[add] role validation

BeeSoftLabs · Sep 10, 2022 · eb909f7 · eb909f7
1 parent d6c9e53
commit eb909f7
Show file tree

Hide file tree

Showing 30 changed files with 274 additions and 65 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,23 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug Nest Framework",
+      "args": ["${workspaceFolder}/src/main.ts"],
+      "runtimeArgs": [
+        "--nolazy",
+        "-r",
+        "ts-node/register",
+        "-r",
+        "tsconfig-paths/register"
+      ],
+      "sourceMaps": true,
+      "envFile": "${workspaceFolder}/.env",
+      "cwd": "${workspaceRoot}",
+      "console": "integratedTerminal",
+      "autoAttachChildProcesses": true
+    }
+  ]
+}
diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts
@@ -1,9 +1,11 @@
-import { Controller, Post, Body } from '@nestjs/common';
+import { Controller, Post, Body, Get } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 
 import { AuthService } from './auth.service';
 import { CreateUserDto } from 'src/user/dto';
 import { LoginAuthDto } from './dto';
+import { Auth, GetUser } from './decorators';
+import { User } from 'src/user/entities/user.entity';
 
 @ApiTags('auth')
 @Controller('auth')
@@ -19,4 +21,10 @@ export class AuthController {
   loginAuth(@Body() loginAuthDto: LoginAuthDto) {
     return this.authService.loginAuth(loginAuthDto);
   }
+
+  @Get('check-status')
+  @Auth()
+  checkAuthStatus(@GetUser() user: User) {
+    return this.authService.checkAuthStatus(user);
+  }
 }
diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
@@ -13,7 +13,7 @@ import * as bcrypt from 'bcrypt';
 
 import { CreateUserDto } from 'src/user/dto';
 import { User } from 'src/user/entities/user.entity';
-import { MessageHandler } from 'src/utils/enums/message.handler';
+import { MessageHandler } from 'src/shared/enums';
 import { LoginAuthDto } from './dto';
 import { JwtPayload } from './interfaces/jwt-payload.interface';
 
@@ -30,7 +30,6 @@ export class AuthService {
   async createAuth(createUserDto: CreateUserDto) {
     try {
       const { password, ...userData } = createUserDto;
-
       const user = this.userRepository.create({
         ...userData,
         password: bcrypt.hashSync(password, 10),
@@ -40,7 +39,7 @@ export class AuthService {
       delete user.password;
       return {
         ...user,
-        token: this.getJwtToken({ email: user.email }),
+        token: this.getJwtToken({ id: user.id }),
       };
     } catch (error) {
       if (error.code === '23505')
@@ -58,7 +57,7 @@ export class AuthService {
     const { password, email } = loginUserDto;
     const user = await this.userRepository.findOne({
       where: { email },
-      select: { email: true, password: true },
+      select: { email: true, password: true, id: true },
     });
 
     if (!user)
@@ -67,9 +66,18 @@ export class AuthService {
     if (!bcrypt.compareSync(password, user.password))
       throw new UnauthorizedException(MessageHandler.UNAUTHORIZED_CREDENTIALS);
 
+    delete user.id;
+
+    return {
+      ...user,
+      token: this.getJwtToken({ id: user.id }),
+    };
+  }
+
+  checkAuthStatus(user: User) {
     return {
       ...user,
-      token: this.getJwtToken({ email: user.email }),
+      token: this.getJwtToken({ id: user.id }),
     };
   }
 

diff --git a/src/auth/decorators/auth.decorator.ts b/src/auth/decorators/auth.decorator.ts
@@ -0,0 +1,13 @@
+import { applyDecorators, UseGuards } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+import { RoleProtected } from 'src/auth/decorators';
+import { ValidRoles } from 'src/shared/enums';
+import { UserRoleGuard } from '../guards/user-role.guard';
+
+export function Auth(...roles: ValidRoles[]) {
+  return applyDecorators(
+    RoleProtected(...roles),
+    UseGuards(AuthGuard(), UserRoleGuard),
+  );
+}
diff --git a/src/auth/decorators/get-user.decorator.ts b/src/auth/decorators/get-user.decorator.ts
@@ -0,0 +1,19 @@
+import {
+  createParamDecorator,
+  ExecutionContext,
+  InternalServerErrorException,
+} from '@nestjs/common';
+
+import { MessageHandler } from 'src/shared/enums';
+
+export const GetUser = createParamDecorator(
+  (data: string, ctx: ExecutionContext) => {
+    const req = ctx.switchToHttp().getRequest();
+    const user = req.user;
+
+    if (!user)
+      throw new InternalServerErrorException(MessageHandler.USER_NOT_FOUND);
+
+    return !data ? user : user[data];
+  },
+);
diff --git a/src/auth/decorators/index.ts b/src/auth/decorators/index.ts
@@ -0,0 +1,3 @@
+export { Auth } from './auth.decorator';
+export { RoleProtected } from './role-protected.decorator';
+export { GetUser } from './get-user.decorator';
diff --git a/src/auth/decorators/role-protected.decorator.ts b/src/auth/decorators/role-protected.decorator.ts
@@ -0,0 +1,5 @@
+import { SetMetadata } from '@nestjs/common';
+import { MetaRoles, ValidRoles } from 'src/shared/enums';
+
+export const RoleProtected = (...args: ValidRoles[]) =>
+  SetMetadata(MetaRoles.ROLES, args);
diff --git a/src/auth/dto/login-auth.dto.ts b/src/auth/dto/login-auth.dto.ts
@@ -7,8 +7,8 @@ import {
   MinLength,
 } from 'class-validator';
 
