Merge pull request #9 from huongnt-2545/part9_authentication

Part9 authentication

package.json

@@ -24,10 +24,16 @@
     "@nestjs/common": "^8.0.0",
     "@nestjs/config": "^1.0.1",
     "@nestjs/core": "^8.0.0",
+    "@nestjs/jwt": "^8.0.0",
+    "@nestjs/passport": "^8.0.1",
     "@nestjs/platform-express": "^8.0.0",
     "@nestjs/typeorm": "^8.0.2",
+    "bcrypt": "^5.0.1",
     "class-transformer": "^0.4.0",
     "class-validator": "^0.13.1",
+    "passport": "^0.4.1",
+    "passport-jwt": "^4.0.0",
+    "passwort": "^1.0.4",
     "pg": "^8.7.1",
     "reflect-metadata": "^0.1.13",
     "rimraf": "^3.0.2",
@@ -38,9 +44,11 @@
     "@nestjs/cli": "^8.0.0",
     "@nestjs/schematics": "^8.0.0",
     "@nestjs/testing": "^8.0.0",
+    "@types/bcrypt": "^5.0.0",
     "@types/express": "^4.17.13",
     "@types/jest": "^26.0.24",
     "@types/node": "^16.0.0",
+    "@types/passport-jwt": "^3.0.6",
     "@types/supertest": "^2.0.11",
     "@typescript-eslint/eslint-plugin": "^4.28.2",
     "@typescript-eslint/parser": "^4.28.2",

src/app.module.ts

@@ -4,6 +4,7 @@ import { TypeOrmModule } from '@nestjs/typeorm';
 import { typeOrmConfig } from './config/typeorm.config';
 // import configuration from './config/configuration';
 import { TasksModule } from './tasks/tasks.module';
+import { AuthModule } from './auth/auth.module';
 
 @Module({
   imports: [
@@ -13,6 +14,7 @@ import { TasksModule } from './tasks/tasks.module';
     }),
     TypeOrmModule.forRoot(typeOrmConfig),
     TasksModule,
+    AuthModule,
   ],
 })
 export class AppModule {}

src/auth/auth.controller.ts

@@ -0,0 +1,22 @@
+import { Body, Controller, Post } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { AuthCredentialsDto } from './dto/auth-credentials.dto';
+import { GetUser } from './get-user.decorator';
+import { User } from './user.entity';
+
+@Controller('auth')
+export class AuthController {
+  constructor(private authService: AuthService) {}
+
+  @Post('/signup')
+  signUp(@Body() authCredentialsDto: AuthCredentialsDto): Promise<void> {
+    return this.authService.createUser(authCredentialsDto);
+  }
+
+  @Post('/signin')
+  signIn(
+    @Body() authCredentialsDto: AuthCredentialsDto,
+  ): Promise<{ accessToken: string }> {
+    return this.authService.validateUserPassword(authCredentialsDto);
+  }
+}

src/auth/auth.module.ts

@@ -0,0 +1,30 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { DatabaseModule } from '../database.module';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+import { JwtStrategy } from './jwt.strategy';
+import { userProviders } from './user.provider';
+// import { UserRepository } from './user.repository';
+
+@Module({
+  // imports: [TypeOrmModule.forFeature([UserRepository])],
+  imports: [
+    DatabaseModule,
+    PassportModule.register({
+      defaultStrategy: 'jwt',
+    }),
+    JwtModule.register({
+      secret: 'topSecret51',
+      signOptions: {
+        expiresIn: 3600,
+      },
+    }),
+  ],
+  controllers: [AuthController],
+  providers: [...userProviders, AuthService, JwtStrategy],
+  exports: [JwtStrategy, PassportModule],
+})
+export class AuthModule {}

src/auth/auth.service.ts

@@ -0,0 +1,65 @@
+import {
+  ConflictException,
+  Inject,
+  Injectable,
+  InternalServerErrorException,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Repository } from 'typeorm';
+import * as bcrypt from 'bcrypt';
+import { AuthCredentialsDto } from './dto/auth-credentials.dto';
+import { User } from './user.entity';
+import { hashPassword } from '../utils/common';
+import { JwtService } from '@nestjs/jwt';
+import { JwtPayload } from './jwt-payload.interface';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    @Inject('USER_REPOSITORY')
+    private userRepository: Repository<User>,
+    private jwtService: JwtService,
+  ) {}
+
+  async createUser(authCredentialsDto: AuthCredentialsDto): Promise<void> {
+    try {
+      const { username, password } = authCredentialsDto;
+      const salt = await bcrypt.genSalt();
+
+      const user = new User();
+      user.username = username;
+      user.salt = salt;
+      user.password = await hashPassword(password, salt);
+
+      await user.save();
+    } catch (err) {
+      if (err.code === 23505) {
+        //duplicate username
+        throw new ConflictException('Username already exists');
+      } else {
+        throw new InternalServerErrorException();
+      }
+    }
+  }
+
+  async validateUserPassword(
+    authCredentialsDto: AuthCredentialsDto,
+  ): Promise<{ accessToken: string }> {
+    const { username, password } = authCredentialsDto;
+    const user = await this.userRepository.findOne({ username });
+    let existUsername = null;
+
+    if (user && (await user.validatePassword(password))) {
+      existUsername = user.username;
+    }
+
+    if (!existUsername) {
+      throw new UnauthorizedException('Invalid user credentials');
+    }
+
+    const payload: JwtPayload = { username };
+    const accessToken = await this.jwtService.sign(payload);
+
+    return { accessToken };
+  }
+}

