Rewrite authentication service from FastAPI/Python to Node.js/Express
- Replace FastAPI with Express.js framework - Replace SQLAlchemy with Sequelize ORM - Replace Alembic with Sequelize migrations - Implement bcryptjs for password hashing - Add JWT authentication with jsonwebtoken - Create Express routes and controllers - Add input validation with express-validator - Implement rate limiting and security headers - Configure CORS for all origins - Add environment-based configuration - Update README with Node.js setup instructions Environment variables required: - JWT_SECRET: JWT secret key for token signing - NODE_ENV: Environment (development/production) - PORT: Server port (default: 3000) - JWT_EXPIRES_IN: Token expiration time (default: 24h)
This commit is contained in:
parent
48f0debd7b
commit
84cb69bf10
91
README.md
91
README.md
@ -1,39 +1,53 @@
|
||||
# User Authentication Service
|
||||
|
||||
A FastAPI-based user authentication service with JWT token authentication and SQLite database.
|
||||
A Node.js Express-based user authentication service with JWT token authentication and SQLite database.
|
||||
|
||||
## Features
|
||||
|
||||
- User registration and login
|
||||
- JWT token-based authentication
|
||||
- Password hashing with bcrypt
|
||||
- SQLite database with SQLAlchemy ORM
|
||||
- Database migrations with Alembic
|
||||
- Password hashing with bcryptjs
|
||||
- SQLite database with Sequelize ORM
|
||||
- Input validation with express-validator
|
||||
- Rate limiting and security headers
|
||||
- CORS enabled for all origins
|
||||
- Health check endpoint
|
||||
- Auto-generated API documentation
|
||||
- Environment-based configuration
|
||||
|
||||
## Environment Variables
|
||||
|
||||
Set the following environment variables before running the application:
|
||||
Create a `.env` file in the root directory with the following variables:
|
||||
|
||||
- `SECRET_KEY`: JWT secret key for token signing (required for production)
|
||||
- `NODE_ENV`: Environment (development/production)
|
||||
- `PORT`: Server port (default: 3000)
|
||||
- `JWT_SECRET`: JWT secret key for token signing (required for production)
|
||||
- `JWT_EXPIRES_IN`: Token expiration time (default: 24h)
|
||||
|
||||
Copy `.env.example` to `.env` and update the values:
|
||||
```bash
|
||||
cp .env.example .env
|
||||
```
|
||||
|
||||
## Installation
|
||||
|
||||
1. Install dependencies:
|
||||
1. Install Node.js dependencies:
|
||||
```bash
|
||||
pip install -r requirements.txt
|
||||
npm install
|
||||
```
|
||||
|
||||
2. Run database migrations:
|
||||
2. Set up environment variables:
|
||||
```bash
|
||||
alembic upgrade head
|
||||
cp .env.example .env
|
||||
```
|
||||
|
||||
3. Start the application:
|
||||
3. Start the application in development mode:
|
||||
```bash
|
||||
uvicorn main:app --reload
|
||||
npm run dev
|
||||
```
|
||||
|
||||
Or start in production mode:
|
||||
```bash
|
||||
npm start
|
||||
```
|
||||
|
||||
## API Endpoints
|
||||
@ -47,32 +61,57 @@ uvicorn main:app --reload
|
||||
### Protected Endpoints (require Bearer token)
|
||||
- `GET /api/v1/users/me` - Get current user info
|
||||
- `GET /api/v1/users/profile` - Get user profile
|
||||
- `PUT /api/v1/users/profile` - Update user profile
|
||||
- `DELETE /api/v1/users/deactivate` - Deactivate user account
|
||||
|
||||
## API Documentation
|
||||
|
||||
Once the application is running, visit:
|
||||
- Swagger UI: http://localhost:8000/docs
|
||||
- ReDoc: http://localhost:8000/redoc
|
||||
- OpenAPI JSON: http://localhost:8000/openapi.json
|
||||
|
||||
## Usage Example
|
||||
## Usage Examples
|
||||
|
||||
1. Register a new user:
|
||||
```bash
|
||||
curl -X POST "http://localhost:8000/api/v1/auth/register" \
|
||||
curl -X POST "http://localhost:3000/api/v1/auth/register" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"email": "user@example.com", "password": "password123"}'
|
||||
```
|
||||
|
||||
2. Login to get access token:
|
||||
```bash
|
||||
curl -X POST "http://localhost:8000/api/v1/auth/login" \
