@boarteam/boar-pack-users-backend 8.0.0 → 8.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit-logs/audit-logs.controller.js +2 -0
- package/dist/audit-logs/audit-logs.controller.js.map +1 -1
- package/dist/audit-logs/entities/audit-log.entity.js +4 -0
- package/dist/audit-logs/entities/audit-log.entity.js.map +1 -1
- package/dist/auth/auth-manage.controller.js +2 -0
- package/dist/auth/auth-manage.controller.js.map +1 -1
- package/dist/auth/auth.controller.js +4 -0
- package/dist/auth/auth.controller.js.map +1 -1
- package/dist/auth/google/google-auth.controller.js +3 -0
- package/dist/auth/google/google-auth.controller.js.map +1 -1
- package/dist/auth/local-auth/local-auth.controller.js +2 -0
- package/dist/auth/local-auth/local-auth.controller.js.map +1 -1
- package/dist/auth/local-auth/local-auth.dto.js +7 -0
- package/dist/auth/local-auth/local-auth.dto.js.map +1 -1
- package/dist/auth/microsoft/ms-auth.controller.js +3 -0
- package/dist/auth/microsoft/ms-auth.controller.js.map +1 -1
- package/dist/auth/yandex/yandex-auth.controller.js +3 -0
- package/dist/auth/yandex/yandex-auth.controller.js.map +1 -1
- package/dist/event-logs/dto/event-log-create.dto.js +4 -0
- package/dist/event-logs/dto/event-log-create.dto.js.map +1 -1
- package/dist/event-logs/dto/event-log-timeline-query.dto.js +4 -0
- package/dist/event-logs/dto/event-log-timeline-query.dto.js.map +1 -1
- package/dist/event-logs/dto/event-log-timeline.dto.js +4 -0
- package/dist/event-logs/dto/event-log-timeline.dto.js.map +1 -1
- package/dist/event-logs/dto/event-log-update.dto.js +4 -0
- package/dist/event-logs/dto/event-log-update.dto.js.map +1 -1
- package/dist/event-logs/entities/event-log.entity.js +4 -0
- package/dist/event-logs/entities/event-log.entity.js.map +1 -1
- package/dist/event-logs/event-logs.controller.js +3 -0
- package/dist/event-logs/event-logs.controller.js.map +1 -1
- package/dist/event-logs/event-logs.logger.d.ts +2 -2
- package/dist/event-logs/event-logs.logger.js +2 -2
- package/dist/event-logs/event-logs.logger.js.map +1 -1
- package/dist/revoked-tokens/entities/revoked-token.entity.js +4 -0
- package/dist/revoked-tokens/entities/revoked-token.entity.js.map +1 -1
- package/dist/settings/dto/event-settings.dto.js +4 -0
- package/dist/settings/dto/event-settings.dto.js.map +1 -1
- package/dist/settings/entities/setting.entity.js +4 -0
- package/dist/settings/entities/setting.entity.js.map +1 -1
- package/dist/settings/settings.controller.js +3 -0
- package/dist/settings/settings.controller.js.map +1 -1
- package/dist/telegraf/dto/telegram-settings-update.dto.js +4 -0
- package/dist/telegraf/dto/telegram-settings-update.dto.js.map +1 -1
- package/dist/telegraf/dto/telegram-settings.dto.js +4 -0
- package/dist/telegraf/dto/telegram-settings.dto.js.map +1 -1
- package/dist/telegraf/telegraf.controller.js +4 -0
- package/dist/telegraf/telegraf.controller.js.map +1 -1
- package/dist/tokens/dto/token-create.dto.js +4 -0
- package/dist/tokens/dto/token-create.dto.js.map +1 -1
- package/dist/tokens/dto/token-update.dto.js +4 -0
- package/dist/tokens/dto/token-update.dto.js.map +1 -1
- package/dist/tokens/dto/token-with-value.dto.js +4 -0
- package/dist/tokens/dto/token-with-value.dto.js.map +1 -1
- package/dist/tokens/entities/token.entity.js +4 -0
- package/dist/tokens/entities/token.entity.js.map +1 -1
- package/dist/tokens/my-tokens.controller.js +2 -0
- package/dist/tokens/my-tokens.controller.js.map +1 -1
- package/dist/tokens/tokens.controller.js +1 -0
- package/dist/tokens/tokens.controller.js.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/dist/users/dto/permission.dto.js +4 -0
- package/dist/users/dto/permission.dto.js.map +1 -1
- package/dist/users/dto/user-create.dto.js +4 -0
- package/dist/users/dto/user-create.dto.js.map +1 -1
- package/dist/users/dto/user-update.dto.js +4 -0
- package/dist/users/dto/user-update.dto.js.map +1 -1
- package/dist/users/entities/user.entity.js +4 -0
- package/dist/users/entities/user.entity.js.map +1 -1
- package/dist/users/me.controller.js +2 -0
- package/dist/users/me.controller.js.map +1 -1
- package/dist/users/users.controller.js +1 -0
- package/dist/users/users.controller.js.map +1 -1
- package/dist/ws-auth/ws-auth.guard.js +2 -2
- package/dist/ws-auth/ws-auth.guard.js.map +1 -1
- package/package.json +5 -5
