Listory/src/auth/auth.service.ts

import { ForbiddenException, Injectable } from "@nestjs/common";
import { ConfigService } from "@nestjs/config";
import { JwtService } from "@nestjs/jwt";
import { User } from "../users/user.entity";
import { UsersService } from "../users/users.service";
import { AuthSession } from "./auth-session.entity";
import { AuthSessionRepository } from "./auth-session.repository";
import { LoginDto } from "./dto/login.dto";

@Injectable()
export class AuthService {
  private readonly userFilter: null | string;
  private readonly sessionExpirationTime: string;

  constructor(
    private readonly config: ConfigService,
    private readonly usersService: UsersService,
    private readonly jwtService: JwtService,
    private readonly authSessionRepository: AuthSessionRepository
  ) {
    this.userFilter = this.config.get<string>("SPOTIFY_USER_FILTER");
    this.sessionExpirationTime = this.config.get<string>(
      "SESSION_EXPIRATION_TIME"
    );
  }

  async spotifyLogin({
    accessToken,
    refreshToken,
    profile,
  }: LoginDto): Promise<User> {
    if (!this.allowedByUserFilter(profile.id)) {
      throw new ForbiddenException("UserNotInUserFilter");
    }

    const user = await this.usersService.createOrUpdate({
      displayName: profile.displayName,
      photo: profile.photos.length > 0 ? profile.photos[0].value : null,
      spotify: {
        id: profile.id,
        accessToken,
        refreshToken,
      },
    });

    return user;
  }

  async createSession(user: User): Promise<{
    session: AuthSession;
    refreshToken: string;
  }> {
    const session = this.authSessionRepository.create();

    session.user = user;
    await this.authSessionRepository.save(session);

    const { refreshToken } = await this.createRefreshToken(session);

    return { session, refreshToken };
  }

  /**
   * createRefreshToken should only be used while creating a new session.
   * @param session
   */
  private async createRefreshToken(
    session: AuthSession
  ): Promise<{ refreshToken }> {
    const payload = {
      sub: session.user.id,
      name: session.user.displayName,
    };

    const token = await this.jwtService.signAsync(payload, {
      jwtid: session.id,
      // jwtService uses the shorter access token time as a default
      expiresIn: this.sessionExpirationTime,
    });

    return { refreshToken: token };
  }

  async createAccessToken(session: AuthSession): Promise<{ accessToken }> {
    if (session.revokedAt) {
      throw new ForbiddenException("SessionIsRevoked");
    }

    const payload = {
      sub: session.user.id,
      name: session.user.displayName,
      picture: session.user.photo,
    };

    const token = await this.jwtService.signAsync(payload);

    return { accessToken: token };
  }

  async findSession(id: string): Promise<AuthSession> {
    return this.authSessionRepository.findOne(id);
  }

  async findUser(id: string): Promise<User> {
    return this.usersService.findById(id);
  }

  allowedByUserFilter(spotifyID: string) {
    if (!this.userFilter) {
      return true;
    }

    const whitelistedIDs = this.userFilter.split(",");

    return whitelistedIDs.includes(spotifyID);
  }
}
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00			`import { ForbiddenException, Injectable } from "@nestjs/common";`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`import { ConfigService } from "@nestjs/config";`
			`import { JwtService } from "@nestjs/jwt";`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`import { User } from "../users/user.entity";`
			`import { UsersService } from "../users/users.service";`
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00			`import { AuthSession } from "./auth-session.entity";`
			`import { AuthSessionRepository } from "./auth-session.repository";`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`import { LoginDto } from "./dto/login.dto";`

			`@Injectable()`
			`export class AuthService {`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`private readonly userFilter: null \| string;`
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00			`private readonly sessionExpirationTime: string;`

feat(api): user authentication 2020-02-01 16:11:48 +01:00			`constructor(`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`private readonly config: ConfigService,`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`private readonly usersService: UsersService,`
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00			`private readonly jwtService: JwtService,`
			`private readonly authSessionRepository: AuthSessionRepository`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`) {`
			`this.userFilter = this.config.get<string>("SPOTIFY_USER_FILTER");`
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00			`this.sessionExpirationTime = this.config.get<string>(`
			`"SESSION_EXPIRATION_TIME"`
			`);`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`}`
feat(api): user authentication 2020-02-01 16:11:48 +01:00
			`async spotifyLogin({`
			`accessToken,`
			`refreshToken,`
chore(api): update dependencies 2020-05-02 17:17:20 +02:00			`profile,`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`}: LoginDto): Promise<User> {`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`if (!this.allowedByUserFilter(profile.id)) {`
refactor(api): remove deprecated function and rename exception 2021-06-22 20:34:55 +02:00			`throw new ForbiddenException("UserNotInUserFilter");`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00			`}`

feat(api): user authentication 2020-02-01 16:11:48 +01:00			`const user = await this.usersService.createOrUpdate({`
			`displayName: profile.displayName,`
chore(deps): update dependency passport-spotify to v2 2021-08-14 17:30:38 +00:00			`photo: profile.photos.length > 0 ? profile.photos[0].value : null,`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`spotify: {`
			`id: profile.id,`
			`accessToken,`
chore(api): update dependencies 2020-05-02 17:17:20 +02:00			`refreshToken,`
			`},`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`});`

			`return user;`
			`}`

chore: run prettier format 2021-05-25 16:01:55 +02:00			`async createSession(user: User): Promise<{`
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00			`session: AuthSession;`
			`refreshToken: string;`
			`}> {`
			`const session = this.authSessionRepository.create();`

			`session.user = user;`
			`await this.authSessionRepository.save(session);`

refactor(api): remove deprecated function and rename exception 2021-06-22 20:34:55 +02:00			`const { refreshToken } = await this.createRefreshToken(session);`
feat: implement long-lived sessions 2020-09-05 23:35:53 +02:00
			`return { session, refreshToken };`
			`}`

			`/**`
			`* createRefreshToken should only be used while creating a new session.`
			`* @param session`
			`*/`
			`private async createRefreshToken(`
			`session: AuthSession`
			`): Promise<{ refreshToken }> {`
			`const payload = {`
			`sub: session.user.id,`
			`name: session.user.displayName,`
			`};`

			`const token = await this.jwtService.signAsync(payload, {`
			`jwtid: session.id,`
			`// jwtService uses the shorter access token time as a default`
			`expiresIn: this.sessionExpirationTime,`
			`});`

			`return { refreshToken: token };`
			`}`

			`async createAccessToken(session: AuthSession): Promise<{ accessToken }> {`
			`if (session.revokedAt) {`
			`throw new ForbiddenException("SessionIsRevoked");`
			`}`

			`const payload = {`
			`sub: session.user.id,`
			`name: session.user.displayName,`
			`picture: session.user.photo,`
			`};`

			`const token = await this.jwtService.signAsync(payload);`

			`return { accessToken: token };`
			`}`

			`async findSession(id: string): Promise<AuthSession> {`
			`return this.authSessionRepository.findOne(id);`
			`}`

feat(api): user authentication 2020-02-01 16:11:48 +01:00			`async findUser(id: string): Promise<User> {`
			`return this.usersService.findById(id);`
			`}`
feat(api): add optional spotify user whitelist 2020-05-03 20:18:57 +02:00
			`allowedByUserFilter(spotifyID: string) {`
			`if (!this.userFilter) {`
			`return true;`
			`}`

			`const whitelistedIDs = this.userFilter.split(",");`

			`return whitelistedIDs.includes(spotifyID);`
			`}`
feat(api): user authentication 2020-02-01 16:11:48 +01:00			`}`