Implement scoping on be (#144)

2023-05-26 14:00:32 +02:00
parent f79a45e7e6
commit 26d3716ae7
981 changed files with 14545 additions and 24213 deletions
--- a/server/src/auth/auth.module.ts
+++ b/server/src/auth/auth.module.ts
@ -1,5 +1,5 @@
 import { Module } from '@nestjs/common';
-import { JwtModule } from '@nestjs/jwt';
+import { JwtModule, JwtService } from '@nestjs/jwt';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { JwtAuthStrategy } from './strategies/jwt.auth.strategy';
 import { AuthService } from './services/auth.service';
@ -11,22 +11,21 @@ import { WorkspaceRepository } from 'src/entities/workspace/workspace.repository
 import { RefreshTokenRepository } from 'src/entities/refresh-token/refresh-token.repository';
 import { PrismaService } from 'src/database/prisma.service';

-@Module({
-  imports: [
-    JwtModule.registerAsync({
-      useFactory: async (configService: ConfigService) => {
-        return {
-          secret: configService.get<string>('JWT_SECRET'),
-          signOptions: {
-            expiresIn: configService.get<string>('JWT_EXPIRES_IN'),
-          },
-        };
+const jwtModule = JwtModule.registerAsync({
+  useFactory: async (configService: ConfigService) => {
+    return {
+      secret: configService.get<string>('JWT_SECRET'),
+      signOptions: {
+        expiresIn: configService.get<string>('JWT_EXPIRES_IN') + 's',
      },
-      imports: [ConfigModule.forRoot({})],
-      inject: [ConfigService],
-    }),
-    ConfigModule.forRoot({}),
-  ],
+    };
+  },
+  imports: [ConfigModule.forRoot({})],
+  inject: [ConfigService],
+});
+
+@Module({
+  imports: [jwtModule, ConfigModule.forRoot({})],
  controllers: [GoogleAuthController, AuthController],
  providers: [
    AuthService,
@ -37,5 +36,6 @@ import { PrismaService } from 'src/database/prisma.service';
    RefreshTokenRepository,
    PrismaService,
  ],
+  exports: [jwtModule],
 })
 export class AuthModule {}
--- a/server/src/auth/guards/jwt.auth.guard.ts
+++ b/server/src/auth/guards/jwt.auth.guard.ts
@ -1,5 +1,41 @@
-import { Injectable } from '@nestjs/common';
-import { AuthGuard } from '@nestjs/passport';
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { Request } from 'express';
+import { ConfigService } from '@nestjs/config';

@Injectable()
-export class JwtAuthGuard extends AuthGuard('jwt') {}
+export class JwtAuthGuard implements CanActivate {
+  constructor(
+    private jwtService: JwtService,
+    private configService: ConfigService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const gqlContext = GqlExecutionContext.create(context);
+    const request = gqlContext.getContext().req;
+    const token = this.extractTokenFromHeader(request);
+    if (!token) {
+      throw new UnauthorizedException();
+    }
+    try {
+      const payload = await this.jwtService.verifyAsync(token, {
+        secret: this.configService.get('JWT_SECRET'),
+      });
+      request['user'] = payload;
+    } catch (exception) {
+      throw new UnauthorizedException();
+    }
+    return true;
+  }
+
+  private extractTokenFromHeader(request: Request): string | undefined {
+    const [type, token] = request.headers.authorization?.split(' ') ?? [];
+    return type === 'Bearer' ? token : undefined;
+  }
+}