feat: get authenticated user bb-13

apps/backend/.env.example

@@ -4,6 +4,7 @@
 NODE_ENV=development
 PORT=3001
 HOST=localhost
+JWT_SECRET_KEY=someSecretKey
 
 #
 # DATABASE

apps/backend/package.json

@@ -28,6 +28,7 @@
 		"convict": "6.2.4",
 		"dotenv": "16.4.5",
 		"fastify": "4.28.1",
+		"jose": "5.6.3",
 		"knex": "3.1.0",
 		"objection": "3.1.4",
 		"pg": "8.12.0",

apps/backend/src/libs/modules/controller/base-controller.module.ts

@@ -37,10 +37,11 @@ class BaseController implements Controller {
 	private mapRequest(
 		request: Parameters<ServerApplicationRouteParameters["handler"]>[0],
 	): APIHandlerOptions {
-		const { body, params, query } = request;
+		const { body, headers, params, query } = request;
 
 		return {
 			body,
+			headers,
 			params,
 			query,
 		};

apps/backend/src/libs/modules/controller/libs/types/api-handler-options.type.ts

@@ -1,5 +1,6 @@
 type DefaultApiHandlerOptions = {
 	body?: unknown;
+	headers?: unknown;
 	params?: unknown;
 	query?: unknown;
 };
@@ -8,6 +9,7 @@ type APIHandlerOptions<
 	T extends DefaultApiHandlerOptions = DefaultApiHandlerOptions,
 > = {
 	body: T["body"];
+	headers: T["headers"];
 	params: T["params"];
 	query: T["query"];
 };

apps/backend/src/libs/types/repository.type.ts

@@ -1,7 +1,7 @@
 type Repository<T = unknown> = {
 	create(payload: unknown): Promise<T>;
 	delete(): Promise<boolean>;
-	find(): Promise<T>;
+	find(id: number): Promise<T>;
 	findAll(): Promise<T[]>;
 	update(): Promise<T>;
 };

apps/backend/src/libs/types/service.type.ts

@@ -1,7 +1,7 @@
 type Service<T = unknown> = {
 	create(payload: unknown): Promise<T>;
 	delete(): Promise<boolean>;
-	find(): Promise<T>;
+	find(id: number): Promise<T>;
 	findAll(): Promise<{
 		items: T[];
 	}>;

apps/backend/src/modules/auth/auth.controller.ts

@@ -35,6 +35,46 @@ class AuthController extends BaseController {
 				body: userSignUpValidationSchema,
 			},
 		});
+
+		this.addRoute({
+			handler: (options) =>
+				this.getAuthenticatedUser(
+					options as APIHandlerOptions<{
+						headers: { authorization: string };
+					}>,
+				),
+			method: "GET",
+			path: AuthApiPath.AUTHENTICATED_USER,
+		});
+	}
+
+	/**
+	 * @swagger
+	 * /auth/authenticated-user:
+	 *   get:
+	 *     description: Return authenticated user object
+	 *     security:
+	 *       - bearerAuth: []
+	 *     responses:
+	 *       200:
+	 *         description: Successfull operation
+	 *         content:
+	 *           application/json:
+	 *             schema:
+	 *               type: object
+	 *               $ref: "#/components/schemas/User"
+	 */
+	private async getAuthenticatedUser(
+		options: APIHandlerOptions<{
+			headers: { authorization: string };
+		}>,
+	): Promise<APIHandlerResponse> {
+		return {
+			payload: await this.authService.getAuthenticatedUser(
+				options.headers.authorization,
+			),
+			status: HTTPCode.OK,
+		};
 	}
 
 	/**

apps/backend/src/modules/auth/auth.service.ts

@@ -1,4 +1,9 @@
+import * as jose from "jose";
+import { createSecretKey } from "node:crypto";
+import { HTTPCode, HTTPError } from "shared";
+
 import {
+	type UserGetOneResponseDto,
 	type UserSignUpRequestDto,
 	type UserSignUpResponseDto,
 } from "~/modules/users/libs/types/types.js";
@@ -11,6 +16,68 @@ class AuthService {
 		this.userService = userService;
 	}
 
