fix auth

Author: huongdang0208

prisma/migrations/20240917152857_fix_unique_field/migration.sql

@@ -0,0 +1,8 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[username]` on the table `user` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- CreateIndex
+CREATE UNIQUE INDEX `user_username_key` ON `user`(`username`);

prisma/schema.prisma

@@ -16,7 +16,7 @@ datasource db {
 model user {
   id       Int     @id @default(autoincrement())
   email    String? @unique @db.VarChar(100)
-  username String? @db.VarChar(100)
+  username String? @unique @db.VarChar(100)
   password String? @db.VarChar(100)
 
   token_cache_login String?   @db.VarChar(100)

src/app.module.ts

@@ -11,11 +11,11 @@ import { HttpModule } from "@nestjs/axios";
 import { UserModule } from "./modules/user/user.module";
 import { AuthenticateModule } from "./modules/authenticate/authenticate.module";
 import { appConfig, mailConfig } from "./config";
-import { MailModule } from "./modules/mail/mail.module";
 import { FileModule } from "./modules/file/file.module";
 import { AppController } from "./app.controller";
-import { ContactModule } from "./modules/contact/contact.module";
 import { DeviceModule } from './modules/device/device.module';
+import { Prisma } from "@prisma/client";
+import { PrismaModule } from "./modules/prisma/prisma.module";
 
 @Module({
     imports: [
@@ -54,10 +54,9 @@ import { DeviceModule } from './modules/device/device.module';
         PassportModule.register({ session: true }),
         UserModule,
         AuthenticateModule,
-        MailModule,
         FileModule,
-        ContactModule,
         DeviceModule,
+        PrismaModule,
     ],
     controllers: [AppController],
     providers: [],

src/guards/roles/roles.guard.ts

@@ -1,32 +1,32 @@
-import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
-import { Observable } from "rxjs";
-import { Reflector } from "@nestjs/core";
-import { GqlExecutionContext } from "@nestjs/graphql";
-import { ROLES_KEY } from "../../decorators/roles/roles.decorator";
-import { User } from "../../modules/user/entities/user.entity";
-import { Role } from "../../utils/types/role.enum";
+// import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+// import { Observable } from "rxjs";
+// import { Reflector } from "@nestjs/core";
+// import { GqlExecutionContext } from "@nestjs/graphql";
+// import { ROLES_KEY } from "../../decorators/roles/roles.decorator";
+// import { User } from "../../modules/user/entities/user.entity";
+// import { Role } from "../../utils/types/role.enum";
 
-@Injectable()
-export class RolesGuard implements CanActivate {
-    constructor(private reflector: Reflector) {}
+// @Injectable()
+// export class RolesGuard implements CanActivate {
+//     constructor(private reflector: Reflector) {}
 
-    canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
-        const requiredRoles = this.reflector.getAllAndOverride<Role[]>(ROLES_KEY, [context.getHandler(), context.getClass()]);
+//     canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
+//         const requiredRoles = this.reflector.getAllAndOverride<Role[]>(ROLES_KEY, [context.getHandler(), context.getClass()]);
 
-        if (!requiredRoles) {
-            return true;
-        }
+//         if (!requiredRoles) {
+//             return true;
+//         }
 
-        const ctx = GqlExecutionContext.create(context);
-        const request = ctx.getContext().req;
+//         const ctx = GqlExecutionContext.create(context);
+//         const request = ctx.getContext().req;
 
-        const user: User = request.user;
+//         const user: User = request.user;
 
-        if (user) {
-            const roles = user.role;
-            return requiredRoles.some((role) => roles.includes(role));
-        }
+//         if (user) {
+//             const roles = user.role;
+//             return requiredRoles.some((role) => roles.includes(role));
+//         }
 
