gitea/amati
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: develop API forgot password

Browse Source
This commit is contained in:
Sukma Gladys 2024-08-22 15:54:34 +07:00
parent a1763c0a13
commit d0808a54c4
8 changed files with 213 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/backend/package.json
View File

@ -19,6 +19,7 @@
"hono": "^4.4.6", "hono": "^4.4.6",
"jsonwebtoken": "^9.0.2", "jsonwebtoken": "^9.0.2",
"moment": "^2.30.1", "moment": "^2.30.1",
"nodemailer": "^6.9.14",
"postgres": "^3.4.4", "postgres": "^3.4.4",
"sharp": "^0.33.4", "sharp": "^0.33.4",
"zod": "^3.23.8" "zod": "^3.23.8"
@ -27,6 +28,7 @@
"@types/bcrypt": "^5.0.2", "@types/bcrypt": "^5.0.2",
"@types/jsonwebtoken": "^9.0.6", "@types/jsonwebtoken": "^9.0.6",
"@types/node": "^20.14.2", "@types/node": "^20.14.2",
"@types/nodemailer": "^6.4.15",
"drizzle-kit": "^0.22.7", "drizzle-kit": "^0.22.7",
"pg": "^8.12.0", "pg": "^8.12.0",
"tsx": "^4.15.5", "tsx": "^4.15.5",

1
apps/backend/src/appEnv.ts
View File

@ -8,6 +8,7 @@ const envSchema = z.object({
DATABASE_URL: z.string(), DATABASE_URL: z.string(),
ACCESS_TOKEN_SECRET: z.string(), ACCESS_TOKEN_SECRET: z.string(),
REFRESH_TOKEN_SECRET: z.string(), REFRESH_TOKEN_SECRET: z.string(),
RESET_PASSWORD_TOKEN_SECRET: z.string(),
COOKIE_SECRET: z.string(), COOKIE_SECRET: z.string(),
}); });

1
apps/backend/src/drizzle/schema/users.ts
View File

@ -20,6 +20,7 @@ export const users = pgTable("users", {
email: varchar("email"), email: varchar("email"),
password: text("password").notNull(), password: text("password").notNull(),
isEnabled: boolean("isEnabled").default(true), isEnabled: boolean("isEnabled").default(true),
resetPasswordToken: varchar("resetPasswordToken"),
createdAt: timestamp("createdAt", { mode: "date" }).defaultNow(), createdAt: timestamp("createdAt", { mode: "date" }).defaultNow(),
updatedAt: timestamp("updatedAt", { mode: "date" }).defaultNow(), updatedAt: timestamp("updatedAt", { mode: "date" }).defaultNow(),
deletedAt: timestamp("deletedAt", { mode: "date" }), deletedAt: timestamp("deletedAt", { mode: "date" }),

2
apps/backend/src/index.ts
View File

@ -18,6 +18,7 @@ import HonoEnv from "./types/HonoEnv";
import devRoutes from "./routes/dev/route"; import devRoutes from "./routes/dev/route";
import appEnv from "./appEnv"; import appEnv from "./appEnv";
import questionsRoute from "./routes/questions/route"; import questionsRoute from "./routes/questions/route";
import forgotPasswordRoutes from "./routes/forgotPassword/route";
configDotenv(); configDotenv();
@ -84,6 +85,7 @@ const routes = app
.route("/questions", questionsRoute) .route("/questions", questionsRoute)
.route("/management-aspect", managementAspectsRoute) .route("/management-aspect", managementAspectsRoute)
.route("/register", respondentsRoute) .route("/register", respondentsRoute)
.route("/forgot-password", forgotPasswordRoutes)
.onError((err, c) => { .onError((err, c) => {
if (err instanceof DashboardError) { if (err instanceof DashboardError) {
return c.json( return c.json(