+	public async getAuthenticatedUser(
+		authentication: string,
+	): Promise<UserGetOneResponseDto> {
+		try {
+			if (!authentication) {
+				throw new HTTPError({
+					cause: "No authentication token provided",
+					message: "Unauthorized",
+					status: HTTPCode.UNATHORIZED,
+				});
+			}
+			const [scheme, token] = authentication.split(" ");
+			if (scheme !== "Bearer" || !token) {
+				throw new HTTPError({
+					cause: "Invalid authentication scheme",
+					message: "Unauthorized",
+					status: HTTPCode.UNATHORIZED,
+				});
+			}
+			const secretKey = createSecretKey(
+				process.env["JWT_SECRET_KEY"] as string,
+				"utf8",
+			);
+			let payload: { id: number } | jose.JWTPayload;
+			try {
+				const verifiedToken = await jose.jwtVerify(token, secretKey);
+				payload = verifiedToken.payload;
+			} catch {
+				throw new HTTPError({
+					cause: "Invalid or expired token",
+					message: "Unauthorized",
+					status: HTTPCode.UNATHORIZED,
+				});
+			}
+			const user = await this.userService.find(payload["id"] as number);
+			if (!user) {
+				throw new HTTPError({
+					cause: "Invalid credentials",
+					message: "Unauthorized",
+					status: HTTPCode.UNATHORIZED,
+				});
+			}
+			return user;
+		} catch (error: unknown) {
+			if (error instanceof HTTPError) {
+				throw error;
+			} else if (error instanceof Error) {
+				throw new HTTPError({
+					cause: error.message,
+					message: "Internal Server Error",
+					status: HTTPCode.INTERNAL_SERVER_ERROR,
+				});
+			} else {
+				throw new HTTPError({
+					cause: "Unknown error occurred",
+					message: "Internal Server Error",
+					status: HTTPCode.INTERNAL_SERVER_ERROR,
+				});
+			}
+		}
+	}
+
 	public signUp(
 		userRequestDto: UserSignUpRequestDto,
 	): Promise<UserSignUpResponseDto> {

apps/backend/src/modules/users/libs/types/types.ts

@@ -1,5 +1,6 @@
 export {
 	type UserGetAllResponseDto,
+	type UserGetOneResponseDto,
 	type UserSignUpRequestDto,
 	type UserSignUpResponseDto,
 } from "shared";

apps/backend/src/modules/users/user.repository.ts

@@ -28,8 +28,18 @@ class UserRepository implements Repository {
 		return Promise.resolve(true);
 	}
 
-	public find(): ReturnType<Repository["find"]> {
-		return Promise.resolve(null);
+	public async find(id: number): Promise<null | UserEntity> {
+		const user = (await this.userModel
+			.query()
+			.where({
+				id,
+			})
+			.first()
+			.execute()) as null | UserModel;
+		if (!user) {
+			return null;
+		}
+		return UserEntity.initialize(user);
 	}
 
 	public async findAll(): Promise<UserEntity[]> {

apps/backend/src/modules/users/user.service.ts

@@ -4,6 +4,7 @@ import { type UserRepository } from "~/modules/users/user.repository.js";
 
 import {
 	type UserGetAllResponseDto,
+	type UserGetOneResponseDto,
 	type UserSignUpRequestDto,
 	type UserSignUpResponseDto,
 } from "./libs/types/types.js";
@@ -33,8 +34,14 @@ class UserService implements Service {
 		return Promise.resolve(true);
 	}
 
-	public find(): ReturnType<Service["find"]> {
-		return Promise.resolve(null);
+	public async find(id: number): Promise<null | UserGetOneResponseDto> {
+		const item = await this.userRepository.find(id);
+
+		if (!item) {
+			return null;
+		}
+
+		return item.toObject();
 	}
 
 	public async findAll(): Promise<UserGetAllResponseDto> {

packages/shared/src/index.ts

@@ -27,6 +27,7 @@ export { AuthApiPath } from "./modules/auth/auth.js";
 export {
 	type UserGetAllItemResponseDto,
 	type UserGetAllResponseDto,
+	type UserGetOneResponseDto,
 	UsersApiPath,
 	type UserSignUpRequestDto,
 	type UserSignUpResponseDto,

packages/shared/src/libs/modules/http/libs/enums/http-code.enum.ts

@@ -2,6 +2,7 @@ const HTTPCode = {
 	CREATED: 201,
 	INTERNAL_SERVER_ERROR: 500,
 	OK: 200,
+	UNATHORIZED: 401,
 	UNPROCESSED_ENTITY: 422,
 } as const;
 

packages/shared/src/modules/auth/libs/enums/auth-api-path.enum.ts

@@ -1,4 +1,5 @@
 const AuthApiPath = {
+	AUTHENTICATED_USER: "/authenticated-user",
 	ROOT: "/",
 	SIGN_UP: "/sign-up",
 } as const;

packages/shared/src/modules/users/libs/types/types.ts

@@ -1,4 +1,5 @@
 export { type UserGetAllItemResponseDto } from "./user-get-all-item-response-dto.type.js";
 export { type UserGetAllResponseDto } from "./user-get-all-response-dto.type.js";
+export { type UserGetOneResponseDto } from "./user-get-one-response-dto.type.js";
 export { type UserSignUpRequestDto } from "./user-sign-up-request-dto.type.js";
 export { type UserSignUpResponseDto } from "./user-sign-up-response-dto.type.js";

packages/shared/src/modules/users/libs/types/user-get-one-response-dto.type.ts

@@ -0,0 +1,6 @@
+type UserGetOneResponseDto = {
+	email: string;
+	id: number;
+};
+
+export { type UserGetOneResponseDto };

packages/shared/src/modules/users/users.ts

@@ -2,6 +2,7 @@ export { UsersApiPath } from "./libs/enums/enums.js";
 export {
 	type UserGetAllItemResponseDto,
 	type UserGetAllResponseDto,
+	type UserGetOneResponseDto,
 	type UserSignUpRequestDto,
 	type UserSignUpResponseDto,
 } from "./libs/types/types.js";