igorpropisnov
/
mvp-ticket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: igorpropisnov:5fa704cd964bcb8e1b9298a643bf5ffe38abcbae
Branches Tags
igorpropisnov:main
igorpropisnov:feature/refactor-login
igorpropisnov:feature/error-handling
..
compare: igorpropisnov:7ef46af4f3e0760bfc29bd744518cf4881105b62
Branches Tags
igorpropisnov:main
igorpropisnov:feature/refactor-login
igorpropisnov:feature/error-handling

No commits in common. "5fa704cd964bcb8e1b9298a643bf5ffe38abcbae" and "7ef46af4f3e0760bfc29bd744518cf4881105b62" have entirely different histories.
5fa704cd96 ... 7ef46af4f3

67 changed files with 961 additions and 912 deletions
Show Stats Expand all files Collapse all files

6
backend/package.json
View File

@ -36,13 +36,9 @@
"argon2": "^0.40.1",
"class-transformer": "^0.5.1",
"class-validator": "^0.14.1",
"connect-typeorm": "^2.0.0",
"cookie-parser": "^1.4.6",
"express-session": "^1.18.0",
"install": "^0.13.0",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
"passport-local": "^1.0.0",
"pg": "^8.11.5",
"reflect-metadata": "^0.2.0",
"rxjs": "^7.8.1",
@ -57,10 +53,8 @@
"@types/argon2": "^0.15.0",
"@types/cookie-parser": "^1.4.7",
"@types/express": "^4.17.17",
"@types/express-session": "^1.18.0",
"@types/jest": "^29.5.2",
"@types/node": "^20.3.1",
"@types/passport-local": "^1.0.38",
"@types/supertest": "^6.0.0",
"@typescript-eslint/parser": "^6.0.0",
"eslint": "^8.42.0",

121
backend/pnpm-lock.yaml
View File

@ -44,27 +44,15 @@ dependencies:
class-validator:
specifier: ^0.14.1
version: 0.14.1
connect-typeorm:
specifier: ^2.0.0
version: 2.0.0(typeorm@0.3.20)
cookie-parser:
specifier: ^1.4.6
version: 1.4.6
express-session:
specifier: ^1.18.0
version: 1.18.0
install:
specifier: ^0.13.0
version: 0.13.0
passport:
specifier: ^0.7.0
version: 0.7.0
passport-jwt:
specifier: ^4.0.1
version: 4.0.1
passport-local:
specifier: ^1.0.0
version: 1.0.0
pg:
specifier: ^8.11.5
version: 8.11.5
@ -103,18 +91,12 @@ devDependencies:
'@types/express':
specifier: ^4.17.17
version: 4.17.21
'@types/express-session':
specifier: ^1.18.0
version: 1.18.0
'@types/jest':
specifier: ^29.5.2
version: 29.5.12
'@types/node':
specifier: ^20.3.1
version: 20.12.4
'@types/passport-local':
specifier: ^1.0.38
version: 1.0.38
'@types/supertest':
specifier: ^6.0.0
version: 6.0.2
@ -1322,11 +1304,13 @@ packages:
dependencies:
'@types/connect': 3.4.38
'@types/node': 20.12.4
dev: true
/@types/connect@3.4.38:
resolution: {integrity: sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==}
dependencies:
'@types/node': 20.12.4
dev: true
/@types/cookie-parser@1.4.7:
resolution: {integrity: sha512-Fvuyi354Z+uayxzIGCwYTayFKocfV7TuDYZClCdIP9ckhvAu/ixDtCB6qx2TT0FKjPLf1f3P/J1rgf6lPs64mw==}
@ -1338,10 +1322,6 @@ packages:
resolution: {integrity: sha512-he+DHOWReW0nghN24E1WUqM0efK4kI9oTqDm6XmK8ZPe2djZ90BSNdGnIyCLzCPw7/pogPlGbzI2wHGGmi4O/Q==}
dev: true
/@types/debug@0.0.31:
resolution: {integrity: sha512-LS1MCPaQKqspg7FvexuhmDbWUhE2yIJ+4AgVIyObfc06/UKZ8REgxGNjZc82wPLWmbeOm7S+gSsLgo75TanG4A==}
dev: false
/@types/eslint-scope@3.7.7:
resolution: {integrity: sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==}
dependencies:
@ -1367,11 +1347,7 @@ packages:
'@types/qs': 6.9.14
'@types/range-parser': 1.2.7
'@types/send': 0.17.4
/@types/express-session@1.18.0:
resolution: {integrity: sha512-27JdDRgor6PoYlURY+Y5kCakqp5ulC0kmf7y+QwaY+hv9jEFuQOThgkjyA53RP3jmKuBsH5GR6qEfFmvb8mwOA==}
dependencies:
'@types/express': 4.17.21
dev: true
/@types/express@4.17.21:
resolution: {integrity: sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==}
@ -1380,6 +1356,7 @@ packages:
'@types/express-serve-static-core': 4.17.43
'@types/qs': 6.9.14
'@types/serve-static': 1.15.7
dev: true
/@types/graceful-fs@4.1.9:
resolution: {integrity: sha512-olP3sd1qOEe5dXTSaFvQG+02VdRXcdytWLAZsAq1PecU8uqQAhkrnbli7DagjtXKW/Bl7YJbUsa8MPcuc8LHEQ==}
@ -1389,6 +1366,7 @@ packages:
/@types/http-errors@2.0.4:
resolution: {integrity: sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==}
dev: true
/@types/istanbul-lib-coverage@2.0.6:
resolution: {integrity: sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==}
@ -1433,44 +1411,27 @@ packages:
/@types/mime@1.3.5:
resolution: {integrity: sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==}
dev: true
/@types/node@20.12.4:
resolution: {integrity: sha512-E+Fa9z3wSQpzgYQdYmme5X3OTuejnnTx88A6p6vkkJosR3KBz+HpE3kqNm98VE6cfLFcISx7zW7MsJkH6KwbTw==}
dependencies:
undici-types: 5.26.5
/@types/passport-local@1.0.38:
resolution: {integrity: sha512-nsrW4A963lYE7lNTv9cr5WmiUD1ibYJvWrpE13oxApFsRt77b0RdtZvKbCdNIY4v/QZ6TRQWaDDEwV1kCTmcXg==}
dependencies:
'@types/express': 4.17.21
'@types/passport': 1.0.16
'@types/passport-strategy': 0.2.38
dev: true
/@types/passport-strategy@0.2.38:
resolution: {integrity: sha512-GC6eMqqojOooq993Tmnmp7AUTbbQSgilyvpCYQjT+H6JfG/g6RGc7nXEniZlp0zyKJ0WUdOiZWLBZft9Yug1uA==}
dependencies:
'@types/express': 4.17.21
'@types/passport': 1.0.16
dev: true
/@types/passport@1.0.16:
resolution: {integrity: sha512-FD0qD5hbPWQzaM0wHUnJ/T0BBCJBxCeemtnCwc/ThhTg3x9jfrAcRUmj5Dopza+MfFS9acTe3wk7rcVnRIp/0A==}
dependencies:
'@types/express': 4.17.21
dev: true
/@types/qs@6.9.14:
resolution: {integrity: sha512-5khscbd3SwWMhFqylJBLQ0zIu7c1K6Vz0uBIt915BI3zV0q1nfjRQD3RqSBcPaO6PHEF4ov/t9y89fSiyThlPA==}
dev: true
/@types/range-parser@1.2.7:
resolution: {integrity: sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==}
dev: true
/@types/send@0.17.4:
resolution: {integrity: sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==}
dependencies:
'@types/mime': 1.3.5
'@types/node': 20.12.4
dev: true
/@types/serve-static@1.15.7:
resolution: {integrity: sha512-W8Ym+h8nhuRwaKPaDw34QUkwsGi6Rc4yYqvKFo5rm2FUEhCFbzVWrxXUxuKK8TASjWsysJY0nsmNCGhCOIsrOw==}
@ -1478,6 +1439,7 @@ packages:
'@types/http-errors': 2.0.4
'@types/node': 20.12.4
'@types/send': 0.17.4
dev: true
/@types/stack-utils@2.0.3:
resolution: {integrity: sha512-9aEbYZ3TbYMznPdcdr3SmIrLXwC/AKZXQeCf9Pgao5CKb8CyHuEX5jzWPTkvregvhRJHcpRO6BFoGW9ycaOkYw==}
@ -2292,20 +2254,6 @@ packages:
readable-stream: 2.3.8
typedarray: 0.0.6
/connect-typeorm@2.0.0(typeorm@0.3.20):
resolution: {integrity: sha512-0OcbHJkNMTJjSrbcKGljr4PKgRq13Dds7zQq3+8oaf4syQTgGvGv9OgnXo2qg+Bljkh4aJNzIvW74QOVLn8zrw==}
peerDependencies:
typeorm: ^0.3.0
dependencies:
'@types/debug': 0.0.31
'@types/express-session': 1.18.0
debug: 4.3.4
express-session: 1.18.0
typeorm: 0.3.20(pg@8.11.5)(ts-node@10.9.2)
transitivePeerDependencies:
- supports-color
dev: false
/consola@2.15.3:
resolution: {integrity: sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw==}
@ -2334,10 +2282,6 @@ packages:
/cookie-signature@1.0.6:
resolution: {integrity: sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==}
/cookie-signature@1.0.7:
resolution: {integrity: sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==}
dev: false
/cookie@0.4.1:
resolution: {integrity: sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==}
engines: {node: '>= 0.6'}
@ -2765,22 +2709,6 @@ packages:
jest-util: 29.7.0
dev: true
/express-session@1.18.0:
resolution: {integrity: sha512-m93QLWr0ju+rOwApSsyso838LQwgfs44QtOP/WBiwtAgPIo/SAh1a5c6nn2BR6mFNZehTpqKDESzP+fRHVbxwQ==}
engines: {node: '>= 0.8.0'}
dependencies:
cookie: 0.6.0
cookie-signature: 1.0.7
debug: 2.6.9
depd: 2.0.0
on-headers: 1.0.2
parseurl: 1.3.3
safe-buffer: 5.2.1
uid-safe: 2.1.5
transitivePeerDependencies:
- supports-color
dev: false
/express@4.19.2:
resolution: {integrity: sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==}
engines: {node: '>= 0.10.0'}
@ -3296,11 +3224,6 @@ packages:
wrap-ansi: 6.2.0
dev: true
/install@0.13.0:
resolution: {integrity: sha512-zDml/jzr2PKU9I8J/xyZBQn8rPCAY//UOYNmR01XwNwyfhEWObo2SWfSl1+0tm1u6PhxLwDnfsT/6jB7OUxqFA==}
engines: {node: '>= 0.10'}
dev: false
/interpret@1.4.0:
resolution: {integrity: sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==}
engines: {node: '>= 0.10'}
@ -4336,11 +4259,6 @@ packages:
dependencies:
ee-first: 1.1.1
/on-headers@1.0.2:
resolution: {integrity: sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==}
engines: {node: '>= 0.8'}
dev: false
/once@1.4.0:
resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
dependencies:
@ -4461,13 +4379,6 @@ packages:
passport-strategy: 1.0.0
dev: false
/passport-local@1.0.0:
resolution: {integrity: sha512-9wCE6qKznvf9mQYYbgJ3sVOHmCWoUNMVFoZzNoznmISbhnNNPhN9xfY3sLmScHMetEJeoY7CXwfhCe7argfQow==}
engines: {node: '>= 0.4.0'}
dependencies:
passport-strategy: 1.0.0
dev: false
/passport-strategy@1.0.0:
resolution: {integrity: sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==}
engines: {node: '>= 0.4.0'}
@ -4705,11 +4616,6 @@ packages:
resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
dev: true
/random-bytes@1.0.0:
resolution: {integrity: sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==}
engines: {node: '>= 0.8'}
dev: false
/randombytes@2.1.0:
resolution: {integrity: sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==}
dependencies:
@ -5551,13 +5457,6 @@ packages:
engines: {node: '>=14.17'}
hasBin: true
/uid-safe@2.1.5:
resolution: {integrity: sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==}
engines: {node: '>= 0.8'}
dependencies:
random-bytes: 1.0.0
dev: false
/uid@2.0.2:
resolution: {integrity: sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==}
engines: {node: '>=8'}