- package/src/audit-logs/audit-log-base-service.ts +0 -169
- package/src/audit-logs/audit-logs.controller.ts +0 -74
- package/src/audit-logs/audit-logs.module.ts +0 -49
- package/src/audit-logs/audit-logs.permissions.ts +0 -4
- package/src/audit-logs/audit-logs.service.ts +0 -14
- package/src/audit-logs/audit-logs.types.ts +0 -9
- package/src/audit-logs/entities/audit-log.entity.ts +0 -46
- package/src/audit-logs/policies/view-audit-logs.policy.ts +0 -8
- package/src/auth/auth-manage.controller.ts +0 -35
- package/src/auth/auth-strategies.constants.ts +0 -7
- package/src/auth/auth.config.ts +0 -20
- package/src/auth/auth.constants.ts +0 -2
- package/src/auth/auth.controller.ts +0 -54
- package/src/auth/auth.exception-filter.ts +0 -15
- package/src/auth/auth.module.ts +0 -118
- package/src/auth/auth.service.ts +0 -122
- package/src/auth/google/google-auth.config.ts +0 -26
- package/src/auth/google/google-auth.controller.ts +0 -39
- package/src/auth/google/google-auth.guard.ts +0 -6
- package/src/auth/google/google-auth.strategy.ts +0 -59
- package/src/auth/index.ts +0 -15
- package/src/auth/local-auth/local-auth.controller.ts +0 -37
- package/src/auth/local-auth/local-auth.dto.ts +0 -17
- package/src/auth/local-auth/local-auth.guard.ts +0 -6
- package/src/auth/local-auth/local-auth.strategy.ts +0 -21
- package/src/auth/microsoft/ms-auth.config.ts +0 -29
- package/src/auth/microsoft/ms-auth.controller.ts +0 -40
- package/src/auth/microsoft/ms-auth.guard.ts +0 -8
- package/src/auth/microsoft/ms-auth.strategy.ts +0 -63
- package/src/auth/yandex/yandex-auth.config.ts +0 -26
- package/src/auth/yandex/yandex-auth.controller.ts +0 -39
- package/src/auth/yandex/yandex-auth.guard.ts +0 -6
- package/src/auth/yandex/yandex-auth.strategy.ts +0 -59
- package/src/bcrypt/bcrypt.config.ts +0 -27
- package/src/bcrypt/bcrypt.module.ts +0 -19
- package/src/bcrypt/bcrypt.service.ts +0 -24
- package/src/bcrypt/index.ts +0 -3
- package/src/casl/action.enum.ts +0 -7
- package/src/casl/casl-ability.factory.ts +0 -130
- package/src/casl/casl.module.ts +0 -31
- package/src/casl/fields-permission.interceptor.ts +0 -58
- package/src/casl/index.ts +0 -5
- package/src/casl/policies/manage-all.policy.ts +0 -9
- package/src/casl/policies.guard.ts +0 -80
- package/src/event-logs/dto/event-log-create.dto.ts +0 -47
- package/src/event-logs/dto/event-log-timeline-query.dto.ts +0 -13
- package/src/event-logs/dto/event-log-timeline.dto.ts +0 -9
- package/src/event-logs/dto/event-log-update.dto.ts +0 -47
- package/src/event-logs/entities/event-log.entity.ts +0 -140
- package/src/event-logs/event-logs.constants.ts +0 -2
- package/src/event-logs/event-logs.controller.ts +0 -80
- package/src/event-logs/event-logs.interceptor.ts +0 -75
- package/src/event-logs/event-logs.logger.ts +0 -48
- package/src/event-logs/event-logs.middleware.ts +0 -58
- package/src/event-logs/event-logs.module.ts +0 -131
- package/src/event-logs/event-logs.permissions.ts +0 -4
- package/src/event-logs/event-logs.service.ts +0 -236
- package/src/event-logs/event-logs.types.ts +0 -4
- package/src/event-logs/index.ts +0 -10
- package/src/event-logs/policies/manage-event-logs.policy.ts +0 -8
- package/src/event-logs/policies/view-event-logs.policy.ts +0 -8
- package/src/generateTypes.ts +0 -94
- package/src/index.ts +0 -10
- package/src/jwt-auth/index.ts +0 -5
- package/src/jwt-auth/jwt-auth.config.ts +0 -27
- package/src/jwt-auth/jwt-auth.guard.ts +0 -26
- package/src/jwt-auth/jwt-auth.module.ts +0 -64
- package/src/jwt-auth/jwt-auth.refresh.guard.ts +0 -7
- package/src/jwt-auth/jwt-auth.refresh.srtategy.ts +0 -85
- package/src/jwt-auth/jwt-auth.service.ts +0 -59
- package/src/jwt-auth/jwt-auth.srtategy.ts +0 -83
- package/src/revoked-tokens/entities/revoked-token.entity.ts +0 -50
- package/src/revoked-tokens/index.ts +0 -3
- package/src/revoked-tokens/revoked-tokens.module.ts +0 -29
- package/src/revoked-tokens/revoked-tokens.service.ts +0 -88
- package/src/settings/dto/event-settings.dto.ts +0 -3
- package/src/settings/entities/setting.entity.ts +0 -19
- package/src/settings/index.ts +0 -5
- package/src/settings/policies/manage-settings.policy.ts +0 -8
- package/src/settings/settings.constants.ts +0 -9
- package/src/settings/settings.controller.ts +0 -32
- package/src/settings/settings.module.ts +0 -46
