Working!

Reviewed-on: #4

.drone.yml

@@ -7,9 +7,15 @@ workspace:
 
 steps:
 - name: yarn install
-  image: node:latest
+  image: node:20-bullseye-slim
+  environment:
+    YARN_VERSION: 3.5.0
   commands:
+  - yarn set version stable
   - yarn install
+  volumes:
+  - name: yarnrc
+    path: /drone/auth/.yarnrc.yml
 - name: Code Style Checks
   image: node:latest
   commands:
@@ -37,6 +43,30 @@ steps:
     status:
       - success
       - failure
+- name: Build
+  image: node:latest
+  commands:
+  - yarn build:production
+- name: Send Build Status Notifications
+  image: plugins/webhook
+  settings:
+    urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
+    content_type: application/json
+    template: |
+      {
+        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+        "text": "[{{ repo.name }} - Build # {{ build.number }}] Build package {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "username":"DroneBot"
+      }
+  when:
+    status:
+      - success
+      - failure
+
+volumes:
+- name: yarnrc
+  host:
+    path: /volume1/docker/.yarnrc.yml
 
 trigger:
   branch:
@@ -54,14 +84,26 @@ workspace:
   path: /drone/auth
 
 steps:
-- name: Publish NPM
+- name: Build
-  image: node:20-alpine
+  image: node:20-bullseye-slim
-  failure: ignore
+  environment:
+    YARN_VERSION: 3.5.0
   commands:
-    - yarn publish -t ${DRONE_TAG}
+  - yarn set version stable
+  - yarn install
+  - yarn build:production
+  volumes:
+  - name: yarnrc
+    path: /drone/auth/.yarnrc.yml
+- name: Publish NPM
+  image: node:20-bullseye-slim
+  commands:
+    - yarn npm publish
   volumes:
   - name: npmrc
     path: /drone/auth/.npmrc
+  - name: yarnrc
+    path: /drone/auth/.yarnrc.yml
 - name: Report NPM Publish Status
   image: plugins/webhook
   settings:
@@ -82,6 +124,9 @@ volumes:
 - name: npmrc
   host:
     path: /volume1/docker/beethoven/labs-auth/.npmrc
+- name: yarnrc
+  host:
+    path: /volume1/docker/.yarnrc.yml
 
 depends_on:
   - Test Pipeline

.eslintrc.js

@@ -0,0 +1,19 @@
+/* eslint-env node */
+module.exports = {
+    extends: [
+        'eslint:recommended',
+        'plugin:@typescript-eslint/recommended',
+        'plugin:import/errors',
+        'plugin:prettier/recommended',
+        'prettier',
+    ],
+    parser: '@typescript-eslint/parser',
+    plugins: ['@typescript-eslint'],
+    settings: {
+        'import/parsers': {
+            '@typescript-eslint/parser': ['.ts', '.tsx'],
+        },
+        'import/resolver': 'typescript',
+    },
+    root: true,
+};

.gitignore

@@ -130,3 +130,6 @@ dist
 .yarn/install-state.gz
 .pnp.*
 
+# Project
+lib/
+

.npmignore

@@ -0,0 +1,10 @@
+.build.yarnrc.yml
+.drone.yml
+.eslintrc*
+.npmrc
+.prettierrc*
+.yarnrc.yml
+babel.config.*
+jest.config.*
+tsconfig*.json
+tslint.json

.prettierrc.js

@@ -0,0 +1,7 @@
+module.exports = {
+    parser: 'typescript',
+    printWidth: 120,
+    trailingComma: 'all',
+    tabWidth: 4,
+    singleQuote: true,
+};

.yarnrc.yml

@@ -1 +1,3 @@
 nodeLinker: node-modules
+
+yarnPath: .yarn/releases/yarn-3.5.1.cjs

lib/api/authenticate.ts

@@ -1,17 +0,0 @@
-import { Auth, Log } from '..';
-import { Action } from '../constants/action';
-import { getLoginToken } from '../utils/getLoginToken';
-
-export const authenticate = async (username: string, password: string) => {
-    const doc = await Auth.findByUsername(username).catch();
-    if (!!doc && (await doc.authenticate(password))) {
-        Log.add(doc.id, Action.AUTHENTICATE);
-        return { ...doc, token: getLoginToken(doc) };
-    }
-
-    if (doc) {
-        Log.add(doc.id, Action.AUTHENTICATE_FAILURE);
-    }
-
-    return false;
-};

