From 76c1e0f8d1c8ce57b4a1af62912b1384e0016cf4 Mon Sep 17 00:00:00 2001 From: vchikalkin Date: Tue, 16 Jan 2024 14:19:32 +0300 Subject: [PATCH] apps/api: refresh token (ldap mode) --- apps/api/src/app.controller.ts | 22 +++++++++++------- apps/api/src/ldap/ldap.module.ts | 1 + apps/api/src/ldap/ldap.service.ts | 38 ++++++++++++++++++++++++------- 3 files changed, 45 insertions(+), 16 deletions(-) diff --git a/apps/api/src/app.controller.ts b/apps/api/src/app.controller.ts index 74bf452..7488159 100644 --- a/apps/api/src/app.controller.ts +++ b/apps/api/src/app.controller.ts @@ -1,6 +1,7 @@ import { AccountService } from './account/account.service'; import { AppService } from './app.service'; import { env } from './config/env'; +import { LdapService } from './ldap/ldap.service'; import { Controller, Get, HttpStatus, Req, Res } from '@nestjs/common'; import { ApiExcludeController } from '@nestjs/swagger'; import { FastifyReply, FastifyRequest } from 'fastify'; @@ -11,7 +12,8 @@ import { cookieOptions } from 'src/config/cookie'; export class AppController { constructor( private readonly appService: AppService, - private readonly accountService: AccountService + private readonly accountService: AccountService, + private readonly ldapService: LdapService ) {} @Get('auth') @@ -40,14 +42,18 @@ export class AppController { } private async handleExpiredToken(req: FastifyRequest, reply: FastifyReply, token: string) { - const authMode = req.headers['auth-mode']; - const newToken = - authMode === 'account' - ? await this.accountService.refreshToken(token) - : this.appService.refreshToken(token); - reply.header('Authorization', `Bearer ${newToken}`); + try { + const authMode = req.headers['auth-mode']; + const newToken = + authMode === 'account' + ? await this.accountService.refreshToken(token) + : await this.ldapService.refreshToken(token); + reply.header('Authorization', `Bearer ${newToken}`); - return reply.setCookie(env.COOKIE_TOKEN_NAME, newToken, cookieOptions).send(); + return reply.setCookie(env.COOKIE_TOKEN_NAME, newToken, cookieOptions).send(); + } catch { + return this.handleError(req, reply); + } } private handleError(req: FastifyRequest, reply: FastifyReply) { diff --git a/apps/api/src/ldap/ldap.module.ts b/apps/api/src/ldap/ldap.module.ts index 58b5265..d7ab022 100644 --- a/apps/api/src/ldap/ldap.module.ts +++ b/apps/api/src/ldap/ldap.module.ts @@ -8,6 +8,7 @@ import { env } from 'src/config/env'; @Module({ controllers: [LdapController], + exports: [LdapService], imports: [ CacheModule.register({ host: env.REDIS_HOST, diff --git a/apps/api/src/ldap/ldap.service.ts b/apps/api/src/ldap/ldap.service.ts index eb9dcc5..fc43615 100644 --- a/apps/api/src/ldap/ldap.service.ts +++ b/apps/api/src/ldap/ldap.service.ts @@ -15,17 +15,21 @@ export class LdapService { ) {} public async login({ login, password }: Credentials) { - const user = await ldap.authenticate(login, password); - const { username } = user; + try { + const user = await ldap.authenticate(login, password); + const { username } = user; - await this.cacheManager.set(username, user); + await this.cacheManager.set(username, user); - const payload: TokenPayload = { - domain: env.LDAP_DOMAIN, - username, - }; + const payload: TokenPayload = { + domain: env.LDAP_DOMAIN, + username, + }; - return this.jwtService.sign(payload); + return this.jwtService.sign(payload); + } catch (error) { + throw new UnauthorizedException(error); + } } public async logout(token: string) { @@ -36,6 +40,24 @@ export class LdapService { } } + public async refreshToken(token: string) { + try { + const { username } = this.jwtService.decode(token) as DecodedToken; + const user = await ldap.authenticate(username); + + await this.cacheManager.set(username, user); + + const payload: TokenPayload = { + domain: env.LDAP_DOMAIN, + username, + }; + + return this.jwtService.sign(payload); + } catch (error) { + throw new UnauthorizedException(error); + } + } + public async getUser(token: string) { try { const { username } = this.jwtService.verify(token) as DecodedToken;