feat: routes standarized and cookie parser added

Author: StivenKN

package-lock.json

@@ -1,11 +1,12 @@
 {
   "name": "user-management",
-  "version": "1.5.0",
+  "version": "2.0.0",
   "description": "Microservicio de administración de usuario con public key",
   "main": "./src/index.js",
   "type": "module",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node --env-file .env dist/index.js",
     "dev": "nodemon --env-file .env dist/index.js",
     "build": "tsc --watch"
   },
@@ -18,20 +19,21 @@
   "license": "MIT",
   "dependencies": {
     "bcrypt": "5.1.1",
+    "cookie-parser": "^1.4.6",
     "cors": "2.8.5",
+    "crypto": "^1.0.1",
     "express": "4.18.2",
     "joi": "17.10.2",
     "jsonwebtoken": "9.0.2",
-    "mysql2": "3.6.1",
-    "node-rsa": "1.1.1"
+    "mysql2": "3.6.1"
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.0",
+    "@types/cookie-parser": "^1.4.5",
     "@types/cors": "2.8.14",
     "@types/express": "4.17.17",
     "@types/jsonwebtoken": "^9.0.3",
     "@types/mysql2": "github:types/mysql2",
-    "@types/node-rsa": "^1.1.2",
     "@typescript-eslint/eslint-plugin": "6.7.2",
     "eslint": "8.50.0",
     "eslint-config-prettier": "9.0.0",

package.json

@@ -1,5 +1,6 @@
 import express, { type Request, type Application, type Response, type IRouter } from 'express'
 import cors, { type CorsOptions } from 'cors'
+import cookieParser from 'cookie-parser'
 import * as routes from './routes/routes.js'
 import { HttpStatusCode } from './enums/httpStatusCodes.enums.js'
 
@@ -16,6 +17,8 @@ app.use(cors(options))
 
 app.use(express.json())
 
+app.use(cookieParser())
+
 const appRoutes: IRouter[] = Object.values(routes)
 
 const API = '/api'

src/app.ts

@@ -1,33 +1,20 @@
 import { type Request, type Response } from 'express'
 import { httpErrorCatch } from '../errors/errorHandler.js'
-import NodeRSA from 'node-rsa'
 import { HttpStatusCode } from '../enums/httpStatusCodes.enums.js'
 import { pool } from '../config/dbconection.js'
 import { APIError } from '../errors/customErrorClasses.js'
 
-export const createPublicKey = async (_: Request, res: Response): Promise<Response> => {
+export const saveKeyToDatabase = async (req: Request, res: Response): Promise<string | Response> => {
+  const publicKey = req.headers['x-public-key']
   try {
-    const key = new NodeRSA({ b: 128 })
-    key.generateKeyPair()
-    const publicKey = key.exportKey('public').replace('-----BEGIN PUBLIC KEY-----\n', '').replace('\n-----END PUBLIC KEY-----', '').replaceAll('\n', '')
-    await saveKeyToDatabase(publicKey)
+    const [query] = await pool.query('INSERT INTO user_api_keys (user_api_key) VALUES (?)', [publicKey])
+    if (Array.isArray(query) && query.length === 0) throw new APIError('Error al almacenar la llave pública')
     return res.status(HttpStatusCode.OK).json({ key: publicKey })
   } catch (error: any) {
-    console.error(error)
     return httpErrorCatch(res, error)
   }
 }
 
-const saveKeyToDatabase = async (publicKey: string): Promise<string | boolean> => {
-  try {
-    const [query] = await pool.query('INSERT INTO user_api_keys (api_key) VALUES (?)', [publicKey])
-    if (Array.isArray(query) && query.length === 0) throw new APIError('Error al almacenar la llave pública')
-    return true
-  } catch (error) {
-    throw new APIError('Error al almacenar los datos')
-  }
-}
-
 export const checkDone = (_req: Request, res: Response): Response => {
   return res.status(HttpStatusCode.OK).json({ check: true })
 }

