Merge pull request #25 from giuseppealbrizio/development

RBAC logic implemented

Author: giuseppealbrizio

CHANGELOG.md

@@ -0,0 +1,39 @@
+# Change Log
+
+[EXPRESS ECMA BOILERPLATE](https://github.com/giuseppealbrizio/express-ecma-boilerplate-mongodb)
+
+All notable changes to this project will be documented in this file.
+
+## [1.1.0] - 2021-10-10
+
+Here we would have the update steps for 1.1.0 for people to follow.
+
+### Added
+
+- **RBAC - Logic** to authorize user to use routes based on role permission.
+  1. Roles configuration can be customized in:
+     `./src/config/roles.config.js`
+  2. RBAC middleware definition is in:
+     `./src/middlewares/verifyRights.middleware.js`
+  3. You can use the middleware `verifyRights` in routes like this:
+  ```js
+  //Only users with getUsers permission can see this route
+  router.get(
+    '/users',
+    authenticate,
+    verifyRights('getUsers'),
+    catchAsync(findAllUsers),
+  );
+  ```
+
+### Changed
+
+- Refactor routes to keep API versioning tidy and clear. Now routes are defined in `./src/routes/v1/index.route.js`
+- Added a role field in user model definition `./src/models/user.model.js` to use the verifyRights middleware
+- Renamed `./src/config/database.config.js` to `./src/config/mongodb.config.js`
+- Moved the entrypoint routes to `./src/routes/v1/app.route.js`
+- Refactor events (publisher/subscriber) to keep pub/sub logic tidy and clean. Now all events related controller & routes can be find here:
+  1. `./src/controllers/events`
+  2. `./src/routes/events`
+
+### Fixed

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "express-ecma-boilerplate-mongodb",
   "description": "A minimalist express ecma boilerplate with mongodb",
-  "version": "1.0.11",
+  "version": "1.1.0",
   "private": false,
   "license": "MIT",
   "bin": "src/bin/www.js",

package.json

@@ -12,10 +12,20 @@ import passport from 'passport';
 import path from 'path';
 import xss from 'xss-clean';
 
-// Import custom logger function using winston
+/**
+ * Import currentUser middleware from shared library
+ */
+import { currentUser } from './middlewares/customAuthMiddleware/currentUser.middleware';
+
+/**
+ * Import custom logger function using winston
+ */
 import logger from './utils/logger.utils';
 
-import databaseConfig from './config/database.config';
+/**
+ * Import database configuration
+ */
+import mongoDbConfig from './config/mongodb.config';
 
 /**
  * Custom error handling
@@ -27,19 +37,7 @@ import errorHandler from './middlewares/errorHandler.middleware';
  * Routes import
  * @type {Router | {readonly default?: Router}}
  */
-import indexRouter from './routes/index.route';
-import authRouter from './routes/auth.route';
-import userRouter from './routes/user.route';
-import uploadRouter from './routes/upload.route';
-/**
- * Documentation Router
- */
-import swaggerRouter from './routes/swagger.route';
-/**
- * Pub/Sub Routers
- */
-import publisherRouter from './routes/publisher.route';
-import subscriberRouter from './routes/subscriber.route';
+import v1Routes from './routes/v1/index.route';
 
 /**
  * import { User } from './models/Users.model';
@@ -59,9 +57,9 @@ dotenv.config();
  * and return info about db name
  */
 if (process.env.NODE_ENV === 'production') {
-  databaseConfig.MongoDB().catch((err) => console.log(err));
+  mongoDbConfig.MongoDB().catch((err) => console.log(err));
 } else {
-  databaseConfig.MongoDBTest().catch((err) => console.log(err));
+  mongoDbConfig.MongoDBTest().catch((err) => console.log(err));
 }
 
 /**
@@ -144,6 +142,12 @@ app.use(
   }),
 );
 
+/**
+ * This middleware is responsible for bringing custom auth middleware
+ * as fallback to Passport if you don't want to use it
+ */
+app.use(currentUser);
+
 /**
  * Initialize Passport and pass the session to session storage of express
  */
@@ -181,21 +185,7 @@ app.use((req, res, next) => {
 /**
  * Routes definitions
  */
-app.use('/api/v1/', indexRouter);
-app.use('/api/v1/auth/', authRouter);
-app.use('/api/v1/users/', userRouter);
-app.use('/api/v1/upload/', uploadRouter);
-
-/**
- * Swagger Documentation endpoint
- */
-app.use('/api/v1/docs/', swaggerRouter);
-
-/**
- * Publisher endpoint
- */
-app.use('/api/v1/publisher/', publisherRouter);
-app.use('/api/v1/subscriber/', subscriberRouter);
+app.use('/api/v1/', v1Routes);
 