9
backend/src/app.module.ts
View File

@ -10,9 +10,9 @@ import { CspMiddleware } from './middleware/csp-middleware/csp.middleware';
import { HttpsRedirectMiddleware } from './middleware/https-middlware/https-redirect.middleware';
import { SecurityHeadersMiddleware } from './middleware/security-middleware/security.middleware';
import { AuthModule } from './modules/auth-module/auth.module';
import { AccessTokenGuard } from './modules/auth-module/common/guards';
import { DatabaseModule } from './modules/database-module/database.module';
import { SendgridModule } from './modules/sendgrid-module/sendgrid.module';
import { SessionModule } from './modules/session/session.module';
import { UserModule } from './modules/user-module/user.module';
import { VerifyModule } from './modules/verify-module/verify.module';
@ -27,10 +27,13 @@ import { VerifyModule } from './modules/verify-module/verify.module';
UserModule,
SendgridModule,
VerifyModule,
SessionModule,
],
controllers: [AppController],
providers: [AppService, ClearExpiredSessionsCron],
providers: [
AppService,
{ provide: 'APP_GUARD', useClass: AccessTokenGuard },
ClearExpiredSessionsCron,
],
})
export class AppModule {
public configure(consumer: MiddlewareConsumer): void {

9
backend/src/cron/clear-expired-sesstions.cron.ts
View File

@ -1,6 +1,6 @@
import { Injectable, Logger } from '@nestjs/common';
import { Cron, CronExpression } from '@nestjs/schedule';
import { SessionService } from 'src/modules/session/services/session.service';
import { SessionService } from 'src/modules/auth-module/services/session.service';
@Injectable()
export class ClearExpiredSessionsCron {
@ -8,13 +8,12 @@ export class ClearExpiredSessionsCron {
public constructor(private readonly sessionService: SessionService) {}
@Cron(CronExpression.EVERY_12_HOURS, {
@Cron(CronExpression.EVERY_DAY_AT_MIDNIGHT, {
name: 'Clear-Expired-Sessions',
timeZone: 'Europe/Berlin',
})
public handleCron(): void {
this.logger.log('-Cronjob Executed: Delete-Expired-Sessions-');
this.sessionService.deleteAllExpiredSessions();
this.logger.log('-------------------------------------------');
this.logger.log('Cronjob Executed: Clear-Expired-Sessions');
this.sessionService.clearExpiredSessions();
}
}

33
backend/src/entities/session.entity.ts
View File

@ -1,29 +1,34 @@
import { ISession } from 'connect-typeorm';
import {
Entity,
PrimaryGeneratedColumn,
Column,
ManyToOne,
JoinColumn,
CreateDateColumn,
UpdateDateColumn,
BaseEntity,
Index,
DeleteDateColumn,
PrimaryColumn,
} from 'typeorm';
import { UserCredentials } from './user-credentials.entity';
@Entity()
export class Session extends BaseEntity implements ISession {
@PrimaryColumn('varchar', { length: 255 })
export class Session {
@PrimaryGeneratedColumn('uuid')
public id: string;
@Index()
@Column('bigint')
public expiredAt: number;
@Column()
public sessionId: string;
@Column({ type: 'text' })
public json: string;
@Column({ type: 'timestamp' })
public expiresAt: Date;
@DeleteDateColumn()
public destroyedAt?: Date;
@Column({})
public userAgent: string;
@ManyToOne(() => UserCredentials, (userCredentials) => userCredentials.id, {
nullable: false,
})
@JoinColumn({ name: 'userCredentialsId' })
public userCredentials: UserCredentials['id'];
@CreateDateColumn()
public createdAt: Date;

5
backend/src/entities/user-credentials.entity.ts
View File

@ -15,7 +15,10 @@ export class UserCredentials {
public email: string;
@Column()
public hashedPassword: string;
public hash: string;
@Column({ nullable: true })
public refreshToken?: string;
@CreateDateColumn()
public createdAt: Date;

6
backend/src/entities/user-data.entity.ts
View File

@ -18,9 +18,9 @@ export class UserData {
@Column({ default: false })
public isEmailConfirmed: boolean;
@OneToOne(() => UserCredentials, { eager: true }) // eager: true lädt UserCredentials automatisch, wenn Sie UserData laden
@JoinColumn() // Diese Dekoration sagt TypeORM, welche Spalte der Fremdschlüssel ist
public userCredentials: UserCredentials;
@OneToOne(() => UserCredentials)
@JoinColumn({ name: 'userCredentialsId' })
public user: UserCredentials;
@CreateDateColumn()
public createdAt: Date;

8
backend/src/main.ts
View File

@ -7,7 +7,6 @@ import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
import * as cookieParser from 'cookie-parser';
import { AppModule } from './app.module';
import { SessionInitService } from './modules/session/services';
async function setupSwagger(app: INestApplication): Promise<void> {
const config = new DocumentBuilder()
@ -32,12 +31,6 @@ async function setupSwagger(app: INestApplication): Promise<void> {
);
}
async function setupSessions(app: INestApplication): Promise<void> {
const sessionService = app.get(SessionInitService);
app.use(sessionService.initSession());
}
async function setupCookieParser(app: INestApplication): Promise<void> {
app.use(cookieParser());
}
@ -57,7 +50,6 @@ async function bootstrap(): Promise<void> {
await setupSwagger(app);
await setupPrefix(app);
await setupClassValidator(app);
await setupSessions(app);
await app.listen(3000);
}
bootstrap();

1
backend/src/middleware/cors-middleware/cors.middlware.ts
View File

@ -14,7 +14,6 @@ export class CorsMiddleware implements NestMiddleware {
const requestOrigin = req.headers.origin;
if (!requestOrigin || allowedOrigins.includes(requestOrigin)) {
res.header('Access-Control-Allow-Credentials', 'true');
res.header('Access-Control-Allow-Origin', requestOrigin || '*');
res.header(
'Access-Control-Allow-Methods',

1
backend/src/middleware/csp-middleware/csp.middleware.ts
View File

@ -12,7 +12,6 @@ export class CspMiddleware implements NestMiddleware {
if (cspDirectives) {
res.setHeader('Content-Security-Policy', cspDirectives);
}
next();
}
}

