feat: both nest and next backends

back-express/src/app.ts

@@ -0,0 +1,33 @@
+import express from "express";
+import config from "./config";
+import cors from "cors";
+import { routes } from "./modules";
+import { authorizationMiddleware } from "./modules/auth/auth.middleware";
+
+const app = express();
+const port = config.port;
+
+if (config.enableCors) {
+  app.use(cors());
+}
+
+app.use(express.json());
+
+// Global middleware
+app.use(authorizationMiddleware as any); // TODO: move out of here
+app.use((req, _res, next) => {
+  console.log(`LOG: new ${req.method} request for ${req.url}`);
+  next();
+});
+
+// Route specific middleware
+app.use("/example", (req, _res, next) => {
+  console.log(`LOG: new ${req.method} example request for ${req.url}`);
+  next();
+});
+
+app.use(config.baseRoute, routes); // / serves as the base for the imported routes
+
+app.listen(port, () => {
+  console.log(`Server running at http://localhost:${port}`);
+});

back-express/src/config.ts

@@ -0,0 +1,11 @@
+import { configDotenv } from "dotenv";
+
+configDotenv();
+
+const config = {
+  enableCors: true,
+  port: process.env.PORT || 3000,
+  baseRoute: "/api/v1",
+};
+
+export default config;

back-express/src/db.ts

@@ -0,0 +1,26 @@
+import mysql, { QueryError } from "mysql2/promise";
+import { ResponseError } from "./utils/response/response-error.model";
+
+const db_pool = mysql.createPool({
+  host: process.env.DB_HOST ?? "localhost",
+  port: parseInt(process.env.DB_PORT ?? "3307"),
+  user: process.env.DB_USERNAME ?? "dbuser",
+  password: process.env.DB_PASSWORD ?? "securepassword",
+  database: process.env.DB_MAIN ?? "path",
+});
+
+async function DB_Query<T>(query: string): Promise<Partial<T>[]> {
+  try {
+    const [results, _fields] = await db_pool.query(query);
+    return results as T[];
+  } catch (e) {
+    const queryError = e as QueryError;
+    throw new ResponseError({
+      code: queryError.code,
+      number: queryError.errno,
+      detail: queryError.message,
+    });
+  }
+}
+
+export { db_pool as db_connection, DB_Query as db_query };

back-express/src/modules/auth/auth.constants.ts

@@ -0,0 +1 @@
+export const AUTH_KEY_SIZE = 30;

back-express/src/modules/auth/auth.middleware.ts

@@ -0,0 +1,85 @@
+import { NextFunction, Request, Response } from "express";
+import { authService } from "./auth.routes";
+import { Role } from "../users/users.types";
+import { ResponseError } from "../../utils/response/response-error.model";
+import config from "../../config";
+
+async function authorization(req: Request, res: Response, next: NextFunction) {
+  const resource = req.url.replace(config.baseRoute, "");
+  const isPublic = authorizationTable.some((permission) => {
+    const regex = new RegExp(permission.resource);
+    return (
+      regex.test(resource) &&
+      permission.actions.includes(req.method as HttpMethod) &&
+      permission.roles.includes(Role.Public)
+    );
+  });
+
+  if (isPublic) {
+    return next();
+  }
+
+  const authHeader = req.get("authorization");
+  const token = authHeader?.split(" ")[1];
+
+  if (token == null) {
+    res.status(401);
+    return res.send(new ResponseError(401));
+  }
+
+  const user = authService.verifyToken(token);
+  if (user && user instanceof Object) {
+    const authorized = authorizationTable.some((permission) => {
+      const regex = new RegExp(permission.resource);
+      return (
+        regex.test(resource) &&
+        permission.roles.some((role) => user.roles.includes(role)) &&
+        permission.actions.includes(req.method as HttpMethod)
+      );
+    });
+    if (authorized) {
+      return next();
+    }
+  }
+  res.status(401);
+  return res.send(new ResponseError(401));
+}
+
+type HttpMethod =
+  | "GET"
+  | "POST"
+  | "PUT"
+  | "DELETE"
+  | "PATCH"
+  | "OPTIONS"
+  | "HEAD";
+type Permissions = {
+  roles: Array<Role>;
+  resource: string;
+  actions: Array<HttpMethod>;
+};
+
+const authorizationTable: Permissions[] = [
+  {
+    roles: [Role.Public],
+    resource: "^/auth.*", // begins with /auth (is auth would be ^\/auth$)
+    actions: ["POST"],
+  },
+  {
+    roles: [Role.Admin],
+    resource: "^/users.*",
+    actions: ["GET", "PUT", "POST", "DELETE"],
+  },
+  {
+    roles: [Role.User],
+    resource: "^/users.*",
+    actions: ["GET"],
+  },
+  {
+    roles: [Role.Public],
+    resource: "^/example.*",
+    actions: ["GET", "OPTIONS"],
+  },
+];
+
+export { authorization as authorizationMiddleware };

