RED-16 - reworking frontend tests and user settings

Author: sombriks

.github/workflows/node.js.yml

@@ -42,7 +42,7 @@ jobs:
       run: | 
         npm ci
         npm run build --if-present
-        npm run test:web
+        npm run test:web --if-present
   run-tests-backend:
     defaults:
       run:
@@ -65,7 +65,7 @@ jobs:
         run: |
           npm ci
           npm run build --if-present
-          npm run test:service:coverage
+          npm run test:service:coverage --if-present
   publish-docker-image-frontend:
     if: github.ref == 'refs/heads/main'
     permissions: write-all

service-node-koa/app/config/security/encryption.mjs

@@ -24,7 +24,7 @@ export const decrypt = (secret) => {
 export const sign = (payload) => {
 	// TODO what else to add to payload?
 	payload.iat = new Date().getTime() / 1000;
-	payload.exp = 86400 + new Date().getTime() / 1000;
+	payload.exp = 86400 + payload.iat;
 	return { token: jwt.sign(payload, process.env.SECRET) };
 };
 

service-node-koa/app/config/security/middleware.mjs

@@ -18,9 +18,12 @@ export const ifAuthenticated = async (ctx, next) => {
 	const details = extractDetails(ctx); // id, nome, emil, admin, criacao, alteracao, iat, exp
 	if (!details.iat || !details.exp)
 		ctx.throw(401, { message: "Something strange with this token" });
-	if (new Date().getTime() > new Date(details.exp * 1000))
+	else if (new Date().getTime() > new Date(details.exp * 1000))
 		ctx.throw(401, { message: "Token expired" });
-	return await next();
+	else if(ctx.params.usuario_id != details.id)
+		ctx.throw(401, { message: "user mismatch"});
+	else
+		return await next();
 };
 
 export const contaOwnedBy = async (ctx, next) => {

service-node-koa/app/config/security/middleware.spec.mjs

@@ -1,81 +1,81 @@
-import chai from "chai";
+import chai from 'chai'
 
-import * as middleware from "./middleware.mjs";
-import sinon from "sinon";
-import { sign } from "./encryption.mjs";
-import { getAdmin, resetConta } from "../../services/index.mjs";
+import * as middleware from './middleware.mjs'
+import sinon from 'sinon'
+import { sign } from './encryption.mjs'
+import { getAdmin, resetConta } from '../../services/index.mjs'
 
-chai.should();
+chai.should()
 
-describe("Middleware tests", () => {
-	it("should check if it's admin", async () => {
-		const adm = await getAdmin();
-		const { token } = sign(adm);
-		const authorization = `Bearer ${token}`;
-		const ctx = { request: { header: { authorization } }, throw: sinon.fake() };
-		const next = sinon.mock();
-		next.once();
+describe('Middleware tests', () => {
+  it('should check if it\'s admin', async () => {
+    const adm = await getAdmin()
+    const { token } = sign(adm)
+    const authorization = `Bearer ${token}`
+    const ctx = { request: { header: { authorization } }, throw: sinon.fake() }
+    const next = sinon.mock()
+    next.once()
 
-		await middleware.ifAdmin(ctx, next);
+    await middleware.ifAdmin(ctx, next)
 
-		next.verify();
-	});
+    next.verify()
+  })
 
-	it("should check if it's authenticated", async () => {
-		const adm = await getAdmin();
-		const { token } = sign(adm);
-		const authorization = `Bearer ${token}`;
-		const ctx = { request: { header: { authorization } }, throw: sinon.fake() };
-		const next = sinon.mock();
-		next.once();
+  it('should check if it\'s authenticated', async () => {
+    const adm = await getAdmin()
+    const { token } = sign(adm)
+    const authorization = `Bearer ${token}`
+    const ctx = { params: { usuario_id: 1 }, request: { header: { authorization } }, throw: sinon.fake() }
+    const next = sinon.mock()
+    next.once()
 
-		await middleware.ifAuthenticated(ctx, next);
+    await middleware.ifAuthenticated(ctx, next)
 
-		next.verify();
-	});
+    next.verify()
+  })
 
-	it("should check if it owns the resource", async () => {
-		// given
-		const adm = await getAdmin();
-		const contasIds = await resetConta({ usuario_id: adm.id });
-		const { token } = sign(adm);
-		const authorization = `Bearer ${token}`;
-		const params = { usuario_id: adm.id, conta_id: contasIds[0].id };
-		const ctx = {
-			request: { header: { authorization }, params },
-			throw: sinon.fake(),
-		};
-		const next = sinon.mock();
-		next.once();
+  it('should check if it owns the resource', async () => {
+    // given
+    const adm = await getAdmin()
+    const contasIds = await resetConta({ usuario_id: adm.id })
+    const { token } = sign(adm)
+    const authorization = `Bearer ${token}`
+    const params = { usuario_id: adm.id, conta_id: contasIds[0].id }
+    const ctx = {
+      request: { header: { authorization }, params },
+      throw: sinon.fake()
+    }
+    const next = sinon.mock()
+    next.once()
 
-		// when
-		await middleware.contaOwnedBy(ctx, next);
+    // when
+    await middleware.contaOwnedBy(ctx, next)
 
-		// then
-		next.verify();
-	});
+    // then
+    next.verify()
+  })
 
-	it("Should FAIL due missing auth header", async () => {
-		// given
-		const authorization = `Bearer`;
-		const ctx = { request: { header: { authorization } }, throw: sinon.mock() };
-		const next = sinon.mock();
-		next.never();
-		ctx.throw.never();
+  it('Should FAIL due missing auth header', async () => {
+    // given
+    const authorization = `Bearer`
+    const ctx = { request: { header: { authorization } }, throw: sinon.mock() }
+    const next = sinon.mock()
+    next.never()
+    ctx.throw.never()
 
-		// when
-		const spyable = { ifAuthenticated: middleware.ifAuthenticated };
-		const spy = sinon.spy(spyable, "ifAuthenticated");
-		try {
-			await spyable.ifAuthenticated(ctx, next);
-		} catch (e) {
-			chai.expect(spy.exceptions).length(1);
-		}
+    // when
+    const spyable = { ifAuthenticated: middleware.ifAuthenticated }
+    const spy = sinon.spy(spyable, 'ifAuthenticated')
+    try {
+      await spyable.ifAuthenticated(ctx, next)
+    } catch (e) {
+      chai.expect(spy.exceptions).length(1)
+    }
 
-		// then
-		chai.expect(spy.called);
-		chai.expect(spy.threw());
-		ctx.throw.verify();
-		next.verify();
-	});
-});
+    // then
+    chai.expect(spy.called)
+    chai.expect(spy.threw())
+    ctx.throw.verify()
+    next.verify()
+  })
+})

service-node-koa/app/controllers/user.mjs

@@ -9,6 +9,7 @@ import {
 import { sign } from "../config/security/index.mjs";
 
 export const userLoginRequest = async (ctx) => {
+	// TODO captcha protection
 	const { email, senha } = ctx.request.body;
 	const user = await login({ email, senha });
 	if (!user) return; // 404

web-app-vue/infrastructure/Dockerfile

@@ -2,7 +2,7 @@ FROM alpine:3.19 AS build
 
 ENV NODE_ENV=${NODE_ENV:-production}
 
-ADD .env.production .eslintrc.cjs .prettierrc.json index.html \
+ADD .env.production index.html \
   package.json package-lock.json vite.config.js vitest.config.js ./
 ADD src ./src/
 ADD public ./public/