@lenne.tech/nest-server 9.2.3 → 9.2.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "9.2.3",
+  "version": "9.2.4",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",

package/src/core/common/helpers/input.helper.ts

@@ -1,4 +1,4 @@
-import { BadRequestException, UnauthorizedException } from '@nestjs/common';
+import { BadRequestException, HttpException, UnauthorizedException } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { validate } from 'class-validator';
 import { ValidatorOptions } from 'class-validator/types/validation/ValidatorOptions';
@@ -362,7 +362,7 @@ export function deepFreeze(object: any) {
  * Standard error function
  */
 export function errorFunction(caller: (...params) => any, message = 'Required parameter is missing or invalid') {
-  const err = new Error(message);
+  const err = new BadRequestException(message);
   Error.captureStackTrace(err, caller);
   throw err;
 }

package/src/core/common/services/mailjet.service.ts

@@ -1,4 +1,4 @@
-import { Injectable } from '@nestjs/common';
+import { HttpException, Injectable } from '@nestjs/common';
 import { template } from 'lodash';
 import { ConfigService } from './config.service';
 // eslint-disable-next-line
@@ -86,7 +86,7 @@ export class MailjetService {
         this.configService.getFastButReadOnly('email.mailjet.api_key_public') &&
         this.configService.getFastButReadOnly('email.mailjet.api_key_private')
       ) {
-        throw new Error('Cannot connect to mailjet.');
+        throw new HttpException('Cannot connect to mailjet.', 502);
       }
       console.debug(
         JSON.stringify(

package/src/core/modules/auth/auth-guard-strategy.enum.ts

@@ -0,0 +1,4 @@
+export enum AuthGuardStrategy {
+  JWT = 'jwt',
+  JWT_REFRESH = 'jwt-refresh',
+}

package/src/core/modules/auth/core-auth.controller.ts

@@ -0,0 +1,110 @@
+import { Body, Controller, Get, Param, ParseBoolPipe, Post, Res, UseGuards } from '@nestjs/common';
+import { Args, Info } from '@nestjs/graphql';
+import { Response as ResponseType } from 'express';
+import { GraphQLResolveInfo } from 'graphql/index';
+import { GraphQLUser } from '../../common/decorators/graphql-user.decorator';
+import { RESTUser } from '../../common/decorators/rest-user.decorator';
+import { ConfigService } from '../../common/services/config.service';
+import { AuthGuardStrategy } from './auth-guard-strategy.enum';
+import { CoreAuthModel } from './core-auth.model';
+import { AuthGuard } from './guards/auth.guard';
+import { CoreAuthSignInInput } from './inputs/core-auth-sign-in.input';
+import { CoreAuthSignUpInput } from './inputs/core-auth-sign-up.input';
+import { ICoreAuthUser } from './interfaces/core-auth-user.interface';
+import { CoreAuthService } from './services/core-auth.service';
+import { Tokens } from './tokens.decorator';
+
+@Controller('auth')
+export class CoreAuthController {
+  /**
+   * Import services
+   */
+  constructor(protected readonly authService: CoreAuthService, protected readonly configService: ConfigService) {}
+
+  /**
+   * Logout user (from specific device)
+   */
+  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
+  @Get()
+  async logout(
+    @RESTUser() currentUser: ICoreAuthUser,
+    @Tokens('token') token: string,
+    @Res() res: ResponseType,
+    @Param('allDevices', ParseBoolPipe) allDevices?: boolean
+  ): Promise<boolean> {
+    const result = await this.authService.logout(token, { currentUser, allDevices });
+    return this.processCookies(res, result);
+  }
+
+  /**
+   * Refresh token (for specific device)
+   */
+  @UseGuards(AuthGuard(AuthGuardStrategy.JWT_REFRESH))
+  @Get()
+  async refreshToken(
+    @GraphQLUser() user: ICoreAuthUser,
+    @Tokens('refreshToken') refreshToken: string,
+    @Res() res: ResponseType
+  ): Promise<CoreAuthModel> {
+    const result = await this.authService.refreshTokens(user, refreshToken);
+    return this.processCookies(res, result);
+  }
+
+  /**
+   * Sign in user via email and password (on specific device)
+   */
+  @Post()
+  async signIn(
+    @Info() info: GraphQLResolveInfo,
+    @Res() res: ResponseType,
+    @Body('input') input: CoreAuthSignInInput
+  ): Promise<CoreAuthModel> {
+    const result = await this.authService.signIn(input);
+    return this.processCookies(res, result);
+  }
+
+  /**
+   * Register a new user account (on specific device)
+   */
+  @Post()
+  async signUp(
+    @Info() info: GraphQLResolveInfo,
+    @Res() res: ResponseType,
+    @Args('input') input: CoreAuthSignUpInput
+  ): Promise<CoreAuthModel> {
+    const result = await this.authService.signUp(input);
+    return this.processCookies(res, result);
+  }
+
+  // ===================================================================================================================
+  // Helper
+  // ===================================================================================================================
+
+  /**
+   * Process cookies
+   */
+  protected processCookies(res: ResponseType, result: any) {
+    // Check if cookie handling is activated
+    if (this.configService.getFastButReadOnly('cookies')) {
+      // Set cookies
+      if (typeof result !== 'object') {
+        res.cookie('token', '', { httpOnly: true });
+        res.cookie('refreshToken', '', { httpOnly: true });
+        return result;
+      }
+      res.cookie('token', result?.token || '', { httpOnly: true });
+      res.cookie('refreshToken', result?.refreshToken || '', { httpOnly: true });
+
+      // Remove tokens from result
+      if (result.token) {
+        delete result.token;
+      }
+      if (result.refreshToken) {
+        delete result.refreshToken;
+      }
+    }
+
+    // Return prepared result
+    return result;
+  }
+}

