starter code setup

backend/typescript/.dockerignore

@@ -0,0 +1 @@
+node_modules

backend/typescript/.eslintrc.js

@@ -0,0 +1,22 @@
+module.exports = {
+  root: true,
+  parser: "@typescript-eslint/parser",
+  parserOptions: {
+    ecmaVersion: 2020,
+    project: "./tsconfig.json",
+    sourceType: "module",
+    createDefaultProgram: true,
+    tsconfigRootDir: __dirname,
+  },
+  extends: [
+    "airbnb-typescript/base",
+    "prettier",
+    "plugin:prettier/recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
+    "plugin:@typescript-eslint/recommended",
+  ],
+  rules: {
+    "prettier/prettier": ["error", { endOfLine: "auto" }],
+  },
+  ignorePatterns: ["build/*"],
+};

backend/typescript/.prettierrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+    trailingComma: "all",
+};

backend/typescript/Dockerfile

@@ -0,0 +1,15 @@
+FROM node:14.15.5-slim
+
+WORKDIR /app
+
+COPY package.json yarn.lock tsconfig.json ./
+
+# libcurl3 is required for mongodb-memory-server, which is used for testing
+RUN apt-get update && apt-get install -y libcurl3
+
+RUN yarn install
+
+COPY . ./
+
+EXPOSE 5000
+ENTRYPOINT ["yarn", "dev"]

backend/typescript/Procfile

@@ -0,0 +1 @@
+web: node migrate up && node build/server.js

backend/typescript/jest.config.ts

@@ -0,0 +1,189 @@
+/*
+ * For a detailed explanation regarding each configuration property and type check, visit:
+ * https://jestjs.io/docs/configuration
+ */
+
+export default {
+  // All imported modules in your tests should be mocked automatically
+  // automock: false,
+
+  // Stop running tests after `n` failures
+  // bail: 0,
+
+  // The directory where Jest should store its cached dependency information
+  // cacheDirectory: "/private/var/folders/k2/ck3w088577zd4cwb6ctnwh8w0000gn/T/jest_dx",
+
+  // Automatically clear mock calls and instances between every test
+  clearMocks: true,
+
+  // Indicates whether the coverage information should be collected while executing the test
+  collectCoverage: false,
+
+  // An array of glob patterns indicating a set of files for which coverage information should be collected
+  // collectCoverageFrom: undefined,
+
+  // The directory where Jest should output its coverage files
+  // coverageDirectory: "coverage",
+
+  // An array of regexp pattern strings used to skip coverage collection
+  // coveragePathIgnorePatterns: [
+  //   "/node_modules/"
+  // ],
+
+  // Indicates which provider should be used to instrument code for coverage
+  // coverageProvider: "babel",
+
+  // A list of reporter names that Jest uses when writing coverage reports
+  // coverageReporters: [
+  //   "json",
+  //   "text",
+  //   "lcov",
+  //   "clover"
+  // ],
+
+  // An object that configures minimum threshold enforcement for coverage results
+  // coverageThreshold: undefined,
+
+  // A path to a custom dependency extractor
+  // dependencyExtractor: undefined,
+
+  // Make calling deprecated APIs throw helpful error messages
+  // errorOnDeprecated: false,
+
+  // Force coverage collection from ignored files using an array of glob patterns
+  // forceCoverageMatch: [],
+
+  // A path to a module which exports an async function that is triggered once before all test suites
+  // globalSetup: undefined,
+
+  // A path to a module which exports an async function that is triggered once after all test suites
+  // globalTeardown: undefined,
+
+  // A set of global variables that need to be available in all test environments
+  // globals: {},
+
+  // The maximum amount of workers used to run your tests. Can be specified as % or a number. E.g. maxWorkers: 10% will use 10% of your CPU amount + 1 as the maximum worker number. maxWorkers: 2 will use a maximum of 2 workers.
+  // maxWorkers: "50%",
+
+  // An array of directory names to be searched recursively up from the requiring module's location
+  // moduleDirectories: [
+  //   "node_modules"
+  // ],
+
+  // An array of file extensions your modules use
+  // moduleFileExtensions: [
+  //   "js",
+  //   "jsx",
+  //   "ts",
+  //   "tsx",
+  //   "json",
+  //   "node"
+  // ],
+
+  // A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
+  // moduleNameMapper: {},
+
+  // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
+  // modulePathIgnorePatterns: [],
+
+  // Activates notifications for test results
+  // notify: false,
+
+  // An enum that specifies notification mode. Requires { notify: true }
+  // notifyMode: "failure-change",
+
+  // A preset that is used as a base for Jest's configuration
+  // preset: undefined,
+
+  // Run tests from one or more projects
+  // projects: undefined,
+
+  // Use this configuration option to add custom reporters to Jest
+  // reporters: undefined,
+
+  // Automatically reset mock state between every test
+  // resetMocks: false,
+
+  // Reset the module registry before running each individual test
+  // resetModules: false,
+
+  // A path to a custom resolver
+  // resolver: undefined,
+
+  // Automatically restore mock state between every test
+  // restoreMocks: false,
+
+  // The root directory that Jest should scan for tests and modules within
+  rootDir: "./",
+
+  // A list of paths to directories that Jest should use to search for files in
+  // roots: ["services"],
+
+  // Allows you to use a custom runner instead of Jest's default test runner
+  // runner: "jest-runner",
+
+  // The paths to modules that run some code to configure or set up the testing environment before each test
+  // setupFiles: ["./testUtils/setup.ts"],
+
+  // A list of paths to modules that run some code to configure or set up the testing framework before each test
+  // setupFilesAfterEnv: [],
+
+  // The number of seconds after which a test is considered as slow and reported as such in the results.
+  // slowTestThreshold: 5,
+
+  // A list of paths to snapshot serializer modules Jest should use for snapshot testing
+  // snapshotSerializers: [],
+
+  // The test environment that will be used for testing
+  testEnvironment: "node",
+
+  // Options that will be passed to the testEnvironment
+  // testEnvironmentOptions: {},
+
+  // Adds a location field to test results
+  // testLocationInResults: false,
+
+  // The glob patterns Jest uses to detect test files
+  testMatch: ["**/__tests__/**/*.[jt]s?(x)", "**/?(*.)+(spec|test).[tj]s?(x)"],
+
+  // An array of regexp pattern strings that are matched against all test paths, matched tests are skipped
+  testPathIgnorePatterns: ["/build/", "/node_modules/"],
+
+  // The regexp pattern or array of patterns that Jest uses to detect test files
+  // testRegex: [],
+
+  // This option allows the use of a custom results processor
+  // testResultsProcessor: undefined,
+
+  // This option allows use of a custom test runner
+  // testRunner: "jest-circus/runner",
+
+  // This option sets the URL for the jsdom environment. It is reflected in properties such as location.href
+  // testURL: "http://localhost",
+
+  // Setting this value to "fake" allows the use of fake timers for functions such as "setTimeout"
+  // timers: "real",
+
+  // A map from regular expressions to paths to transformers
+  transform: {
+    "^.+\\.(ts|tsx)$": "ts-jest",
+  },
+
+  // An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation
+  // transformIgnorePatterns: [
+  //   "/node_modules/",
+  //   "\\.pnp\\.[^\\/]+$"
+  // ],
+
+  // An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them
+  // unmockedModulePathPatterns: undefined,
+
+  // Indicates whether each individual test should be reported during the run
+  // verbose: undefined,
+
+  // An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode
+  // watchPathIgnorePatterns: [],
+
+  // Whether to use watchman for file crawling
+  // watchman: true,
+};