 /**
  * This helper function is useful if we use express as a pure API endpoint

src/app.js

@@ -0,0 +1,9 @@
+const allRoles = {
+  superAdmin: ['*', 'getUsers', 'manageUsers', 'deleteUsers'],
+  admin: ['getUsers', 'manageUsers', 'deleteUsers'],
+  user: ['getUsers'],
+};
+
+export const roles = Object.keys(allRoles);
+
+export const roleRights = new Map(Object.entries(allRoles));

src/config/database.config.js src/config/mongodb.config.jssrc/config/database.config.js renamed to src/config/mongodb.config.js

@@ -46,7 +46,7 @@ export default {
         userInCookie: cookiePayload,
         userInPassport: req.user,
         userInSession: sessionPayload,
-        // userInCustomMiddleware: req.currentUser,
+        userInCustomMiddleware: req.currentUser,
       });
     } catch (error) {
       res.status(500).json({

src/config/roles.config.js

@@ -5,12 +5,12 @@ import debug from 'debug';
  */
 import { PubSub } from '@google-cloud/pubsub';
 
-import { ApplicationError } from '../helpers/errors.helper';
+import { ApplicationError } from '../../helpers/errors.helper';
 
 /**
  * Load PubSub Custom Service
  */
-import pubSubService from '../services/pubsub/pub-sub.service';
+import pubSubService from '../../services/pubsub/pub-sub.service';
 
 const pubSubClient = new PubSub();
 

src/controllers/index.controller.js src/controllers/app.controller.jssrc/controllers/index.controller.js renamed to src/controllers/app.controller.js

@@ -0,0 +1,137 @@
+/**
+ * This controller should be used in another app or service and not here
+ * This is just for testing purposes
+ */
+import debug from 'debug';
+
+/**
+ * Load PubSub Library
+ */
+import { PubSub } from '@google-cloud/pubsub';
+
+import { ApplicationError } from '../../helpers/errors.helper';
+
+const pubSubClient = new PubSub();
+
+const DEBUG = debug('dev');
+
+export default {
+  /**
+   * Test subscriber route API
+   * @param req
+   * @param res
+   * @return {Promise<void>}
+   */
+  testSubscriberRoute: async (req, res) => {
+    try {
+      res.status(200).json({
+        status: 'success',
+        message: 'Subscriber route is ready!',
+      });
+    } catch (error) {
+      DEBUG(error);
+      throw new ApplicationError(500, error);
+    }
+  },
+  /**
+   * Controller for listen to message published from a publisher
+   * This controller receive type "pull" subscription messages
+   * @param req
+   * @param res
+   */
+  // eslint-disable-next-line no-unused-vars
+  subscribeToPullEventExample: async (req, res) => {
+    try {
+      // Define some options for subscription
+      const subscriberOptions = {
+        flowControl: {
+          maxMessages: 10,
+        },
+      };
+
+      // References an existing subscription
+      const subscription = await pubSubClient.subscription(
+        'subscription-name',
+        subscriberOptions,
+      );
+
+      // Instantiate the message counter
+      let messageCount = 0;
+
+      // Create an event handler to handle messages
+      const messageHandler = async (message) => {
+        // Buffering the message data
+        const data = Buffer.from(message.data, 'base64').toString('utf-8');
+
+        // Parse message in a JSON Object
+        const result = JSON.parse(data);
+
+        // Do something with the result
+        console.log(result);
+
+        // Increase message counter
+        messageCount += 1;
+
+        // "Ack" (acknowledge receipt of) the message
+        message.ack();
+      };
+
+      // Create an event handler to handle errors
+      const errorHandler = function (error) {
+        throw new Error(error);
+      };
+
+      // Listen for new messages until timeout is hit
+      subscription.on('message', messageHandler);
+
+      // Listen for errors
+      subscription.on('error', errorHandler);
+
+      // Set the timeout to 60 seconds
+      setTimeout(() => {
+        subscription.removeListener('message', messageHandler);
+        subscription.removeListener('error', errorHandler);
+        console.log(`${messageCount} message(s) received.`);
+      }, 60 * 1000);
+
+      // Send a 200 status code
+      res.status(200).send();
+    } catch (error) {
+      DEBUG(error);
+      throw new ApplicationError(
+        500,
+        "Couldn't receive publisher data object :(",
+        error,
+      );
+    }
+  },
+  /**
+   * As soon as Google receives a message it send back since
+   * subscription is of a PUSH type. This controller take the
+   * message and display it
+   * @param req
+   * @param res
+   * @return {Promise<*>}
+   */
+  subscribeToPushEventExample: async (req, res) => {
+    try {
+      // Await for message coming from Pub/Sub in a push notification.
+      const data = Buffer.from(req.body.message.data, 'base64').toString(
+        'utf-8',
+      );
+
+      const result = await JSON.parse(data);
+
+      console.log('Push event contains this object: ', result);
+
+      res.status(200).send();
+    } catch (error) {
+      DEBUG(error);
+      throw new ApplicationError(
+        500,
+        "Couldn't receive orders object :(",
+        error,
+      );
+    }
+  },
+};