src/controllers/publicKey.controllers.ts

@@ -9,7 +9,7 @@ import jwt from 'jsonwebtoken'
 export const createUserByEmail = async (req: Request, res: Response): Promise<Response> => {
   const { userName, userEmail, dbNameSpace, userPassword, userRole, IDKey } = req.body as user
   try {
-    const [query] = await pool.query('INSERT INTO users (id_user_api_key, user_full_name, user_email, user_password, id_user_role_fk, db_namespace) VALUES (?, ?, ?, ?, ?, ?)', [IDKey, userName, userEmail, userPassword, userRole, dbNameSpace])
+    const [query] = await pool.query('INSERT INTO users (id_user_api_key_fk, user_full_name, user_email, user_password, id_user_role_fk, db_namespace) VALUES (?, ?, ?, ?, ?, ?)', [IDKey, userName, userEmail, userPassword, userRole, dbNameSpace])
     if (Array.isArray(query) && query.length === 0) throw new APIError('Ha ocurrido un error al ingresar los datos')
     return res.status(HttpStatusCode.OK).json({ msg: 'User created!' })
   } catch (error: any) {
@@ -20,8 +20,7 @@ export const createUserByEmail = async (req: Request, res: Response): Promise<Re
 export const getDBUsers = async (req: Request, res: Response): Promise<Response> => {
   const { IDKey, dbNameSpace } = req.query
   try {
-    const [query] = await pool.query('SELECT users.user_email, users.user_password, users.db_namespace, roles.role_name,    COUNT(*) AS total_users FROM users INNER JOIN roles ON users.id_user_role_fk = roles.id_role WHERE users.db_namespace = ? AND id_user_api_key = ? GROUP BY users.user_email, users.user_password, users.db_namespace, roles.role_name', [dbNameSpace, IDKey])
-    if (Array.isArray(query) && query.length === 0) throw new APIError('Error al buscar los usuarios')
+    const [query] = await pool.query('SELECT users.user_email, users.user_password, users.db_namespace, roles.role_name,    COUNT(*) AS total_users FROM users INNER JOIN roles ON users.id_user_role_fk = roles.id_role WHERE users.db_namespace = ? AND users.id_user_api_key_fk = ? GROUP BY users.user_email, users.user_password, users.db_namespace, roles.role_name', [dbNameSpace, IDKey])
     return res.status(HttpStatusCode.OK).json(query)
   } catch (error: any) {
     return httpErrorCatch(res, error)
@@ -36,7 +35,7 @@ export const generateToken = async (req: Request, res: Response): Promise<Respon
     const secretKey = process.env.PRIVATE_KEY ?? 'foo'
     const token = jwt.sign({ payload: { userEmail, DBPayload, userName } }, secretKey, { algorithm: 'HS256', expiresIn: expiresInTime })
     if (token === undefined) throw new APIError('Error al crear el token')
-    return res.status(HttpStatusCode.OK).json(token)
+    return res.status(HttpStatusCode.OK).cookie('jwt_token', token, { httpOnly: true, secure: true }).json('Done.')
   } catch (error: any) {
     return httpErrorCatch(res, error)
   }

src/controllers/user.controllers.ts

@@ -3,5 +3,5 @@ import { HttpStatusCode } from '../enums/httpStatusCodes.enums.js'
 import { type CustomError } from './customErrorClasses.js'
 
 export const httpErrorCatch = (res: Response, error: CustomError): Response => {
-  return res.status(HttpStatusCode.InternalServerError).json({ message: error.message, code: error.statusCode, header: error.header })
+  return res.status(HttpStatusCode.InternalServerError).json({ message: error.message ?? 'Error con la API', code: error.statusCode ?? HttpStatusCode.InternalServerError, header: error.header ?? 'Error' })
 }

src/errors/errorHandler.ts

@@ -3,6 +3,7 @@ import { pool } from '../config/dbconection.js'
 import { APIError } from '../errors/customErrorClasses.js'
 import { httpErrorCatch } from '../errors/errorHandler.js'
 import { type RowDataPacket } from 'mysql2'
+import crypto from 'crypto'
 
 export const checkPublicKey = async (req: Request<any>, res: Response, next: NextFunction): Promise<void> => {
   const publicKey = req.headers['x-public-key']
@@ -16,9 +17,19 @@ export const checkPublicKey = async (req: Request<any>, res: Response, next: Nex
   }
 }
 