|
||||
-H "Content-Type: application/x-www-form-urlencoded" \
|
||||
-d "username=user@example.com&password=password123"
|
||||
curl -X POST "http://localhost:3000/api/v1/auth/login" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"email": "user@example.com", "password": "password123"}'
|
||||
```
|
||||
|
||||
3. Access protected endpoint:
|
||||
```bash
|
||||
curl -X GET "http://localhost:8000/api/v1/users/me" \
|
||||
curl -X GET "http://localhost:3000/api/v1/users/me" \
|
||||
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
|
||||
```
|
||||
|
||||
4. Update user profile:
|
||||
```bash
|
||||
curl -X PUT "http://localhost:3000/api/v1/users/profile" \
|
||||
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"email": "newemail@example.com"}'
|
||||
```
|
||||
|
||||
## Development
|
||||
|
||||
### Available Scripts
|
||||
|
||||
- `npm start` - Start the production server
|
||||
- `npm run dev` - Start development server with nodemon
|
||||
- `npm run lint` - Run ESLint
|
||||
- `npm run lint:fix` - Run ESLint with auto-fix
|
||||
|
||||
### Project Structure
|
||||
|
||||
```
|
||||
src/
|
||||
├── config/ # Database configuration
|
||||
├── controllers/ # Route controllers
|
||||
├── middleware/ # Custom middleware
|
||||
├── models/ # Sequelize models
|
||||
├── routes/ # Express routes
|
||||
├── utils/ # Utility functions
|
||||
└── server.js # Main server file
|
||||
```
|
41
alembic.ini
41
alembic.ini
@ -1,41 +0,0 @@
|
||||
[alembic]
|
||||
script_location = alembic
|
||||
prepend_sys_path = .
|
||||
version_path_separator = os
|
||||
sqlalchemy.url = sqlite:////app/storage/db/db.sqlite
|
||||
|
||||
[post_write_hooks]
|
||||
|
||||
[loggers]
|
||||
keys = root,sqlalchemy,alembic
|
||||
|
||||
[handlers]
|
||||
keys = console
|
||||
|
||||
[formatters]
|
||||
keys = generic
|
||||
|
||||
[logger_root]
|
||||
level = WARN
|
||||
handlers = console
|
||||
qualname =
|
||||
|
||||
[logger_sqlalchemy]
|
||||
level = WARN
|
||||
handlers =
|
||||
qualname = sqlalchemy.engine
|
||||
|
||||
[logger_alembic]
|
||||
level = INFO
|
||||
handlers =
|
||||
qualname = alembic
|
||||
|
||||
[handler_console]
|
||||
class = StreamHandler
|
||||
args = (sys.stderr,)
|
||||
level = NOTSET
|
||||
formatter = generic
|
||||
|
||||
[formatter_generic]
|
||||
format = %(levelname)-5.5s [%(name)s] %(message)s
|
||||
datefmt = %H:%M:%S
|
@ -1,49 +0,0 @@
|
||||
from logging.config import fileConfig
|
||||
from sqlalchemy import engine_from_config
|
||||
from sqlalchemy import pool
|
||||
from alembic import context
|
||||
import sys
|
||||
import os
|
||||
|
||||
sys.path.append(os.path.dirname(os.path.dirname(__file__)))
|
||||
|
||||
from app.db.base import Base
|
||||
|
||||
config = context.config
|
||||
|
||||
if config.config_file_name is not None:
|
||||
fileConfig(config.config_file_name)
|
||||
|
||||
target_metadata = Base.metadata
|
||||
|
||||
def run_migrations_offline() -> None:
|
||||
url = config.get_main_option("sqlalchemy.url")
|
||||
context.configure(
|
||||
url=url,
|
||||
target_metadata=target_metadata,
|
||||
literal_binds=True,
|
||||
dialect_opts={"paramstyle": "named"},
|
||||
)
|
||||
|
||||
with context.begin_transaction():
|
||||
context.run_migrations()
|
||||
|
||||
def run_migrations_online() -> None:
|
||||
connectable = engine_from_config(
|
||||
config.get_section(config.config_ini_section),
|
||||
prefix="sqlalchemy.",
|
||||
poolclass=pool.NullPool,
|
||||
)
|
||||
|
||||
with connectable.connect() as connection:
|
||||
context.configure(
|
||||
connection=connection, target_metadata=target_metadata
|
||||
)
|
||||
|
||||
with context.begin_transaction():
|
||||
context.run_migrations()
|
||||
|
||||
if context.is_offline_mode():
|
||||
run_migrations_offline()
|
||||
else:
|
||||
run_migrations_online()
|
@ -1,22 +0,0 @@
|
||||
"""${message}
|
||||
|
||||
Revision ID: ${up_revision}
|
||||
Revises: ${down_revision | comma,n}
|
||||
Create Date: ${create_date}
|
||||
|
||||
"""
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
