feat: added rbac flow to the apis | partial cmt

Author: WillACosta

.DS_Store

@@ -2,4 +2,4 @@ docs/examples
 node_modules/
 .env
 *.pdf
-dist/
+dist/

.gitignore

@@ -90,3 +90,34 @@ The documentation process is automated using `swagger-ui-express` and `swagger-j
 During the build process the application will handle the route comments and generate the final `OpenApi` specification for the `Swagger UI`.
 
 After that you will be able to access: `localhost:3000/docs` in your browser and see the docs.
+
+> The application will be available at `http://localhost:3000`.
+
+## Prisma ORM
+
+This project uses Prisma ORM (Object-Relational Mapping), at every modifications related to the database schema,
+a new migration is needed, create a new one running:
+
+```shell
+npx prisma migrate dev
+```
+
+After that generate a new prisma client instance with:
+
+```shell
+npx prisma generate
+```
+
+## Authenticating and RBAC
+
+This projects uses `jwt` for authenticating users and managing session, also it uses Role-Based Access Control for limiting some aspects of the API, such as users management.
+
+The current supported roles are: [`admin`, `user`]:
+
+| Endpoint                    | Admin                 | User                  |
+| --------------------------- | --------------------- | --------------------- |
+| GET users/                  | <ul><li>[x]</li></ul> | <ul><li>[x]</li></ul> |
+| PATCH users/                | <ul><li>[x]</li></ul> | <ul><li>[x]</li></ul> |
+| PATCH users/change-role/:id | <ul><li>[x]</li></ul> |                       |
+| GET users/all               | <ul><li>[x]</li></ul> |                       |
+| DELETE users/:id            | <ul><li>[x]</li></ul> |                       |

README.md

@@ -1,34 +1,34 @@
 Generate the JSDocs comments using OpenAPI for the following API specs:
 
 ```yaml
-endpoint name: /users/all
-# path parameter type: string
-method: GET
+endpoint name: /users/change-role/{id}
+path parameter type: string
+method: Delete
+tags: [Users]
 request body: {
-  "name": "John Doe",
-	"email": "[email protected]",
+  "role": ["admin", "user"]
 }
-summary: Returns all users
+summary: Update a user role and return it, this route is used only by admins
 200_response: {
 	"success": true,
 	"data": [
     {
       "id": "367b2539-bef4-412b-b94d-c9d2178dcdaa",
       "name": "John Doe",
       "email": "[email protected]",
-      "createdAt": "2024-09-30T21:04:18.656Z"
+      "createdAt": "2024-09-30T21:04:18.656Z",
+      "role": "user"
     }
   ]
 }
-# 400_response: {
-#   "success": false,
-#   "error": {
-#     "message": [
-#       "Invalid email address",
-# 			"name field is required"
-#     ]
-#   }
-# }
+400_response: {
+  "success": false,
+  "error": {
+    "message": [
+      "Role is required.",
+    ]
+  }
+}
 headers: {
   "Content-Type": "application/json",
   "Authorization": "Bearer <token>"

docs/prompts/generate-openapi-jsdocs.md

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Users" ADD COLUMN     "role" TEXT;

prisma/migrations/20241214154053_added_rbac_field/migration.sql

@@ -19,4 +19,5 @@ model Users {
   email     String   @unique
   password  String
   name      String?
+  role      String?
 }

prisma/schema.prisma

@@ -14,12 +14,16 @@ export const userCredentialsSchema = z.object({
 
 export const updateUserSchema = z.object({
 	email: z.string().email('Invalid email address'),
-	name: z.string().min(1, 'name field is required'),
+	name: z.string().min(1, 'Name field is required'),
+})
+
+export const changeUserRoleSchema = z.object({
+	role: z.enum(['admin', 'user'], { required_error: 'Role is required' }),
 })
 
 export const translateTextSchema = z.object({
 	text: z.string().min(1, 'text field is required'),
-	language: z.string().min(1, 'language field is required'),
+	language: z.string().min(1, 'Language field is required'),
 })
 
 export const validateRequestBody = (schema: z.ZodSchema<any>) => {

src/common/middlewares/body-validation.middleware.ts

@@ -0,0 +1,32 @@
+import { NextFunction, Request, Response } from 'express'
+
+import { userDatProvider } from '@/di'
+import { UserRoles } from '@/modules/users/core'
+
+export function hasPermission(role: UserRoles) {
+	const userProvider = userDatProvider
+
+	return (req: Request, res: Response, next: NextFunction) => {
+		const { user } = req.body
+
+		userProvider.getUserById(user.id).then((user) => {
+			if (!user) {
+				return res.status(403).json({
+					success: false,
+					error: {
+						message: 'Invalid access token provided, please sign-in again.',
+					},
+				})
+			}
+
+			if (user?.role !== role) {
+				return res.status(403).json({
+					status: false,
+					error: `You need to be a ${role} to access this functionality.`,
+				})
+			}
+
+			return next()
+		})
+	}
+}

src/common/middlewares/check-permission.middleware.ts

@@ -1,2 +1,3 @@
 export * from './body-validation.middleware'
+export * from './check-permission.middleware'
 export * from './is-authenticated.middleware'

src/common/middlewares/index.ts

@@ -10,13 +10,15 @@ export class AuthController {
 	constructor(private _userDataProvider: UserDataProvider) {}
 
 	register = async (req: Request<UserParams>, res: Response) => {
-		const { password, ...user } = req.body
+		const { password, role, ...user } = req.body
 		const encryptedPassword = this._encryptPassword(password)
+		const currentRole = role ?? 'user'
 
 		this._userDataProvider
 			.insert({
 				...user,
 				password: encryptedPassword,
+				role: currentRole,
 			})
 			.then((user) => {
 				return res.status(201).json({
@@ -72,6 +74,7 @@ export class AuthController {
 						name: user.name,
 						email: user.email,
 						createdAt: user.createdAt,
+						role: user.role,
 					},
 					token: this._generateAccessToken(user),
 				},