feat: user auth

.env

@@ -3,3 +3,4 @@ POSTGRES_PASSWORD=postgres
 POSTGRES_DB=medium
 POSTGRES_HOST=0.0.0.0
 POSTGRES_PORT=5432
+JWT_SECRET=supersecretkey

.vscode/settings.json

@@ -1,3 +1,6 @@
 {
-  "editor.tabSize": 2
+  "editor.tabSize": 2,
+  "[javascript]": {
+    "editor.defaultFormatter": "biomejs.biome"
+  }
 }

db/config.ts

@@ -1,18 +1,18 @@
 import type { Config } from 'drizzle-kit';
 export const dbCredentials = {
-  host: process.env.POSTGRES_HOST || '0.0.0.0',
-  port: parseInt(process.env.POSTGRES_PORT || '5432'),
-  user: process.env.POSTGRES_USER || 'postgres',
-  password: process.env.POSTGRES_PASSWORD || 'postgres',
-  database: process.env.POSTGRES_DB || 'medium',
-};
+    host: Bun.env.POSTGRES_HOST || "0.0.0.0",
+    port: parseInt(Bun.env.POSTGRES_PORT || '5432'),
+    user: Bun.env.POSTGRES_USER || "postgres",
+    password: Bun.env.POSTGRES_PASSWORD || "postgres",
+    database: Bun.env.POSTGRES_DB || "medium"
+}
 
 export const dbCredentialsString = `postgres://${dbCredentials.user}:${dbCredentials.password}@${dbCredentials.host}:${dbCredentials.port}/${dbCredentials.database}`;
 
 export default {
-  out: './src/db/migrations',
-  schema: '**/*.schema.ts',
-  breakpoints: false,
-  driver: 'pg',
-  dbCredentials,
+    out: "./migrations",
+    schema: "**/*.schema.ts",
+    breakpoints: false,
+    driver: "pg",
+    dbCredentials
 } satisfies Config;

db/migrations/0000_bored_warstar.sql → db/migrations/0000_perpetual_blazing_skull.sql

@@ -1,10 +1,11 @@
 CREATE TABLE IF NOT EXISTS "users" (
 	"id" serial PRIMARY KEY NOT NULL,
 	"email" text NOT NULL,
-	"bio" text NOT NULL,
-	"image" text NOT NULL,
+	"bio" text,
+	"image" text,
 	"password" text NOT NULL,
 	"username" text NOT NULL,
 	"created_at" date DEFAULT CURRENT_DATE,
-	"updated_at" date DEFAULT CURRENT_DATE
+	"updated_at" date DEFAULT CURRENT_DATE,
+	CONSTRAINT "users_email_unique" UNIQUE("email")
 );

db/migrations/meta/0000_snapshot.json

@@ -1,7 +1,7 @@
 {
   "version": "5",
   "dialect": "pg",
-  "id": "86aed854-dd08-4bcd-8138-412a71492c24",
+  "id": "8ed456d0-e522-4f1a-a07e-a19b3cd900bc",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "tables": {
     "users": {
@@ -24,13 +24,13 @@
           "name": "bio",
           "type": "text",
           "primaryKey": false,
-          "notNull": true
+          "notNull": false
         },
         "image": {
           "name": "image",
           "type": "text",
           "primaryKey": false,
-          "notNull": true
+          "notNull": false
         },
         "password": {
           "name": "password",
@@ -62,7 +62,15 @@
       "indexes": {},
       "foreignKeys": {},
       "compositePrimaryKeys": {},
-      "uniqueConstraints": {}
+      "uniqueConstraints": {
+        "users_email_unique": {
+          "name": "users_email_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "email"
+          ]
+        }
+      }
     }
   },
   "enums": {},

db/migrations/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "5",
-      "when": 1695584965813,
-      "tag": "0000_bored_warstar",
+      "when": 1695849229878,
+      "tag": "0000_perpetual_blazing_skull",
       "breakpoints": false
     }
   ]