back-express/src/modules/auth/auth.routes.ts

@@ -0,0 +1,33 @@
+import { Router } from "express";
+import { userService } from "../users/users.routes";
+import { AuthService } from "./auth.service";
+import { ResponseError } from "../../utils/response/response-error.model";
+
+export const authRoutes = Router();
+
+const authService = new AuthService(userService);
+
+authRoutes.post("/login", async (req, res) => {
+  try {
+    if (!req.body) {
+      res.status(400);
+      res.send(new ResponseError(400));
+    }
+    const token = await authService.signIn(
+      req.body.username,
+      req.body.password,
+    );
+    if (token) {
+      res.status(200);
+      res.send({ access_token: token });
+    } else {
+      res.status(401);
+      res.send(new ResponseError(401));
+    }
+  } catch (e) {
+    res.status(500);
+    res.send(e);
+  }
+});
+
+export { authService };

back-express/src/modules/auth/auth.service.ts

@@ -0,0 +1,51 @@
+import { sign, verify } from "jsonwebtoken";
+import UsersService from "../users/users.service";
+import { compare } from "bcrypt";
+import { generateRandomString } from "./auth.utils";
+import { AUTH_KEY_SIZE } from "./auth.constants";
+import { Role } from "../users/users.types";
+
+export class AuthService {
+  private secret_key: string;
+  constructor(private usersService: UsersService) {
+    this.secret_key = generateRandomString(AUTH_KEY_SIZE);
+  }
+
+  async signIn(username: string, password: string) {
+    const user = await this.usersService.getUserByUsername(username);
+
+    if (!user) {
+      return null;
+    }
+
+    const isSamePasswd = await compare(`${password}`, `${user?.password}`);
+
+    if (!isSamePasswd) return null;
+
+    const payload = {
+      sub: user.id,
+      username: user.username,
+      roles: user.roles,
+      picture: user.picture,
+    };
+
+    const token = sign(payload, this.secret_key, { expiresIn: 60 * 60 });
+    return token;
+  }
+
+  verifyToken(jwt: string) {
+    const token = jwt.split(".")[1];
+    if (!token) return false;
+    try {
+      const payload = verify(jwt, this.secret_key);
+      if (payload instanceof Object)
+        return {
+          username: payload.username as string,
+          roles: payload.roles as Role[],
+        };
+      else return false;
+    } catch (e) {
+      return false;
+    }
+  }
+}

back-express/src/modules/auth/auth.utils.ts

@@ -0,0 +1,6 @@
+function generateRandomString(size: number) {
+  const value = Math.random() * Math.pow(10, size);
+  return btoa(value.toString());
+}
+
+export { generateRandomString };

back-express/src/modules/default.route.ts

@@ -0,0 +1,8 @@
+import { Router } from "express";
+
+export const defaultRoute = Router();
+
+defaultRoute.get("/", (_, res) => {
+  res.send("Nothing to see here");
+  res.status(200);
+});

back-express/src/modules/example/example.routes.ts

@@ -0,0 +1,40 @@
+import { Router } from "express";
+
+import ExampleService from "./example.service";
+import { ResponseSuccess } from "../../utils/response/response-success.model";
+import { ResponseError } from "../../utils/response/response-error.model";
+
+export const exampleRoutes = Router();
+
+const exampleService = new ExampleService();
+
+exampleRoutes.get("/", async (_, res) => {
+  try {
+    const response = await exampleService.getAllExamples();
+    res.status(200);
+    res.send(new ResponseSuccess(response));
+  } catch (e) {
+    res.status(500);
+    res.send(e);
+  }
+});
+
+exampleRoutes.get("/:id", async (req, res) => {
+  try {
+    const response = await exampleService.getExampleById(
+      parseInt(req.params.id),
+    );
+    if (response) {
+      res.status(200);
+      res.send(new ResponseSuccess(response));
+    } else {
+      res.status(404);
+      res.send(new ResponseError({ code: "NOT_FOUND", number: 404 }));
+    }
+  } catch (e) {
+    res.status(500);
+    res.send(e);
+  }
+});
+
+export { exampleService };

back-express/src/modules/example/example.service.ts

@@ -0,0 +1,23 @@
+import { db_query } from "../../db";
+import { Example } from "./example.types";
+
+class ExampleService {
+  constructor(private info?: string) {}
+
+  async getAllExamples(): Promise<Example[]> {
+    const examples = await db_query("select * from example");
+    return examples as Example[];
+  }
+
+  async getExampleById(id: number): Promise<Example | null> {
+    const example = await db_query(
+      `select * from example as example WHERE id = ${id};`,
+    );
+    if (example.length) {
+      return example[0] as Example;
+    }
+    return null;
+  }
+}
+
+export default ExampleService;

