admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Removing Prisma and Grapql-nestjs-prisma resolvers (#2574)

Browse Source 
* Some cleaning

* Fix seeds

* Fix all sign in, sign up flow and apiKey optimistic rendering

* Fix
This commit is contained in:
Charles Bochet
2023-11-19 18:25:47 +01:00
committed by GitHub
parent 18dac1a2b6
commit f5e1d7825a
616 changed files with 2220 additions and 23073 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
server/src/core/auth/auth.module.ts
View File

@ -1,11 +1,21 @@
/* eslint-disable no-restricted-imports */
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { TypeOrmModule } from '@nestjs/typeorm';
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
import { PrismaService } from 'src/database/prisma.service';
import { UserModule } from 'src/core/user/user.module';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { WorkspaceModule } from 'src/core/workspace/workspace.module';
import { FileModule } from 'src/core/file/file.module';
import { Workspace } from 'src/core/workspace/workspace.entity';
import { User } from 'src/core/user/user.entity';
import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { UserModule } from 'src/core/user/user.module';
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
import config from '../../../ormconfig';
import { AuthResolver } from './auth.resolver';
@ -28,15 +38,22 @@ const jwtModule = JwtModule.registerAsync({
});
@Module({
imports: [jwtModule, UserModule, WorkspaceModule, FileModule],
controllers: [GoogleAuthController, VerifyAuthController],
providers: [
AuthService,
TokenService,
JwtAuthStrategy,
PrismaService,
AuthResolver,
imports: [
jwtModule,
FileModule,
DataSourceModule,
UserModule,
WorkspaceManagerModule,
TypeOrmModule.forRoot(config),
NestjsQueryGraphQLModule.forFeature({
imports: [
TypeOrmModule.forFeature([Workspace, User, RefreshToken]),
TypeORMModule,
],
}),
],
controllers: [GoogleAuthController, VerifyAuthController],
providers: [AuthService, TokenService, JwtAuthStrategy, AuthResolver],
exports: [jwtModule],
})
export class AuthModule {}

68
server/src/core/auth/auth.resolver.ts
View File

@ -4,21 +4,19 @@ import {
ForbiddenException,
UseGuards,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Prisma } from '@prisma/client';
import { Repository } from 'typeorm';
import {
PrismaSelect,
PrismaSelector,
} from 'src/decorators/prisma-select.decorator';
import { JwtAuthGuard } from 'src/guards/jwt.auth.guard';
import { AuthUser } from 'src/decorators/auth-user.decorator';
import { assert } from 'src/utils/assert';
import { User } from 'src/core/@generated/user/user.model';
import { Workspace } from 'src/core/@generated/workspace/workspace.model';
import { WorkspaceService } from 'src/core/workspace/services/workspace.service';
import { Workspace } from 'src/core/workspace/workspace.entity';
import { AuthWorkspace } from 'src/decorators/auth-workspace.decorator';
import { User } from 'src/core/user/user.entity';
import { ApiKeyTokenInput } from 'src/core/auth/dto/api-key-token.input';
import { AuthTokens } from './dto/token.entity';
import { ApiKeyToken, AuthTokens } from './dto/token.entity';
import { TokenService } from './services/token.service';
import { RefreshTokenInput } from './dto/refresh-token.input';
import { Verify } from './dto/verify.entity';
@ -36,7 +34,8 @@ import { ImpersonateInput } from './dto/impersonate.input';
@Resolver()
export class AuthResolver {
constructor(
private workspaceService: WorkspaceService,
@InjectRepository(Workspace)
private readonly workspaceRepository: Repository<Workspace>,
private authService: AuthService,
private tokenService: TokenService,
) {}
@ -64,10 +63,8 @@ export class AuthResolver {
async findWorkspaceFromInviteHash(
@Args() workspaceInviteHashValidInput: WorkspaceInviteHashValidInput,
) {
return await this.workspaceService.findFirst({
where: {
inviteHash: workspaceInviteHashValidInput.inviteHash,
},
return await this.workspaceRepository.findOneBy({
inviteHash: workspaceInviteHashValidInput.inviteHash,
});
}
@ -88,21 +85,12 @@ export class AuthResolver {
}
@Mutation(() => Verify)
async verify(
@Args() verifyInput: VerifyInput,
@PrismaSelector({
modelName: 'User',
defaultFields: { User: { id: true } },
})
prismaSelect: PrismaSelect<'User'>,
): Promise<Verify> {
async verify(@Args() verifyInput: VerifyInput): Promise<Verify> {
const email = await this.tokenService.verifyLoginToken(
verifyInput.loginToken,
);
const select = prismaSelect.valueOf('user') as Prisma.UserSelect & {
id: true;
};
const result = await this.authService.verify(email, select);
const result = await this.authService.verify(email);
return result;
}
@ -125,22 +113,24 @@ export class AuthResolver {
async impersonate(
@Args() impersonateInput: ImpersonateInput,
@AuthUser() user: User,
@PrismaSelector({
modelName: 'User',
defaultFields: {
User: {
id: true,
},
},
})
prismaSelect: PrismaSelect<'User'>,
): Promise<Verify> {
// Check if user can impersonate
assert(user.canImpersonate, 'User cannot impersonate', ForbiddenException);
const select = prismaSelect.valueOf('user') as Prisma.UserSelect & {
id: true;
};
return this.authService.impersonate(impersonateInput.userId, select);
return this.authService.impersonate(impersonateInput.userId);
}
@UseGuards(JwtAuthGuard)
@Mutation(() => ApiKeyToken)
async generateApiKeyToken(
@Args() args: ApiKeyTokenInput,
@AuthWorkspace() { id: workspaceId }: Workspace,
): Promise<ApiKeyToken | undefined> {
console.log('toto');
return await this.tokenService.generateApiKeyToken(
workspaceId,
args.apiKeyId,
args.expiresAt,
);
}
}

