prolifode / deno_rest Goto Github PK

Hello,

Looks like something is missing.

PS C:\Users\yuriy\OneDrive\Documents\GitHub\deno_rest> denon start
denon : The term 'denon' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1

• denon start

•   + CategoryInfo          : ObjectNotFound: (denon:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
  
  

User should be able to change password.

** Requirements**

• 1. POST API should accept following headers and parameters:

// Headers:
bearer token in the auth headers - we generated from the reset-password api

// POST body should have these parameters:
newPassword:'SomenEWpAssWord'  

• 2. Create a new service in auth.service.ts to change the password:
  It should first verify the auth token and if its valid and not expired, we should straight away update user's password with new AES_ENCRYPTED password and respond back with 200 HTTP status

New Users should be able to sign up with Email and Password

Requirements

• 1. API should accept following parameters as POST body in JSON format.
  NOTE Api should be public and not required any auth headers
  create a function named signup in user.service.ts

{
	"name":"User Name",
	"email":"[email protected]",
	"password":"123456",
}

• 2. Once user requests above api, it should :
• Validate all the parameters correctly
• Send Email with sendgrid to user containing an email verification link in following format:

Hello [USER_NAME],
Please click on following link or Copy/Paste in your web browser to verify your email address.
http://domain.com/user/verify-email?token=[AES_ENCRYPTED_KEY]

• Note that, AES_ENCRYPTED_KEY must be stored in a separate mongo collection called verification along with user reference to fetch it later.
• AES_ENCRYPTED_KEY should be created using random characters and a SALT from the .env

example of verification document:

{
    "blacklisted": false,  // will be used later if we need to blacklist a key
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZTZiNGZlOTc2NmE3YTFmMjgxZWQzYjIiLCJpYXQiOjE1ODQwOTExMjcsImV4cCI6MTU4NjY4MzEyN30.YVo52NeI-Aju02ENTUOg6ch5En_94i2G8rA7x1WjNDY",  // AES_ENCRYPTED_KEY
    "email": "[email protected]",  // User's Email
    "createdAt": "2020-03-13T09:18:47.247Z",
    "updatedAt":"2020-03-13T09:18:47.247Z",
    "__v": 0
}

• 3. Add another field in user.model.ts to save status if user has verified his email address.

export interface UserSchema {
 ...
 ...
  isVerified : boolean;
 ...
 ...
}

• 4. Save User in user collection with isVerified :false, role: config.roles[0] i.e. user

Email Verification API

• 5. Once user clicks the link, We need to check if the token value in the URL query string EXISTS in the collection verification. This should be done via a service in auth.service.ts. In case it doesn't exists, it should throw an error with 404 HTTP status.

• 6. If its valid AES_ENCRYPTED_KEY, and exists in the database, proceed next task,

• 7. Now we have verification document in our hands. Now simply fetch user from the user model and update isVerified:true and delete the verification document and respond with 200 HTTP status.

At this stage we should have a new user successfully signed up.

Deno version 1.21.0 is released, BDD is now part of standard library. Now external dependency for BDD style tests can be excluded

Hi,

i noticed that youre encrypting passwords using AES.
That is a really, really bad idea. One should only hash passwords.

Use argon2 or bcrypt to actually hash the password (with an salt)

Current Validation library Yup does not support nested array validation. Whereas Computed Typed looks promising in terms of advanced validation for arrays and custom validation scripts.
https://deno.land/x/computed_types

TODO:

• Add optional validator computed_types (https://deno.land/x/computed_types)

Hello,

Which AES key generator should I use for generating a valid key for configuration?
https://asecuritysite.com/encryption/keygen

And if AES key is not valid then programs return "users.json file not found", it is not correct.
Please add a process for the error message 'Invalid IV size' in the seed.ts

I am trying to run this project in my local machine. Even after following all the instructions in the Readme.md, I am unable to run this app using "denon start" command. I'm getting following error:

error: TS2322 [ERROR]: Type 'string | undefined' is not assignable to type 'JsonValue'.
  Type 'undefined' is not assignable to type 'JsonValue'.
      id,
      ~~
    at file:///D:/Projects/deno_rest/helpers/jwt.helper.ts:30:7

    The expected type comes from this index signature.
      [key: string]: JsonValue;
      ~~~~~~~~~~~~~~~~~~~~~~~~~
        at https://deno.land/x/[email protected]/mod.ts:25:3

This error is caused by the following code in jwt.helper.ts

const payload: Payload = {
  iss: "deno_rest",
  iat: now,
  id, 
  exp,
};

Could you add support to work with files? Upload/Download user-profiles picture(s).

I had a problem when install dependencies by running script reload_deps.sh.
How to fix it?