lib/constants/action.ts

@@ -1,9 +0,0 @@
-export enum Action {
-    AUTHENTICATE = 'AUTHENTICATE',
-    AUTHENTICATE_FAILURE = 'AUTHENTICATE_FAILURE',
-    CREATE = 'CREATE',
-    DELETE = 'DELETE',
-    RESET = 'RESET',
-    RESET_REQUEST = 'RESET_REQUEST',
-    UPDATE = 'UPDATE',
-}

lib/constants/auth.ts

@@ -1,8 +0,0 @@
-export enum Status {
-    ACTIVE,
-    BLOCK_HARD,
-    BLOCK_SOFT,
-    DELETED,
-    INACTIVE,
-    UNVERIFIED,
-}

lib/constants/env.ts

@@ -1,20 +0,0 @@
-export const PACKAGE_NAME = '@mifi/auth';
-export const PORT = process.env.PORT || 9000;
-
-export const SESSION_KEY = process.env.SESSION_KEY || 'secret-key';
-
-export const JWT_AUDIENCE = process.env.JWT_AUDIENCE || 'mifi.dev';
-export const JWT_ISSUER = process.env.JWT_ISSUER || PACKAGE_NAME;
-export const JWT_SECRET = process.env.JWT_SECRET || 'secret';
-
-export const LOGIN_VALID_TIMEOUT = process.env.LOGIN_VALID_TIMEOUT || '12h'; // ###d|h|m
-export const RESET_VALID_TIMEOUT = process.env.RESET_VALID_TIMEOUT || '15m'; // ###d|h|m
-export const VERIFY_VALID_TIMEOUT = process.env.VERIFY_VALID_TIMEOUT || '60d'; // ###d|h|m
-export const DEFAULT_TOKEN_DAYS = process.env.DEFAULT_TOKEN_DAYS || 365;
-
-export const ROUTE_PREFIX = process.env.ROUTE_PREFIX || '/auth';
-export const LOGIN_ROUTE = process.env.LOGIN_ROUTE || '/login';
-export const RESET_ROUTE = process.env.RESET_ROUTE || '/reset';
-export const VERIFICATION_ROUTE = process.env.VERIFICATION_ROUTE || '/verification';
-
-export const REQUIRE_VERIFICATION = process.env.REQUIRE_VERIFICATION || true;

lib/constants/errors.ts

@@ -1,12 +0,0 @@
-export enum ErrorCodes {
-    RESET_REQUEST_DATA = 'RESET_REQUEST_DATA',
-}
-
-export const ErrorMessages = {
-    [ErrorCodes.RESET_REQUEST_DATA]: 'A valid username and password must be provided',
-};
-
-export const getErrorBody = (code: ErrorCodes) => ({
-    code,
-    message: ErrorMessages[code],
-});

lib/constants/strategies.ts

@@ -1,7 +0,0 @@
-export enum STRATEGIES {
-    LOCAL,
-    APPLE,
-    FACEBOOK,
-    FIDO2,
-    GOOGLE,
-}

lib/constants/tokens.ts

@@ -1,4 +0,0 @@
-export enum TokenType {
-    RESET = 'RESET',
-    VERIFICATION = 'VERIFICATION',
-}

lib/dao/create.ts

@@ -1,37 +0,0 @@
-import { DatabaseError } from '@mifi/services-common/lib/domain/errors/DatabaseError';
-
-import { Auth, Log, Strategy, Token } from '..';
-import { Auth as AuthProps } from '../schema/auth';
-import { STRATEGIES } from '../constants/strategies';
-import { REQUIRE_VERIFICATION } from '../constants/env';
-import { TokenType } from '../constants/tokens';
-import { Status } from '../constants/auth';
-import { Action } from '../constants/action';
-
-export const create = async ({ record, username, password }: AuthProps & { password: string }) => {
-    const status = REQUIRE_VERIFICATION ? Status.UNVERIFIED : Status.ACTIVE;
-    const doc = await Auth.create({
-        record,
-        status,
-        username,
-    }).catch((err) => {
-        throw new DatabaseError('failed to create user', { err });
-    });
-    if (doc) {
-        const strategy = await Strategy.create({ method: STRATEGIES.LOCAL, key: password, parent: doc._id }).catch(
-            (err) => {
-                throw new DatabaseError('failed to create strategy', { err });
-            },
-        );
-        if (strategy) {
-            doc.strategies.push(strategy._id);
-            await doc.save();
-            Log.add(doc._id, Action.CREATE);
-            return { doc, token: REQUIRE_VERIFICATION && (await Token.getToken(TokenType.VERIFICATION, doc._id)) };
-        }
-        await doc.deleteOne((err) => {
-            throw new DatabaseError('failed to remove invalid auth record', { err, doc });
-        });
-    }
-    return null;
-};