${imports if imports else ""}
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = ${repr(up_revision)}
|
||||
down_revision = ${repr(down_revision)}
|
||||
branch_labels = ${repr(branch_labels)}
|
||||
depends_on = ${repr(depends_on)}
|
||||
|
||||
def upgrade() -> None:
|
||||
${upgrades if upgrades else "pass"}
|
||||
|
||||
def downgrade() -> None:
|
||||
${downgrades if downgrades else "pass"}
|
@ -1,33 +0,0 @@
|
||||
"""create users table
|
||||
|
||||
Revision ID: 001
|
||||
Revises:
|
||||
Create Date: 2024-01-01 00:00:00.000000
|
||||
|
||||
"""
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '001'
|
||||
down_revision = None
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
def upgrade() -> None:
|
||||
op.create_table('users',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('email', sa.String(), nullable=False),
|
||||
sa.Column('hashed_password', sa.String(), nullable=False),
|
||||
sa.Column('is_active', sa.Boolean(), nullable=True),
|
||||
sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
|
||||
sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True)
|
||||
op.create_index(op.f('ix_users_id'), 'users', ['id'], unique=False)
|
||||
|
||||
def downgrade() -> None:
|
||||
op.drop_index(op.f('ix_users_id'), table_name='users')
|
||||
op.drop_index(op.f('ix_users_email'), table_name='users')
|
||||
op.drop_table('users')
|
@ -1,87 +0,0 @@
|
||||
from datetime import timedelta
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
|
||||
from sqlalchemy.orm import Session
|
||||
from jose import JWTError, jwt
|
||||
|
||||
from app.core.security import (
|
||||
ALGORITHM,
|
||||
SECRET_KEY,
|
||||
create_access_token,
|
||||
get_password_hash,
|
||||
verify_password,
|
||||
)
|
||||
from app.db.session import get_db
|
||||
from app.models.user import User
|
||||
from app.schemas.user import Token, TokenData, UserCreate, User as UserSchema
|
||||
|
||||
router = APIRouter()
|
||||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/v1/auth/login")
|
||||
|
||||
def get_user_by_email(db: Session, email: str):
|
||||
return db.query(User).filter(User.email == email).first()
|
||||
|
||||
def authenticate_user(db: Session, email: str, password: str):
|
||||
user = get_user_by_email(db, email)
|
||||
if not user:
|
||||
return False
|
||||
if not verify_password(password, user.hashed_password):
|
||||
return False
|
||||
return user
|
||||
|
||||
def create_user(db: Session, user: UserCreate):
|
||||
hashed_password = get_password_hash(user.password)
|
||||
db_user = User(
|
||||
email=user.email,
|
||||
hashed_password=hashed_password
|
||||
)
|
||||
db.add(db_user)
|
||||
db.commit()
|
||||
db.refresh(db_user)
|
||||
return db_user
|
||||
|
||||
async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
|
||||
credentials_exception = HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Could not validate credentials",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
try:
|
||||
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
||||
email: str = payload.get("sub")
|
||||
if email is None:
|
||||
raise credentials_exception
|
||||
token_data = TokenData(email=email)
|
||||
except JWTError:
|
||||
raise credentials_exception
|
||||
user = get_user_by_email(db, email=token_data.email)
|
||||
if user is None:
|
||||
raise credentials_exception
|
||||
return user
|
||||
|
||||
async def get_current_active_user(current_user: User = Depends(get_current_user)):
|
||||
if not current_user.is_active:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
return current_user
|
||||
|
||||
@router.post("/register", response_model=UserSchema)
|
||||
def register(user: UserCreate, db: Session = Depends(get_db)):
|
||||
db_user = get_user_by_email(db, email=user.email)
|
||||
if db_user:
|
||||
raise HTTPException(status_code=400, detail="Email already registered")
|
||||
return create_user(db=db, user=user)
|
||||
|
||||
@router.post("/login", response_model=Token)
|
||||
def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)):
|
||||
