Token with Fastify

Author: Ángel De La Cruz

src/app.module.ts

@@ -1,10 +1,12 @@
+import { APP_GUARD } from '@nestjs/core';
 import { Module } from '@nestjs/common';
+import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
+
+
 import { ConfigModule } from '@nestjs/config';
 import { PrismaModule } from './prisma/prisma.module';
 import { AuthModule } from './auth/auth.module';
-import { APP_GUARD } from '@nestjs/core';
-import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
-
+import { AtGuard } from './auth/guards';
 
 @Module({
   imports: [ConfigModule.forRoot({
@@ -17,7 +19,11 @@ import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
     {
       provide: APP_GUARD,
       useClass: ThrottlerGuard
-    }
+    },
+    {
+      provide: APP_GUARD,
+      useClass: AtGuard,
+    },
   ]
 })
 export class AppModule { }

src/auth/abstract/auth-jwt.ts

@@ -0,0 +1,175 @@
+
+import { ConflictException, ForbiddenException, InternalServerErrorException } from "@nestjs/common";
+import { JwtService } from "@nestjs/jwt";
+import * as bcrypt from 'bcrypt';
+import { Tokens } from "../types";
+import { PrismaService } from '../../prisma/prisma.service';
+import { HashingException, UpdateHashException } from './../../exceptions';
+
+
+export abstract class AuthJwt {
+    constructor(protected readonly jwtService: JwtService, protected readonly prismaService: PrismaService) { }
+
+    /**
+     * This TypeScript function generates access and refresh tokens for a user based on their user ID and
+     * email.
+     * @param {number} userId - The `userId` parameter in the `getToken` function represents the unique
+     * identifier of a user for whom the tokens are being generated. It is of type `number` and is used
+     * to associate the tokens with a specific user in the system.
+     * @param {string} email - The `email` parameter in the `getToken` function is a string that
+     * represents the email address of a user. It is used as one of the payload properties when
+     * generating the access token and refresh token for the user identified by the `userId`.
+     * @returns The `getToken` function returns a Promise that resolves to an object containing two
+     * properties: `access_token` and `refresh_token`. These tokens are generated using the `signAsync`
+     * method from the `jwtService` with specific configurations such as `JWT_SECRET` for access token
+     * and `RT` for refresh token. The access token expires in 10 minutes, while the refresh token
+     * expires in 7
+     */
+    async getToken(userId: number, email: string): Promise<Tokens> {
+        try {
+            const [at, rt] = await Promise.all([
+                this.jwtService.signAsync(
+                    {
+                        sub: userId,
+                        email
+                    },
+                    {
+                        secret: process.env.JWT_SECRET,
+                        expiresIn: 60 * 10,
+                    }
+                ),
+                this.jwtService.signAsync(
+                    {
+                        sub: userId,
+                        email
+                    },
+                    {
+                        secret: process.env.RT,
+                        expiresIn: 60 * 60 * 24 * 7,
+                    },
+                )
+            ])
+
+            return {
+                access_token: at,
+                refresh_token: rt
+            }
+        } catch (error) {
+            throw new ConflictException('Something bad happened to get all token.')
+        }
+    }
+
+    /**
+     * The `updatedRtHash` function updates the refresh token hash for a user in a database using Prisma
+     * ORM in TypeScript.
+     * @param {number} userId - The `userId` parameter is a number that represents the unique identifier of
+     * a user in the system.
+     * @param {string} rt - The `rt` parameter in the `updatedRtHash` function is a string representing a
+     * refresh token. It is used to generate a hash value that will be stored in the database for the
+     * corresponding user identified by the `userId`.
+     */
+
+    async updatedRtHash(userId: number, rt: string): Promise<void> {
+        try {
+            const hash = await this.hash(rt);