package/src/core/modules/auth/core-auth.module.ts

@@ -2,6 +2,7 @@ import { DynamicModule, ForwardReference, Module, Provider, Type } from '@nestjs
 import { APP_GUARD } from '@nestjs/core';
 import { JwtModule, JwtModuleOptions } from '@nestjs/jwt';
 import { PassportModule } from '@nestjs/passport';
+import { AuthGuardStrategy } from './auth-guard-strategy.enum';
 import { RolesGuard } from './guards/roles.guard';
 import { JwtRefreshStrategy } from './strategies/jwt-refresh.strategy';
 import { JwtStrategy } from './strategies/jwt.strategy';
@@ -32,7 +33,7 @@ export class CoreAuthModule {
     // Process imports
     let imports: any[] = [
       UserModule,
-      PassportModule.register({ defaultStrategy: ['jwt', 'jwt-refresh'] }),
+      PassportModule.register({ defaultStrategy: [AuthGuardStrategy.JWT, AuthGuardStrategy.JWT_REFRESH] }),
       JwtModule.register(options),
     ];
     if (Array.isArray(options?.imports)) {

package/src/core/modules/auth/core-auth.resolver.ts

@@ -4,6 +4,7 @@ import { Response as ResponseType } from 'express';
 import { GraphQLResolveInfo } from 'graphql';
 import { GraphQLUser } from '../../common/decorators/graphql-user.decorator';
 import { ConfigService } from '../../common/services/config.service';
+import { AuthGuardStrategy } from './auth-guard-strategy.enum';
 import { CoreAuthModel } from './core-auth.model';
 import { AuthGuard } from './guards/auth.guard';
 import { CoreAuthSignInInput } from './inputs/core-auth-sign-in.input';
@@ -29,7 +30,7 @@ export class CoreAuthResolver {
   /**
    * Logout user (from specific device)
    */
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   @Mutation((returns) => Boolean, { description: 'Logout user (from specific device)' })
   async logout(
     @GraphQLUser() currentUser: ICoreAuthUser,
@@ -44,7 +45,7 @@ export class CoreAuthResolver {
   /**
    * Refresh token (for specific device)
    */
-  @UseGuards(AuthGuard('jwt-refresh'))
+  @UseGuards(AuthGuard(AuthGuardStrategy.JWT_REFRESH))
   @Mutation((returns) => CoreAuthModel, { description: 'Refresh tokens (for specific device)' })
   async refreshToken(
     @GraphQLUser() user: ICoreAuthUser,

package/src/core/modules/auth/exceptions/expired-refresh-token.exception.ts

@@ -0,0 +1,10 @@
+import { UnauthorizedException } from '@nestjs/common';
+
+/**
+ * Exception for expired refresh token
+ */
+export class ExpiredRefreshTokenException extends UnauthorizedException {
+  constructor() {
+    super('Expired refresh token');
+  }
+}