back-express/src/modules/example/example.types.ts

@@ -0,0 +1,7 @@
+export type Example = {
+  id: number;
+  name: string;
+  description: string;
+  image: string;
+  created_at: string;
+};

back-express/src/modules/index.ts

@@ -0,0 +1,16 @@
+import express from "express";
+
+import { defaultRoute } from "./default.route";
+import { userRoutes } from "./users/users.routes";
+import { authRoutes } from "./auth/auth.routes";
+import { exampleRoutes } from "./example/example.routes";
+
+export const routes = express.Router();
+
+/*
+ * Routes
+ * */
+routes.use("/", defaultRoute);
+routes.use("/users", userRoutes);
+routes.use("/auth", authRoutes);
+routes.use("/example", exampleRoutes);

back-express/src/modules/users/users.routes.ts

@@ -0,0 +1,39 @@
+import { Router } from "express";
+import UsersService from "./users.service";
+import { sanitize_user } from "./users.utils";
+import { ResponseSuccess } from "../../utils/response/response-success.model";
+import { ResponseError } from "../../utils/response/response-error.model";
+
+export const userRoutes = Router();
+
+const userService = new UsersService();
+
+//TODO: block access to NON-admins or simply comment
+userRoutes.get("/", async (_, res) => {
+  try {
+    const response = await userService.getAllUsers();
+    res.status(200);
+    res.send(new ResponseSuccess(response.map((user) => sanitize_user(user))));
+  } catch (e) {
+    res.status(500);
+    res.send(e);
+  }
+});
+
+userRoutes.get("/:username", async (req, res) => {
+  try {
+    const response = await userService.getUserByUsername(req.params.username);
+    if (response) {
+      res.status(200);
+      res.send(new ResponseSuccess(sanitize_user(response)));
+    } else {
+      res.status(404);
+      res.send(new ResponseError({ code: "NOT_FOUND", number: 404 }));
+    }
+  } catch (e) {
+    res.status(500);
+    res.send(e);
+  }
+});
+
+export { userService };

back-express/src/modules/users/users.service.ts

@@ -0,0 +1,31 @@
+import { db_query } from "../../db";
+import { User } from "./users.types";
+
+class UsersService {
+  constructor() {}
+
+  async getAllUsers(): Promise<User[]> {
+    const data = await db_query("select * from user");
+    const users: User[] = data.map((user: any) => ({
+      ...user,
+      roles: user.roles.split(";"),
+    }));
+    return users;
+  }
+
+  async getUserByUsername(username: string): Promise<User | null> {
+    const data = await db_query(
+      `select * from user as user WHERE LOWER(username) = LOWER('${username}');`,
+    );
+    if (data.length) {
+      const user = {
+        ...(data[0] as User),
+        roles: (data[0] as any).roles.split(";"),
+      };
+      return user;
+    }
+    return null;
+  }
+}
+
+export default UsersService;

back-express/src/modules/users/users.types.ts

@@ -0,0 +1,17 @@
+export enum Role {
+  Public = "public",
+  User = "user",
+  Manager = "manager",
+  Admin = "admin",
+}
+
+export type User = {
+  id: number;
+  username: string;
+  password: string;
+  roles: Role[];
+  picture: string;
+  created_at: string;
+};
+
+export type UserDetailResult = Omit<User, "password">;

back-express/src/modules/users/users.utils.ts

@@ -0,0 +1,7 @@
+import { User, UserDetailResult } from "./users.types";
+
+// TODO: prettify this
+export function sanitize_user(user: User): UserDetailResult {
+  delete (user as any).password;
+  return user;
+}

back-express/src/utils/response/response-error.model.ts

@@ -0,0 +1,33 @@
+type BasicError = {
+  code: string | number;
+  number?: number;
+  detail?: string;
+  status?: number;
+  suggestion?: string;
+};
+
+const code_error_mapping: Record<number, BasicError> = {
+  400: {
+    code: "BAD REQUEST",
+    status: 400,
+  },
+  401: {
+    code: "UNAUTHORIZED",
+    status: 401,
+  },
+};
+
+export class ResponseError extends Error {
+  public error: BasicError | number;
+  constructor(
+    error: BasicError | number,
+    public timestamp: number = Date.now(),
+  ) {
+    super();
+    if (error instanceof Object) {
+      this.error = error;
+    } else {
+      this.error = code_error_mapping[error];
+    }
+  }
+}

back-express/src/utils/response/response-success.model.ts

@@ -0,0 +1,16 @@
+export class ResponseSuccess {
+  public data?: unknown;
+  public results?: unknown[];
+  public count?: number;
+
+  constructor(data: unknown) {
+    if (data instanceof Array) {
+      this.results = data;
+      this.count = data.length;
+    } else if (data instanceof Object) {
+      Object.assign(this, data);
+    } else {
+      this.data = data;
+    }
+  }
+}