@hed-hog/core 0.0.141 → 0.0.150

package/src/oauth/providers/microsoft-entra-id.provider.ts

@@ -0,0 +1,76 @@
+import { HttpService } from '@nestjs/axios';
+import { forwardRef, Inject, Injectable } from '@nestjs/common';
+import { SettingService } from '../../setting/setting.service';
+import { BaseOAuthProvider } from './abstract.provider';
+
+@Injectable()
+export class MicrosoftEntraIdProvider extends BaseOAuthProvider {
+  constructor(
+    http: HttpService,
+    @Inject(forwardRef(() => SettingService))
+    private readonly setting: SettingService,
+  ) {
+    super(http);
+  }
+
+  getProviderType() {
+    return 'MICROSOFT_ENTRA_ID';
+  }
+
+  async getAuthUrl(callbackPath: string) {
+    const settings = await this.setting.getSettingValues([
+      'microsoft_client_id',
+      'microsoft_client_secret',
+      'microsoft_scopes',
+      'microsoft_tenant_id',
+      'url',
+    ]);
+    const tenantId = settings['microsoft_tenant_id'];
+    const redirectURI = new URL(callbackPath, settings['url']).toString();
+    const scopes = settings['microsoft_scopes'];
+    const params = new URLSearchParams({
+      client_id: settings['microsoft_client_id'],
+      redirect_uri: redirectURI,
+      response_type: 'code',
+      scope: scopes.join(' '),
+      response_mode: 'query',
+      prompt: 'consent',
+    });
+    return `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize?${params}`;
+  }
+
+  async getProfile(code: string, type: string): Promise<any> {
+    const settings = await this.setting.getSettingValues([
+      'microsoft_client_id',
+      'microsoft_client_secret',
+      'microsoft_scopes',
+      'microsoft_tenant_id',
+      'url',
+    ]);
+    const tenantId = settings['microsoft_tenant_id'];
+    const token = await this.fetchToken({
+      code,
+      url: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`,
+      clientId: settings['microsoft_client_id'],
+      clientSecret: settings['microsoft_client_secret'],
+      redirectUri: `${settings['url']}/callback/microsoft-entra-id/${type}`,
+    });
+    const profile = await this.fetchProfile(
+      token.access_token,
+      'https://graph.microsoft.com/v1.0/me',
+    );
+    const pictureUrl = 'https://graph.microsoft.com/v1.0/me/photo/$value';
+    return {
+      id: profile.id,
+      email: profile.mail || profile.userPrincipalName,
+      name: profile.displayName,
+      picture: pictureUrl,
+      oauth_tokens: {
+        access_token: token.access_token,
+        refresh_token: token.refresh_token,
+        expires_in: token.expires_in,
+        token_type: token.token_type,
+      },
+    };
+  }
+}

package/src/session/session.controller.ts

@@ -1,7 +1,7 @@
-import { Role, User } from '@hed-hog/api';
+import { Role, Session, User } from '@hed-hog/api';
 import { Locale } from '@hed-hog/api-locale';
 import { Pagination, PaginationDTO } from '@hed-hog/api-pagination';
-import { Controller, Delete, Get, Param } from '@nestjs/common';
+import { Controller, Delete, Get, Param, ParseIntPipe } from '@nestjs/common';
 import { SessionService } from './session.service';
 @Role()
 @Controller('sessions')
@@ -10,7 +10,15 @@ export class SessionController {
         private readonly sessionService: SessionService
     ) {}
 
-    @Role()
+    @Get('active')
+    async getUserSessionsActive(
+        @Pagination() paginationParams: PaginationDTO,
+        @User() { id },
+        @Locale() locale: string
+    ) {
+        return this.sessionService.getUserSessionsActive(paginationParams, id,locale)
+    }
+
     @Get('user')
     async getUserSessions(
         @Pagination() paginationParams: PaginationDTO,
@@ -20,21 +28,22 @@ export class SessionController {
         return this.sessionService.getUserSessions(paginationParams, id,locale)
     }
 
