2020-09-05 23:35:53 +02:00
|
|
|
import {
|
2023-10-01 03:35:02 +02:00
|
|
|
Body as NestBody,
|
2020-09-05 23:35:53 +02:00
|
|
|
Controller,
|
2023-02-19 16:16:34 +01:00
|
|
|
Delete,
|
2020-09-05 23:35:53 +02:00
|
|
|
Get,
|
2023-02-20 23:50:57 +01:00
|
|
|
Param,
|
2020-09-05 23:35:53 +02:00
|
|
|
Post,
|
|
|
|
|
Res,
|
|
|
|
|
UseFilters,
|
|
|
|
|
UseGuards,
|
|
|
|
|
} from "@nestjs/common";
|
2023-02-19 16:16:34 +01:00
|
|
|
import { ApiBody, ApiTags } from "@nestjs/swagger";
|
2023-10-01 03:35:02 +02:00
|
|
|
import type { Response as ExpressResponse } from "express";
|
2020-02-01 16:11:48 +01:00
|
|
|
import { User } from "../users/user.entity";
|
2020-09-05 23:35:53 +02:00
|
|
|
import { AuthSession } from "./auth-session.entity";
|
2020-02-01 16:11:48 +01:00
|
|
|
import { AuthService } from "./auth.service";
|
2020-09-05 23:35:53 +02:00
|
|
|
import { COOKIE_REFRESH_TOKEN } from "./constants";
|
2023-02-19 16:16:34 +01:00
|
|
|
import { AuthAccessToken } from "./decorators/auth-access-token.decorator";
|
2020-05-02 20:04:33 +02:00
|
|
|
import { ReqUser } from "./decorators/req-user.decorator";
|
2023-02-20 23:50:57 +01:00
|
|
|
import { ApiTokenDto } from "./dto/api-token.dto";
|
2023-02-19 16:16:34 +01:00
|
|
|
import { CreateApiTokenRequestDto } from "./dto/create-api-token-request.dto";
|
2023-02-20 23:50:57 +01:00
|
|
|
import { NewApiTokenDto } from "./dto/new-api-token.dto";
|
2020-09-05 23:35:53 +02:00
|
|
|
import { RefreshAccessTokenResponseDto } from "./dto/refresh-access-token-response.dto";
|
2023-02-19 16:16:34 +01:00
|
|
|
import { RevokeApiTokenRequestDto } from "./dto/revoke-api-token-request.dto";
|
2020-09-05 23:35:53 +02:00
|
|
|
import {
|
|
|
|
|
RefreshTokenAuthGuard,
|
|
|
|
|
SpotifyAuthGuard,
|
|
|
|
|
} from "./guards/auth-strategies.guard";
|
2020-05-02 20:04:33 +02:00
|
|
|
import { SpotifyAuthFilter } from "./spotify.filter";
|
2020-02-01 16:11:48 +01:00
|
|
|
|
2022-07-12 20:32:55 +02:00
|
|
|
@ApiTags("auth")
|
2020-02-01 16:11:48 +01:00
|
|
|
@Controller("api/v1/auth")
|
|
|
|
|
export class AuthController {
|
2021-06-20 00:49:17 +02:00
|
|
|
constructor(private readonly authService: AuthService) {}
|
2020-02-01 16:11:48 +01:00
|
|
|
|
|
|
|
|
@Get("spotify")
|
2020-09-05 23:35:53 +02:00
|
|
|
@UseGuards(SpotifyAuthGuard)
|
2020-02-01 16:11:48 +01:00
|
|
|
spotifyRedirect() {
|
|
|
|
|
// User is redirected by AuthGuard
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Get("spotify/callback")
|
2020-05-02 20:04:33 +02:00
|
|
|
@UseFilters(SpotifyAuthFilter)
|
2020-09-05 23:35:53 +02:00
|
|
|
@UseGuards(SpotifyAuthGuard)
|
2023-10-01 03:35:02 +02:00
|
|
|
async spotifyCallback(@ReqUser() user: User, @Res() res: ExpressResponse) {
|
2020-09-05 23:35:53 +02:00
|
|
|
const { refreshToken } = await this.authService.createSession(user);
|
2020-02-01 16:11:48 +01:00
|
|
|
|
2020-09-05 23:35:53 +02:00
|
|
|
// Refresh token should not be accessible to frontend to reduce risk
|
|
|
|
|
// of XSS attacks.