-import { validatePassword } from 'src/utils/actions/validations';
-import { MessageHandler } from 'src/utils/enums/message.handler';
+import { validatePassword } from 'src/shared/actions/validations';
+import { MessageHandler } from 'src/shared/enums';
 
 export class LoginAuthDto {
   @ApiProperty()

diff --git a/src/auth/guards/user-role.guard.ts b/src/auth/guards/user-role.guard.ts
@@ -0,0 +1,41 @@
+import { Reflector } from '@nestjs/core';
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+} from '@nestjs/common';
+import { Observable } from 'rxjs';
+
+import { MessageHandler, MetaRoles } from 'src/shared/enums';
+import { User } from 'src/user/entities/user.entity';
+
+@Injectable()
+export class UserRoleGuard implements CanActivate {
+  constructor(private readonly reflector: Reflector) {}
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    const validRoles: string[] = this.reflector.get(
+      MetaRoles.ROLES,
+      context.getHandler(),
+    );
+
+    if (!validRoles) return true;
+    if (validRoles.length === 0) return true;
+
+    const req = context.switchToHttp().getRequest();
+    const user = req.user as User;
+
+    if (!user) throw new BadRequestException(MessageHandler.USER_NOT_FOUND);
+
+    for (const role of user.roles) {
+      if (validRoles.includes(role)) {
+        return true;
+      }
+    }
+
+    throw new ForbiddenException(MessageHandler.USER_INVALID_ROLE);
+  }
+}
diff --git a/src/auth/interfaces/jwt-payload.interface.ts b/src/auth/interfaces/jwt-payload.interface.ts
@@ -1,3 +1,3 @@
 export interface JwtPayload {
-  email: string;
+  id: string;
 }
diff --git a/src/auth/strategies/jwt.strategy.ts b/src/auth/strategies/jwt.strategy.ts
@@ -7,7 +7,7 @@ import { InjectRepository } from '@nestjs/typeorm';
 
 import { JwtPayload } from '../interfaces/jwt-payload.interface';
 import { User } from 'src/user/entities/user.entity';
-import { MessageHandler } from 'src/utils/enums/message.handler';
+import { MessageHandler, ValidState } from 'src/shared/enums';
 
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
@@ -24,12 +24,12 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
   }
 
   async validate(payload: JwtPayload): Promise<User> {
-    const { email } = payload;
-    const user = await this.userRepository.findOneBy({ email });
+    const { id } = payload;
+    const user = await this.userRepository.findOneBy({ id });
     if (!user)
       throw new UnauthorizedException(MessageHandler.UNAUTHORIZED_TOKEN);
 
-    if (!user.active)
+    if (user.state !== ValidState.ACTIVE)
       throw new UnauthorizedException(MessageHandler.UNAUTHORIZED_USER);
 
     return user;

diff --git a/src/products/entities/product.entity.ts b/src/products/entities/product.entity.ts
@@ -1,4 +1,5 @@
-import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+import { User } from 'src/user/entities/user.entity';
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
 
 @Entity()
 export class Product {
@@ -25,4 +26,7 @@ export class Product {
 
   @Column('bool', { default: true })
   active: boolean;
+
+  @ManyToOne(() => User, (user) => user.product, { eager: true })
+  user: User;
 }
diff --git a/src/products/products.controller.ts b/src/products/products.controller.ts
@@ -16,20 +16,23 @@ import {
 
 import { ProductsService } from './products.service';
 import { CreateProductDto, UpdateProductDto } from 'src/products/dto';
+import { Auth, GetUser } from 'src/auth/decorators';
+import { User } from 'src/user/entities/user.entity';
 
 @ApiTags('products')
 @Controller('products')
 export class ProductsController {
   constructor(private readonly productsService: ProductsService) {}
 
   @Post()
+  @Auth()
   @ApiOperation({ summary: 'Create a new product' })
   @ApiCreatedResponse({
     description: 'The record has been successfully created.',
   })
   @ApiForbiddenResponse({ description: 'Forbidden.' })
-  create(@Body() createProductDto: CreateProductDto) {
-    return this.productsService.create(createProductDto);
+  create(@Body() createProductDto: CreateProductDto, @GetUser() user: User) {
+    return this.productsService.create(createProductDto, user);
   }
 
