Merge pull request #83 from JDIZM/minor-improvements

Minor improvements [JDI-72]

Author: JDIZM

.env.example

@@ -6,6 +6,7 @@ PORT=4000
 ## Database
 ###
 POSTGRES_HOST=db
+POSTGRES_PORT=5432
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=example
 POSTGRES_DB=postgres
@@ -15,3 +16,4 @@ POSTGRES_DB=postgres
 ###
 SUPABASE_URL=https://example.supabase.co
 SUPABASE_PK=example-key
+SUPABASE_AUTH_JWT_SECRET=abcdefghijklmnopqrstuvwxzyz1234567890

Dockerfile

@@ -1,11 +1,14 @@
-FROM node:20-alpine as base
+FROM node:20-alpine AS base
 
 ENV PNPM_VERSION=9.1.0
 
 RUN npm install -g pnpm@$PNPM_VERSION
 
 WORKDIR /app
 
+ARG NODE_ENV
+ENV NODE_ENV=${NODE_ENV}
+
 # install deps first so we can cache them
 COPY package*.json pnpm-lock.yaml ./
 RUN pnpm install --frozen-lockfile

README.md

@@ -71,11 +71,31 @@ Run the unit tests with `npm run test`
 
 It's also recommended to install the [vitest extension for vscode](https://marketplace.visualstudio.com/items?itemName=ZixuanChen.vitest-explorer).
 
+## Supabase CLI
+
+You can install the supabase cli for local development.
+
+- https://supabase.com/docs/guides/cli/getting-started
+- https://supabase.com/docs/guides/cli/local-development
+
 ## Database
 
 You can view the database with `npx drizzle-kit studio` or `npm run studio`.
 
 You can spin up a local copy of the database and application with `docker-compose` but this is not required when using the Supabase db.
+When using the supabase cli we can run a local copy of the db with `supabase start`.
+
+### Developing locally with supabase
+
+This will provide you with a connection string, you can update the local environment variables in the .env file with the details from the connection string.
+
+`postgresql://postgres:postgres@localhost:54322/postgres`
+
+Visit the Supabase dashboard: http://localhost:54323 and manage your database locally.
+
+### Local Postgres with Docker
+
+You can spin up a local database and application with `docker-compose` but this is not required when using the Supabase db or cli.
 
 ```
 docker compose up -d
@@ -96,6 +116,7 @@ POSTGRES_HOST=mypostgres
 ```
 
 Then run the application in docker and connect to the same network.
+
 ```bash
 docker run --network mynetwork --name node-express -d -p 4000:4000 node-express
 ```
@@ -171,26 +192,28 @@ How permissions work.
 
 A resource will have a permission level for each route method based on users role within the workspace. Workspace permissions can be defined in `./src/helpers/permissions.ts`.
 
-Workspace permissions:
+Workspace level permissions:
 Admin: Highest level of access to all resources within the workspace.
 User: Regular user with limited permissions.
 
-Resource permissions:
+Resource level permissions:
 Owner: Has access to their own resources
 
-Account permissions:
+Account level permissions:
 SuperAdmin: Has access to all super only resources.
 
 ### Workspace route permission levels
 
-Ensure every request that requires workspace permissions includes a workspace context. This can be done using the `x-workspace-id header`.
+Ensure every request that requires workspace permissions includes a workspace context.
 
-Passing the `x-workspace-id` header will allow the user to access the workspace resources if they are a member of the workspace with a sufficient role.
+This can be done by passing the `x-workspace-id` header when making a request.
+
+This will allow the user to access the workspace resources if they are a member of the workspace with a sufficient role.
 
 A role/claim is defined when the account is added to the workspace as a member.
 
 1. User - Can access all resources with user permissions.
-2. Admin - Can access all resources.
+2. Admin - Can access all resources within the workspace.
 
