feat: generate secret function and replaced few instances (#7810)

This PR fixes #4588 --------- Co-authored-by: Félix Malfait <felix@twenty.com> Co-authored-by: Charles Bochet <charles@twenty.com>
2024-10-30 16:07:11 +05:00
parent 1782865ff8
commit 57d9b8e8b4
75 changed files with 2860 additions and 1531 deletions
--- a/packages/twenty-server/src/engine/middlewares/graphql-hydrate-request-from-token.middleware.ts
+++ b/packages/twenty-server/src/engine/middlewares/graphql-hydrate-request-from-token.middleware.ts
@ -1,23 +1,24 @@
 import { Injectable, NestMiddleware } from '@nestjs/common';

 import { NextFunction, Request, Response } from 'express';
+import { ExtractJwt } from 'passport-jwt';

 import { AuthGraphqlApiExceptionFilter } from 'src/engine/core-modules/auth/filters/auth-graphql-api-exception.filter';
-import { TokenService } from 'src/engine/core-modules/auth/token/services/token.service';
+import { AccessTokenService } from 'src/engine/core-modules/auth/token/services/access-token.service';
 import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
 import { ExceptionHandlerService } from 'src/engine/core-modules/exception-handler/exception-handler.service';
 import { handleExceptionAndConvertToGraphQLError } from 'src/engine/utils/global-exception-handler.util';
 import { WorkspaceCacheStorageService } from 'src/engine/workspace-cache-storage/workspace-cache-storage.service';
 class GraphqlTokenValidationProxy {
-  private tokenService: TokenService;
+  private accessTokenService: AccessTokenService;

-  constructor(tokenService: TokenService) {
-    this.tokenService = tokenService;
+  constructor(accessTokenService: AccessTokenService) {
+    this.accessTokenService = accessTokenService;
  }

  async validateToken(req: Request) {
    try {
-      return await this.tokenService.validateToken(req);
+      return await this.accessTokenService.validateToken(req);
    } catch (error) {
      const authGraphqlApiExceptionFilter = new AuthGraphqlApiExceptionFilter();

@ -31,7 +32,7 @@ export class GraphQLHydrateRequestFromTokenMiddleware
  implements NestMiddleware
 {
  constructor(
-    private readonly tokenService: TokenService,
+    private readonly accessTokenService: AccessTokenService,
    private readonly workspaceStorageCacheService: WorkspaceCacheStorageService,
    private readonly exceptionHandlerService: ExceptionHandlerService,
  ) {}
@ -59,7 +60,7 @@ export class GraphQLHydrateRequestFromTokenMiddleware
    ];

    if (
-      !this.tokenService.isTokenPresent(req) &&
+      !this.isTokenPresent(req) &&
      (!body?.operationName || excludedOperations.includes(body.operationName))
    ) {
      return next();
@ -69,7 +70,7 @@ export class GraphQLHydrateRequestFromTokenMiddleware

    try {
      const graphqlTokenValidationProxy = new GraphqlTokenValidationProxy(
-        this.tokenService,
+        this.accessTokenService,
      );

      data = await graphqlTokenValidationProxy.validateToken(req);
@ -103,4 +104,10 @@ export class GraphQLHydrateRequestFromTokenMiddleware

    next();
  }
+
+  isTokenPresent(request: Request): boolean {
+    const token = ExtractJwt.fromAuthHeaderAsBearerToken()(request);
+
+    return !!token;
+  }
 }