96
server/src/core/auth/controllers/google-auth.controller.ts
View File

@ -1,29 +1,29 @@
import { Controller, Get, Req, Res, UseGuards } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Response } from 'express';
import FileType from 'file-type';
import { v4 as uuidV4 } from 'uuid';
import { FileFolder } from 'src/core/file/interfaces/file-folder.interface';
import { Repository } from 'typeorm';
import { GoogleRequest } from 'src/core/auth/strategies/google.auth.strategy';
import { UserService } from 'src/core/user/user.service';
import { TokenService } from 'src/core/auth/services/token.service';
import { GoogleProviderEnabledGuard } from 'src/core/auth/guards/google-provider-enabled.guard';
import { GoogleOauthGuard } from 'src/core/auth/guards/google-oauth.guard';
import { WorkspaceService } from 'src/core/workspace/services/workspace.service';
import { User } from 'src/core/user/user.entity';
import { Workspace } from 'src/core/workspace/workspace.entity';
import { AuthService } from 'src/core/auth/services/auth.service';
import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { getImageBufferFromUrl } from 'src/utils/image';
import { FileUploadService } from 'src/core/file/services/file-upload.service';
@Controller('auth/google')
export class GoogleAuthController {
constructor(
private readonly tokenService: TokenService,
private readonly userService: UserService,
private readonly workspaceService: WorkspaceService,
private readonly environmentService: EnvironmentService,
private readonly fileUploadService: FileUploadService,
private readonly typeORMService: TypeORMService,
private readonly authService: AuthService,
@InjectRepository(Workspace)
@InjectRepository(User, 'metadata')
private readonly userRepository: Repository<User>,
) {}
@Get()
@ -39,65 +39,29 @@ export class GoogleAuthController {
const { firstName, lastName, email, picture, workspaceInviteHash } =
req.user;
let workspaceId: string | undefined = undefined;
if (workspaceInviteHash) {
const workspace = await this.workspaceService.findFirst({
where: {
inviteHash: workspaceInviteHash,
},
});
const mainDataSource = await this.typeORMService.getMainDataSource();
if (!workspace) {
return res.redirect(
`${this.environmentService.getFrontAuthCallbackUrl()}`,
);
}
const existingUser = await mainDataSource
.getRepository(User)
.findOneBy({ email: email });
workspaceId = workspace.id;
if (existingUser) {
const loginToken = await this.tokenService.generateLoginToken(
existingUser.email,
);
return res.redirect(
this.tokenService.computeRedirectURI(loginToken.token),
);
}
let user = await this.userService.createUser(
{
data: {
email,
firstName: firstName ?? '',
lastName: lastName ?? '',
locale: 'en',
},
},
workspaceId,
);
if (!user.avatarUrl) {
let imagePath: string | undefined = undefined;
if (picture) {
// Get image buffer from url
const buffer = await getImageBufferFromUrl(picture);
// Extract mimetype and extension from buffer
const type = await FileType.fromBuffer(buffer);
// Upload image
const { paths } = await this.fileUploadService.uploadImage({
file: buffer,
filename: `${uuidV4()}.${type?.ext}`,
mimeType: type?.mime,
fileFolder: FileFolder.ProfilePicture,
});
imagePath = paths[0];
}
user = await this.userService.update({
where: {
id: user.id,
},
data: {
avatarUrl: imagePath,
},
});
}
const user = await this.authService.signUp({
email,
firstName,
lastName,
picture,
workspaceInviteHash,
});
const loginToken = await this.tokenService.generateLoginToken(user.email);