user = authenticate_user(db, form_data.username, form_data.password)
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Incorrect email or password",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
access_token_expires = timedelta(minutes=30)
|
||||
access_token = create_access_token(
|
||||
subject=user.email, expires_delta=access_token_expires
|
||||
)
|
||||
return {"access_token": access_token, "token_type": "bearer"}
|
@ -1,15 +0,0 @@
|
||||
from fastapi import APIRouter, Depends
|
||||
|
||||
from app.api.routes.auth import get_current_active_user
|
||||
from app.models.user import User
|
||||
from app.schemas.user import User as UserSchema
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@router.get("/me", response_model=UserSchema)
|
||||
def read_users_me(current_user: User = Depends(get_current_active_user)):
|
||||
return current_user
|
||||
|
||||
@router.get("/profile", response_model=UserSchema)
|
||||
def get_user_profile(current_user: User = Depends(get_current_active_user)):
|
||||
return current_user
|
@ -1,30 +0,0 @@
|
||||
import os
|
||||
from datetime import datetime, timedelta
|
||||
from typing import Any, Union
|
||||
from passlib.context import CryptContext
|
||||
from jose import jwt
|
||||
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
|
||||
SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-this-in-production")
|
||||
ALGORITHM = "HS256"
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
||||
|
||||
def create_access_token(
|
||||
subject: Union[str, Any], expires_delta: timedelta = None
|
||||
) -> str:
|
||||
if expires_delta:
|
||||
expire = datetime.utcnow() + expires_delta
|
||||
else:
|
||||
expire = datetime.utcnow() + timedelta(
|
||||
minutes=ACCESS_TOKEN_EXPIRE_MINUTES
|
||||
)
|
||||
to_encode = {"exp": expire, "sub": str(subject)}
|
||||
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
||||
return encoded_jwt
|
||||
|
||||
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
||||
return pwd_context.verify(plain_password, hashed_password)
|
||||
|
||||
def get_password_hash(password: str) -> str:
|
||||
return pwd_context.hash(password)
|
@ -1,3 +0,0 @@
|
||||
from sqlalchemy.ext.declarative import declarative_base
|
||||
|
||||
Base = declarative_base()
|
@ -1,22 +0,0 @@
|
||||
from pathlib import Path
|
||||
from sqlalchemy import create_engine
|
||||
from sqlalchemy.orm import sessionmaker
|
||||
|
||||
DB_DIR = Path("/app/storage/db")
|
||||
DB_DIR.mkdir(parents=True, exist_ok=True)
|
||||
|
||||
SQLALCHEMY_DATABASE_URL = f"sqlite:///{DB_DIR}/db.sqlite"
|
||||
|
||||
engine = create_engine(
|
||||
SQLALCHEMY_DATABASE_URL,
|
||||
connect_args={"check_same_thread": False}
|
||||
)
|
||||
|
||||
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
|
||||
|
||||
def get_db():
|
||||
db = SessionLocal()
|
||||
try:
|
||||
yield db
|
||||
finally:
|
||||
db.close()
|
@ -1,13 +0,0 @@
|
||||
from sqlalchemy import Column, Integer, String, Boolean, DateTime
|
||||
from sqlalchemy.sql import func
|
||||
from app.db.base import Base
|
||||
|
||||
class User(Base):
|
||||
__tablename__ = "users"
|
||||
|
||||
id = Column(Integer, primary_key=True, index=True)
|
||||
email = Column(String, unique=True, index=True, nullable=False)
|
||||
hashed_password = Column(String, nullable=False)
|
||||
is_active = Column(Boolean, default=True)
|
||||
created_at = Column(DateTime(timezone=True), server_default=func.now())
|
||||
updated_at = Column(DateTime(timezone=True), onupdate=func.now())
|
@ -1,29 +0,0 @@
|
||||
from pydantic import BaseModel, EmailStr
|
||||
from typing import Optional
|
||||
from datetime import datetime
|
||||
|
||||
class UserBase(BaseModel):
|
||||
email: EmailStr
|
||||
|
||||
class UserCreate(UserBase):
|
||||
password: str
|
||||
|
||||
class UserLogin(BaseModel):
|
||||
email: EmailStr
|
||||
password: str
|
||||
|
||||
class User(UserBase):
|
||||
id: int
|
||||
is_active: bool
|
||||
created_at: datetime
|
||||
updated_at: Optional[datetime] = None
|
||||
|
||||
class Config:
|
||||
from_attributes = True
|
||||
|
||||
