merge Backend

.env.example

@@ -0,0 +1,4 @@
+#DB_URL=dev mode defaults to sqlite (so this is not needed)
+AUTH0_CLIENT_ID=YOUR_CLIENT_ID
+AUTH0_SECRET=YOUR_CLIENT_SECRET
+AUTH0_ISSUER_BASE_URL=https://<YOUR-TENANT-NAME>.auth0.com

.gitignore

@@ -1,4 +1,5 @@
 .DS_Store
 .env
+.env.local
 node_modules/
-package-lock.json
+dev-db.sqlite

CONTRIBUTING.md

@@ -25,10 +25,11 @@ Prepare for contributing by following these beginner-friendly steps.
 1. Leave a comment that you would like to pick up the issue.
 1. Read the description, and make sure to ask questions about anything that is unclear.
 1. Start on your forked repo's `backend` branch with `git checkout backend`.
-1. Make sure you have the latest version of the project with `git pull upstream/backend`.
-1. Create a new branch with `git checkout -b <new-branch-name>`. The name should include the issue number and the topic you're working in.  For example, if its about issue #67: adding a GET request, your command could be `git checkout -b 67__add-get-request`.
+1. Make sure you have the latest version of the project with `git pull upstream backend` or `git merge upstream/backend`.
+1. Create a new branch with `git checkout -b <new-branch-name>`. The name should be short and describe the topic you're working in.  For example, if its about adding a GET request for unser data, your command could be `git checkout -b add-user-get-request`.
 1. Make and commit your changes on this new branch, and make a PR when you're ready. [Here are some directions on the process](http://www.dasblinkenlichten.com/how-to-create-a-github-pull-request-pr/).
 1. When creating your PR, be sure to make your pull request to the `backend` feature branch: 
-
     <img src="/images/make-pr-to-backend.png" alt="making a pull request to the backend branch" title="make a pr to backend" width="350" height="200" />
 1. See your pull requests here: https://github.com/Techtonica/keyboard-shortcuts-practice/pulls
+1. In your new PR's description, add `Fixes #<issue number>`, for example `fixes #1`.  This will automatically close the issue once your PR is merged, and it will link the issue with your PR. Also add a description of what the PR is, and how reviewers can validate it.
+

JS/auth-dev.js

@@ -0,0 +1,46 @@
+/**
+ * Simple cookie session auth for local development when not testing with Auth0.
+ * Uses Sequelize to store the sessions using an adapter.
+ *
+ *  - `/#` will automatically sign you in as a current $USER
+ *       (this user will be created if it does not exist)
+ *  - `/logout` will sign you out
+ */
+
+const { User, sequelize } = require("./orm");
+const session = require("express-session");
+const SequelizeStore = require("connect-session-sequelize")(session.Store);
+
+const userIdLoader = (req) => req.session.userId;
+
+const setup = (app) => {
+  app.use(
+    session({
+      secret: "techtonica",
+      store: new SequelizeStore({
+        db: sequelize,
+        tableName: "sessions",
+        expiration: 1000 * 60 * 30, //30min
+      }),
+      unset: "destroy",
+      resave: false,
+      saveUninitialized: true,
+    })
+  );
+
+  app.get("/#", async (req, res) => {
+    const userId = process.env.USER || "local";
+    await User.findOrCreate({
+      where: { id: userId },
+    });
+    req.session.userId = userId;
+    res.redirect("/");
+  });
+
+  app.get("/logout", (req, res) => {
+    req.session = null;
+    res.redirect("/");
+  });
+};
+
+module.exports = { setup, userIdLoader };

