add samples

Author: Killian-fal

README.md

@@ -56,10 +56,10 @@ async foo({ auth }: HttpContext) {
 
 A list of examples is available [here](samples/) to show the possible implementations/modifications of the classes generated by the package. They also show how to test the application with a supabase mock
 
-1. **classic:** unmodified version of the package with tests
-2. **with-custom-details:** modified version of the package with user details, more information [here](https://supabase.com/docs/guides/auth/auth-hooks)
-3. **with-internal-profile:** modified version of the package with an internal profile (stored in a sqlite database)
-4. **with-both-and-role-based:** version combining the above 2 samples, adding a decorator to build a role access based application
+1. **classic:** unmodified version of the package with tests - [README](samples/classic/README.md)
+2. **with-custom-details:** modified version of the package with user details, more information [here](https://supabase.com/docs/guides/auth/auth-hooks) - [README](samples/with-custom-details/README.md)
+3. **with-internal-profile:** modified version of the package with an internal profile (stored in a sqlite database) - [README](samples/with-internal-profile/README.md)
+4. **with-both-and-role-based:** version combining the above 2 samples, adding a decorator to build a role access based application - [README](samples/with-both-and-role-based/README.md)
 
 ## License
 This project is Open Source software released under the [MIT license.](LICENSE.md)

samples/classic/README.md

@@ -0,0 +1,3 @@
+# Classic version
+
+This version doesn't modify the code provided by the package. It just add an `auth.spec.ts` test that shows how to test routes that are **secure with supabase**.

samples/classic/ace.js

@@ -0,0 +1,27 @@
+/*
+|--------------------------------------------------------------------------
+| JavaScript entrypoint for running ace commands
+|--------------------------------------------------------------------------
+|
+| DO NOT MODIFY THIS FILE AS IT WILL BE OVERRIDDEN DURING THE BUILD
+| PROCESS.
+|
+| See docs.adonisjs.com/guides/typescript-build-process#creating-production-build
+|
+| Since, we cannot run TypeScript source code using "node" binary, we need
+| a JavaScript entrypoint to run ace commands.
+|
+| This file registers the "ts-node/esm" hook with the Node.js module system
+| and then imports the "bin/console.ts" file.
+|
+*/
+
+/**
+ * Register hook to process TypeScript files using ts-node
+ */
+import 'ts-node-maintained/register/esm'
+
+/**
+ * Import ace console entrypoint
+ */
+await import('./bin/console.js')

samples/classic/adonisrc.ts

@@ -0,0 +1,71 @@
+import { defineConfig } from '@adonisjs/core/app'
+
+export default defineConfig({
+  /*
+  |--------------------------------------------------------------------------
+  | Commands
+  |--------------------------------------------------------------------------
+  |
+  | List of ace commands to register from packages. The application commands
+  | will be scanned automatically from the "./commands" directory.
+  |
+  */
+  commands: [() => import('@adonisjs/core/commands'), () => import('@adonisjs/lucid/commands')],
+
+  /*
+  |--------------------------------------------------------------------------
+  | Service providers
+  |--------------------------------------------------------------------------
+  |
+  | List of service providers to import and register when booting the
+  | application
+  |
+  */
+  providers: [
+    () => import('@adonisjs/core/providers/app_provider'),
+    () => import('@adonisjs/core/providers/hash_provider'),
+    {
+      file: () => import('@adonisjs/core/providers/repl_provider'),
+      environment: ['repl', 'test'],
+    },
+    () => import('@adonisjs/core/providers/vinejs_provider'),
+    () => import('@adonisjs/cors/cors_provider'),
+    () => import('@adonisjs/lucid/database_provider'),
+    () => import('@adonisjs/auth/auth_provider')
+  ],
+
+  /*
+  |--------------------------------------------------------------------------
+  | Preloads
+  |--------------------------------------------------------------------------
+  |
+  | List of modules to import before starting the application.
+  |
+  */
+  preloads: [() => import('#start/routes'), () => import('#start/kernel')],
+
+  /*
+  |--------------------------------------------------------------------------
+  | Tests
+  |--------------------------------------------------------------------------
+  |
+  | List of test suites to organize tests by their type. Feel free to remove
+  | and add additional suites.
+  |
+  */
+  tests: {
+    suites: [
+      {
+        files: ['tests/unit/**/*.spec(.ts|.js)'],
+        name: 'unit',
+        timeout: 2000,
+      },
+      {
+        files: ['tests/functional/**/*.spec(.ts|.js)'],
+        name: 'functional',
+        timeout: 30000,
+      },
+    ],
+    forceExit: false,
+  },
+})

