Initial code base - contains api only

Author: callmekatootie

.gitignore

@@ -0,0 +1,7 @@
+.idea
+node_modules/
+*.log
+.DS_Store
+.nyc_output
+coverage/
+.env

README.md

@@ -1 +1,150 @@
-# member-preferences-service
+# Member preferences service
+
+## Prerequisites
+
+- NodeJS (v10)
+- AWS DynamoDB
+- Java 6+ (if using runnable jar of local DynamoDB)
+- Docker, Docker Compose (if using docker of local DynamoDB)
+
+## Configuration
+
+Configuration for the application is at `config/default.js` and `config/production.js`.
+The following parameters can be set in config files or in env variables:
+
+- LOG_LEVEL: the log level
+- PORT: the server port
+- API_VERSION: the API version
+- AUTH_SECRET: TC Authentication secret
+- VALID_ISSUERS: valid issuers for TC authentication
+- AUTH0_URL: AUTH0 URL, used to get M2M token
+- AUTH0_PROXY_SERVER_URL: AUTH0 proxy server URL, used to get M2M token
+- AUTH0_AUDIENCE: AUTH0 audience, used to get M2M token
+- TOKEN_CACHE_TIME: AUTH0 token cache time, used to get M2M token
+- AUTH0_CLIENT_ID: AUTH0 client id, used to get M2M token
+- AUTH0_CLIENT_SECRET: AUTH0 client secret, used to get M2M token
+- AMAZON_AWS_REGION: the Amazon AWS region to access DynamoDB
+- AMAZON_AWS_DYNAMODB_READ_CAPACITY_UNITS: AWS DynamoDB read capacity units
+- AMAZON_AWS_DYNAMODB_WRITE_CAPACITY_UNITS: AWS DynamoDB write capacity units
+- AMAZON_AWS_DYNAMODB_ENDPOINT: DynamoDB endpoint, set it only for local DynamoDB
+- AMAZON_AWS_DYNAMODB_PREFERENCE_TABLE: AWS DynamoDB table for user preferences
+- MAILCHIMP_API_BASE_URL: Mailchimp API base URL
+- MAILCHIMP_API_KEY: Mailchimp API key
+- MAILCHIMP_LIST_ID: Mailchimp list/audience id
+- SEARCH_USERS_URL: URL to search users
+
+Set the following environment variables so that the app can get TC M2M token (use 'set' insted of 'export' for Windows OS):
+
+- export AUTH0_CLIENT_ID=8QovDh27SrDu1XSs68m21A1NBP8isvOt
+- export AUTH0_CLIENT_SECRET=3QVxxu20QnagdH-McWhVz0WfsQzA1F8taDdGDI4XphgpEYZPcMTF4lX3aeOIeCzh
+- export AUTH0_URL=https://topcoder-dev.auth0.com/oauth/token
+- export AUTH0_AUDIENCE=https://m2m.topcoder-dev.com/
+
+## AWS Setup
+
+1. Download your AWS Credentials from AWS Console. Refer [AWS Documentation](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-your-credentials.html)
+
+2. Depending on your Operating System, create AWS credentials file in the path listed below
+
+    ```bash
+    Linux, Unix, and macOS users: ~/.aws/credentials
+
+    Windows users: C:\Users\{USER_NAME}\.aws\credentials
+    ```
+
+3. credentials file should look like below
+
+    ```bash
+    [default]
+    aws_access_key_id=SOME_ACCESS_KEY_ID
+    aws_secret_access_key=SOME_SECRET_ACCESS_KEY
+    ```
+
+4. Configure AMAZON_AWS_REGION in config file or environment
+
+## Local DynamoDB setup (Optional)
+
+This page `https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DynamoDBLocal.html` provides several ways to deploy local DynamoDB.
+
+If you want to use runnable jar of local DynamoDB:
+
+- see `https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DynamoDBLocal.DownloadingAndRunning.html` for details
+- download the local DynamoDB of your region
+- extract out the downloaded archive
+- ensure Java 6+ is installed
+- in the extracted folder, run `java -Djava.library.path=./DynamoDBLocal_lib -jar DynamoDBLocal.jar -sharedDb`
