initial commit

back/src/app.controller.spec.ts

@@ -0,0 +1,22 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+
+describe('AppController', () => {
+  let appController: AppController;
+
+  beforeEach(async () => {
+    const app: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+      providers: [AppService],
+    }).compile();
+
+    appController = app.get<AppController>(AppController);
+  });
+
+  describe('root', () => {
+    it('should return "Hello World!"', () => {
+      expect(appController.getHello()).toBe('Hello World!');
+    });
+  });
+});

back/src/app.controller.ts

@@ -0,0 +1,18 @@
+import { Controller, Get } from '@nestjs/common';
+import { AppService } from './app.service';
+import { Throttle } from '@nestjs/throttler';
+import { Auth } from './auth/auth.decorator';
+import { Role } from './users/roles/role.enum';
+
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+
+  // Override default configuration for Rate limiting and duration.
+  @Throttle({ default: { limit: 10, ttl: 1000 } })
+  @Auth(Role.Public)
+  @Get()
+  getHello(): string {
+    return this.appService.getHello();
+  }
+}

back/src/app.module.ts

@@ -0,0 +1,37 @@
+import { Module } from '@nestjs/common';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+import { AuthModule } from './auth/auth.module';
+import { UsersModule } from './users/users.module';
+import { ThrottlerModule } from '@nestjs/throttler';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from './users/entities/user.entity';
+import { ConfigModule } from '@nestjs/config';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot(),
+    AuthModule,
+    UsersModule,
+    ThrottlerModule.forRoot([
+      {
+        ttl: 10000,
+        limit: 20,
+      },
+    ]),
+    TypeOrmModule.forRoot({
+      type: process.env.DB_TYPE as 'mysql' | 'mariadb',
+      host: process.env.DB_HOST,
+      port: parseInt(process.env.DB_PORT),
+      username: process.env.DB_USERNAME,
+      password: process.env.DB_PASSWORD,
+      database: process.env.DB_MAIN,
+      entities: [User],
+      synchronize: false,
+      connectTimeout: 20000,
+    }),
+  ],
+  controllers: [AppController],
+  providers: [AppService],
+})
+export class AppModule {}

back/src/app.service.ts

@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {
+  getHello(): string {
+    return 'Hello World!';
+  }
+}

back/src/auth/auth.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthController } from './auth.controller';
+
+describe('AuthController', () => {
+  let controller: AuthController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AuthController],
+    }).compile();
+
+    controller = module.get<AuthController>(AuthController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

back/src/auth/auth.controller.ts

@@ -0,0 +1,35 @@
+import {
+  Body,
+  Controller,
+  Get,
+  HttpCode,
+  HttpStatus,
+  Post,
+  Request,
+} from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { Role } from 'src/users/roles/role.enum';
+import { Auth } from './auth.decorator';
+
+@Controller('auth')
+export class AuthController {
+  constructor(private authService: AuthService) {}
+
+  @Auth(Role.Public)
+  @HttpCode(HttpStatus.OK)
+  @Post('login')
+  signIn(@Body() signInDto: Record<string, any>) {
+    return this.authService.signIn(signInDto.username, signInDto.password);
+  }
+
+  @Auth(Role.Admin)
+  @Get('profile')
+  getProfile(@Request() req) {
+    return req.user;
+  }
+
+  @Get('options')
+  getOptions(@Request() req) {
+    return req.roles;
+  }
+}

back/src/auth/auth.decorator.ts

@@ -0,0 +1,8 @@
+import { SetMetadata, applyDecorators } from '@nestjs/common';
+import { Role } from 'src/users/roles/role.enum';
+
+export const ROLES_METADATA = 'roles';
+
+export function Auth(...roles: Role[]) {
+  return applyDecorators(SetMetadata(ROLES_METADATA, roles));
+}

back/src/auth/auth.guard.ts

@@ -0,0 +1,60 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { jwtConstants } from './constants';
+import { Request } from 'express';
+import { Reflector } from '@nestjs/core';
+import { ROLES_METADATA } from './auth.decorator';
+import { Role } from 'src/users/roles/role.enum';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  constructor(
+    private jwtService: JwtService,
+    private reflector: Reflector,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const decorator_roles = this.reflector.getAllAndOverride<Role[]>(
+      ROLES_METADATA,
+      [context.getHandler(), context.getClass()],
+    );
+
+    if (decorator_roles && decorator_roles.includes(Role.Public)) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest();
+    const token = this.extractTokenFromHeader(request);
+    if (!token) {
+      throw new UnauthorizedException();
+    }
+    try {
+      const payload = await this.jwtService.verifyAsync(token, {
+        secret: jwtConstants.secret,
+      });
+      // 💡 We're assigning the payload to the request object here
+      // so that we can access it in our route handlers
+      request['user'] = payload;
+
+      const found = payload.roles.some((r: Role) =>
+        decorator_roles.includes(r),
+      );
+      if (!found) {
+        throw new UnauthorizedException();
+      }
+    } catch {
+      throw new UnauthorizedException();
+    }
+    return true;
+  }
+
+  private extractTokenFromHeader(request: Request): string | undefined {
+    const [type, token] = request.headers.authorization?.split(' ') ?? [];
+    return type === 'Bearer' ? token : undefined;
+  }
+}