27
backend/src/modules/auth-module/auth.module.ts
View File

@ -1,31 +1,38 @@
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { PassportModule } from '@nestjs/passport';
import { TypeOrmModule } from '@nestjs/typeorm';
import { UserCredentials } from 'src/entities';
import { Session, UserCredentials } from 'src/entities';
import { SendgridModule } from '../sendgrid-module/sendgrid.module';
import { SessionModule } from '../session/session.module';
import { UserModule } from '../user-module/user.module';
import { VerifyModule } from '../verify-module/verify.module';
import { AuthController } from './controller/auth.controller';
import { SessionRepository } from './repositories/session.repository';
import { UserCredentialsRepository } from './repositories/user-credentials.repository';
import { AuthService } from './services/auth.service';
import { LocalStrategy } from './strategies/local.strategy';
import { SessionService } from './services/session.service';
import { TokenManagementService } from './services/token-management.service';
import { AccessTokenStrategy, RefreshTokenStrategy } from './strategies';
@Module({
imports: [
JwtModule.register({}),
TypeOrmModule.forFeature([UserCredentials]),
PassportModule,
SessionModule,
UserModule,
SendgridModule,
VerifyModule,
JwtModule.register({}),
TypeOrmModule.forFeature([UserCredentials, Session]),
],
providers: [
AuthService,
SessionService,
TokenManagementService,
UserCredentialsRepository,
SessionRepository,
AccessTokenStrategy,
RefreshTokenStrategy,
],
providers: [AuthService, UserCredentialsRepository, LocalStrategy],
controllers: [AuthController],
exports: [],
exports: [SessionService],
})
export class AuthModule {}

11
backend/src/modules/auth-module/common/decorators/get-user-id.decorator.ts Normal file
View File

@ -0,0 +1,11 @@
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { JwtPayload } from 'src/modules/auth-module/models/types';
export const GetCurrentUserId = createParamDecorator(
(_: undefined, context: ExecutionContext): number => {
const request = context.switchToHttp().getRequest();
const user = request.user as JwtPayload;
return user.sub;
}
);

13
backend/src/modules/auth-module/common/decorators/get-user.decorator.ts Normal file
View File

@ -0,0 +1,13 @@
//import { JwtPayloadWithRefreshToken } from 'src/modules/auth-module/models/types';
// export const GetCurrentUser = createParamDecorator(
// (
// data: keyof JwtPayloadWithRefreshToken | undefined,
// context: ExecutionContext
// ) => {
// const request = context.switchToHttp().getRequest();
// if (!data) return request.user;
// return request.user[data];
// }
// );

2
backend/src/modules/auth-module/common/decorators/index.ts
View File

@ -0,0 +1,2 @@
export * from './get-user-id.decorator';
// export * from './get-user.decorator';

28
backend/src/modules/auth-module/common/guards/access-token.guard.ts Normal file
View File

@ -0,0 +1,28 @@
import { Injectable, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { AuthGuard } from '@nestjs/passport';
import { Observable } from 'rxjs';
@Injectable()
export class AccessTokenGuard extends AuthGuard('jwt-access-token') {
public constructor(private readonly reflector: Reflector) {
super();
}
public canActivate(
context: ExecutionContext
): boolean | Promise<boolean> | Observable<boolean> {
// Check if the current route is marked as public
const isPublic = this.reflector.getAllAndOverride<boolean>('isPublic', [
context.getHandler(),
context.getClass(),
]);
// Allow access if the route is public, otherwise defer to the standard JWT authentication mechanism
if (isPublic) {
return true;
}
return super.canActivate(context);
}
}

2
backend/src/modules/auth-module/common/guards/index.ts Normal file
View File

@ -0,0 +1,2 @@
export * from './access-token.guard';
export * from './refresh-token.guard';

7
backend/src/modules/auth-module/common/guards/refresh-token.guard.ts Normal file
View File

@ -0,0 +1,7 @@
import { AuthGuard } from '@nestjs/passport';
export class RefreshTokenGuard extends AuthGuard('jwt-refresh-token') {
public constructor() {
super();
}
}

62
backend/src/modules/auth-module/controller/auth.controller.ts
View File

@ -1,21 +1,22 @@
import {
Controller,
Post,
Get,
Body,
HttpCode,
HttpStatus,
Res,
Req,
UseGuards,
} from '@nestjs/common';
import { ApiBody, ApiCreatedResponse, ApiTags } from '@nestjs/swagger';
import { Request } from 'express';
import { SessionGuard } from 'src/modules/session/guard';
import { SuccessDto } from 'src/shared';
import { ApiCreatedResponse, ApiTags } from '@nestjs/swagger';
import { Response, Request } from 'express';
import { Public } from 'src/shared/decorator';
import { LocalAuthGuard } from '../guard';
import { SigninResponseDto, UserCredentialsDto } from '../models/dto';
import { GetCurrentUserId } from '../common/decorators';
import {
AccessTokenDto,
LoginResponseDto,
UserCredentialsDto,
} from '../models/dto';
import { AuthService } from '../services/auth.service';
@ApiTags('Authentication')
@ -25,53 +26,50 @@ export class AuthController {
@ApiCreatedResponse({
description: 'User signed up successfully',
type: SuccessDto,
type: LoginResponseDto,
})
@Public()
@Post('signup')
@HttpCode(HttpStatus.CREATED)
@Public()
public async signup(
@Body() userCredentials: UserCredentialsDto
): Promise<SuccessDto> {
): Promise<LoginResponseDto> {
return this.authService.signup(userCredentials);
}
@ApiCreatedResponse({
description: 'User signin successfully',
type: SigninResponseDto,
type: LoginResponseDto,
})
@ApiBody({ type: UserCredentialsDto })
@HttpCode(HttpStatus.OK)
@UseGuards(LocalAuthGuard)
@Public()
@Post('signin')
public async signin(@Req() request: Request): Promise<SigninResponseDto> {
return this.authService.getLoginResponse(
request.user as SigninResponseDto & { userAgent: string }
);
public async signin(
@Res({ passthrough: true }) response: Response,
@Req() request: Request,
@Body() userCredentials: UserCredentialsDto
): Promise<LoginResponseDto> {
return await this.authService.signin(userCredentials, response, request);
}
@ApiCreatedResponse({
description: 'User signed out',
description: 'User tokens refreshed successfully',
type: AccessTokenDto,
})
@HttpCode(HttpStatus.OK)
@UseGuards(SessionGuard)
@Post('signout')
public async signout(@Req() request: Request): Promise<SuccessDto> {
return this.authService.signout(request.sessionID);
@Public()
@Post('refresh')
public async refreshToken(@Req() request: Request): Promise<AccessTokenDto> {
return await this.authService.refresh(request);
}
@ApiCreatedResponse({
description: 'Check if user is authenticated',
type: SuccessDto,
description: 'User signed out successfully',
type: Boolean,
})
@HttpCode(HttpStatus.OK)
@UseGuards(SessionGuard)
@Get('status')
public status(@Req() request: Request): Promise<SuccessDto> {
return this.authService.checkAuthStatus(
request.sessionID,
request.headers['user-agent']
);
@Post('logout')
public async logout(@GetCurrentUserId() userId: string): Promise<boolean> {
return this.authService.logout(userId);
}
}

1
backend/src/modules/auth-module/guard/index.ts
View File

@ -1 +0,0 @@
export * from './local.auth.guard';

19
backend/src/modules/auth-module/guard/local.auth.guard.ts
View File

@ -1,19 +0,0 @@
import { ExecutionContext, Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { SessionService } from 'src/modules/session/services/session.service';
@Injectable()
export class LocalAuthGuard extends AuthGuard('local') {
public constructor(private readonly sessionService: SessionService) {
super();
}
public async canActivate(context: ExecutionContext): Promise<boolean> {
const result = (await super.canActivate(context)) as boolean;
const request = context.switchToHttp().getRequest();
await super.logIn(request);
await this.sessionService.enforceSessionLimit(request.user.id);
return result;
}
}

13
backend/src/modules/auth-module/models/dto/access-token.dto.ts Normal file
View File

@ -0,0 +1,13 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsNotEmpty, IsString } from 'class-validator';
export class AccessTokenDto {
@ApiProperty({
title: 'Access token',
description: 'Access token',
example: 'eyJhbGci',
})
@IsNotEmpty()
@IsString()
public access_token: string;
}

3
backend/src/modules/auth-module/models/dto/index.ts
View File

@ -1,2 +1,3 @@
export * from './user-credentials.dto';
export * from './signin-response.dto';
export * from './login-response.dto';
export * from './access-token.dto';

13
backend/src/modules/auth-module/models/dto/signin-response.dto.ts → backend/src/modules/auth-module/models/dto/login-response.dto.ts
View File

@ -1,7 +1,16 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
export class SigninResponseDto {
export class LoginResponseDto {
@ApiProperty({
title: 'Access token',
description: 'Access token',
example: 'eyJhbGci',
})
@IsNotEmpty()
@IsString()
public access_token: string;
@ApiProperty({
title: 'Email',
description: 'User Email',
@ -19,5 +28,5 @@ export class SigninResponseDto {
@IsNotEmpty()
@IsString()
@IsEmail()
public id: string;
public userId: string;
}

4
backend/src/modules/auth-module/models/types/index.ts
View File

@ -0,0 +1,4 @@
export * from './jwt-payload.type';
// export * from './jwt-payload-with-refresh-token.type';
export * from './token-payload.type';
export * from './tokens.type';

