Closed AbegaM closed 4 months ago
[x] Feature to update a normal user to super user
1. Modify the cli.js file and add an `updateuser` command
2. Add a function named `updateUser`
3. Add a feature to fetch the user from the Db by using the `userId` and then update the `is_superuser` flag
4. Add a feature to check the password strength and then hash the password and save it in the DB
[x] Feature to register users
[x] Add a middleware function named processCustomRequest
[x] Add a middleware function named processCustomResponse
Return the user data by removing the salt and the password
For create
only a success report is returned:
https://github.com/thevahidal/soul/blob/main/docs/api/rows-examples.md#2-insert-a-new-row
Return the user data by removing the salt and the password
For
create
only a success report is returned: https://github.com/thevahidal/soul/blob/main/docs/api/rows-examples.md#2-insert-a-new-row
ok, i will update the task description 👍
[x] Obtain Access Token Feature
/api/auth/token/obtain
[x] Build a controller function for the feature
[x] Extract the username and the password from the body
[x] Find the user by using the username
[x] Compare the users password with the stored password
[x] Get the users role from the DB
[x] Generate token
Create a function called generateToken
[x] Send the token in the cookie
[x] Add a router for the feature
/api/auth/token/refresh
[x] Build a controller function for the feature
decodeToken
functionsubject
is accessToken
if not throw 401 errorconstants
foldertwo
if statements to check the roleTable
and rolesPermssionTable
[x] Add a new middleware function named isAuthorized
[x] Add the isAuthorized
middleware function in all of the routers
[x] Middleware function flow
[x] Check if authMode
is true or false
If authMode is true proceed with the authorization but if it is false then call the controller function
[x] Verify the token
[x] Extract the token payload
[x] Check if the user is a super user
If the user is a super user then call the controller function
If the user is not a super user check the users role
[x] Get the users role and permission on the resource
If the user has permission on the resource then call the controller function
If not then throw an error
[x] Fix the unit tests that are failing
All of the tests are failing due to the authorization middleware function and each test suite needs to send a token in the API call
[x] Create a function named createSuperuser
that will create an initial
superuser if there is no superuser in the DB
superuser
in the DB, if yes then skip creating a superuser
username
and password
of the superuser
from the .env
, if these values are not passed throw an errorusername
is taken, if yes then throw an error superuser
in the DB[x] Modify the existing code to handle users with multiple roles
createDefaultTable
functionModify the table schema and allow multiple role for a user
obtainAccessToken
functionSend multiple roles in the token payload
isAuthorized
middleware functionModify the function to check multiple permissions on a specific resource
Fix Comments on this PR, #148
if
conditions for the creation of _roles_permissions
and _roles
default
roles are already createdAdd these config variables in your .env
file
AUTH=true
ACCESS_TOKEN_SECRET=ABCD23DCAA
ACCESS_TOKEN_EXPIRATION_TIME=10H
REFRESH_TOKEN_SECRET=ACDED22CCC
REFRESH_TOKEN_EXPIRATION_TIME=10H
INITIAL_USER_USERNAME=<user_name>
INITIAL_USER_PASSWORD=<password>
Run this command in your terminal to run Soul in Auth
mode
npm run dev
Go the the package.json
file and manually update the cli
script
"scripts": {
"cli": "nodemon src/server.js --database foobar.db --atuh --ats <your_secret> --atet 10H --rts <your_secret> --rtet 3D --iuu <user_name> --iup <password>",
},
Run the cli
script in your terminal
npm run cli
When running Soul in development mode and passing the JWT secret values, username
, and password
, Soul will enable authentication on the APIs and perform the following actions.
Soul creates 4 new tables in the DB: _users
, _users_roles
, _roles_permissions
, and _roles
NOTE: You can test the existence of the tables by using a GUI tool such as `DB Browser For SQLite`
Soul creates a role with name = default
in the _roles
table and it will also create list of permissions for the default
role in the _roles_permissions
table
Soul creates an initial user by taking the username
and the password
from the .env
file
AUTH
mode, which generates an initial user. Next, we proceed to log in using the provided user credentials.Go to your HTTP client such as Postman and send a request to this endpoint
POST localhost:8000/api/auth/token/obtain
BODY {
"fields": {
"username": "<user_name>",
"password": "<password>"
}
}
Check the API response, you should get the user ID and a success message
{
"message": "Success",
"data": {
"userId": 2
}
}
Go to the package.json
file and update the CLI script
"scripts": {
"cli": "nodemon src/server.js --database foobar.db updateuser --id=1 --is_superuser=true"
},
Check if the users status is changed, by using DB Browser For SQLite
You can check the _users table to check if the is_superuser column has been changed to "true" for the user
Open your HTTP client and send a request to this API
PUT localhost:8000/api/auth/1/change-password
BODY {
"fields": {
"currentPassword": "hello@32C#$",
"newPassword": "ab12#C$AAv"
}
}
Check the response of the API, you should get this kind of response
{
"message": "Password updated successfully",
"data": {
"id": 1,
"username": "superuser"
}
}
Go to step 2 and try to send a request to the obtain access token
endpoint with the new changed password
Go to the package.json
file and update the CLI script
"scripts": {
"cli": "nodemon src/server.js --database foobar.db updateuser --id=1 --password=<new_password>
},
Go to step 2 and try to send a request to the obtain access token
endpoint with the new changed password
Open your HTTP client and send a request to this API
GET localhost:8000/api/auth/token/refresh
Note: You don't need to manually send the accessToken
or the refreshToken
as they are already stored in the cookie. Your HTTP client will automatically include them in the requests.
