Merge pull request #31 from viniciuscosmome/feature/authorization

[LOR 176] feature: authorization
loryblu · Oct 31, 2023 · a090e36 · a090e36
2 parents 367d985 + eb61c7c
commit a090e36
Show file tree

Hide file tree

Showing 16 changed files with 242 additions and 66 deletions.
diff --git a/src/app.module.ts b/src/app.module.ts
@@ -1,8 +1,9 @@
 import { Module } from '@nestjs/common';
+import configModule from 'src/globals/constants';
 
 import { AccountModule } from './modules';
 
 @Module({
- imports: [AccountModule],
+ imports: [configModule, AccountModule],
 })
 export class AppModule {}
diff --git a/src/globals/constants.ts b/src/globals/constants.ts
@@ -1,3 +1,5 @@
+import { ConfigModule } from '@nestjs/config';
+
 export const appName = 'LoryBlu';
 export const appDescription = process.env.npm_package_description;
 export const appVersion = process.env.npm_package_version;
@@ -6,6 +8,22 @@ export const appLicense = process.env.npm_package_license;
 export const fullnameRegExp = /^[a-zÀ-ÿ ]+$/i;
 export const recoveryTokenRegExp = /^[a-zA-Z0-9_-]+$/;
 
-export const isDevelopmentEnv = process.env.NODE_ENV === 'development';
-export const isHomologationEnv = process.env.NODE_ENV === 'homologation';
-export const isProductionEnv = process.env.NODE_ENV === 'production';
+export const constants = () => ({
+ PORT: process.env.PORT || 5500,
+ NODE_ENV: process.env.NODE_ENV,
+
+ SALT_DATA_HASH: process.env.SALT_DATA_HASH,
+ SALT_DATA_PASS: process.env.SALT_DATA_PASS,
+ SECRET_JWT: process.env.SECRET_JWT,
+
+ MAIL_API_KEY: process.env.MAIL_API_KEY,
+ MAIL_FROM: process.env.MAIL_FROM,
+ MAIL_TEST_DELIVERED: process.env.MAIL_TEST_DELIVERED,
+ MAIL_TEST_BOUNCED: process.env.MAIL_TEST_BOUNCED,
+ MAIL_TEST_COMPLAINED: process.env.MAIL_TEST_COMPLAINED,
+});
+
+export default ConfigModule.forRoot({
+ load: [() => constants],
+ isGlobal: true,
+});
diff --git a/src/globals/errors.ts b/src/globals/errors.ts
@@ -1,7 +1,10 @@
 import { Prisma } from '@prisma/client';
-import { isProductionEnv } from './constants';
+import { constants } from './constants';
 import { UnknownErrorException, P2002Exception } from './responses/exceptions';
 
+import { UnauthorizedException } from '@nestjs/common';
+import { formatException } from './utils';
+
 export function prismaKnownRequestErrors(
  error: Prisma.PrismaClientKnownRequestError,
 ) {
@@ -15,7 +18,7 @@ export function prismaKnownRequestErrors(
 
 export function unknownError(error: unknown) {
  // ! remover quando adicionar um logger
- if (!isProductionEnv) {
+ if (constants().NODE_ENV != 'production') {
  console.info('unknownError', error);
  }
 