3
backend/src/modules/auth-module/models/types/jwt-payload-with-refresh-token.type.ts Normal file
View File

@ -0,0 +1,3 @@
// import { JwtPayload } from './jwt-payload.type';
// export type JwtPayloadWithRefreshToken = JwtPayload & { refresh_token: string };

4
backend/src/modules/auth-module/models/types/jwt-payload.type.ts Normal file
View File

@ -0,0 +1,4 @@
export type JwtPayload = {
email: string;
sub: number;
};

6
backend/src/modules/auth-module/models/types/token-payload.type.ts Normal file
View File

@ -0,0 +1,6 @@
export type TokenPayload = {
sub: string;
email: string;
iat: number;
exp: number;
};

4
backend/src/modules/auth-module/models/types/tokens.type.ts Normal file
View File

@ -0,0 +1,4 @@
export type Tokens = {
access_token: string;
refresh_token: string;
};

96
backend/src/modules/auth-module/repositories/session.repository.ts Normal file
View File

@ -0,0 +1,96 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Response } from 'express';
import { Session } from 'src/entities';
import { DeleteResult, Repository } from 'typeorm';
import { LessThan } from 'typeorm';
import { v4 as uuidv4 } from 'uuid';
@Injectable()
export class SessionRepository {
public constructor(
@InjectRepository(Session) private sessionRepository: Repository<Session>
) {}
public createSession(userId: string, userAgent: string): Promise<Session> {
const sessionId = uuidv4();
const expirationDate = new Date();
expirationDate.setHours(expirationDate.getHours() + 1);
const session = this.sessionRepository.create({
userCredentials: userId,
sessionId,
expiresAt: expirationDate,
userAgent,
});
return this.sessionRepository.save(session);
}
public findSessionBySessionId(sessionId: string): Promise<Session> {
return this.sessionRepository.findOne({
where: { sessionId },
relations: ['userCredentials'],
});
}
public attachSessionToResponse(response: Response, sessionId: string): void {
response.cookie('session_id', sessionId, {
httpOnly: true,
secure: true,
sameSite: 'strict',
});
}
public validateSessionUserAgent(
sessionId: string,
currentUserAgent: string
): Promise<boolean> {
return this.sessionRepository
.findOne({
where: { sessionId },
select: ['userAgent'],
})
.then((session) =>
session ? session.userAgent === currentUserAgent : false
);
}
public checkSessionLimit(userId: string): Promise<DeleteResult> {
return this.sessionRepository
.createQueryBuilder('session')
.leftJoinAndSelect('session.userCredentials', 'userCredentials')
.where('userCredentials.id = :userId', { userId })
.orderBy('session.expiresAt', 'ASC')
.getMany()
.then((userSessions) => {
if (userSessions.length >= 5) {
return this.sessionRepository.delete(userSessions[0].id);
}
});
}
public invalidateAllSessionsForUser(userId: string): Promise<DeleteResult> {
return this.sessionRepository.delete({ userCredentials: userId });
}
public extendSessionExpiration(sessionId: string): Promise<Session> {
return this.sessionRepository
.findOne({ where: { sessionId } })
.then((session) => {
if (session) {
session.expiresAt = new Date(
session.expiresAt.setMinutes(session.expiresAt.getMinutes() + 30)
);
return this.sessionRepository.save(session);
}
});
}
public clearExpiredSessions(): Promise<DeleteResult> {
const now = new Date();
return this.sessionRepository.delete({ expiresAt: LessThan(now) });
}
}

13
backend/src/modules/auth-module/repositories/user-credentials.repository.ts
View File

@ -12,9 +12,9 @@ export class UserCredentialsRepository {
public async createUser(
email: string,
hashedPassword: string
hash: string
): Promise<UserCredentials> {
const user = this.repository.create({ email, hashedPassword });
const user = this.repository.create({ email, hash });
return this.repository.save(user);
}
@ -30,4 +30,13 @@ export class UserCredentialsRepository {
): Promise<UserCredentials | undefined> {
return this.repository.findOne({ where: { id: userId } });
}
public async updateUserRefreshToken(
userId: string,
refreshToken: string | null
): Promise<number> {
const result = await this.repository.update(userId, { refreshToken });
return result.affected ?? 0;
}
}

270
backend/src/modules/auth-module/services/auth.service.ts
View File

@ -1,25 +1,28 @@
import {
ConflictException,
ForbiddenException,
HttpException,
HttpStatus,
Injectable,
} from '@nestjs/common';
import { UserCredentials } from 'src/entities';
import { SessionService } from 'src/modules/session/services/session.service';
import { EncryptionService, SuccessDto } from 'src/shared';
import { ForbiddenException, Injectable } from '@nestjs/common';
import { Response, Request } from 'express';
import { Session } from 'src/entities';
import { EncryptionService } from 'src/shared';
import { PasswordConfirmationMailService } from '../../sendgrid-module/services/password-confirmation.mail.service';
import { UserDataRepository } from '../../user-module/repositories/user-data.repository';
import { EmailVerificationService } from '../../verify-module/services/email-verification.service';
import { SigninResponseDto, UserCredentialsDto } from '../models/dto';
import {
AccessTokenDto,
LoginResponseDto,
UserCredentialsDto,
} from '../models/dto';
import { TokenPayload } from '../models/types';
import { UserCredentialsRepository } from '../repositories/user-credentials.repository';
import { SessionService } from './session.service';
import { TokenManagementService } from './token-management.service';
@Injectable()
export class AuthService {
public constructor(
private readonly userCredentialsRepository: UserCredentialsRepository,
private readonly userDataRepository: UserDataRepository,
private readonly tokenManagementService: TokenManagementService,
private readonly passwordConfirmationMailService: PasswordConfirmationMailService,
private readonly emailVerificationService: EmailVerificationService,
private readonly sessionService: SessionService
@ -27,134 +30,151 @@ export class AuthService {
public async signup(
userCredentials: UserCredentialsDto
): Promise<SuccessDto> {
try {
const existingUser = await this.userCredentialsRepository.findUserByEmail(
userCredentials.email
): Promise<LoginResponseDto> {
const passwordHashed = await EncryptionService.hashData(
userCredentials.password
);
const user = await this.userCredentialsRepository.createUser(
userCredentials.email,
passwordHashed
);
await this.userDataRepository.createInitialUserData(user);
const token =
await this.emailVerificationService.generateEmailVerificationToken(
user.id
);
if (existingUser) {
throw new ConflictException('User already exists');
}
await this.passwordConfirmationMailService.sendPasswordConfirmationMail(
user.email,
token
);
const passwordHashed = await EncryptionService.hashData(
userCredentials.password
);
const user = await this.userCredentialsRepository.createUser(
userCredentials.email,
passwordHashed
);
await this.userDataRepository.createInitialUserData(user);
const token =
await this.emailVerificationService.generateEmailVerificationToken(
user.id
);
await this.passwordConfirmationMailService.sendPasswordConfirmationMail(
user.email,
token
);
return {
success: true,
};
} catch (error) {
if (error instanceof ConflictException) {
throw new ConflictException(
'User already exists. Please try to login instead.'
);
} else {
throw new HttpException(
'Error while signing up',
HttpStatus.INTERNAL_SERVER_ERROR
);
}
}
return this.generateAndPersistTokens(user.id, user.email);
}
public async validateUser(
public async signin(
userCredentials: UserCredentialsDto,
response: Response,
request: Request
): Promise<LoginResponseDto> {
const user = await this.userCredentialsRepository.findUserByEmail(
userCredentials.email
);
if (!user) {
throw new ForbiddenException('Access Denied');
}
const passwordMatch = await EncryptionService.compareHash(
userCredentials.password,
user.hash
);
if (!passwordMatch) {
throw new ForbiddenException('Access Denied');
}
await this.sessionService.checkSessionLimit(user.id);
const sesseionId = await this.sessionService.createSession(
user.id,
request.headers['user-agent']
);
this.sessionService.attachSessionToResponse(response, sesseionId.sessionId);
return this.generateAndPersistTokens(user.id, user.email, true);
}
public async logout(userId: string): Promise<boolean> {
const affected =
await this.userCredentialsRepository.updateUserRefreshToken(userId, null);
await this.sessionService.invalidateAllSessionsForUser(userId);
return affected > 0;
}
public async refresh(request: Request): Promise<AccessTokenDto> {
const sessionId = request.cookies['session_id'];
if (!sessionId) {
throw new ForbiddenException('Session ID missing');
}
const session: Session =
await this.sessionService.findSessionBySessionId(sessionId);
if (!session) {
throw new ForbiddenException('Invalid session');
}
const isUserAgentValid = await this.sessionService.validateSessionUserAgent(
sessionId,
request.headers['user-agent']
);
if (!isUserAgentValid) {
throw new ForbiddenException('Invalid session - User agent mismatch');
}
await this.sessionService.extendSessionExpiration(sessionId);
const decodedToken: TokenPayload = await this.validateRefreshToken(
session.userCredentials['id']
);
const newTokens = await this.generateAndPersistTokens(
decodedToken.sub,
decodedToken.email,
false
);
return { access_token: newTokens.access_token };
}
private async generateAndPersistTokens(
userId: string,
email: string,
password: string
): Promise<UserCredentials> {
try {
const user = await this.userCredentialsRepository.findUserByEmail(email);
updateRefreshToken: boolean = false
): Promise<LoginResponseDto> {
const tokens = await this.tokenManagementService.generateTokens(
userId,
email
);
if (!user) {
throw new ForbiddenException('Access Denied');
}
const passwordMatch = await EncryptionService.compareHash(
password,
user.hashedPassword
);
if (!passwordMatch) {
throw new ForbiddenException('Access Denied');
}
return user;
} catch (error) {
if (error instanceof ForbiddenException) {
throw new ForbiddenException(
'E-Mail address or password is incorrect. Please try again.'
);
} else {
throw new HttpException(
'Error while validating user credentials',
HttpStatus.INTERNAL_SERVER_ERROR
);
}
}
}
public async signout(sessionId: string): Promise<{ success: boolean }> {
try {
this.sessionService.deleteSessionBySessionId(sessionId);
return { success: true };
} catch (error) {
throw new HttpException(
'Fehler beim Logout',
HttpStatus.INTERNAL_SERVER_ERROR
if (updateRefreshToken) {
await this.userCredentialsRepository.updateUserRefreshToken(
userId,
tokens.refresh_token
);
}
return { access_token: tokens.access_token, email: email, userId: userId };
}
public async checkAuthStatus(
sessionId: string,
userAgend: string
): Promise<SuccessDto> {
try {
const session =
await this.sessionService.findSessionBySessionId(sessionId);
private async validateRefreshToken(userId: string): Promise<TokenPayload> {
const user = await this.userCredentialsRepository.findUserById(userId);
if (!session) {
throw new ForbiddenException('Session not found');
}
const userAgendFromSession = JSON.parse(session.json).passport.user
.userAgent;
if (userAgendFromSession !== userAgend) {
throw new ForbiddenException('User-Agent does not match');
}
return { success: true };
} catch (error) {
throw new HttpException(
'Error while checking auth status',
HttpStatus.INTERNAL_SERVER_ERROR
);
if (!user || !user.refreshToken) {
throw new Error('No refresh token found');
}
}
public getLoginResponse(
user: SigninResponseDto & { userAgent: string }
): SigninResponseDto {
const { id, email }: SigninResponseDto = user;
const responseData: SigninResponseDto = { id, email };
const decodedToken = await this.tokenManagementService.verifyRefreshToken(
user.refreshToken
);
return responseData;
if (decodedToken.exp < Date.now() / 1000) {
throw new Error('Token expired');
}
if (decodedToken.sub !== user.id) {
throw new Error('Token subject mismatch');
}
return decodedToken;
}
}