+
+            await this.prismaService.user.update({
+                where: { id: userId },
+                data: {
+                    refreshTokenHash: hash,
+                },
+            });
+        } catch (error) {
+            throw new UpdateHashException(userId, error.message);
+        }
+    }
+
+    /**
+     * The function asynchronously hashes a given string using bcrypt with a specified salt or number of
+     * rounds.
+     * @param {string} data - The `data` parameter in the `hash` function is a string that represents the
+     * data that you want to hash using the bcrypt algorithm. This data will be securely hashed using a
+     * salt and the specified number of rounds before being returned as a hashed string.
+     * @returns The `hash` function is returning a Promise that resolves to a string, which is the hashed
+     * value of the input `data` string after using the bcrypt hashing algorithm with the specified salt
+     * or rounds.
+     */
+    async hash(data: string): Promise<string> {
+        try {
+            const saltOrRounds = 10;
+            const hash = await bcrypt.hash(data, saltOrRounds);
+            return hash;
+        } catch (error) {
+            throw new HashingException(error.message);
+        }
+    }
+
+    /**
+     * The `logout` function updates the `refreshTokenHash` field to null for a user with a specific ID.
+     * @param {number} sub - The `sub` parameter in the `logout` function is a number that represents the
+     * user's ID or subject identifier. It is used to identify the user whose refresh token hash needs to
+     * be updated to `null` during the logout process.
+     */
+    async logout(sub: number) {
+        try {
+            await this.prismaService.user.update({
+                where: { id: sub },
+                data: {
+                    refreshTokenHash: null,
+                },
+            });
+        } catch (error) {
+            throw new UpdateHashException(sub, error.message);
+        }
+    }
+
+
+    /**
+     * The function `refreshToken` in TypeScript checks and refreshes a user's token based on their ID
+     * and refresh token hash stored in the database.
+     * @param {number} sub - The `sub` parameter in the `refreshToken` function likely stands for
+     * "subject" and is used to identify the user for whom the token is being refreshed. It is typically
+     * a unique identifier for the user in the system, such as a user ID.
+     * @param {string} token - The `token` parameter in the `refreshToken` function is a string that
+     * represents the refresh token provided by the user for refreshing their authentication. This token
+     * is used to verify the user's identity and generate new access tokens for continued access to the
+     * application.
+     * @returns The `refreshToken` function is returning a set of tokens after successfully refreshing
+     * the user's refresh token. The tokens are generated using the `getToken` method and then a new
+     * refresh token hash is generated and updated for the user. Finally, the function returns the newly
+     * generated tokens.
+     */
+    async refreshToken(sub: number, token: string) {
+        try {
+
+            const user = await this.prismaService.user.findFirst({
+                where: {
+                    id: sub,
+                },
+            });
+
+
+            if (!user || !user.refreshTokenHash) {
+                throw new ForbiddenException('Authentication failed. Please check your credentials.');
+            }
+
+            const rtMatches = await bcrypt.compare(token, user.refreshTokenHash);
+            if (!rtMatches) {
+                throw new ForbiddenException('El token ha expirado.');
+            }
+
+            const tokens = await this.getToken(user.id, user.email);
+
+            const hashToken = await this.hash(tokens.refresh_token);
+            await this.updatedRtHash(user.id, hashToken);
+
+            return tokens;
+        } catch (error) {
+
+            if (error instanceof ForbiddenException) {
+                throw error;
+            }
+            throw new InternalServerErrorException('Error al procesar el token de actualización.');
+        }
+    }
+}

