add athorization to all calls except auth

2025-09-24 21:24:20 +02:00 · 2025-09-24 21:24:20 +02:00 · 5dd79374c1
commit 5dd79374c1
parent 8fb48f7243
5 changed files with 41 additions and 12 deletions
--- a/bruno/recipe-backend/createUser.bru
+++ b/bruno/recipe-backend/createUser.bru
@ -10,10 +10,14 @@ post {
  auth: inherit
 }
 headers {
  Authorization: bearcer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU2NGE5NjY0LTI2ZWYtNGMxMS1hNjIyLWU4MDI2MzczYmRkZCIsImlhdCI6MTc1ODc0MTM5MywiZXhwIjoxNzU4ODI3NzkzfQ.q33R9FfhGUIn92PTIIAmKmUnGxcLlv6om7KwiDD61Rc
 }
 body:json {
  {
    "userData": {
-      "userName": "test",
+      "userName": "test2",
      "email": "test@raemer.net"
    },
    "password": "test"
--- a/bruno/recipe-backend/login.bru
+++ b/bruno/recipe-backend/login.bru
@ -5,11 +5,18 @@ meta {
 }
 post {
-  url: http://localhost:4000/login
+  url: http://localhost:4000/auth/login
-  body: none
+  body: json
  auth: inherit
 }
 body:json {
  {
    "userName": "admin",
    "password": "1J7HgWRZ2OfaiFgrKb1BULIXN"
  }
 }
 settings {
  encodeUrl: true
 }
--- a/src/endpoints/AuthPoint.ts
+++ b/src/endpoints/AuthPoint.ts
@ -9,8 +9,9 @@ import {
 } from "../errors/httpErrors.js";
 import { LoginRequestDto } from "../dtos/LoginRequestDto.js";
-const router = Router();
+export const  authBasicRoute = "/auth"
 const router = Router();
 const userRepository = new UserRepository();
 const mapper = new UserDtoEntityMapper();
 const authController = new AuthController(userRepository, mapper);
--- a/src/index.ts
+++ b/src/index.ts
@ -2,10 +2,11 @@ import "reflect-metadata";
 import express, { NextFunction, Request, Response } from "express";
 import dotenv from "dotenv";
 import { AppDataSource } from "./data-source.js";
-import authRoutes from "./endpoints/AuthPoint.js";
+import authRoutes, { authBasicRoute } from "./endpoints/AuthPoint.js";
 import userRoutes from "./endpoints/UserPoint.js";
 // import recipeRoutes from "./endpoints/RecipePoint.js";
 import { errorHandler } from "./middleware/errorHandler.js";
 import { authentication } from "./middleware/authenticationMiddleware.js";
 dotenv.config();
@ -15,16 +16,19 @@ app.use(errorHandler);
 async function startServer() {
  try {
-    // 1️⃣ Initialize database
+    // Initialize database
    await AppDataSource.initialize();
    console.log("Data Source initialized");
-    // Optional: run pending migrations
+    // Run pending migrations
    await AppDataSource.runMigrations();
    console.log("Migrations executed");
-    // 2️⃣ Setup routes
+    // Activate Authentication
-    app.use("/auth", authRoutes);
+    app.use(authentication);
    // Setup routes
    app.use(authBasicRoute, authRoutes);
    app.use("/user", userRoutes);
    // app.use("/recipe", recipeRoutes);
@ -34,7 +38,7 @@ async function startServer() {
    });
    console.log("Routes set up")
-    // 3️⃣ Start listening
+    // Start listening
    const PORT = Number(process.env.PORT) || 4000;
    const HOST = process.env.HOST || "localhost";
--- a/src/middleware/authenticationMiddleware.ts
+++ b/src/middleware/authenticationMiddleware.ts
@ -1,9 +1,11 @@
 import { NextFunction, Request, Response } from "express";
-import * as jwt from "jsonwebtoken";
+import jwt from "jsonwebtoken";
-import * as dotenv from "dotenv";
+import dotenv from "dotenv";
 import { authBasicRoute } from "../endpoints/AuthPoint.js";
 dotenv.config();
 //@todo this seems to be clumsy... We need some propper session handling as we'll have multiple users accessing the app
 declare global {
  namespace Express {
    interface Request {
@ -12,11 +14,22 @@ declare global {
  }
 }
 const JWT_SECRET = process.env.JWT_SECRET;
 if (!JWT_SECRET) {
  throw new Error("JWT_SECRET not defined");
 }
 export const authentication = (
  req: Request,
  res: Response,
  next: NextFunction
 ) => {
   // allow unauthenticated access to auth routes
  if (req.path.startsWith(authBasicRoute)) {
    return next();
  }
  const header = req.headers.authorization;
  if (!header) {
    return res.status(401).json({ message: "Unauthorized" });