Merge pull request #25 from atlp-rwanda/ft-update-role-and-auth

Ft update role and auth

app.ts

@@ -2,12 +2,14 @@ import express, { Request, Response } from "express";
 import userRoutes from "./src/routes/user.route";
 import swaggerUi from 'swagger-ui-express';
 import specs from './swagger.config';
+import morgan from "morgan";
 
 const app = express();
 
 app.use(express.json());
+app.use(morgan("dev"))
 
-app.get('/', (_req: Request, res: Response) => {
+app.get('/',(_req: Request, res: Response) => {
     return res.json({ message: "welcome to ATLP Backend APIs" });
 });
 app.use('/api/users', userRoutes);

docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3.8'
+version: '3.9'
 
 services:
   postgresdb:
@@ -27,5 +27,5 @@ services:
       - DB_NAME=${DB_NAME}
       - DB_PORT=${POSTGRESDB_LOCAL_PORT}
 
-volumes: 
-  db_data:
+volumes:
+  db_data:

jest.config.js

@@ -9,7 +9,7 @@ module.exports = {
   resetMocks: true,
   restoreMocks: true,
   clearMocks: true,
-  testTimeout:30000,
+  testTimeout:60000,
   coverageReporters: ['html', 'text', 'lcov'],
   coverageDirectory: 'coverage',
   testPathIgnorePatterns: ['/node_modules/']

package.json

@@ -12,6 +12,7 @@
     "express": "^4.19.2",
     "joi": "^17.13.1",
     "jsonwebtoken": "^9.0.2",
+    "morgan": "^1.10.0",
     "nodemailer": "^6.9.13",
     "nodemon": "^3.1.0",
     "pg": "^8.11.5",

src/__test__/authMiddleware.test.ts

@@ -0,0 +1,95 @@
+import { Request, Response, NextFunction } from "express";
+import { protectRoute, restrictTo } from "../middlewares/auth.middleware";
+// import jwt from "jsonwebtoken";
+
+type Headers = {
+  authorization?: string;
+};
+
+const mockRequest = (headers: Headers = {}) => {
+  return {
+    headers: {
+      authorization: headers.authorization || "",
+    },
+    user: undefined,
+  } as Partial<Request>;
+};
+
+const mockResponse = () => {
+  const res = {} as Partial<Response>;
+  res.status = jest.fn().mockReturnValue(res);
+  res.json = jest.fn().mockReturnValue(res);
+  return res;
+};
+
+const mockNext = () => jest.fn() as NextFunction;
+
+describe("Authontication middleware", () => {
+  test("should throw missing authorization error", () => {
+    const req = mockRequest({ authorization: "" });
+    const res = mockResponse();
+    const next = mockNext();
+
+    protectRoute(req as Request, res as Response, next);
+
+    expect(res.status).toHaveBeenCalledWith(401);
+    expect(res.json).toHaveBeenCalledWith({
+      message: "Authorization header missing",
+    });
+  });
+  test("should return 401 if JWT_SECRET is missing", async () => {
+    const req = mockRequest({
+      authorization: "Bearer valid.token.here",
+    });
+    const res = mockResponse();
+    const next = mockNext();
+
+    const originalSecret = process.env.JWT_SECRET;
+    delete process.env.JWT_SECRET;
+    await protectRoute(req as Request, res as Response, next as NextFunction);
+    expect(res.status).toHaveBeenCalledWith(401);
+    expect(res.json).toHaveBeenCalledWith({ message: "JWT_SECRET is missing" });
+
+    process.env.JWT_SECRET = originalSecret;
+  });
+  test("should return 401 if token is invalid", async () => {
+    const req = mockRequest({
+      authorization: "Bearer invalid.token.here",
+    });
+    const res = mockResponse();
+    const next = mockNext();
+
+    await protectRoute(req as Request, res as Response, next);
+
+    expect(res.status).toHaveBeenCalledWith(401);
+    expect(res.json).toHaveBeenCalledWith({
+      message: "Unauthorized request, Try again",
+    });
+  });
+});
+describe("restrictTo middleware", () => {
+  let req: Partial<Request>;
+  let res: Partial<Response>;
+  let next: jest.Mock;
+
+  beforeEach(() => {
+    req = {
+      user: {
+        role: "admin", // Simulate an admin user
+      },
+    };
+    res = {
+      status: jest.fn(),
+      json: jest.fn(),
+    };
+    next = jest.fn();
+  });
+
+  test("should allow access for permitted roles", () => {
+    const middleware = restrictTo("admin");
+
+    middleware(req as Request, res as Response, next);
+
+    expect(next).toHaveBeenCalled();
+  });
+});