Merge pull request #28 from yurenju/feat/e2e-server-2

Feat/e2e server 2
moda-gov-tw · Sep 26, 2023 · c6bf344 · c6bf344
2 parents 8b21aae + f1ef7d4
commit c6bf344
Show file tree

Hide file tree

Showing 9 changed files with 178 additions and 53 deletions.
diff --git a/apps/server/src/ethereum/ethereum.e2e-spec.ts b/apps/server/src/ethereum/ethereum.e2e-spec.ts
@@ -2,32 +2,14 @@ import { INestApplication } from '@nestjs/common';
 import request from 'supertest';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts';
-import { SiweMessage } from 'siwe';
-import { setupMongoDb, setupTestApplication } from '../../tests/helper';
+import {
+  generatePayload,
+  getDomain,
+  setupMongoDb,
+  setupTestApplication,
+} from '../../tests/helper';
 import { getRandomHexString } from '../utils';
 
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-function getDomain(server: any): string {
-  server.listen();
-  const address = server.address();
-  return `127.0.0.1:${address.port}`;
-}
-
-function generateSiweMessage(domain: string, address: string, nonce: string) {
-  const rawMessage = new SiweMessage({
-    domain,
-    address,
-    statement: 'Sign in with Ethereum to the app.',
-    uri: `http://${domain}`,
-    version: '1',
-    chainId: 1,
-    nonce,
-  });
-  const message = rawMessage.prepareMessage() as `0x${string}`;
-
-  return message;
-}
-
 describe('EthereumModule', () => {
   let app: INestApplication;
   let mongod: MongoMemoryServer;
@@ -59,18 +41,12 @@ describe('EthereumModule', () => {
 
     const privateKey = generatePrivateKey();
     const account = privateKeyToAccount(privateKey);
-    const message = generateSiweMessage(
+    const payload = await generatePayload(
+      id,
       domain,
-      account.address,
+      account,
       challengeRes.body.value
     );
-    const signature = await account.signMessage({ message });
-    const payload = {
-      id,
-      account: account.address,
-      message,
-      signature,
-    };
 
     await request(server)
       .post('/api/auth/ethereum/login')
@@ -94,23 +70,22 @@ describe('EthereumModule', () => {
 
     const privateKey = generatePrivateKey();
     const account = privateKeyToAccount(privateKey);
-    const message = generateSiweMessage(
+    const payload = await generatePayload(
+      id,
       domain,
-      account.address,
+      account,
       getRandomHexString()
     );
-    const signature = await account.signMessage({ message });
-    const payload = {
-      id,
-      account: account.address,
-      message,
-      signature,
-    };
 
     request(server)
       .post('/api/auth/ethereum/login')
       .send(payload)
       .set('Authorization', `Bearer ${token}`)
       .expect(401);
   });
+
+  it('should fail to challenge without a JWT token', async () => {
+    const server = app.getHttpServer();
+    return request(server).post('/api/auth/ethereum/challenge').expect(401);
+  });
 });
diff --git a/apps/server/src/ethereum/nonce.service.ts b/apps/server/src/ethereum/nonce.service.ts
@@ -26,7 +26,7 @@ export class NonceService {
       .findOneAndDelete({ value: nonceValue })
       .exec();
 
-    // this callback hander is for compatible of passport-siwe
+    // this callback is for compatible of passport-siwe
     if (!nonce) {
       const error = new NotFoundException('Nonce not found');
       if (cb) {

diff --git a/apps/server/src/national/national.controller.ts b/apps/server/src/national/national.controller.ts
@@ -1,5 +1,6 @@
 import {
   Body,
+  ConflictException,
   Controller,
   Get,
   Post,
@@ -11,6 +12,7 @@ import { NationalService } from './national.service';
 import { RegisterNationalDto } from './register-national.dto';
 import { LocalAuthGuard } from './guards/local-auth.guard';
 import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { CreateUserDto } from '../user/create-user.dto';
 