@@ -29,3 +32,21 @@ export function handleErrors(error: unknown) {
 
  unknownError(error);
 }
+
+export function handleJWTErrors(error: Error) {
+ let message = 'Credenciais inválidas';
+
+ if (error.message == 'jwt expired') {
+ message = 'Sua chave de acesso expirou.';
+ } else if (error.message == 'jwt must be provided') {
+ message = 'Uma chave de acesso precisa ser informada.';
+ } else if (error.message == 'jwt malformed') {
+ message = 'Sua chave de acesso tem um formato errado.';
+ } else if (error.message == 'jwt not active') {
+ message = 'Sua chave de acesso ainda não está ativa.';
+ } else if (error.message.includes('jwt subject invalid.')) {
+ message = 'Sua chave de acesso não foi criada para este uso.';
+ }
+
+ throw new UnauthorizedException(formatException(message, 'authorization'));
+}
diff --git a/src/guard/authorization.decorator.ts b/src/guard/authorization.decorator.ts
@@ -0,0 +1,12 @@
+import { SetMetadata } from '@nestjs/common';
+import { Roles } from '@prisma/client';
+import { iAuthTokenSubject } from 'src/modules/account/account.entity';
+
+export type iAuthMetadata = {
+ type: iAuthTokenSubject;
+ role: Roles;
+};
+
+export const RequestToken = (authMetadata: iAuthMetadata) => {
+ return SetMetadata('authMetadata', authMetadata);
+};
diff --git a/src/guard/authorization.guard.ts b/src/guard/authorization.guard.ts
@@ -0,0 +1,71 @@
+import {
+ Injectable,
+ CanActivate,
+ ExecutionContext,
+ InternalServerErrorException,
+ UnauthorizedException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { ConfigService } from '@nestjs/config';
+import { JwtService } from '@nestjs/jwt';
+import { Request } from 'express';
+import { formatException } from 'src/globals/utils';
+import { iAuthMetadata } from './authorization.decorator';
+import { handleJWTErrors } from 'src/globals/errors';
+
+@Injectable()
+export class AuthorizationGuard implements CanActivate {
+ private secret: string;
+
+ constructor(
+ private reflector: Reflector,
+ private configService: ConfigService,
+ private jwtService: JwtService,
+ ) {
+ this.secret = this.configService.get<string>('SECRET_JWT');
+ }
+
+ private extractTokenFromHeader(request: Request): string | undefined {
+ const [type, token] = request.headers.authorization?.split(' ') || [];
+ return type === 'Bearer' ? token : undefined;
+ }
+
+ async canActivate(context: ExecutionContext): Promise<boolean> {
+ const authMetadata = this.reflector.get<iAuthMetadata>(
+ 'authMetadata',
+ context.getHandler(),
+ );
+
+ if (!authMetadata || !authMetadata.type || !authMetadata.role) {
+ throw new InternalServerErrorException(
+ formatException('O método CanActivate precisa ser configurado.'),
+ );
+ }
+
+ const request = context.switchToHttp().getRequest();
+ const token = this.extractTokenFromHeader(request);
+
+ if (!token) {
+ throw new UnauthorizedException(
+ formatException('Uma chave de acesso precisa ser informada.'),
+ );
+ }
+
+ const validity = await this.jwtService
+ .verifyAsync(token, {
+ secret: this.secret,
+ subject: authMetadata.type,
+ })
+ .then((response) => response)
+ .catch((error) => handleJWTErrors(error));
+
+ if (validity) {
+ request['session.payload'] = validity;
+ return true;
+ }
+
+ throw new InternalServerErrorException(
+ formatException('O método CanActivate precisa ser verificado.'),
+ );
+ }
+}
diff --git a/src/guard/index.ts b/src/guard/index.ts
@@ -0,0 +1,2 @@
+export * from './authorization.decorator';
+export * from './authorization.guard';
diff --git a/src/lib/jwt.ts b/src/lib/jwt.ts
@@ -0,0 +1,10 @@
+import { ConfigService } from '@nestjs/config';
+import { JwtModule } from '@nestjs/jwt';
+
+export default JwtModule.registerAsync({
+ inject: [ConfigService],
+ useFactory: async (configService: ConfigService) => ({
+ secret: configService.get<string>('SECRET_JWT'),
+ global: true,
+ }),
+});
diff --git a/src/main.ts b/src/main.ts
@@ -1,4 +1,5 @@
 import { NestFactory } from '@nestjs/core';
+import { ConfigService } from '@nestjs/config';
 import { SwaggerModule } from '@nestjs/swagger';
 import helmet from 'helmet';
 
@@ -9,6 +10,8 @@ import { AppModule } from './app.module';
 
 async function bootstrap() {
  const app = await NestFactory.create(AppModule);
+ const configService = app.get(ConfigService);
+ const port = configService.get<string | number>('PORT');
 
  app.use(helmet());
  app.enableCors(corsOptionsConfig);
@@ -17,8 +20,8 @@ async function bootstrap() {
  const document = SwaggerModule.createDocument(app, swaggerDocumentConfig);
  SwaggerModule.setup('', app, document);
 
