Add Auth & Account routes

.eslintrc.js

@@ -21,6 +21,11 @@ module.exports = {
     '@typescript-eslint/explicit-function-return-type': 'off',
     '@typescript-eslint/explicit-module-boundary-types': 'off',
     '@typescript-eslint/no-explicit-any': 'off',
-    "@typescript-eslint/no-unused-vars": ["error", {varsIgnorePattern: /^_/}]
+    "@typescript-eslint/no-unused-vars": [
+			"error",
+			{
+				argsIgnorePattern: "^_",
+			},
+		]
   },
 };

.vscode/settings.json

@@ -1,5 +1,13 @@
 {
-	"cSpell.words": ["dbdocs", "dbml", "Mikro", "nestjs", "openapi", "redocly"],
+	"cSpell.words": [
+		"dbdocs",
+		"dbml",
+		"Mikro",
+		"nestjs",
+		"openapi",
+		"redocly",
+		"usecases"
+	],
 
 	// Add a vertical line on the 80 characters limit
 	"editor.rulers": [80],

database.dbml

@@ -79,13 +79,24 @@ Ref: recurrent_transactions.id - configs.salary_id [delete: set null]
 Table magic_link_codes {
 	account_id char(16) [pk] // See Ref magic_link_codes.account_id
   code char(32) [not null]
-  created_at timestamp [not null]
+  is_first_access boolean [not null]
+  created_at timestamp [default: `now()`, not null]
 
 	note: "Contains codes to be used by the users to login"
 }
 
 Ref: accounts.id - magic_link_codes.account_id [delete: cascade]
 
+Table refresh_tokens {
+	account_id char(16) [pk] // See Ref refresh_tokens.account_id
+  refresh_token char(64) [not null]
+  created_at timestamp [default: `now()`, not null]
+
+	note: "Contains codes to be used to refresh the access token"
+}
+
+Ref: accounts.id - refresh_tokens.account_id [delete: cascade]
+
 //
 //
 // Subscriptions

openapi/components/fields/access-token.yaml

@@ -0,0 +1,5 @@
+description: |
+  Access token used to make requests. Short lived, should be refreshed with the `refreshToken` when it expires (`expiresAt`).
+type: string
+examples:
+  - 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'

openapi/components/fields/email.yaml

@@ -0,0 +1,5 @@
+description: User's email
+type: string
+format: email
+examples:
+  - [email protected]

openapi/components/fields/expires-at.yaml

@@ -0,0 +1,4 @@
+description: |
+  Expiration date of the `accessToken`
+type: string
+format: date-time

openapi/components/fields/phone.yaml

@@ -0,0 +1,4 @@
+description: User's complete phone number, including country code
+type: string
+examples:
+  - '+5511999999999'

openapi/components/fields/refresh-token.yaml

@@ -0,0 +1,5 @@
+description: |
+  Long lived token, used to generate other `accessToken`s
+type: string
+examples:
+  - 'ZBwidKKKfaCayu6bajbG066Tu49b6uSaVBtTKcek2Gp6lje7Zt0RCT9B6I2Azu6f'

openapi/components/fields/timezone.yaml

@@ -0,0 +1,19 @@
+description: User's timezone
+type: string
+enum:
+  - America/Araguaina
+  - America/Bahia
+  - America/Belem
+  - America/Boa_Vista
+  - America/Campo_Grande
+  - America/Cuiaba
+  - America/Eirunepe
+  - America/Fortaleza
+  - America/Maceio
+  - America/Manaus
+  - America/Noronha
+  - America/Porto_Velho
+  - America/Recife
+  - America/Rio_Branco
+  - America/Santarem
+  - America/Sao_Paulo

openapi/components/schemas/auth-response-content.yaml

@@ -1,24 +1,13 @@
 type: object
-title: Auth Response Content
+title: Auth response content
 required:
   - accessToken
   - refreshToken
   - expiresAt
 properties:
   accessToken:
-    description: |
-      Access token used to make requests. Short lived, should be refreshed with the `refreshToken` when it expires (`expiresAt`).
-    type: string
-    examples:
-      - "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
+    $ref: ../fields/access-token.yaml
   refreshToken:
-    description: |
-      Long lived token, used to generate other `accessToken`s
-    type: string
-    examples:
-      - "ZBwidKKKfaCayu6bajbG066Tu49b6uSaVBtTKcek2Gp6lje7Zt0RCT9B6I2Azu6f"
+    $ref: ../fields/refresh-token.yaml
   expiresAt:
-    description: |
-      Expiration date of the `accessToken`
-    type: string
-    format: date-time
+    $ref: ../fields/expires-at.yaml

openapi/components/schemas/auth-with-3rd-party.yaml

@@ -0,0 +1,19 @@
+type: object
+title: Auth with Third Party Provider
+required:
+  - code
+  - timezone
+properties:
+  code:
+    description: Code returned by the auth provider
+    type: string
+    examples:
+      - example
+  originUrl:
+    description: The origin of this request, same url used for `redirect_uri`
+    type: string
+    format: url
+    examples:
+      - https://example.com/google
+  timezone:
+    $ref: ../fields/timezone.yaml

openapi/openapi.yaml

@@ -72,6 +72,8 @@ paths:
     $ref: paths/auth/phone.yaml
   /auth/code:
     $ref: paths/auth/code.yaml
+  /auth/refresh:
+    $ref: paths/auth/refresh.yaml
 