 @Controller('auth/national')
 export class NationalController {
@@ -28,7 +30,8 @@ export class NationalController {
   @Post('register')
   async register(@Body() registerNationalDto: RegisterNationalDto) {
     const nationalId = registerNationalDto.username;
-    const user = await this.usersService.findOrCreate(nationalId);
+    const createUserDto: CreateUserDto = { nationalId };
+    const user = await this.usersService.createUnique(createUserDto);
     return this.nationalService.login(user);
   }
 

diff --git a/apps/server/src/national/national.e2e-spec.ts b/apps/server/src/national/national.e2e-spec.ts
@@ -60,4 +60,30 @@ describe('NationalModule', () => {
         expect(res.body).toHaveProperty('user');
       });
   });
+
+  it('should fail to login with incorrect username', async () => {
+    const server = app.getHttpServer();
+
+    await request(server)
+      .post('/api/auth/national/login')
+      .send({ username: 'non-exist', password: 'password' })
+      .expect(401);
+  });
+
+  it('should fail to register with existing username', async () => {
+    const server = app.getHttpServer();
+    await request(server)
+      .post('/api/auth/national/register')
+      .send({ username: 'username', password: 'password' });
+    return request(server)
+      .post('/api/auth/national/register')
+      .send({ username: 'username', password: 'password' })
+      .expect(409);
+  });
+
+  it('should fail to check without a JWT token', async () => {
+    return request(app.getHttpServer())
+      .get('/api/auth/national/check')
+      .expect(401);
+  });
 });
diff --git a/apps/server/src/user/user.controller.ts b/apps/server/src/user/user.controller.ts
@@ -1,18 +1,12 @@
-import { Body, Controller, Get, Param, Post, UseGuards } from '@nestjs/common';
+import { Controller, Get, Param, UseGuards } from '@nestjs/common';
 import { User } from './user.schema';
 import { UsersService } from './user.service';
-import { CreateUserDto } from './create-user.dto';
 import { JwtAuthGuard } from '../national/guards/jwt-auth.guard';
 
 @Controller('users')
 export class UsersController {
   constructor(private usersService: UsersService) {}
 
-  @Post()
-  create(@Body() createUserDto: CreateUserDto) {
-    this.usersService.create(createUserDto);
-  }
-
   @UseGuards(JwtAuthGuard)
   @Get()
   findAll(): Promise<User[]> {

diff --git a/apps/server/src/user/user.e2e-spec.ts b/apps/server/src/user/user.e2e-spec.ts
@@ -0,0 +1,70 @@
+import { INestApplication } from '@nestjs/common';
+import { Identity } from '@semaphore-protocol/identity';
+import request from 'supertest';
+import { MongoMemoryServer } from 'mongodb-memory-server';
+import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts';
+import {
+  generatePayload,
+  getDomain,
+  setupMongoDb,
+  setupTestApplication,
+} from '../../tests/helper';
+
+describe('UsersModule', () => {
+  let app: INestApplication;
+  let mongod: MongoMemoryServer;
+
+  beforeEach(async () => {
+    mongod = await setupMongoDb();
+    app = await setupTestApplication(mongod.getUri());
+  });
+
+  afterEach(async () => {
+    await mongod.stop();
+    await app.close();
+  });
+
+  it('should get an array of semaphore commitments', async () => {
+    const server = app.getHttpServer();
+    const domain = getDomain(server);
+
+    const res = await request(server)
+      .post('/api/auth/national/register')
+      .send({ username: 'username', password: 'password' });
+
+    const { id, token } = res.body;
+
+    const challengeRes = await request(server)
+      .post('/api/auth/ethereum/challenge')
+      .set('Authorization', `Bearer ${token}`)
+      .expect(201);
+
+    const privateKey = generatePrivateKey();
+    const account = privateKeyToAccount(privateKey);
+    const payload = await generatePayload(
+      id,
+      domain,
+      account,
+      challengeRes.body.value
+    );
+
+    const identity = new Identity();
+    const commitment = identity.commitment.toString();
+
+    await request(server)
+      .post('/api/auth/ethereum/login')
+      .send(payload)
+      .set('Authorization', `Bearer ${token}`);
+
+    await request(server)
+      .put('/api/auth/semaphore')
+      .send({ id, commitment })
+      .set('Authorization', `Bearer ${token}`);
+
+    await request(server)
+      .get('/api/users/commitments')
+      .expect((res) => {
+        expect(res.body).toEqual([commitment]);
+      });
+  });
+});
diff --git a/apps/server/src/user/user.service.ts b/apps/server/src/user/user.service.ts
@@ -1,4 +1,4 @@
-import { Injectable } from '@nestjs/common';
+import { ConflictException, Injectable } from '@nestjs/common';
 import { InjectModel } from '@nestjs/mongoose';
 import { User, UserDocument } from './user.schema';
 import { CreateUserDto } from './create-user.dto';
@@ -8,7 +8,7 @@ import { Model } from 'mongoose';
 export class UsersService {
   constructor(@InjectModel(User.name) private userModel: Model<User>) {}
 
