feat: add auth, upload file (#3)

* feat: add auth, upload file

* add message when password is incorrect

Author: ayocodingit

.env.example

@@ -3,6 +3,7 @@ APP_NAME=Master File Service
 APP_ENV=local
 APP_PORT_HTTP=3000
 APP_LOG=info
+APP_SECRET=
 
 #database
 DB_HOST=127.0.0.1
@@ -12,6 +13,14 @@ DB_PASSWORD=mongo
 DB_NAME=
 DB_AUTH_SOURCE=
 
+#JWT
+JWT_ACCESS_SECRET=
+
 #File
 FILE_URL=
 
+#AWS
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_REGION=
+AWS_BUCKET=

package-lock.json

@@ -29,6 +29,7 @@
         "@types/i18n": "^0.13.6",
         "@types/jest": "^29.5.0",
         "@types/jsonwebtoken": "^9.0.1",
+        "@types/multer": "^1.4.11",
         "@types/node": "^18.11.18",
         "jest": "^29.5.0",
         "nodemon": "^2.0.20",
@@ -39,6 +40,7 @@
         "typescript": "^4.9.4"
     },
     "dependencies": {
+        "@aws-sdk/client-s3": "^3.310.0",
         "body-parser": "^1.20.1",
         "compression": "^1.7.4",
         "cors": "^2.8.5",
@@ -52,7 +54,9 @@
         "luxon": "^3.3.0",
         "mime-types": "^2.1.35",
         "mongoose": "^6.8.3",
+        "multer": "^1.4.5-lts.1",
         "redis": "^4.5.1",
+        "slugify": "^1.6.6",
         "winston": "^3.8.2"
     }
 }

package.json

@@ -6,6 +6,7 @@ export interface Config {
             http: number
         }
         log: string
+        secret: string
     }
     db: {
         host: string
@@ -25,6 +26,14 @@ export interface Config {
         ttl: number
     }
     file: {
-        url: string
+        max: number
+        type: string[]
+        uri: string
+    }
+    aws: {
+        access_key_id: string
+        secret_access_key: string
+        bucket: string
+        region: string
     }
 }

src/config/config.interface.ts

@@ -7,11 +7,22 @@ export default Joi.object({
         .default('local'),
     APP_PORT_HTTP: Joi.number().required(),
     APP_LOG: Joi.string().valid('info', 'error', 'warn').required(),
-    FILE_URL: Joi.string().uri().optional(),
+    APP_SECRET: Joi.string().required(),
+    FILE_URI: Joi.string().uri().optional(),
+    FILE_TYPE: Joi.string()
+        .optional()
+        .default('image/jpg,image/png,image/jpeg,image/svg+xml'),
+    FILE_MAX: Joi.number().optional().default(10),
     DB_HOST: Joi.string().required(),
     DB_PORT: Joi.number().required(),
     DB_USERNAME: Joi.string().required(),
     DB_PASSWORD: Joi.string().required(),
     DB_NAME: Joi.string().required(),
     DB_AUTH_SOURCE: Joi.string().optional(),
+    AWS_ACCESS_KEY_ID: Joi.string().optional(),
+    AWS_SECRET_ACCESS_KEY: Joi.string().optional(),
+    AWS_BUCKET: Joi.string().optional(),
+    AWS_REGION: Joi.string().optional(),
+    JWT_ACCESS_SECRET: Joi.string().required(),
+    JWT_ALGORITHM: Joi.string().default('HS256'),
 })

src/config/config.schema.ts

@@ -14,6 +14,7 @@ const config: Config = {
             http: env.APP_PORT_HTTP,
         },
         log: env.APP_LOG,
+        secret: env.APP_SECRET,
     },
     db: {
         host: env.DB_HOST,
@@ -33,7 +34,15 @@ const config: Config = {
         ttl: env.REDIS_TTL,
     },
     file: {
-        url: env.FILE_URL,
+        max: Number(env.FILE_MAX) * 1024 * 1024, // MB
+        type: env.FILE_TYPE.split(','),
+        uri: env.FILE_URI,
+    },
+    aws: {
+        access_key_id: env.AWS_ACCESS_KEY_ID,
+        secret_access_key: env.AWS_SECRET_ACCESS_KEY,
+        bucket: env.AWS_BUCKET,
+        region: env.AWS_REGION,
     },
 }
 