package/src/core/modules/auth/exceptions/expired-token.exception.ts

@@ -0,0 +1,10 @@
+import { UnauthorizedException } from '@nestjs/common';
+
+/**
+ * Exception for expired token
+ */
+export class ExpiredTokenException extends UnauthorizedException {
+  constructor() {
+    super('Expired token');
+  }
+}

package/src/core/modules/auth/exceptions/invalid-token.exception.ts

@@ -0,0 +1,10 @@
+import { UnauthorizedException } from '@nestjs/common';
+
+/**
+ * Exception for invalid token
+ */
+export class InvalidTokenException extends UnauthorizedException {
+  constructor() {
+    super('Invalid token');
+  }
+}

package/src/core/modules/auth/guards/auth.guard.ts

@@ -5,6 +5,10 @@ import { defaultOptions } from '@nestjs/passport/dist/options';
 import { memoize } from '@nestjs/passport/dist/utils/memoize.util';
 import * as jwt from 'jsonwebtoken';
 import * as passport from 'passport';
+import { AuthGuardStrategy } from '../auth-guard-strategy.enum';
+import { ExpiredRefreshTokenException } from '../exceptions/expired-refresh-token.exception';
+import { ExpiredTokenException } from '../exceptions/expired-token.exception';
+import { InvalidTokenException } from '../exceptions/invalid-token.exception';
 
 /**
  * Missing strategy error
@@ -105,13 +109,17 @@ function createAuthGuard(type?: string): Type<CanActivate> {
      */
     handleRequest(err, user, info, context): TUser {
       if (err) {
-        if (err instanceof jwt.JsonWebTokenError) {
-          throw new UnauthorizedException('Invalid token');
-        }
-        throw err;
+        throw new InvalidTokenException();
       }
       if (!user) {
-        throw new UnauthorizedException('Invalid token');
+        if (info?.name === 'TokenExpiredError') {
+          if (type === AuthGuardStrategy.JWT_REFRESH) {
+            throw new ExpiredRefreshTokenException();
+          } else {
+            throw new ExpiredTokenException();
+          }
+        }
+        throw new InvalidTokenException();
       }
       return user;
     }
@@ -124,4 +132,4 @@ function createAuthGuard(type?: string): Type<CanActivate> {
 /**
  * Export AuthGuard
  */
-export const AuthGuard: (type?: string | string[]) => Type<IAuthGuard> = memoize(createAuthGuard);
+export const AuthGuard: (type?: string | string[] | AuthGuardStrategy) => Type<IAuthGuard> = memoize(createAuthGuard);

package/src/core/modules/auth/guards/roles.guard.ts

@@ -2,6 +2,7 @@ import { ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/com
 import { Reflector } from '@nestjs/core';
 import { GqlExecutionContext } from '@nestjs/graphql';
 import { RoleEnum } from '../../../common/enums/role.enum';
+import { AuthGuardStrategy } from '../auth-guard-strategy.enum';
 import { AuthGuard } from './auth.guard';
 
 /**
@@ -12,7 +13,7 @@ import { AuthGuard } from './auth.guard';
  * If this is not the case, an UnauthorizedException is thrown.
  */
 @Injectable()
-export class RolesGuard extends AuthGuard('jwt') {
+export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
   /**
    * Integrate reflector
    */
@@ -53,7 +54,7 @@ export class RolesGuard extends AuthGuard('jwt') {
       }
 
       // Requester is not authorized
-      throw new UnauthorizedException();
+      throw new UnauthorizedException('Missing role');
     }
 
     // Everything is ok

package/src/core/modules/auth/services/core-auth.service.ts

@@ -45,13 +45,13 @@ export class CoreAuthService {
     // Check authentication
     const user = serviceOptions.currentUser;
     if (!user || !tokenOrRefreshToken) {
-      throw new UnauthorizedException();
+      throw new UnauthorizedException('Invalid token');
     }
 
     // Check authorization
     const deviceId = this.decodeJwt(tokenOrRefreshToken)?.deviceId;
     if (!deviceId || !user.refreshTokens[deviceId]) {
-      throw new UnauthorizedException('Invalid refresh token');
+      throw new UnauthorizedException('Invalid token');
     }
 