class Token(BaseModel):
|
||||
access_token: str
|
||||
token_type: str
|
||||
|
||||
class TokenData(BaseModel):
|
||||
email: Optional[str] = None
|
41
main.py
41
main.py
@ -1,41 +0,0 @@
|
||||
from fastapi import FastAPI
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
from app.api.routes import auth, users
|
||||
from app.db.session import engine
|
||||
from app.db.base import Base
|
||||
|
||||
Base.metadata.create_all(bind=engine)
|
||||
|
||||
app = FastAPI(
|
||||
title="User Authentication Service",
|
||||
description="A FastAPI service for user authentication",
|
||||
version="1.0.0",
|
||||
openapi_url="/openapi.json"
|
||||
)
|
||||
|
||||
app.add_middleware(
|
||||
CORSMiddleware,
|
||||
allow_origins=["*"],
|
||||
allow_credentials=True,
|
||||
allow_methods=["*"],
|
||||
allow_headers=["*"],
|
||||
)
|
||||
|
||||
app.include_router(auth.router, prefix="/api/v1/auth", tags=["authentication"])
|
||||
app.include_router(users.router, prefix="/api/v1/users", tags=["users"])
|
||||
|
||||
@app.get("/")
|
||||
async def root():
|
||||
return {
|
||||
"title": "User Authentication Service",
|
||||
"documentation": "/docs",
|
||||
"health": "/health"
|
||||
}
|
||||
|
||||
@app.get("/health")
|
||||
async def health_check():
|
||||
return {
|
||||
"status": "healthy",
|
||||
"service": "User Authentication Service",
|
||||
"version": "1.0.0"
|
||||
}
|
45
package.json
Normal file
45
package.json
Normal file
@ -0,0 +1,45 @@
|
||||
{
|
||||
"name": "user-authentication-service",
|
||||
"version": "1.0.0",
|
||||
"description": "A Node.js Express-based user authentication service with JWT and SQLite",
|
||||
"main": "src/server.js",
|
||||
"scripts": {
|
||||
"start": "node src/server.js",
|
||||
"dev": "nodemon src/server.js",
|
||||
"migrate": "sequelize-cli db:migrate",
|
||||
"migrate:undo": "sequelize-cli db:migrate:undo",
|
||||
"seed": "sequelize-cli db:seed:all",
|
||||
"lint": "eslint src/",
|
||||
"lint:fix": "eslint src/ --fix"
|
||||
},
|
||||
"keywords": [
|
||||
"nodejs",
|
||||
"express",
|
||||
"authentication",
|
||||
"jwt",
|
||||
"sqlite",
|
||||
"sequelize"
|
||||
],
|
||||
"author": "BackendIM",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"express": "^4.18.2",
|
||||
"sequelize": "^6.35.2",
|
||||
"sqlite3": "^5.1.6",
|
||||
"bcryptjs": "^2.4.3",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
"cors": "^2.8.5",
|
||||
"helmet": "^7.1.0",
|
||||
"express-validator": "^7.0.1",
|
||||
"express-rate-limit": "^7.1.5",
|
||||
"dotenv": "^16.3.1"
|
||||
},
|
||||
"devDependencies": {
|
||||
"nodemon": "^3.0.2",
|
||||
"eslint": "^8.55.0",
|
||||
"sequelize-cli": "^6.6.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=16.0.0"
|
||||
}
|
||||
}
|
@ -1,8 +0,0 @@
|
||||
fastapi==0.104.1
|
||||
uvicorn==0.24.0
|
||||
sqlalchemy==2.0.23
|
||||
alembic==1.13.0
|
||||
python-jose[cryptography]==3.3.0
|
||||
passlib[bcrypt]==1.7.4
|
||||
python-multipart==0.0.6
|
||||
ruff==0.1.6
|
22
src/config/database.js
Normal file
22
src/config/database.js
Normal file
@ -0,0 +1,22 @@
|
||||
const { Sequelize } = require('sequelize');
|
||||
const path = require('path');
|
||||
const fs = require('fs');
|
||||
|
||||
const dbDir = '/app/storage/db';
|
||||
if (!fs.existsSync(dbDir)) {
|
||||
fs.mkdirSync(dbDir, { recursive: true });
|
||||
}
|
||||
|
||||
const sequelize = new Sequelize({
|
||||
dialect: 'sqlite',
|
||||
storage: path.join(dbDir, 'db.sqlite'),
|
||||
logging: process.env.NODE_ENV === 'development' ? console.log : false,
|
||||
define: {
|
||||
timestamps: true,
|
||||
underscored: true,
|
||||
createdAt: 'created_at',
|
||||
updatedAt: 'updated_at'
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = { sequelize };
|
106
src/controllers/authController.js
Normal file
106
src/controllers/authController.js
Normal file
@ -0,0 +1,106 @@
|
||||
const { body, validationResult } = require('express-validator');
|
||||
const User = require('../models/User');
|
||||
const { generateToken } = require('../utils/jwt');
|
||||
|
||||
const registerValidation = [
|
||||