111
apps/backend/src/routes/forgotPassword/route.ts Normal file
View File

@ -0,0 +1,111 @@
import { zValidator } from "@hono/zod-validator";
import HonoEnv from "../../types/HonoEnv";
import { z } from "zod";
import { and, eq, isNull } from "drizzle-orm";
import { Hono } from "hono";
import db from "../../drizzle";
import { users } from "../../drizzle/schema/users";
import { notFound, unauthorized } from "../../errors/DashboardError";
import { generateResetPasswordToken, verifyResetPasswordToken } from "../../utils/authUtils";
import { sendResetPasswordEmail } from "../../utils/mailerUtils";
import { hashPassword } from "../../utils/passwordUtils";
const forgotPasswordRoutes = new Hono<HonoEnv>()
/**
* Forgot Password
*
* Checking emails in the database, generating tokens, and sending emails occurs.
*/
.post(
'/',
zValidator(
'json',
z.object({
email: z.string().email(),
})
),
async (c) => {
const { email } = c.req.valid('json');
const user = await db
.select()
.from(users)
.where(
and(
isNull(users.deletedAt),
eq(users.email, email)
)
);
if (!user.length) throw notFound();
// Generate reset password token
const resetPasswordToken = await generateResetPasswordToken({
uid: user[0].id,
});
await db
.update(users)
.set({
resetPasswordToken: resetPasswordToken
})
.where(eq(users.email, email));
// Send email with reset password token
await sendResetPasswordEmail(email, resetPasswordToken);
return c.json({
message: 'Email has been sent successfully',
});
}
)
/**
* Reset Password
*/
.patch(
'/verify',
zValidator(
'json',
z.object({
password: z.string(),
confirm_password: z.string()
})
),
async (c) => {
const formData = c.req.valid('json');
const token = c.req.query('token')
// Token validation
if (!token) {
return c.json({ message: 'Token is required' }, 400);
}
// Password validation
if (formData.password !== formData.confirm_password) {
return c.json({ message: 'Passwords do not match' }, 400);
}
const decoded = await verifyResetPasswordToken(token);
if (!decoded) {
return c.json({ message: 'Invalid or expired token' }, 401);
}
if (!decoded) throw unauthorized();
// Hash the password
const hashedPassword = await hashPassword(formData.password);
await db
.update(users)
.set({
password: hashedPassword,
updatedAt: new Date(),
})
.where(eq(users.id, decoded.uid));
return c.json({
message: 'Password has been reset successfully'
});
});
export default forgotPasswordRoutes;

38
apps/backend/src/utils/authUtils.ts
View File

@ -4,6 +4,7 @@ import appEnv from "../appEnv";
// Environment variables for secrets, defaulting to a random secret if not set. // Environment variables for secrets, defaulting to a random secret if not set.
const accessTokenSecret = appEnv.ACCESS_TOKEN_SECRET; const accessTokenSecret = appEnv.ACCESS_TOKEN_SECRET;
const refreshTokenSecret = appEnv.REFRESH_TOKEN_SECRET; const refreshTokenSecret = appEnv.REFRESH_TOKEN_SECRET;
const resetPasswordTokenSecret = appEnv.RESET_PASSWORD_TOKEN_SECRET;
// Algorithm to be used for JWT encoding. // Algorithm to be used for JWT encoding.
const algorithm: jwt.Algorithm = "HS256"; const algorithm: jwt.Algorithm = "HS256";
@ -11,6 +12,7 @@ const algorithm: jwt.Algorithm = "HS256";
// Expiry settings for tokens. 'null' signifies no expiry. // Expiry settings for tokens. 'null' signifies no expiry.
export const accessTokenExpiry: number | string | null = null; export const accessTokenExpiry: number | string | null = null;
export const refreshTokenExpiry: number | string | null = "30d"; export const refreshTokenExpiry: number | string | null = "30d";
export const resetPasswordTokenExpiry: number | string | null = null;
// Interfaces to describe the payload structure for access and refresh tokens. // Interfaces to describe the payload structure for access and refresh tokens.
interface AccessTokenPayload { interface AccessTokenPayload {
@ -21,6 +23,10 @@ interface RefreshTokenPayload {
uid: string; uid: string;
} }
interface ResetPasswordTokenPayload {
uid: string;
}
/** /**
* Generates a JSON Web Token (JWT) for access control using a specified payload. * Generates a JSON Web Token (JWT) for access control using a specified payload.
* *
@ -84,3 +90,35 @@ export const verifyRefreshToken = async (token: string) => {
return null; return null;
} }
}; };
/**
* Generates a JSON Web Token (JWT) for reset password using a specified payload.
*
* @param payload - The payload containing user-specific data for the token.
* @returns A promise that resolves to the generated JWT string.
*/
export const generateResetPasswordToken = async (payload: ResetPasswordTokenPayload) => {
const token = jwt.sign(payload, resetPasswordTokenSecret, {
algorithm,
...(resetPasswordTokenExpiry ? { expiresIn: resetPasswordTokenExpiry } : {}),
});
return token;
};
/**
* Verifies a given reset password token and decodes the payload if the token is valid.
*
* @param token - The JWT string to verify.
* @returns A promise that resolves to the decoded payload or null if verification fails.
*/
export const verifyResetPasswordToken = async (token: string) => {
try {
const payload = jwt.verify(
token,
resetPasswordTokenSecret
) as ResetPasswordTokenPayload;
return payload;
} catch {
return null;
}
};

