facebook login

Author: jiangliwu- macbook

.eslintrc

@@ -0,0 +1,17 @@
+{
+  "extends": "airbnb-base",
+  "rules": {
+    //close error for co( function * (){});
+    "func-names": 0,
+    //sometimes don't need yield in function *
+    "require-yield": 0,
+    // need update entity that from request.body
+    "no-param-reassign": 0,
+    "no-use-before-define": 0,
+    "comma-dangle": 0,
+    "max-len": [
+      2,
+      130
+    ]
+  }
+}

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+*.log
+.DS_Store

README.md

@@ -0,0 +1,156 @@
+# TI Mobile Nodejs Backend
+
+
+## Install software
+
+- node 8.2.0 (v6+ also work)
+- npm 5.x
+- mysql 5.7
+- a mock SMTP server, e.g. fakeSMTP (http://nilhcem.com/FakeSMTP/)
+
+
+
+## Configuration
+
+Config is provided at config/default.js and production.js.
+
+
+| key                           | system Environment name       | description                              |
+| ----------------------------- | ----------------------------- | ---------------------------------------- |
+| LOG_LEVEL                     | LOG_LEVEL                     | the log level                            |
+| PORT                          | PORT                          | the server port                          |
+| PASSWORD_HASH_SALT_LENGTH     | PASSWORD_HASH_SALT_LENGTH     | the password hash salt length            |
+| ACCESS_TOKEN_EXPIRES          | ACCESS_TOKEN_EXPIRES          | the access token expiration in seconds   |
+| VERIFY_TOKEN_EXPIRES          | VERIFY_TOKEN_EXPIRES          | the verify email token expiration in seconds |
+| FORGOT_PASSWORD_TOKEN_EXPIRES | FORGOT_PASSWORD_TOKEN_EXPIRES | the forgot password token expiration in seconds |
+| QUERY_DEFAULT_LIMIT           | QUERY_DEFAULT_LIMIT           | the default query limit                  |
+| API_VERSION                   | API_VERSION                   | the API version                          |
+| VERIFY_EMAIL_SUBJECT          | VERIFY_EMAIL_SUBJECT          | the verify email subject                 |
+| VERIFY_EMAIL_CONTENT          | VERIFY_EMAIL_CONTENT          | the verify email content                 |
+| FORGOT_PASSWORD_EMAIL_SUBJECT | FORGOT_PASSWORD_EMAIL_SUBJECT | the forgot password email subject        |
+| FORGOT_PASSWORD_EMAIL_CONTENT | FORGOT_PASSWORD_EMAIL_CONTENT | the forgot password email content        |
+| FROM_EMAIL                    | FROM_EMAIL                    | the from email used to send email        |
+| email                         |                               | the email config used for nodermail      |
+| email.host                    | SMTP_HOST                     | the SMTP host                            |
+| email.port                    | SMTP_PORT                     | the SMTP port                            |
+| email.auth.user               | SMTP_USER                     | the SMTP user name                       |
+| email.auth.pass               | SMTP_PASSWORD                 | the SMTP password                        |
+| db                            |                               | the MySQL db connection object           |
+| db.uri                        | MYSQL_URI                     | the mysql connect uri , for example "mysql://root:123456@localhost:3306/ti" |
+| db.options                    |                               | the mysql connection options             |
+
+
+
+## SMTP server setup
+
+We may use a mock SMTP server to simplify tests. And fakeSMTP (http://nilhcem.com/FakeSMTP/) can be used.
+Download the `fakeSMTP-2.0.jar` from the website, then run `java -jar fakeSMTP-2.0.jar -m` to start mock SMTP server.
+When the GUI is shown, cilck the `Start Server` to start the mock SMTP server.
+
+Note that when you view the email content in fakeSMTP, it is raw email content, which is encoded using quoted-printable
+encoding. It is a little different than that is really displayed. At the end of some lines, you may see '=' character,
+this '=' is used to link lines, it is not part of final decoded content.
+
+For example, if you see some token like below:
+```
+99a12ba0-97a4-43dc-beb2-e4a9886b73=
+b1-1511720563554
+```
+
+the actual token should be:
+```
+99a12ba0-97a4-43dc-beb2-e4a9886b73b1-1511720563554
+```
+
+
+Note that the fakeSMTP can accept any username/password.
+
+You may also consider using other SMTP server.
+
+##Heroku deployment
+
+- heroku create
+- git init
+- git add *
+- git commit -m "upload project"
+- heroku addons:create jawsdb
