From 3db8bfb0f8a12a94d18b5fae71e52b465455eecb Mon Sep 17 00:00:00 2001
From: Andres <andres99.dev@gmail.com>
Date: Tue, 11 Jul 2023 17:47:38 +0200
Subject: [PATCH] get access token from cookie instead of auth header

---
 src/app.module.ts                                 |  9 +++++++--
 src/infrastructure/middlewares/logs-middleware.ts | 10 ++++++++++
 src/main.ts                                       |  7 ++++++-
 src/modules/auth/auth.controller.ts               |  8 +++++++-
 src/modules/auth/strategies/jwt.strategy.ts       | 13 ++++++++++++-
 5 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100644 src/infrastructure/middlewares/logs-middleware.ts

diff --git a/src/app.module.ts b/src/app.module.ts
index 7829472..b37c603 100644
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -1,4 +1,4 @@
-import { Module } from '@nestjs/common'
+import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common'
 import { JwtStrategy } from './modules/auth/strategies/jwt.strategy'
 import { ConfigModule } from './settings/config.module'
 import { AuthModule } from './modules/auth/auth.module'
@@ -10,6 +10,7 @@ import { JwtRefreshStrategy } from './modules/auth/strategies/jwt-refresh.strate
 import { CqrsModule } from '@nestjs/cqrs'
 import { DecksModule } from './modules/decks/decks.module'
 import { CardsModule } from './modules/cards/cards.module'
+import { LoggerMiddleware } from './infrastructure/middlewares/logs-middleware'
 
 @Module({
   imports: [
@@ -37,4 +38,8 @@ import { CardsModule } from './modules/cards/cards.module'
   providers: [JwtStrategy, JwtRefreshStrategy],
   exports: [CqrsModule],
 })
-export class AppModule {}
+export class AppModule implements NestModule {
+  configure(consumer: MiddlewareConsumer) {
+    // consumer.apply(LoggerMiddleware).forRoutes('*') // applies the middleware to all routes
+  }
+}
diff --git a/src/infrastructure/middlewares/logs-middleware.ts b/src/infrastructure/middlewares/logs-middleware.ts
new file mode 100644
index 0000000..5b5ab33
--- /dev/null
+++ b/src/infrastructure/middlewares/logs-middleware.ts
@@ -0,0 +1,10 @@
+import { Injectable, NestMiddleware } from '@nestjs/common'
+import { Request, Response, NextFunction } from 'express'
+
+@Injectable()
+export class LoggerMiddleware implements NestMiddleware {
+  use(req: Request, res: Response, next: NextFunction) {
+    console.log('Received cookies:', JSON.stringify(req.cookies))
+    next()
+  }
+}
diff --git a/src/main.ts b/src/main.ts
index aafe09f..05f54cc 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -8,6 +8,12 @@ import { pipesSetup } from './settings/pipes-setup'
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule)
+  app.enableCors({
+    origin: true,
+    credentials: true,
+  })
+  app.use(cookieParser())
+
   app.setGlobalPrefix('v1')
   const config = new DocumentBuilder()
     .setTitle('Flashcards')
@@ -18,7 +24,6 @@ async function bootstrap() {
   SwaggerModule.setup('docs', app, document)
   pipesSetup(app)
   app.useGlobalFilters(new HttpExceptionFilter())
-  app.use(cookieParser())
   await app.listen(process.env.PORT || 3000)
   const logger = new Logger('NestApplication')
   logger.log(`Application is running on: ${await app.getUrl()}`)
diff --git a/src/modules/auth/auth.controller.ts b/src/modules/auth/auth.controller.ts
index bc8bd1c..aefcb42 100644
--- a/src/modules/auth/auth.controller.ts
+++ b/src/modules/auth/auth.controller.ts
@@ -48,8 +48,14 @@ export class AuthController {
     const userData = req.user.data
     res.cookie('refreshToken', userData.refreshToken, {
       httpOnly: true,
-      // secure: true,
+      sameSite: 'none',
       path: '/v1/auth/refresh-token',
+      secure: true,
+    })
+    res.cookie('accessToken', userData.accessToken, {
+      httpOnly: true,
+      sameSite: 'none',
+      secure: true,
     })
     return { accessToken: req.user.data.accessToken }
   }
diff --git a/src/modules/auth/strategies/jwt.strategy.ts b/src/modules/auth/strategies/jwt.strategy.ts
index 729920a..3c7edfa 100644
--- a/src/modules/auth/strategies/jwt.strategy.ts
+++ b/src/modules/auth/strategies/jwt.strategy.ts
@@ -4,6 +4,7 @@ import { ExtractJwt, Strategy } from 'passport-jwt'
 import { AuthService } from '../auth.service'
 import { AppSettings } from '../../../settings/app-settings'
 import { UsersService } from '../../users/services/users.service'
+import { Request as RequestType } from 'express'
 
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
@@ -13,7 +14,10 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     private userService: UsersService
   ) {
     super({
-      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      jwtFromRequest: ExtractJwt.fromExtractors([
+        JwtStrategy.extractJWT,
+        ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ]),
       ignoreExpiration: false,
       secretOrKey: appSettings.auth.ACCESS_JWT_SECRET_KEY,
     })
@@ -26,4 +30,11 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     }
     return user
   }
+
+  private static extractJWT(req: RequestType): string | null {
+    if (req.cookies && 'accessToken' in req.cookies && req.cookies.accessToken.length > 0) {
+      return req.cookies.accessToken
+    }
+    return null
+  }
 }