49
backend/src/modules/auth-module/services/session.service.ts Normal file
View File

@ -0,0 +1,49 @@
import { Injectable } from '@nestjs/common';
import { Response } from 'express';
import { Session } from 'src/entities';
import { DeleteResult } from 'typeorm';
import { SessionRepository } from '../repositories/session.repository';
@Injectable()
export class SessionService {
public constructor(private readonly sessionRepository: SessionRepository) {}
public createSession(userId: string, userAgent: string): Promise<Session> {
return this.sessionRepository.createSession(userId, userAgent);
}
public validateSessionUserAgent(
sessionId: string,
currentUserAgent: string
): Promise<boolean> {
return this.sessionRepository.validateSessionUserAgent(
sessionId,
currentUserAgent
);
}
public checkSessionLimit(userId: string): Promise<DeleteResult> {
return this.sessionRepository.checkSessionLimit(userId);
}
public invalidateAllSessionsForUser(userId: string): Promise<DeleteResult> {
return this.sessionRepository.invalidateAllSessionsForUser(userId);
}
public clearExpiredSessions(): Promise<DeleteResult> {
return this.sessionRepository.clearExpiredSessions();
}
public extendSessionExpiration(sessionId: string): Promise<Session> {
return this.sessionRepository.extendSessionExpiration(sessionId);
}
public findSessionBySessionId(sessionId: string): Promise<Session> {
return this.sessionRepository.findSessionBySessionId(sessionId);
}
public attachSessionToResponse(response: Response, sessionId: string): void {
this.sessionRepository.attachSessionToResponse(response, sessionId);
}
}

66
backend/src/modules/auth-module/services/token-management.service.ts Normal file
View File

@ -0,0 +1,66 @@
import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { JwtService } from '@nestjs/jwt';
import { TokenPayload, Tokens } from '../models/types';
@Injectable()
export class TokenManagementService {
private readonly ACCESS_TOKEN_EXPIRY: string;
private readonly REFRESH_TOKEN_EXPIRY: string;
private readonly JWT_SECRET_AT: string;
private readonly JWT_SECRET_RT: string;
public constructor(
private readonly jwt: JwtService,
private readonly configService: ConfigService
) {
this.ACCESS_TOKEN_EXPIRY = this.configService.get<string>(
'ACCESS_TOKEN_EXPIRY'
);
this.REFRESH_TOKEN_EXPIRY = this.configService.get<string>(
'REFRESH_TOKEN_EXPIRY'
);
this.JWT_SECRET_AT = this.configService.get<string>('JWT_SECRET_AT');
this.JWT_SECRET_RT = this.configService.get<string>('JWT_SECRET_RT');
}
public async generateTokens(userId: string, email: string): Promise<Tokens> {
const access_token: string = await this.createAccessToken(userId, email);
const refresh_token: string = await this.createRefreshToken(userId, email);
return { access_token, refresh_token };
}
public async verifyRefreshToken(token: string): Promise<TokenPayload> {
return this.jwt.verifyAsync(token, {
secret: this.JWT_SECRET_RT,
});
}
private async createAccessToken(
userId: string,
email: string
): Promise<string> {
return this.jwt.signAsync(
{ sub: userId, email },
{
expiresIn: this.ACCESS_TOKEN_EXPIRY,
secret: this.JWT_SECRET_AT,
}
);
}
private async createRefreshToken(
userId: string,
email: string
): Promise<string> {
return this.jwt.signAsync(
{ sub: userId, email },
{
expiresIn: this.REFRESH_TOKEN_EXPIRY,
secret: this.JWT_SECRET_RT,
}
);
}
}

27
backend/src/modules/auth-module/strategies/access-token.strategie.ts Normal file
View File

@ -0,0 +1,27 @@
import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, ExtractJwt } from 'passport-jwt';
import { JwtPayload } from '../models/types';
@Injectable()
export class AccessTokenStrategy extends PassportStrategy(
Strategy,
'jwt-access-token'
) {
public constructor(private readonly configService: ConfigService) {
super(AccessTokenStrategy.getJwtConfig(configService));
}
private static getJwtConfig(configService: ConfigService): any {
return {
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: configService.get<string>('JWT_SECRET_AT'),
};
}
public async validate(payload: JwtPayload): Promise<JwtPayload> {
return payload;
}
}

2
backend/src/modules/auth-module/strategies/index.ts
View File

@ -0,0 +1,2 @@
export * from './access-token.strategie';
export * from './refresh-token.strategie';

34
backend/src/modules/auth-module/strategies/local.strategy.ts
View File

@ -1,34 +0,0 @@
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Request } from 'express';
import { Strategy } from 'passport-local';
import { SigninResponseDto } from '../models/dto';
import { AuthService } from '../services/auth.service';
@Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
public constructor(private readonly authService: AuthService) {
super({
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true,
});
}
public async validate(
request: Request,
email: string,
password: string
): Promise<SigninResponseDto & { userAgent: string }> {
const user = await this.authService.validateUser(email, password);
if (!user) {
throw new UnauthorizedException();
}
const userAgent = request.headers['user-agent'];
return { id: user.id, email: user.email, userAgent: userAgent };
}
}

39
backend/src/modules/auth-module/strategies/refresh-token.strategie.ts Normal file
View File

@ -0,0 +1,39 @@
import { Injectable, ForbiddenException } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { PassportStrategy } from '@nestjs/passport';
import { Request } from 'express';
import { Strategy, ExtractJwt } from 'passport-jwt';
@Injectable()
export class RefreshTokenStrategy extends PassportStrategy(
Strategy,
'jwt-refresh-token'
) {
public constructor(private readonly configService: ConfigService) {
super(RefreshTokenStrategy.createJwtStrategyOptions(configService));
}
private static createJwtStrategyOptions(configService: ConfigService): any {
return {
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: configService.get<string>('JWT_SECRET_RT'),
passReqToCallback: true,
};
}
public async validate(req: Request, payload: any) {
const refresh_token: string = req
?.get('authorization')
?.replace('Bearer', '')
.trim();
if (!refresh_token) {
throw new ForbiddenException('Refresh token malformed');
}
return {
...payload,
refresh_token,
};
}
}

1
backend/src/modules/session/guard/index.ts
View File

@ -1 +0,0 @@
export * from './session.guard';

40
backend/src/modules/session/guard/session.guard.ts
View File

@ -1,40 +0,0 @@
import {
CanActivate,
ExecutionContext,
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { SessionService } from '../services/session.service';
@Injectable()
export class SessionGuard implements CanActivate {
public constructor(private readonly sessionService: SessionService) {}
public async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest();
const sessionId = request.session.id;
const currentAgent = request.headers['user-agent'];
const session = await this.sessionService.findSessionBySessionId(sessionId);
if (!session) {
throw new UnauthorizedException('Session not found.');
}
const isExpired = await this.sessionService.isSessioExpired(session);
if (isExpired) {
throw new UnauthorizedException('Session expired.');
}
const userAgentInSession = JSON.parse(session.json).passport.user
.userAgent as string;
if (userAgentInSession !== currentAgent) {
throw new UnauthorizedException('User agent mismatch.');
}
return true;
}
}

