refactored to move bcrypt into infra layer

Author: nikolovlazar

src/application/repositories/users.repository.interface.ts

@@ -1,8 +1,8 @@
-import type { User } from '@/src/entities/models/user';
+import type { User, CreateUser } from '@/src/entities/models/user';
 import type { ITransaction } from '@/src/entities/models/transaction.interface';
 
 export interface IUsersRepository {
   getUser(id: string): Promise<User | undefined>;
   getUserByUsername(username: string): Promise<User | undefined>;
-  createUser(input: User, tx?: ITransaction): Promise<User>;
+  createUser(input: CreateUser, tx?: ITransaction): Promise<User>;
 }

src/application/services/authentication.service.interface.ts

@@ -7,6 +7,10 @@ export interface IAuthenticationService {
   validateSession(
     sessionId: Session['id']
   ): Promise<{ user: User; session: Session }>;
+  validatePasswords(
+    inputPassword: string,
+    usersHashedPassword: string
+  ): Promise<boolean>;
   createSession(user: User): Promise<{ session: Session; cookie: Cookie }>;
   invalidateSession(sessionId: Session['id']): Promise<{ blankCookie: Cookie }>;
 }

src/application/use-cases/auth/sign-in.use-case.ts

@@ -1,5 +1,3 @@
-import { compare } from 'bcrypt-ts';
-
 import { AuthenticationError } from '@/src/entities/errors/auth';
 import { Cookie } from '@/src/entities/models/cookie';
 import { Session } from '@/src/entities/models/session';
@@ -30,9 +28,9 @@ export const signInUseCase =
           throw new AuthenticationError('User does not exist');
         }
 
-        const validPassword = await instrumentationService.startSpan(
-          { name: 'verify password hash', op: 'function' },
-          () => compare(input.password, existingUser.password_hash)
+        const validPassword = await authenticationService.validatePasswords(
+          input.password,
+          existingUser.password_hash
         );
 
         if (!validPassword) {

src/application/use-cases/auth/sign-up.use-case.ts

@@ -1,13 +1,10 @@
-import { hash } from 'bcrypt-ts';
-
 import { AuthenticationError } from '@/src/entities/errors/auth';
 import { Cookie } from '@/src/entities/models/cookie';
 import { Session } from '@/src/entities/models/session';
 import { User } from '@/src/entities/models/user';
 import type { IInstrumentationService } from '@/src/application/services/instrumentation.service.interface';
 import type { IAuthenticationService } from '@/src/application/services/authentication.service.interface';
 import type { IUsersRepository } from '@/src/application/repositories/users.repository.interface';
-import { PASSWORD_SALT_ROUNDS } from '@/config';
 
 export type ISignUpUseCase = ReturnType<typeof signUpUseCase>;
 
@@ -35,17 +32,12 @@ export const signUpUseCase =
           throw new AuthenticationError('Username taken');
         }
 
-        const passwordHash = await instrumentationService.startSpan(
-          { name: 'hash password', op: 'function' },
-          () => hash(input.password, PASSWORD_SALT_ROUNDS)
-        );
-
         const userId = authenticationService.generateUserId();
 
         const newUser = await usersRepository.createUser({
           id: userId,
           username: input.username,
-          password_hash: passwordHash,
+          password: input.password,
         });
 
         const { cookie, session } =

src/entities/models/user.ts

@@ -7,3 +7,9 @@ export const userSchema = z.object({
 });
 
 export type User = z.infer<typeof userSchema>;
+
+export const createUserSchema = userSchema
+  .pick({ id: true, username: true })
+  .merge(z.object({ password: z.string().min(6).max(255) }));
+
+export type CreateUser = z.infer<typeof createUserSchema>;

src/infrastructure/repositories/users.repository.mock.ts

@@ -1,7 +1,7 @@
 import { hashSync } from 'bcrypt-ts';
 
 import { IUsersRepository } from '@/src/application/repositories/users.repository.interface';
-import { User } from '@/src/entities/models/user';
+import type { CreateUser, User } from '@/src/entities/models/user';
 import { PASSWORD_SALT_ROUNDS } from '@/config';
 
 export class MockUsersRepository implements IUsersRepository {
@@ -35,8 +35,13 @@ export class MockUsersRepository implements IUsersRepository {
     const user = this._users.find((u) => u.username === username);
     return user;
   }
-  async createUser(input: User): Promise<User> {
-    this._users.push(input);
-    return input;
+  async createUser(input: CreateUser): Promise<User> {
+    const newUser: User = {
+      id: this._users.length.toString(),
+      username: input.username,
+      password_hash: input.password,
+    };
+    this._users.push(newUser);
+    return newUser;
   }
 }

src/infrastructure/repositories/users.repository.ts

@@ -1,12 +1,14 @@
 import { eq } from 'drizzle-orm';
+import { hash } from 'bcrypt-ts';
 
 import { db } from '@/drizzle';
 import { users } from '@/drizzle/schema';
 import { IUsersRepository } from '@/src/application/repositories/users.repository.interface';
 import { DatabaseOperationError } from '@/src/entities/errors/common';
-import { User } from '@/src/entities/models/user';
+import type { CreateUser, User } from '@/src/entities/models/user';
 import type { IInstrumentationService } from '@/src/application/services/instrumentation.service.interface';
 import type { ICrashReporterService } from '@/src/application/services/crash-reporter.service.interface';
+import { PASSWORD_SALT_ROUNDS } from '@/config';
 
 export class UsersRepository implements IUsersRepository {
   constructor(
@@ -65,12 +67,22 @@ export class UsersRepository implements IUsersRepository {
       }
     );
   }
-  async createUser(input: User): Promise<User> {
+  async createUser(input: CreateUser): Promise<User> {
     return await this.instrumentationService.startSpan(
       { name: 'UsersRepository > createUser' },
       async () => {
         try {
-          const query = db.insert(users).values(input).returning();
+          const password_hash = await this.instrumentationService.startSpan(
+            { name: 'hash password', op: 'function' },
+            () => hash(input.password, PASSWORD_SALT_ROUNDS)
+          );
+
+          const newUser: User = {
+            id: input.id,
+            username: input.username,
+            password_hash,
+          };
+          const query = db.insert(users).values(newUser).returning();
 
           const [created] = await this.instrumentationService.startSpan(
             {

src/infrastructure/services/authentication.service.mock.ts

@@ -13,6 +13,13 @@ export class MockAuthenticationService implements IAuthenticationService {
     this._sessions = {};
   }
 
+  async validatePasswords(
+    inputPassword: string,
+    usersHashedPassword: string
+  ): Promise<boolean> {
+    return inputPassword === usersHashedPassword;
+  }
+
   async validateSession(
     sessionId: string
   ): Promise<{ user: User; session: Session }> {

src/infrastructure/services/authentication.service.ts

@@ -1,4 +1,5 @@
 import { generateIdFromEntropySize, Lucia } from 'lucia';
+import { compare } from 'bcrypt-ts';
 
 import { SESSION_COOKIE } from '@/config';
 import { luciaAdapter } from '@/drizzle';
@@ -33,6 +34,16 @@ export class AuthenticationService implements IAuthenticationService {
     });
   }
 
+  validatePasswords(
+    inputPassword: string,
+    usersHashedPassword: string
+  ): Promise<boolean> {
+    return this._instrumentationService.startSpan(
+      { name: 'verify password hash', op: 'function' },
+      () => compare(inputPassword, usersHashedPassword)
+    );
+  }
+
   async validateSession(
     sessionId: string
   ): Promise<{ user: User; session: Session }> {