myhealthpass-auth v2.0.1

Case Study Exercise - MyHealthPass Authentication and Authorization Library

This package is the authentication and authorization library to be used by the MyHealthPass health system.
The package was written in TypeScript and npm packages have been created for the two releases.
An example of how it can be used within a Node.js web application is shown below.

Installation

npm

npm install myhealthpass-auth

Getting Started

To use the package the auth object must be instantiated as seen below:

import { AuthApp } from 'myhealthpass-auth';

// ...

const config = {
    authSecret: 'my-secret',
    accountsStore: new YourAccountStore(),
};
  
const authApp = new AuthApp();
const auth = authApp.configure(config);

The YourAccountStore object would be your concrete implementation of the provided IAcccountStore interface, to handle the retrieval and storage of accounts to an actual data store.

The auth object can then be used to call the various methods.

// register
const details = new AccountDetails('username');
const registerResult: Account = auth.register(details, 'password');

// login
const loginResult: Account = auth.login('username', 'password');

// authenticate token
const valid: boolean = auth.authenticate(loginResult.token!);

Data Models

The following are the data models used within the package:

• Account: This is used as a representation of the registered or logged in user. It is used to track the user token and whether or not the user account is locked.
• AccountDetails: This is used as a representation of data passed to the library during registration.

  Assumption: The consumer should make use of the Account and AccountDetails models to map to data in their backing database/storage.

Interfaces

The following are the interfaces available for use in the package:

• IAccountStore: The inheriting class should be a concrete implementation that uses the backing database/storage to:
  • getAccount(username: string)
  • addNewAccount(account: Account)

Tests

Unit tests have been created for the case study and can be run by using a terminal in the solution directory to run:

npm install

To ensure that the required packages are installed.
Then run:

npm run test

Assumptions

The following are some assumptions made while developing the solution:

• Both the login and register methods return an Account object that includes a token which the user can use to authenticate.
• This package does not handle the actual storage of data. The consumer should make use of the Account and AccountDetails models to map to data in their backing database/storage after login and registration.
• The consumer should implement the IAcccountStore to handle the actual retrieval and storage of accounts.
• UTC dates are used for all date calculations to avoid timezone conflicts.
• All time period configuration options represent seconds.

Diagrams

The diagrams describing the architecture can be seen here.

Usage

The provided Node.js web application under examples > node-app, can use used to test the implementation of the package.

Installation

1. Download the node-app folder
2. Open a terminal in the folder and run npm install
3. Run the node app by running npm run start
4. Using a tool for testing API requests, make a request to the endpoint of the running node application, likely http://localhost:3000.

Making Requests

Register

POST http://localhost:3000/register

Example Body:

{
    "accountDetails": {
        "username": "bob", 
        "fullName": "Bob Smith"
    },
    "password": "password1"
}

Login

POST http://localhost:3000/login

Example Body:

{
    "username": "bob", 
    "password": "password1"
}

Authenticate

POST http://localhost:3000/authenticate

Example Body:

{
    "token": "token-received-after-login-or-register",
}