- package/src/settings/settings.permissions.ts +0 -3
- package/src/settings/settings.service.ts +0 -51
- package/src/telegraf/dto/telegram-settings-update.dto.ts +0 -13
- package/src/telegraf/dto/telegram-settings.dto.ts +0 -5
- package/src/telegraf/index.ts +0 -3
- package/src/telegraf/telegraf.constants.ts +0 -5
- package/src/telegraf/telegraf.controller.ts +0 -40
- package/src/telegraf/telegraf.module.ts +0 -28
- package/src/telegraf/telegraf.service.ts +0 -110
- package/src/tokens/dto/token-create.dto.ts +0 -7
- package/src/tokens/dto/token-update.dto.ts +0 -7
- package/src/tokens/dto/token-with-value.dto.ts +0 -8
- package/src/tokens/entities/token.entity.ts +0 -26
- package/src/tokens/index.ts +0 -2
- package/src/tokens/my-tokens.controller.ts +0 -82
- package/src/tokens/policies/manage-my-tokens.policy.ts +0 -9
- package/src/tokens/policies/manage-tokens.policy.ts +0 -8
- package/src/tokens/policies/view-tokens.policy.ts +0 -8
- package/src/tokens/tokens-auth.guard.ts +0 -7
- package/src/tokens/tokens-auth.strategy.ts +0 -48
- package/src/tokens/tokens.constants.ts +0 -1
- package/src/tokens/tokens.controller.ts +0 -45
- package/src/tokens/tokens.module.ts +0 -86
- package/src/tokens/tokens.permissions.ts +0 -5
- package/src/tokens/tokens.service.ts +0 -14
- package/src/users/dto/permission.dto.ts +0 -5
- package/src/users/dto/user-create.dto.ts +0 -37
- package/src/users/dto/user-update.dto.ts +0 -37
- package/src/users/entities/permissions.ts +0 -23
- package/src/users/entities/user.entity.ts +0 -67
- package/src/users/hash-password.interceptor.ts +0 -22
- package/src/users/index.ts +0 -13
- package/src/users/me.controller.ts +0 -63
- package/src/users/policies/manage-users.policy.ts +0 -10
- package/src/users/policies/view-users.policy.ts +0 -10
- package/src/users/users-editing.guard.ts +0 -85
- package/src/users/users.config.ts +0 -27
- package/src/users/users.constants.ts +0 -1
- package/src/users/users.controller.ts +0 -85
- package/src/users/users.module.ts +0 -81
- package/src/users/users.service.ts +0 -23
- package/src/ws-auth/index.ts +0 -3
- package/src/ws-auth/ws-auth.constants.ts +0 -2
- package/src/ws-auth/ws-auth.d2 +0 -14
- package/src/ws-auth/ws-auth.gateway.ts +0 -25
- package/src/ws-auth/ws-auth.guard.ts +0 -28
- package/src/ws-auth/ws-auth.module.ts +0 -36
- package/src/ws-auth/ws-auth.service.ts +0 -108
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
import { Controller, Post, Req, Res, UnauthorizedException, UseGuards } from '@nestjs/common';
|
|
2
|
-
import { ApiTags } from '@nestjs/swagger';
|
|
3
|
-
import type { Request, Response } from 'express';
|
|
4
|
-
import { AuthService } from './auth.service';
|
|
5
|
-
import { JwtAuthGuard, SkipJWTGuard } from '../jwt-auth/jwt-auth.guard';
|
|
6
|
-
import { SkipPoliciesGuard } from '../casl/policies.guard';
|
|
7
|
-
import { LocalAuthTokenDto } from "./local-auth/local-auth.dto";
|
|
8
|
-
import { JwtAuthRefreshGuard } from "../jwt-auth/jwt-auth.refresh.guard";
|
|
9
|
-
|
|
10
|
-
@SkipPoliciesGuard()
|
|
11
|
-
@ApiTags('Authentication')
|
|
12
|
-
@Controller('auth')
|
|
13
|
-
export default class AuthController {
|
|
14
|
-
constructor(private authService: AuthService) {
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
@Post('token')
|
|
18
|
-
@UseGuards(JwtAuthGuard)
|
|
19
|
-
async token(
|
|
20
|
-
@Req() req: Request,
|
|
21
|
-
): Promise<LocalAuthTokenDto> {
|
|
22
|
-
if (!req.user) {
|
|
23
|
-
throw new UnauthorizedException(`User is not authorized`);
|
|
24
|
-
}
|
|
25
|
-
return this.authService.login(req.user);
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
@Post('logout')
|
|
29
|
-
async logout(
|
|
30
|
-
@Req() req: Request,
|
|
31
|
-
@Res({ passthrough: true }) res: Response,
|
|
32
|
-
) {
|
|
33
|
-
if (req.jwt) {
|
|
34
|
-
await this.authService.logout(req.jwt);
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
this.authService.clearCookies(res);
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
@SkipJWTGuard()
|
|
41
|
-
@UseGuards(JwtAuthRefreshGuard)
|
|
42
|
-
@Post('refresh')
|
|
43
|
-
async refresh(
|
|
44
|
-
@Req() req: Request,
|
|
45
|
-
@Res({ passthrough: true }) res: Response,
|
|
46
|
-
): Promise<void> {
|
|
47
|
-
if (!req.user) {
|
|
48
|
-
throw new UnauthorizedException(`User is not authorized`);
