signup login logout with tests done

Author: seantokuzo

examples_new/microservices/auth/package-lock.json

@@ -5,7 +5,14 @@
   "main": "index.js",
   "scripts": {
     "start": "ts-node-dev ./src/index.ts",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "jest --watchAll --no-cache"
+  },
+  "jest": {
+    "preset": "ts-jest",
+    "testEnvironment": "node",
+    "setupFilesAfterEnv": [
+      "./src/test/setup.ts"
+    ]
   },
   "keywords": [],
   "author": "",
@@ -14,7 +21,9 @@
     "@chronosrx/common": "^1.0.1",
     "bcryptjs": "^2.4.3",
     "cookie-parser": "^1.4.6",
+    "dotenv": "^16.3.1",
     "express": "^4.18.2",
+    "express-async-errors": "^3.1.1",
     "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.0.3",
     "ts-node-dev": "^2.0.0"

examples_new/microservices/auth/package.json

@@ -0,0 +1,73 @@
+import request from 'supertest';
+import { app } from '../app';
+
+// Mongo Memory Server - Users collection always starts out empty**
+
+// 1) Fails with bad request error either username or password are not provided
+it('fails if either username or password are not provided', async () => {
+  await request(app)
+    .post('/api/auth/login')
+    .send({
+      username: 'AYYYYY',
+    })
+    .expect(400);
+
+  await request(app)
+    .post('/api/auth/login')
+    .send({
+      password: 'CUH',
+    })
+    .expect(400);
+});
+
+// 2) Fails with bad request error if user does not exist in the database
+it('user does not exist', async () => {
+  await request(app)
+    .post('/api/auth/login')
+    .send({
+      username: 'nonexistentuser',
+      password: 'test',
+    })
+    .expect(400);
+});
+
+// 3) Fails with BadRequest Error if passwords do not match
+it('fails if passwords do not match', async () => {
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'test',
+      password: 'rightTest',
+    })
+    .expect(201);
+
+  await request(app)
+    .post('/api/auth/login')
+    .send({
+      username: 'test',
+      password: 'wrongTest',
+    })
+    .expect(400);
+});
+
+// 4) Succeeds if username and password match a user in the database
+it('Users has correct password', async () => {
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'test',
+      password: 'test123',
+    })
+    .expect(201);
+
+  const response = await request(app)
+    .post('/api/auth/login')
+    .send({
+      username: 'test',
+      password: 'test123',
+    })
+    .expect(200);
+
+  expect(response.get('Set-Cookie')).toBeDefined();
+  expect(response.get('Set-Cookie')[0].split('=')[0]).toEqual('token');
+});

examples_new/microservices/auth/src/__test__/login.test.ts

@@ -0,0 +1,23 @@
+import request from 'supertest';
+import { app } from '../app';
+
+// Mongo Memory Server - Users collection always starts out empty**
+
+// 1) Clears the cookie on logout
+// Means that 'Set-Cookie' header is defined
+//200 means request is successful, 201 means request is successful and result generated
+it('Clears the cookie on logout', async () => {
+  await request(app)
+    .post('/api/auth/logout')
+    .send({
+      username: 'test',
+      password: 'test',
+    })
+    .expect(200);
+
+  const response = await request(app).post('/api/auth/logout').send().expect(200);
+
+  console.log(response.get('Set-Cookie'));
+  expect(response.get('Set-Cookie')).toBeDefined();
+  // expect(response.get('Set-Cookie')[0].split('=')[0]).toEqual('token');
+});

examples_new/microservices/auth/src/__test__/logout.test.ts

@@ -0,0 +1,73 @@
+import request from 'supertest';
+import { app } from '../app';
+import { User } from '../models/user';
+
+it('fails with 400 if no username/password provided', async () => {
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      password: 'wheremyname',
+    })
+    .expect(400);
+
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'wheremypassword',
+    })
+    .expect(400);
+});
+
+it('fails with 400 with invalid password', async () => {
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'validuser',
+      password: 'b',
+    })
+    .expect(400);
+});
+
+it('Does not allow duplicate username signup ', async () => {
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'test',
+      password: 'test',
+    })
+    .expect(201);
+
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'test',
+      password: 'test',
+    })
+    .expect(400);
+});
+
+it('creates a user with valid inputs', async () => {
+  await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'test',
+      password: 'test',
+    })
+    .expect(201);
+
+  const users = await User.find({});
+  expect(users[0].username).toEqual('test');
+});
+
+it('Sets a cookie on successful signup', async () => {
+  const response = await request(app)
+    .post('/api/auth/signup')
+    .send({
+      username: 'test',
+      password: 'test',
+    })
+    .expect(201);
+
+  expect(response.get('Set-Cookie')).toBeDefined();
+  expect(response.get('Set-Cookie')[0].split('=')[0]).toEqual('token');
+});

examples_new/microservices/auth/src/__test__/signup.test.ts

@@ -1,9 +1,14 @@
 import express from 'express';
+import 'express-async-errors';
+import dotenv from 'dotenv';
+dotenv.config();
 import { NotFoundError, errorHandler } from '@chronosrx/common';
 import authRouter from './routes/auth-router';
 
 const app = express();
 
