authentication

2024-09-13 21:14:09 +02:00
parent c00aad559d
commit b4a5f04505
65 changed files with 1140 additions and 77 deletions
--- a/api/src/modules/auth/auth.controller.ts
+++ b/api/src/modules/auth/auth.controller.ts
@@ -1,13 +1,17 @@
 import {
  Body,
  Controller,
+  Get,
  HttpException,
  HttpStatus,
  Post,
+  Req,
+  UseGuards,
 } from '@nestjs/common';
 import { AuthService } from './auth.service';
 import { AuthCodeDto } from 'src/model/dto';
 import { User } from 'src/model/entitites';
+import { AuthGuard } from 'src/core/guards/auth.guard';

@Controller('auth')
 export class AuthController {
@@ -23,4 +27,19 @@ export class AuthController {
    }
    return user;
  }
+
+  @UseGuards(AuthGuard)
+  @Get('me')
+  getMe(@Req() req: any) {
+    return req.user;
+  }
+
+  @Post('refresh')
+  async getNewAccessToken(@Body() b: any) {
+    if (b.refreshToken) {
+      return this.authService.getNewToken(b.refreshToken);
+    }
+
+    throw new HttpException('no token', HttpStatus.BAD_REQUEST);
+  }
 }
--- a/api/src/modules/auth/auth.module.ts
+++ b/api/src/modules/auth/auth.module.ts
@@ -4,7 +4,7 @@ import { AuthService } from './auth.service';
 import { DatabaseModule } from 'src/shared/database/database.module';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { HttpModule } from '@nestjs/axios';
-import { JwtModule } from '@nestjs/jwt';
+import { JwtModule, JwtService } from '@nestjs/jwt';

@Module({
  controllers: [AuthController],
@@ -22,5 +22,6 @@ import { JwtModule } from '@nestjs/jwt';
      }),
    }),
  ],
+  exports: [JwtModule, AuthService],
 })
 export class AuthModule {}
--- a/api/src/modules/auth/auth.service.ts
+++ b/api/src/modules/auth/auth.service.ts
@@ -1,4 +1,4 @@
-import { Injectable } from '@nestjs/common';
+import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
 import { AuthCodeDto } from 'src/model/dto';
 import { CreateUserDto } from 'src/model/dto/create-user.dto';
 import { UserRepository } from 'src/model/repositories';
@@ -21,7 +21,6 @@ export class AuthService {
  }

  async registerOrLoginWithAuthCode(auth: AuthCodeDto): Promise<User> {
-    console.log(auth);
    const body = this.createAuthCodeFormData(auth.code, 'authorization_code');
    const url = this.configService.get('SSO_TOKEN_URL');
    return new Promise<User>((resolve) => {
@@ -45,7 +44,6 @@ export class AuthService {
    access_token: string;
    refresh_token: string;
  }): Promise<User> {
-    console.log(access_token, refresh_token);
    const payload: IExternalAccessPayload = this.jwt.decode(access_token);
    return new Promise<User>(async (resolve) => {
      let user = await this.userRepo.findByUsername(payload.username);
@@ -56,6 +54,9 @@ export class AuthService {
          externalId: payload.id,
        });
      }
+      if (!user.isActive) {
+        throw new HttpException('not active', HttpStatus.FORBIDDEN);
+      }

      user.firstName = payload.firstName;
      user.lastName = payload.lastName;
@@ -82,7 +83,7 @@ export class AuthService {
      type: 'refresh',
    };

-    user.refreshToken = this.jwt.sign(rPay);
+    user.refreshToken = this.jwt.sign(rPay, { expiresIn: '1w' });
  }

