diff --git a/bruno/recipe-backend/createUser.bru b/bruno/recipe-backend/createUser.bru index ba92c1d..f0291fa 100644 --- a/bruno/recipe-backend/createUser.bru +++ b/bruno/recipe-backend/createUser.bru @@ -10,10 +10,14 @@ post { auth: inherit } +headers { + Authorization: bearcer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU2NGE5NjY0LTI2ZWYtNGMxMS1hNjIyLWU4MDI2MzczYmRkZCIsImlhdCI6MTc1ODc0MTM5MywiZXhwIjoxNzU4ODI3NzkzfQ.q33R9FfhGUIn92PTIIAmKmUnGxcLlv6om7KwiDD61Rc +} + body:json { { "userData": { - "userName": "test", + "userName": "test2", "email": "test@raemer.net" }, "password": "test" diff --git a/bruno/recipe-backend/login.bru b/bruno/recipe-backend/login.bru index 1209530..3fe84be 100644 --- a/bruno/recipe-backend/login.bru +++ b/bruno/recipe-backend/login.bru @@ -5,11 +5,18 @@ meta { } post { - url: http://localhost:4000/login - body: none + url: http://localhost:4000/auth/login + body: json auth: inherit } +body:json { + { + "userName": "admin", + "password": "1J7HgWRZ2OfaiFgrKb1BULIXN" + } +} + settings { encodeUrl: true } diff --git a/src/endpoints/AuthPoint.ts b/src/endpoints/AuthPoint.ts index 2134f7c..7745240 100644 --- a/src/endpoints/AuthPoint.ts +++ b/src/endpoints/AuthPoint.ts @@ -9,8 +9,9 @@ import { } from "../errors/httpErrors.js"; import { LoginRequestDto } from "../dtos/LoginRequestDto.js"; -const router = Router(); +export const authBasicRoute = "/auth" +const router = Router(); const userRepository = new UserRepository(); const mapper = new UserDtoEntityMapper(); const authController = new AuthController(userRepository, mapper); diff --git a/src/index.ts b/src/index.ts index b02171e..081aefe 100644 --- a/src/index.ts +++ b/src/index.ts @@ -2,10 +2,11 @@ import "reflect-metadata"; import express, { NextFunction, Request, Response } from "express"; import dotenv from "dotenv"; import { AppDataSource } from "./data-source.js"; -import authRoutes from "./endpoints/AuthPoint.js"; +import authRoutes, { authBasicRoute } from "./endpoints/AuthPoint.js"; import userRoutes from "./endpoints/UserPoint.js"; // import recipeRoutes from "./endpoints/RecipePoint.js"; import { errorHandler } from "./middleware/errorHandler.js"; +import { authentication } from "./middleware/authenticationMiddleware.js"; dotenv.config(); @@ -15,16 +16,19 @@ app.use(errorHandler); async function startServer() { try { - // 1️⃣ Initialize database + // Initialize database await AppDataSource.initialize(); console.log("Data Source initialized"); - // Optional: run pending migrations + // Run pending migrations await AppDataSource.runMigrations(); console.log("Migrations executed"); - // 2️⃣ Setup routes - app.use("/auth", authRoutes); + // Activate Authentication + app.use(authentication); + + // Setup routes + app.use(authBasicRoute, authRoutes); app.use("/user", userRoutes); // app.use("/recipe", recipeRoutes); @@ -34,7 +38,7 @@ async function startServer() { }); console.log("Routes set up") - // 3️⃣ Start listening + // Start listening const PORT = Number(process.env.PORT) || 4000; const HOST = process.env.HOST || "localhost"; diff --git a/src/middleware/authenticationMiddleware.ts b/src/middleware/authenticationMiddleware.ts index c3e0176..a6be35b 100644 --- a/src/middleware/authenticationMiddleware.ts +++ b/src/middleware/authenticationMiddleware.ts @@ -1,9 +1,11 @@ import { NextFunction, Request, Response } from "express"; -import * as jwt from "jsonwebtoken"; -import * as dotenv from "dotenv"; +import jwt from "jsonwebtoken"; +import dotenv from "dotenv"; +import { authBasicRoute } from "../endpoints/AuthPoint.js"; dotenv.config(); +//@todo this seems to be clumsy... We need some propper session handling as we'll have multiple users accessing the app declare global { namespace Express { interface Request { @@ -12,11 +14,22 @@ declare global { } } +const JWT_SECRET = process.env.JWT_SECRET; + +if (!JWT_SECRET) { + throw new Error("JWT_SECRET not defined"); +} + export const authentication = ( req: Request, res: Response, next: NextFunction ) => { + // allow unauthenticated access to auth routes + if (req.path.startsWith(authBasicRoute)) { + return next(); + } + const header = req.headers.authorization; if (!header) { return res.status(401).json({ message: "Unauthorized" });