     // Logout from all devices
@@ -101,11 +101,11 @@ export class CoreAuthService {
 
     // Get user
     const user = await this.userService.getViaEmail(email, serviceOptionsForUserService);
-    if (
-      !user ||
-      !((await bcrypt.compare(password, user.password)) || (await bcrypt.compare(sha256(password), user.password)))
-    ) {
-      throw new UnauthorizedException();
+    if (!user) {
+      throw new UnauthorizedException('Unknown email');
+    }
+    if (!((await bcrypt.compare(password, user.password)) || (await bcrypt.compare(sha256(password), user.password)))) {
+      throw new UnauthorizedException('Wrong password');
     }
 
     // Return tokens and user
@@ -125,7 +125,7 @@ export class CoreAuthService {
     // Get and check user
     const user = await this.userService.create(input, serviceOptionsForUserService);
     if (!user) {
-      throw new BadRequestException('Email Address already in use');
+      throw new BadRequestException('Email address already in use');
     }
 
     // Set device ID
@@ -233,7 +233,7 @@ export class CoreAuthService {
     if (currentRefreshToken) {
       deviceId = this.decodeJwt(currentRefreshToken)?.deviceId;
       if (!deviceId || !user.refreshTokens?.[deviceId]) {
-        throw new UnauthorizedException('Invalid refresh token');
+        throw new UnauthorizedException('Invalid token');
       }
       if (!this.configService.getFastButReadOnly('jwt.refresh.renewal')) {
         // Return currentToken
@@ -254,7 +254,7 @@ export class CoreAuthService {
     // Set new token
     const payload = this.decodeJwt(newRefreshToken);
     if (!payload) {
-      throw new UnauthorizedException();
+      throw new UnauthorizedException('Invalid token');
     }
     if (!deviceId) {
       deviceId = payload.deviceId;

package/src/core/modules/auth/strategies/jwt-refresh.strategy.ts

@@ -1,13 +1,13 @@
-import { ForbiddenException, Injectable, UnauthorizedException } from '@nestjs/common';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
-import * as bcrypt from 'bcrypt';
 import { Request as RequestType, Request } from 'express';
 import { ExtractJwt, Strategy } from 'passport-jwt';
 import { ConfigService } from '../../../common/services/config.service';
+import { AuthGuardStrategy } from '../auth-guard-strategy.enum';
 import { CoreAuthService } from '../services/core-auth.service';
 
 @Injectable()
-export class JwtRefreshStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
+export class JwtRefreshStrategy extends PassportStrategy(Strategy, AuthGuardStrategy.JWT_REFRESH) {
   constructor(protected readonly authService: CoreAuthService, protected readonly configService: ConfigService) {
     super({
       jwtFromRequest: ExtractJwt.fromExtractors([

package/src/core/modules/auth/strategies/jwt.strategy.ts

@@ -2,6 +2,7 @@ import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { ExtractJwt, Strategy } from 'passport-jwt';
 import { ConfigService } from '../../../common/services/config.service';
+import { AuthGuardStrategy } from '../auth-guard-strategy.enum';
 import { JwtPayload } from '../interfaces/jwt-payload.interface';
 import { CoreAuthService } from '../services/core-auth.service';
 import { Request as RequestType } from 'express';
@@ -10,7 +11,7 @@ import { Request as RequestType } from 'express';
  * Use JWT strategy for passport
  */
 @Injectable()
-export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
+export class JwtStrategy extends PassportStrategy(Strategy, AuthGuardStrategy.JWT) {
   /**
    * Init JWT strategy
    */

package/src/core/modules/file/core-file.service.ts

@@ -72,7 +72,7 @@ export abstract class CoreFileService {
       const filterQuery = convertFilterArgsToQuery(filterArgs);
       const cursor = this.files.find(filterQuery[0], filterQuery[1]);
       if (!cursor) {
-        throw new Error('File collection not found');
+        throw new NotFoundException('File collection not found');
       }
       cursor.toArray((error, docs) => {
         error ? reject(error) : resolve(this.prepareOutput(docs, serviceOptions));

package/src/core/modules/user/core-user.service.ts

@@ -55,9 +55,7 @@ export abstract class CoreUserService<
           await createdUser.save();
         } catch (error) {
           if (error.code === 11000) {
-            throw new UnprocessableEntityException(
-              `User with email address "${(data.input as any).email}" already exists`
-            );
+            throw new BadRequestException('Email address already in use');
           } else {
             throw new UnprocessableEntityException();
           }
@@ -105,7 +103,7 @@ export abstract class CoreUserService<
     }
 
     if (!dbObject.verificationToken) {
-      throw new Error('User has no token');
+      throw new BadRequestException('User has no verification token');
     }
 
     if (dbObject.verified) {
@@ -185,7 +183,7 @@ export abstract class CoreUserService<
 