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
const tokens = await this.authService.login(req.user);
|
|
52
|
-
this.authService.setCookie(res, tokens);
|
|
53
|
-
}
|
|
54
|
-
}
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import { ArgumentsHost, Catch, ExceptionFilter } from '@nestjs/common';
|
|
2
|
-
import { HttpException } from '@nestjs/common/exceptions/http.exception';
|
|
3
|
-
|
|
4
|
-
@Catch(HttpException)
|
|
5
|
-
export class AuthExceptionFilter implements ExceptionFilter {
|
|
6
|
-
catch(exception: HttpException, host: ArgumentsHost) {
|
|
7
|
-
const ctx = host.switchToHttp();
|
|
8
|
-
const response = ctx.getResponse();
|
|
9
|
-
const status = exception.getStatus();
|
|
10
|
-
|
|
11
|
-
response
|
|
12
|
-
.status(status)
|
|
13
|
-
.redirect('/user/login?error=' + encodeURIComponent(exception.message));
|
|
14
|
-
}
|
|
15
|
-
}
|
package/src/auth/auth.module.ts
DELETED
|
@@ -1,118 +0,0 @@
|
|
|
1
|
-
import { DynamicModule, Module } from '@nestjs/common';
|
|
2
|
-
import { AuthService } from './auth.service';
|
|
3
|
-
import { UsersModule } from '../users/users.module';
|
|
4
|
-
import { LocalAuthStrategy } from './local-auth/local-auth.strategy';
|
|
5
|
-
import { PassportModule } from '@nestjs/passport';
|
|
6
|
-
import AuthController from './auth.controller';
|
|
7
|
-
import { ConfigModule } from '@nestjs/config';
|
|
8
|
-
import { GoogleAuthStrategy } from './google/google-auth.strategy';
|
|
9
|
-
import { GoogleAuthConfigService } from "./google/google-auth.config";
|
|
10
|
-
import { MSAuthStrategy } from './microsoft/ms-auth.strategy';
|
|
11
|
-
import { MSAuthConfigService } from "./microsoft/ms-auth.config";
|
|
12
|
-
import { JwtAuthModule } from "../jwt-auth/jwt-auth.module";
|
|
13
|
-
import { APP_GUARD } from "@nestjs/core";
|
|
14
|
-
import { JwtAuthGuard } from "../jwt-auth/jwt-auth.guard";
|
|
15
|
-
import AuthManageController from "./auth-manage.controller";
|
|
16
|
-
import GoogleAuthController from "./google/google-auth.controller";
|
|
17
|
-
import MsAuthController from "./microsoft/ms-auth.controller";
|
|
18
|
-
import LocalAuthController from "./local-auth/local-auth.controller";
|
|
19
|
-
import { YandexAuthStrategy } from "./yandex/yandex-auth.strategy";
|
|
20
|
-
import { YandexAuthConfigService } from "./yandex/yandex-auth.config";
|
|
21
|
-
import YandexAuthController from "./yandex/yandex-auth.controller";
|
|
22
|
-
import { AuthConfigService } from "./auth.config";
|
|
23
|
-
|
|
24
|
-
@Module({})
|
|
25
|
-
export class AuthModule {
|
|
26
|
-
static forRoot(config: {
|
|
27
|
-
googleAuth?: boolean,
|
|
28
|
-
msAuth?: boolean,
|
|
29
|
-
yandexAuth?: boolean,
|
|
30
|
-
localAuth?: boolean,
|
|
31
|
-
withControllers?: boolean,
|
|
32
|
-
dataSourceName?: string;
|
|
33
|
-
}): DynamicModule {
|
|
34
|
-
const dynamicModule: DynamicModule = {
|
|
35
|
-
module: AuthModule,
|
|
36
|
-
imports: [
|
|
37
|
-
ConfigModule,
|
|
38
|
-
UsersModule.register({
|
|
39
|
-
withControllers: false,
|
|
40
|
-
dataSourceName: config.dataSourceName,
|
|
41
|
-
}),
|
|
42
|
-
PassportModule,
|
|
43
|
-
JwtAuthModule.register({
|
|
44
|
-
dataSourceName: config.dataSourceName,
|
|
45
|
-
}),
|
|
46
|
-
],
|
|
47
|
-
providers: [
|
|
48
|
-
AuthService,
|
|
49
|
-
AuthConfigService,
|
|
50
|
-
{
|
|
51
|
-
provide: APP_GUARD,
|
|
52
|
-
useClass: JwtAuthGuard,
|
|
53
|
-
},
|
|
54
|
-
],
|
|
55
|
-
controllers: [],
|
|
56
|
-
exports: [],
|
|
57
|
-
};
|
|
58
|
-
|
|
59
|
-
const controllers = [];
|
|
60
|
-
if (config.googleAuth) {
|
|
61
|
-
dynamicModule.providers!.push(GoogleAuthConfigService, GoogleAuthStrategy);
|
|
62
|
-
controllers.push(GoogleAuthController);
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
if (config.msAuth) {
|
|
66
|
-
dynamicModule.providers!.push(MSAuthConfigService, MSAuthStrategy);
|
|
67
|
-
controllers.push(MsAuthController);
|
|
68
|
-
}
|
|
69
|
-
|
|
70
|
-
if (config.yandexAuth) {
|
|
71
|
-
dynamicModule.providers!.push(YandexAuthConfigService, YandexAuthStrategy);
|
|
72
|
-
controllers.push(YandexAuthController);
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
if (config.localAuth) {
|
|
76
|
-
dynamicModule.providers!.push(LocalAuthStrategy);
|
|
77
|
-
controllers.push(LocalAuthController);