+- heroku config:set EMAIL_USER=[email protected] EMAIL_PASS=123456 SMTP_HOST=smtp.gmail.com SMTP_PORT=465
+- git push heroku master
+
+## Local deployment
+
+- start MySQL server, create an emtpy database, update config/default.js db.uri to point to the database
+- npm i - install dependencies
+- npm run lint - run code lint check
+- npm run testdata - it will clear all data and insert test data,
+  it creates an admin ('[email protected]' / 'password') and normal user ('[email protected]' / 'password')
+- npm start - it will create tables if not present, but if tables are present, it won't change data
+
+
+
+## Verification
+
+- start mock SMTP, start MySQL db, start app as above
+- local Postman collection and environment in the docs folder into Postman
+- do login as admin or user via the `security api` / `login - admin` or `login - user`, after login, the access token will be automatically set
+  to environment variable accessToken, and can be used by other API calls;
+  please note that some APIs need user role, others need admin role, you may check the routes definitions about which roles are needed for different routes
+- some API depends on other API's data;
+  for example, puchase card API needs a card, so you will need to first create a card in Postman, then login as user (purchase API
+  needs user role), then purchase it; after purchse, you may get current user data to see that some pointsAmount is cut;
+  you may also call the get user cards API to see user's cards
+- you may create a track story, then use progress API to complete its progress, then use progress API to receive rewards,
+  then get current user's cards and badges to verify that cards and badge are assigned to user
+- flow to signup user:
+  call the signup API;
+  in the fakeSMTP, view the last email content, you can see token like below:
+```
+a0a13351-7192-4151-b4ed-168c25507a=
+ba-1511721439823
+```
+  the ending '=' should be removed, and the two lines should be linked together, the token is:
+```
+a0a13351-7192-4151-b4ed-168c25507aba-1511721439823
+```
+  copy the token to verifyEmail API verificationToken parameter, and call the verifyEmail API
+
+- flow to reset forgot password:
+  call the initiateForgotPassword API;
+  in the fakeSMTP, view the last email content, you can see token like below:
+```
+a8181534-05c2-4e51-9da2-27b46f95c98e-1511721790345
+```
+  copy the token to changeForgotPassword API body forgotPasswordToken parameter, and call the changeForgotPassword API
+
+- other API tests should be intuitive
+
+
+
+## Notes
+
+- see discussion in forum, the app needs to support transaction, so RDBMS (MySQL) should be used instead of MongoDB, MongoDB doesn't support transation.
+  Transaction is used when an operation involves multiple db updates.
+  For example, when creating/updating TrackStory, multiple child entities are created/updated,
+  it is hard to support atomic action if using MongoDB.
+  There are other cases when transaction is needed, e.g. purchase card, persisting TrackStoryUserProgress, persisting Achievement,
+  receive rewards etc.
+  For sequelize transaction management, see:
+  http://docs.sequelizejs.com/manual/tutorial/transactions.html#managed-transaction-auto-callback-
+- please take TCUML in precedence over swagger file, the original swagger file has quite some flaws, it is now fixed to sync with the latest APIs;
+  but still the TCUML entities/services are more accurate and more thorough, e.g. swagger API request/response may be just part of entities fields.
+  I exported two major diagrams (the two PNG files) from TCUML for your reference.
+- for the RacetrackService.search, the given SQL seems not right, I follow the below links to implement it:
+  https://gis.stackexchange.com/questions/31628/find-points-within-a-distance-using-mysql
+  https://stackoverflow.com/questions/1006654/fastest-way-to-find-distance-between-two-lat-long-points
+- for the RacetrackService.search, raw SQL query is used, so it is important to avoid SQL injection attack,
+  helper.sanitize is used to sanitize name filter parameter to avoid SQL injection attack
+- for TrackStory, its child entities are also managed, when creating/updating TrackStory, if a child entity has no id, then the child entity is created,
+  otherwise the child entity is updated;
+  it is similar for TrackStoryUserProgress and Achievement, their child entities are also managed.
+
+
+
+## Video
+
+https://youtu.be/F1Wiv2c2niY
+