lib/dao/deleteById.ts

@@ -1,15 +0,0 @@
-import { StringSchemaDefinition } from 'mongoose';
-
-import { Auth, Log, Strategy, Token } from '..';
-import { Status } from '../constants/auth';
-import { Action } from '../constants/action';
-
-export const deleteById = async (id: StringSchemaDefinition) => {
-    if (await Auth.findByIdAndUpdate(id, { status: Status.DELETED, strategies: [] }).catch()) {
-        await Strategy.deleteMany({ parent: id });
-        await Token.deleteMany({ auth: id });
-        Log.add(id, Action.DELETE);
-        return true;
-    }
-    return false;
-};

lib/utils/getDefaultExpiresFor.ts

@@ -1,15 +0,0 @@
-import { LOGIN_VALID_TIMEOUT, RESET_VALID_TIMEOUT, VERIFY_VALID_TIMEOUT } from '../constants/env';
-import { TokenType } from '../constants/tokens';
-import { parseTimeoutToMs } from '../utils/parseTimeoutToMs';
-
-export const getDefaultExpiresFor = (type: TokenType | void) => {
-    if (type === TokenType.RESET) {
-        return Date.now() + parseTimeoutToMs(RESET_VALID_TIMEOUT);
-    }
-
-    if (type === TokenType.VERIFICATION) {
-        return Date.now() + parseTimeoutToMs(VERIFY_VALID_TIMEOUT);
-    }
-
-    return Date.now() + parseTimeoutToMs(LOGIN_VALID_TIMEOUT);
-};

lib/utils/getLoginToken.ts

@@ -1,11 +0,0 @@
-import { sign } from '../utils/jwt';
-import { LOGIN_VALID_TIMEOUT } from '../constants/env';
-import { parseTimeoutToMs } from '../utils/parseTimeoutToMs';
-import { AuthDocument } from '../schema/auth';
-
-export const getLoginToken = ({ record: sub, status }: AuthDocument) =>
-    sign({
-        sub: <string>sub,
-        status,
-        exp: Date.now() + parseTimeoutToMs(LOGIN_VALID_TIMEOUT),
-    });

lib/utils/jwt.ts

@@ -1,35 +0,0 @@
-import jwt from 'jsonwebtoken';
-import { JWT_AUDIENCE, JWT_ISSUER, JWT_SECRET } from '../constants/env';
-export interface TokenProps {
-    aud?: string;
-    exp?: number | Date;
-    iss?: string;
-    sub: string | null;
-    [key: string]: any;
-}
-
-export type SignProps = string | TokenProps | void;
-
-export const sign = (props: SignProps) => {
-    const today = new Date();
-    const { sub = null, ...rest }: TokenProps =
-        typeof props === 'string' || typeof props === 'undefined' ? { sub: props || null } : props;
-    let { exp } = rest;
-    if (!exp) {
-        exp = new Date(today);
-        exp.setDate(today.getDate() + parseInt(process.env.JWT_DAYS_VALID as string));
-        exp = exp.getTime() / 1000;
-    }
-    return jwt.sign(
-        {
-            exp,
-            sub,
-            aud: rest.aud || JWT_AUDIENCE,
-            iat: today.getTime(),
-            iss: rest.iss || JWT_ISSUER,
-        },
-        JWT_SECRET,
-    );
-};
-
-export const verify = (token: string) => jwt.verify(token, JWT_SECRET);

lib/utils/links.ts

@@ -1,5 +0,0 @@
-import { RESET_ROUTE, ROUTE_PREFIX, VERIFICATION_ROUTE } from '../constants/env';
-
-export const getPasswordResetPath = (token: string) => `${ROUTE_PREFIX}${RESET_ROUTE}?t=${token}`;
-
-export const getVerificationPath = (token: string) => `${ROUTE_PREFIX}${VERIFICATION_ROUTE}?t=${token}`;

