This project is a simple example of how to use JWT Token in a clean architecture and god practices in typescript and nodejs/express
This project was created to study and practice clean architecture and god practices in typescript and nodejs/express, don't stop to learn and practice is the key to success.
Built with:
npm install# prisma migration
$ npx prisma migrate dev
# development
$ npm run devInformation migration prisma a link
# unit tests
$ npm run testClean architecture is a software design philosophy that separates the elements of a design into ring levels. An important goal of clean architecture is to provide developers with a way to organize code in such a way that it encapsulates the business logic but keeps it separate from the delivery mechanism.
The main reason to use clean architecture is to decouple the business logic from the infrastructure. This allows the business logic to be tested independently from the delivery mechanism, and also allows the delivery mechanism to be changed without affecting the business logic as long as the interface between the two remains the same.
The clean architecture is divided into four layers:
- Entities: This layer contains enterprise-wide business rules. These rules are applied to all use cases and entities in the application.
- Use cases: This layer contains application-specific business rules. These rules are applied to a specific use case.
- Interface adapters: This layer contains code that converts data from the format most convenient for the use cases and entities, to the format most convenient for some external agency such as the database or the web.
- Frameworks and drivers: This layer contains any frameworks and tools you use to build the rest of the system. This layer is where all the details go.
├── src
│ ├── aplication # Application layer (use cases)
│ │ ├── auth
│ │ │ ├── GetUserListUseCase.ts
│ │ │ ├── LoginUseCase.ts
│ │ │ ├── LogoutUseCase.ts
│ │ │ ├── RegisterUseCase.ts
│ │ │ └── types.ts
│ │ └── Users
│ │ │ ├── CreateUserUseCase.ts
│ │ │ ├── DeleteUserUseCase.ts
│ │ │ ├── GetUserListUseCase.ts
│ │ │ ├── GetUserUseCase.ts
│ │ │ └── types.ts
│ │ └── Roles
│ │ │ ├── CreateRoleUseCase.ts
│ │ │ ├── DeleteRoleUseCase.ts
│ │ │ ├── GetRoleListUseCase.ts
│ │ │ ├── GetRoleUseCase.ts
│ │ │ └── types.ts
│ ├── domain # Business rules
│ │ ├── datasources
│ │ └── dtos # Data transfer objects (DTOs)
│ │ │ ├── auth
│ │ │ ├── users
│ │ ├── entities
│ │ ├── errors
│ │ └─── repositories
│ ├── infrastructure # Frameworks, drivers, tools, etc
│ │ ├── datasources
│ │ ├── mappers
│ │ └── repositories
│ └── presentation # User interface and input adapters
│ ├── auth
│ ├── middlewares
│ ├── routes.ts
│ └─ server.ts
+--------+ +---------------+
| |--(A)------- Authorization Grant --------->| |
| | | |
| |<-(B)----------- Access Token -------------| |
| | & Refresh Token | |
| | | |
| | +----------+ | |
| |--(C)---- Access Token ---->| | | |
| | | | | |
| |<-(D)- Protected Resource --| Resource | | Authorization |
| Client | | Server | | Server |
| |--(E)---- Access Token ---->| | | |
| | | | | |
| |<-(F)- Invalid Token Error -| | | |
| | +----------+ | |
| | | |
| |--(G)----------- Refresh Token ----------->| |
| | | |
| |<-(H)----------- Access Token -------------| |
+--------+ & Optional Refresh Token +---------------+
(A) The client requests an access token by authenticating with the
authorization server and presenting an authorization grant.
(B) The authorization server authenticates the client and validates
the authorization grant, and if valid, issues an access token
and a refresh token.
(C) The client makes a protected resource request to the resource
server by presenting the access token.
(D) The resource server validates the access token, and if valid,
serves the request.
(E) Steps (C) and (D) repeat until the access token expires. If the
client knows the access token expired, it skips to step (G);
otherwise, it makes another protected resource request.
(F) Since the access token is invalid, the resource server returns
an invalid token error.
(G) The client requests a new access token by authenticating with
the authorization server and presenting the refresh token. The
client authentication requirements are based on the client type
and on the authorization server policies.
(H) The authorization server authenticates the client and validates
the refresh token, and if valid, issues a new access token (and,
optionally, a new refresh token).
- Implement clean architecture
- Implement JWT Token
- Refresher JWT Token
- Implement Bcrypt
- Implement prisma
- Implement Jest
- Implement Swagger
- Implement Docker
- Implement CI/CD
- Implement AWS
- Implement Kubernetes