back/src/auth/auth.module.ts

@@ -0,0 +1,30 @@
+import { Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { UsersModule } from '../users/users.module';
+import { JwtModule } from '@nestjs/jwt';
+import { AuthController } from './auth.controller';
+import { jwtConstants } from './constants';
+import { APP_GUARD } from '@nestjs/core';
+import { AuthGuard } from './auth.guard';
+
+//TODO: TIMING LOGIC:  ID Token: 60 minutes. Access Token: 60 minutes. Refresh Token: 90 days
+@Module({
+  imports: [
+    UsersModule,
+    JwtModule.register({
+      global: true,
+      secret: jwtConstants.secret,
+      signOptions: { expiresIn: '60m' },
+    }),
+  ],
+  providers: [
+    AuthService,
+    {
+      provide: APP_GUARD,
+      useClass: AuthGuard,
+    },
+  ],
+  controllers: [AuthController],
+  exports: [AuthService],
+})
+export class AuthModule {}

back/src/auth/auth.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthService } from './auth.service';
+
+describe('AuthService', () => {
+  let service: AuthService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [AuthService],
+    }).compile();
+
+    service = module.get<AuthService>(AuthService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

back/src/auth/auth.service.ts

@@ -0,0 +1,32 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { UsersService } from 'src/users/users.service';
+import * as bcrypt from 'bcrypt';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private usersService: UsersService,
+    private jwtService: JwtService,
+  ) {}
+
+  async signIn(
+    username: string,
+    pass: string,
+  ): Promise<{ access_token: string }> {
+    console.log(username, pass);
+    const user = await this.usersService.findOne(username);
+    if (!user) throw new UnauthorizedException();
+
+    const isSamePasswd = await bcrypt.compare(`${pass}`, `${user?.password}`);
+    if (!isSamePasswd) throw new UnauthorizedException();
+
+    const payload = {
+      sub: user.id,
+      username: user.username,
+      roles: user.roles,
+    };
+
+    return { access_token: await this.jwtService.signAsync(payload) };
+  }
+}

back/src/auth/constants.ts

@@ -0,0 +1,5 @@
+//TODO: remove this and do it propertly
+export const jwtConstants = {
+  secret:
+    'DO NOT USE THIS VALUE. INSTEAD, CREATE A COMPLEX SECRET AND KEEP IT SAFE OUTSIDE OF THE SOURCE CODE.',
+};

back/src/main.ts

@@ -0,0 +1,9 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  app.enableCors();
+  await app.listen(3000);
+}
+bootstrap();

back/src/users/entities/user.entity.ts

@@ -0,0 +1,19 @@
+import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+
+// TODO: username should be unique and, maybe can act as ID?
+// NOTE: CREATE TABLE user (id bigint primary key DEFAULT UUID_SHORT(), username char(20) not null, password char(20) not null, roles char(50) not null);
+
+@Entity()
+export class User {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column()
+  username: string;
+
+  @Column()
+  password: string;
+
+  @Column()
+  roles: string;
+}

back/src/users/roles/role.enum.ts

@@ -0,0 +1,5 @@
+export enum Role {
+  Public = 'public',
+  User = 'user',
+  Admin = 'admin',
+}

back/src/users/users.module.ts

@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { UsersService } from './users.service';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from './entities/user.entity';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([User])],
+  providers: [UsersService],
+  exports: [UsersService],
+})
+export class UsersModule {}

back/src/users/users.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { UsersService } from './users.service';
+
+describe('UsersService', () => {
+  let service: UsersService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [UsersService],
+    }).compile();
+
+    service = module.get<UsersService>(UsersService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

back/src/users/users.service.ts

@@ -0,0 +1,51 @@
+import { Injectable } from '@nestjs/common';
+import { Role } from './roles/role.enum';
+import { InjectDataSource, InjectRepository } from '@nestjs/typeorm';
+import { User } from './entities/user.entity';
+import { DataSource, Repository } from 'typeorm';
+
+export type UserType = {
+  id: number;
+  username: string;
+  password: string;
+  roles: Role[];
+};
+
+@Injectable()
+export class UsersService {
+  constructor(
+    @InjectRepository(User)
+    private usersRepository: Repository<User>,
+    @InjectDataSource()
+    private dataSource: DataSource,
+  ) {}
+
+  async findOne(username: string): Promise<UserType | undefined> {
+    const db_user = await this.usersRepository.findOneBy({ username });
+    if (!db_user) return null;
+    //TODO: change this shabby mapping for a more adequate database structure
+    const user: UserType = {
+      id: db_user.id,
+      username: db_user.username,
+      password: db_user.password,
+      roles: db_user.roles.split(';') as Role[],
+    };
+    console.log(user);
+    return user;
+  }
+
+  async doSOmething() {
+    this.dataSource.query('SELECT * from users');
+  }
+
+  // async create(
+  //   username: string,
+  //   password: string,
+  //   roles: Role[],
+  // ): Promise<User | undefined> {
+  //   const roles_string = roles.join(';');
+  //   const create_result = this.usersRepository.create(
+  //     new User(username, password, roles_string),
+  //   );
+  // }
+}