To check for new refresh and access token values in the Postman "cookie" tab, navigate to the "cookie" section in your Postman application and verify if there are updated refresh and access token values present.
Open your HTTP Client and send a request to this API to create a new role named customerService
POST localhost:8000/api/tables/_roles_permissions/rows
BODY {
"fields": {
"name": "customerService"
}
}
Chek the response, you should get this kind of response
{
"message": "Row inserted",
"data": {
"changes": 1,
"lastInsertRowid": 2
}
}
Send a new request to the API below to create list of permissions for the new role
POST localhost:8000/api/tables/_roles_permissions/rows
BODY {
"fields": {
"role_id": "<role_id_of_customerService_role>",
"table_name": "_users",
"create": "false",
"read": "false",
"update": "false",
"delete": "false"
}
}
Note: In the example provided above, a permission has been created for the customerService
role regarding the _users
table. It has been decided that this role will not have any permissions on this particular table.
superuser
has unrestricted access to all APIs without requiring authorization. However, users with other roles must possess specific permissions to access particular APIs.Send a request to any endpoint with the user you created
GET localhost:8000/api/tables/_users/rows
If the currently logged-in user does not possess the READ
permission for the _users
table, this step will result in an error indicating the lack of authorization.
{
"message": "Invalid Access Token"
}
[x] Fix the comments on PR, [#148](https://github.com/thevahidal/soul/pull/148)
if
conditions for the creation of _roles_permissions
and _roles
default
role to the constants
folderdefault
roles are already created[x] Fix the comments on PR [150](https://github.com/thevahidal/soul/pull/150)
updateuser
CLI command to updatesuperuser
[x] Fix the comments on PR 152
processRequest
middleware to avoid accessing the default endpoints while AUTH
is set to false
enables
word to instructs
secret
and expiration time
valuesuserRole
variable to userRoles
access tokens
and refresh tokens
and modify the documentation userId
in the error message FK
not found errorcreateInitialUser
function is creating a superuser instead of a normal user_users
endpoint
GET
, POST
, PUT
and DELETE
endpoints and remove some fields like is_superuser
, salt
, hashed_password
and password
fields /tables
endpoint to avoid creating reserved table namesAmazing job with the authentication features! Definitively improves a lot the usage of Soul
/tip 10 @AbegaM
Hi @AbegaM, @RubenRuCh wants to tip you $10.00 for your amazing work 🥳 @AbegaM go to your settings and make sure your Stripe account is configured, otherwise you won't be able to receive payments. @RubenRuCh you can pay the tip in your dashboard
Ups... @RubenRuCh tried to complete the payment of $10.00 as a tip to @AbegaM, but @AbegaM doesn't have their payment account configured yet 😱
Please @AbegaM, go to your settings and complete your onboarding! After that, let @RubenRuCh know so they can start the payment process again.
Amazing job with the authentication features! Definitively improves a lot the usage of Soul
/tip 10 @AbegaM
Thank you, @RubenRuCh. I appreciate your feedback.
[ ] Change Boolean string values to 1/0
[ ] Change auth strategy
hasAccess
middleware function, Obtain access token API
, and the refresh access token APIs
Amazing job with the authentication features! Definitively improves a lot the usage of Soul /tip 10 @AbegaM
Thank you, @RubenRuCh. I appreciate your feedback.
No problem! Btw were you able to setup your payment account in Opire, so I can finish the payment of the tip?
Amazing job with the authentication features! Definitively improves a lot the usage of Soul /tip 10 @AbegaM
Thank you, @RubenRuCh. I appreciate your feedback.
No problem! Btw were you able to setup your payment account in Opire, so I can finish the payment of the tip?
Thank you, @RubenRuCh, but unfortunately, my Stripe account is not working due to some financial regulations in my country. So, you can make the donation to @IanMayo.
Amazing job with the authentication features! Definitively improves a lot the usage of Soul /tip 10 @AbegaM
Thank you, @RubenRuCh. I appreciate your feedback.
No problem! Btw were you able to setup your payment account in Opire, so I can finish the payment of the tip?
Thank you, @RubenRuCh, but unfortunately, my Stripe account is not working due to some financial regulations in my country. So, you can make the donation to @IanMayo.
Sorry to hear that! I'm willing to make the donation to @IanMayo but unfortunately the Opire bot has being uninstalled from the repo :cry: Could you reinstall it? @thevahidal
Hey @RubenRuCh,
Sorry, but I had to uninstall Opire. Soul's main contributors weren't too thrilled with its comments, so I had to let it go. I actually really liked the idea behind Opire, so I installed it in my other projects to keep supporting it. Hopefully, we can still grow together!
[ ] Add a feature to handle revoked refresh tokens
/api/auth/token/refresh
endpoint to check revoked tokens before refreshing a token provided by the client
Feb 14, 2024
Tasks
Features that will be executed when soul boots up
_roles
table after a role table is created_roles_permissions
table is created