orkunbaba
diff --git a/‎README.md
+1 b/‎README.md
+1
diff --git a/‎docker-compose.yml
+6 b/‎docker-compose.yml
+6
diff --git a/‎packages/api/controllers/AuthController.js
+12 b/‎packages/api/controllers/AuthController.js
+12
diff --git a/‎packages/api/controllers/TestController.js
+3 b/‎packages/api/controllers/TestController.js
+3
diff --git a/‎packages/api/controllers/UserController.js
+36 b/‎packages/api/controllers/UserController.js
+36
diff --git a/‎packages/api/controllers/index.js
+2 b/‎packages/api/controllers/index.js
+2
diff --git a/‎packages/api/middlewares/auth.js
+26-4 b/‎packages/api/middlewares/auth.js
+26-4
diff --git a/‎packages/api/middlewares/errorHandler.js
+54-102 b/‎packages/api/middlewares/errorHandler.js
+54-102
diff --git a/‎packages/api/middlewares/index.js
+3 b/‎packages/api/middlewares/index.js
+3
diff --git a/‎packages/api/middlewares/requestHandler.js
+9 b/‎packages/api/middlewares/requestHandler.js
+9
diff --git a/‎packages/api/middlewares/routeChecker.js
+19 b/‎packages/api/middlewares/routeChecker.js
+19
@@ -10,6 +10,7 @@ Node / Express / Docker API Boilerplate
 ## API Side:
 * docker-compose up
 * http://localhost:8080/api/v1/example to test the api
+* http://localhost:8080/api/v1/docs/ to swagger interface
 * Database: Postgres. Use localhost:5433 to connect to the database from your local.
 
 ## Client Side:
 
@@ -8,6 +8,11 @@ services:
     volumes:
       - ./volumes/postgresql:/var/lib/postgresql/data
 
+  redis:
+    image: redis:5.0.3-alpine
+    ports:
+      - '6380:6379'
+
   api:
     build: .
     volumes:
@@ -20,4 +25,5 @@ services:
       - CHOKIDAR_USEPOLLING=true
     depends_on:
       - "db"
+      - "redis"
     command: ["./scripts/wait-for-it.sh", "db:5432", "--", "npm", "start"] # Wait for postgres
@@ -1,5 +1,6 @@
 
 const Joi = require('../utils/joi');
+const redis = require('../redis');
 const { User } = require('../models');
 const { LogicError } = require('../utils/errors');
 const hash = require('../utils/hash');
@@ -44,6 +45,17 @@ async function login(req, res, next) {
     if (!isPasswordMatches) throw new LogicError('username_password_wrong');
 
     const token = auth.generateToken(user.id);
+    const tokens = await redis.getAccessTokens(user.id) || {};
+
+    // if mobile device and web can access same time send Platform in header
+    const platform = req.get('Platform');
+
+    if (platform && platform === 'mobile') {
+      tokens.mobile = token;
+    } else {
+      tokens.web = token;
+    }
+    await redis.setAccessToken({ userId: user.id, tokens });
 
     return res.json({ token });
   } catch (e) {
 
@@ -3,6 +3,9 @@
 async function root(req, res, next) {
   try {
     // throw new LogicError('test_error')
+    // setTimeout(function() {
+    //   return res.json({ result: Date.now() });
+    // }, 10 * 1000);
     return res.json({ result: Date.now() });
   } catch (e) {
     // if you throw an error in the try block, it'll catch in this catch block
 
@@ -0,0 +1,36 @@
+const Joi = require('../utils/joi');
+const { User } = require('../models');
+
+
+/*
+ *
+ * USER OPERATIONS
+ *
+ */
+async function userList(req, res, next) {
+  try {
+    const { page, pageSize, search, column, order } = await Joi.validate(req.query, User.filters);
+
+    const data = await User
+      .query()
+      .modify((queryBuilder) => {
+        if (search) {
+          const term = `%${search}%`;
+          queryBuilder.where('firstname', 'like', term);
+          queryBuilder.orWhere('lastname', 'like', term);
+        }
+      })
+      .page(page, pageSize)
+      .orderBy(column, order);
+
+    return res.json(data);
+  } catch (e) {
+    console.log(e);
+    return next(e);
+  }
+}
+
+module.exports = {
+  /* USER OPERATIONS */
+  userList,
+};
@@ -1,9 +1,11 @@
 const ExampleController = require('./ExampleController');
 const AuthController = require('./AuthController');
+const UserController = require('./UserController');
 const TestController = require('./TestController');
 