   @Get()

diff --git a/src/products/products.module.ts b/src/products/products.module.ts
@@ -1,13 +1,15 @@
 import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
 
+import { AuthModule } from 'src/auth/auth.module';
+
 import { ProductsService } from './products.service';
 import { ProductsController } from './products.controller';
 import { Product } from './entities/product.entity';
 
 @Module({
   controllers: [ProductsController],
   providers: [ProductsService],
-  imports: [TypeOrmModule.forFeature([Product])],
+  imports: [TypeOrmModule.forFeature([Product]), AuthModule],
 })
 export class ProductsModule {}
diff --git a/src/products/products.service.ts b/src/products/products.service.ts
@@ -11,7 +11,8 @@ import { Repository } from 'typeorm';
 
 import { CreateProductDto, UpdateProductDto } from 'src/products/dto';
 import { Product } from './entities/product.entity';
-import { MessageHandler } from 'src/utils/enums/message.handler';
+import { MessageHandler } from 'src/shared/enums';
+import { User } from 'src/user/entities/user.entity';
 
 @Injectable()
 export class ProductsService {
@@ -22,9 +23,10 @@ export class ProductsService {
 
   private readonly logger = new Logger('ProductsService');
 
-  async create(createProductDto: CreateProductDto) {
+  async create(createProductDto: CreateProductDto, user: User) {
     try {
       const product = this.productRepository.create(createProductDto);
+      product.user = user;
       await this.productRepository.save(product);
       return product;
     } catch (error) {
@@ -47,7 +49,6 @@ export class ProductsService {
     const product = await this.productRepository.findOneBy({ id });
     if (!product)
       throw new NotFoundException(`Product with id ${id} not found`);
-    console.log(product);
 
     return product;
   }

diff --git a/src/utils/actions/validations.ts → src/shared/actions/validations.ts b/src/utils/actions/validations.ts → src/shared/actions/validations.ts
diff --git a/src/shared/decorators/index.ts b/src/shared/decorators/index.ts
@@ -0,0 +1 @@
+export { RawHeaders } from './raw-headers.decorator';
diff --git a/src/shared/decorators/raw-headers.decorator.ts b/src/shared/decorators/raw-headers.decorator.ts
@@ -0,0 +1,11 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export const RawHeaders = createParamDecorator(
+  (data: string, ctx: ExecutionContext) => {
+    const req = ctx.switchToHttp().getRequest();
+    return req.rawHeaders;
+  },
+);
+
+//uso @RawHeader() rawHeaders: string[]
+// best use @Headers() headers: IncomingHttpHeaders
diff --git a/src/shared/enums/index.ts b/src/shared/enums/index.ts
@@ -0,0 +1,4 @@
+export { MessageHandler } from './message.handler';
+export { MetaRoles } from './meta.roles';
+export { ValidRoles } from './valid.roles';
+export { ValidState } from './valid.state';
diff --git a/src/utils/enums/message.handler.ts → src/shared/enums/message.handler.ts b/src/utils/enums/message.handler.ts → src/shared/enums/message.handler.ts
@@ -1,7 +1,17 @@
 export enum MessageHandler {
   PASSWORD_INVALID = 'The password must have a Uppercase, lowercase letter and a number',
+
   UNEXPECTED_ERROR = 'Unexpected error, check server logs',
+
   UNAUTHORIZED_CREDENTIALS = 'Email or password are not valid',
   UNAUTHORIZED_TOKEN = 'Token is not valid',
   UNAUTHORIZED_USER = 'User is inactive, contact support',
+
+  USERS_NOT_FOUND = 'Users not found',
+  USER_NOT_FOUND = 'User not found',
+  USER_INVALID_ROLE = 'User does not have permissions',
+  USER_INVALID_STATUS = 'User does not have valid status',
+  USER_INACTIVE = 'User is inactive',
+
+  EMAIL_ALREADY_EXIST = 'Email is all ready exist',
 }
diff --git a/src/shared/enums/meta.roles.ts b/src/shared/enums/meta.roles.ts
@@ -0,0 +1,3 @@
+export enum MetaRoles {
+  ROLES = 'roles',
+}
diff --git a/src/shared/enums/valid.roles.ts b/src/shared/enums/valid.roles.ts
@@ -0,0 +1,4 @@
+export enum ValidRoles {
+  USER = 'User',
+  ADMIN = 'Admin',
+}
diff --git a/src/shared/enums/valid.state.ts b/src/shared/enums/valid.state.ts
@@ -0,0 +1,6 @@
+export enum ValidState {
+  ACTIVE = 'Active',
+  PREREGISTER = 'Preregister',
+  INACTIVE = 'Inactive',
+  SUSPENDED = 'Suspended',
+}