complete with password based authentication

Author: VigneshVSV

backend/README.md

@@ -1,2 +1,8 @@
+# Website Backend
+
+Contains a few functionalities needed to run the website.
+
+- Submit feedbacks, contact and comments
+- A directory of examples
+
 
-# Typescript module

backend/src/app.tsx

@@ -1,24 +1,63 @@
 import * as express from 'express';
 import * as dotenv from 'dotenv';
-import feedbackRoutes from './routes/feedback.routes';
-import healthRoutes from './routes/health.routes';
 import * as swaggerUi from 'swagger-ui-express';
 import * as YAML from 'yamljs';
 import * as path from 'path';
+import * as match from 'path-to-regexp';
+import feedbackRoutes from './routes/feedback.routes';
+import healthRoutes from './routes/health.routes';
 
 
 dotenv.config();
 const swaggerDocument = YAML.load(path.join(__dirname, './docs/openapi.yaml'));
 
+// Parse swaggerDocument to find paths with security defined
+const securedPaths: string[] = [];
+if (swaggerDocument && swaggerDocument.paths) {
+    for (const [route, methods] of Object.entries(swaggerDocument.paths)) {
+        // @ts-ignore
+        for (const [method, details] of Object.entries<any>(methods)) {
+            if (details && details.security && details.security.length > 0) {
+                if (!securedPaths.includes(route)) {
+                    securedPaths.push(route);
+                }
+            }
+        }
+    }
+}
+console.debug('Secured paths:', securedPaths);
+
+
 const app = express();
+
 // Middleware
+// JSON body parser
 app.use(express.json());
+// Authentication middleware
+// @ts-ignore
+app.use((req, res, next) => {
+    const isSecured = securedPaths.some(pathPattern => {
+        // Convert OpenAPI path patterns (e.g., /feedbacks/{id}) to path-to-regexp style (e.g., /feedbacks/:id)
+        const openApiPattern = pathPattern.replace(/{([^}]+)}/g, ':$1');
+        const matcher = match.match(openApiPattern, { decode: decodeURIComponent, end: true });
+        return matcher(req.path) !== false;
+    });
+    console.debug('Request path:', req.path, 'isSecured:', isSecured);
+    if (isSecured) {
+        const token = req.headers['x-api-key'];
+        if (!token || token !== process.env.AUTH_TOKEN) {
+            console.warn('Unauthorized access attempt:', req.path);
+            return res.status(401).json({ message: 'Unauthorized' });
+        }
+    } 
+    next();
+});
 
 // Routes
 // @ts-ignore
 app.get('/', (req, res) => res.redirect('/api-docs'));
 app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
 app.use('/feedbacks', feedbackRoutes);
-app.use('/health', healthRoutes)
+app.use('/health', healthRoutes);
 
 export default app;

backend/src/db.tsx

@@ -4,8 +4,6 @@ import * as dotenv from 'dotenv';
 dotenv.config();
 
 const POSTGRES_URI = process.env.POSTGRES_URI || 'postgres://user:password@localhost:5432/myapp';
-console.log(`Connecting to PostgreSQL at ${POSTGRES_URI}`);
-// PostgreSQL Connection
 export const sequelize = new Sequelize(POSTGRES_URI, {dialect: "postgres"});
 
 sequelize.authenticate()

backend/src/docs/openapi.yaml

@@ -24,6 +24,32 @@ components:
         text:
           type: string
 
+    FeedbackRow:
+      type: object
+      description: Feedback data structure for database storage
+      properties:
+        id:
+          type: string
+          format: uuid
+          example: "123e4567-e89b-12d3-a456-426614174000"
+        name:
+          type: string
+        type:
+          type: string
+          example: "bug" # or "feature"
+        email:
+          type: string
+        text:
+          type: string
+        created_at:
+          type: string
+          format: date-time
+          example: "2023-10-01T12:00:00Z"
+        updated_at:
+          type: string
+          format: date-time
+          example: "2023-10-01T12:00:00Z"
+
     ResponseMessage:
       type: object
       description: Plain response with a message field
@@ -42,13 +68,21 @@ components:
         message:
           type: string
           example: "Service is healthy"
+  
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header 
+      name: X-API-KEY # name of the header, query parameter or cookie
 
 
 paths: 
   /feedbacks:
     post:
       summary: Submit feedback
       operationId: submitFeedback
+      security:
+        - ApiKeyAuth: []
       requestBody:
         required: true
         content:
@@ -84,6 +118,8 @@ paths:
     get:
       summary: Get all feedbacks
       operationId: getFeedbacks
+      security:
+        - ApiKeyAuth: []
       responses:
         '200':
           description: List of feedbacks
@@ -92,7 +128,7 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/Feedback'
+                  $ref: '#/components/schemas/FeedbackRow'
         '500':
           description: Internal server error
           content:
@@ -104,6 +140,8 @@ paths:
     get:
       summary: Get feedback by ID
       operationId: getFeedbackById
+      security:
+        - ApiKeyAuth: []
       parameters:
         - name: id
           in: path
@@ -116,15 +154,14 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Feedback'
+                $ref: '#/components/schemas/FeedbackRow'
         '404':
           description: Feedback not found
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/ResponseMessage'
 
-
   /health:
     get:
       summary: Health check
@@ -142,6 +179,7 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/HealthStatus'
+  
 
 
 

backend/src/models/feedback.model.tsx

@@ -32,11 +32,11 @@ Feedback.init(
     {
         sequelize,
         modelName: 'Feedback',
-        tableName: 'Feedbacks',
+        tableName: 'feedbacks',
         timestamps: true,
         createdAt: 'created_at',
         updatedAt: 'updated_at',
-        underscored: true, // Use snake_case for column names
+        underscored: true,
         indexes: [
             {
                 unique: true,