Merge branch 'obtain_access_token_feature' into refresh_access_token

2024-03-08 17:05:45 +03:00
parent 7e64d9d17b c2b5330827
commit bf8d676c83
10 changed files with 57 additions and 63 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -12,3 +12,10 @@ RATE_LIMIT_MAX_REQUESTS=10
 DB=foobar.db

 START_WITH_STUDIO=false
+
+TOKEN_SECRET=ABCD23DCAA
+ACCESS_TOKEN_EXPIRATION_TIME=10H
+REFRESH_TOKEN_EXPIRATION_TIME=2D
+
+INITIAL_USER_USERNAME=superuser 
+INITIAL_USER_PASSWORD=hello@3245CD$
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ To run Soul in auth mode, allowing login and signup features with authorization
 Run the Soul command with the necessary parameters:

 ```
-soul --d foobar.db -a -ats <your_jwt_access_token_secret_value> -atet=4H -rts <your_jwt_refresh_token_secret_value> -rtet=3D
+soul --d foobar.db -a -ts <your_jwt_secret_value> -atet=4H -rtet=3D
 ```

 Note: When configuring your JWT Secret, it is recommended to use a long string value for enhanced security. It is advisable to use a secret that is at least 10 characters in length.
@@ -67,9 +67,8 @@ Note: When configuring your JWT Secret, it is recommended to use a long string v
 In this example:

 The `-a` flag instructs Soul to run in auth mode.
-The `-ats` flag allows you to pass a JWT secret value for the `access token` generation and verification. Replace <your_jwt_access_token_secret_value> with your desired secret value.
+The `-ts` flag allows you to pass a JWT secret value for the `access and refresh tokens` generation and verification. Replace <your_jwt\_\_secret_value> with your desired secret value.
 The `-atet` flag sets the JWT expiration time for the access token. In this case, it is set to four hours (4H), meaning the token will expire after 4 hours.
-The `-rts` flag allows you to pass a JWT secret value for the `refresh token` generation and verification. Replace <your_jwt_refresh_token_secret_value> with your desired secret value.
 Teh `-rtet` flag sets the JWT expiration time for the refresh token. In this case, it is set to three days (3D), meaning the token will expire after 3 days.

 Here are some example values for the `-atet` and `rtet` flags
@@ -78,7 +77,7 @@ Here are some example values for the `-atet` and `rtet` flags
 - 5H: Represents a duration of 5 hours.
 - 1D: Represents a duration of 1 day.

-NOTE: It is crucial to securely store a copy of the `Access token secret` and `Refresh token secret` values used in Soul. Once you pass this values, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret values can result in a situation where all of your users are blocked from accessing Soul.
+NOTE: It is crucial to securely store a copy of the `-ts`(`Token Secret`) value used in Soul. Once you pass this values, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret values can result in a situation where all of your users are blocked from accessing Soul.

 ### 3. Updating Super Users

--- a/src/cli.js
+++ b/src/cli.js
@@ -53,9 +53,9 @@ if (process.env.NO_CLI !== 'true') {
      default: false,
      demandOption: false,
    })
-    .options('ats', {
-      alias: 'accesstokensecret',
-      describe: 'JWT secret for access token',
+    .options('ts', {
+      alias: 'tokensecret',
+      describe: 'JWT secret for the access and refresh tokens',
      type: 'string',
      default: null,
      demandOption: false,
@@ -67,13 +67,6 @@ if (process.env.NO_CLI !== 'true') {
      default: '5H',
      demandOption: false,
    })
-    .options('rts', {
-      alias: 'refreshtokensecret',
-      describe: 'JWT secret for refresh token',
-      type: 'string',
-      default: null,
-      demandOption: false,
-    })
    .options('rtet', {
      alias: 'refreshtokenexpirationtime',
      describe: 'JWT expiration time for refresh token',
--- a/src/config/index.js
+++ b/src/config/index.js
@@ -30,9 +30,8 @@ const envVarsSchema = Joi.object()

    START_WITH_STUDIO: Joi.boolean().default(false),

-    ACCESS_TOKEN_SECRET: Joi.string().default(null),
+    TOKEN_SECRET: Joi.string().default(null),
    ACCESS_TOKEN_EXPIRATION_TIME: Joi.string().default('5H'),
-    REFRESH_TOKEN_SECRET: Joi.string().default(null),
    REFRESH_TOKEN_EXPIRATION_TIME: Joi.string().default('3D'),
  })
  .unknown();
@@ -65,18 +64,14 @@ if (argv['rate-limit-enabled']) {
  env.RATE_LIMIT_ENABLED = argv['rate-limit-enabled'];
 }

