Merge branch 'development' of https://gitlab.com/empatnusabangsa/ppob/ppob-backend into development

2021-12-08 18:13:16 +07:00
parent 988d545b64 9510a39d5b
commit 679bb758d8
15 changed files with 177 additions and 93 deletions
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -8,7 +8,6 @@ import { LoggerModule } from 'nestjs-pino';
 import { TransactionModule } from './transaction/transaction.module';
 import { ProductModule } from './product/product.module';
 import { ConfigurableModule } from './configurable/configurable.module';
-// import { AuthModule } from './auth/auth.module';
 import { AuthModule } from './auth/auth.module';
 import configuration from './config/configuration';

@@ -22,10 +21,11 @@ import configuration from './config/configuration';
          .valid('development', 'production', 'test', 'provision')
          .default('development'),
        PORT: Joi.number().default(3000),
-        DATABASE_CLIENT: Joi.valid('mysql', 'postgres'),
-        DATABASE_HOST: Joi.string(),
-        DATABASE_NAME: Joi.string(),
-        DATABASE_USERNAME: Joi.string(),
+        SECRET: Joi.string().required(),
+        DATABASE_CLIENT: Joi.valid('mysql', 'postgres').required(),
+        DATABASE_HOST: Joi.string().required(),
+        DATABASE_NAME: Joi.string().required(),
+        DATABASE_USERNAME: Joi.string().required(),
        DATABASE_PASSWORD: Joi.string().empty('').default(''),
        DATABASE_PORT: Joi.number().default(5432),
      }),
@@ -53,6 +53,7 @@ import configuration from './config/configuration';
    TransactionModule,
    ConfigurableModule,
    ProductModule,
+    AuthModule,
  ],
 })
 export class AppModule {}
--- a/src/auth/auth.controller.ts
+++ b/src/auth/auth.controller.ts
@@ -1,13 +1,26 @@
-import { Controller, Post } from '@nestjs/common';
-import { InputLoginDto } from './dto/input-login.dto';
+import { Controller, Post, UseGuards, Request, Get } from '@nestjs/common';
+import { LocalAuthGuard } from './local-auth.guard';
 import { AuthService } from './auth.service';
+import { JwtAuthGuard } from './jwt-auth.guard';
+import {Public} from "./public.decorator";

-@Controller('auth')
+@Controller({
+  path: 'auth',
+  version: '1',
+})
 export class AuthController {
-  constructor(private readonly authService: AuthService) {}
+  constructor(private authService: AuthService) {}

-  // @Post('login')
-  // public async login( @Body() loginUserDto: InputLoginDto): Promise<LoginStatus> {
-  //   return await this.authService.findByLogin(loginUserDto);
-  // }
+  @Public()
+  @UseGuards(LocalAuthGuard)
+  @Post('login')
+  async login(@Request() req) {
+    return this.authService.login(req.user);
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Get('profile')
+  getProfile(@Request() req) {
+    return req.user;
+  }
 }
--- a/src/auth/auth.module.ts
+++ b/src/auth/auth.module.ts
@@ -2,20 +2,40 @@ import { Module } from '@nestjs/common';
 import { AuthService } from './auth.service';
 import { UsersModule } from '../users/users.module';
 import { PassportModule } from '@nestjs/passport';
-import { JwtModule, JwtStrategy } from 'passport-jwt';
+import { LocalStrategy } from './local.strategy';
 import { AuthController } from './auth.controller';
+import { JwtModule } from '@nestjs/jwt';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { JwtStrategy } from './jwt.strategy';
+import { APP_GUARD } from '@nestjs/core';
+import { JwtAuthGuard } from './jwt-auth.guard';

@Module({
  imports: [
    UsersModule,
-    PassportModule.register({
-      defaultStrategy: 'jwt',
-      property: 'user',
-      session: false,
+    PassportModule,
+    ConfigModule,
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (configService: ConfigService) => {
+        return {
+          secret: configService.get<string>('secret'),
+          signOptions: { expiresIn: '1d' },
+        };
+      },
    }),
  ],
+  providers: [
+    AuthService,
+    LocalStrategy,
+    JwtStrategy,
+    {
+      provide: APP_GUARD,
+      useClass: JwtAuthGuard,
+    },
+  ],
  controllers: [AuthController],
-  providers: [AuthService, JwtStrategy],
-  exports: [PassportModule, JwtModule],
+  exports: [AuthService],
 })
 export class AuthModule {}
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -1,46 +1,35 @@
-import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { UsersService } from '../users/users.service';
-import { InputLoginDto } from './dto/input-login.dto';
-import { InjectRepository } from '@nestjs/typeorm';
-import { User } from '../users/entities/user.entity';
-import { Repository } from 'typeorm';
 import { hashPassword } from '../helper/hash_password';
-import { ResponseLoginDto } from './dto/response-login.dto';
+import { JwtService } from '@nestjs/jwt';

@Injectable()
 export class AuthService {
  constructor(
-    @InjectRepository(User)
-    private usersRepository: Repository<User>,
+    private usersService: UsersService,
+    private jwtService: JwtService,
  ) {}

