add athorization to all calls except auth

bruno/recipe-backend/createUser.bru

@@ -10,10 +10,14 @@ post {
   auth: inherit
 }
 
+headers {
+  Authorization: bearcer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU2NGE5NjY0LTI2ZWYtNGMxMS1hNjIyLWU4MDI2MzczYmRkZCIsImlhdCI6MTc1ODc0MTM5MywiZXhwIjoxNzU4ODI3NzkzfQ.q33R9FfhGUIn92PTIIAmKmUnGxcLlv6om7KwiDD61Rc
+}
+
 body:json {
   {
     "userData": {
-      "userName": "test",
+      "userName": "test2",
       "email": "test@raemer.net"
     },
     "password": "test"

bruno/recipe-backend/login.bru

@@ -5,11 +5,18 @@ meta {
 }
 
 post {
-  url: http://localhost:4000/login
-  body: none
+  url: http://localhost:4000/auth/login
+  body: json
   auth: inherit
 }
 
+body:json {
+  {
+    "userName": "admin",
+    "password": "1J7HgWRZ2OfaiFgrKb1BULIXN"
+  }
+}
+
 settings {
   encodeUrl: true
 }

src/endpoints/AuthPoint.ts

@@ -9,8 +9,9 @@ import {
 } from "../errors/httpErrors.js";
 import { LoginRequestDto } from "../dtos/LoginRequestDto.js";
 
-const router = Router();
+export const  authBasicRoute = "/auth"
 
+const router = Router();
 const userRepository = new UserRepository();
 const mapper = new UserDtoEntityMapper();
 const authController = new AuthController(userRepository, mapper);

src/index.ts

@@ -2,10 +2,11 @@ import "reflect-metadata";
 import express, { NextFunction, Request, Response } from "express";
 import dotenv from "dotenv";
 import { AppDataSource } from "./data-source.js";
-import authRoutes from "./endpoints/AuthPoint.js";
+import authRoutes, { authBasicRoute } from "./endpoints/AuthPoint.js";
 import userRoutes from "./endpoints/UserPoint.js";
 // import recipeRoutes from "./endpoints/RecipePoint.js";
 import { errorHandler } from "./middleware/errorHandler.js";
+import { authentication } from "./middleware/authenticationMiddleware.js";
 
 dotenv.config();
 
@@ -15,16 +16,19 @@ app.use(errorHandler);
 
 async function startServer() {
   try {
-    // 1️⃣ Initialize database
+    // Initialize database
     await AppDataSource.initialize();
     console.log("Data Source initialized");
 
-    // Optional: run pending migrations
+    // Run pending migrations
     await AppDataSource.runMigrations();
     console.log("Migrations executed");
 
-    // 2️⃣ Setup routes
-    app.use("/auth", authRoutes);
+    // Activate Authentication
+    app.use(authentication);
+
+    // Setup routes
+    app.use(authBasicRoute, authRoutes);
     app.use("/user", userRoutes);
     // app.use("/recipe", recipeRoutes);
 
@@ -34,7 +38,7 @@ async function startServer() {
     });
     console.log("Routes set up")
 
-    // 3️⃣ Start listening
+    // Start listening
     const PORT = Number(process.env.PORT) || 4000;
     const HOST = process.env.HOST || "localhost";
 

src/middleware/authenticationMiddleware.ts

@@ -1,9 +1,11 @@
 import { NextFunction, Request, Response } from "express";
-import * as jwt from "jsonwebtoken";
-import * as dotenv from "dotenv";
+import jwt from "jsonwebtoken";
+import dotenv from "dotenv";
+import { authBasicRoute } from "../endpoints/AuthPoint.js";
 
 dotenv.config();
 
+//@todo this seems to be clumsy... We need some propper session handling as we'll have multiple users accessing the app
 declare global {
   namespace Express {
     interface Request {
@@ -12,11 +14,22 @@ declare global {
   }
 }
 
+const JWT_SECRET = process.env.JWT_SECRET;
+
+if (!JWT_SECRET) {
+  throw new Error("JWT_SECRET not defined");
+}
+
 export const authentication = (
   req: Request,
   res: Response,
   next: NextFunction
 ) => {
+   // allow unauthenticated access to auth routes
+  if (req.path.startsWith(authBasicRoute)) {
+    return next();
+  }
+
   const header = req.headers.authorization;
   if (!header) {
     return res.status(401).json({ message: "Unauthorized" });