package.json

@@ -21,6 +21,7 @@
     "prepare": "husky install"
   },
   "dependencies": {
+    "@elysiajs/jwt": "^0.7.0",
     "@elysiajs/swagger": "^0.7.3",
     "drizzle-orm": "^0.28.6",
     "drizzle-typebox": "^0.1.1",

src/app.module.ts

@@ -1,19 +1,53 @@
-import { Elysia } from 'elysia';
-import { swagger } from '@elysiajs/swagger';
-import { usersPlugin } from '@users/users.plugin';
-import { title, version, description } from '../package.json';
+import { Elysia } from "elysia";
+import { swagger } from "@elysiajs/swagger";
+import { jwt } from "@elysiajs/jwt";
+import { title, version, description } from "../package.json";
+import { usersPlugin } from "@/users/users.plugin";
+import { AuthenticationError, AuthorizationError } from "@/errors";
+import { ALG } from "@/auth";
+import { env } from "@/config";
+
+// the file name is in the spirit of NestJS, where app module is the device in charge of putting together all the pieces of the app
+// see: https://docs.nestjs.com/modules
+
 
 /**
  * Add all plugins to the app
  */
 export const setupApp = () => {
   return new Elysia()
+    .error({
+      AUTHENTICATION: AuthenticationError,
+      AUTHORIZATION: AuthorizationError,
+    })
+    .onError(({ error, code, set }) => {
+      // Handle Elysia schema validation errors
+      switch (code) {
+        case "VALIDATION":
+          set.status = 422;
+        case "NOT_FOUND":
+          set.status = 404;
+        case "AUTHENTICATION":
+          set.status = 401;
+        case "AUTHORIZATION":
+          set.status = 403;
+      }
+      const errorType = "type" in error ? error.type : "internal";
+      return { errors: { [errorType]: error.message } };
+    })
     .use(
       swagger({
         documentation: {
           info: { title, version, description },
         },
       }),
     )
-    .group('/api', (app) => app.use(usersPlugin));
+    .use(
+      jwt({
+        name: "jwt",
+        secret: env.JWT_SECRET,
+        alg: ALG,
+      })
+    )
+    .group("/api", (app) => app.use(usersPlugin));
 };

src/auth.ts

@@ -0,0 +1,54 @@
+import * as jose from 'jose';
+import { UserInDb } from '@/users/users.schema';
+import { env } from '@/config';
+import { AuthenticationError } from '@/errors';
+
+export const ALG = 'HS256';
+
+export async function generateToken(user: UserInDb) {
+  const encoder = new TextEncoder();
+  const secret = encoder.encode(env.JWT_SECRET);
+
+  return await new jose.SignJWT({
+    user: { id: user.id, email: user.email, username: user.username },
+  })
+    .setProtectedHeader({ alg: ALG })
+    .setIssuedAt()
+    .setIssuer('agnyz')
+    .setAudience(user.email)
+    .setExpirationTime('24h')
+    .sign(secret);
+}
+
+// TODO: add typing
+export const getUserFromHeaders = async ({
+  jwt,
+  request: { headers },
+}: // biome-ignore lint/suspicious/noExplicitAny: <explanation>
+any) => {
+  const rawHeader = headers.get('Authorization');
+  if (!rawHeader) throw new AuthenticationError('Missing authorization header');
+
+  const tokenParts = rawHeader?.split(' ');
+  const tokenType = tokenParts?.[0];
+  if (tokenType !== 'Token')
+    throw new AuthenticationError(
+      "Invalid token type. Expected header format: 'Token jwt'",
+    );
+
+  const token = tokenParts?.[1];
+  const validatedToken = await jwt.verify(token);
+  if (!validatedToken) throw new AuthenticationError('Invalid token');
+  return validatedToken;
+};
+
+// biome-ignore lint/suspicious/noExplicitAny: <explanation>
+export const requireLogin = async ({ jwt, request }: any) => {
+  await getUserFromHeaders({ jwt, request });
+};
+
+// biome-ignore lint/suspicious/noExplicitAny: <explanation>
+export const getUserEmailFromHeader = async ({ jwt, request }: any) => {
+  const user = await getUserFromHeaders({ jwt, request });
+  return user.user.email;
+};

