add auth

src/modules/auth/auth.controller.ts

@@ -0,0 +1,103 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Body,
+  UseGuards,
+  Request,
+  Response,
+  NotFoundException,
+  UnauthorizedException,
+  BadRequestException,
+  Res,
+  HttpCode,
+} from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { RegistrationDto } from './dto/registration.dto';
+import { LocalAuthGuard } from './guards/local-auth.guard';
+import { UsersService } from '../users/services/users.service';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+
+@Controller('auth')
+export class AuthController {
+  constructor(
+    private readonly authService: AuthService,
+    private readonly usersService: UsersService,
+  ) {}
+
+  @UseGuards(JwtAuthGuard)
+  @Get('me')
+  async getUserData(@Request() req) {
+    const userId = req.user.userId;
+    const user = await this.usersService.getUserById(userId);
+
+    if (!user) throw new UnauthorizedException();
+
+    return {
+      email: user.email,
+      name: user.name,
+      is: user.id,
+    };
+  }
+  @HttpCode(200)
+  @UseGuards(LocalAuthGuard)
+  @Post('login')
+  async login(@Request() req, @Res({ passthrough: true }) res) {
+    const userData = req.user.data;
+    res.cookie('refreshToken', userData.refreshToken, {
+      httpOnly: true,
+      secure: true,
+    });
+    return { accessToken: req.user.data.accessToken };
+  }
+  @HttpCode(201)
+  @Post('registration')
+  async registration(@Body() registrationData: RegistrationDto) {
+    return await this.usersService.createUser(
+      registrationData.name,
+      registrationData.password,
+      registrationData.email,
+    );
+  }
+
+  @Post('registration-confirmation')
+  async confirmRegistration(@Body('code') confirmationCode) {
+    const result = await this.authService.confirmEmail(confirmationCode);
+    if (!result) {
+      throw new NotFoundException();
+    }
+    return null;
+  }
+
+  @Post('registration-email-resending')
+  async resendRegistrationEmail(@Body('email') email: string) {
+    const isResented = await this.authService.resendCode(email);
+    if (!isResented)
+      throw new BadRequestException({
+        message: 'email already confirmed or such email not found',
+        field: 'email',
+      });
+    return null;
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Post('logout')
+  async logout(@Request() req) {
+    if (!req.cookie?.refreshToken) throw new UnauthorizedException();
+    await this.usersService.addRevokedToken(req.cookie.refreshToken);
+    return null;
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Post('refresh-token')
+  async refreshToken(@Request() req, @Response() res) {
+    if (!req.cookie?.refreshToken) throw new UnauthorizedException();
+    const userId = req.user.id;
+    const newTokens = this.authService.createJwtTokensPair(userId, null);
+    res.cookie('refreshToken', newTokens.refreshToken, {
+      httpOnly: true,
+      secure: true,
+    });
+    return { accessToken: newTokens.accessToken };
+  }
+}

src/modules/auth/auth.module.ts

@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { AuthController } from './auth.controller';
+import { UsersModule } from '../users/users.module';
+import { LocalStrategy } from './strategies/local.strategy';
+
+@Module({
+  imports: [UsersModule],
+  controllers: [AuthController],
+  providers: [AuthService, LocalStrategy],
+})
+export class AuthModule {}

src/modules/auth/auth.service.ts

@@ -0,0 +1,88 @@
+import { Injectable } from '@nestjs/common';
+import { isAfter } from 'date-fns';
+import * as jwt from 'jsonwebtoken';
+import * as bcrypt from 'bcrypt';
+import { UsersRepository } from '../users/infrastructure/users.repository';
+import * as process from 'process';
+
+@Injectable()
+export class AuthService {
+  constructor(private usersRepository: UsersRepository) {}
+
+  createJwtTokensPair(userId: string, email: string | null) {
+    const accessSecretKey = process.env.ACCESS_JWT_SECRET_KEY;
+    const refreshSecretKey = process.env.REFRESH_JWT_SECRET_KEY;
+    const payload: { userId: string; date: Date; email: string | null } = {
+      userId,
+      date: new Date(),
+      email,
+    };
+    const accessToken = jwt.sign(payload, accessSecretKey, { expiresIn: '1d' });
+    const refreshToken = jwt.sign(payload, refreshSecretKey, {
+      expiresIn: '30d',
+    });
+    return {
+      accessToken,
+      refreshToken,
+    };
+  }
+
+  async checkCredentials(email: string, password: string) {
+    const user = await this.usersRepository.findUserByEmail(email);
+    if (!user /*|| !user.emailConfirmation.isConfirmed*/)
+      return {
+        resultCode: 1,
+        data: {
+          accessToken: null,
+          refreshToken: null,
+        },
+      };
+    const isPasswordValid = await this.isPasswordCorrect(
+      password,
+      user.password,
+    );
+    if (!isPasswordValid) {
+      return {
+        resultCode: 1,
+        data: {
+          token: {
+            accessToken: null,
+            refreshToken: null,
+          },
+        },
+      };
+    }
+    const tokensPair = this.createJwtTokensPair(user.id, user.email);
+    return {
+      resultCode: 0,
+      data: tokensPair,
+    };
+  }
+
+  private async isPasswordCorrect(password: string, hash: string) {
+    return bcrypt.compare(password, hash);
+  }
+
+  async confirmEmail(token: string): Promise<boolean> {
+    const user = await this.usersRepository.findUserByVerificationToken(token);
+    if (!user || user.isEmailVerified) return false;
+    const dbToken = user.verificationToken;
+    const isTokenExpired = isAfter(user.verificationTokenExpiry, new Date());
+    if (dbToken !== token || isTokenExpired) {
+      return false;
+    }
+
+    return await this.usersRepository.updateConfirmation(user.id);
+  }
+
+  async resendCode(email: string) {
+    const user = await this.usersRepository.findUserByEmail(email);
+    if (!user || user?.verification.isEmailVerified) return null;
+    const updatedUser = await this.usersRepository.updateVerificationToken(
+      user.id,
+    );
+    if (!updatedUser) return null;
+
+    return true;
+  }
+}