+export const createPublicKey = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
+  try {
+    const publicKey = crypto.randomBytes(16).toString('hex')
+    req.headers['x-public-key'] = publicKey
+    next()
+  } catch (error: any) {
+    httpErrorCatch(res, error)
+  }
+}
+
 const getDBPublicKey = async (payload: string): Promise<void> => {
   try {
-    const [query] = await pool.query('SELECT api_key, true FROM user_api_keys WHERE api_key = ?', [payload])
+    const [query] = await pool.query('SELECT user_api_key, true FROM user_api_keys WHERE user_api_key = ?', [payload])
     if (Array.isArray(query) && query.length === 0) throw new APIError('Error al buscar la api key.')
   } catch (error: any) {
     throw new APIError(error)
@@ -28,10 +39,9 @@ const getDBPublicKey = async (payload: string): Promise<void> => {
 export const getDBIDKey = async (req: Request, _res: Response, next: NextFunction): Promise<void> => {
   const publicKey = req.headers['x-public-key']
   try {
-    const [query] = await pool.query<RowDataPacket[]>('SELECT id_user_api_key FROM user_api_keys WHERE api_key = ?', [publicKey])
+    const [query] = await pool.query<RowDataPacket[]>('SELECT id FROM user_api_keys WHERE user_api_key = ?', [publicKey])
     if (Array.isArray(query) && query.length === 0) throw new APIError('Error al traer el ID la api key.')
-    req.body.IDKey = query[0].id_user_api_key
-    req.query.IDKey = query[0].id_user_api_key
+    req.body.IDKey = query[0].id
     next()
   } catch (error: any) {
     throw new APIError(error)

src/middlewares/publicKey.middlewares.ts

@@ -1,11 +1,11 @@
 import { Router } from 'express'
-import { checkDone, createPublicKey } from '../controllers/publicKey.controllers.js'
-import { checkPublicKey } from '../middlewares/publicKey.middlewares.js'
+import { checkDone, saveKeyToDatabase } from '../controllers/publicKey.controllers.js'
+import { checkPublicKey, createPublicKey } from '../middlewares/publicKey.middlewares.js'
 
 const keyRoute: Router = Router()
 
-keyRoute.get('/check-public-key', checkPublicKey, checkDone)
+keyRoute.get('/public-key', checkPublicKey, checkDone)
 
-keyRoute.post('/create-public-key', createPublicKey)
+keyRoute.post('/public-key', createPublicKey, saveKeyToDatabase)
 
 export { keyRoute }

src/routes/publicKey.routes.ts

@@ -13,7 +13,7 @@ routes.get('/test', async (_req: Request, res: Response): Promise<void> => {
     const [testPool] = await pool.query('SELECT 1+1')
     res.status(HttpStatusCode.OK).json({ msg: testPool, status: 200, db: process.env.DB_DATABASE })
   } catch (error) {
-    res.status(HttpStatusCode.InternalServerError).json({ msg: 'Error en la consulta a la base de datos' })
+    res.status(HttpStatusCode.InternalServerError).json({ msg: 'Error en la consulta a la base de datos', error })
   }
 })
 

src/routes/routes.ts

@@ -5,9 +5,9 @@ import { createUserByEmail, generateToken, getDBUsers } from '../controllers/use
 
 const userRoute = Router()
 
-userRoute.get('/show-db-users', checkPublicKey, getDBIDKey, checkDBNameSpace, getDBUsers)
+userRoute.get('/users', checkPublicKey, getDBIDKey, checkDBNameSpace, getDBUsers)
 
-userRoute.post('/register-user/email', checkPublicKey, checkUserData, cryptUserPassword, getDBIDKey, createUserByEmail)
-userRoute.post('/login-user/email', checkPublicKey, checkLoginData, getUserPassword, comparePassword, generateToken)
+userRoute.post('/users/register', checkPublicKey, checkUserData, cryptUserPassword, getDBIDKey, createUserByEmail)
+userRoute.post('/users/login', checkPublicKey, checkLoginData, getUserPassword, comparePassword, generateToken)
 
 export { userRoute }