##Deno i'm using

% deno --version
deno 1.13.2 (release, x86_64-apple-darwin)
v8 9.3.345.11
typescript 4.3.5

• I had also tried deno 1.11.5, the error is same

##Here is the error:

Check file:///Volumes/Data/work/tokenomic/deno_rest/deps.ts
error: TS2345 [ERROR]: Argument of type '"jwk"' is not assignable to parameter of type '"raw"'.
        "jwk",
        ~~~~~
    at https://deno.land/x/[email protected]/src/aes/aes_wc.ts:25:9

TS2345 [ERROR]: Argument of type '"jwk"' is not assignable to parameter of type '"raw"'.
    "jwk",
    ~~~~~
    at https://deno.land/x/[email protected]/src/rsa/rsa_wc.ts:55:5

TS2304 [ERROR]: Cannot find name 'HmacKeyAlgorithm'.
): algorithm is HmacKeyAlgorithm | RsaHashedKeyAlgorithm {
                ~~~~~~~~~~~~~~~~
    at https://deno.land/x/[email protected]/algorithm.ts:24:17

TS2304 [ERROR]: Cannot find name 'RsaHashedKeyAlgorithm'.
): algorithm is HmacKeyAlgorithm | RsaHashedKeyAlgorithm {
                                   ~~~~~~~~~~~~~~~~~~~~~
    at https://deno.land/x/[email protected]/algorithm.ts:24:36

TS2304 [ERROR]: Cannot find name 'EcKeyAlgorithm'.
): algorithm is EcKeyAlgorithm {
                ~~~~~~~~~~~~~~
    at https://deno.land/x/[email protected]/algorithm.ts:30:17

TS2339 [ERROR]: Property 'hash' does not exist on type 'KeyAlgorithm'.
        return keyAlgorithm.hash.name === algAlgorithm.hash.name;
                            ~~~~
    at https://deno.land/x/[email protected]/algorithm.ts:47:29

TS2339 [ERROR]: Property 'namedCurve' does not exist on type 'never'.
        return keyAlgorithm.namedCurve === algAlgorithm.namedCurve;
                            ~~~~~~~~~~
    at https://deno.land/x/[email protected]/algorithm.ts:49:29

If is it possible could you also add in the TODO List the following two points

1. Document and Schema Version Controls (history of changes)
2. Logging of changes for Audit (who, when, and what changed in the document)

You have a good project with best practice for learning Deno from scratch

User should be able to request reset password via an API.

Requirements:

• 1. API should accept email in plain text and send an email to email and respond with 200 HTTP status.

• 2. To send Email, we can use Sendgrid https://deno.land/x/[email protected]
  We will need a sendgrid api key to use it. and documentation for sendgrid is located at https://sendgrid.com/docs/for-developers/sending-email/api-getting-started/

• 3. Email body should consists of one time unique reset password link in this format:

Hello [USER_NAME],
Please click on following link or Copy/Paste in your web browser to reset your password.
http://domain.com/user/reset-password?reset=[AES_ENCRYPTED_KEY]

• Note that, AES_ENCRYPTED_KEY must be stored in a separate mongo collection called reset-password along with user reference to fetch it later.
• AES_ENCRYPTED_KEY should be created using random characters and a SALT from the .env
• Each document must have an expiry date to later verify if link is expired or not.
• Expiry duration should be stored in .env with variable name RESET_PASS_EXP=3600 with seconds as unit

example of reset-password document:

{
    "blacklisted": false,  // will be used later if we need to blacklist a key
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZTZiNGZlOTc2NmE3YTFmMjgxZWQzYjIiLCJpYXQiOjE1ODQwOTExMjcsImV4cCI6MTU4NjY4MzEyN30.YVo52NeI-Aju02ENTUOg6ch5En_94i2G8rA7x1WjNDY",  // AES_ENCRYPTED_KEY
    "email": "[email protected]",  // User's Email
    "expires":"2020-04-12T09:18:47.233Z", // expiry date
    "createdAt": "2020-03-13T09:18:47.247Z",
    "updatedAt":"2020-03-13T09:18:47.247Z",
    "__v": 0
}

Reset Password Verification API

• 4. Once user clicks the link, We need to check if the reset value in the URL query string EXISTS and NOT EXPIRED in the collection reset-password. This should be done via a service in auth.service.ts. In case it doesn't exists, it should throw an error with 404 HTTP status.

• 5. If its valid AES_ENCRYPTED_KEY, and exists in the database, we should fetch user with avaialable email value from reset-password document. Then, we need to generate a n auth token and respond back with same response as we do in the login API.

• 6. Now we have auth token in hands. We can send this auth token to a seperate API headers to change the password #13

How to correctly fix these problems?

To enhance this boilerplate further add support for cli toolkit, which will act as a project generator and will be easier to maintain its features.

How to set ENV=development for debugging the application in the VSC?

After updating, Deno v1.11.0 I am getting typeError in encryption.

const aes = new AES(this.key, { mode: "cbc", iv: this.salt }); // This works proper
const cipher = await aes.encrypt(str); // Error genrates from here.

Error is:
TypeError: crypto.subtle.importKey is not a function at WebCryptoAES.loadKey (https://deno.land/x/[email protected]/src/aes/aes_wc.ts:24:39) at WebCryptoAES.encrypt (https://deno.land/x/[email protected]/src/aes/aes_wc.ts:37:28) at AES.encrypt (https://deno.land/x/[email protected]/src/aes/mod.ts:40:43)

Improved Project Documentation

Description:

I am requesting more detailed documentation for the deno_rest project. The current documentation seems [brief], and I believe that providing more detailed information on

• how to create new module
• how to create new api
• common api response structure for frontend
• all api through postman,
• more detailed code explanation
• one click module creation, for example it will ask some information related to new module in form submit in vscode and all files related to that module will be created.
• deeper WebSocket best practice example
• api for multipart-form data (file upload)
• pagination best practice example

would greatly benefit the community.

Thank you for your attention to this matter.