 ## Supabase Auth
 
@@ -220,5 +243,3 @@ For information on confguring the app level environment variables see [How to us
 - `POSTGRES_DB`: `postgres`
 - `SUPABASE_URL`: `https://<supabase-id>.supabase.co`
 - `SUPABASE_PK`: `abcdefghijklm`
-
-

docker-compose.yml

@@ -1,6 +1,3 @@
-# Use postgres/example user/password credentials
-version: "3.1"
-
 services:
   app:
     build:
@@ -9,16 +6,16 @@ services:
     env_file:
       - .env
     ports:
-      - "4000:4000"
+      - ${PORT}:${PORT}
   db:
-    image: postgres
+    image: postgres:15
     restart: always
     environment:
       POSTGRES_USER: ${POSTGRES_USER}
       POSTGRES_DB: ${POSTGRES_DB}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
     ports:
-      - 5432:5432
+      - ${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}
     volumes:
       - db:/var/lib/postgresql/data
 volumes:

drizzle.config.ts

@@ -12,9 +12,9 @@ export default {
   dbCredentials: {
     host: config.db_host,
     user: config.db_user,
-    port: 5432,
+    port: config.db_port,
     password: config.db_password,
     database: config.db_name,
-    ssl: config.env !== "dev"
+    ssl: config.env !== "development"
   }
 } satisfies Config;

package.json

@@ -28,6 +28,7 @@
   "author": "",
   "license": "ISC",
   "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.6",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "@typescript-eslint/parser": "^8.0.0",
     "@vitest/coverage-v8": "^2.0.0",
@@ -68,6 +69,7 @@
     "drizzle-zod": "^0.5.1",
     "express": "^4.19.2",
     "helmet": "^7.1.0",
+    "jsonwebtoken": "^9.0.2",
     "pg": "^8.11.5",
     "pino": "^9.1.0",
     "pino-http": "^10.1.0"

src/config.ts

@@ -1,36 +1,36 @@
 import dotenv from "dotenv";
 import { logger } from "@/helpers/index.ts";
 
-export const stages = ["dev", "prod"] as const;
-
-export const ENV = (process.env.NODE_ENV as Stage) ?? ("dev" as Stage);
+export const stages = ["development", "production", "test"] as const;
 
 export type Stage = (typeof stages)[number];
 
-export const getStage = () => {
-  if (!stages.includes(ENV)) {
-    logger.error(`Invalid environment: ${ENV}`);
+export const ENV = process.env.NODE_ENV ?? "development";
+
+export const getStage = (env: string): Stage => {
+  if (!stages.includes(env as Stage)) {
     throw new Error(`Invalid environment: ${ENV}`);
   }
-  return ENV;
+  return env as Stage;
 };
 
-export const STAGE = getStage();
+export const STAGE = getStage(ENV);
 
 logger.info(`running in env: ${STAGE}`);
 
-if (STAGE === "dev") {
+if (STAGE !== "production") {
   dotenv.config();
 }
 
 export const config = {
   env: STAGE,
-  port: process.env.PORT || 3000,
+  port: process.env.PORT || 4000,
   db_host: process.env.POSTGRES_HOST || "localhost",
+  db_port: Number(process.env.POSTGRES_PORT) || 5432,
   db_user: process.env.POSTGRES_USER || "postgres",
   db_password: process.env.POSTGRES_PASSWORD || "postgres",
   db_name: process.env.POSTGRES_DB || "test",
-  appUrl: process.env.APP_URL || "http://localhost:3000",
   supabaseUrl: process.env.SUPABASE_URL || "https://example.supabase.co",
-  supabaseKey: process.env.SUPABASE_PK || "example-key"
+  supabaseKey: process.env.SUPABASE_PK || "example-key",
+  jwtSecret: process.env.SUPABASE_AUTH_JWT_SECRET || "super-secret-key-that-should-be-replaced"
 };

src/cors.ts

@@ -1,6 +1,5 @@
 export const whitelist: RegExp[] = [
   /^https?:\/\/localhost:3000$/,
-  /^https?:\/\/localhost:4000$/,
   /^https?:\/\/example\.com$/,
   /^https?:\/\/subdomain\.example\.com$/
   // Add more patterns as needed

