@next-nest-auth/nestauth 0.0.5

package/src/nestauth-jwt.guard.ts

@@ -0,0 +1,24 @@
+import {
+    ExecutionContext,
+    Injectable,
+    UnauthorizedException,
+} from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+import * as macaddress from "macaddress";
+
+@Injectable()
+export class NestAuthJwtGuard extends AuthGuard("jwt") {
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const request = context.switchToHttp().getRequest();
+        await super.canActivate(context);
+        const user = request.user;
+        if (!user) {
+            throw new UnauthorizedException("Unauthorized: Invalid token");
+        }
+        const currentMacId = await macaddress.one();
+        if (user.macId !== currentMacId) {
+            throw new UnauthorizedException("Unauthorized: Device mismatch");
+        }
+        return true;
+    }
+}

package/src/nestauth-jwt.strategy.ts

@@ -0,0 +1,27 @@
+import { ExtractJwt, Strategy } from "passport-jwt";
+import { PassportStrategy } from "@nestjs/passport";
+import { Inject, Injectable } from "@nestjs/common";
+import { JwtPayload } from "jsonwebtoken";
+
+@Injectable()
+export class NestAuthJwtStrategy extends PassportStrategy(Strategy) {
+    constructor(@Inject("JWT_SECRET") jwtSecret: string) {
+        super({
+            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKey: jwtSecret,
+        });
+    }
+
+    async validate(payload: JwtPayload) {
+        return {
+            userId: payload.sub,
+            macId: payload.macId,
+            email: payload.email,
+            role: payload.role,
+            name: payload.name,
+            username: payload.username,
+            pic: payload.pic,
+        };
+    }
+}

package/src/nestauth-local.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+
+@Injectable()
+export class NestAuthLocalGuard extends AuthGuard("nestauth-local") {}

package/src/nestauth-local.strategy.ts

@@ -0,0 +1,26 @@
+import { PassportStrategy } from "@nestjs/passport";
+import { Strategy } from "passport-custom";
+import { Inject, Injectable, UnauthorizedException } from "@nestjs/common";
+import { NestAuthInterface } from "./nestauth.interface";
+import * as macaddress from "macaddress";
+
+@Injectable()
+export class NestAuthLocalStrategy extends PassportStrategy(
+    Strategy,
+    "nestauth-local"
+) {
+    constructor(
+        @Inject("UserService") private readonly userService: NestAuthInterface
+    ) {
+        super();
+    }
+
+    async validate(req: Request): Promise<any> {
+        const user = await this.userService.validateUser(req.body);
+        if (!user) {
+            throw new UnauthorizedException("Invalid credentials");
+        }
+        user.macId = await macaddress.one();
+        return user;
+    }
+}

package/src/nestauth.controller.ts

@@ -0,0 +1,70 @@
+import {
+    Request,
+    Controller,
+    Get,
+    Post,
+    UseGuards,
+    Body,
+    UnauthorizedException,
+    HttpStatus,
+    All,
+} from "@nestjs/common";
+import { NestAuthService } from "./nestauth.service";
+import { NestAuthLocalGuard } from "./nestauth-local.guard";
+import { NestAuthGoogleGuard } from "./nestauth-google.guard";
+import { NestAuthFacebookGuard } from "./nestauth-facebook.guard";
+
+@Controller("nestauth")
+export class NestAuthController {
+    constructor(private readonly nestAuthService: NestAuthService) {}
+
+    @All()
+    async greetings(): Promise<string> {
+        return "Welcome to NestAuth. Please check our documentation for more information.";
+    }
+
+    @UseGuards(NestAuthLocalGuard)
+    @Post("login")
+    async login(@Request() req): Promise<any> {
+        return this.nestAuthService.login(req.user);
+    }
+
+    @Get("refresh-token")
+    refreshToken(@Body() params: { refresh_token: string }): Promise<any> {
+        return this.nestAuthService.refreshToken(params.refresh_token);
+    }
+
+    @UseGuards(NestAuthGoogleGuard)
+    @Get("google")
+    async googleAuth(@Request() req): Promise<any> {}
+
+    @Get("google-redirect")
+    @UseGuards(NestAuthGoogleGuard)
+    googleAuthRedirect(@Request() req) {
+        if (!req.user) {
+            throw new UnauthorizedException("Unable to login with Google");
+        }
+        return this.nestAuthService.google(req.user);
+    }
+
+    @Get("/facebook")
+    @UseGuards(NestAuthFacebookGuard)
+    async facebookLogin(): Promise<any> {
+        return HttpStatus.OK;
+    }
+
+    @Get("/facebook-redirect")
+    @UseGuards(NestAuthFacebookGuard)
+    async facebookLoginRedirect(@Request() req): Promise<any> {
+        if (!req.user) {
+            throw new UnauthorizedException("Unable to login with Facebook");
+        }
+        return this.nestAuthService.facebook(req.user);
+    }
+
+    @UseGuards(NestAuthLocalGuard)
+    @Get("logout")
+    async logout(@Request() req) {
+        return req.logout();
+    }
+}