+app.use(express.json());
+
 // app.get('/', (req, res) => {
 //   console.log('💥 Test Route');
 //   res.status(200).send({ msg: '💥 Test route' });

examples_new/microservices/auth/src/app.ts

@@ -1,16 +1,87 @@
+import { BadRequestError } from '@chronosrx/common';
 import { Request, Response } from 'express';
+import { User } from '../models/user';
+import { attachCookie } from '../../util/attachCookie';
 
 export const signup = async (req: Request, res: Response) => {
-  console.log('💥 authController signup');
-  res.send({ msg: '💥 authController signup' });
+  // console.log('💥 authController signup');
+  const { username, password } = req.body;
+
+  // Validate inputs
+  if (!username || !password || password.length < 4) {
+    throw new BadRequestError('Invalid inputs');
+  }
+
+  // Check to see if user with supplied username already exists
+  const existingUser = await User.findOne({ username });
+  if (existingUser) {
+    throw new BadRequestError('User with that username exists');
+  }
+
+  // create the user document
+  const newUser = User.build({
+    username,
+    password,
+  });
+  // save newly created user document to the database
+  await newUser.save();
+
+  // create a JWT w/ userId store on it
+  // note: createJwt method created on the userSchema
+  const token = newUser.createJwt();
+  // set cookie on response object with name 'token' and value of the jwt
+  // attachCookie method - defined in util folder
+  attachCookie(res, token);
+
+  //
+  res.status(201).send(newUser);
 };
 
 export const login = async (req: Request, res: Response) => {
-  console.log('💥 authController login');
-  res.send({ msg: '💥 authController login' });
+  // console.log('💥 authController login');
+  // pull username and password off request body
+  const { username, password } = req.body;
+  // validate username and password - they exist
+  if (!username || !password) {
+    throw new BadRequestError('Must provide username and password');
+  }
+  // query database for user with that username
+  const existingUser = await User.findOne({ username });
+  // handle case where no user exists with that username
+  if (!existingUser) {
+    throw new BadRequestError('Invalid credentials');
+  }
+
+  // if user does exist - compare provided password to user's password in DB
+  // * we defined a comparePassword method on the userSchema -> accepts provided password as argument
+  // handle case when passwords do not match
+  const passwordsMatch = await existingUser.comparePassword(password);
+  if (!passwordsMatch) {
+    throw new BadRequestError('Invalid credentials');
+  }
+
+  // if passwords do match - create a JWT
+  // * we created a method createJwt on the userSchema that returns the jwt (aka token)
+  const token = existingUser.createJwt();
+  // attach the jwt to the cookie
+  // * we defined an attachCookie helper function (in util folder) - is already imported for us
+  // accepts the response object and jwt/token as arguments
+  attachCookie(res, token);
+  // send back the found user with status code 200
+  res.status(200).send(existingUser);
 };
 
 export const logout = async (req: Request, res: Response) => {
-  console.log('💥 authController logout');
-  res.send({ msg: '💥 authController logout' });
+  // console.log('💥 authController logout');
+
+  // Set cookie on response object with name 'token' to null
+  // make the cookie httpOnly
+  // set cookie expiration to 500ms from now
+  res.cookie('token', null, {
+    httpOnly: true,
+    secure: false,
+    expires: new Date(Date.now() + 500),
+  });
+
+  res.status(200).send({ message: 'success' });
 };

examples_new/microservices/auth/src/controllers/auth-controller.ts

@@ -1,15 +1,24 @@
+import { DbConnectionError } from '@chronosrx/common';
 import { app } from './app';
+import mongoose from 'mongoose';
 
 const PORT = process.env.PORT || 3000;
 
 const start = async () => {
-  if (!process.env.MONGO_URI) throw new Error('MONGO_URI must be defined')
-  if (!process.env.JWT_SECRET) throw new Error('JWT_SECRET must be defined')
-  if (!process.env.JWT_LIFETIME) throw new Error('JWT_LIFETIME must be defined')
+  if (!process.env.MONGO_URI) throw new Error('MONGO_URI must be defined');
+  if (!process.env.JWT_KEY) throw new Error('JWT_KEY must be defined');
+  if (!process.env.JWT_LIFETIME) throw new Error('JWT_LIFETIME must be defined');
 
-  app.listen(PORT, () => {
+  try {
+    await mongoose.connect(process.env.MONGO_URI, {});
+    console.log('🍃 Connected to MongoDB');
+  } catch (err) {
+    throw new DbConnectionError();
+  }
+
+  app.listen(PORT, async () => {
     console.log(`💥 App listening on ${PORT}`);
   });
 };
 
-start()
+start();