Refactor auth controller and service

tacxou · tacxou · commit e1f1eb330f1c · 2024-10-21T16:41:35.000+02:00
diff --git a/src/core/auth/auth.controller.ts b/src/core/auth/auth.controller.ts
@@ -8,6 +8,8 @@ import { AuthGuard } from '@nestjs/passport';
 import { Response } from 'express';
 import { ReqIdentity } from '~/_common/decorators/params/req-identity.decorator';
 import { AgentType } from '~/_common/types/agent.type';
+import { hash } from 'crypto';
+import { omit } from 'radash';
 
 @Public()
 @ApiTags('core/auth')
@@ -38,8 +40,8 @@ export class AuthController extends AbstractController {
     const user = await this.service.getSessionData(identity);
     return res.status(HttpStatus.OK).json({
       user: {
-        ...user,
-        sseToken: 'hZcdVqHScVDsDFdHOdcjmufEKFJVKaS8', //TODO: change to real token
+        ...omit(user, ['security']),
+        sseToken: hash('sha256', user.security.secretKey),
       },
     });
   }
@@ -48,10 +50,10 @@ export class AuthController extends AbstractController {
   @Post('refresh')
   @ApiOperation({ summary: "Récupère un nouveau jeton d'authentification" })
   public async refresh(@Res() res: Response, @Body() body: { refresh_token: string }): Promise<Response> {
-    const tokens = await this.service.renewTokens(body.refresh_token);
+    const [agents, tokens] = await this.service.renewTokens(body.refresh_token);
     return res.status(HttpStatus.OK).json({
       ...tokens,
-      sseToken: 'hZcdVqHScVDsDFdHOdcjmufEKFJVKaS8', //TODO: change to real token
+      sseToken: hash('sha256', agents.security.secretKey),
     });
   }
 
diff --git a/src/core/auth/auth.service.ts b/src/core/auth/auth.service.ts
@@ -93,7 +93,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
         if (identity) {
           return identity.toObject();
         }
-      } catch (e) {}
+      } catch (e) { }
       return null;
     }
     try {
@@ -178,16 +178,16 @@ export class AuthService extends AbstractService implements OnModuleInit {
     };
   }
 
-  public async renewTokens(refresh_token: string): Promise<{
+  public async renewTokens(refresh_token: string): Promise<[Agents, {
     access_token: string;
     refresh_token?: string;
-  }> {
+  }]> {
     const data = await this.redis.get([this.REFRESH_TOKEN_PREFIX, refresh_token].join(this.TOKEN_PATH_SEPARATOR));
     if (!data) throw new UnauthorizedException();
     const { identityId } = JSON.parse(data);
-    const identity = await this.agentsService.findOne({ _id: identityId });
+    const identity = await this.agentsService.findOne<Agents>({ _id: identityId });
     if (!identity) throw new ForbiddenException();
-    return this.createTokens(omit(identity.toObject(), ['password']), refresh_token);
+    return [identity, await this.createTokens(omit(identity.toObject(), ['password']), refresh_token)];
   }
 
   public async clearSession(jwt: string): Promise<void> {
diff --git a/src/core/backends/backends.controller.ts b/src/core/backends/backends.controller.ts
@@ -7,12 +7,13 @@ import {
   ParseIntPipe,
   Post,
   Query,
+  Req,
   Res,
   Sse,
   UnauthorizedException,
 } from '@nestjs/common';
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
-import { Response } from 'express';
+import { Response, Request } from 'express';
 import Redis from 'ioredis';
 import { Observable, Subscriber } from 'rxjs';
 import { Public } from '~/_common/decorators/public.decorator';
@@ -22,6 +23,9 @@ import { SyncIdentitiesDto } from './_dto/sync-identities.dto';
 import { Types } from 'mongoose';
 import { ActionType } from './_enum/action-type.enum';
 import { DeleteIdentitiesDto } from './_dto/delete-identities.dto';
+import { hash } from 'crypto';
+import { AgentsService } from '../agents/agents.service';
+import { Agents } from '../agents/_schemas/agents.schema';
 
 function fireMessage(observer: Subscriber<MessageEvent>, channel: string, message: any, loggername: string) {
   try {
@@ -40,6 +44,7 @@ export class BackendsController {
   private readonly logger = new Logger(BackendsController.name);
 
   constructor(
+    private agentsService: AgentsService,
     private backendsService: BackendsService,
     @InjectRedis() protected readonly redis: Redis,
   ) { }
@@ -124,8 +129,11 @@ export class BackendsController {
   @Public()
   @Sse('sse')
   @ApiOperation({ summary: 'Server Sent Event - Récupère en temps réel les Jobs et affiche leurs état' })
-  public async sse(@Res() res: Response, @Query('key') key: string): Promise<Observable<MessageEvent>> {
-    if (key !== 'hZcdVqHScVDsDFdHOdcjmufEKFJVKaS8') throw new UnauthorizedException();
+  public async sse(@Res() res: Response, @Query('id') id: string, @Query('key') key: string): Promise<Observable<MessageEvent>> {
+    if (!id || !key) throw new UnauthorizedException();
+    const user = await this.agentsService.findById<Agents>(id);
+    if (!user) throw new UnauthorizedException();
+    if (key !== hash('sha256', user.security.secretKey)) throw new UnauthorizedException();
 
     res.socket.on('close', () => {
       Logger.debug(`Observer close connection`, this.constructor.name);
diff --git a/src/core/backends/backends.module.ts b/src/core/backends/backends.module.ts
@@ -5,10 +5,11 @@ import { ConfigModule } from '@nestjs/config';
 import { IdentitiesModule } from '~/management/identities/identities.module';
 import { JobsModule } from '../jobs/jobs.module';
 import { TasksModule } from '../tasks/tasks.module';
+import { AgentsModule } from '../agents/agents.module';
 @Module({
-  imports: [ConfigModule, IdentitiesModule, JobsModule, TasksModule],
+  imports: [ConfigModule, IdentitiesModule, JobsModule, TasksModule, AgentsModule],
   controllers: [BackendsController],
   providers: [BackendsService],
   exports: [BackendsService],
 })
-export class BackendsModule {}
+export class BackendsModule { }