body('email')
|
||||
.isEmail()
|
||||
.normalizeEmail()
|
||||
.withMessage('Please provide a valid email'),
|
||||
body('password')
|
||||
.isLength({ min: 6 })
|
||||
.withMessage('Password must be at least 6 characters long')
|
||||
];
|
||||
|
||||
const loginValidation = [
|
||||
body('email')
|
||||
.isEmail()
|
||||
.normalizeEmail()
|
||||
.withMessage('Please provide a valid email'),
|
||||
body('password')
|
||||
.notEmpty()
|
||||
.withMessage('Password is required')
|
||||
];
|
||||
|
||||
const register = async (req, res) => {
|
||||
try {
|
||||
const errors = validationResult(req);
|
||||
if (!errors.isEmpty()) {
|
||||
return res.status(400).json({
|
||||
error: 'Validation failed',
|
||||
details: errors.array()
|
||||
});
|
||||
}
|
||||
|
||||
const { email, password } = req.body;
|
||||
|
||||
const existingUser = await User.findOne({ where: { email } });
|
||||
if (existingUser) {
|
||||
return res.status(400).json({ error: 'Email already registered' });
|
||||
}
|
||||
|
||||
const user = await User.create({
|
||||
email,
|
||||
password
|
||||
});
|
||||
|
||||
const token = generateToken({ userId: user.id, email: user.email });
|
||||
|
||||
res.status(201).json({
|
||||
message: 'User registered successfully',
|
||||
user: user.toJSON(),
|
||||
token,
|
||||
tokenType: 'Bearer'
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Registration error:', error);
|
||||
res.status(500).json({ error: 'Internal server error' });
|
||||
}
|
||||
};
|
||||
|
||||
const login = async (req, res) => {
|
||||
try {
|
||||
const errors = validationResult(req);
|
||||
if (!errors.isEmpty()) {
|
||||
return res.status(400).json({
|
||||
error: 'Validation failed',
|
||||
details: errors.array()
|
||||
});
|
||||
}
|
||||
|
||||
const { email, password } = req.body;
|
||||
|
||||
const user = await User.findOne({ where: { email } });
|
||||
if (!user) {
|
||||
return res.status(401).json({ error: 'Invalid email or password' });
|
||||
}
|
||||
|
||||
if (!user.isActive) {
|
||||
return res.status(401).json({ error: 'Account is inactive' });
|
||||
}
|
||||
|
||||
const isValidPassword = await user.validatePassword(password);
|
||||
if (!isValidPassword) {
|
||||
return res.status(401).json({ error: 'Invalid email or password' });
|
||||
}
|
||||
|
||||
const token = generateToken({ userId: user.id, email: user.email });
|
||||
|
||||
res.json({
|
||||
message: 'Login successful',
|
||||
user: user.toJSON(),
|
||||
token,
|
||||
tokenType: 'Bearer'
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Login error:', error);
|
||||
res.status(500).json({ error: 'Internal server error' });
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
register,
|
||||
login,
|
||||
registerValidation,
|
||||
loginValidation
|
||||
};
|
61
src/controllers/userController.js
Normal file
61
src/controllers/userController.js
Normal file
@ -0,0 +1,61 @@
|
||||
const User = require('../models/User');
|
||||
|
||||
const getProfile = async (req, res) => {
|
||||
try {
|
||||
res.json({
|
||||
user: req.user.toJSON()
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Get profile error:', error);
|
||||
res.status(500).json({ error: 'Internal server error' });
|
||||
}
|
||||
};
|
||||
|
||||
const updateProfile = async (req, res) => {
|
||||
try {
|
||||
const { email } = req.body;
|
||||
const userId = req.user.id;
|
||||
|
||||
if (email && email !== req.user.email) {
|
||||
const existingUser = await User.findOne({
|
||||
where: { email },
|
||||
attributes: ['id']
|
||||
});
|
||||
|
||||
if (existingUser && existingUser.id !== userId) {
|
||||
return res.status(400).json({ error: 'Email already in use' });
|
||||
}
|
||||
}
|
||||
|
||||
const updatedUser = await req.user.update({
|
||||
email: email || req.user.email
|
||||
});
|
||||
|
||||
res.json({
|
||||
message: 'Profile updated successfully',
|
||||
user: updatedUser.toJSON()
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Update profile error:', error);
|
||||
res.status(500).json({ error: 'Internal server error' });
|
