Feature/login formular

.env.sample

@@ -25,3 +25,7 @@ DB_USER="$MYSQL_USER"
 DB_PASS="$MYSQL_PASSWORD"
 DB_NAME="$MYSQL_DATABASE"
 DB_URL="mysql://$DB_USER:$DB_PASS@$DB_HOST:$DB_PORT/$DB_NAME"
+
+ACCESS_TOKEN_SECRET="Your_ACCESS_TOKEN_SECRET"
+REFRESH_TOKEN_SECRET="Your_REFRESH_TOKEN_SECRET"
+COOKIE_SECRET="Your_Cookie_secret"

.gitignore

@@ -19,11 +19,12 @@ node_modules
 
 # IDE - VSCode
 .vscode/*
-!.vscode/settings.json
+# !.vscode/settings.json
 !.vscode/tasks.json
 !.vscode/launch.json
 !.vscode/extensions.json
 
+
 # misc
 /.sass-cache
 /connect.lock
@@ -56,4 +57,5 @@ web-build/
 *-mock.*
 deployment/db/
 *-mock.*
-test.js
+test.js
+**/*.tsbuildinfo

.prettierignore

@@ -11,3 +11,4 @@ packages/frontend/mobile/ios
 packages/frontend/mobile/android
 deployment/mysql/data
 **/types/database.ts
+**/*.tsbuildinfo

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "Devdb.colorTheme": "dark"
+}

eslint.config.mjs

@@ -40,6 +40,7 @@ export default typescriptPlugin.config([
       'packages/frontend/mobile/ios',
       'packages/frontend/mobile/android',
       'deployment/mysql/data',
+      '**/*.tsbuildinfo',
     ],
   },
   {

packages/backend/api/package.json

@@ -13,13 +13,17 @@
   "dependencies": {
     "@app/backend-shared": "*",
     "@app/shared": "*",
+    "argon2": "^0.41.1",
+    "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
     "express": "^4.21.2",
+    "jose": "^6.0.10",
     "express-fileupload": "^1.5.1",
     "kysely": "^0.27.6",
     "sharp": "^0.34.1"
   },
   "devDependencies": {
+    "@types/cookie-parser": "^1.4.8",
     "@types/cors": "^2.8.17",
     "@types/express": "^5.0.0",
     "@types/express-fileupload": "^1.5.1",

packages/backend/api/src/index.ts

@@ -1,3 +1,5 @@
+/* eslint-disable @typescript-eslint/consistent-type-definitions */
+import cookieParser from 'cookie-parser';
 import cors from 'cors';
 import express from 'express';
 import fileUpload from 'express-fileupload';
@@ -15,8 +17,18 @@ const app = express();
 const HOST = process.env.BACKEND_HOST ?? 'localhost';
 const PORT = process.env.BACKEND_PORT ?? 3000;
 
+const COOKIE_SECRET = process.env.COOKIE_SECRET ?? 'secret';
+
+app.use(cookieParser(COOKIE_SECRET));
+
 app.use(express.json());
-app.use(cors());
+
+app.use(
+  cors({
+    origin: `http://${process.env.FRONTEND_HOST}:${process.env.FRONTEND_PORT}`,
+    credentials: true,
+  }),
+);
 
 app.use(fileUpload());
 app.use(
@@ -33,5 +45,12 @@ app.listen(PORT, () => {
   console.log(`Server is listening on http://${HOST}:${PORT}`);
 });
 
-export default app;
 export type * from './models/model-types';
+export default app;
+
+declare module 'Express' {
+  interface Request {
+    isAuthenticated?: boolean;
+    userId?: number;
+  }
+}

packages/backend/api/src/middlewares/login.guards.ts

@@ -0,0 +1,17 @@
+import type { NextFunction, Request, Response } from 'express';
+
+export default function loginGuards(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) {
+  if (req.isAuthenticated === true) {
+    next();
+    return;
+  }
+
+  res.json({
+    ok: false,
+  });
+  return;
+}

