prolifode / deno_rest Goto Github PK
View Code? Open in Web Editor NEWA Boilerplate for deno RESTful apis
License: MIT License
A Boilerplate for deno RESTful apis
License: MIT License
Hello,
Looks like something is missing.
PS C:\Users\yuriy\OneDrive\Documents\GitHub\deno_rest> denon start
denon : The term 'denon' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ CategoryInfo : ObjectNotFound: (denon:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
User should be able to change password.
** Requirements**
// Headers:
bearer token in the auth headers - we generated from the reset-password api
// POST body should have these parameters:
newPassword:'SomenEWpAssWord'
auth.service.ts
to change the password:AES_ENCRYPTED
password and respond back with 200 HTTP statusNew Users should be able to sign up with Email and Password
Requirements
signup
in user.service.ts
{
"name":"User Name",
"email":"[email protected]",
"password":"123456",
}
Hello [USER_NAME],
Please click on following link or Copy/Paste in your web browser to verify your email address.
http://domain.com/user/verify-email?token=[AES_ENCRYPTED_KEY]
AES_ENCRYPTED_KEY
must be stored in a separate mongo collection called verification
along with user reference to fetch it later.AES_ENCRYPTED_KEY
should be created using random characters and a SALT
from the .env
example of verification
document:
{
"blacklisted": false, // will be used later if we need to blacklist a key
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZTZiNGZlOTc2NmE3YTFmMjgxZWQzYjIiLCJpYXQiOjE1ODQwOTExMjcsImV4cCI6MTU4NjY4MzEyN30.YVo52NeI-Aju02ENTUOg6ch5En_94i2G8rA7x1WjNDY", // AES_ENCRYPTED_KEY
"email": "[email protected]", // User's Email
"createdAt": "2020-03-13T09:18:47.247Z",
"updatedAt":"2020-03-13T09:18:47.247Z",
"__v": 0
}
user.model.ts
to save status if user has verified his email address.export interface UserSchema {
...
...
isVerified : boolean;
...
...
}
user
collection with isVerified :false, role: config.roles[0]
i.e. userEmail Verification API
5. Once user clicks the link, We need to check if the token
value in the URL query string EXISTS in the collection verification
. This should be done via a service in auth.service.ts
. In case it doesn't exists, it should throw an error with 404 HTTP status.
6. If its valid AES_ENCRYPTED_KEY
, and exists in the database, proceed next task,
7. Now we have verification
document in our hands. Now simply fetch user from the user
model and update isVerified:true
and delete the verification
document and respond with 200 HTTP status.
At this stage we should have a new user successfully signed up.
Deno version 1.21.0 is released, BDD is now part of standard library. Now external dependency for BDD style tests can be excluded
Hi,
i noticed that youre encrypting passwords using AES.
That is a really, really bad idea. One should only hash passwords.
Use argon2 or bcrypt to actually hash the password (with an salt)
Current Validation library Yup
does not support nested array validation. Whereas Computed Typed looks promising in terms of advanced validation for arrays and custom validation scripts.
https://deno.land/x/computed_types
TODO:
Hello,
Which AES key generator should I use for generating a valid key for configuration?
https://asecuritysite.com/encryption/keygen
And if AES key is not valid then programs return "users.json file not found", it is not correct.
Please add a process for the error message 'Invalid IV size' in the seed.ts
I am trying to run this project in my local machine. Even after following all the instructions in the Readme.md, I am unable to run this app using "denon start" command. I'm getting following error:
error: TS2322 [ERROR]: Type 'string | undefined' is not assignable to type 'JsonValue'.
Type 'undefined' is not assignable to type 'JsonValue'.
id,
~~
at file:///D:/Projects/deno_rest/helpers/jwt.helper.ts:30:7
The expected type comes from this index signature.
[key: string]: JsonValue;
~~~~~~~~~~~~~~~~~~~~~~~~~
at https://deno.land/x/[email protected]/mod.ts:25:3
This error is caused by the following code in jwt.helper.ts
const payload: Payload = {
iss: "deno_rest",
iat: now,
id,
exp,
};
Could you add support to work with files? Upload/Download user-profiles picture(s).
I had a problem when install dependencies by running script reload_deps.sh
.
How to fix it?
##Deno i'm using
% deno --version
deno 1.13.2 (release, x86_64-apple-darwin)
v8 9.3.345.11
typescript 4.3.5
1.11.5
, the error is same##Here is the error:
Check file:///Volumes/Data/work/tokenomic/deno_rest/deps.ts
error: TS2345 [ERROR]: Argument of type '"jwk"' is not assignable to parameter of type '"raw"'.
"jwk",
~~~~~
at https://deno.land/x/[email protected]/src/aes/aes_wc.ts:25:9
TS2345 [ERROR]: Argument of type '"jwk"' is not assignable to parameter of type '"raw"'.