- await app.listen(process.env.PORT, () => {
- console.info(`[ONN] Port: ${process.env.PORT}`);
+ await app.listen(port, () => {
+ console.info(`[ONN] Port: ${port}`);
  });
 }
 

diff --git a/src/modules/account/account.controller.ts b/src/modules/account/account.controller.ts
@@ -1,23 +1,29 @@
 import { Controller, Post, Body, HttpCode, Put } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
 import { ApiResponse, ApiTags } from '@nestjs/swagger';
 import { MailService } from '../mail/mail.service';
+import { AccountService } from './account.service';
+import { responses } from 'src/globals/responses/docs';
+import { RecoveryControllerOutput } from './account.entity';
 import {
  CreateAccountDto,
  LoginDto,
  ResetPasswordDto,
  SetPasswordDto,
 } from './account.dto';
-import { AccountService } from './account.service';
-import { responses } from 'src/globals/responses/docs';
-import { isProductionEnv } from 'src/globals/constants';
-import { RecoveryControllerOutput } from './account.entity';
 
 @Controller('/auth')
 export class AccountController {
+ private isProdEnv: boolean;
+
  constructor(
  private mailService: MailService,
  private accountService: AccountService,
- ) {}
+ private configService: ConfigService,
+ ) {
+ const env = this.configService.get<string>('NODE_ENV');
+ this.isProdEnv = env === 'production';
+ }
 
  @Post('/register')
  @ApiTags('Authentication')
@@ -42,11 +48,13 @@ export class AccountController {
  @ApiResponse(responses.unauthorized)
  @ApiResponse(responses.internalError)
  async login(@Body() { email, password }: LoginDto) {
- const { accessToken } = await this.accountService.login(email, password);
+ const { token, refresh } = await this.accountService.login(email, password);
+
  return {
  message: 'Acesso permitido',
  data: {
- accessToken,
+ accessToken: token,
+ refreshToken: refresh,
  },
  };
  }
@@ -72,7 +80,7 @@ export class AccountController {
  userName: created.fullname,
  });
 
- if (!isProductionEnv) {
+ if (!this.isProdEnv) {
  response.recoverLink = created.url;
  }
 

diff --git a/src/modules/account/account.entity.d.ts b/src/modules/account/account.entity.d.ts
@@ -5,6 +5,8 @@ import {
  ResetPasswordInfo,
 } from '@prisma/client';
 
+export type iAuthTokenSubject = 'access' | 'refresh' | 'recovery';
+
 export type NewAccountRepositoryInput = {
  credential: Omit<Credential, 'id' | 'createdAt' | 'updatedAt'>;
  parentProfile: Pick<ParentProfile, 'fullname'>;
@@ -16,11 +18,12 @@ export type RecoveryControllerOutput = {
  message: string;
 };
 
-export type GetCredentialIdByEmailOutput = {
- id: Credential['id'];
- fullname: ParentProfile['fullname'];
- password: string;
-} | void;
+export type GetCredentialIdByEmailOutput = Pick<
+ Credential,
+ 'id' | 'password'
+> & {
+ parentProfile: Pick<ParentProfile, 'id' | 'fullname'>;
+};
 
 export type getCredentialIdByRecoveryTokenInput = {
  hashedToken: string;

diff --git a/src/modules/account/account.module.ts b/src/modules/account/account.module.ts
@@ -4,16 +4,10 @@ import { MailModule } from '../mail/mail.module';
 import { AccountController } from './account.controller';
 import { AccountService } from './account.service';
 import { AccountRepository } from './account.repository';
-import { JwtModule } from '@nestjs/jwt';
+import jwtModule from 'src/lib/jwt';
 
 @Module({
- imports: [
- PrismaModule,
- MailModule,
- JwtModule.register({
- secret: process.env.SECRET_JWT,
- }),
- ],
+ imports: [jwtModule, PrismaModule, MailModule],
  controllers: [AccountController],
  providers: [AccountService, AccountRepository],
 })

diff --git a/src/modules/account/account.repository.ts b/src/modules/account/account.repository.ts
@@ -48,7 +48,7 @@ export class AccountRepository {
 
  async getCredentialIdByEmail(
  hashedEmail: string,
- ): Promise<GetCredentialIdByEmailOutput> {
+ ): Promise<GetCredentialIdByEmailOutput | void> {
  const response = await this.prisma.credential
  .findUnique({
  where: {
@@ -59,21 +59,14 @@ export class AccountRepository {
  password: true,
  parentProfile: {
  select: {
+ id: true,
  fullname: true,
  },
  },
  },
  })
  .then((response) => {
- if (response) {
- return {
- id: response.id,
- password: response.password,
- fullname: response.parentProfile.fullname,
- };
- }
-
- return null;
+ return response;
  })
  .catch((error) => handleErrors(error));