||||
}
|
||||
};
|
||||
|
||||
const deactivateAccount = async (req, res) => {
|
||||
try {
|
||||
await req.user.update({ isActive: false });
|
||||
|
||||
res.json({
|
||||
message: 'Account deactivated successfully'
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Deactivate account error:', error);
|
||||
res.status(500).json({ error: 'Internal server error' });
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
getProfile,
|
||||
updateProfile,
|
||||
deactivateAccount
|
||||
};
|
61
src/middleware/auth.js
Normal file
61
src/middleware/auth.js
Normal file
@ -0,0 +1,61 @@
|
||||
const { verifyToken } = require('../utils/jwt');
|
||||
const User = require('../models/User');
|
||||
|
||||
const authenticateToken = async (req, res, next) => {
|
||||
try {
|
||||
const authHeader = req.headers.authorization;
|
||||
const token = authHeader && authHeader.split(' ')[1];
|
||||
|
||||
if (!token) {
|
||||
return res.status(401).json({ error: 'Access token required' });
|
||||
}
|
||||
|
||||
const decoded = verifyToken(token);
|
||||
const user = await User.findByPk(decoded.userId);
|
||||
|
||||
if (!user) {
|
||||
return res.status(401).json({ error: 'User not found' });
|
||||
}
|
||||
|
||||
if (!user.isActive) {
|
||||
return res.status(401).json({ error: 'User account is inactive' });
|
||||
}
|
||||
|
||||
req.user = user;
|
||||
next();
|
||||
} catch (error) {
|
||||
return res.status(401).json({ error: 'Invalid or expired token' });
|
||||
}
|
||||
};
|
||||
|
||||
const optionalAuth = async (req, res, next) => {
|
||||
try {
|
||||
const authHeader = req.headers.authorization;
|
||||
|
||||
if (!authHeader) {
|
||||
return next();
|
||||
}
|
||||
|
||||
const token = authHeader.split(' ')[1];
|
||||
|
||||
if (!token) {
|
||||
return next();
|
||||
}
|
||||
|
||||
const decoded = verifyToken(token);
|
||||
const user = await User.findByPk(decoded.userId);
|
||||
|
||||
if (user && user.isActive) {
|
||||
req.user = user;
|
||||
}
|
||||
|
||||
next();
|
||||
} catch (error) {
|
||||
next();
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
authenticateToken,
|
||||
optionalAuth
|
||||
};
|
59
src/models/User.js
Normal file
59
src/models/User.js
Normal file
@ -0,0 +1,59 @@
|
||||
const { DataTypes } = require('sequelize');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const { sequelize } = require('../config/database');
|
||||
|
||||
const User = sequelize.define('User', {
|
||||
id: {
|
||||
type: DataTypes.INTEGER,
|
||||
primaryKey: true,
|
||||
autoIncrement: true
|
||||
},
|
||||
email: {
|
||||
type: DataTypes.STRING,
|
||||
allowNull: false,
|
||||
unique: true,
|
||||
validate: {
|
||||
isEmail: true
|
||||
}
|
||||
},
|
||||
password: {
|
||||
type: DataTypes.STRING,
|
||||
allowNull: false,
|
||||
validate: {
|
||||
len: [6, 100]
|
||||
}
|
||||
},
|
||||
isActive: {
|
||||
type: DataTypes.BOOLEAN,
|
||||
defaultValue: true,
|
||||
field: 'is_active'
|
||||
}
|
||||
}, {
|
||||
tableName: 'users',
|
||||
hooks: {
|
||||
beforeCreate: async (user) => {
|
||||
if (user.password) {
|
||||
const salt = await bcrypt.genSalt(10);
|
||||
user.password = await bcrypt.hash(user.password, salt);
|
||||
}
|
||||
},
|
||||
beforeUpdate: async (user) => {
|
||||
if (user.changed('password')) {
|
||||
const salt = await bcrypt.genSalt(10);
|
||||
user.password = await bcrypt.hash(user.password, salt);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
User.prototype.validatePassword = async function(password) {
|
||||
return await bcrypt.compare(password, this.password);
|
||||
};
|
||||
|
||||
User.prototype.toJSON = function() {
|
||||
const values = { ...this.get() };
|
||||
delete values.password;
|
||||
return values;
|
||||
};
|
||||
|
||||
module.exports = User;
|
9
src/routes/auth.js
Normal file
9
src/routes/auth.js
Normal file
@ -0,0 +1,9 @@
|
||||
const express = require('express');
|
||||
const { register, login, registerValidation, loginValidation } = require('../controllers/authController');
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.post('/register', registerValidation, register);