8
server/src/core/auth/controllers/verify-auth.controller.ts
View File

@ -17,13 +17,7 @@ export class VerifyAuthController {
const email = await this.tokenService.verifyLoginToken(
verifyInput.loginToken,
);
const result = await this.authService.verify(email, {
id: true,
firstName: true,
lastName: true,
email: true,
emailVerified: true,
});
const result = await this.authService.verify(email);
return result;
}

15
server/src/core/auth/dto/api-key-token.input.ts Normal file
View File

@ -0,0 +1,15 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class ApiKeyTokenInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
apiKeyId: string;
@Field(() => String)
@IsNotEmpty()
expiresAt: string;
}

4
server/src/core/auth/dto/token.entity.ts
View File

@ -1,7 +1,5 @@
import { Field, ObjectType } from '@nestjs/graphql';
import { ApiKey } from 'src/core/@generated/api-key/api-key.model';
@ObjectType()
export class AuthToken {
@Field(() => String)
@ -12,7 +10,7 @@ export class AuthToken {
}
@ObjectType()
export class ApiKeyToken extends ApiKey {
export class ApiKeyToken {
@Field(() => String)
token: string;
}

2
server/src/core/auth/dto/verify.entity.ts
View File

@ -1,6 +1,6 @@
import { Field, ObjectType } from '@nestjs/graphql';
import { User } from 'src/core/@generated/user/user.model';
import { User } from 'src/core/user/user.entity';
import { AuthTokens } from './token.entity';

