implement authentication and user management services

Author: ericahan22

backend/.env.example

@@ -1,3 +1,26 @@
+# Server Configuration
+PORT=3000
+NODE_ENV=development
+
+# Database Configuration
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=password
+POSTGRES_DB_DEV=starter_dev
+POSTGRES_DB_TEST=starter_test
+DB_HOST=localhost
+
+# Firebase Configuration
+FIREBASE_PROJECT_ID=your-project-id
+FIREBASE_SVC_ACCOUNT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nYourPrivateKeyHere\n-----END PRIVATE KEY-----\n"
+FIREBASE_SVC_ACCOUNT_CLIENT_EMAIL=firebase-adminsdk@your-project-id.iam.gserviceaccount.com
+
+# Firebase Web API Key
+FIREBASE_WEB_API_KEY=your-web-api-key
+
+# Firebase Request URI (update for production)
+FIREBASE_REQUEST_URI=http://localhost
+
+# Email Configuration
 MAILER_USER=your-email@gmail.com
 MAILER_REFRESH_TOKEN=your-refresh-token
 MAILER_CLIENT_SECRET=your-client-secret

backend/graphql/index.ts

@@ -4,6 +4,10 @@ import { merge } from 'lodash';
 
 import sampleResolvers from './resolvers/sampleResolvers';
 import sampleType from './types/sampleType';
+import userResolvers from './resolvers/userResolvers';
+import userType from './types/userType';
+import authResolvers from './resolvers/authResolvers';
+import authType from './types/authType';
 
 const query = gql`
   type Query {
@@ -18,8 +22,8 @@ const mutation = gql`
 `;
 
 const executableSchema = makeExecutableSchema({
-  typeDefs: [query, mutation, sampleType],
-  resolvers: merge(sampleResolvers),
+  typeDefs: [query, mutation, sampleType, userType, authType],
+  resolvers: merge(sampleResolvers, userResolvers, authResolvers),
 });
 
 export default executableSchema;

backend/graphql/resolvers/authResolvers.ts

@@ -0,0 +1,87 @@
+import nodemailerConfig from '../../nodemailer.config';
+import AuthService from '../../services/implementations/authService';
+import EmailService from '../../services/implementations/emailService';
+import UserService from '../../services/implementations/userService';
+import IAuthService from '../../services/interfaces/authService';
+import IEmailService from '../../services/interfaces/emailService';
+import IUserService from '../../services/interfaces/userService';
+import { AuthDTO, RegisterUserDTO, Role, SignUpMethod } from '../../types';
+
+const userService: IUserService = new UserService();
+const emailService: IEmailService = new EmailService(nodemailerConfig);
+const authService: IAuthService = new AuthService(userService, emailService);
+
+const authResolvers = {
+  Query: {
+    isAuthorizedByRole: async (
+      _parent: undefined,
+      { accessToken, roles }: { accessToken: string; roles: Role[] }
+    ): Promise<boolean> => {
+      const isAuthorized = await authService.isAuthorizedByRole(accessToken, new Set(roles));
+      return isAuthorized;
+    },
+    isAuthorizedByUserId: async (
+      _parent: undefined,
+      { accessToken, userId }: { accessToken: string; userId: string }
+    ): Promise<boolean> => {
+      const isAuthorized = await authService.isAuthorizedByUserId(accessToken, userId);
+      return isAuthorized;
+    },
+    isAuthorizedByEmail: async (
+      _parent: undefined,
+      { accessToken, email }: { accessToken: string; email: string }
+    ): Promise<boolean> => {
+      const isAuthorized = await authService.isAuthorizedByEmail(accessToken, email);
+      return isAuthorized;
+    },
+  },
+  Mutation: {
+    login: async (
+      _parent: undefined,
+      { email, password }: { email: string; password: string }
+    ): Promise<AuthDTO> => {
+      const authDTO = await authService.generateToken(email, password);
+      return authDTO;
+    },
+    loginWithGoogle: async (
+      _parent: undefined,
+      { idToken }: { idToken: string }
+    ): Promise<AuthDTO> => {
+      const authDTO = await authService.generateTokenOAuth(idToken);
+      return authDTO;
+    },
+    register: async (_parent: undefined, { user }: { user: RegisterUserDTO }): Promise<AuthDTO> => {
+      if (!user.password) {
+        throw new Error('Password is required for registration');
+      }
+      const newUser = await userService.createUser(
+        {
+          ...user,
+          role: Role.User, // Default role for registration
+        },
+        undefined,
+        SignUpMethod.PASSWORD
+      );
+      await authService.sendEmailVerificationLink(newUser.email);
+      const authDTO = await authService.generateToken(user.email, user.password);
+      return authDTO;
+    },
+    refresh: async (
+      _parent: undefined,
+      { refreshToken }: { refreshToken: string }
+    ): Promise<string> => {
+      const token = await authService.renewToken(refreshToken);
+      return token.accessToken;
+    },
+    logout: async (_parent: undefined, { userId }: { userId: string }): Promise<boolean> => {
+      await authService.revokeTokens(userId);
+      return true;
+    },
+    resetPassword: async (_parent: undefined, { email }: { email: string }): Promise<boolean> => {
+      await authService.resetPassword(email);
+      return true;
+    },
+  },
+};
+
+export default authResolvers;