lib/utils/parseTimeoutToMs.ts

@@ -1,13 +0,0 @@
-export const parseTimeoutToMs = (timeout: string) => {
-    const match = timeout.match(/(?<number>\d+)(?<unit>d|h|m)/gi)?.groups || {};
-    const { number, unit } = match;
-    switch (unit) {
-        case 'd':
-            return 1000 * 60 * 60 * 24 * parseInt(number);
-        case 'h':
-            return 1000 * 60 * 60 * parseInt(number);
-        case 'm':
-        default:
-            return 1000 * 60 * parseInt(number) || 1;
-    }
-};

lib/utils/tokens.ts

@@ -1,11 +0,0 @@
-import { sign } from './jwt';
-import { LOGIN_VALID_TIMEOUT } from '../constants/env';
-import { Status } from '../constants/auth';
-import { parseTimeoutToMs } from './parseTimeoutToMs';
-
-export const generateLoginToken = (sub: string, status: Status) =>
-    sign({
-        sub,
-        status,
-        exp: Date.now() + parseTimeoutToMs(LOGIN_VALID_TIMEOUT),
-    });

package.json

@@ -1,16 +1,16 @@
 {
   "name": "@mifi/auth-db",
-  "version": "1.0.4",
+  "version": "1.0.20",
   "author": "mifi (Mike Fitzpatrick)",
   "license": "MIT",
   "scripts": {
     "build": "tsc",
-    "build:production": "tsc -p .",
+    "build:production": "tsc -p ./tsconfig.production.json",
     "format": "prettier:fix && lint:fix",
-    "lint": "eslint --ext .ts,.tsx lib/",
+    "lint": "eslint --ext .ts,.tsx src/",
-    "lint:fix": "eslint --fix --ext .ts,.tsx lib/",
+    "lint:fix": "eslint --fix --ext .ts,.tsx src/",
-    "prettier": "prettier --check 'lib/**/*.ts'",
+    "prettier": "prettier --check 'src/**/*.ts'",
-    "prettier:fix": "prettier --write 'lib/**/*.ts'",
+    "prettier:fix": "prettier --write 'src/**/*.ts'",
     "test": "jest --passWithNoTests"
   },
   "devDependencies": {
@@ -35,10 +35,12 @@
     "prettier-eslint": "^15.0.1",
     "prettier-eslint-cli": "^7.1.0",
     "reflect-metadata": "^0.1.13",
+    "ts-node": "^10.9.1",
     "typescript": "^4.9.5"
   },
   "dependencies": {
-    "@mifi/services-common": "1.x.x",
+    "@mifi/auth-common": "^1.0.15",
+    "@mifi/services-common": "^1.0.16",
     "dotenv": "^16.0.3",
     "jsonwebtoken": "^9.0.0",
     "mongoose": "^6.9.2"
@@ -47,5 +49,6 @@
   "repository": {
     "type": "git",
     "url": "https://git.mifi.dev/mifi/auth-db.git"
-  }
+  },
+  "packageManager": "yarn@3.5.1"
 }

src/api/authenticate.ts

@@ -0,0 +1,18 @@
+import { Action } from '@mifi/auth-common/lib/enums/action';
+import { generateLoginToken } from '@mifi/auth-common/lib/utils/generateLoginToken';
+
+import { Auth, Log } from '..';
+
+export const authenticate = async (username: string, password: string, includeToken = false) => {
+    const doc = await Auth.findByUsername(username).catch();
+    if (!!doc && (await doc.authenticate(password))) {
+        Log.add(doc.id, Action.AUTHENTICATE);
+        return { sub: doc._id, record: doc.record, token: includeToken ? generateLoginToken(doc) : undefined };
+    }
+
+    if (doc) {
+        Log.add(doc.id, Action.AUTHENTICATE_FAILURE, { ...doc });
+    }
+
+    return false;
+};

src/api/deleteStrategy.ts

@@ -1,4 +1,5 @@
 import { StringSchemaDefinition } from 'mongoose';
+
 import { Auth, Strategy } from '..';
 
 export const deleteStrategy = async (id: StringSchemaDefinition) => {

src/api/resetPasswordGet.ts

@@ -1,7 +1,8 @@
+import { Action } from '@mifi/auth-common/lib/enums/action';
+import { TokenType } from '@mifi/auth-common/lib/enums/tokens';
+
 import { readOneByUsername } from '../dao/readOneByUsername';
 import { Log, Token } from '..';
-import { TokenType } from '../constants/tokens';
-import { Action } from '../constants/action';
 
 export const resetPasswordGet = async (username: string) => {
     const doc = await readOneByUsername(username);

src/api/resetPasswordPost.ts

@@ -1,18 +1,22 @@
 import { Types } from 'mongoose';
 