src/config/config.ts

@@ -0,0 +1 @@
+export const categories = ['logo', 'aduan']

src/database/constant/image.ts

@@ -1,5 +1,6 @@
 import { Schema } from 'mongoose'
 import Mongo from '../mongo'
+import config from '../../../config/config'
 
 const schema = new Schema(
     {
@@ -13,20 +14,15 @@ const schema = new Schema(
         },
         caption: {
             type: String,
-            default: null,
         },
         category: {
             type: String,
-            required: true,
         },
         title: {
             type: String,
-            required: true,
         },
         description: {
             type: String,
-            required: false,
-            default: null,
         },
         tags: {
             type: [String],
@@ -42,4 +38,9 @@ const schema = new Schema(
     }
 )
 
+schema.pre('save', function (next) {
+    if (this.file?.path) this.file.uri = `${config.file.uri}${this.file.path}`
+    next()
+})
+
 export default Mongo.Model('images', schema)

src/database/mongo/schemas/image.schema.ts

@@ -24,7 +24,7 @@ const run = async () => {
                 mimetype: 'image/svg+xml',
                 originalname: filename,
                 filename,
-                uri: GetFileUrl(config.file.url, path),
+                uri: GetFileUrl(config.file.uri, path),
             },
             category,
             tags: [title, category],

src/database/seeds/logo.seed.ts

@@ -0,0 +1,74 @@
+import {
+    S3Client,
+    PutObjectCommand,
+    DeleteObjectCommand,
+    DeleteObjectsCommand,
+} from '@aws-sdk/client-s3'
+import { Config } from '../config/config.interface'
+import error from '../pkg/error'
+
+class S3 {
+    private client: S3Client
+    constructor(private config: Config) {
+        this.client = new S3Client({
+            region: config.aws.region,
+            credentials: {
+                accessKeyId: config.aws.access_key_id,
+                secretAccessKey: config.aws.secret_access_key,
+            },
+        })
+    }
+
+    public async Upload(source: Buffer, path: string, ContentType: string) {
+        try {
+            const params = {
+                Bucket: this.config.aws.bucket,
+                Key: path,
+                Body: source,
+                ContentType,
+                CacheControl: 'no-cache',
+            }
+            const command = new PutObjectCommand(params)
+            const result = await this.client.send(command)
+
+            return result
+        } catch (err: any) {
+            const code = err.$metadata.httpStatusCode as number
+            throw new error(code, 'cloud storage: ' + err.message)
+        }
+    }
+
+    public async Delete(path: string) {
+        try {
+            const command = new DeleteObjectCommand({
+                Bucket: this.config.aws.bucket,
+                Key: path,
+            })
+            const result = await this.client.send(command)
+            return result
+        } catch (err: any) {
+            const code = err.$metadata.httpStatusCode as number
+            throw new error(code, 'cloud storage: ' + err.message)
+        }
+    }
+
+    public async Deletes(paths: string[]) {
+        try {
+            const command = new DeleteObjectsCommand({
+                Bucket: this.config.aws.bucket,
+                Delete: {
+                    Objects: paths.map((Key) => {
+                        return { Key }
+                    }),
+                },
+            })
+            const result = await this.client.send(command)
+            return result
+        } catch (err: any) {
+            const code = err.$metadata.httpStatusCode as number
+            throw new error(code, 'cloud storage: ' + err.message)
+        }
+    }
+}
+
+export default S3

src/external/s3.ts

@@ -0,0 +1,7 @@
+import path from 'path'
+
+export const CustomPathFile = (newPath: string, file: any) => {
+    const ext = path.extname(file.filename)
+    if (!ext) file.filename = file.filename + path.extname(file.originalname)
+    return `${newPath}/${file.filename}`
+}

