igorpropisnov
/
mvp-ticket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: igorpropisnov:a341196f37d49048f6a897ec8a1bf47e41512c04
Branches Tags
igorpropisnov:main
igorpropisnov:feature/refactor-login
igorpropisnov:feature/error-handling
..
compare: igorpropisnov:4f8d54ebd61cd1528f9bec89053a24f52c98de45
Branches Tags
igorpropisnov:main
igorpropisnov:feature/refactor-login
igorpropisnov:feature/error-handling

2 Commits
a341196f37 ... 4f8d54ebd6

Author SHA1 Message Date
Igor Hrenowitsch Propisnov 4f8d54ebd6 tidy up 2024-05-31 08:19:35 +02:00
Igor Hrenowitsch Propisnov b5c850d178 tidy up 2024-05-31 08:19:26 +02:00
4 changed files with 71 additions and 82 deletions
Show Stats Expand all files Collapse all files

48
backend/src/modules/auth-module/controller/auth.controller.ts
View File

@ -41,9 +41,9 @@ export class AuthController {
description: 'User signin successfully',
type: LoginResponseDto,
})
@HttpCode(HttpStatus.OK)
@Public()
@Post('signin')
@HttpCode(HttpStatus.OK)
public async signin(
@Res({ passthrough: true }) response: Response,
@Req() request: Request,
@ -52,6 +52,11 @@ export class AuthController {
return await this.authService.signin(userCredentials, response, request);
}
@ApiCreatedResponse({
description: 'User tokens refreshed successfully',
type: AccessTokenDto,
})
@HttpCode(HttpStatus.OK)
@Public()
@Post('refresh')
public async refreshToken(@Req() request: Request): Promise<AccessTokenDto> {
@ -62,48 +67,9 @@ export class AuthController {
description: 'User signed out successfully',
type: Boolean,
})
@Post('logout')
@HttpCode(HttpStatus.OK)
@Post('logout')
public async logout(@GetCurrentUserId() userId: string): Promise<boolean> {
return this.authService.logout(userId);
}
// @ApiHeader({
// name: 'Authorization',
// required: true,
// schema: {
// example: 'Bearer <refresh_token>',
// },
// })
// @ApiCreatedResponse({
// description: 'User tokens refreshed successfully',
// type: TokensDto,
// })
// @Public()
// @UseGuards(RefreshTokenGuard)
// @Post('refresh')
// @HttpCode(HttpStatus.OK)
// public async refresh(
// @GetCurrentUserId() userId: string,
// @GetCurrentUser('refresh_token') refresh_token: string
// ): Promise<TokensDto> {
// return this.authService.refresh(userId, refresh_token);
// }
// @ApiHeader({
// name: 'Authorization',
// required: true,
// schema: {
// example: 'Bearer <access_token>',
// },
// })
// @ApiCreatedResponse({
// description: 'Token validity checked successfully',
// type: Boolean,
// })
// @Post('check-token')
// @HttpCode(HttpStatus.OK)
// public checkTokenValidity(): Promise<boolean> {
// return this.authService.checkTokenValidity();
// }
}

55
backend/src/modules/auth-module/repositories/session.repository.ts
View File

@ -1,7 +1,8 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Response } from 'express';
import { Session } from 'src/entities';
import { Repository } from 'typeorm';
import { LessThan, Repository } from 'typeorm';
import { v4 as uuidv4 } from 'uuid';
@Injectable()
@ -30,6 +31,21 @@ export class SessionRepository {
return session;
}
public async findSessionBySessionId(sessionId: string): Promise<Session> {
return await this.sessionRepository.findOne({
where: { sessionId: sessionId },
relations: ['userCredentials'],
});
}
public attachSessionToResponse(response: Response, sessionId: string): void {
response.cookie('session_id', sessionId, {
httpOnly: true,
secure: true,
sameSite: 'strict',
});
}
public async validateSessionUserAgent(
sessionId: string,
currentUserAgent: string
@ -45,4 +61,41 @@ export class SessionRepository {
return session.userAgent === currentUserAgent;
}
public async checkSessionLimit(userId: string): Promise<void> {
const userSessions = await this.sessionRepository
.createQueryBuilder('session')
.leftJoinAndSelect('session.userCredentials', 'userCredentials')
.where('userCredentials.id = :userId', { userId })
.orderBy('session.expiresAt', 'ASC')
.getMany();
if (userSessions.length >= 5) {
await this.sessionRepository.delete(userSessions[0].id);
}
}
public async invalidateAllSessionsForUser(userId: string): Promise<void> {
await this.sessionRepository.delete({ userCredentials: userId });
}
public async extendSessionExpiration(sessionId: string): Promise<void> {
const session = await this.sessionRepository.findOne({
where: { sessionId },
});
if (session) {
session.expiresAt = new Date(
session.expiresAt.setMinutes(session.expiresAt.getMinutes() + 30)
);
await this.sessionRepository.save(session);
}
}
// TODO Add cron job to clear expired sessions
public async clearExpiredSessions(): Promise<void> {
const now = new Date();
await this.sessionRepository.delete({ expiresAt: LessThan(now) });
}
}