src/auth/auth.controller.ts

@@ -1,7 +1,10 @@
 import { AuthService } from './auth.service';
-import { Body, Controller, Post } from '@nestjs/common';
+import { Body, Controller, Post, UseGuards } from '@nestjs/common';
 import { AuthDto } from './dto';
 import { Tokens } from './types';
+import { AtGuard } from './guards';
+import { RtGuard } from './guards/rt-guards';
+import { GetCurrentUser, GetCurrentUserId, Public } from './decorators';
 
 @Controller({
     path: 'auth',
@@ -11,24 +14,34 @@ export class AuthController {
 
     constructor(private authService: AuthService) { }
 
+    @Public()
     @Post('signup')
     async signup(@Body() dto: AuthDto): Promise<Tokens> {
         return await this.authService.signup(dto)
     }
 
+    @Public()
     @Post('signin')
     async signin() {
         await this.authService.signin()
     }
 
+    @UseGuards(AtGuard)
     @Post('logout')
-    async logout() {
-        await this.authService.logout()
+    async logout(@GetCurrentUserId() userId: number) {
+        await this.authService.logout(userId)
     }
 
-    @Post('refresh-token')
-    async refreshToken() {
-        await this.authService.refreshToken()
+
+    @Public()
+    @UseGuards(RtGuard)
+    @Post('refresh')
+    async refreshToken(
+        @GetCurrentUserId() userId: number,
+        @GetCurrentUser('refreshToken') refreshToken: string
+    ) {
+        console.log(refreshToken)
+        await this.authService.refreshToken(userId, refreshToken)
     }
 
 }

src/auth/auth.module.ts

@@ -1,10 +1,21 @@
 import { Module } from '@nestjs/common';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
+import { AtStrategy, RtStrategy } from './strategies';
+import { JwtModule } from '@nestjs/jwt';
+import { jwtConstants } from './constants';
 
 @Module({
+  imports: [
+
+    JwtModule.register({
+      global: true,
+      secret: jwtConstants.secret,
+      signOptions: { expiresIn: '60s' },
+    }),
+  ],
   controllers: [AuthController],
-  providers: [AuthService],
+  providers: [AuthService, AtStrategy, RtStrategy],
 
 })
 export class AuthModule { }

src/auth/auth.service.ts

@@ -1,22 +1,22 @@
-import { BadRequestException, ConflictException, HttpException, HttpStatus, Injectable } from '@nestjs/common';
-import * as bcrypt from 'bcrypt';
+import { ConflictException, HttpException, HttpStatus, Injectable } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
 import { PrismaService } from '../prisma/prisma.service';
 import { AuthDto } from './dto';
 import { Tokens } from './types';
 
+import { AuthJwt } from './abstract/auth-jwt';
+
 @Injectable()
-export class AuthService {
+export class AuthService extends AuthJwt {
 
-    constructor(private readonly prismaService: PrismaService) { }
+    constructor(public prismaService: PrismaService, public jwtService: JwtService) {
+        super(jwtService, prismaService);
+    }
 
     async signup(dto: AuthDto): Promise<Tokens> {
         try {
-
-            if (this.validateEmailExiste(dto.email)) throw new ConflictException("A user with this email already exists.")
-
-            const saltOrRounds = 10;
-            const hash = await bcrypt.hash(dto.password, saltOrRounds);
-
+            if (await this.validateEmailExiste(dto.email)) throw new ConflictException("A user with this email already exists.")
+            const hash = await this.hash(dto.password);
             const created = await this.prismaService.user.create({
                 data: {
                     name: dto.name,
@@ -25,7 +25,10 @@ export class AuthService {
                 }
             })
 
-            return  
+            const tokens = await this.getToken(created.id, created.email);
+            await this.updatedRtHash(created.id, tokens.refresh_token);
+
+            return tokens
         } catch (error) {
             if (error instanceof ConflictException) {
                 throw error;
@@ -34,9 +37,11 @@ export class AuthService {
         }
 
     }
-    async signin() { }
-    async logout() { }
-    async refreshToken() { }
+
+    async signin() {
+
+
+    }
 
     private async validateEmailExiste(email: string): Promise<boolean> {
         try {
@@ -51,5 +56,4 @@ export class AuthService {
         }
     }
 
-
 }

src/auth/constants.ts

@@ -0,0 +1,3 @@
+export const jwtConstants = {
+    secret: 'dLbNdPBFjZYktzXO9gKtZvW3gfhxIGnt',
+};

src/auth/decorators/get-current-user-id.decorator.ts

@@ -0,0 +1,7 @@
+import { createParamDecorator, ExecutionContext } from "@nestjs/common";
+
+export const GetCurrentUserId = createParamDecorator((data: string | undefined, context: ExecutionContext) => {
+    const request = context.switchToHttp().getRequest();
+    if (!data) return request.user.sub;
+    return request.user['user'].sub
+})

src/auth/decorators/get-current-user.decorator.ts

@@ -0,0 +1,7 @@
+import { createParamDecorator, ExecutionContext } from "@nestjs/common";
+
+export const GetCurrentUser = createParamDecorator((data: string | undefined, context: ExecutionContext) => {
+    const request = context.switchToHttp().getRequest();
+    if (!data) return request.user;
+    return request.user['user']
+})

src/auth/decorators/index.ts

@@ -0,0 +1,3 @@
+export * from './get-current-user.decorator';
+export * from './get-current-user-id.decorator';
+export * from './public.decorator';

src/auth/decorators/public.decorator.ts

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);