32
apps/backend/src/utils/mailerUtils.ts Normal file
View File

@ -0,0 +1,32 @@
import nodemailer from 'nodemailer';
/**
* Nodemailer configuration
*/
const transporter = nodemailer.createTransport({
host: 'smtp.gmail.com',
port: 587,
secure: false,
auth: {
user: process.env.EMAIL_USER,
pass: process.env.EMAIL_PASS,
},
tls: {
rejectUnauthorized: false,
},
});
export async function sendResetPasswordEmail(to: string, token: string) {
const resetUrl = `https://localhost:3000/forgot-password/verify?token=${token}`;
const info = await transporter.sendMail({
from: '"Your App" <${process.env.EMAIL_USER}>',
to,
subject: 'Password Reset Request',
text: `You requested a password reset. Click this link to reset your password: ${resetUrl}`,
html: `<p>You requested a password reset. Click this link to reset your password:<br><a href="${resetUrl}">${resetUrl}</a></p>`,
});
console.log('Email sent: %s', info.messageId);
return info;
}

28
pnpm-lock.yaml
View File

@ -50,6 +50,9 @@ importers:
moment: moment:
specifier: ^2.30.1 specifier: ^2.30.1
version: 2.30.1 version: 2.30.1
nodemailer:
specifier: ^6.9.14
version: 6.9.14
postgres: postgres:
specifier: ^3.4.4 specifier: ^3.4.4
version: 3.4.4 version: 3.4.4
@ -69,6 +72,9 @@ importers:
'@types/node': '@types/node':
specifier: ^20.14.2 specifier: ^20.14.2
version: 20.14.2 version: 20.14.2
'@types/nodemailer':
specifier: ^6.4.15
version: 6.4.15
drizzle-kit: drizzle-kit:
specifier: ^0.22.7 specifier: ^0.22.7
version: 0.22.7 version: 0.22.7
@ -1124,6 +1130,7 @@ packages:
'@humanwhocodes/config-array@0.11.14': '@humanwhocodes/config-array@0.11.14':
resolution: {integrity: sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==} resolution: {integrity: sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==}
engines: {node: '>=10.10.0'} engines: {node: '>=10.10.0'}
deprecated: Use @eslint/config-array instead
'@humanwhocodes/module-importer@1.0.1': '@humanwhocodes/module-importer@1.0.1':
resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==} resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==}
@ -1131,6 +1138,7 @@ packages:
'@humanwhocodes/object-schema@2.0.2': '@humanwhocodes/object-schema@2.0.2':
resolution: {integrity: sha512-6EwiSjwWYP7pTckG6I5eyFANjPhmPjUX9JRLUSfNPC7FX7zK9gyZAfUEaECL6ALTpGX5AjnBq3C9XmVWPitNpw==} resolution: {integrity: sha512-6EwiSjwWYP7pTckG6I5eyFANjPhmPjUX9JRLUSfNPC7FX7zK9gyZAfUEaECL6ALTpGX5AjnBq3C9XmVWPitNpw==}
deprecated: Use @eslint/object-schema instead
'@humanwhocodes/retry@0.3.0': '@humanwhocodes/retry@0.3.0':
resolution: {integrity: sha512-d2CGZR2o7fS6sWB7DG/3a95bGKQyHMACZ5aW8qGkkqQpUoZV6C0X7Pc7l4ZNMZkfNBf4VWNe9E1jRsf0G146Ew==} resolution: {integrity: sha512-d2CGZR2o7fS6sWB7DG/3a95bGKQyHMACZ5aW8qGkkqQpUoZV6C0X7Pc7l4ZNMZkfNBf4VWNe9E1jRsf0G146Ew==}
@ -1759,6 +1767,9 @@ packages:
'@types/node@20.14.2': '@types/node@20.14.2':
resolution: {integrity: sha512-xyu6WAMVwv6AKFLB+e/7ySZVr/0zLCzOa7rSpq6jNwpqOrUbcACDWC+53d4n2QHOnDou0fbIsg8wZu/sxrnI4Q==} resolution: {integrity: sha512-xyu6WAMVwv6AKFLB+e/7ySZVr/0zLCzOa7rSpq6jNwpqOrUbcACDWC+53d4n2QHOnDou0fbIsg8wZu/sxrnI4Q==}