-  // async findByLogin({ username, password }: InputLoginDto): Promise<ResponseLoginDto> {
-  //   const user = await this.usersRepository.findOne({ where: { username } });
-  //
-  //   if (!user) {
-  //     throw new HttpException(
-  //       {
-  //         statusCode: HttpStatus.FORBIDDEN,
-  //         error: 'Username not found',
-  //       },
-  //       HttpStatus.FORBIDDEN,
-  //     );
-  //   }
-  //
-  //   // compare passwords
-  //   const hashData = await hashPassword(password, user.salt);
-  //
-  //   if( hashData != user.password ){
-  //     throw new HttpException(
-  //       {
-  //         statusCode: HttpStatus.FORBIDDEN,
-  //         error: 'Password Not Match',
-  //       },
-  //       HttpStatus.FORBIDDEN,
-  //     );
-  //   }
-  //
-  //   return ResponseLoginDto(user);
-  // }
+  async validateUser(username: string, pass: string): Promise<any> {
+    const user = await this.usersService.findOneByUsername(username);

+    if (user && user.password === (await hashPassword(pass, user.salt))) {
+      const { password, ...result } = user;
+
+      return result;
+    }
+
+    return null;
+  }
+
+  async login(user: any) {
+    const payload = {
+      username: user.username,
+      sub: user.userId,
+    };
+
+    return {
+      access_token: this.jwtService.sign(payload),
+    };
+  }
 }
--- a/src/auth/dto/input-login.dto.ts
+++ b/src/auth/dto/input-login.dto.ts
@@ -1,9 +0,0 @@
-import { IsNotEmpty } from 'class-validator';
-
-export class InputLoginDto {
-  @IsNotEmpty()
-  username: string;
-
-  @IsNotEmpty()
-  password: string;
-}
--- a/src/auth/dto/response-login.dto.ts
+++ b/src/auth/dto/response-login.dto.ts
@@ -1,9 +0,0 @@
-import { IsNotEmpty } from 'class-validator';
-
-export class ResponseLoginDto {
-  @IsNotEmpty()
-  username: string;
-
-  @IsNotEmpty()
-  jwt: string;
-}
--- a/src/auth/jwt-auth.guard.ts
+++ b/src/auth/jwt-auth.guard.ts
@@ -0,0 +1,24 @@
+import { ExecutionContext, Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import { Reflector } from '@nestjs/core';
+import { IS_PUBLIC_KEY } from './public.decorator';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(context: ExecutionContext) {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+}
--- a/src/auth/jwt.strategy.ts
+++ b/src/auth/jwt.strategy.ts
@@ -0,0 +1,19 @@
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { PassportStrategy } from '@nestjs/passport';
+import { Injectable } from '@nestjs/common';
+import {ConfigService} from "@nestjs/config";
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor(configService: ConfigService) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: configService.get<string>('secret'),
+    });
+  }
+
+  async validate(payload: any) {
+    return { userId: payload.sub, username: payload.username };
+  }
+}
--- a/src/auth/local.strategy.ts
+++ b/src/auth/local.strategy.ts
@@ -2,7 +2,6 @@ import { Strategy } from 'passport-local';
 import { PassportStrategy } from '@nestjs/passport';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { AuthService } from './auth.service';
-import { User } from '../users/entities/user.entity';

@Injectable()
 export class LocalStrategy extends PassportStrategy(Strategy) {
@@ -10,19 +9,13 @@ export class LocalStrategy extends PassportStrategy(Strategy) {
    super();
  }

-  // async validate(
-  //   username: string,
-  //   password: string,
-  // ): Promise<Omit<User, 'password'>> {
-  //   const user = await this.authService.validateUser({
-  //     username,
-  //     password,
-  //   });
-  //
-  //   if (!user) {
-  //     throw new UnauthorizedException();
-  //   }
-  //
-  //   return user;
-  // }
+  async validate(username: string, password: string): Promise<any> {
+    const user = await this.authService.validateUser(username, password);
+
+    if (!user) {
+      throw new UnauthorizedException();
+    }
+
+    return user;
+  }
 }
--- a/src/auth/public.decorator.ts
+++ b/src/auth/public.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
--- a/src/config/configuration.ts
+++ b/src/config/configuration.ts
@@ -1,6 +1,7 @@
 export default () => {
  return {
    port: parseInt(process.env.PORT, 10) || 3000,
+    secret: process.env.SECRET,
    database: {
      client: process.env.DATABASE_CLIENT,
      host: process.env.DATABASE_HOST,
--- a/src/users/dto/create-user.dto.ts
+++ b/src/users/dto/create-user.dto.ts
@@ -1,4 +1,4 @@
-import { IsNotEmpty, IsUUID } from 'class-validator';
+import { IsNotEmpty, IsOptional, IsUUID, ValidateIf } from 'class-validator';

 export class CreateUserDto {
  @IsNotEmpty()
@@ -10,6 +10,9 @@ export class CreateUserDto {
  @IsUUID()
  roleId: string;

+  @ValidateIf((o) => {
+    return !!o.superior;
+  })
  @IsUUID()
  superior: string;
 }
--- a/src/users/users.controller.ts
+++ b/src/users/users.controller.ts
@@ -13,6 +13,7 @@ import {
 import { UsersService } from './users.service';
 import { CreateUserDto } from './dto/create-user.dto';
 import { UpdateUserDto } from './dto/update-user.dto';
+import {Public} from "../auth/public.decorator";

@Controller({
  path: 'users',
@@ -32,6 +33,7 @@ export class UsersController {
    };
  }

+  @Public()
  @Get()
  async findAll(@Query('page') page: number) {
    const [data, count] = await this.usersService.findAll(page);