   /accounts/iam:
     $ref: paths/accounts/iam.yaml

openapi/paths/accounts/iam.yaml

@@ -8,7 +8,7 @@ get:
   security:
     - bearer: []
   responses:
-    "200":
+    '200':
       description: |
         Returns user's data
       content:
@@ -23,15 +23,11 @@ get:
                 description: User's ID
                 type: string
                 format: uuid
-              google:
-                description: Google's information
-                type: object
-                properties:
-                  id:
-                    description: User's Google's ID
-                    type: string
+              googleId:
+                description: User's Google's ID
+                type: string
               subscription:
                 $ref: ../../components/entities/Subscription.yaml
 
-    "401":
+    '401':
       $ref: ../../components/responses/unauthorized.yaml

openapi/paths/auth/code.yaml

@@ -12,13 +12,18 @@ post:
           type: object
           title: Exchange magic link code
           required:
+            - accountId
             - code
           properties:
+            accountId:
+              description: User's ID
+              type: string
+              format: uuid
             code:
               description: Code sent by us to the user
               type: string
               examples:
-                - "ZBwidKKKfaCayu6bajbG066Tu49b6uSa"
+                - 'ZBwidKKKfaCayu6bajbG066Tu49b6uSa'
     required: true
   responses:
-    $ref: ../../components/responses/third-party-auth.yaml
+    $ref: ../../components/responses/auth.yaml

openapi/paths/auth/email.yaml

@@ -13,15 +13,14 @@ post:
           title: Auth with email
           required:
             - email
+            - timezone
           properties:
             email:
-              description: User's email
-              type: string
-              format: email
-              examples:
-                - [email protected]
+              $ref: ../../components/fields/email.yaml
+            timezone:
+              $ref: ../../components/fields/timezone.yaml
     required: true
   responses:
-    "201":
+    '204':
       description: |
         A magic link was sent to the user's email

openapi/paths/auth/google.yaml

@@ -9,7 +9,7 @@ post:
     content:
       application/json:
         schema:
-          $ref: ../../components/schemas/auth-with-third-party.yaml
+          $ref: ../../components/schemas/auth-with-3rd-party.yaml
     required: true
   responses:
-    $ref: ../../components/responses/third-party-auth.yaml
+    $ref: ../../components/responses/auth.yaml

openapi/paths/auth/phone.yaml

@@ -13,14 +13,14 @@ post:
           title: Auth with phone number
           required:
             - phone
+            - timezone
           properties:
             phone:
-              description: User's complete phone number, including country code
-              type: string
-              examples:
-                - "+5511999999999"
+              $ref: ../../components/fields/phone.yaml
+            timezone:
+              $ref: ../../components/fields/timezone.yaml
     required: true
   responses:
-    "201":
+    '204':
       description: |
         A magic link was sent to the user's phone

openapi/paths/auth/refresh.yaml

@@ -0,0 +1,40 @@
+post:
+  tags:
+    - Auth
+  summary: Refresh `accessToken`
+  description: |
+    Refresh `accessToken`
+  operationId: auth-refresh
+  requestBody:
+    content:
+      application/json:
+        schema:
+          type: object
+          title: Refresh `accessToken`
+          required:
+            - refreshToken
+          properties:
+            refreshToken:
+              $ref: ../../components/fields/refresh-token.yaml
+    required: true
+  responses:
+    '200':
+      description: |
+        Refresh succeeded
+      content:
+        application/json:
+          schema:
+            type: object
+            title: Refresh response content
+            required:
+              - accessToken
+              - expiresAt
+            properties:
+              accessToken:
+                $ref: ../../components/fields/access-token.yaml
+              expiresAt:
+                $ref: ../../components/fields/expires-at.yaml
+
+    '400':
+      description: |
+        Invalid refresh token

src/adapters/email.ts

@@ -1,10 +1,20 @@
+import { AccountEntity } from 'src/models/account';
+
 export interface SendInput {
-	from: string;
 	to: string;
-	title: string;
-	body: string;
+	account: AccountEntity;
+	templateId: keyof typeof EMAIL_TEMPLATES;
+	placeholders: Record<string, string | number>;
 }
 
+export const EMAIL_TEMPLATES = {
+	MAGIC_LINK_LOGIN: {
+		from: '',
+		title: '',
+		body: '',
+	},
+};
+
 export interface EmailAdapter {
 	send: (i: SendInput) => Promise<void>;
 }

src/adapters/google.ts

@@ -0,0 +1,28 @@
+export interface ExchangeCodeInput {
+	code: string;
+	originUrl: string;
+}
+
+export interface ExchangeCodeOutput {
+	scopes: Array<string>;
+	accessToken: string;
+	refreshToken: string;
+	expiresAt: Date;
+}
+
+export interface GetAuthenticatedUserDataOutput {
+	id: string;
+	name: string;
+	email: string;
+	isEmailVerified: boolean;
+}
+
+export abstract class GoogleAdapter {
+	readonly requiredScopes = ['openid', 'profile', 'email'];
+
+	abstract exchangeCode(i: ExchangeCodeInput): Promise<ExchangeCodeOutput>;
+
+	abstract getAuthenticatedUserData(
+		accessToken: string,
+	): Promise<GetAuthenticatedUserDataOutput>;
+}