162
server/src/core/auth/services/auth.service.ts
View File

@ -4,11 +4,15 @@ import {
Injectable,
NotFoundException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Prisma } from '@prisma/client';
import FileType from 'file-type';
import { Repository } from 'typeorm';
import { v4 } from 'uuid';
import { FileFolder } from 'src/core/file/interfaces/file-folder.interface';
import { ChallengeInput } from 'src/core/auth/dto/challenge.input';
import { UserService } from 'src/core/user/user.service';
import { assert } from 'src/utils/assert';
import {
PASSWORD_REGEX,
@ -17,9 +21,13 @@ import {
} from 'src/core/auth/auth.util';
import { Verify } from 'src/core/auth/dto/verify.entity';
import { UserExists } from 'src/core/auth/dto/user-exists.entity';
import { WorkspaceService } from 'src/core/workspace/services/workspace.service';
import { WorkspaceInviteHashValid } from 'src/core/auth/dto/workspace-invite-hash-valid.entity';
import { SignUpInput } from 'src/core/auth/dto/sign-up.input';
import { User } from 'src/core/user/user.entity';
import { Workspace } from 'src/core/workspace/workspace.entity';
import { UserService } from 'src/core/user/services/user.service';
import { WorkspaceManagerService } from 'src/workspace/workspace-manager/workspace-manager.service';
import { getImageBufferFromUrl } from 'src/utils/image';
import { FileUploadService } from 'src/core/file/services/file-upload.service';
import { TokenService } from './token.service';
@ -34,14 +42,17 @@ export class AuthService {
constructor(
private readonly tokenService: TokenService,
private readonly userService: UserService,
private readonly workspaceService: WorkspaceService,
private readonly workspaceManagerService: WorkspaceManagerService,
private readonly fileUploadService: FileUploadService,
@InjectRepository(Workspace)
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User)
private readonly userRepository: Repository<User>,
) {}
async challenge(challengeInput: ChallengeInput) {
const user = await this.userService.findUnique({
where: {
email: challengeInput.email,
},
const user = await this.userRepository.findOneBy({
email: challengeInput.email,
});
assert(user, "This user doesn't exist", NotFoundException);
@ -57,24 +68,40 @@ export class AuthService {
return user;
}
async signUp(signUpInput: SignUpInput) {
const existingUser = await this.userService.findUnique({
where: {
email: signUpInput.email,
},
async signUp({
email,
password,
workspaceInviteHash,
firstName,
lastName,
picture,
}: {
email: string;
password?: string;
firstName?: string | null;
lastName?: string | null;
workspaceInviteHash?: string | null;
picture?: string | null;
}) {
if (!firstName) firstName = '';
if (!lastName) lastName = '';
const existingUser = await this.userRepository.findOneBy({
email: email,
});
assert(!existingUser, 'This user already exists', ForbiddenException);
const isPasswordValid = PASSWORD_REGEX.test(signUpInput.password);
assert(isPasswordValid, 'Password too weak', BadRequestException);
if (password) {
const isPasswordValid = PASSWORD_REGEX.test(password);
assert(isPasswordValid, 'Password too weak', BadRequestException);
}
const passwordHash = await hashPassword(signUpInput.password);
const passwordHash = password ? await hashPassword(password) : undefined;
let workspace: Workspace | null;
if (signUpInput.workspaceInviteHash) {
const workspace = await this.workspaceService.findFirst({
where: {
inviteHash: signUpInput.workspaceInviteHash,
},
if (workspaceInviteHash) {
workspace = await this.workspaceRepository.findOneBy({
inviteHash: workspaceInviteHash,
});
assert(
@ -82,44 +109,59 @@ export class AuthService {
'This workspace inviteHash is invalid',
ForbiddenException,
);
return await this.userService.createUser(
{
data: {
email: signUpInput.email,
passwordHash,
},
} as Prisma.UserCreateArgs,
workspace.id,
);
} else {
const workspaceToCreate = this.workspaceRepository.create({
displayName: '',
domainName: '',
inviteHash: v4(),
});
workspace = await this.workspaceRepository.save(workspaceToCreate);
await this.workspaceManagerService.init(workspace.id);
}
return await this.userService.createUser({
data: {
email: signUpInput.email,
passwordHash,
locale: 'en',
},
} as Prisma.UserCreateArgs);
const userToCreate = this.userRepository.create({
email: email,
firstName: firstName,
lastName: lastName,
canImpersonate: false,
passwordHash,
defaultWorkspace: workspace,
});
const user = await this.userRepository.save(userToCreate);
let imagePath: string | undefined = undefined;
if (picture) {
const buffer = await getImageBufferFromUrl(picture);
const type = await FileType.fromBuffer(buffer);
const { paths } = await this.fileUploadService.uploadImage({
file: buffer,
filename: `${v4()}.${type?.ext}`,
mimeType: type?.mime,
fileFolder: FileFolder.ProfilePicture,
});
imagePath = paths[0];
}
await this.userService.createWorkspaceMember(user, imagePath);
return user;
}
async verify(
email: string,
select: Prisma.UserSelect & {
id: true;
},
): Promise<Verify> {
const user = await this.userService.findUnique({
async verify(email: string): Promise<Verify> {
const user = await this.userRepository.findOne({
where: {
email,
},
select,
relations: ['defaultWorkspace'],
});
assert(user, "This user doesn't exist", NotFoundException);
// passwordHash is hidden for security reasons
user.passwordHash = '';
user.workspaceMember = await this.userService.loadWorkspaceMember(user);
const accessToken = await this.tokenService.generateAccessToken(user.id);
const refreshToken = await this.tokenService.generateRefreshToken(user.id);
@ -134,10 +176,8 @@ export class AuthService {
}
async checkUserExists(email: string): Promise<UserExists> {
const user = await this.userService.findUnique({
where: {
email,
},
const user = await this.userRepository.findOneBy({
email,
});
return { exists: !!user };
@ -146,26 +186,16 @@ export class AuthService {
async checkWorkspaceInviteHashIsValid(
inviteHash: string,
): Promise<WorkspaceInviteHashValid> {
const workspace = await this.workspaceService.findFirst({
where: {
inviteHash,
},
const workspace = await this.workspaceRepository.findOneBy({
inviteHash,
});
return { isValid: !!workspace };
}
async impersonate(
userId: string,
select: Prisma.UserSelect & {
id: true;
},
) {
const user = await this.userService.findUnique({
where: {
id: userId,
},
select,
async impersonate(userId: string) {
const user = await this.userRepository.findOneBy({
id: userId,
});
assert(user, "This user doesn't exist", NotFoundException);