'@types/nodemailer@6.4.15':
resolution: {integrity: sha512-0EBJxawVNjPkng1zm2vopRctuWVCxk34JcIlRuXSf54habUWdz1FB7wHDqOqvDa8Mtpt0Q3LTXQkAs2LNyK5jQ==}
'@types/normalize-package-data@2.4.4': '@types/normalize-package-data@2.4.4':
resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==} resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==}
@ -3226,6 +3237,7 @@ packages:
glob@7.2.3: glob@7.2.3:
resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
deprecated: Glob versions prior to v9 are no longer supported
globals@11.12.0: globals@11.12.0:
resolution: {integrity: sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==} resolution: {integrity: sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==}
@ -3377,6 +3389,7 @@ packages:
inflight@1.0.6: inflight@1.0.6:
resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==}
deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
inherits@2.0.4: inherits@2.0.4:
resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
@ -4047,6 +4060,10 @@ packages:
node-releases@2.0.14: node-releases@2.0.14:
resolution: {integrity: sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==} resolution: {integrity: sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==}
nodemailer@6.9.14:
resolution: {integrity: sha512-Dobp/ebDKBvz91sbtRKhcznLThrKxKt97GI2FAlAyy+fk19j73Uz3sBXolVtmcXjaorivqsbbbjDY+Jkt4/bQA==}
engines: {node: '>=6.0.0'}
nopt@5.0.0: nopt@5.0.0:
resolution: {integrity: sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==} resolution: {integrity: sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==}
engines: {node: '>=6'} engines: {node: '>=6'}
@ -4561,6 +4578,7 @@ packages:
rimraf@3.0.2: rimraf@3.0.2:
resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==} resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==}
deprecated: Rimraf versions prior to v4 are no longer supported
hasBin: true hasBin: true
rollup@4.18.0: rollup@4.18.0:
@ -6760,7 +6778,7 @@ snapshots:
'@types/glob@7.2.0': '@types/glob@7.2.0':
dependencies: dependencies:
'@types/minimatch': 5.1.2 '@types/minimatch': 5.1.2
'@types/node': 20.11.24 '@types/node': 20.14.2
'@types/graceful-fs@4.1.9': '@types/graceful-fs@4.1.9':
dependencies: dependencies:
@ -6805,6 +6823,10 @@ snapshots:
dependencies: dependencies:
undici-types: 5.26.5 undici-types: 5.26.5
'@types/nodemailer@6.4.15':
dependencies:
'@types/node': 20.14.2
'@types/normalize-package-data@2.4.4': {} '@types/normalize-package-data@2.4.4': {}
'@types/parse-json@4.0.2': {} '@types/parse-json@4.0.2': {}
@ -6841,7 +6863,7 @@ snapshots:
'@types/through@0.0.30': '@types/through@0.0.30':
dependencies: dependencies:
'@types/node': 20.11.24 '@types/node': 20.14.2
'@types/tinycolor2@1.4.6': {} '@types/tinycolor2@1.4.6': {}
@ -9717,6 +9739,8 @@ snapshots:
node-releases@2.0.14: {} node-releases@2.0.14: {}
nodemailer@6.9.14: {}
nopt@5.0.0: nopt@5.0.0:
dependencies: dependencies:
abbrev: 1.1.1 abbrev: 1.1.1