-import { Log, Strategy, Token } from '..';
+import { Action } from '@mifi/auth-common/lib/enums/action';
-import { STRATEGIES } from '../constants/strategies';
+import { STRATEGIES } from '@mifi/auth-common/lib/enums/strategies';
+import { generateLoginToken } from '@mifi/auth-common/lib/utils/generateLoginToken';
+
 import { AuthDocument } from '../schema/auth';
-import { getLoginToken } from '../utils/getLoginToken';
 import { StrategyDocument } from '../schema/strategy';
-import { Action } from '../constants/action';
+import { Log, Strategy, Token } from '..';
 
 export const resetPasswordPost = async (token: string, password: string) => {
     const parentId = await Token.validateResetToken(token);
 
     if (parentId) {
         let parent: AuthDocument;
-        let strategy: StrategyDocument | null = await Strategy.findOne({ parent: parentId, method: STRATEGIES.LOCAL });
+        let strategy: StrategyDocument | null = await Strategy.findOne({
+            parent: parentId,
+            method: STRATEGIES.LOCAL,
+        });
 
         if (strategy) {
             parent = await strategy.getAuthRecord();
@@ -31,7 +35,7 @@ export const resetPasswordPost = async (token: string, password: string) => {
         }
 
         Log.add(parent._id, Action.RESET);
-        return { record: parent.record, token: getLoginToken(parent) };
+        return { record: parent.record, token: generateLoginToken(parent) };
     }
 
     return false;

src/constants/timeouts.ts

@@ -0,0 +1,4 @@
+export const LOGIN_VALID_TIMEOUT = process.env.LOGIN_VALID_TIMEOUT || '12h'; // ###d|h|m
+export const RESET_VALID_TIMEOUT = process.env.RESET_VALID_TIMEOUT || '15m'; // ###d|h|m
+export const VERIFY_VALID_TIMEOUT = process.env.VERIFY_VALID_TIMEOUT || '60d'; // ###d|h|m
+export const DEFAULT_TOKEN_DAYS = process.env.DEFAULT_TOKEN_DAYS || 365;

src/dao/auth/create.ts

@@ -0,0 +1,65 @@
+import { Action } from '@mifi/auth-common/lib/enums/action';
+import { Status } from '@mifi/auth-common/lib/enums/status';
+import { STRATEGIES } from '@mifi/auth-common/lib/enums/strategies';
+import { TokenType } from '@mifi/auth-common/lib/enums/tokens';
+import { REQUIRE_VERIFICATION } from '@mifi/auth-common/lib/settings';
+import { DatabaseError } from '@mifi/services-common/lib/domain/errors/DatabaseError';
+
+import { Auth as AuthProps } from '../../schema/auth';
+import { Auth, Log, Strategy, Token } from '../..';
+
+type CreateProps = Pick<AuthProps, 'username'> & {
+    externalId?: string;
+    handle?: AuthProps['handle'];
+    password?: string;
+    publicKey?: string;
+    record?: AuthProps['record'];
+};
+
+export const create = async ({ record, username, externalId, handle, password, publicKey }: CreateProps) => {
+    const status = REQUIRE_VERIFICATION ? Status.UNVERIFIED : Status.ACTIVE;
+    const doc = await Auth.create({
+        handle,
+        record,
+        status,
+        username,
+    }).catch((err) => {
+        throw new DatabaseError('failed to create user', { err });
+    });
+    if (doc) {
+        const method = externalId && publicKey ? STRATEGIES.FIDO2 : STRATEGIES.LOCAL;
+        const strategy = await Strategy.create({
+            externalId,
+            key: password || publicKey,
+            method,
+            parent: doc._id,
+        }).catch((err) => {
+            throw new DatabaseError(`failed to create strategy ${STRATEGIES[method]}`, { err });
+        });
+        if (strategy) {
+            doc.strategies.push(strategy._id);
+            await doc.save();
+            Log.add(doc._id, Action.CREATE);
+            return {
+                doc,
+                token:
+                    method === STRATEGIES.LOCAL &&
+                    REQUIRE_VERIFICATION &&
+                    (await Token.getToken(TokenType.VERIFICATION, doc._id)),
+            };
+        }
+        await doc.deleteOne((err) => {
+            throw new DatabaseError('failed to remove invalid auth record', {
+                err,
+                doc,
+            });
+        });
+    }
+    return null;
+};
+
+export type Fido2UserProps = Pick<AuthProps, 'handle' | 'username'> & { externalId: string; publicKey: string };
+export const createFido2User = (props: Fido2UserProps) => create(props);
+
+export type LocalUserProps = Pick<AuthProps, 'record' | 'username'> & { password: string };
+export const createLocalUser = (props: LocalUserProps) => create(props);