backend/graphql/resolvers/userResolvers.ts

@@ -0,0 +1,52 @@
+import nodemailerConfig from '../../nodemailer.config';
+import AuthService from '../../services/implementations/authService';
+import EmailService from '../../services/implementations/emailService';
+import UserService from '../../services/implementations/userService';
+import IAuthService from '../../services/interfaces/authService';
+import IEmailService from '../../services/interfaces/emailService';
+import IUserService from '../../services/interfaces/userService';
+import { CreateUserDTO, UpdateUserDTO, UserDTO } from '../../types';
+
+const userService: IUserService = new UserService();
+const emailService: IEmailService = new EmailService(nodemailerConfig);
+const authService: IAuthService = new AuthService(userService, emailService);
+
+const userResolvers = {
+  Query: {
+    userById: async (_parent: undefined, { id }: { id: string }): Promise<UserDTO> => {
+      return userService.getUserById(id);
+    },
+    userByEmail: async (_parent: undefined, { email }: { email: string }): Promise<UserDTO> => {
+      return userService.getUserByEmail(email);
+    },
+    users: async (): Promise<UserDTO[]> => {
+      return userService.getUsers();
+    },
+  },
+  Mutation: {
+    createUser: async (_parent: undefined, { user }: { user: CreateUserDTO }): Promise<UserDTO> => {
+      const newUser = await userService.createUser(user);
+      await authService.sendEmailVerificationLink(newUser.email);
+      return newUser;
+    },
+    updateUser: async (
+      _parent: undefined,
+      { id, user }: { id: string; user: UpdateUserDTO }
+    ): Promise<UserDTO> => {
+      return userService.updateUserById(id, user);
+    },
+    deleteUserById: async (_parent: undefined, { id }: { id: string }): Promise<boolean> => {
+      await userService.deleteUserById(id);
+      return true;
+    },
+    deleteUserByEmail: async (
+      _parent: undefined,
+      { email }: { email: string }
+    ): Promise<boolean> => {
+      await userService.deleteUserByEmail(email);
+      return true;
+    },
+  },
+};
+
+export default userResolvers;

backend/graphql/types/authType.ts

@@ -0,0 +1,37 @@
+import { gql } from 'apollo-server-express';
+
+const authType = gql`
+  type AuthDTO {
+    id: ID!
+    firstName: String!
+    lastName: String!
+    email: String!
+    role: Role!
+    accessToken: String!
+    refreshToken: String!
+  }
+
+  input RegisterUserDTO {
+    firstName: String!
+    lastName: String!
+    email: String!
+    password: String!
+  }
+
+  extend type Query {
+    isAuthorizedByRole(accessToken: String!, roles: [Role!]!): Boolean!
+    isAuthorizedByUserId(accessToken: String!, userId: ID!): Boolean!
+    isAuthorizedByEmail(accessToken: String!, email: String!): Boolean!
+  }
+
+  extend type Mutation {
+    login(email: String!, password: String!): AuthDTO!
+    loginWithGoogle(idToken: String!): AuthDTO!
+    register(user: RegisterUserDTO!): AuthDTO!
+    refresh(refreshToken: String!): String!
+    logout(userId: ID!): Boolean!
+    resetPassword(email: String!): Boolean!
+  }
+`;
+
+export default authType;