JS/auth-setup.js

@@ -0,0 +1,61 @@
+const { auth } = require("express-openid-connect");
+const Auth0 = require("./auth0");
+const { User } = require("./orm");
+/**
+ * Retrieves the currently signed-in user id, if signed-in,
+ * from the Express Response object.
+ *
+ * This mechanism is independent if the app is using Auth0 or not.
+ *
+ * @param {*} response Express Response object
+ */
+const getCurrentUserId = (response) => response.locals.currentUserId;
+
+const findCurrentUserFrom = (loadUserIdFunc) => {
+  return (req, res, next) => {
+    const userId = loadUserIdFunc(req);
+    res.locals.currentUserId = userId;
+    next();
+  };
+};
+
+/**
+ * Ensures user record exists for a signed-in user.
+ * Needed for incoming Auth0 users.
+ */
+const autoCreateSignedInUser = async (_, res, next) => {
+  const userId = getCurrentUserId(res);
+  if (userId) {
+    const [user, created] = await User.findOrCreate({
+      where: { id: userId },
+    });
+    if (created) {
+      console.debug(`auto-created newly signed-in user: ${user.id}`);
+    }
+  }
+  next();
+};
+
+const routeRequiresSignedIn = (_, res, next) => {
+  if (!getCurrentUserId(res)) {
+    return res.sendStatus(401);
+  }
+  next();
+};
+
+const setupAuth = (app) => {
+  if (Auth0.authConfig) {
+    console.debug("Using Auth0 auth");
+    // auth router attaches /#, /logout, and /callback routes to the baseURL
+    app.use(auth(Auth0.authConfig));
+    app.use(findCurrentUserFrom(Auth0.userIdLoader));
+    app.use("/", autoCreateSignedInUser);
+  } else {
+    console.debug("Using dev auth");
+    const AuthDev = require("./auth-dev");
+    AuthDev.setup(app);
+    app.use(findCurrentUserFrom(AuthDev.userIdLoader));
+  }
+};
+
+module.exports = { setupAuth, routeRequiresSignedIn, getCurrentUserId };

JS/auth0.js

@@ -0,0 +1,22 @@
+const { AUTH0_SECRET, AUTH0_CLIENT_ID, AUTH0_ISSUER_BASE_URL } = process.env;
+const { port } = require("./config");
+
+let authConfig = false;
+
+if (AUTH0_SECRET && AUTH0_CLIENT_ID) {
+  authConfig = {
+    authRequired: false,
+    auth0Logout: true,
+    issuerBaseURL: AUTH0_ISSUER_BASE_URL,
+    baseURL: "http://localhost:".concat(port),
+    clientID: AUTH0_CLIENT_ID,
+    secret: AUTH0_SECRET,
+  };
+} 
+
+const userIdLoader = (req) => req.oidc.user && req.oidc.user.sub;
+
+module.exports = {
+  authConfig,
+  userIdLoader,
+};

JS/config.js

@@ -1 +1,19 @@
-exports.URL = process.env.URL;
+const { DB_URL, NODE_ENV } = process.env;
+
+const port = process.env.port || 3000;
+
+const isProduction = () => NODE_ENV === "production";
+const isDevelopment = () => NODE_ENV === "development";
+
+const getDefaultDbUrl = () => {
+  if (!isProduction()) {
+    return "sqlite:dev-db.sqlite";
+  }
+};
+
+module.exports = {
+  isProduction,
+  isDevelopment,
+  port,
+  DB_URL: DB_URL || getDefaultDbUrl(),
+};

JS/orm.js

@@ -1,31 +1,74 @@
-// access config/env variables
-//var config = require("./config.js");
-require('dotenv').config();
-console.log(`${process.env.URL}`);
-
-// setting up ORM
-var Sequelize = require('sequelize');
-var sequelize = new Sequelize(`${process.env.URL}`);
+const Sequelize = require("sequelize");
+const { DB_URL } = require("./config.js");
 
+const sequelize = new Sequelize(DB_URL);
 