"jwk",
~~~~~
at https://deno.land/x/[email protected]/src/rsa/rsa_wc.ts:55:5
TS2304 [ERROR]: Cannot find name 'HmacKeyAlgorithm'.
): algorithm is HmacKeyAlgorithm | RsaHashedKeyAlgorithm {
~~~~~~~~~~~~~~~~
at https://deno.land/x/[email protected]/algorithm.ts:24:17
TS2304 [ERROR]: Cannot find name 'RsaHashedKeyAlgorithm'.
): algorithm is HmacKeyAlgorithm | RsaHashedKeyAlgorithm {
~~~~~~~~~~~~~~~~~~~~~
at https://deno.land/x/[email protected]/algorithm.ts:24:36
TS2304 [ERROR]: Cannot find name 'EcKeyAlgorithm'.
): algorithm is EcKeyAlgorithm {
~~~~~~~~~~~~~~
at https://deno.land/x/[email protected]/algorithm.ts:30:17
TS2339 [ERROR]: Property 'hash' does not exist on type 'KeyAlgorithm'.
return keyAlgorithm.hash.name === algAlgorithm.hash.name;
~~~~
at https://deno.land/x/[email protected]/algorithm.ts:47:29
TS2339 [ERROR]: Property 'namedCurve' does not exist on type 'never'.
return keyAlgorithm.namedCurve === algAlgorithm.namedCurve;
~~~~~~~~~~
at https://deno.land/x/[email protected]/algorithm.ts:49:29
If is it possible could you also add in the TODO List the following two points
You have a good project with best practice for learning Deno from scratch
User should be able to request reset password via an API.
Requirements:
1. API should accept email
in plain text and send an email to email
and respond with 200 HTTP status.
2. To send Email, we can use Sendgrid https://deno.land/x/[email protected]
We will need a sendgrid api key to use it. and documentation for sendgrid is located at https://sendgrid.com/docs/for-developers/sending-email/api-getting-started/
3. Email body should consists of one time unique reset password link in this format:
Hello [USER_NAME],
Please click on following link or Copy/Paste in your web browser to reset your password.
http://domain.com/user/reset-password?reset=[AES_ENCRYPTED_KEY]
AES_ENCRYPTED_KEY
must be stored in a separate mongo collection called reset-password
along with user reference to fetch it later.AES_ENCRYPTED_KEY
should be created using random characters and a SALT
from the .env
expiry
date to later verify if link is expired or not..env
with variable name RESET_PASS_EXP=3600
with seconds as unitexample of reset-password
document:
{
"blacklisted": false, // will be used later if we need to blacklist a key
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZTZiNGZlOTc2NmE3YTFmMjgxZWQzYjIiLCJpYXQiOjE1ODQwOTExMjcsImV4cCI6MTU4NjY4MzEyN30.YVo52NeI-Aju02ENTUOg6ch5En_94i2G8rA7x1WjNDY", // AES_ENCRYPTED_KEY
"email": "[email protected]", // User's Email
"expires":"2020-04-12T09:18:47.233Z", // expiry date
"createdAt": "2020-03-13T09:18:47.247Z",
"updatedAt":"2020-03-13T09:18:47.247Z",
"__v": 0
}
Reset Password Verification API
4. Once user clicks the link, We need to check if the reset
value in the URL query string EXISTS and NOT EXPIRED in the collection reset-password
. This should be done via a service in auth.service.ts
. In case it doesn't exists, it should throw an error with 404 HTTP status.
5. If its valid AES_ENCRYPTED_KEY
, and exists in the database, we should fetch user with avaialable email
value from reset-password
document. Then, we need to generate a n auth token and respond back with same response as we do in the login API.
6. Now we have auth token in hands. We can send this auth token to a seperate API headers to change the password #13
To enhance this boilerplate further add support for cli toolkit, which will act as a project generator and will be easier to maintain its features.
How to set ENV=development for debugging the application in the VSC?
After updating, Deno v1.11.0 I am getting typeError in encryption.
const aes = new AES(this.key, { mode: "cbc", iv: this.salt }); // This works proper
const cipher = await aes.encrypt(str); // Error genrates from here.
Error is:
TypeError: crypto.subtle.importKey is not a function at WebCryptoAES.loadKey (https://deno.land/x/[email protected]/src/aes/aes_wc.ts:24:39) at WebCryptoAES.encrypt (https://deno.land/x/[email protected]/src/aes/aes_wc.ts:37:28) at AES.encrypt (https://deno.land/x/[email protected]/src/aes/mod.ts:40:43)
Description:
I am requesting more detailed documentation for the deno_rest
project. The current documentation seems [brief], and I believe that providing more detailed information on
would greatly benefit the community.
Thank you for your attention to this matter.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.