-  async create(createUserDto: CreateUserDto): Promise<User> {
+  async create(createUserDto: CreateUserDto): Promise<UserDocument> {
     const createdUser = new this.userModel(createUserDto);
     return createdUser.save();
   }
@@ -35,6 +35,16 @@ export class UsersService {
     );
   }
 
+  async createUnique(createUserDto: CreateUserDto): Promise<UserDocument> {
+    const existingUser = await this.findOne(createUserDto.nationalId);
+
+    if (existingUser) {
+      throw new ConflictException('National ID already exists');
+    }
+
+    return this.create(createUserDto);
+  }
+
   updateEthereumAccount(id: string, ethereumAccount: string) {
     return this.userModel.findByIdAndUpdate(id, {
       ethereumAccount,

diff --git a/apps/server/tests/helper.ts b/apps/server/tests/helper.ts
@@ -4,6 +4,8 @@ import { Test, TestingModule } from '@nestjs/testing';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import { UsersModule } from '../src/user/user.module';
 import { AuthModule } from '../src/auth/auth.module';
+import { SiweMessage } from 'siwe';
+import { PrivateKeyAccount } from 'viem/accounts';
 
 export function setupMongoDb(): Promise<MongoMemoryServer> {
   return MongoMemoryServer.create();
@@ -21,3 +23,47 @@ export async function setupTestApplication(
   await app.init();
   return app;
 }
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function getDomain(server: any): string {
+  server.listen();
+  const address = server.address();
+  return `127.0.0.1:${address.port}`;
+}
+
+export function generateSiweMessage(
+  domain: string,
+  address: string,
+  nonce: string
+) {
+  const rawMessage = new SiweMessage({
+    domain,
+    address,
+    statement: 'Sign in with Ethereum to the app.',
+    uri: `http://${domain}`,
+    version: '1',
+    chainId: 1,
+    nonce,
+  });
+  const message = rawMessage.prepareMessage() as `0x${string}`;
+
+  return message;
+}
+
+export async function generatePayload(
+  id: string,
+  domain: string,
+  account: PrivateKeyAccount,
+  nonce: string
+) {
+  const message = generateSiweMessage(domain, account.address, nonce);
+  const signature = await account.signMessage({ message });
+  const payload = {
+    id,
+    account: account.address,
+    message,
+    signature,
+  };
+
+  return payload;
+}
diff --git a/apps/server/tsconfig.spec.json b/apps/server/tsconfig.spec.json
@@ -7,6 +7,7 @@
   },
   "include": [
     "jest.config.ts",
+    "src/test.end.d.ts",
     "tests/**.ts",
     "src/**/*.test.ts",
     "src/**/*.spec.ts",