samples/classic/app/auth/guards/supabase_jwt_guard.ts

@@ -0,0 +1,160 @@
+import { errors, symbols } from '@adonisjs/auth'
+import { AuthClientResponse, GuardContract } from '@adonisjs/auth/types'
+import { HttpContext } from '@adonisjs/core/http'
+import { supabase } from '../../utils/supabase_util.js'
+import { User } from '@supabase/supabase-js'
+import jwt, { JwtPayload } from 'jsonwebtoken'
+import app from '@adonisjs/core/services/app'
+
+export class SupabaseJwtGuard implements GuardContract<CustomSupabaseUser> {
+  #ctx: HttpContext
+
+  constructor(ctx: HttpContext) {
+    this.#ctx = ctx
+  }
+
+  declare [symbols.GUARD_KNOWN_EVENTS]: {}
+
+  driverName: 'supabase' = 'supabase'
+
+  authenticationAttempted: boolean = false
+
+  isAuthenticated: boolean = false
+
+  user?: CustomSupabaseUser
+
+  /**
+   * Authenticate the current HTTP request and return
+   * the user instance if there is a valid JWT token
+   * or throw an exception
+   */
+  async authenticate(): Promise<CustomSupabaseUser> {
+    if (app.inTest) {
+      //Skip authentication process due to testing
+      return await this.testingAuthenticate()
+    }
+
+    /**
+     * Avoid re-authentication when it has been done already
+     * for the given request
+     */
+    if (this.authenticationAttempted) {
+      return this.getUserOrFail()
+    }
+    this.authenticationAttempted = true
+
+    /**
+     * Ensure the auth header exists
+     */
+    const authHeader = this.#ctx.request.header('authorization')
+    if (!authHeader) {
+      throw new errors.E_UNAUTHORIZED_ACCESS('Unauthorized access', {
+        guardDriverName: this.driverName,
+      })
+    }
+
+    /**
+     * Split the header value and read the token from it
+     */
+    const [, token] = authHeader.split('Bearer ')
+    if (!token) {
+      throw new errors.E_UNAUTHORIZED_ACCESS('Unauthorized access', {
+        guardDriverName: this.driverName,
+      })
+    }
+
+    /**
+     * Get user data from supabase
+     */
+    const {
+      data: { user },
+    } = await supabase.auth.getUser(token)
+
+    if (!user) {
+      throw new errors.E_UNAUTHORIZED_ACCESS('Unauthorized access', {
+        guardDriverName: this.driverName,
+      })
+    }
+
+    this.user = await this.buildCustomSupabaseUser(token, user)
+    return this.getUserOrFail()
+  }
+
+  /**
+   * Same as authenticate, but does not throw an exception
+   */
+  async check(): Promise<boolean> {
+    try {
+      await this.authenticate()
+      return true
+    } catch {
+      return false
+    }
+  }
+
+  /**
+   * Returns the authenticated user or throws an error
+   */
+  getUserOrFail(): CustomSupabaseUser {
+    if (!this.user) {
+      throw new errors.E_UNAUTHORIZED_ACCESS('Unauthorized access', {
+        guardDriverName: this.driverName,
+      })
+    }
+
+    return this.user
+  }
+
+  /**
+   * This method is called by Japa during testing when "loginAs"
+   * method is used to login the user.
+   */
+  async authenticateAsClient(user: CustomSupabaseUser): Promise<AuthClientResponse> {
+    return {
+      headers: {
+        testingUser: JSON.stringify(user),
+      },
+    }
+  }
+
+  async buildCustomSupabaseUser(token: string, user: User): Promise<CustomSupabaseUser> {
+    const customPayload = jwt.decode(token) as CustomSupabaseJwtPayload
+
+    return {
+      ...user,
+      details: customPayload.details,
+    }
+  }
+
+  async testingAuthenticate(): Promise<CustomSupabaseUser> {
+    const testingUser = this.#ctx.request.header('testingUser')
+    if (!testingUser) {
+      throw new errors.E_UNAUTHORIZED_ACCESS('Unauthorized access', {
+        guardDriverName: this.driverName,
+      })
+    }
+
+    this.authenticationAttempted = true
+
+    const decodedUser = JSON.parse(testingUser)
+    this.user = {
+      ...decodedUser,
+    }
+    return this.getUserOrFail()
+  }
+}
+
+export interface CustomSupabaseUser extends User {
+  details: CustomSupabaseUserDetails
+  // TODO: add your local profile extension if needed
+  // e.g. profile: Profile
+}
+
+export interface CustomSupabaseUserDetails {
+  // TODO: Add here your custom details
+  // e.g. role: string | null
+}
+
+export interface CustomSupabaseJwtPayload extends JwtPayload {
+  details: CustomSupabaseUserDetails
+}

