Server re-build with latest AdonisJS framework & Typescript (#47)

* chore: setup first basis structure

* chore: ensure styling is loaded correctly

* chore: comply to new routing syntax by replace . with / in routes/resource locations

* chore: add login controller

* chore: correctly use views with slash instead of dot

* chore: working login + tests

* chore: clean up tests

* chore: add password-forgot endpoint and matching test

* chore: add delete page test

* chore: add logout test

* chore: add reset-password route and tests

* chore: remove obsolete comment

* chore: add account-page and tests

* chore: add data page & first step of the test

* chore: add transfer/import data feature and tests

* chore: add export and basic test

* chore: add all static api routes with tests

* Regenerate 'pnpm-lock.json' and fix bad merge conflict

WIP:
- Tests have been commented out since they dont work
- Server doesn't start

* easier dev and test runs

* - remove --require-pragma from reformat-files so formatting works properly
- run pnpm reformat-files over codebase
- remove .json files from .eslintignore
- add invalid.json file to .eslintignore
- configure prettier properly in eslint config
- add type jsdoc to prettier config
- run adonis generate:manifest command to regenerate ace-manifest.json
- specify volta in package.json
- introduce typecheck npm script
- remove unused .mjs extension from npm scripts
- install missing type definition dependencies
- add pnpm.allowedDeprecatedVersions to package.json
- fix invalid extends in tsconfig.json causing TS issues throughout codebase
- remove @ts-ignore throughout codebase which is not relevant anymore
- enable some of the tsconfig options
- remove outdated eslint-disable from codebase
- change deprecated faker.company.companyName() to faker.company.name()
- fix TS issues inside transfer.spec.ts

* - update to latest node and pnpm versions
- upgrade all non-major dependencies to latest
- install missing @types/luxon dependency
- add cuid to pnpm.allowedDeprecatedVersions
- add esModuleInterop config option to tsconfig
- migrate more deprecated faker methods to new ones
- add more temporary ts-ignore to code

* - update eslint config
- remove trailingComma: all since default in prettier v3
- add typecheck command to prepare-code npm script
- upgrade various dependencies to latest major version
- update tsconfig to include only useful config options
- disable some lint issues and fix others

* - add test command to prepare-code
- disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models
- update precommit hook to excute pnpm prepare-code
- remove ts-ignore statements from all models

* fix node and pnpm dependency update

* add cross env (so that we can develop on windows)

* add signup endpoint (TODO: JWT auth)

* Add login endpoint

* Add me and updateMe endpoints

* Add service endpoint

* refactor: change endpoints to use jwt

* add recipes endpoint

* add workspaces endpoint

* fix web controllors for login and post import

* Update node deps

* Change auth middleware (for web) and exempt api from CSRF

* Add import endpoint (franz import)

* Fix export/import logic

* Fix service and workspace data in user/data

* Fix partial lint

* chore: workaround lint issues

* fix: migration naming had two .

* Sync back node with recipes repo

* Temporarily ignore typescript

* Fix adonisrc to handle public folder static assets

* Fix issue with production database

* add Legacy Password Provider

* Fix lint errors

* Fix issue on login errors frontend

* add Legacy Password Provider

* Fix issue with customIcons

* Fix issue with auth tokens

* Update 'node' to '18.18.0'

* make docker work

* improve docker entrypoint (test api performance)

* Add migration database script

* NODE_ENV on recipes

* prefer @ts-expect-error over @ts-ignore

* small fixes

* Update 'pnpm' to '8.7.6'

* fix error catch

* Automatically generate JWT Public and Private keys

* Use custom Adonis5-jwt

* Update code to use secret (old way, no breaking changes)

* Normalize appKey

* Trick to make JWT tokens on client work with new version

* Fix error with new JWT logic

* Change migration and how we store JWT

* Fix 500 response code (needs to be 401)

* Improve logic and fix bugs

* Fix build and entrypoint logic

* Catch error if appKey changes

* Add newToken logic

* Fix lint (ignore any errors)

* Add build for PRs

* pnpm reformat-files result

* Fix some tests

* Fix reset password not working (test failing)

* Restore csrfTokens (disabled by accident)

* Fix pnpm start command with .env

* Disable failing tests on the transfer endpoint (TODO)

* Add tests to PR build

* Fix build

* Remove unnecessary assertStatus

* Add typecheck

* hash password on UserFactory (fix build)

* Add JWT_USE_PEM true by default (increase security)

* fix name of github action

---------

Co-authored-by: Vijay A <vraravam@users.noreply.github.com>
Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com>
Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com>
Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>

1 files changed, 85 insertions, 0 deletions

diff --git a/app/Controllers/Http/Dashboard/ResetPasswordController.ts b/app/Controllers/Http/Dashboard/ResetPasswordController.ts
new file mode 100644
index 0000000..0b9053f
--- /dev/null
+++ b/app/Controllers/Http/Dashboard/ResetPasswordController.ts
@@ -0,0 +1,85 @@
+import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
+import { schema, rules, validator } from '@ioc:Adonis/Core/Validator';
+import Token from 'App/Models/Token';
+import moment from 'moment';
+import crypto from 'node:crypto';
+
+export default class ResetPasswordController {
+  /**
+   * Display the reset password form
+   */
+  public async show({ view, request }: HttpContextContract) {
+    const { token } = request.qs();
+
+    if (token) {
+      return view.render('dashboard/resetPassword', { token });
+    }
+
+    return view.render('others/message', {
+      heading: 'Invalid token',
+      text: 'Please make sure you are using a valid and recent link to reset your password.',
+    });
+  }
+
+  /**
+   * Resets user password
+   */
+  public async resetPassword({
+    response,
+    request,
+    session,
+    view,
+  }: HttpContextContract) {
+    try {
+      await validator.validate({
+        schema: schema.create({
+          password: schema.string([rules.required(), rules.confirmed()]),
+          token: schema.string([rules.required()]),
+        }),
+        data: request.only(['password', 'password_confirmation', 'token']),
+      });
+    } catch {
+      session.flash({
+        type: 'danger',
+        message: 'Passwords do not match',
+      });
+
+      return response.redirect(`/user/reset?token=${request.input('token')}`);
+    }
+
+    const tokenRow = await Token.query()
+      .preload('user')
+      .where('token', request.input('token'))
+      .where('type', 'forgot_password')
+      .where('is_revoked', false)
+      .where(
+        'updated_at',
+        '>=',
+        moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'),
+      )
+      .first();
+
+    if (!tokenRow) {
+      return view.render('others/message', {
+        heading: 'Cannot reset your password',
+        text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.',
+      });
+    }
+
+    // Update user password
+    const hashedPassword = crypto
+      .createHash('sha256')
+      .update(request.input('password'))
+      .digest('base64');
+    tokenRow.user.password = hashedPassword;
+    await tokenRow.user.save();
+
+    // Delete token to prevent it from being used again
+    await tokenRow.delete();
+
+    return view.render('others/message', {
+      heading: 'Reset password',
+      text: 'Successfully reset your password. You can now login to your account using your new password.',
+    });
+  }
+}