|
|
|
|
|
res.cookie(COOKIE_REFRESH_TOKEN, refreshToken, { httpOnly: true });
|
2020-02-01 16:11:48 +01:00
|
|
|
|
|
|
|
|
// Redirect User to SPA
|
2020-05-02 21:46:05 +02:00
|
|
|
res.redirect("/login/success?source=spotify");
|
2020-02-01 16:11:48 +01:00
|
|
|
}
|
2020-09-05 23:35:53 +02:00
|
|
|
|
|
|
|
|
@Post("token/refresh")
|
|
|
|
|
@UseGuards(RefreshTokenAuthGuard)
|
|
|
|
|
async refreshAccessToken(
|
|
|
|
|
// With RefreshTokenAuthGuard the session is available instead of user
|
2023-09-16 13:02:19 +02:00
|
|
|
@ReqUser() session: AuthSession,
|
2020-09-05 23:35:53 +02:00
|
|
|
): Promise<RefreshAccessTokenResponseDto> {
|
|
|
|
|
const { accessToken } = await this.authService.createAccessToken(session);
|
|
|
|
|
|
|
|
|
|
return { accessToken };
|
|
|
|
|
}
|
2023-02-19 16:16:34 +01:00
|
|
|
|
|
|
|
|
@Post("api-tokens")
|
|
|
|
|
@ApiBody({ type: CreateApiTokenRequestDto })
|
|
|
|
|
@AuthAccessToken()
|
|
|
|
|
async createApiToken(
|
|
|
|
|
@ReqUser() user: User,
|
2023-10-01 03:35:02 +02:00
|
|
|
@NestBody("description") description: string,
|
2023-02-20 23:50:57 +01:00
|
|
|
): Promise<NewApiTokenDto> {
|
|
|
|
|
const apiToken = await this.authService.createApiToken(user, description);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
id: apiToken.id,
|
|
|
|
|
description: apiToken.description,
|
|
|
|
|
token: apiToken.token,
|
|
|
|
|
createdAt: apiToken.createdAt,
|
|
|
|
|
};
|
2023-02-19 16:16:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Get("api-tokens")
|
|
|
|
|
@AuthAccessToken()
|
2023-02-20 23:50:57 +01:00
|
|
|
async listApiTokens(@ReqUser() user: User): Promise<ApiTokenDto[]> {
|
|
|
|
|
const apiTokens = await this.authService.listApiTokens(user);
|
|
|
|
|
|
|
|
|
|
return apiTokens.map((apiToken) => ({
|
|
|
|
|
id: apiToken.id,
|
|
|
|
|
description: apiToken.description,
|
|
|
|
|
prefix: apiToken.token.slice(0, 12),
|
|
|
|
|
createdAt: apiToken.createdAt,
|
|
|
|
|
revokedAt: apiToken.revokedAt,
|
|
|
|
|
}));
|
2023-02-19 16:16:34 +01:00
|
|
|
}
|
|
|
|
|
|
2023-02-20 23:50:57 +01:00
|
|
|
@Delete("api-tokens/:id")
|
2023-02-19 16:16:34 +01:00
|
|
|
@ApiBody({ type: RevokeApiTokenRequestDto })
|
|
|
|
|
@AuthAccessToken()
|
2023-02-20 23:50:57 +01:00
|
|
|
async revokeApiToken(
|
|
|
|
|
@ReqUser() user: User,
|
2023-09-16 13:02:19 +02:00
|
|
|
@Param("id") id: string,
|
2023-02-20 23:50:57 +01:00
|
|
|
): Promise<void> {
|
|
|
|
|
return this.authService.revokeApiToken(user, id);
|
2023-02-19 16:16:34 +01:00
|
|
|
}
|
2020-02-01 16:11:48 +01:00
|
|
|
}
|