src/helpers/file.ts

@@ -0,0 +1,89 @@
+import {
+    RegexWordScript,
+    RegexSubdomain,
+    RegexSanitize,
+    RegexObjectID,
+    RegexContentTypeImage,
+} from './regex'
+
+describe('RegexWordScript', () => {
+    test('should not match "script"', () => {
+        expect(RegexWordScript.test('script')).toBe(false)
+    })
+
+    test('should match valid words', () => {
+        expect(RegexWordScript.test('validWord')).toBe(true)
+        expect(RegexWordScript.test('anotherWord')).toBe(true)
+    })
+})
+
+describe('RegexSubdomain', () => {
+    test('should match valid subdomains', () => {
+        expect(RegexSubdomain.test('example')).toBe(true)
+        expect(RegexSubdomain.test('sub-domain')).toBe(true)
+        expect(RegexSubdomain.test('123')).toBe(true)
+    })
+
+    test('should not match invalid subdomains', () => {
+        expect(RegexSubdomain.test('Invalid Subdomain')).toBe(false)
+        expect(RegexSubdomain.test('sub_domain')).toBe(false)
+        expect(RegexSubdomain.test('invalid@subdomain')).toBe(false)
+    })
+})
+
+describe('RegexSanitize', () => {
+    test('should match valid sanitized strings', () => {
+        expect(RegexSanitize.test('Valid String 123,.-()\'"&')).toBe(true)
+        expect(RegexSanitize.test('Another String')).toBe(true)
+    })
+
+    test('should not match invalid sanitized strings', () => {
+        expect(RegexSanitize.test('Invalid_String@123')).toBe(false)
+        expect(RegexSanitize.test('Invalid!@#String')).toBe(false)
+    })
+})
+
+describe('RegexObjectID Test', () => {
+    test('Valid ObjectID should match the regex', () => {
+        const validObjectID = '5f63a32b49ce3c4a8c4d8d1a'
+        expect(validObjectID).toMatch(RegexObjectID)
+    })
+
+    test('Invalid ObjectID should not match the regex', () => {
+        const invalidObjectID = 'invalidObjectID'
+        expect(invalidObjectID).not.toMatch(RegexObjectID)
+    })
+
+    test('Empty string should not match the regex', () => {
+        const emptyString = ''
+        expect(emptyString).not.toMatch(RegexObjectID)
+    })
+})
+
+describe('RegexContentTypeImage', () => {
+    it('should match valid image content type', () => {
+        const validContentTypes = [
+            'image/jpeg',
+            'image/png',
+            'image/gif',
+            'image/svg+xml',
+        ]
+
+        validContentTypes.forEach((contentType) => {
+            expect(RegexContentTypeImage.test(contentType)).toBe(true)
+        })
+    })
+
+    it('should not match invalid content types', () => {
+        const invalidContentTypes = [
+            'text/plain',
+            'application/json',
+            'image',
+            '',
+        ]
+
+        invalidContentTypes.forEach((contentType) => {
+            expect(RegexContentTypeImage.test(contentType)).toBe(false)
+        })
+    })
+})

src/helpers/regex.test.ts

@@ -0,0 +1,6 @@
+export const RegexWordScript = /\b(?!script\b)\w+\b/i
+export const RegexSubdomain = /^[ a-z0-9-]+$/
+export const RegexSanitize = /^[ a-zA-Z0-9_,.()'"&\?\-/]+$/
+export const RegexObjectID = /^[0-9a-fA-F]{24}$/
+export const RegexContentTypeImage = /^image\//
+export const RegexExtensionImage = /.png|.jpg|.jpeg/i

src/helpers/regex.ts

@@ -0,0 +1,5 @@
+import slugify from 'slugify'
+
+export const getSlug = (str: string) => {
+    return slugify(str).toLowerCase()
+}

src/helpers/slug.ts

@@ -1,5 +1,6 @@
 import config from './config/config'
 import Mongo from './database/mongo/mongo'
+import Auth from './modules/auth/auth'
 import Images from './modules/images/images'
 import Logger from './pkg/logger'
 import Http from './transport/http/http'
@@ -11,6 +12,7 @@ const main = async () => {
 
     // Start Load Modules
     new Images(logger, http, config)
+    new Auth(logger, http, config)
     // End Load Modules
 
     http.Run(config.app.port.http)