app.js

@@ -0,0 +1,104 @@
+/**
+ * Copyright (C) 2017 TopCoder Inc., All Rights Reserved.
+ */
+
+/**
+ * The application entry point
+ *
+ * @author      TCSCODER
+ * @version     1.0
+ */
+
+require('./src/bootstrap');
+
+const config = require('config');
+const express = require('express');
+const cors = require('cors');
+const bodyParser = require('body-parser');
+const _ = require('lodash');
+const winston = require('winston');
+const httpStatus = require('http-status');
+const helper = require('./src/common/helper');
+const errorMiddleware = require('./src/common/ErrorMiddleware');
+const routes = require('./src/routes');
+const errors = require('common-errors');
+const models = require('./src/models');
+const passport = require('passport');
+const BearerStrategy = require('passport-http-bearer');
+const UserService = require('./src/services/UserService');
+const co = require('co');
+const passportLogic = require('./src/passport');
+
+const app = express();
+const http = require('http').Server(app);
+
+app.use(passport.initialize());
+app.use(passport.session());
+app.set('port', config.PORT);
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: true }));
+app.use(cors());
+
+passportLogic.init(app);
+models.init(false);
+
+passport.use(new BearerStrategy((token, done) =>
+  co(function* () {
+    return yield UserService.getByAccessToken(token);
+  }).then(user => (user ? done(null, user) : done(null, false))).catch(err => done(err))
+));
+
+const apiRouter = express.Router();
+
+// load all routes
+_.each(routes, (verbs, url) => {
+  _.each(verbs, (def, verb) => {
+    const actions = [
+      function (req, res, next) {
+        req.signature = `${def.controller}#${def.method}`;
+        next();
+      },
+    ];
+    const method = require(`./src/controllers/${def.controller}`)[ def.method ]; // eslint-disable-line
+
+    if (!method) {
+      throw new Error(`${def.method} is undefined, for controller ${def.controller}`);
+    }
+    if (!def.public) {
+      // authentication
+      actions.push(passport.authenticate('bearer', { session: false }));
+      // authorization
+      if (def.roles && def.roles.length > 0) {
+        actions.push((req, res, next) => {
+          if (_.indexOf(def.roles, req.user.role) < 0) {
+            next(new errors.NotPermittedError('invalid role'));
+          } else {
+            next();
+          }
+        });
+      }
+    }
+
+    actions.push(method);
+    winston.info(`API : ${verb.toLocaleUpperCase()} /${config.API_VERSION}${url}`);
+    apiRouter[verb](`/${config.API_VERSION}${url}`, helper.autoWrapExpress(actions));
+  });
+});
+
+app.use('/', apiRouter);
+app.use(errorMiddleware());
+app.use('*', (req, res) => {
+  const pathKey = req.baseUrl.substring(config.API_VERSION.length + 1);
+  const route = routes[pathKey];
+  if (route) {
+    res.status(httpStatus.METHOD_NOT_ALLOWED).json({ message: 'The requested method is not supported.' });
+  } else {
+    res.status(httpStatus.NOT_FOUND).json({ message: 'The requested resouce cannot found.' });
+  }
+});
+
+http.listen(app.get('port'), () => {
+  winston.info(`Express server listening on port ${app.get('port')}`);
+});
+
+module.exports = app;