src/config.ts

@@ -0,0 +1,14 @@
+import { Type } from "@sinclair/typebox";
+import { Value } from "@sinclair/typebox/value";
+
+const envSchema = Type.Object({
+  POSTGRES_DB: Type.String(),
+  POSTGRES_USER: Type.String(),
+  POSTGRES_PASSWORD: Type.String(),
+  POSTGRES_HOST: Type.String(),
+  POSTGRES_PORT: Type.String(),
+  JWT_SECRET: Type.String(),
+})
+// TODO: this is ugly, find a better way to do this
+if (!Value.Check(envSchema, Bun.env)) throw new Error("Invalid env variables");
+export const env = Value.Cast(envSchema, Bun.env);

src/errors.ts

@@ -0,0 +1,15 @@
+export class AuthenticationError extends Error {
+  public status = 401;
+  public type = "authentication";
+  constructor(public message: string) {
+    super(message);
+  }
+}
+
+export class AuthorizationError extends Error {
+  public status = 403;
+  public type = "authorization";
+  constructor(public message: string) {
+    super(message);
+  }
+}

src/main.ts

@@ -1,5 +1,13 @@
-import { setupApp } from '@/app.module';
-import { Elysia } from 'elysia';
+import { Elysia } from "elysia";
+import { drizzle } from "drizzle-orm/postgres-js";
+import { migrate } from "drizzle-orm/postgres-js/migrator";
+import { setupApp } from "@/app.module";
+import { migrationsClient } from "@/database.providers";
+
+
+await migrate(drizzle(migrationsClient), {
+  migrationsFolder: `${import.meta.dir}/../db/migrations`,
+});
 
 const app = new Elysia({ prefix: '/api' }).use(setupApp).listen(3000);
 

src/users/users.plugin.ts

@@ -1,15 +1,50 @@
-import { Elysia } from 'elysia';
-import { setupUsers } from '@/users/users.module';
+import { Elysia } from "elysia";
+import { setupUsers } from "@/users/users.module";
+import {
+  InsertUserSchema,
+  UserAuthSchema,
+  UserLoginSchema,
+} from "@/users/users.schema";
+import { ALG, getUserEmailFromHeader, requireLogin } from "@/auth";
+import { jwt } from "@elysiajs/jwt";
+import { env } from "@/config";
 
-export const usersPlugin = new Elysia().use(setupUsers).group(
-  '/users',
-  {
-    detail: {
-      tags: ['Users'],
-    },
-  },
-  (app) =>
+export const usersPlugin = new Elysia()
+  .use(setupUsers)
+  .group("/users", (app) =>
     app
-      .post('', ({ store }) => store.usersService.findAll())
-      .post('/login', ({ store }) => store.usersService.findAll()),
-);
+      .post("", ({ body, store }) => store.usersService.createUser(body.user), {
+        body: InsertUserSchema,
+        response: UserAuthSchema,
+      })
+      .post(
+        "/login",
+        ({ body, store }) =>
+          store.usersService.loginUser(body.user.email, body.user.password),
+        {
+          body: UserLoginSchema,
+          response: UserAuthSchema,
+        }
+      )
+  )
+  .group("/user", (app) =>
+    app
+      .use(
+        jwt({
+          name: "jwt",
+          secret: env.JWT_SECRET,
+          alg: ALG,
+        })
+      )
+      .get(
+        "",
+        async ({ jwt, request, store }) =>
+          store.usersService.findByEmail(
+            await getUserEmailFromHeader({ jwt, request })
+          ),
+        {
+          beforeHandle: requireLogin,
+          response: UserAuthSchema,
+        }
+      )
+  );