 // define basic model for a user
 const Model = Sequelize.Model;
 class User extends Model {}
-User.init({
-  uid: Sequelize.INTEGER,
-  q_number: Sequelize.STRING,
-  last_login: Sequelize.DATE
-}, { sequelize, modelName: 'user' });
-
-// testing database connection
-sequelize
-  .authenticate()
-  .then(() => {
-    console.log('Connection has been established successfully.');
-  })
-  .catch(err => {
-    console.error('Unable to connect to the database:', err);
-});
+User.init(
+  {
+    last_login: {
+      type: Sequelize.DATE,
+      defaultValue: Sequelize.NOW,
+    },
+    id: {
+      type: Sequelize.STRING,
+      primaryKey: true,
+    },
+  },
+  {
+    sequelize,
+    modelName: "user",
+    createdAt: "created_at",
+    updatedAt: "updated_at",
+  }
+);
+class UserAnswers extends Model {}
+UserAnswers.init(
+  {
+    user_id: {
+      type: Sequelize.STRING,
+      allowNull: false,
+    },
+    question_number: {
+      type: Sequelize.INTEGER,
+      allowNull: false,
+    },
+    is_correct: {
+      type: Sequelize.BOOLEAN,
+      allowNull: false,
+    },
+    elapsed_time_ms: {
+      type: Sequelize.INTEGER,
+      allowNull: false,
+    },
+  },
+  {
+    sequelize,
+    modelName: "user_answers",
+    createdAt: 'created_at',
+    updatedAt: false,
+    indexes: [
+      {
+        fields: ['created_at', 'user_id', 'question_number']
+      },
+      {
+        fields: ['created_at', 'user_id']
+      }
+    ]
+  }
+);
+User.hasMany(UserAnswers, { foreignKey: "user_id" });
+UserAnswers.belongsTo(User, { foreignKey: "user_id" });
+const connectToDb = async () => {
+  await sequelize.authenticate();
+  await sequelize.sync();
+};
 
-// TODO: make User model accessible from other files
-// export { User };
+module.exports = {
+  User,
+  connectToDb,
+  UserAnswers,
+  sequelize,
+};

README.md

@@ -12,7 +12,15 @@ We discovered that our participants need an app similar to typing practice websi
 
 This project should train and test users to use the quicker keyboard shortcuts instead of a mouse and the GUI. The app gets more challenging as you progress through the commands.
 
-Our goal for the backend project is to create a persistant app where users can #, practice with the app, and save their progress. That way, the next time they #, they can pick up where they left off rather than starting at the beginning.
+Our goal for the backend project is to create a persistent app where users 
+can #, practice with the app, and save their progress. That way, the next time they #, they can pick up where they left off rather than starting at the beginning.
+
+# Setting up Auth0 and creating an account
+1. Create a [free personal Auth0 account](https://auth0.com/)
+1. Create a `Regular Web Application`
+1. Run `cp .env.example .env` to create a .env file
+1. From the settings page of your Auth0 web application fill in the environment variables, ensuring that the `AUTH0_ISSUER_BASE_URL` is the Domain URL starting with `https://`
+1. The _Allowed Callback URLs_ for local development should be `http://localhost:3000/callback`
 
 ## Running the project
 

app.js

@@ -1,26 +1,40 @@
-const path = require('path');
-const morgan = require('morgan');
+require("dotenv").config();
+const path = require("path");
+const morgan = require("morgan");
 const express = require("express");
 const bodyParser = require("body-parser");
+const { setupAuth } = require("./JS/auth-setup");
+const { connectToDb } = require("./JS/orm");
+const { port } = require("./JS/config");
+const favicon = require("serve-favicon");
 
 const app = express();
-app.use(morgan('dev')); //morgan gives us useful logging
+app.use(morgan("dev")); //morgan gives us useful logging
 
-require('ejs');
-app.set('view engine', 'ejs');
-app.set('views', path.join(__dirname, 'views'));
+require("ejs");
+app.set("view engine", "ejs");
+app.set("views", path.join(__dirname, "views"));
 
-app.use(express.static('public'));
+app.use(express.static("public"));
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: true }));
+app.use(favicon(__dirname + "/public/images/favicon.ico"));
 
+setupAuth(app);
 const routes = require("./routes/routes.js");
-app.use('/', routes);
+app.use("/", routes);
 
-app.use((req, res) => {
-    res.status(404).render('not_found');
+app.use((_, res) => {
+  res.status(404).render("not_found");
+});
+
+const startServer = async () => {
+  await connectToDb();
+  app.listen(port, () => {
+    console.log(`Listening on http://localhost:${port} :-D`);
   });
+};
+
+startServer();
 
-const server = app.listen(3000, function () {
-    console.log("Listening on http://localhost:" + server.address().port, ":-D");
-});
+module.exports = app;