+- configure the AMAZON_AWS_DYNAMODB_ENDPOINT config parameter to `http://localhost:8000` in config file or via environment variable
+- follow above section to configure AWS credential, when using local DynamoDB, any fake access key id and secret access key may be used
+
+If you want to use docker of local DynamoDB:
+
+- see `https://hub.docker.com/r/amazon/dynamodb-local` for details
+- you may go to `docker` folder, and run `docker-compose up` to start local DynamoDB
+- configure the AMAZON_AWS_DYNAMODB_ENDPOINT config parameter to `http://localhost:8000` in config file or via environment variable
+- follow above section to configure AWS credential, when using local DynamoDB, any fake access key id and secret access key may be used
+
+## AWS DynamoDB setup
+
+- setup AWS credential and region properly
+- do not configure the AMAZON_AWS_DYNAMODB_ENDPOINT config param, then AWS DynamoDB will be used by default
+
+## Mailchimp setup
+
+- register a new account at `https://mailchimp.com`
+- after login, see the URL of your admin page, it is like `https://us20.admin.mailchimp.com/`,
+  here the `us20` is data center, it may be different for different users,
+  the MAILCHIMP_API_BASE_URL config param is like `https://{data-center}.api.mailchimp.com/3.0`,
+  so if data center is `us20`, then the MAILCHIMP_API_BASE_URL param should be `https://us20.api.mailchimp.com/3.0`
+- click right top profile -> Account -> Extras -> API keys, here you can generate API key, configure it to
+  MAILCHIMP_API_KEY config param
+- click header Audience -> right side Manage Audience -> Settings, scroll down and you can see the audience id,
+  configure it to MAILCHIMP_LIST_ID config param
+- click header Audience -> right side Manage Audience -> Settings -> Manage contacts -> Tags, here you can manage tags,
+  create 3 tags: `Data Science Newsletter`, `Design Newsletter`, `Dev Newsletter`
+
+- during review, you may simply use the provided Mailchimp config params, and then you don't need to do above setup
+
+## Local Deployment
+
+- Install dependencies `npm install`
+- Run lint `npm run lint`
+- Run lint fix `npm run lint:fix`
+- To delete DynamoDB table if needed `npm run delete-table`
+- To create DynamoDB table if needed `npm run create-table`
+- Start app `npm start`
+- App is running at `http://localhost:3000`
+
+## Verification
+
+- import Postman collection and environment in the docs folder to Postman
+- then run the Postman tests
+
+- you may use command `npm run view-table 23124329` to view DynamoDB preferences table record of given user id,
+  console will show info like below:
+
+```bash
+info: Data of id 23124329: {
+    "id": "23124329",
+    "email": {
+        "firstName": "first name",
+        "lastName": "last name",
+        "subscriptions": {
+            "Dev Newsletter": false,
+            "Data Science Newsletter": true,
+            "Design Newsletter": true
+        },
+        "updatedBy": "user2",
+        "createdBy": "user1"
+    },
+    "objectId": "23124329",
+    "updatedAt": "2019-04-19T18:24:15.128Z"
+}
+info: Done!
+```
+
+- if you are using AWS DynamoDB, you may also view the table content in AWS web console
+
+## Notes
+
+- swagger is at `docs/swagger.yaml`, you may check it using `http://editor.swagger.io/`
+- all JWT tokens provided in Postman environment file and tests are created in `https://jwt.io` with secret `mysecret`