-    @Role()
     @Delete('revoke-all-other')
-    async revokeAllOtherSessions(@User() { id }){
-        return this.sessionService.revokeAllOtherSessions(id)
+    async revokeAllOtherSessions(@User() { id }, @Session() sessionId: number){
+        return this.sessionService.revokeAllOtherSessions(id, sessionId)
     }
 
-    @Role()
     @Delete('revoke-all')
     async revokeAllSessions(@User() { id }){
         return this.sessionService.revokeAllSessions(id)
     }
 
-    @Role()
     @Delete(':sessionId/revoke')
-    async revokeSession(@User() { id: userId }, @Param('sessionId') sessionId: number){
-        return this.sessionService.revokeUserSession(userId, sessionId)
+    async revokeSession(
+        @User() { id: userId }, 
+        @Param('sessionId', ParseIntPipe) sessionId: number,
+        @Locale() locale: string
+    ){
+        return this.sessionService.revokeUserSession(userId, sessionId, locale)
     }
 }

package/src/session/session.service.ts

@@ -2,7 +2,7 @@ import { getLocaleText } from '@hed-hog/api-locale';
 import { PaginationDTO, PaginationService } from '@hed-hog/api-pagination';
 import { PrismaService } from '@hed-hog/api-prisma';
 import { HttpService } from '@nestjs/axios';
-import { BadRequestException, forwardRef, HttpException, HttpStatus, Inject, Injectable } from '@nestjs/common';
+import { BadRequestException, forwardRef, HttpException, HttpStatus, Inject, Injectable, NotFoundException } from '@nestjs/common';
 import { firstValueFrom } from 'rxjs';
 import { SecurityService } from '../security/security.service';
 import { SettingService } from '../setting/setting.service';
@@ -157,7 +157,59 @@ export class SessionService {
         pageSize: paginate.pageSize ?? paginationParams.pageSize ?? 10,
       };
     } catch (err) {
-      throw new HttpException('Erro ao buscar sessões do usuário', HttpStatus.SERVICE_UNAVAILABLE);
+      throw new HttpException(
+        getLocaleText('session.errorFetchingSessions', locale, 'Error fetching user sessions'),
+        HttpStatus.SERVICE_UNAVAILABLE
+      );
+    }
+  }
+
+  async getUserSessionsActive(paginationParams: PaginationDTO, userId: number, locale: string) {
+
+    const userExists = await this.prisma.user.findUnique({
+      where: { id: userId },
+      select: { id: true },
+    });
+
+    if (!userExists) {
+      throw new BadRequestException(getLocaleText('session.userNotFound', locale, 'User not found.'));
+    }
+
+    try {
+      const paginate = await this.paginationService.paginatePrismaModel(this.prisma.user_session, {
+        ...paginationParams,
+        where: { user_id: userId, revoked_at: null, expires_at: { gt: new Date() } },
+      });
+
+      const itemsWithLocation = await Promise.all(
+        paginate.data.map(async (s) => {
+          const ip = s.ip_address || s.ip || null;
+          let location: GeoIpResult | null = null;
+          if (ip && ip !== '127.0.0.1' && ip !== '::1') {
+            try {
+              location = await this.fetchGeoByIp(ip);
+            } catch {
+              location = { ip, raw: null };
+            }
+          } else if (ip) {
+            location = { ip: '127.0.0.1', country: 'Localhost', region: '', city: '' };
+          }
+          return { ...s, location };
+        })
+      );
+
+      return {
+        data: itemsWithLocation,
+        total: paginate.total || 0,
+        lastPage: Math.ceil((paginate.total || 0) / (paginate.pageSize || 1)),
+        page: paginate.page ?? 1,
+        pageSize: paginate.pageSize ?? paginationParams.pageSize ?? 10,
+      };
+    } catch (err) {
+      throw new HttpException(
+        getLocaleText('session.errorFetchingSessions', locale, 'Error fetching user sessions'),
+        HttpStatus.SERVICE_UNAVAILABLE
+      );
     }
   }
 
