From 1a0cfec09fb7e9c38d8f2284240b1549c5d101a2 Mon Sep 17 00:00:00 2001
From: vchikalkin <vchikalkin@evoleasing.ru>
Date: Wed, 29 May 2024 13:56:02 +0300
Subject: [PATCH] ldap-tfa: add method GET /telegram-confirm

---
 apps/api/src/ldap-tfa/ldap-tfa.controller.ts | 55 ++++++++++++++++----
 apps/api/src/ldap-tfa/ldap-tfa.module.ts     | 15 +++++-
 apps/api/src/ldap/ldap.service.ts            |  5 +-
 apps/api/src/utils/types.ts                  |  1 +
 4 files changed, 64 insertions(+), 12 deletions(-)
 create mode 100644 apps/api/src/utils/types.ts

diff --git a/apps/api/src/ldap-tfa/ldap-tfa.controller.ts b/apps/api/src/ldap-tfa/ldap-tfa.controller.ts
index a8271f1..a7af166 100644
--- a/apps/api/src/ldap-tfa/ldap-tfa.controller.ts
+++ b/apps/api/src/ldap-tfa/ldap-tfa.controller.ts
@@ -1,17 +1,38 @@
 /* eslint-disable @typescript-eslint/explicit-member-accessibility */
-import { Body, Controller, HttpException, HttpStatus, Post, Req, Res } from '@nestjs/common';
+import { CACHE_MANAGER } from '@nestjs/cache-manager';
+import {
+  Body,
+  Controller,
+  Get,
+  HttpException,
+  HttpStatus,
+  Inject,
+  Post,
+  Query,
+  Req,
+  Res,
+} from '@nestjs/common';
 import { ApiResponse, ApiTags } from '@nestjs/swagger';
 import axios from 'axios';
+import { Cache } from 'cache-manager';
 import { FastifyReply, FastifyRequest } from 'fastify';
 import { cookieOptions } from 'src/config/cookie';
 import { env } from 'src/config/env';
 import { AuthToken } from 'src/decorators/token.decorator';
 import { Credentials } from 'src/dto/credentials';
 import { LdapController } from 'src/ldap/ldap.controller';
+import { LdapService } from 'src/ldap/ldap.service';
+import type { User } from 'src/utils/ldap';
 
 @Controller('ldap-tfa')
 @ApiTags('ldap-tfa')
 export class LdapTfaController extends LdapController {
+  constructor(
+    protected readonly ldapService: LdapService,
+    @Inject(CACHE_MANAGER) private readonly cacheManager: Cache
+  ) {
+    super(ldapService);
+  }
   @Post('/login')
   @ApiResponse({
     status: HttpStatus.OK,
@@ -38,19 +59,35 @@ export class LdapTfaController extends LdapController {
   async loginTelegram(@AuthToken() token: string, @Res() reply: FastifyReply) {
     const user = await this.ldapService.getUser(token);
 
-    await axios.post(env.TELEGRAM_SERVICE_URL_SEND_MESSAGE, {
-      authId: crypto.randomUUID(),
-      user,
-    });
+    const authId = crypto.randomUUID();
+    const { employeeID } = user;
 
-    return reply.status(200).send(user);
+    // Change TTL
+    this.cacheManager.set(authId, user);
+
+    return axios
+      .get(env.TELEGRAM_SERVICE_URL_SEND_MESSAGE, {
+        params: {
+          authId,
+          employeeID,
+        },
+      })
+      .then((res) => reply.status(200).send(res.data))
+      .catch((error) => reply.status(500).send(error));
   }
 
-  @Post('/telegram-confirm')
+  @Get('/telegram-confirm')
   @ApiResponse({
     status: HttpStatus.OK,
   })
-  async telegramConfirm(@Req() req: FastifyRequest, @Res() reply: FastifyReply) {
-    return reply.status(200).send('ok');
+  async telegramConfirm(
+    @Query('authId') authId: string,
+    @Query('employeeID') employeeID: string,
+    @Res() reply: FastifyReply
+  ) {
+    const user = (await this.cacheManager.get(authId)) as User;
+    const token = await this.ldapService.login({ login: user.username });
+
+    return reply.status(200).send(token);
   }
 }
diff --git a/apps/api/src/ldap-tfa/ldap-tfa.module.ts b/apps/api/src/ldap-tfa/ldap-tfa.module.ts
index dfaa899..714dfa5 100644
--- a/apps/api/src/ldap-tfa/ldap-tfa.module.ts
+++ b/apps/api/src/ldap-tfa/ldap-tfa.module.ts
@@ -1,10 +1,23 @@
 /* eslint-disable @typescript-eslint/no-extraneous-class */
 import { LdapTfaController } from './ldap-tfa.controller';
+import { CacheModule } from '@nestjs/cache-manager';
 import { Module } from '@nestjs/common';
+import * as redisStore from 'cache-manager-ioredis';
+import type { RedisOptions } from 'ioredis';
+import { env } from 'src/config/env';
 import { LdapModule } from 'src/ldap/ldap.module';
 
 @Module({
   controllers: [LdapTfaController],
-  imports: [LdapModule],
+  imports: [
+    LdapModule,
+    CacheModule.register<RedisOptions>({
+      db: 1,
+      host: env.REDIS_HOST,
+      port: env.REDIS_PORT,
+      store: redisStore,
+      ttl: env.API_CACHE_TTL,
+    }),
+  ],
 })
 export class LdapTfaModule {}
diff --git a/apps/api/src/ldap/ldap.service.ts b/apps/api/src/ldap/ldap.service.ts
index c2e843c..a5a19b7 100644
--- a/apps/api/src/ldap/ldap.service.ts
+++ b/apps/api/src/ldap/ldap.service.ts
@@ -7,6 +7,7 @@ import { Cache } from 'cache-manager';
 import { env } from 'src/config/env';
 import type { Credentials } from 'src/dto/credentials';
 import * as ldap from 'src/utils/ldap';
+import type { PartialBy } from 'src/utils/types';
 
 @Injectable()
 export class LdapService {
@@ -15,9 +16,9 @@ export class LdapService {
     private readonly jwtService: JwtService
   ) {}
 
-  public async login({ login, password }: Credentials, options?: JwtSignOptions) {
+  public async login(credentials: PartialBy<Credentials, 'password'>, options?: JwtSignOptions) {
     try {
-      const user = await ldap.authenticate(login, password);
+      const user = await ldap.authenticate(credentials.login, credentials.password);
       const { username } = user;
 
       await this.cacheManager.set(username, user);
diff --git a/apps/api/src/utils/types.ts b/apps/api/src/utils/types.ts
new file mode 100644
index 0000000..ce7e0b4
--- /dev/null
+++ b/apps/api/src/utils/types.ts
@@ -0,0 +1 @@
+export type PartialBy<T, K extends keyof T> = Omit<T, K> & Partial<Pick<T, K>>;