79
backend/src/modules/session/repository/session.repository.ts
View File

@ -1,79 +0,0 @@
import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { InjectRepository } from '@nestjs/typeorm';
import { Session } from 'src/entities';
import { Repository } from 'typeorm';
@Injectable()
export class SessionRepository {
public constructor(
@InjectRepository(Session)
private readonly repository: Repository<Session>,
private readonly configService: ConfigService
) {}
public async findSessionsByUserId(userId: string): Promise<Session[]> {
return await this.repository
.createQueryBuilder('session')
.withDeleted()
.where('session.json ::jsonb @> :jsonFilter', {
jsonFilter: { passport: { user: { id: userId } } },
})
.getMany();
}
public async findSessionBySessionId(
sessionId: string
): Promise<Session | null> {
return this.repository.findOne({ where: { id: sessionId } });
}
public async deleteAllExpiredSessions(): Promise<void> {
const currentTime = Date.now();
await this.repository
.createQueryBuilder()
.delete()
.from(Session)
.where('expiredAt < :currentTime', { currentTime })
.execute();
}
public async deleteAllSessionsForUser(userId: string): Promise<void> {
await this.repository
.createQueryBuilder('session')
.delete()
.where('session.json ::jsonb @> :jsonFilter', {
jsonFilter: { passport: { user: { id: userId } } },
});
}
public async isSessionExpired(session: Session): Promise<boolean> {
return session.expiredAt < Date.now();
}
public async deleteSessionBySessionId(sessionId: string): Promise<void> {
await this.repository.delete(sessionId);
}
public async enforceSessionLimit(userId: string): Promise<void> {
const sessionLimit = this.configService.get<number>('SESSION_LIMIT');
const sessions = await this.repository
.createQueryBuilder('session')
.withDeleted()
.where('session.json ::jsonb @> :jsonFilter', {
jsonFilter: { passport: { user: { id: userId } } },
})
.orderBy('session.expiredAt', 'ASC')
.getMany();
if (sessions.length > sessionLimit) {
const sessionsToDelete = sessions.slice(
0,
sessions.length - sessionLimit
);
await this.repository.remove(sessionsToDelete);
}
}
}

2
backend/src/modules/session/services/index.ts
View File

@ -1,2 +0,0 @@
export * from './session-init.service';
export * from './session-serializer.service';

41
backend/src/modules/session/services/session-init.service.ts
View File

@ -1,41 +0,0 @@
import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { TypeormStore } from 'connect-typeorm';
import { RequestHandler } from 'express';
import * as session from 'express-session';
import { Session } from 'src/entities';
import { DataSource } from 'typeorm';
@Injectable()
export class SessionInitService {
public constructor(
private readonly dataSource: DataSource,
private readonly configService: ConfigService
) {}
public initSession(): RequestHandler<unknown> {
return session({
secret: [this.configService.get<string>('SESSION_SECRET')],
resave: false,
saveUninitialized: false,
store: new TypeormStore({
cleanupLimit: 2,
limitSubquery: false,
ttl: 86400,
}).connect(this.dataSource.getRepository(Session)),
cookie: {
maxAge: 86400000,
httpOnly: true,
secure:
this.configService.get<string>('NODE_ENV') === 'development'
? false
: true,
sameSite:
this.configService.get<string>('NODE_ENV') === 'development'
? 'strict'
: 'none',
},
});
}
}

20
backend/src/modules/session/services/session-serializer.service.ts
View File

@ -1,20 +0,0 @@
import { Injectable } from '@nestjs/common';
import { PassportSerializer } from '@nestjs/passport';
import { UserCredentials } from 'src/entities';
@Injectable()
export class SessionSerializerService extends PassportSerializer {
public serializeUser(
user: UserCredentials & { userAgent: string },
done: (err: Error, user: any) => void
): void {
done(null, { id: user.id, userAgent: user.userAgent });
}
public deserializeUser(
payload: any,
done: (err: Error, payload: string) => void
): void {
done(null, payload);
}
}

51
backend/src/modules/session/services/session.service.ts
View File

@ -1,51 +0,0 @@
import { Injectable } from '@nestjs/common';
import { Session } from 'src/entities';
import { UriEncoderService } from 'src/shared';
import { SessionRepository } from '../repository/session.repository';
@Injectable()
export class SessionService {
public constructor(private readonly sessionRepository: SessionRepository) {}
public async enforceSessionLimit(userId: string): Promise<void> {
return this.sessionRepository.enforceSessionLimit(userId);
}
public async deleteAllExpiredSessions(): Promise<void> {
return this.sessionRepository.deleteAllExpiredSessions();
}
public async findSessionsByUserId(userId: string): Promise<Session[]> {
return this.sessionRepository.findSessionsByUserId(userId);
}
public async isSessioExpired(session: Session): Promise<boolean> {
return this.sessionRepository.isSessionExpired(session);
}
public async deleteSessionBySessionId(sessionId: string): Promise<void> {
return this.sessionRepository.deleteSessionBySessionId(sessionId);
}
public async findSessionBySessionId(
sessionId: string
): Promise<Session | null> {
return this.sessionRepository.findSessionBySessionId(sessionId);
}
private extractSessionIdFromCookie(cookie: string): string | null {
try {
const decodedCookie = UriEncoderService.decodeUri(cookie);
const sessionIdPart = decodedCookie.split('.')[0];
if (sessionIdPart.startsWith('s:')) {
return sessionIdPart.substring(2);
}
return null;
} catch (error) {
console.error('Fehler beim Extrahieren der Session-ID:', error);
return null;
}
}
}

22
backend/src/modules/session/session.module.ts
View File

@ -1,22 +0,0 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { Session } from 'src/entities';
import { SessionGuard } from './guard';
import { SessionRepository } from './repository/session.repository';
import { SessionInitService, SessionSerializerService } from './services';
import { SessionService } from './services/session.service';
@Module({
imports: [TypeOrmModule.forFeature([Session])],
providers: [
SessionInitService,
SessionSerializerService,
SessionRepository,
SessionGuard,
SessionService,
],
controllers: [],
exports: [SessionService, SessionGuard],
})
export class SessionModule {}

14
backend/src/modules/user-module/repositories/user-data.repository.ts
View File

@ -15,16 +15,16 @@ export class UserDataRepository {
): Promise<UserData> {
const userData = new UserData();
userData.userCredentials = userCredentials;
userData.user = userCredentials;
userData.isEmailConfirmed = false;
return this.repository.save(userData);
}
// public async updateEmailVerificationStatus(userId: string): Promise<void> {
// await this.repository.update(
// { user: { id: userId } },
// { isEmailConfirmed: true }
// );
// }
public async updateEmailVerificationStatus(userId: string): Promise<void> {
await this.repository.update(
{ user: { id: userId } },
{ isEmailConfirmed: true }
);
}
}

6
backend/src/modules/verify-module/services/email-verification.service.ts
View File

@ -42,9 +42,9 @@ export class EmailVerificationService {
await this.deleteEmailVerificationToken(tokenToVerify);
if (emailVerification && emailVerification.user) {
// await this.userDataRepository.updateEmailVerificationStatus(
// emailVerification.user.id
// );
await this.userDataRepository.updateEmailVerificationStatus(
emailVerification.user.id
);
return true;
} else {
return false;

1
backend/src/shared/index.ts
View File

@ -1,3 +1,2 @@
export * from './utils/index';
export * from './decorator/index';
export * from './models/index';

1
backend/src/shared/models/dto/index.ts
View File

@ -1 +0,0 @@
export * from './success.dto';

11
backend/src/shared/models/dto/success.dto.ts
View File

@ -1,11 +0,0 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsBoolean } from 'class-validator';
export class SuccessDto {
@ApiProperty({
description: 'Success status',
type: Boolean,
})
@IsBoolean()
public success: boolean;
}

1
backend/src/shared/models/index.ts
View File

@ -1 +0,0 @@
export * from './dto/index';

27
frontend/src/app/app.component.ts
View File

@ -1,6 +1,7 @@
import { Component } from '@angular/core';
import { RouterOutlet } from '@angular/router';
import { Component, OnInit } from '@angular/core';
import { RouterOutlet, Router } from '@angular/router';
import { AuthService } from './shared/service';
@Component({
selector: 'app-root',
standalone: true,
@ -9,6 +10,24 @@ import { RouterOutlet } from '@angular/router';
templateUrl: './app.component.html',
styleUrl: './app.component.scss',
})
export class AppComponent {
public constructor() {}
export class AppComponent implements OnInit {
public constructor(
private readonly authService: AuthService,
private readonly router: Router
) {}
public ngOnInit(): void {
this.checkAuthentication();
}
private checkAuthentication(): void {
this.authService.isAuthenticated$.subscribe((isAuthenticated: boolean) => {
if (isAuthenticated) {
console.log('User is authenticated');
this.router.navigateByUrl('dashboard');
} else {
this.router.navigateByUrl('signup');
}
});
}
}