2
backend/src/modules/auth-module/services/auth.service.ts
View File

@ -88,7 +88,7 @@ export class AuthService {
this.sessionService.attachSessionToResponse(response, sesseionId.sessionId);
return this.generateAndPersistTokens(user.id, user.email);
return this.generateAndPersistTokens(user.id, user.email, true);
}
public async logout(userId: string): Promise<boolean> {

48
backend/src/modules/auth-module/services/session.service.ts
View File

@ -2,7 +2,6 @@ import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Response } from 'express';
import { Session } from 'src/entities';
import { LessThan, Repository } from 'typeorm';
import { SessionRepository } from '../repositories/session.repository';
@ -10,76 +9,47 @@ import { SessionRepository } from '../repositories/session.repository';
export class SessionService {
public constructor(
@InjectRepository(Session)
private sessionRepository: Repository<Session>,
private readonly sessionRepository2: SessionRepository
private readonly sessionRepository: SessionRepository
) {}
public async createSession(
userId: string,
userAgent: string
): Promise<Session> {
return this.sessionRepository2.createSession(userId, userAgent);
return await this.sessionRepository.createSession(userId, userAgent);
}
public async validateSessionUserAgent(
sessionId: string,
currentUserAgent: string
): Promise<boolean> {
return this.sessionRepository2.validateSessionUserAgent(
return await this.sessionRepository.validateSessionUserAgent(
sessionId,
currentUserAgent
);
}
public async checkSessionLimit(userId: string): Promise<void> {
const userSessions = await this.sessionRepository
.createQueryBuilder('session')
.leftJoinAndSelect('session.userCredentials', 'userCredentials')
.where('userCredentials.id = :userId', { userId })
.orderBy('session.expiresAt', 'ASC')
.getMany();
if (userSessions.length >= 5) {
await this.sessionRepository.delete(userSessions[0].id);
}
await this.sessionRepository.checkSessionLimit(userId);
}
public async invalidateAllSessionsForUser(userId: string): Promise<void> {
await this.sessionRepository.delete({ userCredentials: userId });
await this.sessionRepository.invalidateAllSessionsForUser(userId);
}
// TODO Add cron job to clear expired sessions
public async clearExpiredSessions(): Promise<void> {
const now = new Date();
await this.sessionRepository.delete({ expiresAt: LessThan(now) });
await this.sessionRepository.clearExpiredSessions();
}
public async extendSessionExpiration(sessionId: string): Promise<void> {
const session = await this.sessionRepository.findOne({
where: { sessionId },
});
if (session) {
session.expiresAt = new Date(
session.expiresAt.setMinutes(session.expiresAt.getMinutes() + 30)
);
await this.sessionRepository.save(session);
}
await this.sessionRepository.extendSessionExpiration(sessionId);
}
public async findSessionBySessionId(sessionId: string): Promise<Session> {
return this.sessionRepository.findOne({
where: { sessionId: sessionId },
relations: ['userCredentials'],
});
return await this.sessionRepository.findSessionBySessionId(sessionId);
}
public attachSessionToResponse(response: Response, sessionId: string): void {
response.cookie('session_id', sessionId, {
httpOnly: true,
secure: true,
sameSite: 'strict',
});
this.sessionRepository.attachSessionToResponse(response, sessionId);
}
}