samples/classic/app/exceptions/handler.ts

@@ -0,0 +1,28 @@
+import app from '@adonisjs/core/services/app'
+import { HttpContext, ExceptionHandler } from '@adonisjs/core/http'
+
+export default class HttpExceptionHandler extends ExceptionHandler {
+  /**
+   * In debug mode, the exception handler will display verbose errors
+   * with pretty printed stack traces.
+   */
+  protected debug = !app.inProduction
+
+  /**
+   * The method is used for handling errors and returning
+   * response to the client
+   */
+  async handle(error: unknown, ctx: HttpContext) {
+    return super.handle(error, ctx)
+  }
+
+  /**
+   * The method is used to report error to the logging service or
+   * the third party error monitoring service.
+   *
+   * @note You should not attempt to send a response from this method.
+   */
+  async report(error: unknown, ctx: HttpContext) {
+    return super.report(error, ctx)
+  }
+}

samples/classic/app/middleware/auth_middleware.ts

@@ -0,0 +1,25 @@
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+import type { Authenticators } from '@adonisjs/auth/types'
+
+/**
+ * Auth middleware is used authenticate HTTP requests and deny
+ * access to unauthenticated users.
+ */
+export default class AuthMiddleware {
+  /**
+   * The URL to redirect to, when authentication fails
+   */
+  redirectTo = '/login'
+
+  async handle(
+    ctx: HttpContext,
+    next: NextFn,
+    options: {
+      guards?: (keyof Authenticators)[]
+    } = {}
+  ) {
+    await ctx.auth.authenticateUsing(options.guards, { loginRoute: this.redirectTo })
+    return next()
+  }
+}

samples/classic/app/middleware/container_bindings_middleware.ts

@@ -0,0 +1,19 @@
+import { Logger } from '@adonisjs/core/logger'
+import { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+/**
+ * The container bindings middleware binds classes to their request
+ * specific value using the container resolver.
+ *
+ * - We bind "HttpContext" class to the "ctx" object
+ * - And bind "Logger" class to the "ctx.logger" object
+ */
+export default class ContainerBindingsMiddleware {
+  handle(ctx: HttpContext, next: NextFn) {
+    ctx.containerResolver.bindValue(HttpContext, ctx)
+    ctx.containerResolver.bindValue(Logger, ctx.logger)
+
+    return next()
+  }
+}

samples/classic/app/middleware/force_json_response_middleware.ts

@@ -0,0 +1,16 @@
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+/**
+ * Updating the "Accept" header to always accept "application/json" response
+ * from the server. This will force the internals of the framework like
+ * validator errors or auth errors to return a JSON response.
+ */
+export default class ForceJsonResponseMiddleware {
+  async handle({ request }: HttpContext, next: NextFn) {
+    const headers = request.headers()
+    headers.accept = 'application/json'
+
+    return next()
+  }
+}