10
frontend/src/app/app.config.ts
View File

@ -3,18 +3,12 @@ import { ApplicationConfig } from '@angular/core';
import { provideAnimations } from '@angular/platform-browser/animations';
import { provideRouter, withComponentInputBinding } from '@angular/router';
import { Configuration } from './api';
import { routes } from './app.routes';
import { ApiConfiguration } from './config/api-configuration';
const apiConfiguration = new ApiConfiguration({
withCredentials: true,
});
import { AuthInterceptor } from './shared/interceptors/auth.interceptor';
export const appConfig: ApplicationConfig = {
providers: [
{ provide: Configuration, useValue: apiConfiguration },
provideHttpClient(withInterceptors([])),
provideHttpClient(withInterceptors([AuthInterceptor])),
provideRouter(routes, withComponentInputBinding()),
provideAnimations(),
],

9
frontend/src/app/app.routes.ts
View File

@ -1,12 +1,11 @@
import { Routes } from '@angular/router';
import { AuthGuard } from './shared/guard/auth.guard';
const publicRoutes: Routes = [
{
path: '',
loadComponent: () =>
import('./pages/home-root/home-root.component').then(
(m) => m.HomeComponent
),
loadComponent: () => import('./app.component').then((m) => m.AppComponent),
},
{
path: 'signup',
@ -31,7 +30,7 @@ const protectedRoutes: Routes = [
import('./pages/dashboard-root/dashboard-root.component').then(
(m) => m.DashboardRootComponent
),
canActivate: [],
canActivate: [AuthGuard],
},
];

9
frontend/src/app/config/api-configuration.ts
View File

@ -1,9 +0,0 @@
import { Configuration, ConfigurationParameters } from '../api';
export class ApiConfiguration extends Configuration {
public constructor(params?: Partial<ConfigurationParameters>) {
super({
...params,
});
}
}

0
frontend/src/app/pages/home-root/home-root.component.html
View File

0
frontend/src/app/pages/home-root/home-root.component.scss
View File

38
frontend/src/app/pages/home-root/home-root.component.ts
View File

@ -1,38 +0,0 @@
import { HttpErrorResponse } from '@angular/common/http';
import { Component, OnInit } from '@angular/core';
import { Router } from '@angular/router';
import { SuccessDtoApiModel } from '../../api';
import { AuthService } from '../../shared/service';
@Component({
selector: 'app-foo',
standalone: true,
providers: [],
imports: [],
templateUrl: './home-root.component.html',
styleUrl: './home-root.component.scss',
})
export class HomeComponent implements OnInit {
public constructor(
private readonly authService: AuthService,
private readonly router: Router
) {}
public ngOnInit(): void {
this.authService.status().subscribe(
(response: SuccessDtoApiModel) => {
if (response.success) {
this.router.navigate(['/dashboard']);
}
},
(error: HttpErrorResponse) => {
if (error.status === 401) {
this.router.navigate(['signup'], {
queryParams: { login: true },
});
}
}
);
}
}

188
frontend/src/app/pages/register-root/register-root.component.html
View File

@ -1,110 +1,94 @@
<div id="background">
<div class="img-zone">
<div class="img-wrapper">
@if (userSignupSuccess()) {
<div class="success">
<h1>Danke für deine Registrierung!</h1>
<h2>
Wir haben dir eine Mail geschickt an
{{ form?.get('email')?.value }}. Bitte bestätige deine
E-Mail-Adresse um fortzufahren.
</h2>
<p>Du kannst diesen Tab nun schließen</p>
</div>
} @else {
<div class="headline">
<h1>Hi, Welcome to Ticket App.</h1>
</div>
}
<h1>Hi, Welcome to Ticket App.</h1>
</div>
</div>
<div class="content-zone">
<h1>
@if (isSignupSignal()) {
Anmelden
} @else if (isRegisterSignal()) {
Registrieren
} @else {
Erste Schritte
}
</h1>
@if (!userSignupSuccess()) {
<div class="content-zone">
<h1>
@if (isSignupSignal()) {
Anmelden
} @else if (isRegisterSignal()) {
Registrieren
} @else {
Erste Schritte
@if (isDisplayButtons()) {
<div class="action">
<button
pButton
type="button"
label="Anmelden"
(click)="toggleAction('signup')"></button>
<button
pButton
type="button"
label="Registrieren"
(click)="toggleAction('register')"></button>
</div>
}
@if (isSignupSignal() || isRegisterSignal()) {
<div class="register-wrapper">
@if (form) {
<form [formGroup]="form" (ngSubmit)="onSubmit()">
<div class="e-mail">
<div class="label">
<label for="email">E-Mail</label>
</div>
<input
pInputText
id="email"
formControlName="email"
aria-describedby="e-mail" />
</div>
<div class="password">
<div class="label">
<label for="password">Password</label>
</div>
<p-password
class="custom-p-password"
id="password"
formControlName="password"
aria-describedby="password"
[toggleMask]="true"></p-password>
</div>
@if (isRegisterSignal()) {
<div class="terms">
<p-checkbox
formControlName="terms"
label="Ich habe die AGB gelesen und stimme zu."
name="terms"
[binary]="true"></p-checkbox>
</div>
}
<div class="signup">
<button
pButton
type="submit"
[label]="
isSignupSignal()
? 'Anmelden'
: '✨ Jetzt KOSTENFREI loslegen ✨'
"></button>
</div>
<div class="change-mask">
<a
(click)="switchMask()"
(keyup.enter)="switchMask()"
tabindex="0">
@if (isSignupSignal()) {
Kein Account? Erstellen Sie jetzt KOSTENFREI einen!
} @else {
Schon einen Account? Hier einloggen
}
</a>
</div>
</form>
}
</h1>
@if (isDisplayButtons()) {
<div class="action">
<button
pButton
type="button"
label="Anmelden"
(click)="toggleAction('signup')"></button>
<button
pButton
type="button"
label="Registrieren"
(click)="toggleAction('register')"></button>
</div>
}
@if (isSignupSignal() || isRegisterSignal()) {
<div class="register-wrapper">
@if (form) {
<form [formGroup]="form" (ngSubmit)="onSubmit()">
<div class="e-mail">
<div class="label">
<label for="email">E-Mail</label>
</div>
<input
pInputText
id="email"
formControlName="email"
aria-describedby="e-mail" />
</div>
<div class="password">
<div class="label">
<label for="password">Password</label>
</div>
<p-password
class="custom-p-password"
id="password"
formControlName="password"
aria-describedby="password"
[toggleMask]="true"></p-password>
</div>
@if (isRegisterSignal()) {
<div class="terms">
<p-checkbox
formControlName="terms"
label="Ich habe die AGB gelesen und stimme zu."
name="terms"
[binary]="true"></p-checkbox>
</div>
}
<div class="signup">
<button
pButton
type="submit"
[label]="
isSignupSignal()
? 'Anmelden'
: '✨ Jetzt KOSTENFREI loslegen ✨'
"></button>
</div>
<div class="change-mask">
<a
(click)="switchMask()"
(keyup.enter)="switchMask()"
tabindex="0">
@if (isSignupSignal()) {
Kein Account? Erstellen Sie jetzt KOSTENFREI einen!
} @else {
Schon einen Account? Hier einloggen
}
</a>
</div>
</form>
}
</div>
}
</div>
}
</div>
}
</div>
</div>

16
frontend/src/app/pages/register-root/register-root.component.scss
View File

@ -12,20 +12,10 @@
display: flex;
align-items: center;
.success {
margin-left: 4em;
h1 {
font-size: 4em;
}
h1 {
font-size: 4em;
margin-left: 1em;
}
.headline {
h1 {
font-size: 4em;
margin-left: 1em;
}
}
}
}