-        return false;
-    }
-}
+//         return false;
+//     }
+// }

src/main.ts

@@ -8,7 +8,9 @@ import { AppModule } from "./app.module";
 process.env.TZ = "Asia/Ho_Chi_Minh";
 
 async function bootstrap() {
-    const app = await NestFactory.create(AppModule);
+    const app = await NestFactory.create(AppModule, {
+        logger: ['log', 'error', 'warn', 'debug', 'verbose'], // Ensure 'log' is included
+      });
 
     app.useGlobalPipes(
         new ValidationPipe({
@@ -20,7 +22,7 @@ async function bootstrap() {
 
     app.use(
         session({
-            name: "DAVINCI_SESSION_ID",
+            name: "HARMONY_SESSION",
             secret: configService.get("session.secret"),
             resave: false,
             // when user is login, session is created, and if not, we don't

src/modules/authenticate/authenticate.module.ts

@@ -10,12 +10,23 @@ import { LocalStrategy } from "./strategies/local.strategy";
 import { UserModule } from "../user/user.module";
 import { JwtStrategy } from "./strategies/jwt.strategy";
 import { GoogleStrategy } from "./strategies/google.strategy";
+import { JwtModule } from "@nestjs/jwt";
+import { ConfigModule, ConfigService } from "@nestjs/config";
 
 @Module({
     imports: [
         PassportModule,
         UserModule,
         HttpModule,
+        ConfigModule,
+        JwtModule.registerAsync({
+            imports: [ConfigModule],
+            useFactory: async (configService: ConfigService) => ({
+                secret: configService.get<string>("JWT_SECRET"),
+                signOptions: { expiresIn: "60m" },
+            }),
+            inject: [ConfigService],
+        }),
     ],
     providers: [AuthenticateResolver, AuthenticateService, LocalSerializer, LocalStrategy, JwtStrategy, Auth.OAuth2Client, GoogleStrategy],
 })

src/modules/authenticate/authenticate.service.ts

@@ -1,9 +1,10 @@
 // import { session } from 'express-session';
-import { Injectable } from "@nestjs/common";
+import { HttpException, HttpStatus, Injectable } from "@nestjs/common";
 import bcrypt from "bcrypt";
 import { GraphQLError } from "graphql";
 import { google, Auth } from "googleapis";
 import { JwtService } from "@nestjs/jwt";
+import { Logger } from '@nestjs/common';
 
 import { LoginInput } from "./dto/login.dto";
 import { RegisterAuthenticateInput } from "./dto/register.dto";
@@ -27,23 +28,25 @@ export class AuthenticateService {
         this.oauthClient = new google.auth.OAuth2(clientID, clientSecret);
     }
 
-    async validateUser(email: string, password: string) {
+    async validateUser(username: string, pwd: string) {
         try {
+            console.log("🚀 ~ file: authenticate.service.ts ~ line 57 ~ AuthenticateService ~ validateUser ~ email", username);
             const user = await this.prisma.user.findUniqueOrThrow({
-                where: { email: email },
+                where: { username: username },
             });
+            console.log("🚀 ~ file: authenticate.service.ts ~ line 59 ~ AuthenticateService ~ validateUser ~ user", user);
 
             if (!user) {
                 throw new GraphQLError("User not found");
             }
 
-            const valid = await bcrypt.compare(password, user.password);
+            const valid = await bcrypt.compare(pwd, user.password);
 
             if (!valid) {
                 throw new GraphQLError("Invalid password");
             }
 
-            return user
+            return user;
         } catch (error) {
             throw error;
         }
@@ -53,7 +56,7 @@ export class AuthenticateService {
         try {
             const user = await this.prisma.user.findFirst({
                 where: { email: registerAuthenticateInput.email },
-            })
+            });
 
             if (user) {
                 throw new GraphQLError("User already exists");
@@ -76,30 +79,76 @@ export class AuthenticateService {
             }
             return newUser;
         } catch (error) {
-            console.log(error)
+            console.log(error);
             throw error;
         }
     }
 
+    private async signTokens(userId: number, email: string) {
+        const [accessToken, refreshToken] = await Promise.all([
+            this.jwtService.signAsync(
+                {
+                    sub: userId,
+                    email,
+                },
+                {
+                    secret: this.configService.get("JWT_SECRET"),
+                    expiresIn: "1h",
+                },
+            ),
+            this.jwtService.signAsync(
+                {
+                    sub: userId,
+                },
+                {
+                    secret: this.configService.get("JWT_SECRET"),
+                    expiresIn: "7d",
+                },
+            ),
+        ]);
+
+        return {
+            accessToken,
+            refreshToken,
+        };
+    }
+
     async login(loginAuthenticateInput: LoginInput) {
         try {
             const user = await this.prisma.user.findFirst({
-                where: { username: loginAuthenticateInput.username },
+                where: {
+                    username: loginAuthenticateInput.username,
+                },
             });
 
             if (!user) {
-                throw new GraphQLError("User not found");
+                throw new HttpException("Not found", HttpStatus.NOT_FOUND);
             }
 