config/default.js

@@ -0,0 +1,66 @@
+/**
+ * Copyright (C) 2017 TopCoder Inc., All Rights Reserved.
+ */
+
+/**
+ * the default config
+ *
+ * @author      TCSCODER
+ * @version     1.0
+ */
+
+module.exports = {
+  LOG_LEVEL: process.env.LOG_LEVEL || 'debug',
+  PORT: process.env.PORT || 3000,
+
+  PASSWORD_HASH_SALT_LENGTH: (process.env.PASSWORD_HASH_SALT_LENGTH && Number(process.env.PASSWORD_HASH_SALT_LENGTH)) || 10,
+
+  ACCESS_TOKEN_EXPIRES: (process.env.ACCESS_TOKEN_EXPIRES && Number(process.env.ACCESS_TOKEN_EXPIRES))
+    || 12 * 60 * 60, // 12 hours
+  VERIFY_TOKEN_EXPIRES: (process.env.VERIFY_TOKEN_EXPIRES && Number(process.env.VERIFY_TOKEN_EXPIRES))
+    || 2 * 60 * 60, // 2 hours
+  FORGOT_PASSWORD_TOKEN_EXPIRES: (process.env.FORGOT_PASSWORD_TOKEN_EXPIRES && Number(process.env.FORGOT_PASSWORD_TOKEN_EXPIRES))
+    || 2 * 60 * 60, // 2 hours
+  QUERY_DEFAULT_LIMIT: (process.env.QUERY_DEFAULT_LIMIT && Number(process.env.QUERY_DEFAULT_LIMIT)) || 20,
+  API_VERSION: process.env.API_VERSION || 'api/v1',
+
+  VERIFY_EMAIL_SUBJECT: process.env.VERIFY_EMAIL_SUBJECT || 'Verify Your Email',
+  VERIFY_EMAIL_CONTENT: process.env.VERIFY_EMAIL_CONTENT ||
+    `Hello, Your verification token is:
+%s
+
+You can click following url to verify email:
+%s`,
+
+  FORGOT_PASSWORD_EMAIL_SUBJECT: process.env.FORGOT_PASSWORD_EMAIL_SUBJECT || 'Reset Forgot Password',
+  FORGOT_PASSWORD_EMAIL_CONTENT: process.env.FORGOT_PASSWORD_EMAIL_CONTENT ||
+    `Hello, Your reset password token is:
+%s`,
+  SESSION_SECRET: 'secret',
+  FROM_EMAIL: process.env.FROM_EMAIL || '[email protected]',
+  email: {
+    host: process.env.SMTP_HOST || 'localhost',
+    port: (process.env.SMTP_PORT && Number(process.env.SMTP_PORT)) || 25,
+    auth: {
+      user: process.env.SMTP_USER || 'username',
+      pass: process.env.SMTP_PASSWORD || 'password',
+    },
+  },
+  facebook: {
+    clientId: process.env.FACEBOOK_APP_ID || '135794683759765',
+    clientSecret: process.env.FACEBOOK_APP_SECRET || '7802759f88fbfa9c7ada1cdada38be5e',
+  },
+  socialRedirectUrl: 'tiMobile://social',
+  db: {
+    // the uri format is mysql://username:password@host:port/dbname
+    uri: process.env.JAWSDB_URL || 'mysql://root:@localhost:3306/ti_mobile_db',
+    options: {
+      dialect: 'mysql',
+      pool: {
+        max: 5,
+        min: 0,
+        idle: 10000,
+      },
+    },
+  },
+};

config/production.js

@@ -0,0 +1,15 @@
+/**
+ * Copyright (c) 2017 Zero Inc, All rights reserved.
+ */
+
+
+/**
+ * The production configuration file.
+ *
+ * @author      JiangLiwu
+ * @version     1.0
+ */
+
+module.exports = {
+  LOG_LEVEL: process.env.LOG_LEVEL || 'info',
+};