63
frontend/src/app/pages/register-root/register-root.component.ts
View File

@ -25,14 +25,8 @@ import { CheckboxModule } from 'primeng/checkbox';
import { InputTextModule } from 'primeng/inputtext';
import { PasswordModule } from 'primeng/password';
import {
Configuration,
SigninResponseDtoApiModel,
SuccessDtoApiModel,
UserCredentialsDtoApiModel,
} from '../../api';
import { ApiConfiguration } from '../../config/api-configuration';
import { AuthService, SessionStorageService } from '../../shared/service';
import { AuthService } from '../../shared/service';
import { LoginCredentials } from '../../shared/types';
import {
customEmailValidator,
customPasswordValidator,
@ -53,20 +47,13 @@ type AuthAction = 'register' | 'signup';
PasswordModule,
HttpClientModule,
],
providers: [
{
provide: Configuration,
useFactory: (): unknown =>
new ApiConfiguration({ withCredentials: true }),
},
],
providers: [],
templateUrl: './register-root.component.html',
styleUrl: './register-root.component.scss',
changeDetection: ChangeDetectionStrategy.OnPush,
})
export class RegisterRootComponent implements OnInit {
public verified: InputSignal<boolean> = input<boolean>(false);
public login: InputSignal<boolean> = input<boolean>(false);
public email: InputSignal<string> = input<string>('');
public form: FormGroup | undefined;
public isRegisterSignal: WritableSignal<boolean> = signal(false);
@ -75,14 +62,12 @@ export class RegisterRootComponent implements OnInit {
public emailInvalid: WritableSignal<string | null> = signal(null);
public passwordInvalid: WritableSignal<string | null> = signal(null);
public termsInvalid: WritableSignal<string | null> = signal(null);
public userSignupSuccess: WritableSignal<boolean> = signal(false);
private removeQueryParams: WritableSignal<boolean> = signal(false);
public constructor(
private readonly formBuilder: FormBuilder,
private readonly authService: AuthService,
private readonly router: Router,
private readonly sessionStorageService: SessionStorageService
private readonly router: Router
) {
effect(() => {
if (this.form) {
@ -105,22 +90,13 @@ export class RegisterRootComponent implements OnInit {
public ngOnInit(): void {
this.initializeForm();
this.setupValueChanges();
this.preselectForm();
if ((this.email() && this.verified()) || this.login()) {
if (this.email() || this.verified()) {
this.handleRedirect();
this.removeQueryParams.set(true);
}
}
public preselectForm(): void {
if (!this.email() || !this.verified()) {
const email = this.sessionStorageService.getItem('email');
this.form?.get('email')?.setValue(email);
}
}
public toggleAction(action: AuthAction): void {
if (action === 'register') {
this.isRegisterSignal.set(true);
@ -137,7 +113,7 @@ export class RegisterRootComponent implements OnInit {
if (this.form?.valid) {
if (this.isRegisterSignal()) {
this.signup(this.form.value);
this.register(this.form.value);
} else {
this.signin(this.form.value);
}
@ -174,6 +150,7 @@ export class RegisterRootComponent implements OnInit {
}
private handleRedirect(): void {
console.log('handleRedirect');
if (this.verified()) {
this.isDisplayButtons.set(false);
this.isRegisterSignal.set(false);
@ -182,12 +159,6 @@ export class RegisterRootComponent implements OnInit {
if (this.email()) {
this.form?.get('email')?.setValue(decodeURIComponent(atob(this.email())));
}
if (this.login()) {
this.isSignupSignal.set(true);
this.isDisplayButtons.set(false);
this.isRegisterSignal.set(false);
}
}
private clearRouteParams(): void {
@ -266,23 +237,11 @@ export class RegisterRootComponent implements OnInit {
}
}
private signin(logiCredentials: UserCredentialsDtoApiModel): void {
this.authService
.signin(logiCredentials)
.subscribe((response: SigninResponseDtoApiModel) => {
if (response) {
this.router.navigate(['/dashboard']);
}
});
private signin(logiCredentials: LoginCredentials): void {
this.authService.signin(logiCredentials);
}
private signup(logiCredentials: UserCredentialsDtoApiModel): void {
this.authService
.signup(logiCredentials)
.subscribe((response: SuccessDtoApiModel) => {
if (response.success) {
this.userSignupSuccess.set(true);
}
});
private register(logiCredentials: LoginCredentials): void {
this.authService.signup(logiCredentials);
}
}

32
frontend/src/app/shared/guard/auth.guard.ts Normal file
View File

@ -0,0 +1,32 @@
import { inject } from '@angular/core';
import {
ActivatedRouteSnapshot,
CanActivateFn,
Router,
RouterStateSnapshot,
UrlTree,
} from '@angular/router';
import { Observable } from 'rxjs';
import { AuthService } from '../service';
export const AuthGuard: CanActivateFn = (
route: ActivatedRouteSnapshot,
state: RouterStateSnapshot
):
| Observable<boolean | UrlTree>
| Promise<boolean | UrlTree>
| boolean
| UrlTree => {
const authService: AuthService = inject(AuthService);
const router: Router = inject(Router);
authService.isAuthenticated$.subscribe((isAuthenticated: boolean) => {
if (!isAuthenticated) {
router.navigateByUrl('signup');
}
});
return true;
};

79
frontend/src/app/shared/interceptors/auth.interceptor.ts Normal file
View File

@ -0,0 +1,79 @@
import {
HttpInterceptorFn,
HttpRequest,
HttpHandlerFn,
HttpEvent,
HttpErrorResponse,
} from '@angular/common/http';
import { inject } from '@angular/core';
import { Router } from '@angular/router';
import { Observable, throwError } from 'rxjs';
import { catchError, switchMap } from 'rxjs/operators';
import { AuthService } from '../service';
export const AuthInterceptor: HttpInterceptorFn = (
request: HttpRequest<unknown>,
next: HttpHandlerFn
): Observable<HttpEvent<unknown>> => {
const router = inject(Router);
const authService = inject(AuthService);
const handleRequest = (
req: HttpRequest<unknown>
): Observable<HttpEvent<unknown>> => {
const accessToken = authService.access_token;
if (accessToken) {
req = addAuthHeader(req, accessToken);
}
return next(req);
};
const addAuthHeader = (
req: HttpRequest<unknown>,
token: string
): HttpRequest<unknown> => {
return req.clone({
setHeaders: {
Authorization: `Bearer ${token}`,
},
});
};
const handle401Error = (
req: HttpRequest<unknown>
): Observable<HttpEvent<unknown>> => {
console.log(authService.refresh_token);
if (!authService.refresh_token) {
router.navigateByUrl('signup');
return throwError(() => new Error('Authentication required'));
}
return authService.refreshToken().pipe(
switchMap((tokens) => {
req = addAuthHeader(req, tokens.access_token);
return next(req);
}),
catchError((refreshError) => {
router.navigateByUrl('signup');
return throwError(() => new Error(refreshError));
})
);
};
const handleError = (
error: HttpErrorResponse,
req: HttpRequest<unknown>
): Observable<HttpEvent<unknown>> => {
if (error.status === 401) {
return handle401Error(req);
}
return throwError(() => new Error('Unhandled error'));
};
return handleRequest(request).pipe(
catchError((error) => handleError(error, request))
);
};

85
frontend/src/app/shared/service/auth.service.ts
View File

@ -1,16 +1,12 @@
import { Injectable } from '@angular/core';
import { BehaviorSubject, Observable } from 'rxjs';
import { BehaviorSubject, Observable, tap } from 'rxjs';
import {
SigninResponseDtoApiModel,
UserCredentialsDtoApiModel,
} from '../../api';
import { AuthenticationApiService } from '../../api/api/authentication.api.service';
import { LoginCredentials, Tokens } from '../types';
type SuccessResponse = {
success: boolean;
};
import { LocalStorageService } from './local-storage.service';
import { SessionStorageService } from './session-storage.service';
@Injectable({
providedIn: 'root',
@ -18,28 +14,73 @@ type SuccessResponse = {
export class AuthService {
public isAuthenticated$: BehaviorSubject<boolean> =
new BehaviorSubject<boolean>(false);
private _access_token: string | null = null;
private _refresh_token: string | null = null;
public get access_token(): string | null {
return this._access_token;
}
public get refresh_token(): string | null {
return this._refresh_token;
}
public constructor(
private readonly localStorageService: LocalStorageService,
private readonly sessionStorageService: SessionStorageService,
private readonly authenticationApiService: AuthenticationApiService
) {}
public signup(
credentials: UserCredentialsDtoApiModel
): Observable<SuccessResponse> {
return this.authenticationApiService.authControllerSignup(credentials);
) {
this._access_token =
this.localStorageService.getItem<string>('access_token');
this._refresh_token =
this.sessionStorageService.getItem<string>('refresh_token');
}
public signin(
credentials: UserCredentialsDtoApiModel
): Observable<SigninResponseDtoApiModel> {
return this.authenticationApiService.authControllerSignin(credentials);
public signin(credentials: LoginCredentials): void {
this.authenticationApiService
.authControllerSignin(credentials)
.subscribe((response: Tokens) => {
this.handleSuccess(response);
});
}
public signout(): Observable<SuccessResponse> {
return this.authenticationApiService.authControllerSignout();
public signup(credentials: LoginCredentials): void {
this.authenticationApiService
.authControllerSignup(credentials)
.subscribe((response: Tokens) => {
this.handleSuccess(response);
});
}
public status(): Observable<SuccessResponse> {
return this.authenticationApiService.authControllerStatus();
public refreshToken(): Observable<Tokens> {
if (this._refresh_token) {
return this.authenticationApiService
.authControllerRefresh(this._refresh_token)
.pipe(tap((response: Tokens) => this.handleSuccess(response)));
} else {
throw new Error('Refresh token is missing');
}
}
public signout(): void {
this.authenticationApiService
.authControllerLogout()
.subscribe((response: boolean) => {
if (response) {
this._access_token = null;
this._refresh_token = null;
this.localStorageService.removeItem('access_token');
this.sessionStorageService.removeItem('refresh_token');
this.isAuthenticated$.next(false);
}
});
}
private handleSuccess(tokens: Tokens): void {
this._access_token = tokens.access_token;
this._refresh_token = tokens.refresh_token;
this.localStorageService.setItem('access_token', tokens.access_token);
this.sessionStorageService.setItem('refresh_token', tokens.refresh_token);
this.isAuthenticated$.next(true);
}
}

2
frontend/src/app/shared/types/index.ts
View File

@ -0,0 +1,2 @@
export * from './login-credentials';
export * from './tokens';

4
frontend/src/app/shared/types/login-credentials.ts Normal file
View File

@ -0,0 +1,4 @@
export type LoginCredentials = {
email: string;
password: string;
};

4
frontend/src/app/shared/types/tokens.ts Normal file
View File

@ -0,0 +1,4 @@
export type Tokens = {
access_token: string;
refresh_token: string;
};