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
if (config.withControllers) {
|
|
81
|
-
dynamicModule.controllers = [
|
|
82
|
-
...controllers,
|
|
83
|
-
AuthController,
|
|
84
|
-
AuthManageController,
|
|
85
|
-
];
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
return dynamicModule;
|
|
89
|
-
}
|
|
90
|
-
|
|
91
|
-
static forFeature(config: {
|
|
92
|
-
dataSourceName?: string;
|
|
93
|
-
}): DynamicModule {
|
|
94
|
-
return {
|
|
95
|
-
module: AuthModule,
|
|
96
|
-
imports: [
|
|
97
|
-
ConfigModule,
|
|
98
|
-
UsersModule.register({
|
|
99
|
-
withControllers: false,
|
|
100
|
-
dataSourceName: config.dataSourceName,
|
|
101
|
-
}),
|
|
102
|
-
JwtAuthModule.register({
|
|
103
|
-
dataSourceName: config.dataSourceName,
|
|
104
|
-
}),
|
|
105
|
-
],
|
|
106
|
-
providers: [
|
|
107
|
-
AuthConfigService,
|
|
108
|
-
AuthService,
|
|
109
|
-
{
|
|
110
|
-
provide: APP_GUARD,
|
|
111
|
-
useClass: JwtAuthGuard,
|
|
112
|
-
},
|
|
113
|
-
],
|
|
114
|
-
controllers: [],
|
|
115
|
-
exports: [],
|
|
116
|
-
};
|
|
117
|
-
}
|
|
118
|
-
}
|
package/src/auth/auth.service.ts
DELETED
|
@@ -1,122 +0,0 @@
|
|
|
1
|
-
import { Injectable, Logger } from '@nestjs/common';
|
|
2
|
-
import { TUser, UsersService } from '../users';
|
|
3
|
-
import { JWTAuthService, TJWTPayload, TJWTRefreshPayload } from '../jwt-auth';
|
|
4
|
-
import bcrypt from 'bcrypt';
|
|
5
|
-
import { LocalAuthTokenDto } from "./local-auth/local-auth.dto";
|
|
6
|
-
import { Response } from 'express';
|
|
7
|
-
import { refreshTokenName, tokenName } from "./auth.constants";
|
|
8
|
-
import { AuthConfigService, TAuthConfig } from "./auth.config";
|
|
9
|
-
import { TOKEN_TYPE } from "../revoked-tokens";
|
|
10
|
-
|
|
11
|
-
declare global {
|
|
12
|
-
namespace Express {
|
|
13
|
-
interface User extends TUser {}
|
|
14
|
-
interface Request {
|
|
15
|
-
jwt?: TJWTPayload;
|
|
16
|
-
}
|
|
17
|
-
}
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
@Injectable()
|
|
21
|
-
export class AuthService {
|
|
22
|
-
private readonly logger = new Logger(AuthService.name);
|
|
23
|
-
private readonly config: TAuthConfig;
|
|
24
|
-
|
|
25
|
-
constructor(
|
|
26
|
-
private usersService: UsersService,
|
|
27
|
-
private jwtAuthService: JWTAuthService,
|
|
28
|
-
private readonly authConfigService: AuthConfigService,
|
|
29
|
-
) {
|
|
30
|
-
this.config = this.authConfigService.config;
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
async validateUser(email: string, pass: string): Promise<TUser | null> {
|
|
34
|
-
const user = await this.usersService.findByEmail(email);
|
|
35
|
-
if (!user?.pass) {
|
|
36
|
-
return null;
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
if (user && (await bcrypt.compare(pass, user.pass))) {
|
|
40
|
-
const { pass, ...result } = user;
|
|
41
|
-
return result;
|
|
42
|
-
}
|
|
43
|
-
return null;
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
async validateUserByEmail(email?: string): Promise<TUser | null> {
|
|
47
|
-
if (!email) {
|
|
48
|
-
this.logger.error('Email is not provided to validateUserByEmail');
|
|
49
|
-
return null;
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
const user = await this.usersService.findByEmail(email);
|
|
53
|
-
if (user) {
|
|
54
|
-
const { pass, ...result } = user;
|
|
55
|
-
return result;
|
|
56
|
-
}
|
|
57
|
-
return null;
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
async login(user: Pick<TUser, 'email' | 'id'>): Promise<LocalAuthTokenDto> {
|
|
61
|
-
const sid = this.jwtAuthService.generateJwtId();
|
|
62
|
-
const payload: TJWTPayload = {
|
|
63
|
-
email: user.email,
|
|
64
|
-
sub: user.id,
|
|
65
|
-
sid,
|
|
66
|
-
};
|
|
67
|
-
const refreshPayload: TJWTRefreshPayload = {
|
|
68
|
-
sub: user.id,
|
|
69
|
-
sid,
|
|
70
|
-
}
|
|
71
|
-
return {
|
|
72
|
-
accessToken: this.jwtAuthService.sign(payload, TOKEN_TYPE.ACCESS),
|
|
73
|
-
refreshToken: this.jwtAuthService.sign(refreshPayload, TOKEN_TYPE.REFRESH),
|
|
74
|
-
};
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
async logout(jwt: TJWTPayload): Promise<void> {
|
|
78
|
-
if (!jwt.jti || !jwt.exp) {
|
|
79
|
-
this.logger.warn('JWT does not have JTI or exp, cannot revoke it');
|
|
80
|
-
return;
|
|
81
|
-
}
|
|
82
|
-
|
|
83
|
-
await this.jwtAuthService.revokeToken({
|
|
84
|
-
jti: jwt.jti,
