ldap-tfa: add method GET /telegram-confirm
This commit is contained in:
vchikalkin
parent
8cad617acb
commit
1a0cfec09f
@ -1,17 +1,38 @@
|
||||
/* eslint-disable @typescript-eslint/explicit-member-accessibility */
|
||||
import { Body, Controller, HttpException, HttpStatus, Post, Req, Res } from '@nestjs/common';
|
||||
import { CACHE_MANAGER } from '@nestjs/cache-manager';
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
Get,
|
||||
HttpException,
|
||||
HttpStatus,
|
||||
Inject,
|
||||
Post,
|
||||
Query,
|
||||
Req,
|
||||
Res,
|
||||
} from '@nestjs/common';
|
||||
import { ApiResponse, ApiTags } from '@nestjs/swagger';
|
||||
import axios from 'axios';
|
||||
import { Cache } from 'cache-manager';
|
||||
import { FastifyReply, FastifyRequest } from 'fastify';
|
||||
import { cookieOptions } from 'src/config/cookie';
|
||||
import { env } from 'src/config/env';
|
||||
import { AuthToken } from 'src/decorators/token.decorator';
|
||||
import { Credentials } from 'src/dto/credentials';
|
||||
import { LdapController } from 'src/ldap/ldap.controller';
|
||||
import { LdapService } from 'src/ldap/ldap.service';
|
||||
import type { User } from 'src/utils/ldap';
|
||||
|
||||
@Controller('ldap-tfa')
|
||||
@ApiTags('ldap-tfa')
|
||||
export class LdapTfaController extends LdapController {
|
||||
constructor(
|
||||
protected readonly ldapService: LdapService,
|
||||
@Inject(CACHE_MANAGER) private readonly cacheManager: Cache
|
||||
) {
|
||||
super(ldapService);
|
||||
}
|
||||
@Post('/login')
|
||||
@ApiResponse({
|
||||
status: HttpStatus.OK,
|
||||
@ -38,19 +59,35 @@ export class LdapTfaController extends LdapController {
|
||||
async loginTelegram(@AuthToken() token: string, @Res() reply: FastifyReply) {
|
||||
const user = await this.ldapService.getUser(token);
|
||||
|
||||
await axios.post(env.TELEGRAM_SERVICE_URL_SEND_MESSAGE, {
|
||||
authId: crypto.randomUUID(),
|
||||
user,
|
||||
});
|
||||
const authId = crypto.randomUUID();
|
||||
const { employeeID } = user;
|
||||
|
||||
return reply.status(200).send(user);
|
||||
// Change TTL
|
||||
this.cacheManager.set(authId, user);
|
||||
|
||||
return axios
|
||||
.get(env.TELEGRAM_SERVICE_URL_SEND_MESSAGE, {
|
||||
params: {
|
||||
authId,
|
||||
employeeID,
|
||||
},
|
||||
})
|
||||
.then((res) => reply.status(200).send(res.data))
|
||||
.catch((error) => reply.status(500).send(error));
|
||||
}
|
||||
|
||||
@Post('/telegram-confirm')
|
||||
@Get('/telegram-confirm')
|
||||
@ApiResponse({
|
||||
status: HttpStatus.OK,
|
||||
})
|
||||
async telegramConfirm(@Req() req: FastifyRequest, @Res() reply: FastifyReply) {
|
||||
return reply.status(200).send('ok');
|
||||
async telegramConfirm(
|
||||
@Query('authId') authId: string,
|
||||
@Query('employeeID') employeeID: string,
|
||||
@Res() reply: FastifyReply
|
||||
) {
|
||||
const user = (await this.cacheManager.get(authId)) as User;
|
||||
const token = await this.ldapService.login({ login: user.username });
|
||||
|
||||
return reply.status(200).send(token);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,10 +1,23 @@
|
||||
/* eslint-disable @typescript-eslint/no-extraneous-class */
|
||||
import { LdapTfaController } from './ldap-tfa.controller';
|
||||
import { CacheModule } from '@nestjs/cache-manager';
|
||||
import { Module } from '@nestjs/common';
|
||||
import * as redisStore from 'cache-manager-ioredis';
|
||||
import type { RedisOptions } from 'ioredis';
|
||||
import { env } from 'src/config/env';
|
||||
import { LdapModule } from 'src/ldap/ldap.module';
|
||||
|
||||
@Module({
|
||||
controllers: [LdapTfaController],
|
||||
imports: [LdapModule],
|
||||
imports: [
|
||||
LdapModule,
|
||||
CacheModule.register<RedisOptions>({
|
||||
db: 1,
|
||||
host: env.REDIS_HOST,
|
||||
port: env.REDIS_PORT,
|
||||
store: redisStore,
|
||||
ttl: env.API_CACHE_TTL,
|
||||
}),
|
||||
],
|
||||
})
|
||||
export class LdapTfaModule {}
|
||||
|
||||
@ -7,6 +7,7 @@ import { Cache } from 'cache-manager';
|
||||
import { env } from 'src/config/env';
|
||||
import type { Credentials } from 'src/dto/credentials';
|
||||
import * as ldap from 'src/utils/ldap';
|
||||
import type { PartialBy } from 'src/utils/types';
|
||||
|
||||
@Injectable()
|
||||
export class LdapService {
|
||||
@ -15,9 +16,9 @@ export class LdapService {
|
||||
private readonly jwtService: JwtService
|
||||
) {}
|
||||
|
||||
public async login({ login, password }: Credentials, options?: JwtSignOptions) {
|
||||
public async login(credentials: PartialBy<Credentials, 'password'>, options?: JwtSignOptions) {
|
||||
try {
|
||||
const user = await ldap.authenticate(login, password);
|
||||
const user = await ldap.authenticate(credentials.login, credentials.password);
|
||||
const { username } = user;
|
||||
|
||||
await this.cacheManager.set(username, user);
|
||||
|
||||
1
apps/api/src/utils/types.ts
Normal file
1
apps/api/src/utils/types.ts
Normal file
@ -0,0 +1 @@
|
||||
export type PartialBy<T, K extends keyof T> = Omit<T, K> & Partial<Pick<T, K>>;
|
||||
Loading…
x
Reference in New Issue
Block a user