 module.exports = {
   ExampleController,
   AuthController,
+  UserController,
   TestController,
 };
@@ -1,6 +1,7 @@
 const jwt = require('jsonwebtoken');
+const redis = require('../redis');
+const { AuthorizationError, ForbiddenError } = require('../utils/errors');
 const { constants } = require('../resources');
-const { AuthorizationError } = require('../utils/errors');
 // const errorHandler = require('./errorHandler');
 
 function isAuthenticated(req, res, next) {
@@ -14,18 +15,39 @@ function isAuthenticated(req, res, next) {
       if (err) return next(new AuthorizationError('token_not_valid'));
 
       req.userId = decoded.userId;
+      if (decoded.roles) req.roles = decoded.roles;
 
-      return next();
+      // if mobile device and web can access same time send Platform in header
+      const platform = req.get('Platform');
+      return redis.getAccessToken(decoded.userId, (platform || 'web'))
+        .then((redisToken) => {
+          if (token === redisToken) return next();
+          return next(new AuthorizationError('token_not_valid'));
+        })
+        .catch(() => next(new AuthorizationError('token_not_valid')));
     });
   }
   return next(new AuthorizationError('token_should_bearer'));
 }
 
-function generateToken(userId) {
-  return jwt.sign({ userId }, constants.AUTH_SECRET);
+async function isAuthorized(req, res, next) {
+  if (!req.roles) return next(new ForbiddenError('user_not_authenticated'));
+  const url = req.url.split('?').shift();
+  const routeName = url.replace(/\/\d+$/gi, '').replace(/\/([a-z])/gi, '$1');
+  const roles = await redis.getRoles(req.roles);
+  // console.log(req.originalUrl, req.url, url,  routeName, roles);
+  if (roles.map(c => c.toLowerCase()).indexOf(`${routeName.toLowerCase()}:${constants.PERMISSION[req.method]}`) === -1) {
+    return next(new ForbiddenError('user_not_authenticated'));
+  }
+  return next();
+}
+
+function generateToken(userId, roles) {
+  return jwt.sign({ userId, roles }, constants.AUTH_SECRET);
 }
 
 module.exports = {
   isAuthenticated,
+  isAuthorized,
   generateToken,
 };
@@ -1,109 +1,61 @@
+const { ValidationError: ObjectionValidationError } = require('../utils/objection');
+const { UniqueViolationError, NotNullViolationError, ForeignKeyViolationError, DataError } = require('objection-db-errors');
 const { i18n } = require('../resources');
 const {
+  LogicError,
+  BadRequestError,
   ValidationError,
-  NotFoundError
-} = require('objection');
+  ServerError,
+  AuthorizationError,
+  ForbiddenError,
+  NotFoundError,
+  TimeoutError } = require('../utils/errors');
 
-const {
-  DBError,
-  ConstraintViolationError,
-  UniqueViolationError,
-  NotNullViolationError,
-  ForeignKeyViolationError,
-  CheckViolationError,
-  DataError
-} = require('objection-db-errors');
+function generateResponse(e) {
+  switch (e.constructor) {
+    case ObjectionValidationError:
+      return new ValidationError('orm_validation', { ...e });
 
-module.exports = function errorHandler(err, req, res, next) {
-  // TODO: REFACTOR
-  // If error thrown by us
-  if (err.isJoi) {
-    return res.status(400).send({
-      message: err.message,
-      type: 'ModelValidation',
-      data: err.details
-    });
-  }
-  return handler(err, res)
-};
+    case UniqueViolationError:
+      return new LogicError('unique_violation', { message: e.detail, field: e.columns[0], constraint: e.constraint });
+
+    case NotNullViolationError:
+      return new ValidationError('field_null', { message: `${e.column} can't be null.`, field: e.column, constraint: e.constraint }); // TODO: i18n message
+
+    case ForeignKeyViolationError:
+      return new LogicError('foreign_key_violation', { message: e.detail, constraint: e.constraint });
+
+    case DataError:
+      return new BadRequestError('invalid_data', e);
+
+    case SyntaxError:
+      return new BadRequestError('json_syntax');
 
