Mettre à jour les types de données dans SecurityPartDTO et SecurityPartSchema

Author: tacxou

src/core/agents/_dto/parts/security.part.dto.ts

@@ -29,7 +29,7 @@ export class SecurityPartDTO {
   @ApiProperty()
   public changePwdAtNextLogin: boolean;
 
-  @IsBoolean()
+  @IsString()
   @IsOptional()
   @ApiProperty()
   public secretKey?: string;

src/core/agents/_schemas/_parts/security.part.schema.ts

@@ -31,17 +31,9 @@ export class SecurityPart extends Document {
   public changePwdAtNextLogin: boolean;
 
   @Prop({
-    type: Boolean,
+    type: String,
   })
   public secretKey: string;
 }
 
-export const SecurityPartSchema = SchemaFactory.createForClass(SecurityPart).pre(
-  'save',
-  function (this: SecurityPart, next: () => void): void {
-    if (this.isNew) {
-      this.secretKey = Math.random().toString(36).slice(-8); //TODO: use crypto lib
-    }
-    next();
-  },
-);
+export const SecurityPartSchema = SchemaFactory.createForClass(SecurityPart);

src/core/agents/_schemas/agents.schema.ts

@@ -70,12 +70,4 @@ export class Agents extends AbstractSchema {
   public customFields?: { [key: string]: MixedValue };
 }
 
-export const AgentsSchema = SchemaFactory.createForClass(Agents).pre(
-  'save',
-  function (this: Agents, next: () => void): void {
-    if (this.isNew) {
-      this.displayName = this.displayName || this.username;
-    }
-    next();
-  },
-);
+export const AgentsSchema = SchemaFactory.createForClass(Agents);

src/core/agents/agents.service.ts

@@ -5,6 +5,8 @@ import { Document, Model, ModifyResult, Query, QueryOptions, SaveOptions, Types,
 import { AbstractServiceSchema } from '~/_common/abstracts/abstract.service.schema';
 import { AgentsCreateDto } from './_dto/agents.dto';
 import { hash } from 'argon2';
+import { randomBytes } from 'node:crypto';
+import { SecurityPartDTO } from './_dto/parts/security.part.dto';
 
 @Injectable()
 export class AgentsService extends AbstractServiceSchema {
@@ -17,6 +19,8 @@ export class AgentsService extends AbstractServiceSchema {
     options?: SaveOptions,
   ): Promise<Document<T, any, T>> {
     data.password = await hash(data.password);
+    data.security = (data.security || {}) as SecurityPartDTO;
+    data.security.secretKey = randomBytes(32).toString('hex');
     return await super.create(data, options);
   }
 

src/core/auth/_strategies/jwt.strategy.ts

@@ -30,6 +30,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
     Logger.debug(`Atempt to authenticate with JTI: <${payload.jti}>`, 'JwtStrategy');
     if (!payload?.identity) return done(new UnauthorizedException(), false);
     const user = await this.auth.verifyIdentity(payload);
+
     if (!user) return done(new ForbiddenException(), false);
     return done(null, payload?.identity);
   }

src/core/auth/auth.service.ts

@@ -81,7 +81,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
   }
 
   // eslint-disable-next-line
-  public async verifyIdentity(payload: any & { identity: AgentType & {token: string} }): Promise<any> {
+  public async verifyIdentity(payload: any & { identity: AgentType & { token: string } }): Promise<any> {
     if (payload.scopes.includes('offline')) {
       return payload.identity;
     }
@@ -100,9 +100,17 @@ export class AuthService extends AbstractService implements OnModuleInit {
     try {
       const identity = await this.redis.get([this.ACCESS_TOKEN_PREFIX, payload.jti].join(':'));
       if (identity) {
-        return JSON.parse(identity);
+        const data = JSON.parse(identity);
+        const success = await this.agentsService.model.countDocuments({
+          _id: payload.identity._id,
+          'security.secretKey': data.identity?.security?.secretKey,
+        });
+
+        return success ? data : null;
       }
-    } catch (e) {}
+    } catch (e) {
+      this.logger.warn('Invalid jwt session', e);
+    }
     return null;
   }