src/auth/dto/auth-credentials.dto.ts

@@ -0,0 +1,15 @@
+import { IsString, Matches, MaxLength, MinLength } from 'class-validator';
+import { PASSWORD_PATTERN } from '../../utils/constants';
+
+export class AuthCredentialsDto {
+  @IsString()
+  @MinLength(6)
+  @MaxLength(20)
+  username: string;
+
+  @IsString()
+  @MinLength(6)
+  @MaxLength(20)
+  @Matches(PASSWORD_PATTERN, { message: 'Password too weak' })
+  password: string;
+}

src/auth/get-user.decorator.ts

@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { User } from './user.entity';
+
+export const GetUser = createParamDecorator(
+  (data, ctx: ExecutionContext): User => {
+    const req = ctx.switchToHttp().getRequest();
+    return req.user;
+  },
+);

src/auth/jwt-payload.interface.ts

@@ -0,0 +1,3 @@
+export interface JwtPayload {
+  username: string;
+}

src/auth/jwt.strategy.ts

@@ -0,0 +1,30 @@
+import { Inject, Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { Strategy, ExtractJwt } from 'passport-jwt';
+import { Repository } from 'typeorm';
+import { JwtPayload } from './jwt-payload.interface';
+import { User } from './user.entity';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor(
+    @Inject('USER_REPOSITORY')
+    private userRepository: Repository<User>,
+  ) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      secretOrKey: 'topSecret51',
+    });
+  }
+
+  async validate(payload: JwtPayload): Promise<User> {
+    const { username } = payload;
+    const user = await this.userRepository.findOne({ username });
+
+    if (!user) {
+      throw new UnauthorizedException('Invalid user token');
+    }
+
+    return user;
+  }
+}

src/auth/user.entity.ts

@@ -0,0 +1,31 @@
+import {
+  BaseEntity,
+  Column,
+  Entity,
+  PrimaryGeneratedColumn,
+  Unique,
+} from 'typeorm';
+import * as bcrypt from 'bcrypt';
+import { hashPassword } from '../utils/common';
+
+@Entity()
+@Unique(['username'])
+export class User extends BaseEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column()
+  username: string;
+
+  @Column()
+  password: string;
+
+  @Column()
+  salt: string;
+
+  async validatePassword(password: string): Promise<boolean> {
+    const hash = await bcrypt.hash(password, this.salt);
+
+    return hash === this.password;
+  }
+}

src/auth/user.provider.ts

@@ -0,0 +1,10 @@
+import { Connection } from 'typeorm';
+import { User } from './user.entity';
+
+export const userProviders = [
+  {
+    provide: 'USER_REPOSITORY',
+    useFactory: (connection: Connection) => connection.getRepository(User),
+    inject: ['DATABASE_CONNECTION'],
+  },
+];

src/tasks/tasks.controller.ts

@@ -8,9 +8,11 @@ import {
   Patch,
   Post,
   Query,
+  UseGuards,
   UsePipes,
   ValidationPipe,
 } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
 import { filter } from 'rxjs';
 import { CreateTaskDto } from './dto/create-task.dto';
 import { GetTasksFilterDto } from './dto/get-tasks-filter.dto';
@@ -20,6 +22,7 @@ import { Task } from './task.entity';
 import { TasksService } from './tasks.service';
 
 @Controller('tasks')
+@UseGuards(AuthGuard())
 export class TasksController {
   constructor(private tasksService: TasksService) {}
 
@@ -35,7 +38,7 @@ export class TasksController {
     return this.tasksService.getTaskById(id);
   }
 
-  // //Define parameter implicit
+  // Define parameter implicit
   @Post()
   @UsePipes(ValidationPipe)
   createTask(@Body() createTaskDto: CreateTaskDto): Promise<Task> {

src/tasks/tasks.module.ts

@@ -1,13 +1,14 @@
 import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
+import { AuthModule } from '../auth/auth.module';
 import { DatabaseModule } from '../database.module';
 import { taskProviders } from './task.provider';
 import { TasksController } from './tasks.controller';
 import { TasksService } from './tasks.service';
 
 @Module({
   // imports: [DatabaseModule, TypeOrmModule.forFeature([TaskRepository])],
-  imports: [DatabaseModule],
+  imports: [DatabaseModule, AuthModule],
   controllers: [TasksController],
   providers: [...taskProviders, TasksService],
 })

src/utils/common.ts

@@ -0,0 +1,8 @@
+import * as bcrypt from 'bcrypt';
+
+export const hashPassword = async (
+  password: string,
+  salt: string,
+): Promise<string> => {
+  return bcrypt.hash(password, salt);
+};

src/utils/constants.ts

@@ -0,0 +1,4 @@
+const PASSWORD_PATTERN: RegExp =
+  /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{6,}$/;
+
+export { PASSWORD_PATTERN };