-function handler(err, res) {
-  if (err instanceof ValidationError) {
-    res.status(400).send({
-      message: err.message,
-      type: err.type,
-      data: {}
-    });
-  } else if (err instanceof NotFoundError) {
-    res.status(404).send({
-      message: err.message,
-      type: 'NotFound',
-      data: {}
-    });
-  } else if (err instanceof UniqueViolationError) {
-    res.status(409).send({
-      message: err.message,
-      type: 'UniqueViolation',
-      data: {
-        columns: err.columns,
-        table: err.table,
-        constraint: err.constraint
-      }
-    });
-  } else if (err instanceof NotNullViolationError) {
-    res.status(400).send({
-      message: err.message,
-      type: 'NotNullViolation',
-      data: {
-        column: err.column,
-        table: err.table,
-      }
-    });
-  } else if (err instanceof ForeignKeyViolationError) {
-    res.status(409).send({
-      message: err.message,
-      type: 'ForeignKeyViolation',
-      data: {
-        table: err.table,
-        constraint: err.constraint
-      }
-    });
-  } else if (err instanceof CheckViolationError) {
-    res.status(400).send({
-      message: err.message,
-      type: 'CheckViolation',
-      data: {
-        table: err.table,
-        constraint: err.constraint
-      }
-    });
-  } else if (err instanceof DataError) {
-    res.status(400).send({
-      message: err.message,
-      type: 'InvalidData',
-      data: {}
-    });
-  } else if (err instanceof DBError) {
-    res.status(500).send({
-      message: err.message,
-      type: 'UnknownDatabaseError',
-      data: {}
-    });
-  } else {
-    if (err.type) {
-      return res.status(err.status).send({
-        error: {
-          type: err.type,
-          code: err.code,
-          message: i18n.t(err.code),
-        },
-      });
-    }
-    console.log(err);// eslint-disable-line no-console
-    res.status(500).send({
-      message: err.message,
-      type: 'UnknownError',
-      data: {}
-    });
+    case NotFoundError:
+    case BadRequestError:
+    case LogicError:
+    case ValidationError:
+    case AuthorizationError:
+    case ForbiddenError:
+    case ServerError:
+      return e;
+
+    case Error:
+      if (e.isJoi) return new ValidationError('field_validation', { message: e.details[0].message, field: e.details[0].path });
+      return new ServerError('error', { message: e.message });
+
+    default:
+      if (e.code === 'ETIMEDOUT') return new TimeoutError('timeout_error', { ...e });
+      return new ServerError('unhandled_error', { errorClass: e.constructor.name, ...e });
   }
-}
+}
+
+
+function errorHandler(err, req, res, next) {
+  const { status, ...response } = generateResponse(err);
+  return res
+    .status(status)
+    .json(response);
+}
+
+module.exports = errorHandler;
@@ -1,7 +1,10 @@
 const auth = require('./auth');
 const errorHandler = require('./errorHandler');
+const routeChecker = require('./routeChecker');
+
 
 module.exports = {
   auth,
   errorHandler,
+  routeChecker,
 };
@@ -0,0 +1,9 @@
+module.exports = function requestHandler(req, res, next) { // eslint-disable-line no-unused-vars
+  if (req.body && typeof req.body === 'object') {
+    // email must be lowercase
+    if (req.body.email && typeof req.body.email === 'string') {
+      req.body.email = req.body.email.toLowerCase();
+    }
+  }
+  next();
+};
@@ -0,0 +1,19 @@
+const redis = require('../redis');
+const { NotFoundError } = require('../utils/errors');
+
+async function isExist(req, res, next) {
+  const url = `${req.originalUrl.split('?').shift()}/`;
+  const routeList = await redis.getRoutes();
+  var routes = routeList.filter((w) => w.path !== '*').filter((w) => {
+    const path = `${w.path}/`;
+    const routeMatcher = new RegExp(path.replace(/:[^\s/]+/g, '([\\d-]+)'));
+    return url.match(routeMatcher) && w.methods.includes(req.method);
+  });
+  if(routes.length == 0 )  return next(new NotFoundError('request_method_not_found'));
+  return next();
+}
+
+
+module.exports = {
+  isExist,
+};