src/dao/auth/deleteById.ts

@@ -0,0 +1,21 @@
+import { StringSchemaDefinition } from 'mongoose';
+
+import { Action } from '@mifi/auth-common/lib/enums/action';
+import { Status } from '@mifi/auth-common/lib/enums/status';
+
+import { Auth, Log, Strategy, Token } from '../..';
+
+export const deleteById = async (id: StringSchemaDefinition) => {
+    if (
+        await Auth.findByIdAndUpdate(id, {
+            status: Status.DELETED,
+            strategies: [],
+        }).catch()
+    ) {
+        await Strategy.deleteMany({ parent: id });
+        await Token.deleteMany({ auth: id });
+        Log.add(id, Action.DELETE);
+        return true;
+    }
+    return false;
+};

src/dao/auth/readAll.ts

@@ -1,8 +1,9 @@
 import { FilterQuery } from 'mongoose';
 
-import { Auth } from '..';
+import { Status } from '@mifi/auth-common/lib/enums/status';
-import { Status } from '../constants/auth';
+
-import { AuthDocument } from '../schema/auth';
+import { Auth } from '../../model/auth';
+import { AuthDocument } from '../../schema/auth';
 
 export const readAll = async (query: FilterQuery<AuthDocument> = {}) => Auth.find(query);
 

src/dao/auth/readOneById.ts

@@ -1,5 +1,5 @@
 import { Types } from 'mongoose';
 
-import { Auth } from '..';
+import { Auth } from '../../model/auth';
 
 export const readOneById = async (id: Types.ObjectId) => Auth.findById(id);

src/dao/auth/readOneByRecord.ts

@@ -1,5 +1,5 @@
 import { Types } from 'mongoose';
 
-import { Auth } from '..';
+import { Auth } from '../../model/auth';
 
 export const readOneByRecord = async (record: Types.ObjectId) => Auth.findOne({ record });

src/dao/auth/readOneByUsername.ts

@@ -1,3 +1,3 @@
-import { Auth } from '..';
+import { Auth } from '../../model/auth';
 
 export const readOneByUsername = async (username: string) => Auth.findOne({ username });

src/dao/create.ts

@@ -0,0 +1,3 @@
+import { create } from './auth/create';
+
+export { create };

src/dao/deleteById.ts

@@ -0,0 +1,3 @@
+import { deleteById } from './auth/deleteById';
+
+export { deleteById };

src/dao/readAll.ts

@@ -0,0 +1,3 @@
+import { readAll } from './auth/readAll';
+
+export { readAll };

src/dao/readOneById.ts

@@ -0,0 +1,3 @@
+import { readOneById } from './auth/readOneById';
+
+export { readOneById };

src/dao/readOneByRecord.ts

@@ -0,0 +1,3 @@
+import { readOneByRecord } from './auth/readOneByRecord';
+
+export { readOneByRecord };

src/dao/readOneByUsername.ts

@@ -0,0 +1,3 @@
+import { readOneByUsername } from './auth/readOneByUsername';
+
+export { readOneByUsername };