6
server/src/core/auth/services/token.service.spec.ts
View File

@ -1,8 +1,6 @@
import { Test, TestingModule } from '@nestjs/testing';
import { JwtService } from '@nestjs/jwt';
import { PrismaService } from 'src/database/prisma.service';
import { prismaMock } from 'src/database/client-mock/jest-prisma-singleton';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { TokenService } from './token.service';
@ -22,10 +20,6 @@ describe('TokenService', () => {
provide: EnvironmentService,
useValue: {},
},
{
provide: PrismaService,
useValue: prismaMock,
},
],
}).compile();

101
server/src/core/auth/services/token.service.ts
View File

@ -7,23 +7,29 @@ import {
UnprocessableEntityException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { InjectRepository } from '@nestjs/typeorm';
import { addMilliseconds } from 'date-fns';
import ms from 'ms';
import { TokenExpiredError } from 'jsonwebtoken';
import { Repository } from 'typeorm';
import { JwtPayload } from 'src/core/auth/strategies/jwt.auth.strategy';
import { PrismaService } from 'src/database/prisma.service';
import { assert } from 'src/utils/assert';
import { AuthToken } from 'src/core/auth/dto/token.entity';
import { ApiKeyToken, AuthToken } from 'src/core/auth/dto/token.entity';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { User } from 'src/core/user/user.entity';
import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
@Injectable()
export class TokenService {
constructor(
private readonly jwtService: JwtService,
private readonly environmentService: EnvironmentService,
private readonly prismaService: PrismaService,
@InjectRepository(User)
private readonly userRepository: Repository<User>,
@InjectRepository(RefreshToken)
private readonly refreshTokenRepository: Repository<RefreshToken>,
) {}
async generateAccessToken(userId: string): Promise<AuthToken> {
@ -31,23 +37,26 @@ export class TokenService {
assert(expiresIn, '', InternalServerErrorException);
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
const user = await this.prismaService.client.user.findUnique({
const user = await this.userRepository.findOne({
where: { id: userId },
relations: ['defaultWorkspace'],
});
if (!user) {
throw new NotFoundException('User is not found');
}
if (!user.defaultWorkspaceId) {
if (!user.defaultWorkspace) {
throw new NotFoundException('User does not have a default workspace');
}
const jwtPayload: JwtPayload = {
sub: user.id,
workspaceId: user.defaultWorkspaceId,
workspaceId: user.defaultWorkspace.id,
};
console.log(jwtPayload);
return {
token: this.jwtService.sign(jwtPayload),
expiresAt,
@ -68,9 +77,13 @@ export class TokenService {
sub: userId,
};
const refreshToken = await this.prismaService.client.refreshToken.create({
data: refreshTokenPayload,
});
const refreshToken =
this.refreshTokenRepository.create(refreshTokenPayload);
console.log(refreshToken);
await this.refreshTokenRepository.save(refreshToken);
console.log('toto');
return {
token: this.jwtService.sign(jwtPayload, {
@ -101,6 +114,34 @@ export class TokenService {
};
}
async generateApiKeyToken(
workspaceId: string,
apiKeyId?: string,
expiresAt?: Date | string,
): Promise<Pick<ApiKeyToken, 'token'> | undefined> {
if (!apiKeyId) {
return;
}
const jwtPayload = {
sub: workspaceId,
};
const secret = this.environmentService.getAccessTokenSecret();
let expiresIn: string | number;
if (expiresAt) {
expiresIn = Math.floor(
(new Date(expiresAt).getTime() - new Date().getTime()) / 1000,
);
} else {
expiresIn = this.environmentService.getApiTokenExpiresIn();
}
const token = this.jwtService.sign(jwtPayload, {
secret,
expiresIn,
jwtid: apiKeyId,
});
return { token };
}
async verifyLoginToken(loginToken: string): Promise<string> {
const loginTokenSecret = this.environmentService.getLoginTokenSecret();
@ -120,19 +161,14 @@ export class TokenService {
UnprocessableEntityException,
);
const token = await this.prismaService.client.refreshToken.findUnique({
where: { id: jwtPayload.jti },
const token = await this.refreshTokenRepository.findOneBy({
id: jwtPayload.jti,
});
assert(token, "This refresh token doesn't exist", NotFoundException);
const user = await this.prismaService.client.user.findUnique({
where: {
id: jwtPayload.sub,
},
include: {
refreshTokens: true,
},
const user = await this.userRepository.findOneBy({
id: jwtPayload.sub,
});
assert(user, 'User not found', NotFoundException);
@ -143,16 +179,17 @@ export class TokenService {
token.revokedAt.getTime() <= Date.now() - ms(coolDown)
) {
// Revoke all user refresh tokens
await this.prismaService.client.refreshToken.updateMany({
where: {
id: {
in: user.refreshTokens.map(({ id }) => id),
},
},
data: {
revokedAt: new Date(),
},
});
await Promise.all(
user.refreshTokens.map(
async ({ id }) =>
await this.refreshTokenRepository.update(
{ id },
{
revokedAt: new Date(),
},
),
),
);
throw new ForbiddenException(
'Suspicious activity detected, this refresh token has been revoked. All tokens has been revoked.',
@ -172,14 +209,14 @@ export class TokenService {
} = await this.verifyRefreshToken(token);
// Revoke old refresh token
await this.prismaService.client.refreshToken.update({
where: {
await this.refreshTokenRepository.update(
{
id,
},
data: {
{
revokedAt: new Date(),
},
});
);
const accessToken = await this.generateAccessToken(user.id);
const refreshToken = await this.generateRefreshToken(user.id);