@@ -188,27 +240,44 @@ export class SessionService {
     });
   }
 
-  async revokeAllOtherSessions(userId: number) {
-    const latestSession = await this.prisma.user_session.findFirst({
-      where: { user_id: userId },
-      orderBy: { created_at: 'desc' },
+  async revokeAllOtherSessions(userId: number, sessionId: number) {
+    const latestSession = await this.prisma.user_session.findUnique({
+      where: { 
+        id: sessionId
+      },
       select: { id: true },
     });
 
     if (!latestSession) { return { count: 0 } }
-    return this.markRevokedByFilter(userId, { NOT: { id: latestSession.id } }, 'revokeAllOtherSessions');
+    return this.markRevokedByFilter(userId, { 
+      NOT: { id: latestSession.id },
+      revoked_at: null
+    }, 'revokeAllOtherSessions');
   }
 
   async revokeAllSessions(userId: number) {
-    return this.markRevokedByFilter(userId, {}, 'revokeAllSessions');
+    return this.markRevokedByFilter(userId, { revoked_at: null }, 'revokeAllSessions');
   }
 
-  async revokeUserSession(userId: number, sessionId: number){
-    await this.user.registerUserActivity(userId, "revokeSession")
-    return this.prisma.user_session.update({
+  async revokeUserSession(userId: number, sessionId: number, locale: string){
+    const session = await this.prisma.user_session.findFirst({
       where: {
         id: sessionId,
         user_id: userId
+      }
+    });
+
+    if (!session) {
+      throw new NotFoundException(
+        getLocaleText('session.notFound', locale, 'Session not found or does not belong to user')
+      );
+    }
+
+    await this.user.registerUserActivity(userId, "revokeSession");
+    
+    return this.prisma.user_session.update({
+      where: {
+        id: sessionId
       }, 
       data: {
         revoked_at: new Date()

package/src/token/token.module.ts

@@ -1,3 +1,4 @@
+import { PrismaModule } from "@hed-hog/api-prisma";
 import { forwardRef, Module } from "@nestjs/common";
 import { SecurityModule } from "../security/security.module";
 import { SettingModule } from "../setting/setting.module";
@@ -7,6 +8,7 @@ import { TokenService } from "./token.service";
   providers: [TokenService],
   exports: [TokenService],
   imports: [
+      forwardRef(() => PrismaModule),
       forwardRef(() => SettingModule),
       forwardRef(() => SecurityModule),
     ]

package/src/token/token.service.ts

@@ -9,33 +9,42 @@ import { SettingService } from "../setting/setting.service";
 export class TokenService {
 
   constructor(
+    private readonly prisma: PrismaService,
     @Inject(forwardRef(() => JwtService))
     private readonly jwt: JwtService,
     @Inject(forwardRef(() => SecurityService))
     private readonly security: SecurityService,
     @Inject(forwardRef(() => SettingService))
     private readonly setting: SettingService,
-    @Inject(forwardRef(() => PrismaService))
-    private readonly prisma: PrismaService,
   ) { }
 
   async verify(locale: string, token: string) {
     try {
+
       const payload = await this.jwt.verifyAsync(token, {
         secret: this.security.getJwtSecret(),
       });
 
-      // Verify session is not revoked
-      if (payload.sessionId) {
-        const session = await this.prisma.session.findUnique({
-          where: { id: payload.sessionId },
-          select: { revoked_at: true }
-        });
-
-        if (!session || session.revoked_at !== null) {
-          throw new UnauthorizedException(
-            getLocaleText('sessionRevoked', locale, 'Session has been revoked.')
-          );
+      // Verify session is not revoked (only if prisma is available)
+      if (payload.sessionId && this.prisma) {
+        try {
+          const session = await this.prisma.user_session.findUnique({
+            where: { id: payload.sessionId },
+            select: { revoked_at: true, expires_at: true }
+          });
+
+          if (!session || session.revoked_at !== null || session.expires_at <= new Date()) {
+            throw new UnauthorizedException(
+              getLocaleText('sessionRevoked', locale, 'Session has been revoked.')
+            );
+          }
+        } catch (sessionError) {
+          // If it's an Unauthorized error from revoked session, rethrow it
+          if (sessionError instanceof UnauthorizedException) {
+            throw sessionError;
+          }
+          // Otherwise, log the error but allow auth to continue
+          console.error('Session validation error:', sessionError);
         }
       }