src/modules/auth/dto/registration.dto.ts

@@ -0,0 +1,10 @@
+import { IsEmail, Length } from 'class-validator';
+
+export class RegistrationDto {
+  @Length(3, 30)
+  name: string;
+  @Length(3, 30)
+  password: string;
+  @IsEmail()
+  email: string;
+}

src/modules/auth/dto/update-auth.dto.ts

@@ -0,0 +1,4 @@
+import { PartialType } from '@nestjs/mapped-types';
+import { RegistrationDto } from './registration.dto';
+
+export class UpdateAuthDto extends PartialType(RegistrationDto) {}

src/modules/auth/entities/auth.entity.ts

@@ -0,0 +1 @@
+export class Auth {}

src/modules/auth/guards/auth.guard.ts

@@ -0,0 +1,52 @@
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+  UnauthorizedException,
+} from '@nestjs/common';
+import * as jwt from 'jsonwebtoken';
+import { UsersRepository } from '../../users/infrastructure/users.repository';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  constructor(private readonly usersRepository: UsersRepository) {}
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    if (!request.headers || !request.headers.authorization) {
+      throw new BadRequestException([{ message: 'No any auth headers' }]);
+    }
+    const authorizationData = request.headers.authorization.split(' ');
+    const token = authorizationData[1];
+    const tokenName = authorizationData[0];
+    if (tokenName != 'Bearer') {
+      throw new UnauthorizedException([
+        {
+          message: 'login or password invalid',
+        },
+      ]);
+    }
+    try {
+      const secretKey = process.env.JWT_SECRET_KEY;
+      const decoded: any = jwt.verify(token, secretKey!);
+      const user = await this.usersRepository.findUserById(decoded.userId);
+      if (!user) {
+        throw new NotFoundException([
+          {
+            field: 'token',
+            message: 'user not found',
+          },
+        ]);
+      }
+    } catch (e) {
+      console.log(e);
+      throw new UnauthorizedException([
+        {
+          message: 'login or password invalid',
+        },
+      ]);
+    }
+    return true;
+  }
+}

src/modules/auth/guards/base-auth.guard.ts

@@ -0,0 +1,29 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Observable } from 'rxjs';
+
+@Injectable()
+export class BaseAuthGuard implements CanActivate {
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const exceptedAuthInput = 'Basic YWRtaW46cXdlcnR5';
+    if (!request.headers || !request.headers.authorization) {
+      throw new UnauthorizedException([{ message: 'No any auth headers' }]);
+    } else {
+      if (request.headers.authorization != exceptedAuthInput) {
+        throw new UnauthorizedException([
+          {
+            message: 'login or password invalid',
+          },
+        ]);
+      }
+    }
+    return true;
+  }
+}

src/modules/auth/guards/jwt-auth.guard.ts

@@ -0,0 +1,25 @@
+import {
+  ExecutionContext,
+  Injectable,
+  UsePipes,
+  ValidationPipe,
+} from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  constructor() {
+    super();
+  }
+  @UsePipes(new ValidationPipe())
+  validateLoginDto(): void {}
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest();
+
+    const res: boolean = await (super.canActivate(context) as Promise<boolean>);
+    if (!res) return false;
+
+    // check DTO
+    return res;
+  }
+}

src/modules/auth/guards/local-auth.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class LocalAuthGuard extends AuthGuard('local') {}

src/modules/auth/strategies/jwt.strategy.ts

@@ -0,0 +1,21 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { AppSettings } from '../../../settings/app-settings';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor(
+    @Inject(AppSettings.name) private readonly appSettings: AppSettings,
+  ) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: true,
+      secretOrKey: appSettings.auth.ACCESS_JWT_SECRET_KEY,
+    });
+  }
+
+  async validate(payload: any) {
+    return { userId: payload.userId };
+  }
+}

src/modules/auth/strategies/local.strategy.ts

@@ -0,0 +1,21 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { Strategy } from 'passport-local';
+import { AuthService } from '../auth.service';
+
+@Injectable()
+export class LocalStrategy extends PassportStrategy(Strategy) {
+  constructor(private readonly authService: AuthService) {
+    super({
+      usernameField: 'login',
+    });
+  }
+
+  async validate(login: string, password: string): Promise<any> {
+    const user = await this.authService.checkCredentials(login, password);
+    if (user.resultCode === 1) {
+      throw new UnauthorizedException();
+    }
+    return user;
+  }
+}