|
|
85
|
-
expiresAt: new Date(jwt.exp * 1000),
|
|
86
|
-
tokenType: TOKEN_TYPE.ACCESS,
|
|
87
|
-
sid: jwt.sid || null,
|
|
88
|
-
});
|
|
89
|
-
this.logger.log(`User with id ${jwt.sub} has been logged out and token revoked`);
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
public setCookie(res: Response, tokens: LocalAuthTokenDto): void {
|
|
93
|
-
res.cookie(tokenName, tokens.accessToken.token, {
|
|
94
|
-
httpOnly: true,
|
|
95
|
-
secure: process.env.SECURE_COOKIE === 'true',
|
|
96
|
-
sameSite: 'lax',
|
|
97
|
-
maxAge: tokens.accessToken.payload.exp && Math.max((tokens.accessToken.payload.exp * 1000) - Date.now(), 0),
|
|
98
|
-
});
|
|
99
|
-
|
|
100
|
-
res.cookie(refreshTokenName, tokens.refreshToken.token, {
|
|
101
|
-
httpOnly: true,
|
|
102
|
-
secure: process.env.SECURE_COOKIE === 'true',
|
|
103
|
-
sameSite: 'lax',
|
|
104
|
-
maxAge: tokens.refreshToken.payload.exp && Math.max((tokens.refreshToken.payload.exp * 1000) - Date.now(), 0),
|
|
105
|
-
path: this.config.refreshTokenPath,
|
|
106
|
-
});
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
public clearCookies(res: Response): void {
|
|
110
|
-
res.clearCookie(tokenName, {
|
|
111
|
-
httpOnly: true,
|
|
112
|
-
secure: process.env.SECURE_COOKIE === 'true',
|
|
113
|
-
sameSite: 'lax',
|
|
114
|
-
});
|
|
115
|
-
res.clearCookie(refreshTokenName, {
|
|
116
|
-
httpOnly: true,
|
|
117
|
-
secure: process.env.SECURE_COOKIE === 'true',
|
|
118
|
-
sameSite: 'lax',
|
|
119
|
-
path: this.config.refreshTokenPath,
|
|
120
|
-
});
|
|
121
|
-
}
|
|
122
|
-
}
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
import { Injectable } from '@nestjs/common';
|
|
2
|
-
import { ConfigService } from '@nestjs/config';
|
|
3
|
-
|
|
4
|
-
export type TGoogleAuthConfig = {
|
|
5
|
-
clientId: string;
|
|
6
|
-
clientSecret: string;
|
|
7
|
-
callbackURL: string;
|
|
8
|
-
};
|
|
9
|
-
|
|
10
|
-
@Injectable()
|
|
11
|
-
export class GoogleAuthConfigService {
|
|
12
|
-
constructor(private configService: ConfigService) {
|
|
13
|
-
}
|
|
14
|
-
|
|
15
|
-
get config(): TGoogleAuthConfig {
|
|
16
|
-
const clientId = this.configService.getOrThrow<string>('GOOGLE_CLIENT_ID');
|
|
17
|
-
const clientSecret = this.configService.getOrThrow<string>('GOOGLE_SECRET_ID');
|
|
18
|
-
const callbackURL = this.configService.getOrThrow<string>('GOOGLE_CALLBACK_URL');
|
|
19
|
-
|
|
20
|
-
return {
|
|
21
|
-
clientId,
|
|
22
|
-
clientSecret,
|
|
23
|
-
callbackURL,
|
|
24
|
-
};
|
|
25
|
-
}
|
|
26
|
-
}
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
import { Controller, Get, Req, Res, UnauthorizedException, UseFilters, UseGuards } from '@nestjs/common';
|
|
2
|
-
import { ApiTags } from '@nestjs/swagger';
|
|
3
|
-
import type { Request, Response } from 'express';
|
|
4
|
-
import { AuthService } from '../auth.service';
|
|
5
|
-
import { SkipJWTGuard } from '../../jwt-auth/jwt-auth.guard';
|
|
6
|
-
import { SkipPoliciesGuard } from '../../casl/policies.guard';
|
|
7
|
-
import { GoogleAuthGuard } from './google-auth.guard';
|
|
8
|
-
import { AuthExceptionFilter } from '../auth.exception-filter';
|
|
9
|
-
|
|
10
|
-
@SkipPoliciesGuard()
|
|
11
|
-
@ApiTags('Authentication')
|
|
12
|
-
@Controller('auth/google')
|
|
13
|
-
export default class GoogleAuthController {
|
|
14
|
-
constructor(private authService: AuthService) {
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
@SkipJWTGuard()
|
|
18
|
-
@UseGuards(GoogleAuthGuard)
|
|
19
|
-
@Get('')
|
|
20
|
-
async loginGoogle() {
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
@SkipJWTGuard()
|
|
24
|
-
@UseGuards(GoogleAuthGuard)
|
|
25
|
-
@UseFilters(AuthExceptionFilter)
|
|
26
|
-
@Get('callback')
|
|
27
|
-
async loginGoogleCallback(
|
|
28
|
-
@Req() req: Request,
|
|
29
|
-
@Res({ passthrough: true }) res: Response,
|
|
30
|
-
) {
|
|
31
|
-
if (!req.user) {
|
|
32
|
-
throw new UnauthorizedException(`User is not authorized`);
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
const tokens = await this.authService.login(req.user);
|
|
36
|
-
this.authService.setCookie(res, tokens);
|
|
37
|
-
res.redirect('/');
|
|
38
|
-
}
|
|
39
|
-
}
|
|
@@ -1,59 +0,0 @@
|
|
|
1
|
-
import { Strategy, VerifyCallback } from 'passport-google-oauth20';
|
|
2
|
-
import { PassportStrategy } from '@nestjs/passport';
|
