Merge pull request #6 from polijrorg/feat/ensure-routes-are-authentic…

…ated

feat: update, read and delete user authenticated

src/modules/users/infra/http/controller/UsersController.ts

@@ -37,27 +37,28 @@ export default class UsersController {
       state,
     });
 
-    user.password = '###';
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+    });
   }
 
   public async readAll(req: Request, res: Response): Promise<Response> {
 
     const readUsers = container.resolve(ReadAllUsersService);
 
     const users = await readUsers.execute();
-
-    if(users) {
-        users.forEach(user => {
-        user.password = '###';
-      });
-    }
-    return res.status(201).json(users);
+    
+    return res.status(201).json(users?.map(user => {
+      return {
+        ...user,
+        password: undefined,
+      };
+    }));
   }
 
   public async readById(req: Request, res: Response): Promise<Response> {
-    const { id } = req.params;
+    const { id } = req.token;
 
     const readUser = container.resolve(ReadUserByIdService);
 
@@ -73,7 +74,7 @@ export default class UsersController {
   }
 
   public async update(req: Request, res: Response): Promise<Response> {
-    const { id } = req.params;
+    const { id } = req.token;
 
     const {
       name,
@@ -102,22 +103,24 @@ export default class UsersController {
       state,
     });
 
-    user.password = '###';
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+    });
   }
 
   public async delete(req: Request, res: Response): Promise<Response> {
-    const { id } = req.params;
+    const { id } = req.token;
 
     const deleteUser = container.resolve(DeleteUserService);
 
     const user = await deleteUser.execute({
       id,
     });
 
-    user.password = '###';
-
-    return res.status(201).json(user);
+    return res.status(201).json({
+      ...user,
+      password: undefined,
+    });
   }
 }

src/modules/users/infra/http/routes/users.routes.ts

@@ -1,15 +1,15 @@
 import { Router } from 'express';
-
+import ensureAuthenticated from '@shared/infra/http/middlewares/EnsureAuthenticated';
 import UsersController from '../controller/UsersController';
 
 const usersRoutes = Router();
 
 const usersController = new UsersController();
 
 usersRoutes.post('/register', usersController.create);
-usersRoutes.get('/read', usersController.readAll);
-usersRoutes.get('/read/:id', usersController.readById);
-usersRoutes.patch('/update/:id', usersController.update);
-usersRoutes.delete('/delete/:id', usersController.delete);
+usersRoutes.get('/readAll', usersController.readAll);
+usersRoutes.get('/read', ensureAuthenticated, usersController.readById);
+usersRoutes.patch('/update', ensureAuthenticated, usersController.update);
+usersRoutes.delete('/delete', ensureAuthenticated, usersController.delete);
 
 export default usersRoutes;

src/shared/infra/http/middlewares/EnsureAuthenticated.ts

@@ -0,0 +1,31 @@
+import auth from '@config/auth';
+import { NextFunction, Request, Response } from 'express';
+import { Secret, verify } from 'jsonwebtoken';
+
+import AppError from '@shared/errors/AppError';
+
+interface ITokenPayload {
+  iss: string;
+  sub: string;
+  exp: number;
+  iat: number;
+}
+
+export default function ensureAuthenticated(request: Request, _response: Response, next: NextFunction): void {
+  const authHeader = request.headers.authorization;
+
+  if (!authHeader) { throw new AppError('Token não enviado'); }
+
+  const token = authHeader.split(' ')[1];
+
+  try {
+    const decoded = verify(token, auth.jwt.secret as Secret);
+
+    const { sub: id } = decoded as ITokenPayload;
+    request.token = { id };
+
+    return next();
+  } catch (error) {
+    throw new AppError('Token inválido');
+  }
+}