TofuStack/src/lib/server/api/controllers/iam.controller.ts

import { Hono } from 'hono';
import { setCookie } from 'hono/cookie';
import type { HonoTypes } from '../types';
import { inject, injectable } from 'tsyringe';
import { zValidator } from '@hono/zod-validator';
import { IamService } from '../services/iam.service';
import { LuciaProvider } from '../providers/lucia.provider';
import { requireAuth } from '../middleware/auth.middleware';
import { limiter } from '../middleware/rate-limiter.middlware';
import { signInEmailDto } from '../../../dtos/signin-email.dto';
import { updateEmailDto } from '../../../dtos/update-email.dto';
import { verifyEmailDto } from '../../../dtos/verify-email.dto';
import { registerEmailDto } from '../../../dtos/register-email.dto';
import type { Controller } from '../interfaces/controller.interface';
import { EmailVerificationsService } from '../services/email-verifications.service';
import { LoginRequestsService } from '../services/login-requests.service';

/* -------------------------------------------------------------------------- */
/*                                 Controller                                 */
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
/* ---------------------------------- About --------------------------------- */
/* 
Controllers are responsible for handling incoming requests and returning responses
to a client.
*/
/* ---------------------------------- Notes --------------------------------- */
/*
A controller should generally only handle routing and authorization through 
middleware. 

Any business logic should be delegated to a service. This keeps the controller 
clean and easy to read.
*/
/* -------------------------------- Important ------------------------------- */
/*
Remember to register your controller in the api/index.ts file.
*/
/* -------------------------------------------------------------------------- */

@injectable()
export class IamController implements Controller {
	controller = new Hono<HonoTypes>();

	constructor(
		@inject(IamService) private iamService: IamService,
		@inject(LoginRequestsService) private loginRequestsService: LoginRequestsService,
		@inject(EmailVerificationsService) private emailVerificationsService: EmailVerificationsService,
		@inject(LuciaProvider) private lucia: LuciaProvider
	) { }

	routes() {
		return this.controller
			.get('/user', async (c) => {
				const user = c.var.user;
				return c.json({ user: user });
			})
			.post('/login/request', zValidator('json', registerEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {
				const { email } = c.req.valid('json');
				await this.loginRequestsService.create({ email });
				return c.json({ message: 'Verification email sent' });
			})
			.post('/login/verify', zValidator('json', signInEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {
				const { email, token } = c.req.valid('json');
				const session = await this.loginRequestsService.verify({ email, token });
				const sessionCookie = this.lucia.createSessionCookie(session.id);
				setCookie(c, sessionCookie.name, sessionCookie.value, {
					path: sessionCookie.attributes.path,
					maxAge: sessionCookie.attributes.maxAge,
					domain: sessionCookie.attributes.domain,
					sameSite: sessionCookie.attributes.sameSite as any,
					secure: sessionCookie.attributes.secure,
					httpOnly: sessionCookie.attributes.httpOnly,
					expires: sessionCookie.attributes.expires
				});
				return c.json({ message: 'ok' });
			})
			.post('/logout', requireAuth, async (c) => {
				const sessionId = c.var.session.id;
				await this.iamService.logout(sessionId);
				const sessionCookie = this.lucia.createBlankSessionCookie();
				setCookie(c, sessionCookie.name, sessionCookie.value, {
					path: sessionCookie.attributes.path,
					maxAge: sessionCookie.attributes.maxAge,
					domain: sessionCookie.attributes.domain,
					sameSite: sessionCookie.attributes.sameSite as any,
					secure: sessionCookie.attributes.secure,
					httpOnly: sessionCookie.attributes.httpOnly,
					expires: sessionCookie.attributes.expires
				});
				return c.json({ status: 'success' });
			})
			.patch('/email', requireAuth, zValidator('json', updateEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {
				const json = c.req.valid('json');
				await this.emailVerificationsService.dispatchEmailVerificationRequest(c.var.user.id, json.email);
				return c.json({ message: 'Verification email sent' });
			})
			// this could also be named to use custom methods, aka /email:verify
			// https://cloud.google.com/apis/design/custom_methods
			.post('/email/verification', requireAuth, zValidator('json', verifyEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {
				const json = c.req.valid('json');
				await this.emailVerificationsService.processEmailVerificationRequest(c.var.user.id, json.token);
				return c.json({ message: 'Verified and updated' });
			});
	}
}
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`import { Hono } from 'hono';`
			`import { setCookie } from 'hono/cookie';`
			`import type { HonoTypes } from '../types';`
added technical api structure 2024-05-25 06:02:26 +00:00			`import { inject, injectable } from 'tsyringe';`
			`import { zValidator } from '@hono/zod-validator';`
			`import { IamService } from '../services/iam.service';`
			`import { LuciaProvider } from '../providers/lucia.provider';`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`import { requireAuth } from '../middleware/auth.middleware';`
			`import { limiter } from '../middleware/rate-limiter.middlware';`
			`import { signInEmailDto } from '../../../dtos/signin-email.dto';`
added shadcn & superforms as default 2024-06-25 02:45:00 +00:00			`import { updateEmailDto } from '../../../dtos/update-email.dto';`
			`import { verifyEmailDto } from '../../../dtos/verify-email.dto';`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`import { registerEmailDto } from '../../../dtos/register-email.dto';`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`import type { Controller } from '../interfaces/controller.interface';`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`import { EmailVerificationsService } from '../services/email-verifications.service';`
			`import { LoginRequestsService } from '../services/login-requests.service';`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00
			`/* -------------------------------------------------------------------------- */`
			`/* Controller */`
			`/* -------------------------------------------------------------------------- */`
			`/* -------------------------------------------------------------------------- */`
			`/* ---------------------------------- About --------------------------------- */`
			`/*`
			`Controllers are responsible for handling incoming requests and returning responses`
			`to a client.`
			`*/`
			`/* ---------------------------------- Notes --------------------------------- */`
			`/*`
			`A controller should generally only handle routing and authorization through`
			`middleware.`

