apricote/Listory
1
0
Fork 0
mirror of https://github.com/apricote/Listory.git synced 2026-01-13 13:11:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat(api): add optional spotify user whitelist

Browse source
This commit is contained in:
Julian Tölle 2020-05-03 20:18:57 +02:00
parent a7c5c68540
commit a27fcce03b
3 changed files with 41 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/auth/auth.service.ts
View file

@ -1,21 +1,30 @@
import { Injectable } from "@nestjs/common"; import { Injectable, ForbiddenException } from "@nestjs/common";
import { ConfigService } from "@nestjs/config";
import { JwtService } from "@nestjs/jwt";
import { User } from "../users/user.entity"; import { User } from "../users/user.entity";
import { UsersService } from "../users/users.service"; import { UsersService } from "../users/users.service";
import { LoginDto } from "./dto/login.dto"; import { LoginDto } from "./dto/login.dto";
import { JwtService } from "@nestjs/jwt";
@Injectable() @Injectable()
export class AuthService { export class AuthService {
private readonly userFilter: null | string;
constructor( constructor(
private readonly config: ConfigService,
private readonly usersService: UsersService, private readonly usersService: UsersService,
private readonly jwtService: JwtService private readonly jwtService: JwtService
) {} ) {
this.userFilter = this.config.get<string>("SPOTIFY_USER_FILTER");
}
async spotifyLogin({ async spotifyLogin({
accessToken, accessToken,
refreshToken, refreshToken,
profile, profile,
}: LoginDto): Promise<User> { }: LoginDto): Promise<User> {
if (!this.allowedByUserFilter(profile.id)) {
throw new ForbiddenException("UserNotWhitelisted");
}
const user = await this.usersService.createOrUpdate({ const user = await this.usersService.createOrUpdate({
displayName: profile.displayName, displayName: profile.displayName,
photo: profile.photos.length > 0 ? profile.photos[0] : null, photo: profile.photos.length > 0 ? profile.photos[0] : null,
@ -44,4 +53,20 @@ export class AuthService {
async findUser(id: string): Promise<User> { async findUser(id: string): Promise<User> {
return this.usersService.findById(id); return this.usersService.findById(id);
} }
allowedByUserFilter(spotifyID: string) {
if (!this.userFilter) {
return true;
}
const whitelistedIDs = this.userFilter.split(",");
console.log("whitelisted ids", {
whitelistedIDs,
uf: this.userFilter,
spotifyID,
});
return whitelistedIDs.includes(spotifyID);
}
} }

13
src/auth/spotify.filter.ts
View file

@ -1,4 +1,9 @@
import { ArgumentsHost, Catch, ExceptionFilter } from "@nestjs/common"; import {
ArgumentsHost,
Catch,
ExceptionFilter,
ForbiddenException,
} from "@nestjs/common";
import { Response } from "express"; import { Response } from "express";
import { Logger } from "../logger/logger.service"; import { Logger } from "../logger/logger.service";
@ -16,6 +21,12 @@ export class SpotifyAuthFilter implements ExceptionFilter {
if (exception.name === "TokenError") { if (exception.name === "TokenError") {
// Error during oauth2 flow // Error during oauth2 flow
reason = "oauth2"; reason = "oauth2";
} else if (
exception instanceof ForbiddenException &&
exception.message === "UserNotWhitelisted"
) {
// User ID is not in the whitelist
reason = "whitelist";
} }
this.logger.error( this.logger.error(

1
src/config/config.module.ts
View file

@ -27,6 +27,7 @@ import {
SPOTIFY_AUTH_API_URL: Joi.string().default( SPOTIFY_AUTH_API_URL: Joi.string().default(
"https://accounts.spotify.com/" "https://accounts.spotify.com/"
), ),
SPOTIFY_USER_FILTER: Joi.string(),
// DB // DB
DB_HOST: Joi.string().required(), DB_HOST: Joi.string().required(),