app-bootstrap.js

@@ -0,0 +1,4 @@
+/**
+ * App bootstrap
+ */
+global.Promise = require('bluebird')

app-constants.js

@@ -0,0 +1,33 @@
+/**
+ * App constants
+ */
+const UserRoles = {
+  Admin: 'Administrator',
+  Copilot: 'Copilot',
+  User: 'Topcoder User'
+}
+
+const Scopes = {
+  ReadPreference: 'read:preferences',
+  UpdatePreference: 'update:preferences',
+  AllPreference: 'all:preferences'
+}
+
+const PreferenceSubscriptions = ['Dev Newsletter', 'Design Newsletter', 'Data Science Newsletter']
+
+const MailchimpMemberStatuses = {
+  Subscribed: 'subscribed'
+}
+
+const MailchimpTagStatuses = {
+  Active: 'active',
+  Inactive: 'inactive'
+}
+
+module.exports = {
+  UserRoles,
+  Scopes,
+  PreferenceSubscriptions,
+  MailchimpMemberStatuses,
+  MailchimpTagStatuses
+}

app-routes.js

@@ -0,0 +1,115 @@
+/**
+ * Configure all routes for express app
+ */
+const _ = require('lodash')
+const config = require('config')
+const HttpStatus = require('http-status-codes')
+const helper = require('./src/common/helper')
+const errors = require('./src/common/errors')
+const routes = require('./src/routes')
+const authenticator = require('tc-core-library-js').middleware.jwtAuthenticator
+
+/**
+ * Checks if the source matches the term.
+ *
+ * @param {Array} source the array in which to search for the term
+ * @param {Array | String} term the term to search
+ */
+function checkIfExists (source, term) {
+  let terms
+
+  if (!_.isArray(source)) {
+    throw new Error('Source argument should be an array')
+  }
+
+  source = source.map(s => s.toLowerCase())
+
+  if (_.isString(term)) {
+    terms = term.split(' ')
+  } else if (_.isArray(term)) {
+    terms = term.map(t => t.toLowerCase())
+  } else {
+    throw new Error('Term argument should be either a string or an array')
+  }
+
+  for (let i = 0; i < terms.length; i++) {
+    if (source.includes(terms[i])) {
+      return true
+    }
+  }
+
+  return false
+}
+
+/**
+ * Configure all routes for express app
+ * @param app the express app
+ */
+module.exports = (app) => {
+  // Load all routes
+  _.each(routes, (verbs, path) => {
+    _.each(verbs, (def, verb) => {
+      const controllerPath = `./src/controllers/${def.controller}`
+      const method = require(controllerPath)[def.method]; // eslint-disable-line
+      if (!method) {
+        throw new Error(`${def.method} is undefined`)
+      }
+
+      const actions = []
+      actions.push((req, res, next) => {
+        req.signature = `${def.controller}#${def.method}`
+        next()
+      })
+
+      // Authentication and Authorization
+      if (def.auth === 'jwt') {
+        actions.push((req, res, next) => {
+          authenticator(_.pick(config, ['AUTH_SECRET', 'VALID_ISSUERS']))(req, res, next)
+        })
+
+        actions.push((req, res, next) => {
+          if (!req.authUser) {
+            return next(new errors.UnauthorizedError('Action is not allowed for invalid token'))
+          }
+
+          if (req.authUser.roles) {
+            if (def.access && !checkIfExists(def.access, req.authUser.roles)) {
+              next(new errors.ForbiddenError('You are not allowed to perform this action!'))
+            } else {
+              next()
+            }
+          } else if (req.authUser.scopes) {
+            if (def.scopes && !checkIfExists(def.scopes, req.authUser.scopes)) {
+              next(new errors.ForbiddenError('You are not allowed to perform this action!'))
+            } else {
+              next()
+            }
+          } else if ((_.isArray(def.access) && def.access.length > 0) ||
+            (_.isArray(def.scopes) && def.scopes.length > 0)) {
+            next(new errors.UnauthorizedError('You are not authorized to perform this action'))
+          } else {
+            next()
+          }
+        })
+      }
+
+      actions.push(method)
+      app[verb](`${config.API_VERSION}${path}`, helper.autoWrapExpress(actions))
+    })
+  })
+
+  // Check if the route is not found or HTTP method is not supported
+  app.use('*', (req, res) => {
+    const route = routes[req.baseUrl]
+    let status
+    let message
+    if (route) {
+      status = HttpStatus.METHOD_NOT_ALLOWED
+      message = 'The requested HTTP method is not supported.'
+    } else {
+      status = HttpStatus.NOT_FOUND
+      message = 'The requested resource cannot be found.'
+    }
+    res.status(status).json({ message })
+  })
+}

app.js

@@ -0,0 +1,61 @@
+/**
+ * The application entry point
+ */
+
+require('./app-bootstrap')
+
+const config = require('config')
+const express = require('express')
+const bodyParser = require('body-parser')
+const _ = require('lodash')
+const cors = require('cors')
+const logger = require('./src/common/logger')
+const HttpStatus = require('http-status-codes')
+
+// setup express app
+const app = express()
+
+app.use(cors())
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({ extended: true }))
+app.set('port', config.PORT)
+
+// Register routes
+require('./app-routes')(app)
+
+// The error handler
+// eslint-disable-next-line no-unused-vars
+app.use((err, req, res, next) => {
+  logger.logFullError(err, req.signature || `${req.method} ${req.url}`)
+  const errorResponse = {}
+  const status = err.isJoi ? HttpStatus.BAD_REQUEST : (err.httpStatus || HttpStatus.INTERNAL_SERVER_ERROR)
+
+  if (_.isArray(err.details)) {
+    if (err.isJoi) {
+      _.map(err.details, (e) => {
+        if (e.message) {
+          if (_.isUndefined(errorResponse.message)) {
+            errorResponse.message = e.message
+          } else {
+            errorResponse.message += `, ${e.message}`
+          }
+        }
+      })
+    }
+  }
+  if (_.isUndefined(errorResponse.message)) {
+    if (err.message && status !== HttpStatus.INTERNAL_SERVER_ERROR) {
+      errorResponse.message = err.message
+    } else {
+      errorResponse.message = 'Internal server error'
+    }
+  }
+
+  res.status(status).json(errorResponse)
+})
+
+app.listen(app.get('port'), () => {
+  logger.info(`Express server listening on port ${app.get('port')}`)
+})
+
+module.exports = app