			`Any business logic should be delegated to a service. This keeps the controller`
			`clean and easy to read.`
			`*/`
			`/* -------------------------------- Important ------------------------------- */`
			`/*`
			`Remember to register your controller in the api/index.ts file.`
			`*/`
			`/* -------------------------------------------------------------------------- */`
added technical api structure 2024-05-25 06:02:26 +00:00
			`@injectable()`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`export class IamController implements Controller {`
			`controller = new Hono<HonoTypes>();`

added technical api structure 2024-05-25 06:02:26 +00:00			`constructor(`
			`@inject(IamService) private iamService: IamService,`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`@inject(LoginRequestsService) private loginRequestsService: LoginRequestsService,`
			`@inject(EmailVerificationsService) private emailVerificationsService: EmailVerificationsService,`
added technical api structure 2024-05-25 06:02:26 +00:00			`@inject(LuciaProvider) private lucia: LuciaProvider`
added shadcn & superforms as default 2024-06-25 02:45:00 +00:00			`) { }`
added technical api structure 2024-05-25 06:02:26 +00:00
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`routes() {`
			`return this.controller`
			`.get('/user', async (c) => {`
			`const user = c.var.user;`
			`return c.json({ user: user });`
			`})`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`.post('/login/request', zValidator('json', registerEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {`
added technical api structure 2024-05-25 06:02:26 +00:00			`const { email } = c.req.valid('json');`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`await this.loginRequestsService.create({ email });`
added technical api structure 2024-05-25 06:02:26 +00:00			`return c.json({ message: 'Verification email sent' });`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`})`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`.post('/login/verify', zValidator('json', signInEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`const { email, token } = c.req.valid('json');`
Seperated iam logic into multiple services 2024-06-26 17:15:38 +00:00			`const session = await this.loginRequestsService.verify({ email, token });`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`const sessionCookie = this.lucia.createSessionCookie(session.id);`
			`setCookie(c, sessionCookie.name, sessionCookie.value, {`
			`path: sessionCookie.attributes.path,`
			`maxAge: sessionCookie.attributes.maxAge,`
			`domain: sessionCookie.attributes.domain,`
			`sameSite: sessionCookie.attributes.sameSite as any,`
			`secure: sessionCookie.attributes.secure,`
			`httpOnly: sessionCookie.attributes.httpOnly,`
			`expires: sessionCookie.attributes.expires`
			`});`
			`return c.json({ message: 'ok' });`
			`})`
			`.post('/logout', requireAuth, async (c) => {`
			`const sessionId = c.var.session.id;`
			`await this.iamService.logout(sessionId);`
			`const sessionCookie = this.lucia.createBlankSessionCookie();`
			`setCookie(c, sessionCookie.name, sessionCookie.value, {`
			`path: sessionCookie.attributes.path,`
			`maxAge: sessionCookie.attributes.maxAge,`
			`domain: sessionCookie.attributes.domain,`
			`sameSite: sessionCookie.attributes.sameSite as any,`
			`secure: sessionCookie.attributes.secure,`
			`httpOnly: sessionCookie.attributes.httpOnly,`
			`expires: sessionCookie.attributes.expires`
			`});`
			`return c.json({ status: 'success' });`
			`})`
added owasp recommendations to IAM methods 2024-06-27 18:27:14 +00:00			`.patch('/email', requireAuth, zValidator('json', updateEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {`
added technical api structure 2024-05-25 06:02:26 +00:00			`const json = c.req.valid('json');`
added owasp recommendations to IAM methods 2024-06-27 18:27:14 +00:00			`await this.emailVerificationsService.dispatchEmailVerificationRequest(c.var.user.id, json.email);`
added technical api structure 2024-05-25 06:02:26 +00:00			`return c.json({ message: 'Verification email sent' });`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`})`
added owasp recommendations to IAM methods 2024-06-27 18:27:14 +00:00			`// this could also be named to use custom methods, aka /email:verify`
			`// https://cloud.google.com/apis/design/custom_methods`
			`.post('/email/verification', requireAuth, zValidator('json', verifyEmailDto), limiter({ limit: 10, minutes: 60 }), async (c) => {`
added technical api structure 2024-05-25 06:02:26 +00:00			`const json = c.req.valid('json');`
added owasp recommendations to IAM methods 2024-06-27 18:27:14 +00:00			`await this.emailVerificationsService.processEmailVerificationRequest(c.var.user.id, json.token);`
added technical api structure 2024-05-25 06:02:26 +00:00			`return c.json({ message: 'Verified and updated' });`
Removed fragmented controllers in favor of hono's native chaining 2024-05-27 17:38:59 +00:00			`});`
added technical api structure 2024-05-25 06:02:26 +00:00			`}`
			`}`