     // Check roles values
     if (roles.some((role) => typeof role !== 'string')) {
-      throw new BadRequestException('roles contains invalid values');
+      throw new BadRequestException('Roles contains invalid values');
     }
 
     // Update and return user

package/src/core.module.ts

@@ -78,7 +78,7 @@ export class CoreModule implements NestModule {
                             return { user: user, headers: connectionParams };
                           }
 
-                          throw new UnauthorizedException();
+                          throw new UnauthorizedException('Missing authentication token');
                         }
                       },
                     },
@@ -98,7 +98,7 @@ export class CoreModule implements NestModule {
                             return extra;
                           }
 
-                          throw new UnauthorizedException();
+                          throw new UnauthorizedException('Missing authentication token');
                         }
                       },
                       context: ({ extra }) => extra,

package/src/index.ts

@@ -76,6 +76,9 @@ export * from './core/common/types/string-or-object-id.type';
 // Core - Modules - Auth
 // =====================================================================================================================
 
+export * from './core/modules/auth/exceptions/expired-refresh-token.exception';
+export * from './core/modules/auth/exceptions/expired-token.exception';
+export * from './core/modules/auth/exceptions/invalid-token.exception';
 export * from './core/modules/auth/guards/auth.guard';
 export * from './core/modules/auth/guards/roles.guard';
 export * from './core/modules/auth/inputs/core-auth-sign-in.input';
@@ -87,6 +90,8 @@ export * from './core/modules/auth/services/core-auth.service';
 export * from './core/modules/auth/services/core-auth-user.service';
 export * from './core/modules/auth/strategies/jwt.strategy';
 export * from './core/modules/auth/strategies/jwt-refresh.strategy';
+export * from './core/modules/auth/auth-guard-strategy.enum';
+export * from './core/modules/auth/core-auth.controller';
 export * from './core/modules/auth/core-auth.model';
 export * from './core/modules/auth/core-auth.module';
 export * from './core/modules/auth/core-auth.resolver';

package/src/server/modules/auth/auth.controller.ts

@@ -0,0 +1,17 @@
+import { Controller } from '@nestjs/common';
+import { ConfigService } from '../../../core/common/services/config.service';
+import { CoreAuthController } from '../../../core/modules/auth/core-auth.controller';
+import { AuthService } from './auth.service';
+
+@Controller('auth')
+export class AuthController extends CoreAuthController {
+  /**
+   * Import project services
+   */
+  constructor(
+    protected override readonly authService: AuthService,
+    protected override readonly configService: ConfigService
+  ) {
+    super(authService, configService);
+  }
+}

package/src/server/modules/file/file.controller.ts

@@ -1,4 +1,5 @@
 import {
+  BadRequestException,
   Controller,
   Delete,
   Get,
@@ -41,7 +42,7 @@ export class FileController {
   @Get(':id')
   async getFile(@Param('id') id: string, @Res() res) {
     if (!id) {
-      throw new UnprocessableEntityException();
+      throw new BadRequestException('Missing ID');
     }
 
     let file;
@@ -52,7 +53,7 @@ export class FileController {
     }
 
     if (!file) {
-      throw new NotFoundException();
+      throw new NotFoundException('File not found');
     }
     const filestream = await this.fileService.getFileStream(id);
     res.header('Content-Type', file.contentType);
@@ -75,7 +76,7 @@ export class FileController {
   @Delete(':id')
   async deleteFile(@Param('id') id: string) {
     if (!id) {
-      throw new UnprocessableEntityException();
+      throw new BadRequestException('Missing ID');
     }
 
     return await this.fileService.deleteFile(id);

package/src/server/modules/user/user.service.ts

@@ -88,7 +88,7 @@ export class UserService extends CoreUserService<User, UserInput, UserCreateInpu
     const dbUser = await this.mainDbModel.findOne({ id: user.id }).exec();
     // Check user
     if (!dbUser) {
-      throw new UnauthorizedException();
+      throw new UnauthorizedException('User is not allowed to set the avatar');
     }
 
     // Check file