first commit

.eslintignore

@@ -0,0 +1,2 @@
+node_modules
+dist

.eslintrc.json

@@ -0,0 +1,53 @@
+{
+    "root": true,
+    "extends": "eslint-config-service-soft",
+    "overrides": [
+        {
+            "files": [
+                "*.ts"
+            ],
+            "parserOptions": {
+                "project": [
+                    "tsconfig.json"
+                ],
+                "createDefaultProgram": true
+            },
+            "rules": {
+                "@cspell/spellchecker": [
+                    "warn",
+                    {
+                        "customWordListFile": "./cspell.words.txt"
+                    }
+                ]
+            }
+        },
+        {
+            "files": [
+                "*.repository.ts"
+            ],
+            "parserOptions": {
+                "project": [
+                    "tsconfig.json"
+                ],
+                "createDefaultProgram": true
+            },
+            "rules": {
+                "jsdoc/require-jsdoc": "off"
+            }
+        },
+        {
+            "files": [
+                "*.model.ts"
+            ],
+            "parserOptions": {
+                "project": [
+                    "tsconfig.json"
+                ],
+                "createDefaultProgram": true
+            },
+            "rules": {
+                "@typescript-eslint/no-empty-interface": "off"
+            }
+        }
+    ]
+}

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+dist
+*.test.html

CONTRIBUTING.md

@@ -0,0 +1,59 @@
+# Contributing to LbxJwt
+Thank you for considering to contribute to this project!
+<br>
+All development is done using github.
+
+# Table of Contents
+- [Contributing to LbxJwt](#contributing-to-lbxjwt)
+- [Table of Contents](#table-of-contents)
+- [Create an Issue](#create-an-issue)
+  - [Special guidelines for bug reports](#special-guidelines-for-bug-reports)
+- [Starting the project](#starting-the-project)
+- [Codestyle](#codestyle)
+- [Workflow for submitting Code Changes](#workflow-for-submitting-code-changes)
+- [License](#license)
+
+# Create an Issue
+If you want to ask a question, need a new feature, found gaps in the documentation, found a bug, found code that can be refactored etc. you first have to start with creating an Issue.
+<br>
+Please check if there is already an issue for your problem.
+<br>
+Right now there are now specific guidelines for Issues, other than that their name and description should include enough details so that everyone knows what the issue is about. You should also include some fitting tags.
+
+## Special guidelines for bug reports
+
+Great Bug Reports tend to have:
+
+- A quick summary
+- Steps to reproduce
+  - Be specific!
+  - Give sample code if you can
+- What you expected would happen
+- What actually happens
+- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
+
+# Starting the project
+1. Run `npm install` in the root directory,
+2. Run `npm run build` in the root directory. This will This will build the package.
+
+# Codestyle
+This project is using eslint and requires all linting to pass in order to merge pull requests. It can happen that you need to use code that is against some of the rules (e.g. required use of "any"). In that case you can of course disable that rule at that specific point with
+<br>
+`// eslint-disable-next-line the-rule-to-disable`
+> You can run eslint with the command `npm run lint`
+> <br>
+> You can autofix some codestyle problems with `npm run lint:fix`
+
+# Workflow for submitting Code Changes
+
+1. Create an issue if it not already exists.
+2. Create a branch for that specific issue (The best way to this is directly inside the issue on the right side under "Development". That way the issue and the branch are automatically linked)
+3. Checkout the new branch
+4. Add your code
+5. Update the documentation.
+6. Check that tests and linting passes.
+7. Rebase to dev and solve any merge-conflicts (`git rebase dev`)
+8. Issue that pull request!
+
+# License
+By contributing to this project, you agree that your contributions will be licensed under its MIT License.

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Tim Fabian
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,81 @@
+# lbx-jwt
+This packages aims to take care of most of your authentication and authorization concerns.
+
+It's inspired by [@loopback/authentication-jwt](https://loopback.io/doc/en/lb4/JWT-authentication-extension.html)
+but adds a lot more functionality, including:
+- Saving roles inside jwts
+- Handling refresh tokens and [automatic reuse detection](https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/#Refresh-Token-Automatic-Reuse-Detection)
+- Providing an out of the box controller for:
+  - login
+  - logout
+  - refreshing the token
+  - requesting the reset of a password (Including an html email sent to the user or saved locally, depending on the environment)
+  - confirming and actually resetting the password
+- Providing a simple role authorizer to use with the @authorize decorator
+
+# Usage
+## Register the component
+
+The minimum required code changes to use the library to its full extend is simply registering it in the `application.ts`:
+```typescript
+import { BaseUserRepository, CredentialsRepository, LbxJwtBindings, LbxJwtComponent, RefreshTokenRepository, PasswordResetTokenRepository, LbxJwtAuthController } from 'lbx-jwt';
+import { AuthenticationComponent } from '@loopback/authentication';
+import { AuthorizationBindings, AuthorizationComponent, AuthorizationDecision, AuthorizationOptions } from '@loopback/authorization';
+
+export class MyApplication extends BootMixin(ServiceMixin(RepositoryMixin(RestApplication))) {
+    constructor(options: ApplicationConfig = {}) {
+        // ...
+        this.component(AuthenticationComponent);
+        this.component(LbxJwtComponent);
+        this.bind(LbxJwtBindings.ACCESS_TOKEN_SECRET).to('JwtS3cr3t');
+        this.bind(LbxJwtBindings.REFRESH_TOKEN_SECRET).to('JwtR3fr3shS3cr3t');
+        this.bind(LbxJwtBindings.MAIL_SERVICE).toClass(MailService);
+        this.repository(BaseUserRepository);
+        this.repository(CredentialsRepository);
+        this.repository(RefreshTokenRepository);
+        this.repository(PasswordResetTokenRepository);
+        this.controller(LbxJwtAuthController);
+
+        const authOptions: AuthorizationOptions = {
+            precedence: AuthorizationDecision.DENY,
+            defaultDecision: AuthorizationDecision.DENY
+        };
+        this.configure(AuthorizationBindings.COMPONENT).to(authOptions);
+        this.component(AuthorizationComponent);
+        // ...
+    }
+}
+```
+
+If you don't want to use the predefined controller you can omit the `this.controller(LbxJwtAuthController);` part.
+
+Almost everything above comes from the library out of the box. You only need to create your own MailService.
+
+## Create your own MailService
+
+```typescript
+@injectable({ scope: BindingScope.TRANSIENT })
+export class MailService extends BaseMailService<Roles> {
+    protected readonly WEBSERVER_MAIL: string = '[email protected]';
+    protected readonly BASE_RESET_PASSWORD_LINK: string = 'http://localhost:4200/reset-password';
+    protected readonly webserverMailTransporter: Transporter;
+    protected readonly PRODUCTION: boolean = false;
+    protected readonly SAVED_EMAILS_PATH: string = path.join(__dirname, '../../../test-emails');
+    protected readonly LOGO_HEADER_URL: string = 'https://via.placeholder.com/165x165';
+    protected readonly LOGO_FOOTER_URL: string = 'https://via.placeholder.com/500x60';
+    protected readonly ADDRESS_LINES: string[] = ['my address', 'my name'];
+}
+```
+
+## Enjoy!
+That's it, now you can use it inside your code:
+```typescript
+import { roleAuthorization } from 'lbx-jwt';
+// ...
+@authenticate('jwt')
+@authorize({ voters: [roleAuthorization], allowedRoles: ['admin'] })
+getAdminExclusiveData(): string {
+    // ...
+}
+// ...
+```

cspell.words.txt

@@ -0,0 +1,5 @@
+uuidv4
+datasource
+datasources
+whitesmoke
+Booter