packages/backend/api/src/middlewares/login.middleware.ts

@@ -0,0 +1,93 @@
+import type { NextFunction, Request, Response } from 'express';
+import * as jose from 'jose';
+
+import { env } from '@app/shared';
+
+const FRONTEND_HOST = process.env.FRONTEND_HOST ?? '';
+
+env();
+
+const ACCESS_TOKEN_SECRET = process.env.ACCESS_TOKEN_SECRET;
+const accessTokenSecret = new TextEncoder().encode(ACCESS_TOKEN_SECRET);
+
+const REFRESH_TOKEN_SECRET = process.env.REFRESH_TOKEN_SECRET;
+const refreshTokenSecret = new TextEncoder().encode(REFRESH_TOKEN_SECRET);
+
+export default async function loginMiddleware(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) {
+  // Check if the request has a signed cookie named accessToken
+  const accessToken = req.signedCookies.accessToken;
+
+  if (accessToken === undefined) {
+    console.error('accessToken is missing in signed cookies');
+    res.status(401).json({ ok: false, message: 'accessToken is missing' });
+    return;
+  }
+
+  try {
+    // Verify the access token and extract the payload
+    const { payload } = await jose.jwtVerify<{ userId: number }>(
+      accessToken,
+      accessTokenSecret,
+      {
+        audience: FRONTEND_HOST,
+        issuer: FRONTEND_HOST,
+      },
+    );
+
+    // If the access token is valid:
+
+    req.isAuthenticated = true;
+    req.userId = payload.userId;
+  } catch (aterror) {
+    console.error(aterror);
+
+    // If the access token is invalid, we check if the refresh token is present
+    const refreshToken = req.signedCookies.refreshToken;
+
+    try {
+      const { payload } = await jose.jwtVerify<{ userId: number }>(
+        refreshToken,
+        refreshTokenSecret,
+        {
+          audience: FRONTEND_HOST,
+          issuer: FRONTEND_HOST,
+        },
+      );
+
+      // If the refresh token is valid, we  create a new access token and set it in the cookie
+
+      const newAccessToken = await new jose.SignJWT({
+        sub: payload.sub,
+        userId: payload.userId,
+      })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setIssuedAt()
+        .setIssuer(FRONTEND_HOST)
+        .setAudience(FRONTEND_HOST)
+        .setExpirationTime('60s')
+        .sign(accessTokenSecret);
+
+      res.cookie('newAccessToken', newAccessToken, {
+        httpOnly: true,
+        signed: true,
+        // secure: true,
+        // sameSite: 'strict',
+      });
+
+      req.isAuthenticated = true;
+      req.userId = payload.userId;
+    } catch (rterror) {
+      console.error('Refresh token is invalid', rterror);
+
+      // If the refresh token is invalid,
+      req.isAuthenticated = false;
+      return;
+    }
+  }
+
+  next();
+}

packages/backend/api/src/models/user-model.ts

@@ -1,7 +1,76 @@
+import argon2 from 'argon2';
 import { jsonArrayFrom } from 'kysely/helpers/mysql';
 
 import { db } from '@app/backend-shared';
 
+export async function userLogin(email: string, password: string) {
+  return db
+    .selectFrom('user')
+    .select(['user.id', 'user.password', 'user.email'])
+    .where('user.email', '=', email || 'user.username ')
+    .executeTakeFirst();
+}
+
+export async function userRegister(
+  email: string,
+  username: string,
+  password: string,
+) {
+  try {
+    // Pour la verif du mail
+    const existingEmail = await db
+      .selectFrom('user')
+      .select('email')
+      .where('email', '=', email)
+      .executeTakeFirst();
+
+    if (existingEmail) {
+      return { error: 'Email is already in use, please use a different email' };
+    }
+
+    // Pour la verif du username
+    const existingUsername = await db
+      .selectFrom('user')
+      .select('username')
+      .where('username', '=', username)
+      .executeTakeFirst();
+
+    if (existingUsername) {
+      return {
+        error: 'Email is already in use, please use a different username',
+      };
+    }
+
+    // Hachage du mot de passe
+    const hashPassword = await argon2.hash(password, {
+      memoryCost: 19456,
+      timeCost: 2,
+      parallelism: 1,
+    });
+
+    // Insert de l'utilisateur dans la base de données
+    await db
+      .insertInto('user')
+      .values({ email, username, password: hashPassword })
+      .executeTakeFirst();
+
+    return { message: 'User created successfully' };
+  } catch (error) {
+    console.error('Error creating user:', error);
+    throw new Error(
+      error instanceof Error ? error.message : 'Failed to create user',
+    );
+  }
+}
+
+export async function getUserById(userId: number) {
+  return db
+    .selectFrom('user')
+    .selectAll()
+    .where('user.id', '=', userId)
+    .executeTakeFirst();
+}
+
 export default {
   async getUserProfileById(userId: number) {
     const profile = await db

packages/backend/api/src/router.ts

@@ -1,15 +1,32 @@
 // src/router.ts
 import express from 'express';
 
+import loginGuards from './middlewares/login.guards';
+import loginMiddleware from './middlewares/login.middleware';
+import userLoginRouter, { cookieRouterGet } from './subrouters/login-router';
+import userLogout from './subrouters/logout-router';
 import postsRouter from './subrouters/posts-router';
 import tagsRouter from './subrouters/tags-router';
 import usersRouter from './subrouters/users-router';
 
 const router = express.Router();
 
+// users registration
+router.use('/users', usersRouter);
+
+router.use('/login', userLoginRouter);
+
+// Middleware to check if the user is authenticated
+router.use(loginMiddleware);
+
+//login guards il faudra mettre mettre toutes les routes qui necessitent d'etre authentifié
+router.use(loginGuards);
 router.use('/posts', postsRouter);
 router.use('/tags', tagsRouter);
-router.use('/users', usersRouter);
+
+router.use('/logout', userLogout);
+
+router.use('/cookie', cookieRouterGet);
 
 router.use('*', (req, res) => {
   res.status(404).json({ message: `Resource ${req.path} not found` });