backend/graphql/types/userType.ts

@@ -0,0 +1,46 @@
+import { gql } from 'apollo-server-express';
+
+const userType = gql`
+  enum Role {
+    User
+    Admin
+  }
+
+  type UserDTO {
+    id: ID!
+    firstName: String!
+    lastName: String!
+    email: String!
+    role: Role!
+  }
+
+  input CreateUserDTO {
+    firstName: String!
+    lastName: String!
+    email: String!
+    role: Role!
+    password: String
+  }
+
+  input UpdateUserDTO {
+    firstName: String!
+    lastName: String!
+    email: String!
+    role: Role!
+  }
+
+  extend type Query {
+    userById(id: ID!): UserDTO!
+    userByEmail(email: String!): UserDTO!
+    users: [UserDTO!]!
+  }
+
+  extend type Mutation {
+    createUser(user: CreateUserDTO!): UserDTO!
+    updateUser(id: ID!, user: UpdateUserDTO!): UserDTO!
+    deleteUserById(id: ID!): Boolean!
+    deleteUserByEmail(email: String!): Boolean!
+  }
+`;
+
+export default userType;

backend/middlewares/auth.ts

@@ -0,0 +1,85 @@
+import { AuthenticationError, ExpressContext } from 'apollo-server-express';
+import { GraphQLResolveInfo } from 'graphql';
+import AuthService from '../services/implementations/authService';
+import UserService from '../services/implementations/userService';
+import IAuthService from '../services/interfaces/authService';
+import { Role } from '../types';
+
+const authService: IAuthService = new AuthService(new UserService());
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+export const getAccessToken = (req: any): string | null => {
+  const authHeaderParts = req.headers.authorization?.split(' ');
+  if (
+    authHeaderParts &&
+    authHeaderParts.length >= 2 &&
+    authHeaderParts[0].toLowerCase() === 'bearer'
+  ) {
+    return authHeaderParts[1];
+  }
+  return null;
+};
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+export const isAuthorizedByRole = (roles: Set<Role>) => {
+  return async (
+    resolve: (parent: any, args: any, context: ExpressContext, info: GraphQLResolveInfo) => any,
+    parent: any,
+    args: any,
+    context: ExpressContext,
+    info: GraphQLResolveInfo
+  ) => {
+    const accessToken = getAccessToken(context.req);
+
+    const authorized = accessToken && (await authService.isAuthorizedByRole(accessToken, roles));
+
+    if (!authorized) {
+      throw new AuthenticationError('You are not authorized to perform this action');
+    }
+
+    return resolve(parent, args, context, info);
+  };
+};
+
+export const isAuthorizedByUserId = () => {
+  return async (
+    resolve: (parent: any, args: any, context: ExpressContext, info: GraphQLResolveInfo) => any,
+    parent: any,
+    args: { id: string },
+    context: ExpressContext,
+    info: GraphQLResolveInfo
+  ) => {
+    const accessToken = getAccessToken(context.req);
+
+    const authorized =
+      accessToken && (await authService.isAuthorizedByUserId(accessToken, args.id));
+
+    if (!authorized) {
+      throw new AuthenticationError('You are not authorized to perform this action');
+    }
+
+    return resolve(parent, args, context, info);
+  };
+};
+
+export const isAuthorizedByEmail = () => {
+  return async (
+    resolve: (parent: any, args: any, context: ExpressContext, info: GraphQLResolveInfo) => any,
+    parent: any,
+    args: { email: string },
+    context: ExpressContext,
+    info: GraphQLResolveInfo
+  ) => {
+    const accessToken = getAccessToken(context.req);
+
+    const authorized =
+      accessToken && (await authService.isAuthorizedByEmail(accessToken, args.email));
+
+    if (!authorized) {
+      throw new AuthenticationError('You are not authorized to perform this action');
+    }
+
+    return resolve(parent, args, context, info);
+  };
+};

backend/models/user.model.ts

@@ -0,0 +1,29 @@
+import { Column, DataType, Model, Table } from 'sequelize-typescript';
+import { Role } from '../types';
+
+@Table({ tableName: 'users' })
+export default class User extends Model {
+  @Column({ type: DataType.INTEGER, primaryKey: true, autoIncrement: true })
+  id!: number;
+
+  @Column({ type: DataType.STRING, allowNull: false })
+  firstName!: string;
+
+  @Column({ type: DataType.STRING, allowNull: false })
+  lastName!: string;
+
+  @Column({ type: DataType.STRING, allowNull: false, unique: true })
+  email!: string;
+
+  @Column({ type: DataType.STRING, allowNull: false, unique: true })
+  authId!: string;
+
+  @Column({ type: DataType.ENUM('User', 'Admin'), allowNull: false })
+  role!: Role;
+
+  @Column({ type: DataType.DATE, allowNull: false })
+  createdAt!: Date;
+
+  @Column({ type: DataType.DATE, allowNull: false })
+  updatedAt!: Date;
+}