-if (argv.accesstokensecret) {
-  env.ACCESS_TOKEN_SECRET = argv.accesstokensecret;
+if (argv.tokensecret) {
+  env.TOKEN_SECRET = argv.tokensecret;
 }

 if (argv.accesstokenexpirationtime) {
  env.ACCESS_TOKEN_EXPIRATION_TIME = argv.accesstokenexpirationtime;
 }

-if (argv.refreshtokensecret) {
-  env.REFRESH_TOKEN_SECRET = argv.refreshtokensecret;
-}
-
 if (argv.refreshtokenexpirationtime) {
  env.REFRESH_TOKEN_EXPIRATION_TIME = argv.refreshtokenexpirationtime;
 }
@@ -108,10 +103,9 @@ module.exports = {
  },

  auth: argv.auth || envVars.AUTH,
-  accessTokenSecret: argv.accesstokensecret || envVars.ACCESS_TOKEN_SECRET,
+  tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET,
  accessTokenExpirationTime:
    argv.accesstokenexpirationtime || envVars.ACCESS_TOKEN_EXPIRATION_TIME,
-  refreshTokenSecret: argv.refreshtokensecret || envVars.REFRESH_TOKEN_SECRET,
  refreshTokenExpirationTime:
    argv.refreshtokenexpirationtime || envVars.REFRESH_TOKEN_EXPIRATION_TIME,

--- a/src/constants/api.js
+++ b/src/constants/api.js
@@ -1,3 +1,9 @@
 module.exports = {
  defaultRoutes: ['_users', '_roles', '_roles_permissions', '_users_roles'],
+  DEFAULT_PAGE_LIMIT: 10,
+  DEFAULT_PAGE_INDEX: 0,
+  PASSWORD: {
+    TOO_WEAK: 'Too weak',
+    WEAK: 'Weak',
+  },
 };
--- a/src/controllers/auth.js
+++ b/src/controllers/auth.js
@@ -1,6 +1,4 @@
-const { tableService } = require('../services');
-const { rowService } = require('../services');
-const { dbTables, constantRoles } = require('../constants');
+const { tableService, rowService } = require('../services');
 const config = require('../config');
 const {
  hashPassword,
@@ -10,6 +8,8 @@ const {
  decodeToken,
 } = require('../utils');

+const { dbTables, constantRoles, apiConstants } = require('../constants');
+
 const createDefaultTables = async () => {
  let roleId;

@@ -90,28 +90,31 @@ const updateSuperuser = async (fields) => {

  try {
    // find the user by using the id field
-    let user = rowService.get({
+    const users = rowService.get({
      tableName: '_users',
      whereString: 'WHERE id=?',
      whereStringValues: [id],
    });

    // abort if the id is invalid
-    if (user.length === 0) {
+    if (users.length === 0) {
      console.log('The user id you passed does not exist in the database');
      process.exit(1);
    }

-    user = user[0];
-
    // check if the is_superuser field is passed
    if (is_superuser !== undefined) {
-      fieldsString = `is_superuser = '${is_superuser}', `;
+      fieldsString = `is_superuser = '${is_superuser}'`;
    }

    // if the password is sent from the CLI, update it
    if (password) {
-      if (password.length < 8) {
+      // check if the password is weak
+      if (
+        [apiConstants.PASSWORD.TOO_WEAK, apiConstants.PASSWORD.WEAK].includes(
+          checkPasswordStrength(password),
+        )
+      ) {
        console.log('Your password should be at least 8 charachters long');
        process.exit(1);
      }
@@ -120,7 +123,10 @@ const updateSuperuser = async (fields) => {
      const { hashedPassword, salt } = await hashPassword(password, 10);
      newHashedPassword = hashedPassword;
      newSalt = salt;
-      fieldsString += `hashed_password = '${newHashedPassword}', salt = '${newSalt}'`;
+
+      fieldsString = `${
+        fieldsString ? fieldsString + ', ' : ''
+      }hashed_password = '${newHashedPassword}', salt = '${newSalt}'`;
    }