backend/typescript/middlewares/auth.ts

@@ -0,0 +1,78 @@
+import { NextFunction, Request, Response } from "express";
+
+import AuthService from "../services/implementations/authService";
+import UserService from "../services/implementations/userService";
+import IAuthService from "../services/interfaces/authService";
+import { Role } from "../types";
+
+const authService: IAuthService = new AuthService(new UserService());
+
+export const getAccessToken = (req: Request): string | null => {
+  const authHeaderParts = req.headers.authorization?.split(" ");
+  if (
+    authHeaderParts &&
+    authHeaderParts.length >= 2 &&
+    authHeaderParts[0].toLowerCase() === "bearer"
+  ) {
+    return authHeaderParts[1];
+  }
+  return null;
+};
+
+/* Determine if request is authorized based on accessToken validity and role of client */
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
+export const isAuthorizedByRole = (roles: Set<Role>) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    const accessToken = getAccessToken(req);
+    const authorized =
+      accessToken && (await authService.isAuthorizedByRole(accessToken, roles));
+    if (!authorized) {
+      return res
+        .status(401)
+        .json({ error: "You are not authorized to make this request." });
+    }
+    return next();
+  };
+};
+
+/* Determine if request for a user-specific resource is authorized based on accessToken
+ * validity and if the userId that the token was issued to matches the requested userId
+ * Note: userIdField is the name of the request parameter containing the requested userId */
+export const isAuthorizedByUserId = (userIdField: string) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    const accessToken = getAccessToken(req);
+    const authorized =
+      accessToken &&
+      (await authService.isAuthorizedByUserId(
+        accessToken,
+        req.params[userIdField],
+      ));
+    if (!authorized) {
+      return res
+        .status(401)
+        .json({ error: "You are not authorized to make this request." });
+    }
+    return next();
+  };
+};
+
+/* Determine if request for a user-specific resource is authorized based on accessToken
+ * validity and if the email that the token was issued to matches the requested email
+ * Note: emailField is the name of the request parameter containing the requested email */
+export const isAuthorizedByEmail = (emailField: string) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    const accessToken = getAccessToken(req);
+    const authorized =
+      accessToken &&
+      (await authService.isAuthorizedByEmail(
+        accessToken,
+        req.params[emailField],
+      ));
+    if (!authorized) {
+      return res
+        .status(401)
+        .json({ error: "You are not authorized to make this request." });
+    }
+    return next();
+  };
+};

backend/typescript/middlewares/validators/authValidators.ts

@@ -0,0 +1,45 @@
+import { Request, Response, NextFunction } from "express";
+import { getApiValidationError, validatePrimitive } from "./util";
+
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
+/* eslint-disable-next-line import/prefer-default-export */
+export const loginRequestValidator = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) => {
+  if (req.body.idToken) {
+    if (!validatePrimitive(req.body.idToken, "string")) {
+      return res.status(400).json(getApiValidationError("idToken", "string"));
+    }
+  } else {
+    if (!validatePrimitive(req.body.email, "string")) {
+      return res.status(400).send(getApiValidationError("email", "string"));
+    }
+    if (!validatePrimitive(req.body.password, "string")) {
+      return res.status(400).send(getApiValidationError("password", "string"));
+    }
+  }
+  return next();
+};
+
+export const registerRequestValidator = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) => {
+  if (!validatePrimitive(req.body.firstName, "string")) {
+    return res.status(400).send(getApiValidationError("firstName", "string"));
+  }
+  if (!validatePrimitive(req.body.lastName, "string")) {
+    return res.status(400).send(getApiValidationError("lastName", "string"));
+  }
+  if (!validatePrimitive(req.body.email, "string")) {
+    return res.status(400).send(getApiValidationError("email", "string"));
+  }
+  if (!validatePrimitive(req.body.password, "string")) {
+    return res.status(400).send(getApiValidationError("password", "string"));
+  }
+
+  return next();
+};