src/dao/strategy/create.ts

@@ -0,0 +1,24 @@
+import { DatabaseError } from '@mifi/services-common/lib/domain/errors/DatabaseError';
+
+import { Strategy } from '../../model/strategy';
+import { Strategy as StrategyProps } from '../../schema/strategy';
+
+const create = async ({ externalId, key, method, parent, profile }: StrategyProps) =>
+    Strategy.create({
+        externalId,
+        key,
+        method,
+        parent,
+        profile,
+    }).catch((err) => {
+        throw new DatabaseError(err, {
+            externalId: externalId || null,
+            key,
+            method,
+            parent,
+            profile: profile || null,
+        });
+    });
+
+export const createFido2Strategy = (props: Omit<StrategyProps, 'profile'>) => create(props);
+export const createLocalStrategy = (props: Omit<StrategyProps, 'externalId' | 'profile'>) => create(props);

src/dao/strategy/deleteById.ts

@@ -0,0 +1,8 @@
+import { StringSchemaDefinition } from 'mongoose';
+
+import { Strategy } from '../../model/strategy';
+
+export const deleteById = async (id: StringSchemaDefinition) => {
+    const result = await Strategy.findByIdAndDelete(id).catch();
+    return !!result;
+};

src/dao/strategy/readAll.ts

@@ -0,0 +1,6 @@
+import { FilterQuery } from 'mongoose';
+
+import { Strategy } from '../../model/strategy';
+import { StrategyDocument } from '../../schema/strategy';
+
+export const readAll = async (query: FilterQuery<StrategyDocument> = {}) => Strategy.find(query);

src/dao/strategy/readOneByExternalId.ts

@@ -0,0 +1,7 @@
+import { Strategy } from '../../model/strategy';
+import { AuthDocument } from '../../schema/auth';
+
+export const readOneByExternalId = async (externalId: string, populate = false) =>
+    populate
+        ? Strategy.findOne({ externalId }).populate<{ parent: AuthDocument }>('parent')
+        : Strategy.findOne({ externalId });

src/dao/strategy/readOneById.ts

@@ -0,0 +1,5 @@
+import { Types } from 'mongoose';
+
+import { Strategy } from '../../model/strategy';
+
+export const readOneById = async (id: Types.ObjectId) => Strategy.findById(id);

src/dao/strategy/readOneByParentAndMethod.ts

@@ -0,0 +1,8 @@
+import { Types } from 'mongoose';
+
+import { STRATEGIES } from '@mifi/auth-common/lib/enums/strategies';
+
+import { Strategy } from '../../model/strategy';
+
+export const readOneByParentAndMethod = async (parent: Types.ObjectId, method: STRATEGIES) =>
+    Strategy.findOne({ method, parent });

src/schema/auth.ts

@@ -1,12 +1,14 @@
 import { Document, InferSchemaType, Model, Schema, StringSchemaDefinition, Types } from 'mongoose';
 
-import { Status } from '../constants/auth';
+import { Status } from '@mifi/auth-common/lib/enums/status';
+import { STRATEGIES } from '@mifi/auth-common/lib/enums/strategies';
+
 import { COLL_STRATEGY } from '../constants/db';
-import { STRATEGIES } from '../constants/strategies';
-import { StrategyDocument } from './strategy';
 import { verify } from '../utils/password';
+import { StrategyDocument } from './strategy';
 
 export interface Auth {
+    handle?: string;
     is2FA?: boolean;
     record: StringSchemaDefinition;
     username: string;
@@ -35,9 +37,15 @@ export interface AuthModel extends Model<AuthDocument> {
 
 export const AuthSchema = new Schema<AuthDocument, AuthModel>(
     {
+        handle: { type: String },
         is2FA: { type: Boolean, default: false },
         record: { type: Types.ObjectId, unique: true },
-        status: { type: Number, enum: Status, default: Status.UNVERIFIED, index: true },
+        status: {
+            type: Number,
+            enum: Status,
+            default: Status.UNVERIFIED,
+            index: true,
+        },
         strategies: [{ type: Types.ObjectId, ref: COLL_STRATEGY, default: [] }],
         username: { type: String, required: true, unique: true },
     },

src/schema/log.ts

@@ -1,9 +1,8 @@
 import { InferSchemaType, Model, Schema, StringSchemaDefinition, Types } from 'mongoose';
 
+import { Action } from '@mifi/auth-common/lib/enums/action';
 import { Payload } from '@mifi/services-common/lib/types/Payload';
 
-import { Action } from '../constants/action';
-
 export interface Log {
     action: Action;
     auth: StringSchemaDefinition;

src/schema/strategy.ts

@@ -1,6 +1,7 @@
 import { Document, InferSchemaType, Model, Schema, StringSchemaDefinition, Types } from 'mongoose';
 