    // update the user
@@ -156,7 +162,11 @@ const registerUser = async (req, res) => {
    }

    // check if the password is weak
-    if (['Too weak', 'Weak'].includes(checkPasswordStrength(password))) {
+    if (
+      [apiConstants.PASSWORD.TOO_WEAK, apiConstants.PASSWORD.WEAK].includes(
+        checkPasswordStrength(password),
+      )
+    ) {
      return res.status(400).send({
        message: 'This password is weak, please use another password',
      });
@@ -165,7 +175,7 @@ const registerUser = async (req, res) => {
    // hash the password
    const { salt, hashedPassword } = await hashPassword(password, 10);

-    // // create the user
+    // create the user
    const newUser = rowService.save({
      tableName: '_users',
      fields: {
@@ -180,7 +190,7 @@ const registerUser = async (req, res) => {
    let defaultRole = rowService.get({
      tableName: '_roles',
      whereString: 'WHERE name=?',
-      whereStringValues: ['default'],
+      whereStringValues: [constantRoles.DEFAULT_ROLE],
    });

    if (defaultRole.length <= 0) {
@@ -246,14 +256,14 @@ const obtainAccessToken = async (req, res) => {
    // generate an access token
    const accessToken = await generateToken(
      { subject: 'accessToken', ...payload },
-      config.accessTokenSecret,
+      config.tokenSecret,
      config.accessTokenExpirationTime,
    );

    // generate a refresh token
    const refreshToken = await generateToken(
      { subject: 'refreshToken', ...payload },
-      config.refreshTokenSecret,
+      config.tokenSecret,
      config.refreshTokenExpirationTime,
    );

--- a/src/controllers/rows.js
+++ b/src/controllers/rows.js
@@ -1,12 +1,6 @@
 const db = require('../db/index');
 const { rowService } = require('../services');

-// const quotePrimaryKeys = (pks) => {
-//   const primaryKeys = pks.split(',');
-//   const quotedPks = primaryKeys.map((id) => `'${id}'`).join(',');
-//   return quotedPks;
-// };
-
 const operators = {
  eq: '=',
  lt: '<',
@@ -327,13 +321,6 @@ const listTableRows = async (req, res, next) => {
          }`
        : null;

-    // res.json({
-    //   data,
-    //   total,
-    //   next: nextPage,
-    //   previous
-    // });
-
    req.response = {
      status: 200,
      payload: { data, total, next: nextPage, previous },
@@ -598,10 +585,6 @@ const getRowInTableByPK = async (req, res, next) => {
        error: 'not_found',
      });
    } else {
-      // res.json({
-      //   data
-      // });
-
      req.response = { status: 200, payload: { data } };
      next();
    }
--- a/src/middlewares/api.js
+++ b/src/middlewares/api.js
@@ -8,7 +8,7 @@ const processRequest = async (req, res, next) => {

  // If the user sends a request when auth is set to false, throw an error
  if (apiConstants.defaultRoutes.includes(resource) && !config.auth) {
-    return res.status(401).send({
+    return res.status(403).send({
      message: 'You can not access this endpoint while AUTH is set to false',
    });
  }
--- a/src/services/rowService.js
+++ b/src/services/rowService.js
@@ -1,3 +1,5 @@
+const { apiConstants } = require('../constants');
+
 module.exports = (db) => {
  return {
    get(data) {
@@ -10,8 +12,8 @@ module.exports = (db) => {
      const statement = db.prepare(query);
      const result = statement.all(
        ...data.whereStringValues,
-        data.limit || 10,
-        data.page || 0,
+        data.limit || apiConstants.DEFAULT_PAGE_LIMIT,
+        data.page || apiConstants.DEFAULT_PAGE_INDEX,
      );

      return result;
--- a/src/swagger/swagger.json
+++ b/src/swagger/swagger.json
@@ -242,8 +242,8 @@
          "400": {
            "description": "Bad Request"
          },
-          "401": {
-            "description": "Unauthorized"
+          "403": {
+            "description": "Forbidden"
          }
        }
      },
@@ -281,8 +281,8 @@
              "$ref": "#/definitions/InsertRowErrorResponse"
            }
          },
-          "401": {
-            "description": "Unauthorized"
+          "403": {
+            "description": "Forbidden"
          }
        }
      }