package/src/nestauth.interface.ts

@@ -0,0 +1,37 @@
+import { Type } from "@nestjs/common";
+
+export interface NestAuthModuleOptions {
+    UserService: Type<NestAuthInterface>;
+    jwtSecret: string;
+    jwtExpiresIn?: string;
+    jwtRefreshTokenExpiresIn?: string;
+}
+
+export type JwtPayloadType = {
+    sub: number;
+    name?: string;
+    email?: string;
+    username?: string;
+    role?: string;
+    pic?: string;
+    macId?: string;
+};
+
+export type SocialProfileType = {
+    id: string;
+    email: string;
+    firstName: string;
+    lastName: string;
+    picture: string;
+    accessToken: string;
+    refreshToken: string;
+};
+
+export type GoogleProfileType = SocialProfileType;
+export type FacebookProfileType = SocialProfileType;
+
+export interface NestAuthInterface {
+    validateUser(params: any): Promise<JwtPayloadType>;
+    google(params: GoogleProfileType): Promise<JwtPayloadType>;
+    facebook(params: FacebookProfileType): Promise<JwtPayloadType>;
+}

package/src/nestauth.module.ts

@@ -0,0 +1,73 @@
+import { Module, DynamicModule, Provider } from "@nestjs/common";
+import { ConfigModule } from "@nestjs/config";
+import { NestAuthService } from "./nestauth.service";
+import { NestAuthController } from "./nestauth.controller";
+import { NestAuthModuleOptions } from "./nestauth.interface";
+import { PassportModule } from "@nestjs/passport";
+import { JwtModule } from "@nestjs/jwt";
+import { NestAuthJwtStrategy } from "./nestauth-jwt.strategy";
+import { NestAuthLocalStrategy } from "./nestauth-local.strategy";
+import { NestAuthGoogleStrategy } from "./nestauth-google.strategy";
+import { NestAuthFacebookStrategy } from "./nestauth-facebook.strategy";
+import { APP_FILTER } from "@nestjs/core";
+import { HttpExceptionFilter } from "./http-exception.filter";
+
+@Module({
+    imports: [PassportModule, ConfigModule.forRoot({})],
+})
+export class NestAuthModule {
+    static register(options: NestAuthModuleOptions): DynamicModule {
+        const UserServiceProvider: Provider = {
+            provide: "UserService",
+            useClass: options.UserService,
+        };
+
+        const JwtSecretProvider: Provider = {
+            provide: "JWT_SECRET",
+            useValue: options.jwtSecret || "60s",
+        };
+
+        const JwtExpiresInProvider: Provider = {
+            provide: "JWT_EXPIRES_IN",
+            useValue: options.jwtExpiresIn,
+        };
+
+        const JwtRefreshTokenExpiresInProvider: Provider = {
+            provide: "JWT_REFRESH_TOKEN_EXPIRES_IN",
+            useValue: options.jwtRefreshTokenExpiresIn,
+        };
+
+        return {
+            module: NestAuthModule,
+            imports: [
+                JwtModule.registerAsync({
+                    imports: [],
+                    inject: [],
+                    useFactory: async () => ({
+                        secret: options.jwtSecret,
+                        signOptions: {
+                            expiresIn: options.jwtExpiresIn,
+                        },
+                    }),
+                }),
+            ],
+            providers: [
+                NestAuthService,
+                UserServiceProvider,
+                NestAuthJwtStrategy,
+                NestAuthLocalStrategy,
+                NestAuthGoogleStrategy,
+                NestAuthFacebookStrategy,
+                JwtSecretProvider,
+                JwtExpiresInProvider,
+                JwtRefreshTokenExpiresInProvider,
+                {
+                    provide: APP_FILTER,
+                    useClass: HttpExceptionFilter,
+                },
+            ],
+            exports: [NestAuthService],
+            controllers: [NestAuthController],
+        };
+    }
+}

package/src/nestauth.service.ts

@@ -0,0 +1,65 @@
+import { Inject, Injectable, UnauthorizedException } from "@nestjs/common";
+import {
+    FacebookProfileType,
+    GoogleProfileType,
+    JwtPayloadType,
+    NestAuthInterface,
+} from "./nestauth.interface";
+import { JwtService } from "@nestjs/jwt";
+
+@Injectable()
+export class NestAuthService {
+    constructor(
+        private jwtService: JwtService,
+        @Inject("UserService") private readonly userService: NestAuthInterface,
+        @Inject("JWT_EXPIRES_IN") private readonly jwtExpiresIn: string,
+        @Inject("JWT_REFRESH_TOKEN_EXPIRES_IN")
+        private readonly jwtRefreshTokenExpiresIn: string
+    ) {}
+
+    async login(user: any): Promise<any> {
+        return {
+            accessToken: this.jwtService.sign(user, {
+                expiresIn: this.jwtExpiresIn || "15m",
+            }),
+            refreshToken: this.jwtService.sign(user, { expiresIn: "7d" }),
+            accessTokenExpiresIn: this.jwtExpiresIn || "15m",
+            refreshTokenExpiresIn: this.jwtRefreshTokenExpiresIn || "7d",
+        };
+    }
+
+    async google(user: GoogleProfileType): Promise<any> {
+        const payload: JwtPayloadType = await this.userService.google(user);
+
+        if (!payload) {
+            throw new UnauthorizedException("Invalid credentials");
+        }
+
+        return this.login(payload);
+    }
+
+    async facebook(user: FacebookProfileType): Promise<any> {
+        const payload: JwtPayloadType = await this.userService.facebook(user);
+
+        if (!payload) {
+            throw new UnauthorizedException("Invalid credentials");
+        }
+
+        return this.login(payload);
+    }
+
+    async refreshToken(refreshToken: string) {
+        try {
+            const payload = this.jwtService.verify(refreshToken);
+            const user = await this.userService.validateUser(payload.id);
+            if (!user) {
+                throw new UnauthorizedException(
+                    "Invalid or expired refresh token"
+                );
+            }
+            return this.login(user);
+        } catch (err) {
+            throw new UnauthorizedException("Invalid or expired refresh token");
+        }
+    }
+}