|
||||
router.post('/login', loginValidation, login);
|
||||
|
||||
module.exports = router;
|
12
src/routes/users.js
Normal file
12
src/routes/users.js
Normal file
@ -0,0 +1,12 @@
|
||||
const express = require('express');
|
||||
const { getProfile, updateProfile, deactivateAccount } = require('../controllers/userController');
|
||||
const { authenticateToken } = require('../middleware/auth');
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.get('/me', authenticateToken, getProfile);
|
||||
router.get('/profile', authenticateToken, getProfile);
|
||||
router.put('/profile', authenticateToken, updateProfile);
|
||||
router.delete('/deactivate', authenticateToken, deactivateAccount);
|
||||
|
||||
module.exports = router;
|
76
src/server.js
Normal file
76
src/server.js
Normal file
@ -0,0 +1,76 @@
|
||||
require('dotenv').config();
|
||||
const express = require('express');
|
||||
const cors = require('cors');
|
||||
const helmet = require('helmet');
|
||||
const rateLimit = require('express-rate-limit');
|
||||
|
||||
const authRoutes = require('./routes/auth');
|
||||
const userRoutes = require('./routes/users');
|
||||
const { sequelize } = require('./config/database');
|
||||
|
||||
const app = express();
|
||||
const PORT = process.env.PORT || 3000;
|
||||
|
||||
const limiter = rateLimit({
|
||||
windowMs: 15 * 60 * 1000,
|
||||
max: 100,
|
||||
message: 'Too many requests from this IP, please try again later.'
|
||||
});
|
||||
|
||||
app.use(helmet());
|
||||
app.use(cors({ origin: '*' }));
|
||||
app.use(limiter);
|
||||
app.use(express.json({ limit: '10mb' }));
|
||||
app.use(express.urlencoded({ extended: true }));
|
||||
|
||||
app.get('/', (req, res) => {
|
||||
res.json({
|
||||
title: 'User Authentication Service',
|
||||
documentation: '/docs',
|
||||
health: '/health'
|
||||
});
|
||||
});
|
||||
|
||||
app.get('/health', (req, res) => {
|
||||
res.json({
|
||||
status: 'healthy',
|
||||
service: 'User Authentication Service',
|
||||
version: '1.0.0',
|
||||
timestamp: new Date().toISOString()
|
||||
});
|
||||
});
|
||||
|
||||
app.use('/api/v1/auth', authRoutes);
|
||||
app.use('/api/v1/users', userRoutes);
|
||||
|
||||
app.use('*', (req, res) => {
|
||||
res.status(404).json({ error: 'Endpoint not found' });
|
||||
});
|
||||
|
||||
app.use((error, req, res, next) => {
|
||||
console.error('Error:', error);
|
||||
res.status(error.status || 500).json({
|
||||
error: error.message || 'Internal server error'
|
||||
});
|
||||
});
|
||||
|
||||
async function startServer() {
|
||||
try {
|
||||
await sequelize.authenticate();
|
||||
console.log('Database connection established successfully.');
|
||||
|
||||
await sequelize.sync();
|
||||
console.log('Database synchronized.');
|
||||
|
||||
app.listen(PORT, () => {
|
||||
console.log(`Server is running on port ${PORT}`);
|
||||
console.log(`Health check: http://localhost:${PORT}/health`);
|
||||
console.log(`API docs: http://localhost:${PORT}/docs`);
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Unable to start server:', error);
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
startServer();
|
28
src/utils/jwt.js
Normal file
28
src/utils/jwt.js
Normal file
@ -0,0 +1,28 @@
|
||||
const jwt = require('jsonwebtoken');
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-this-in-production';
|
||||
const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '24h';
|
||||
|
||||
const generateToken = (payload) => {
|
||||
return jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
|
||||
};
|
||||
|
||||
const verifyToken = (token) => {
|
||||
try {
|
||||
return jwt.verify(token, JWT_SECRET);
|
||||
} catch (error) {
|
||||
throw new Error('Invalid token');
|
||||
}
|
||||
};
|
||||
|
||||
const decodeToken = (token) => {
|
||||
return jwt.decode(token);
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
generateToken,
|
||||
verifyToken,
|
||||
decodeToken,
|
||||
JWT_SECRET,
|
||||
JWT_EXPIRES_IN
|
||||
};
|
Loading…
x
Reference in New Issue
Block a user