|
3
|
-
import {
|
|
4
|
-
Injectable,
|
|
5
|
-
InternalServerErrorException,
|
|
6
|
-
Logger,
|
|
7
|
-
UnauthorizedException,
|
|
8
|
-
} from '@nestjs/common';
|
|
9
|
-
import { AuthService } from '../auth.service';
|
|
10
|
-
import { GOOGLE_AUTH } from '../auth-strategies.constants';
|
|
11
|
-
import { GoogleAuthConfigService } from "./google-auth.config";
|
|
12
|
-
|
|
13
|
-
@Injectable()
|
|
14
|
-
export class GoogleAuthStrategy extends PassportStrategy(
|
|
15
|
-
Strategy,
|
|
16
|
-
GOOGLE_AUTH,
|
|
17
|
-
) {
|
|
18
|
-
private readonly logger = new Logger(GoogleAuthStrategy.name);
|
|
19
|
-
|
|
20
|
-
constructor(
|
|
21
|
-
private authService: AuthService,
|
|
22
|
-
private googleAuthConfigService: GoogleAuthConfigService,
|
|
23
|
-
) {
|
|
24
|
-
const config = googleAuthConfigService.config;
|
|
25
|
-
super({
|
|
26
|
-
clientID: config.clientId,
|
|
27
|
-
clientSecret: config.clientSecret,
|
|
28
|
-
callbackURL: config.callbackURL,
|
|
29
|
-
scope: ['email', 'profile'],
|
|
30
|
-
});
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
async validate(
|
|
34
|
-
accessToken: string,
|
|
35
|
-
refreshToken: string,
|
|
36
|
-
profile: { emails: { value: string; verified: boolean }[] },
|
|
37
|
-
callback: VerifyCallback,
|
|
38
|
-
): Promise<any> {
|
|
39
|
-
try {
|
|
40
|
-
const user = await this.authService.validateUserByEmail(
|
|
41
|
-
profile.emails[0].value,
|
|
42
|
-
);
|
|
43
|
-
|
|
44
|
-
if (!user) {
|
|
45
|
-
callback(new UnauthorizedException('User is not found'));
|
|
46
|
-
return;
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
callback(null, user);
|
|
50
|
-
} catch (e) {
|
|
51
|
-
this.logger.error(e, e.stack);
|
|
52
|
-
callback(
|
|
53
|
-
new InternalServerErrorException(
|
|
54
|
-
'Impossible to log in user via google',
|
|
55
|
-
),
|
|
56
|
-
);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
}
|
package/src/auth/index.ts
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
export * from './auth.constants';
|
|
2
|
-
export * from './auth.controller';
|
|
3
|
-
export * from './auth.module';
|
|
4
|
-
export * from './auth.service';
|
|
5
|
-
export * from './auth-strategies.constants';
|
|
6
|
-
export * from './google/google-auth.config';
|
|
7
|
-
export * from './auth.exception-filter';
|
|
8
|
-
export * from './google/google-auth.guard';
|
|
9
|
-
export * from './google/google-auth.strategy';
|
|
10
|
-
export * from './local-auth/local-auth.dto';
|
|
11
|
-
export * from './local-auth/local-auth.guard';
|
|
12
|
-
export * from './local-auth/local-auth.strategy';
|
|
13
|
-
export * from './microsoft/ms-auth.config';
|
|
14
|
-
export * from './microsoft/ms-auth.guard';
|
|
15
|
-
export * from './microsoft/ms-auth.strategy';
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
import { Body, Controller, Post, Req, Res, UnauthorizedException, UseGuards } from '@nestjs/common';
|
|
2
|
-
import { ApiExtraModels, ApiTags } from '@nestjs/swagger';
|
|
3
|
-
import type { Request, Response } from 'express';
|
|
4
|
-
import { LocalAuthGuard } from './local-auth.guard';
|
|
5
|
-
import { AuthService } from '../auth.service';
|
|
6
|
-
import { SkipJWTGuard } from '../../jwt-auth/jwt-auth.guard';
|
|
7
|
-
import { SkipPoliciesGuard } from '../../casl/policies.guard';
|
|
8
|
-
import { LocalAuthLoginDto, LocalAuthTokenDto } from "./local-auth.dto";
|
|
9
|
-
import { SkipEventsLog } from "../../event-logs";
|
|
10
|
-
|
|
11
|
-
@SkipPoliciesGuard()
|
|
12
|
-
@ApiTags('Authentication')
|
|
13
|
-
@ApiExtraModels(LocalAuthTokenDto)
|
|
14
|
-
@Controller('auth')
|
|
15
|
-
export default class LocalAuthController {
|
|
16
|
-
constructor(private authService: AuthService) {
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
@SkipJWTGuard()
|
|
20
|
-
@UseGuards(LocalAuthGuard)
|
|
21
|
-
@Post('login')
|
|
22
|
-
@SkipEventsLog({
|
|
23
|
-
body: ['password'],
|
|
24
|
-
})
|
|
25
|
-
async login(
|
|
26
|
-
@Req() req: Request,
|
|
27
|
-
@Res({ passthrough: true }) res: Response,
|
|
28
|
-
@Body() body: LocalAuthLoginDto,
|
|
29
|
-
): Promise<LocalAuthTokenDto> {
|
|
30
|
-
if (!req.user) {
|
|
31
|
-
throw new UnauthorizedException(`User is not authorized`);
|
|
32
|
-
}
|
|
33
|
-
const tokens = await this.authService.login(req.user);
|
|
34
|
-
