diff --git a/apps/api/src/ldap-tfa/ldap-tfa.controller.ts b/apps/api/src/ldap-tfa/ldap-tfa.controller.ts index f50b876..84db787 100644 --- a/apps/api/src/ldap-tfa/ldap-tfa.controller.ts +++ b/apps/api/src/ldap-tfa/ldap-tfa.controller.ts @@ -64,8 +64,8 @@ export class LdapTfaController extends LdapController { status: HttpStatus.OK, }) async loginTelegram(@AuthToken() token: string, @Res() reply: FastifyReply) { - const { employeeID } = await this.ldapTfaService.getUser(token); - const { authId } = await this.ldapTfaService.parseToken(token); + const { employeeID } = await this.ldapTfaService.getUser(token, { audience: 'auth' }); + const { authId } = await this.ldapTfaService.parseToken(token, { audience: 'auth' }); return axios .get(env.TELEGRAM_URL_SEND_AUTH_MESSAGE, { @@ -107,22 +107,8 @@ export class LdapTfaController extends LdapController { status: HttpStatus.OK, }) async loginConfirm(@AuthToken() token: string, @Res() reply: FastifyReply) { - const activatedToken = await this.ldapTfaService.activateToken(token); + const activatedToken = await this.ldapTfaService.activateToken(token, { audience: 'auth' }); return reply.setCookie(env.COOKIE_TOKEN_NAME, activatedToken, cookieOptions).status(200).send(); } - - @Get('/check-auth') - @ApiResponse({ - status: HttpStatus.OK, - }) - async checkAuth(@AuthToken() token: string, @Res() reply: FastifyReply) { - const { authId } = await this.ldapTfaService.parseToken(token, { ignoreExpiration: true }); - - if (authId) return reply.status(HttpStatus.UNAUTHORIZED).send(); - - const user = await this.ldapTfaService.getUser(token, { ignoreExpiration: true }); - - return reply.status(200).send(user); - } } diff --git a/apps/api/src/ldap-tfa/ldap-tfa.service.ts b/apps/api/src/ldap-tfa/ldap-tfa.service.ts index 62723e2..5921f1d 100644 --- a/apps/api/src/ldap-tfa/ldap-tfa.service.ts +++ b/apps/api/src/ldap-tfa/ldap-tfa.service.ts @@ -38,14 +38,6 @@ export class LdapTfaService extends LdapService { } } - public async parseToken(token: string, options: JwtVerifyOptions = { audience: 'auth' }) { - try { - return this.jwtService.verify(token, options); - } catch (error) { - throw new UnauthorizedException(error); - } - } - public async activateToken(token: string, options: JwtVerifyOptions = { audience: 'auth' }) { try { const { username } = this.jwtService.verify(token, options); diff --git a/apps/api/src/ldap/ldap.controller.ts b/apps/api/src/ldap/ldap.controller.ts index dee5e96..d093f95 100644 --- a/apps/api/src/ldap/ldap.controller.ts +++ b/apps/api/src/ldap/ldap.controller.ts @@ -101,4 +101,18 @@ export class LdapController implements BaseAuthController { return reply.send(user); } + + @Get('/check-auth') + @ApiResponse({ + status: HttpStatus.OK, + }) + async checkAuth(@AuthToken() token: string, @Res() reply: FastifyReply) { + const { authId } = await this.ldapService.parseToken(token, { ignoreExpiration: true }); + + if (authId) return reply.status(HttpStatus.UNAUTHORIZED).send(); + + const user = await this.ldapService.getUser(token, { ignoreExpiration: true }); + + return reply.status(200).send(user); + } } diff --git a/apps/api/src/ldap/ldap.service.ts b/apps/api/src/ldap/ldap.service.ts index ec250f1..9d5445a 100644 --- a/apps/api/src/ldap/ldap.service.ts +++ b/apps/api/src/ldap/ldap.service.ts @@ -83,4 +83,12 @@ export class LdapService { throw new UnauthorizedException('Invalid token'); } } + + public async parseToken(token: string, options?: JwtVerifyOptions) { + try { + return this.jwtService.verify(token, options); + } catch (error) { + throw new UnauthorizedException(error); + } + } }