38
server/src/core/auth/strategies/jwt.auth.strategy.ts
View File

@ -1,16 +1,13 @@
import { PassportStrategy } from '@nestjs/passport';
import {
ForbiddenException,
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Strategy, ExtractJwt } from 'passport-jwt';
import { User, Workspace } from '@prisma/client';
import { Repository } from 'typeorm';
import { PrismaService } from 'src/database/prisma.service';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { assert } from 'src/utils/assert';
import { Workspace } from 'src/core/workspace/workspace.entity';
import { User } from 'src/core/user/user.entity';
export type JwtPayload = { sub: string; workspaceId: string; jti?: string };
export type PassportUser = { user?: User; workspace: Workspace };
@ -19,7 +16,10 @@ export type PassportUser = { user?: User; workspace: Workspace };
export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
constructor(
private readonly environmentService: EnvironmentService,
private readonly prismaService: PrismaService,
@InjectRepository(Workspace)
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User)
private readonly userRepository: Repository<User>,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
@ -29,26 +29,30 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
}
async validate(payload: JwtPayload): Promise<PassportUser> {
const workspace = await this.prismaService.client.workspace.findUnique({
where: { id: payload.workspaceId ?? payload.sub },
const workspace = await this.workspaceRepository.findOneBy({
id: payload.workspaceId ?? payload.sub,
});
if (!workspace) {
throw new UnauthorizedException();
}
if (payload.jti) {
// If apiKey has been deleted or revoked, we throw an error
const apiKey = await this.prismaService.client.apiKey.findUniqueOrThrow({
where: { id: payload.jti },
});
assert(!apiKey.revokedAt, 'This API Key is revoked', ForbiddenException);
// const apiKey = await this.prismaService.client.apiKey.findUniqueOrThrow({
// where: { id: payload.jti },
// });
// assert(!apiKey.revokedAt, 'This API Key is revoked', ForbiddenException);
}
const user = payload.workspaceId
? await this.prismaService.client.user.findUniqueOrThrow({
where: { id: payload.sub },
? await this.userRepository.findOneBy({
id: payload.sub,
})
: undefined;
if (!user) {
throw new UnauthorizedException();
}
return { user, workspace };
}
}