist) {

helpers/encrypt.js

@@ -1,9 +1,26 @@
 const bcrypt = require('bcryptjs');
 
+/**
+ * Takes a password as input and returns the encrypted version of the
+ * password using bcrypt.
+ * @param [password] - The `password` parameter is the plain text password that you want to encrypt.
+ * @returns The encrypted password is being returned.
+ */
+const encrypt_pass = (password = '') => {
+    const salt = bcrypt.genSaltSync();
+    const encrypted_password = bcrypt.hashSync(password, salt);
+    return encrypted_password;
+};
+/**
+ * Compares a plain text password with an encrypted password using bcrypt.
+ * @param [password] - The password parameter is the plain text password that you want to compare with
+ * the encrypted password.
+ * @param [encrypted_pass] - The `encrypted_pass` parameter is the encrypted version of the password.
+ * It is typically stored in a database or some other form of persistent storage.
+ */
+const compare_pass = (password = '', encrypted_pass = '') => bcrypt.compareSync(password, encrypted_pass);
+
 module.exports = {
-    encrypt_pass: (password = '') => {
-        const salt = bcrypt.genSaltSync();
-        const encrypted_password = bcrypt.hashSync(password, salt);
-        return encrypted_password;
-    }
+    encrypt_pass,
+    compare_pass
 }

helpers/jeisonguebtoken.js

@@ -0,0 +1,29 @@
+const jwt = require("jsonwebtoken");
+const { log } = require('../helpers/log');
+const { JWTSECRET } = process.env; 
+const TOKEN_TIME = 10000;
+
+/**
+ * Generates a JSON Web Token (JWT) using a given payload and returns a
+ * promise that resolves to an object containing the token.
+ * @param [payload] - The payload parameter is the data that you want to include in the JSON Web Token
+ * (JWT). It can be any valid JSON object that you want to encode and include in the token.
+ * @returns The function `generate_jwt` returns a Promise that resolves to an object with a `token`
+ * property.
+ */
+const generate_jwt = (payload = '') => {
+    if (!!!payload) return new Error('<payload> required');
+    return new Promise((resolve, reject) => {
+        const cb = (err, t) => {
+            if (err) {
+                log(err);
+                reject('[ERROR] - Can t generate token');
+            } else resolve({ token: t });
+        }
+        jwt.sign({ __uid: payload }, JWTSECRET, { expiresIn: TOKEN_TIME}, cb);
+    });
+}
+
+module.exports = {
+    generate_jwt
+}

helpers/parse-jwt.js

@@ -1,8 +1,14 @@
 
+/**
+ * Takes a JWT token as input and returns the decoded payload as a JavaScript
+ * object.
+ * @param [token] - The `token` parameter is a string representing a JSON Web Token (JWT).
+ * @returns the parsed JSON object from the decoded base64 string.
+ */
 const parse_jwt = function(token = '') {
     let url_encrypted = token.split('.')[0];
     b64 = url_encrypted.replace('-', '+').replace('_', '/');
-    return JSON.parse(window.atob(b64));
+    return JSON.parse(window?.atob(b64));
 }
 
 module.exports = {

middelwares/email_validator.js middlewares/email_validator.js

@@ -19,10 +19,9 @@ const user_model = require('../models/user');
  */
 const validate_fields = (req, res, next) => {
     const error = validationResult(req);
-    if (!!error.isEmpty()) {
+    if (!!!error.isEmpty()) {
         return res.status(400).json({
-            message: 'ERROR',
-            data: {},
+            message: '[ERROR] -<validate-fields>',
             error
         });
     }

middlewares/jwt.middleware.js

@@ -0,0 +1,44 @@
+const { response } = require('express');
+const { log } = require('../helpers/log');
+const jwt = require('jsonwebtoken');
+const { JWTSECRET } = process.env;
+const user_model = require('../models/user');
+
+/**
+ * Validate a JSON Web Token (JWT) in the `x-token` header of a
+ * request, and if valid, allows the request to proceed to the next middleware or route handler.
+ * @param req - The `req` parameter is the request object that contains information about the incoming
+ * HTTP request, such as headers, body, and query parameters. It is typically provided by the web
+ * framework or server handling the request.
+ * @param [res] - The `res` parameter is the response object that is used to send the response back to
+ * the client. It is an instance of the `response` object from the Express framework.
+ * @param next - The `next` parameter is a function that is used to pass control to the next middleware
+ * function in the request-response cycle. It is typically used to move to the next middleware function
+ * or to the route handler after the current middleware function has completed its task.
+ * @returns a middleware function that takes in three parameters: `req`, `res`, and `next`.
+ */
+const validate_jwt = async (req , res = response, next) => {
+    const { 'x-token': auth } = req.headers;
+    if (!!!auth) return res.status(400).json({
+        message: '[ERROR] - Invalid <header>',
+        error: 'header <x-token> undefined'
+    });
+    // validate true jwt
+    try {
+        const { _uid } = jwt.verify(auth, JWTSECRET);
+        const user_loged = await user_model.findById({ _id: _uid });
+        if (!!user_loged) req.user = user_loged;
+        req.uid = _uid;
+        next();
+    } catch (error) {
+        log(error);
+        res.status(401).json({
+            message: '[ERROR] - Invalid token',
+            error: 'Invalid <token>'
+        });
+    }
+}
+
+module.exports = {
+    validate_jwt
+}

middlewares/role.middleware.js

@@ -0,0 +1,28 @@
+const { response } = require('express');
+const { log } = require('../helpers/log');
+const ADMIN_ROLE = 'ADMIN_ROLE';
+
+const validate_admin_role = (req, res = response, next) => {
+    try {
+        const { role = '' } = req.body;
+
+        if (!!!role.includes(ADMIN_ROLE)) {
+            return res.status(400).json({
+                message: '[ERROR] - Inavlid <role> name',
+                error: 'invalid <role> only admin'
+            });
+        }
+        next();
+
+    } catch (error) {
+        log(error);
+        res.status(500).json({
+            message: '[ERROR]- Internal Server Error',
+            error
+        });
+    }
+}
+
+module.exports = {
+    validate_admin_role
+}

models/server.js

@@ -2,6 +2,7 @@ const express = require('express');
 const { log } = require('../helpers/log');
 const cors = require('cors');
 const { connection_mongodb } = require('../database/config');
+const { validate_jwt } = require('../middlewares/jwt.middleware');
 const { ROOT_PATH_API } = process?.env;
 
 class Server {

models/user.js

@@ -31,8 +31,8 @@ const user_schema = new Schema({
 });
 
 user_schema.methods.toJSON = function () {
-    const { password, __v,...user } = this.toObject();
-    return user;
+    const { password, __v, _id,...user } = this.toObject();
+    return { ...user, _uid: _id };
 }
 
 module.exports = model('User', user_schema);