-            const valid = await bcrypt.compare(loginAuthenticateInput.password, user.password);
+            const result = await bcrypt.compare(loginAuthenticateInput.password, user.password);
 
-            if (!valid) {
-                throw new GraphQLError("Invalid password");
+            if (!result) {
+                throw new Error("Thông tin đăng nhập không hợp lệ");
             }
 
-            return user;
+            const { accessToken, refreshToken } = await this.signTokens(user.id, user.email);
+
+            // Save to session
+            await this.prisma.session.create({
+                data: {
+                    userID: user.id,
+                    accessToken,
+                    refreshToken,
+                },
+            });
+
+            return {
+                accessToken,
+                refreshToken,
+                user: user,
+            };
         } catch (error) {
-            throw error;
+            throw new HttpException(error, HttpStatus.SERVICE_UNAVAILABLE);
         }
     }
 
@@ -144,25 +193,25 @@ export class AuthenticateService {
     async googleLogin(accessToken: string) {
         const token: any = jwtDecode(accessToken);
         try {
-          const user = await this.prisma.user.findFirst({ where: { email: token?.email } });
-          if (!user) {
-            await this.prisma.user.create({
-              data: {
-                username: token?.name,
-                email: token?.email,
-                password: token?.sub, // You might want to hash this or handle it differently
-              },
-            });
-          }
-          const authenticatedUser = await this.prisma.user.findFirst({ where: { email: token?.email } });
-          if (!authenticatedUser) {
-            throw new GraphQLError('Error');
-          }
-          return authenticatedUser;
+            const user = await this.prisma.user.findFirst({ where: { email: token?.email } });
+            if (!user) {
+                await this.prisma.user.create({
+                    data: {
+                        username: token?.name,
+                        email: token?.email,
+                        password: token?.sub, // You might want to hash this or handle it differently
+                    },
+                });
+            }
+            const authenticatedUser = await this.prisma.user.findFirst({ where: { email: token?.email } });
+            if (!authenticatedUser) {
+                throw new GraphQLError("Error");
+            }
+            return authenticatedUser;
         } catch (err) {
-          throw new GraphQLError(err);
+            throw new GraphQLError(err);
         }
-      }
+    }
 
     async refreshToken(params: RefreshTokenInput, accessToken: string) {
         try {

src/modules/authenticate/dto/login.dto.ts

@@ -1,5 +1,5 @@
 import { InputType, Field, ObjectType } from "@nestjs/graphql";
-import { IsString } from "class-validator";
+import { IsEmail, IsString } from "class-validator";
 import { User } from "../../user/entities/user.entity";
 import { BaseOneAbstractResult } from "../../base/dto/base-one.abstract-result";
 

src/modules/authenticate/guards/gql-auth.guard.ts

@@ -1,4 +1,4 @@
-import { ExecutionContext, Injectable } from "@nestjs/common";
+import { ExecutionContext, Injectable, UnauthorizedException } from "@nestjs/common";
 import { GqlExecutionContext } from "@nestjs/graphql";
 import { AuthGuard } from "@nestjs/passport";
 
@@ -21,4 +21,11 @@ export class GqlLocalAuthGuard extends AuthGuard("local") {
 
         return context.switchToHttp().getRequest();
     }
+    handleRequest(err, user, info, context) {
+        if (err || !user) {
+            console.log("🚀 ~ file: gql-auth.guard.ts ~ line 47 ~ GqlLocalAuthGuard ~ handleRequest ~ err", err);
+            throw err || new UnauthorizedException();
+        }
+        return user;
+      }
 }

src/modules/authenticate/strategies/local.strategy.ts

@@ -12,8 +12,8 @@ export class LocalStrategy extends PassportStrategy(Strategy) {
         });
     }
 
-    async validate(email: string, password: string) {
-        const user = await this.authService.validateUser(email, password);
+    async validate(username: string, password: string) {
+        const user = await this.authService.validateUser(username, password);
 
         if (!user) {
             throw new GraphQLError("Credentials incorrect");