this.authService.setCookie(res, tokens);
|
|
35
|
-
return tokens;
|
|
36
|
-
}
|
|
37
|
-
}
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
import { TJWTPayload, TJWTRefreshPayload } from "../../jwt-auth";
|
|
2
|
-
|
|
3
|
-
export class LocalAuthLoginDto {
|
|
4
|
-
email: string;
|
|
5
|
-
password: string;
|
|
6
|
-
}
|
|
7
|
-
|
|
8
|
-
export class LocalAuthTokenDto {
|
|
9
|
-
accessToken: {
|
|
10
|
-
token: string;
|
|
11
|
-
payload: TJWTPayload;
|
|
12
|
-
};
|
|
13
|
-
refreshToken: {
|
|
14
|
-
token: string;
|
|
15
|
-
payload: TJWTRefreshPayload;
|
|
16
|
-
}
|
|
17
|
-
}
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
import { Strategy } from 'passport-local';
|
|
2
|
-
import { PassportStrategy } from '@nestjs/passport';
|
|
3
|
-
import { Injectable, UnauthorizedException } from '@nestjs/common';
|
|
4
|
-
import { AuthService } from '../auth.service';
|
|
5
|
-
import { TUser } from '../../users';
|
|
6
|
-
import { LOCAL_AUTH } from '../auth-strategies.constants';
|
|
7
|
-
|
|
8
|
-
@Injectable()
|
|
9
|
-
export class LocalAuthStrategy extends PassportStrategy(Strategy, LOCAL_AUTH) {
|
|
10
|
-
constructor(private authService: AuthService) {
|
|
11
|
-
super({ usernameField: 'email' });
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
async validate(email: string, password: string): Promise<TUser> {
|
|
15
|
-
const user = await this.authService.validateUser(email.trim().toLowerCase(), password);
|
|
16
|
-
if (!user) {
|
|
17
|
-
throw new UnauthorizedException();
|
|
18
|
-
}
|
|
19
|
-
return user;
|
|
20
|
-
}
|
|
21
|
-
}
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
import { Injectable } from '@nestjs/common';
|
|
2
|
-
import { ConfigService } from '@nestjs/config';
|
|
3
|
-
|
|
4
|
-
export type TMSAuthConfig = {
|
|
5
|
-
clientId: string;
|
|
6
|
-
tenantId: string;
|
|
7
|
-
clientSecret: string;
|
|
8
|
-
callbackURL: string;
|
|
9
|
-
};
|
|
10
|
-
|
|
11
|
-
@Injectable()
|
|
12
|
-
export class MSAuthConfigService {
|
|
13
|
-
constructor(private configService: ConfigService) {
|
|
14
|
-
}
|
|
15
|
-
|
|
16
|
-
get config(): TMSAuthConfig {
|
|
17
|
-
const clientId = this.configService.getOrThrow<string>('MICROSOFT_CLIENT_ID');
|
|
18
|
-
const tenantId = this.configService.getOrThrow<string>('MICROSOFT_TENANT_ID');
|
|
19
|
-
const clientSecret = this.configService.getOrThrow<string>('MICROSOFT_SECRET_ID');
|
|
20
|
-
const callbackURL = this.configService.getOrThrow<string>('MICROSOFT_CALLBACK_URL');
|
|
21
|
-
|
|
22
|
-
return {
|
|
23
|
-
clientId,
|
|
24
|
-
tenantId,
|
|
25
|
-
clientSecret,
|
|
26
|
-
callbackURL,
|
|
27
|
-
};
|
|
28
|
-
}
|
|
29
|
-
}
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
import { Controller, Get, Req, Res, UnauthorizedException, UseFilters, UseGuards } from '@nestjs/common';
|
|
2
|
-
import { ApiTags } from '@nestjs/swagger';
|
|
3
|
-
import type { Request, Response } from 'express';
|
|
4
|
-
import { AuthService } from '../auth.service';
|
|
5
|
-
import { tokenName } from '../auth.constants';
|
|
6
|
-
import { SkipJWTGuard } from '../../jwt-auth/jwt-auth.guard';
|
|
7
|
-
import { SkipPoliciesGuard } from '../../casl/policies.guard';
|
|
8
|
-
import { AuthExceptionFilter } from '../auth.exception-filter';
|
|
9
|
-
import { MSAuthGuard } from "./ms-auth.guard";
|
|
10
|
-
|
|
11
|
-
@SkipPoliciesGuard()
|
|
12
|
-
@ApiTags('Authentication')
|
|
13
|
-
@Controller('auth/ms')
|
|
14
|
-
export default class MsAuthController {
|
|
15
|
-
constructor(private authService: AuthService) {
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
@SkipJWTGuard()
|
|
19
|
-
@UseGuards(MSAuthGuard)
|
|
20
|
-
@Get('')
|
|
21
|
-
async loginMS() {
|
|
22
|
-
}
|
|
23
|
-
|
|
24
|
-
@SkipJWTGuard()
|
|
25
|
-
@UseGuards(MSAuthGuard)
|
|
26
|
-
@UseFilters(AuthExceptionFilter)
|
|
27
|
-
@Get('callback')
|
|
28
|
-
async loginMSCallback(
|
|
29
|
-
@Req() req: Request,
|
|
30
|
-
@Res({ passthrough: true }) res: Response,
|
|
31
|
-
) {
|
|
32
|
-
if (!req.user) {
|
|
33
|
-
throw new UnauthorizedException(`User is not authorized`);
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
const tokens = await this.authService.login(req.user);
|
|
37
|
-
this.authService.setCookie(res, tokens);
|
|
38
|
-
res.redirect('/');
|
|
39
|
-
}
|
|
40
|
-
}
|