src/handlers/accounts/accounts.handlers.ts

@@ -16,13 +16,7 @@ export async function getAccounts(req: Request, res: Response) {
 
     return res.status(response.code).send(response);
   } catch (err) {
-    const error = err as Error;
-
-    const message = "Unable to fetch accounts";
-
-    logger.error({ msg: message, err });
-
-    const response = gatewayResponse().error(400, error, error.message);
+    const response = gatewayResponse().error(400, err as Error, "Unable to fetch accounts");
 
     res.status(response.code).send(response);
   }
@@ -58,13 +52,7 @@ export async function getAccount(req: Request, res: Response) {
 
     return res.status(response.code).send(response);
   } catch (err) {
-    const error = err as Error;
-
-    const message = "Unable to fetch account";
-
-    logger.error({ msg: message, err });
-
-    const response = gatewayResponse().error(400, error, error.message);
+    const response = gatewayResponse().error(400, err as Error, "Unable to fetch account");
 
     return res.status(response.code).send(response);
   }
@@ -82,13 +70,7 @@ export async function createAccount(req: Request, res: Response) {
 
     return res.status(response.code).send(response);
   } catch (err) {
-    const error = err as Error;
-
-    const message = "Unable to create account";
-
-    logger.error({ msg: message, err: error });
-
-    const response = gatewayResponse().error(400, error, error.message);
+    const response = gatewayResponse().error(400, err as Error, "Unable to create account");
 
     return res.status(response.code).send(response);
   }

src/handlers/auth/auth.handlers.ts

@@ -24,19 +24,18 @@ export const signUp = async (req: Request, res: Response) => {
     const user = await signUpWithSupabase(email, password);
 
     if (!user) {
-      logger.error({ msg: "Unable to sign up" });
+      const errorMessage = "Unable to sign up";
 
-      const response = gatewayResponse().error(400, new Error("Unable to sign up"), "Unable to sign up");
+      const response = gatewayResponse().error(400, new Error(errorMessage), errorMessage);
 
       return res.status(response.code).send(response);
     }
 
-    logger.info("User signed up", 200, user.id);
+    logger.info({ msg: `User signed up with id: ${user.id}` });
 
     const dbAccount = await createDbAccount({ email, fullName, phone, uuid: user.id });
-    logger.info({ msg: `Account created in DB with id: ${dbAccount}` });
 
-    const response = gatewayResponse().success(200, user);
+    const response = gatewayResponse().success(200, `Account created in DB with id: ${dbAccount}`);
 
     return res.status(response.code).send(response);
   } catch (err) {
@@ -52,16 +51,17 @@ export const signUp = async (req: Request, res: Response) => {
   }
 };
 
+// TODO add httpOnly cookie for sessions.. https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security
 export const signInWithPassword = async (req: Request, res: Response) => {
   const { email, password } = req.body;
+
   const { data, error } = await supabase.auth.signInWithPassword({
     email,
     password
   });
 
   if (error) {
     const response = gatewayResponse().error(400, error, "Unable to sign in with password");
-    logger.error("Unable to sign in with password", error);
 
     return res.status(response.code).send(response);
   }

src/handlers/auth/auth.methods.ts

@@ -0,0 +1,12 @@
+import jwt from "jsonwebtoken";
+import { config } from "../../config.ts";
+import { logger } from "@/helpers/index.ts";
+
+export const verifyToken = async (token: string) => {
+  try {
+    return jwt.verify(token, config.jwtSecret) as { sub: string };
+  } catch (err) {
+    logger.error("Token validation failed:", err);
+    return null;
+  }
+};

src/handlers/memberships/memberships.handlers.ts

@@ -72,13 +72,7 @@ export async function createMembershipHandler(req: Request, res: Response) {
 
     return res.status(response.code).send(response);
   } catch (err) {
-    const error = err as Error;
-
-    const message = "Error creating membership";
-
-    logger.error({ msg: message, err: error });
-
-    const response = gatewayResponse().error(400, error, message);
+    const response = gatewayResponse().error(400, err as Error, "Error creating membership");
 
     return res.status(response.code).send(response);
   }