feat: Implement sessions and revoking possibility (#28)

powerhouse-inc · Mar 30, 2023 · ca0a7da · ca0a7da
1 parent 23668a8
commit ca0a7da
Show file tree

Hide file tree

Showing 29 changed files with 810 additions and 171 deletions.
diff --git a/api/package-lock.json b/api/package-lock.json
diff --git a/api/package.json b/api/package.json
@@ -27,19 +27,22 @@
         "graphql-middleware": "^6.1.33",
         "graphql-playground-middleware-express": "^1.7.23",
         "jsonwebtoken": "^9.0.0",
+        "ms": "^2.1.3",
         "nexus": "^1.3.0",
         "nexus-validation-plugin": "^0.2.0",
         "pino": "^8.11.0",
         "pino-http": "^8.3.3",
         "pino-pretty": "^10.0.0",
         "vite-node": "^0.29.2",
-        "vitest": "^0.29.2"
+        "vitest": "^0.29.2",
+        "zod": "^3.21.4"
     },
     "devDependencies": {
         "@types/bcrypt": "^5.0.0",
         "@types/cors": "^2.8.13",
         "@types/express": "^4.17.17",
         "@types/jsonwebtoken": "^9.0.1",
+        "@types/ms": "^0.7.31",
         "@types/node": "^18.14.2",
         "@typescript-eslint/eslint-plugin": "^5.54.0",
         "@typescript-eslint/parser": "^5.54.0",

diff --git a/api/prisma/schema.prisma b/api/prisma/schema.prisma
@@ -1,5 +1,5 @@
 generator client {
-  provider = "prisma-client-js"
+  provider        = "prisma-client-js"
   previewFeatures = ["clientExtensions"]
 }
 
@@ -23,4 +23,20 @@ model User {
   id       String @id @default(uuid())
   username String @unique
   password String
+
+  sessions Session[]
+}
+
+model Session {
+  id                  String    @id @default(uuid())
+  createdAt           DateTime  @default(now())
+  createdBy           String
+  referenceExpiryDate DateTime?
+  name                String?
+  revokedAt           DateTime?
+  referenceTokenId    String
+  isUserCreated       Boolean   @default(false)
+
+  creator User @relation(fields: [createdBy], references: [id], onDelete: Cascade)
+  @@unique([createdBy, id])
 }
diff --git a/api/src/context.ts b/api/src/context.ts
diff --git a/api/src/database.ts b/api/src/database.ts
@@ -1,7 +1,7 @@
 import { PrismaClient, Prisma } from '@prisma/client';
 import { Level as PinoLevel } from 'pino';
 import { getChildLogger } from './logger';
-import { getUserCrud } from './modules';
+import { getUserCrud, getSessionCrud } from './modules';
 
 const dbLogger = getChildLogger({ msgPrefix: 'DATABASE' });
 
@@ -55,6 +55,9 @@ const prisma = prismaBase.$extends({
     user: {
       ...getUserCrud(prismaBase),
     },
+    session: {
+      ...getSessionCrud(prismaBase),
+    },
   },
 });
 

diff --git a/api/src/env/getters.ts b/api/src/env/getters.ts
@@ -1,3 +1,5 @@
+import ms from 'ms';
+
 export const getJwtSecret = (): string => {
   if (!process.env.JWT_SECRET) {
     if (process.env.NODE_ENV === 'production') {
@@ -6,3 +8,21 @@ export const getJwtSecret = (): string => {
   }
   return process.env.JWT_SECRET || 'dev';
 };
+
+export const getJwtExpirationPeriod = (): string => {
+  if (!process.env.JWT_EXPIRATION_PERIOD) {
+    return '7d';
+  }
+  // check if number of seconds is provided
+  const expirationSeconds = Number(process.env.JWT_EXPIRATION_PERIOD);
+  if (!Number.isNaN(expirationSeconds)) {
+    // https://www.npmjs.com/package/jsonwebtoken for `expiresIn` format
+    return ms(expirationSeconds * 1000);
+  }
+  // check if a valid time string is provided
+  const expirationMs = ms(process.env.JWT_EXPIRATION_PERIOD);
+  if (!expirationMs) {
+    throw new Error('JWT_EXPIRATION_PERIOD must be a number of seconds or ms string');
+  }
+  return process.env.JWT_EXPIRATION_PERIOD;
+};
diff --git a/api/src/env/index.ts b/api/src/env/index.ts
@@ -1,11 +1,10 @@
 import dotenv from 'dotenv';
-import { getJwtSecret } from './getters';
+import { getJwtSecret, getJwtExpirationPeriod } from './getters';
 
 dotenv.config();
 
 export const JWT_SECRET = getJwtSecret();
 export const PORT = Number(process.env.PORT ?? '3000');
 export const isDevelopment = process.env.NODE_ENV === 'development';
 export const AUTH_SIGNUP_ENABLED = Boolean(process.env.AUTH_SIGNUP_ENABLED);
-// https://www.npmjs.com/package/jsonwebtoken for `expiresIn` format
-export const JWT_EXPIRATION_PERIOD: number | string = process.env.JWT_EXPIRATION_PERIOD_SECONDS ? Number(process.env.JWT_EXPIRATION_PERIOD_SECONDS) : '7d';
+export const JWT_EXPIRATION_PERIOD: string = getJwtExpirationPeriod();