Ajouter les modifications du module AuthModule

tacxou · tacxou · commit d14301bc32c2 · 2024-04-24T12:26:43.000+02:00
diff --git a/src/_common/data/api-session.ts b/src/_common/data/api-session.ts
@@ -0,0 +1,12 @@
+export class ApiSession {
+  public readonly _id: string;
+  public readonly username: string;
+  public readonly displayName: string;
+  public readonly token: string;
+
+  public constructor(data: Partial<ApiSession>) {
+    for (const key in data) {
+      this[key] = data[key];
+    }
+  }
+}
diff --git a/src/_common/data/console-session.ts b/src/_common/data/console-session.ts
@@ -1,9 +1,7 @@
-import { Types } from 'mongoose';
-
 export class ConsoleSession {
   public readonly _id: string = '000000000000000000000000';
   public readonly username: string = 'console';
-  public readonly entityId: Types.ObjectId = new Types.ObjectId('000000000000000000000000');
   public readonly displayName: string = 'Console';
+
   public constructor() {}
 }
diff --git a/src/cli/cli.module.ts b/src/cli/cli.module.ts
@@ -12,6 +12,7 @@ import { KeyringsCommand, KeyringsCreateQuestions } from './keyrings.command';
 import { KeyringsModule } from '~/core/keyrings/keyrings.module';
 import { BackendsCommand } from './backends.command';
 import { BackendsModule } from '~/core/backends/backends.module';
+import { AuthModule } from '~/core/auth/auth.module';
 
 @Module({
   imports: [
@@ -57,6 +58,7 @@ import { BackendsModule } from '~/core/backends/backends.module';
     AgentsModule,
     KeyringsModule,
     BackendsModule,
+    AuthModule,
   ],
   providers: [
     ...AgentsCommand.registerWithSubCommands(),
diff --git a/src/cli/keyrings.command.ts b/src/cli/keyrings.command.ts
@@ -1,6 +1,9 @@
 import { ModuleRef } from '@nestjs/core';
 import { Command, CommandRunner, InquirerService, Question, QuestionSet, SubCommand } from 'nest-commander';
+import { ApiSession } from '~/_common/data/api-session';
+import { AuthService } from '~/core/auth/auth.service';
 import { KeyringsCreateDto } from '~/core/keyrings/_dto/keyrings.dto';
+import { Keyrings } from '~/core/keyrings/_schemas/keyrings.schema';
 import { KeyringsService } from '~/core/keyrings/keyrings.service';
 
 @QuestionSet({ name: 'keyrings-create-questions' })
@@ -20,6 +23,7 @@ export class KeyringsCreateCommand extends CommandRunner {
     protected moduleRef: ModuleRef,
     private readonly inquirer: InquirerService,
     private readonly keyringsService: KeyringsService,
+    private readonly authService: AuthService,
   ) {
     super();
   }
@@ -28,8 +32,27 @@ export class KeyringsCreateCommand extends CommandRunner {
   async run(inputs: string[], options: any): Promise<void> {
     const keyring = await this.inquirer.ask<KeyringsCreateDto>('keyrings-create-questions', undefined);
     try {
-      const key = await this.keyringsService.create(keyring);
+      const key = (await this.keyringsService.create(keyring)) as Keyrings;
       console.log('Keyring created successfully', key.toJSON());
+      const options = {
+        scopes: ['api'],
+      };
+      if (key.suspendedAt) {
+        options['expiresIn'] = key.suspendedAt.getTime() - Date.now();
+      } else {
+        options['expiresIn'] = '10y';
+      }
+      const { access_token } = await this.authService.createTokens(
+        new ApiSession({
+          _id: key._id.toString(),
+          username: key.name,
+          displayName: key.name,
+          token: key.token,
+        }),
+        false,
+        options,
+      );
+      console.log('Keyring created successfully', access_token);
     } catch (error) {
       console.error('Error creating keyring', error);
     }
diff --git a/src/core/auth/auth.module.ts b/src/core/auth/auth.module.ts
@@ -7,6 +7,7 @@ import { AgentsModule } from '~/core/agents/agents.module';
 import { JwtModule, JwtModuleOptions } from '@nestjs/jwt';
 import { JwtStrategy } from '~/core/auth/_strategies/jwt.strategy';
 import { LocalStrategy } from '~/core/auth/_strategies/local.strategy';
+import { KeyringsModule } from '../keyrings/keyrings.module';
 
 @Module({
   imports: [
@@ -25,8 +26,10 @@ import { LocalStrategy } from '~/core/auth/_strategies/local.strategy';
       }),
     }),
     AgentsModule,
+    KeyringsModule,
   ],
   controllers: [AuthController],
   providers: [AuthService, JwtStrategy, LocalStrategy],
+  exports: [AuthService],
 })
 export class AuthModule {}
diff --git a/src/core/auth/auth.service.ts b/src/core/auth/auth.service.ts
@@ -14,6 +14,7 @@ import { JwtService } from '@nestjs/jwt';
 import { resolve } from 'path';
 import { existsSync, readFileSync, writeFileSync } from 'fs';
 import { ConsoleSession } from '~/_common/data/console-session';
+import { KeyringsService } from '../keyrings/keyrings.service';
 
 @Injectable()
 export class AuthService extends AbstractService implements OnModuleInit {
@@ -29,6 +30,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
   public constructor(
     protected moduleRef: ModuleRef,
     protected readonly agentsService: AgentsService,
+    protected readonly keyringsService: KeyringsService,
     private readonly jwtService: JwtService,
     @InjectRedis() private readonly redis: Redis,
   ) {
@@ -52,6 +54,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
       }
       const { access_token } = await this.createTokens(new ConsoleSession(), false, {
         expiresIn: '1y',
+        scopes: ['offline', 'api'],
       });
       writeFileSync(
         devTokenPath,
@@ -78,17 +81,28 @@ export class AuthService extends AbstractService implements OnModuleInit {
   }
 
   // eslint-disable-next-line
-  public async verifyIdentity(payload: any & { identity: AgentType }): Promise<any> {
+  public async verifyIdentity(payload: any & { identity: AgentType & {token: string} }): Promise<any> {
+    if (payload.scopes.includes('offline')) {
+      return payload.identity;
+    }
+    if (payload.scopes.includes('api')) {
+      try {
+        const identity = await this.keyringsService.findOne({
+          _id: payload.identity._id,
+          token: payload.identity.token,
+        });
+        if (identity) {
+          return identity.toObject();
+        }
+      } catch (e) {}
+      return null;
+    }
     try {
-      if (payload.scopes.includes('offline')) {
-        return payload.identity;
-      }
       const identity = await this.redis.get([this.ACCESS_TOKEN_PREFIX, payload.jti].join(':'));
       if (identity) {
         return JSON.parse(identity);
       }
-    } finally {
-    }
+    } catch (e) {}
     return null;
   }
 
@@ -101,15 +115,15 @@ export class AuthService extends AbstractService implements OnModuleInit {
     refresh_token?: string;
   }> {
     const scopes = ['sesame'];
-    if (refresh_token === false) scopes.push('offline');
+    if (options?.scopes) scopes.push(...options.scopes);
     const jwtid = `${identity._id}_${randomBytes(16).toString('hex')}`;
     const access_token = this.jwtService.sign(
       { identity, scopes },
       {
         expiresIn: this.ACCESS_TOKEN_EXPIRES_IN,
         jwtid,
         subject: `${identity._id}`,
-        ...options,
+        ...omit(options, ['scopes']),
       },
     );
     if (refresh_token === false) return { access_token };
