87 lines
2.4 KiB
TypeScript
87 lines
2.4 KiB
TypeScript
import type { DecodedToken, TokenPayload } from '../types/jwt';
|
|
import { CACHE_MANAGER } from '@nestjs/cache-manager';
|
|
import { Inject, Injectable, UnauthorizedException } from '@nestjs/common';
|
|
import type { JwtSignOptions, JwtVerifyOptions } from '@nestjs/jwt';
|
|
import { JwtService } from '@nestjs/jwt';
|
|
import { Cache } from 'cache-manager';
|
|
import { env } from 'src/config/env';
|
|
import type { Credentials } from 'src/dto/credentials';
|
|
import * as ldap from 'src/utils/ldap';
|
|
|
|
@Injectable()
|
|
export class LdapService {
|
|
constructor(
|
|
@Inject(CACHE_MANAGER) protected readonly cacheManager: Cache,
|
|
protected readonly jwtService: JwtService
|
|
) {}
|
|
|
|
public async login(credentials: Credentials, options?: JwtSignOptions) {
|
|
try {
|
|
const user = await ldap.authenticate(credentials.login, credentials.password);
|
|
const { username } = user;
|
|
|
|
await this.cacheManager.set(username, user);
|
|
|
|
const payload: TokenPayload = {
|
|
domain: env.LDAP_DOMAIN,
|
|
username,
|
|
};
|
|
|
|
return this.jwtService.sign(payload, options);
|
|
} catch (error) {
|
|
throw new UnauthorizedException(error);
|
|
}
|
|
}
|
|
|
|
public async logout(token: string) {
|
|
const { username } = this.jwtService.decode(token) as DecodedToken;
|
|
|
|
if (this.cacheManager.get(username)) {
|
|
await this.cacheManager.del(username);
|
|
}
|
|
}
|
|
|
|
public async refreshToken(token: string) {
|
|
try {
|
|
const { username, aud = '' } = this.jwtService.verify<DecodedToken>(token, {
|
|
ignoreExpiration: true,
|
|
});
|
|
|
|
if (aud === 'auth') throw new UnauthorizedException();
|
|
|
|
const user = await ldap.authenticate(username);
|
|
|
|
await this.cacheManager.set(username, user);
|
|
|
|
const payload: TokenPayload = {
|
|
domain: env.LDAP_DOMAIN,
|
|
username,
|
|
};
|
|
|
|
return this.jwtService.sign(payload);
|
|
} catch (error) {
|
|
throw new UnauthorizedException(error);
|
|
}
|
|
}
|
|
|
|
public async getUser(token: string, options?: JwtVerifyOptions) {
|
|
try {
|
|
const { username } = this.jwtService.verify(token, options) as DecodedToken;
|
|
|
|
const cachedUser = await this.cacheManager.get<ldap.User>(username);
|
|
|
|
if (!cachedUser) {
|
|
const user = await ldap.authenticate(username);
|
|
|
|
await this.cacheManager.set(username, user);
|
|
|
|
return user;
|
|
}
|
|
|
|
return cachedUser;
|
|
} catch {
|
|
throw new UnauthorizedException('Invalid token');
|
|
}
|
|
}
|
|
}
|