Update token verification and fix typo (#2889)

* Update token verification and fix typo

* Fix typo

server/src/core/auth/services/token.service.spec.ts

@@ -5,6 +5,7 @@ import { getRepositoryToken } from '@nestjs/typeorm';
 import { EnvironmentService } from 'src/integrations/environment/environment.service';
 import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
 import { User } from 'src/core/user/user.entity';
+import { JwtAuthStrategy } from 'src/core/auth/strategies/jwt.auth.strategy';
 
 import { TokenService } from './token.service';
 
@@ -19,6 +20,10 @@ describe('TokenService', () => {
           provide: JwtService,
           useValue: {},
         },
+        {
+          provide: JwtAuthStrategy,
+          useValue: {},
+        },
         {
           provide: EnvironmentService,
           useValue: {},

server/src/core/auth/services/token.service.ts

@@ -11,22 +11,27 @@ import { InjectRepository } from '@nestjs/typeorm';
 
 import { addMilliseconds } from 'date-fns';
 import ms from 'ms';
-import { TokenExpiredError } from 'jsonwebtoken';
+import { JsonWebTokenError, TokenExpiredError } from 'jsonwebtoken';
 import { Repository } from 'typeorm';
 import { Request } from 'express';
 import { ExtractJwt } from 'passport-jwt';
 
-import { JwtPayload } from 'src/core/auth/strategies/jwt.auth.strategy';
+import {
+  JwtAuthStrategy,
+  JwtPayload,
+} from 'src/core/auth/strategies/jwt.auth.strategy';
 import { assert } from 'src/utils/assert';
 import { ApiKeyToken, AuthToken } from 'src/core/auth/dto/token.entity';
 import { EnvironmentService } from 'src/integrations/environment/environment.service';
 import { User } from 'src/core/user/user.entity';
 import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
+import { Workspace } from 'src/core/workspace/workspace.entity';
 
 @Injectable()
 export class TokenService {
   constructor(
     private readonly jwtService: JwtService,
+    private readonly jwtStrategy: JwtAuthStrategy,
     private readonly environmentService: EnvironmentService,
     @InjectRepository(User, 'core')
     private readonly userRepository: Repository<User>,
@@ -167,18 +172,22 @@ export class TokenService {
     return { token };
   }
 
-  async verifyApiKeyToken(request: Request) {
+  async validateToken(request: Request): Promise<Workspace> {
     const token = ExtractJwt.fromAuthHeaderAsBearerToken()(request);
 
     if (!token) {
       throw new UnauthorizedException('missing authentication token');
     }
-    const payload = await this.verifyJwt(
+    const decoded = await this.verifyJwt(
       token,
       this.environmentService.getAccessTokenSecret(),
     );
 
-    return payload.workspaceId;
+    const { workspace } = await this.jwtStrategy.validate(
+      decoded as JwtPayload,
+    );
+
+    return workspace;
   }
 
   async verifyLoginToken(loginToken: string): Promise<string> {
@@ -290,6 +299,8 @@ export class TokenService {
     } catch (error) {
       if (error instanceof TokenExpiredError) {
         throw new UnauthorizedException('Token has expired.');
+      } else if (error instanceof JsonWebTokenError) {
+        throw new UnauthorizedException('Token invalid.');
       } else {
         throw new UnprocessableEntityException();
       }

server/src/core/auth/strategies/jwt.auth.strategy.ts

@@ -60,7 +60,7 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
       );
 
       assert(
-        apiKey.length === 1 && !apiKey[0].revokedAt,
+        apiKey.length === 1 && !apiKey?.[0].revokedAt,
         'This API Key is revoked',
         ForbiddenException,
       );