Merge pull request #9 from polijrorg/feat/forgot-password

feat: validate token
polijrorg · Aug 9, 2024 · 6ffeacf · 6ffeacf
2 parents a980beb + 0ce4af9
commit 6ffeacf
Show file tree

Hide file tree

Showing 6 changed files with 353 additions and 436 deletions.
diff --git a/docs/insomnia.json b/docs/insomnia.json
diff --git a/package.json b/package.json
@@ -50,7 +50,7 @@
     "express": "^4.17.1",
     "express-async-errors": "^3.1.1",
     "handlebars": "^4.7.7",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.2",
     "nodemailer": "^6.4.18",
     "openapi-types": "^10.0.0",
     "pg": "^8.5.1",

diff --git a/src/modules/users/infra/http/controller/UsersController.ts b/src/modules/users/infra/http/controller/UsersController.ts
@@ -30,44 +30,49 @@ export default class UserController {
       phone,
     });
 
-    user.password = '###';
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+      pin: undefined,
+      pinExpires: undefined,
+    });
   }
 
   public async readAll(req: Request, res: Response): Promise<Response> {
 
     const readUsers = container.resolve(ReadAllUsersService);
 
     const users = await readUsers.execute();
-
-    if(users) {
-        users.forEach(user => {
-        user.password = '###';
-      });
-    }
 
-    return res.status(201).json(users);
+    return res.status(201).json(users?.map(user => {
+      return {
+        ...user,
+        password: undefined,
+        pin: undefined,
+        pinExpires: undefined,
+      };
+    }));
   }
 
   public async readById(req: Request, res: Response): Promise<Response> {
-    const { id } = req.params;
-
+    const { id } = req.token;
+    
     const readUser = container.resolve(ReadUserByIdService);
 
     const user = await readUser.execute({
       id,
     });
 
-    if(user){
-      user.password = '###';
-    }
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+      pin: undefined,
+      pinExpires: undefined,
+    });
   }
 
   public async update(req: Request, res: Response): Promise<Response> {
-    const { id } = req.params;
+    const { id } = req.token;
 
     const {
       name,
@@ -88,23 +93,29 @@ export default class UserController {
       phone,
     });
 
-    user.password = '###';
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+      pin: undefined,
+      pinExpires: undefined,
+    });
   }
 
   public async delete(req: Request, res: Response): Promise<Response> {
-    const { id } = req.params;
+    const { id } = req.token;
 
     const deleteUser = container.resolve(DeleteUserService);
 
     const user = await deleteUser.execute({
       id,
     });
 
-    user.password = '###';
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+      pin: undefined,
+      pinExpires: undefined,
+    });
   }
 
   public async sendPin(req: Request, res: Response): Promise<Response> {

diff --git a/src/modules/users/infra/http/routes/users.routes.ts b/src/modules/users/infra/http/routes/users.routes.ts
@@ -1,3 +1,4 @@
+import ensureAuthenticated from '@shared/infra/http/middlewares/EnsureAuthenticated';
 import { Router } from 'express';
 
 import UsersController from '../controller/UsersController';
@@ -7,10 +8,10 @@ const usersRoutes = Router();
 const usersController = new UsersController();
 
 usersRoutes.post('/register', usersController.create);
-usersRoutes.patch('/update/:id', usersController.update);
-usersRoutes.delete('/delete/:id', usersController.delete);
-usersRoutes.get('/read', usersController.readAll);
-usersRoutes.get('/read/:id', usersController.readById);
+usersRoutes.patch('/update', ensureAuthenticated, usersController.update);
+usersRoutes.delete('/delete', ensureAuthenticated, usersController.delete);
+usersRoutes.get('/readAll', usersController.readAll);
+usersRoutes.get('/read', ensureAuthenticated, usersController.readById);
 usersRoutes.post('/send-pin', usersController.sendPin);
 usersRoutes.post('/verify-pin/:id', usersController.verifyPin);
 usersRoutes.post('/reset-password/:id', usersController.resetPassword);

diff --git a/src/shared/infra/http/middlewares/EnsureAuthenticated.ts b/src/shared/infra/http/middlewares/EnsureAuthenticated.ts
@@ -0,0 +1,31 @@
+import auth from '@config/auth';
+import { NextFunction, Request, Response } from 'express';
+import { Secret, verify } from 'jsonwebtoken';
+
+import AppError from '@shared/errors/AppError';
+
+interface ITokenPayload {
+  iss: string;
+  sub: string;
+  exp: number;
+  iat: number;
+}
+
+export default function ensureAuthenticated(request: Request, _response: Response, next: NextFunction): void {
+  const authHeader = request.headers.authorization;
+
+  if (!authHeader) { throw new AppError('Token não enviado'); }
+
+  const token = authHeader.split(' ')[1];
+
+  try {
+    const decoded = verify(token, auth.jwt.secret as Secret);
+
+    const { sub: id } = decoded as ITokenPayload;
+    request.token = { id };
+
+    return next();
+  } catch (error) {
+    throw new AppError('Token inválido');
+  }
+}