-import { STRATEGIES } from '../constants/strategies';
+import { STRATEGIES } from '@mifi/auth-common/lib/enums/strategies';
+
 import { encrypt } from '../utils/password';
 import { COLL_AUTH } from '../constants/db';
 import { AuthDocument } from './auth';

src/schema/token.ts

@@ -1,8 +1,9 @@
 import { InferSchemaType, Model, Schema, StringSchemaDefinition, Types } from 'mongoose';
 
-import { TokenType } from '../constants/tokens';
+import { TokenType } from '@mifi/auth-common/lib/enums/tokens';
-import { getDefaultExpiresFor } from '../utils/getDefaultExpiresFor';
+import { getDefaultExpiresFor } from '@mifi/auth-common/lib/helpers/getDefaultExpiresFor';
-import { sign, verify } from '../utils/jwt';
+import { sign, verify } from '@mifi/auth-common/lib/utils/jwt';
+import { SignProps } from '@mifi/auth-common/lib/utils/jwt/sign';
 
 export interface Token {
     auth: StringSchemaDefinition;
@@ -30,7 +31,9 @@ export const TokenSchema = new Schema<Token, TokenModel>(
 
 TokenSchema.statics = {
     async cleanupExpiredTokens() {
-        const { acknowledged, deletedCount } = await this.deleteMany({ expires: { $lte: Date.now() } });
+        const { acknowledged, deletedCount } = await this.deleteMany({
+            expires: { $lte: Date.now() },
+        });
         return { success: acknowledged, deletedCount };
     },
 
@@ -40,11 +43,15 @@ TokenSchema.statics = {
             await existing.deleteOne();
         }
 
-        const doc = await this.create({ type, auth, expires: expires || getDefaultExpiresFor(type) });
+        const doc = await this.create({
+            type,
+            auth,
+            expires: expires || getDefaultExpiresFor(type),
+        });
         return sign({
             sub: `${doc._id}`,
             exp: doc.expires,
-        });
+        } as SignProps);
     },
 
     async validateResetToken(token: string) {

src/utils/password/encrypt.ts

@@ -5,8 +5,3 @@ export const encrypt = (password: string) => {
     const hash = pbkdf2Sync(password, salt, 10000, 512, 'sha512').toString('hex');
     return `${salt}:${hash}`;
 };
-
-export const verify = (test: string, secret: string) => {
-    const [salt, hash] = secret.split(':');
-    return pbkdf2Sync(test, salt, 10000, 512, 'sha512').toString('hex') === hash;
-};

src/utils/password/index.ts

@@ -0,0 +1,4 @@
+import { encrypt } from './encrypt';
+import { verify } from './verify';
+
+export { encrypt, verify };

src/utils/password/verify.ts

@@ -0,0 +1,6 @@
+import { pbkdf2Sync } from 'crypto';
+
+export const verify = (test: string, secret: string) => {
+    const [salt, hash] = secret.split(':');
+    return pbkdf2Sync(test, salt, 10000, 512, 'sha512').toString('hex') === hash;
+};

tsconfig.json

@@ -2,11 +2,16 @@
     "extends": "@tsconfig/node16/tsconfig.json",
     "compilerOptions": {
         "allowSyntheticDefaultImports": true,
+        "declaration": true,
         "experimentalDecorators": true,
         "emitDecoratorMetadata": true,
         "noImplicitAny": true,
-        "outDir": "./dist/",
+        "outDir": "lib/",
-        "rootDirs": ["lib"],
+        "rootDirs": ["./", "src/"],
-        "sourceMap": true
+        "strict": true,
-    }
+        "esModuleInterop": true,
+        "sourceMap": true,
+        "removeComments": false
+    },
+    "include": ["src"]
 }

tsconfig.production.json

@@ -0,0 +1,17 @@
+{
+    "extends": "@tsconfig/node16/tsconfig.json",
+    "compilerOptions": {
+        "allowSyntheticDefaultImports": true,
+        "declaration": true,
+        "experimentalDecorators": true,
+        "emitDecoratorMetadata": true,
+        "noImplicitAny": true,
+        "outDir": "lib/",
+        "rootDirs": ["./", "src/"],
+        "strict": true,
+        "esModuleInterop": true,
+        "sourceMap": true,
+        "removeComments": false
+    },
+    "include": ["src"]
+}