  private createAuthCodeFormData(
@@ -103,4 +104,76 @@ export class AuthService {
    );
    return bodyFormData;
  }
+
+  getUserById(id: string): Promise<User> {
+    return this.userRepo.findById(id);
+  }
+
+  async getNewToken(refresh: string) {
+    try {
+      const payload: IPayload = this.jwt.verify(refresh);
+      const user = await this.getUserById(payload.id);
+      if (!user) {
+        throw new HttpException('not valid', HttpStatus.UNAUTHORIZED);
+      }
+      const s = await this.verifyExternal(user);
+      if (!s) {
+        throw new HttpException('not valid', HttpStatus.UNAUTHORIZED);
+      }
+      this.generateTokens(user);
+      return user;
+    } catch (e) {
+      throw new HttpException('invalid token', HttpStatus.BAD_REQUEST);
+    }
+  }
+
+  verifyExternal(user: User) {
+    if (!user || !user.external) {
+      return false;
+    }
+
+    const url = this.configService.get('SSO_VERIFY_URL');
+    return new Promise((resolve) => {
+      this.http
+        .post(url, { access_token: user.external.accessToken })
+        .subscribe({
+          next: (response) => {
+            const id = response.data.id;
+            if (id == user.external.externalId) {
+              resolve(true);
+            } else {
+              resolve(false);
+            }
+          },
+          error: async (error) => {
+            const data = error.response.data;
+            if (data.message == 'jwt expired') {
+              const s = await resolve(this.refreshExternalAccessToken(user));
+              return resolve(s);
+            }
+            resolve(false);
+          },
+        });
+    });
+  }
+
+  async refreshExternalAccessToken(user: User): Promise<any> {
+    const bodyFormData = this.createAuthCodeFormData(
+      user.external.refreshToken,
+      'refresh_token',
+    );
+    const url = this.configService.get('SSO_TOKEN_URL');
+    return new Promise((resolve) => {
+      this.http.post<any>(url, bodyFormData).subscribe({
+        next: async (response) => {
+          user.external.accessToken = response.data.access_token;
+          await this.userRepo.save(user);
+          resolve(true);
+        },
+        error: () => {
+          resolve(false);
+        },
+      });
+    });
+  }
 }
--- a/api/src/modules/role/role.controller.spec.ts
+++ b/api/src/modules/role/role.controller.spec.ts
@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { RoleController } from './role.controller';
+
+describe('RoleController', () => {
+  let controller: RoleController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [RoleController],
+    }).compile();
+
+    controller = module.get<RoleController>(RoleController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});
--- a/api/src/modules/role/role.controller.ts
+++ b/api/src/modules/role/role.controller.ts
@@ -0,0 +1,15 @@
+import { Controller, Get, UseGuards } from '@nestjs/common';
+import { RoleService } from './role.service';
+import { AuthGuard } from 'src/core/guards/auth.guard';
+
+@UseGuards(AuthGuard)
+@Controller('role')
+export class RoleController {
+
+  constructor(private readonly rolesService: RoleService) {}
+
+  @Get()
+  getRoles() {
+    return this.rolesService.getRoles();
+  }
+}
--- a/api/src/modules/role/role.module.ts
+++ b/api/src/modules/role/role.module.ts
@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+import { RoleController } from './role.controller';
+import { RoleService } from './role.service';
+import { DatabaseModule } from 'src/shared/database/database.module';
+import { AuthModule } from '../auth/auth.module';
+
+@Module({
+  controllers: [RoleController],
+  providers: [RoleService],
+  imports: [ DatabaseModule, AuthModule ]
+})
+export class RoleModule {}
--- a/api/src/modules/role/role.service.spec.ts
+++ b/api/src/modules/role/role.service.spec.ts
@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { RoleService } from './role.service';
+
+describe('RoleService', () => {
+  let service: RoleService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [RoleService],
+    }).compile();
+
+    service = module.get<RoleService>(RoleService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});
--- a/api/src/modules/role/role.service.ts
+++ b/api/src/modules/role/role.service.ts
@@ -0,0 +1,11 @@
+import { Injectable } from '@nestjs/common';
+import { RoleRepository } from 'src/model/repositories';
+
+@Injectable()
+export class RoleService {
+  constructor(private readonly rolesRepo: RoleRepository) {}
+
+  getRoles() {
+    return this.rolesRepo.find();
+  }
+}
--- a/api/src/modules/user/user.controller.ts
+++ b/api/src/modules/user/user.controller.ts
@@ -0,0 +1,21 @@
+import { Body, Controller, Get, Post, UseGuards } from '@nestjs/common';
+import { AuthGuard } from 'src/core/guards/auth.guard';
+import { UserService } from './user.service';
+import { User } from 'src/model/entitites';
+import { IUser } from 'src/model/interface';
+
+@UseGuards(AuthGuard)
+@Controller('user')
+export class UserController {
+  constructor(private readonly userService: UserService) {}
+
+  @Get()
+  getUsers(): Promise<User[]> {
+    return this.userService.getAllUsers();
+  }
+
+  @Post()
+  saveUser(@Body() user: IUser) {
+    return this.userService.saveUser(user);
+  }
+}
--- a/api/src/modules/user/user.module.ts
+++ b/api/src/modules/user/user.module.ts
@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+import { UserController } from './user.controller';
+import { UserService } from './user.service';
+import { AuthModule } from '../auth/auth.module';
+import { DatabaseModule } from 'src/shared/database/database.module';
+
+@Module({
+  controllers: [UserController],
+  providers: [UserService],
+  imports: [AuthModule, DatabaseModule],
+})
+export class UserModule {}
--- a/api/src/modules/user/user.service.ts
+++ b/api/src/modules/user/user.service.ts
@@ -0,0 +1,26 @@
+import { Injectable } from '@nestjs/common';
+import { User } from 'src/model/entitites';
+import { IUser } from 'src/model/interface';
+import { RoleRepository, UserRepository } from 'src/model/repositories';
+
+@Injectable()
+export class UserService {
+  constructor(
+    private readonly userRepo: UserRepository,
+    private readonly roleRepo: RoleRepository,
+  ) {}
+
+  getAllUsers(): Promise<User[]> {
+    return this.userRepo.find({
+      relations: ['role'],
+      where: [{ role: { name: 'user' } }, { role: { name: 'admin' } }],
+    });
+  }
+
+  async saveUser(user: IUser) {
+    if (typeof user.role == 'string') {
+      user.role = await this.roleRepo.findOneBy({ name: user.role });
+    }
+    return this.userRepo.save(user as any);
+  }
+}