apps/api: refresh token (ldap mode)

2024-01-16 14:19:32 +03:00 · 2024-01-16 14:19:32 +03:00 · 76c1e0f8d1
commit 76c1e0f8d1
parent fd8837c835
3 changed files with 45 additions and 16 deletions
--- a/apps/api/src/app.controller.ts
+++ b/apps/api/src/app.controller.ts
@ -1,6 +1,7 @@
 import { AccountService } from './account/account.service';
 import { AppService } from './app.service';
 import { env } from './config/env';
+import { LdapService } from './ldap/ldap.service';
 import { Controller, Get, HttpStatus, Req, Res } from '@nestjs/common';
 import { ApiExcludeController } from '@nestjs/swagger';
 import { FastifyReply, FastifyRequest } from 'fastify';
@ -11,7 +12,8 @@ import { cookieOptions } from 'src/config/cookie';
 export class AppController {
  constructor(
    private readonly appService: AppService,
-    private readonly accountService: AccountService
+    private readonly accountService: AccountService,
+    private readonly ldapService: LdapService
  ) {}

  @Get('auth')
@ -40,14 +42,18 @@ export class AppController {
  }

  private async handleExpiredToken(req: FastifyRequest, reply: FastifyReply, token: string) {
-    const authMode = req.headers['auth-mode'];
-    const newToken =
-      authMode === 'account'
-        ? await this.accountService.refreshToken(token)
-        : this.appService.refreshToken(token);
-    reply.header('Authorization', `Bearer ${newToken}`);
+    try {
+      const authMode = req.headers['auth-mode'];
+      const newToken =
+        authMode === 'account'
+          ? await this.accountService.refreshToken(token)
+          : await this.ldapService.refreshToken(token);
+      reply.header('Authorization', `Bearer ${newToken}`);

-    return reply.setCookie(env.COOKIE_TOKEN_NAME, newToken, cookieOptions).send();
+      return reply.setCookie(env.COOKIE_TOKEN_NAME, newToken, cookieOptions).send();
+    } catch {
+      return this.handleError(req, reply);
+    }
  }

  private handleError(req: FastifyRequest, reply: FastifyReply) {
--- a/apps/api/src/ldap/ldap.module.ts
+++ b/apps/api/src/ldap/ldap.module.ts
@ -8,6 +8,7 @@ import { env } from 'src/config/env';

@Module({
  controllers: [LdapController],
+  exports: [LdapService],
  imports: [
    CacheModule.register<RedisOptions>({
      host: env.REDIS_HOST,
--- a/apps/api/src/ldap/ldap.service.ts
+++ b/apps/api/src/ldap/ldap.service.ts
@ -15,17 +15,21 @@ export class LdapService {
  ) {}

  public async login({ login, password }: Credentials) {
-    const user = await ldap.authenticate(login, password);
-    const { username } = user;
+    try {
+      const user = await ldap.authenticate(login, password);
+      const { username } = user;

-    await this.cacheManager.set(username, user);
+      await this.cacheManager.set(username, user);

-    const payload: TokenPayload = {
-      domain: env.LDAP_DOMAIN,
-      username,
-    };
+      const payload: TokenPayload = {
+        domain: env.LDAP_DOMAIN,
+        username,
+      };

-    return this.jwtService.sign(payload);
+      return this.jwtService.sign(payload);
+    } catch (error) {
+      throw new UnauthorizedException(error);
+    }
  }

  public async logout(token: string) {
@ -36,6 +40,24 @@ export class LdapService {
    }
  }

+  public async refreshToken(token: string) {
+    try {
+      const { username } = this.jwtService.decode(token) as DecodedToken;
+      const user = await ldap.authenticate(username);
+
+      await this.cacheManager.set(username, user);
+
+      const payload: TokenPayload = {
+        domain: env.LDAP_DOMAIN,
+        username,
+      };
+
+      return this.jwtService.sign(payload);
+    } catch (error) {
+      throw new UnauthorizedException(error);
+    }
+  }
+
  public async getUser(token: string) {
    try {
      const { username } = this.jwtService.verify(token) as DecodedToken;