Auth Token Übersendung eingebaut

bizmatch-server/package.json

@@ -39,6 +39,7 @@
     "drizzle-orm": "^0.30.8",
     "fs-extra": "^11.2.0",
     "handlebars": "^4.7.8",
+    "jwks-rsa": "^3.1.0",
     "ky": "^1.2.0",
     "nest-winston": "^1.9.4",
     "nodemailer": "^6.9.10",

bizmatch-server/src/app.controller.ts

@@ -1,12 +1,19 @@
-import { Controller, Get } from '@nestjs/common';
+import { Controller, Get, Request, UseGuards } from '@nestjs/common';
 import { AppService } from './app.service.js';
+import { AuthService } from './auth/auth.service.js';
+import { JwtAuthGuard } from './jwt-auth/jwt-auth.guard.js';
 
 @Controller()
 export class AppController {
-  constructor(private readonly appService: AppService) {}
+  constructor(
+    private readonly appService: AppService,
+    private authService: AuthService,
+  ) {}
 
+  @UseGuards(JwtAuthGuard)
   @Get()
-  getHello(): string {
+  getHello(@Request() req): string {
-    return this.appService.getHello();
+    return req.user;
+    //return 'dfgdf';
   }
 }

bizmatch-server/src/app.module.ts

@@ -15,6 +15,7 @@ import { MailModule } from './mail/mail.module.js';
 import { RequestDurationMiddleware } from './request-duration/request-duration.middleware.js';
 import { SelectOptionsModule } from './select-options/select-options.module.js';
 
+import { PassportModule } from '@nestjs/passport';
 import { UserModule } from './user/user.module.js';
 
 const __filename = fileURLToPath(import.meta.url);
@@ -41,11 +42,19 @@ const __dirname = path.dirname(__filename);
       ],
       // other options
     }),
+    // KeycloakConnectModule.register({
+    //   authServerUrl: 'http://auth.bizmatch.net',
+    //   realm: 'dev',
+    //   clientId: 'dev',
+    //   secret: 'Yu3lETbYUphDiJxgnhhpelcJ63p2FCDM',
+    //   // Secret key of the client taken from keycloak server
+    // }),
     GeoModule,
     UserModule,
     ListingsModule,
     SelectOptionsModule,
     ImageModule,
+    PassportModule,
   ],
   controllers: [AppController],
   providers: [AppService, FileService],

bizmatch-server/src/auth/auth.module.ts

@@ -1,17 +1,16 @@
 import { Module } from '@nestjs/common';
-import { MailerModule } from '@nestjs-modules/mailer';
+import { PassportModule } from '@nestjs/passport';
-import path, { join } from 'path';
+import path from 'path';
-import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter.js';
 import { fileURLToPath } from 'url';
-import { AuthService } from './auth.service.js';
+import { JwtStrategy } from '../jwt.strategy.js';
 import { AuthController } from './auth.controller.js';
+import { AuthService } from './auth.service.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 @Module({
-  imports: [
+  imports: [PassportModule],
-  ],
+  providers: [AuthService, JwtStrategy],
-  providers: [AuthService],
   controllers: [AuthController],
-  exports:[AuthService]
+  exports: [AuthService],
 })
 export class AuthModule {}

bizmatch-server/src/drizzle/import.ts

@@ -109,6 +109,7 @@ for (const commercial of commercialJsonData) {
   commercial.created = insertionDate;
   commercial.updated = insertionDate;
   commercial.userId = user.insertedId;
+  commercial.draft = false;
   const result = await db.insert(schema.commercials).values(commercial).returning();
   //fs.ensureDirSync(`./pictures/property/${result[0].imagePath}/${result[0].serialId}`);
   try {

bizmatch-server/src/jwt-auth/jwt-auth.guard.ts

@@ -0,0 +1,18 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') implements CanActivate {
+  canActivate(context: ExecutionContext) {
+    // Add your custom authentication logic here
+    // for example, call super.logIn(request) to establish a session.
+    return super.canActivate(context);
+  }
+  handleRequest(err, user, info) {
+    // You can throw an exception based on either "info" or "err" arguments
+    if (err || !user) {
+      throw err || new UnauthorizedException(info);
+    }
+    return user;
+  }
+}

bizmatch-server/src/jwt-auth/optional-jwt-auth.guard.ts

@@ -0,0 +1,13 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class OptionalJwtAuthGuard extends AuthGuard('jwt') {
+  handleRequest(err, user, info) {
+    // Wenn der Benutzer nicht authentifiziert ist, aber kein Fehler vorliegt, geben Sie null zurück
+    if (err || !user) {
+      return null;
+    }
+    return user;
+  }
+}

bizmatch-server/src/jwt.strategy.ts

@@ -0,0 +1,36 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { passportJwtSecret } from 'jwks-rsa';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKeyProvider: passportJwtSecret({
+        cache: true,
+        rateLimit: true,
+        jwksRequestsPerMinute: 5,
+        jwksUri: 'https://auth.bizmatch.net/realms/dev/protocol/openid-connect/certs',
+      }),
+      audience: 'account', // Keycloak Client ID
+      issuer: 'https://auth.bizmatch.net/realms/dev',
+      algorithms: ['RS256'],
+    });
+  }
+
+  async validate(payload: any) {
+    console.log('JWT Payload:', payload); // Debugging: JWT Payload anzeigen
+    if (!payload) {
+      console.error('Invalid payload');
+      throw new UnauthorizedException();
+    }
+    if (!payload.sub || !payload.preferred_username) {
+      console.error('Missing required claims');
+      throw new UnauthorizedException();
+    }
+    return { userId: payload.sub, username: payload.preferred_username, roles: payload.realm_access?.roles };
+  }
+}

bizmatch-server/src/listings/business-listings.controller.ts

@@ -1,7 +1,8 @@
-import { Body, Controller, Delete, Get, Inject, Param, Post, Put } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Inject, Param, Post, Put, Request, UseGuards } from '@nestjs/common';
 import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
 import { Logger } from 'winston';
 import { businesses } from '../drizzle/schema.js';
+import { OptionalJwtAuthGuard } from '../jwt-auth/optional-jwt-auth.guard.js';
 import { ListingCriteria } from '../models/main.model.js';
 import { ListingsService } from './listings.service.js';
 
@@ -16,9 +17,11 @@ export class BusinessListingsController {
   findById(@Param('id') id: string): any {
     return this.listingsService.findById(id, businesses);
   }
+
+  @UseGuards(OptionalJwtAuthGuard)
   @Get('user/:userid')
-  findByUserId(@Param('userid') userid: string): any {
+  findByUserId(@Request() req, @Param('userid') userid: string): any {
-    return this.listingsService.findByUserId(userid, businesses);
+    return this.listingsService.findByUserId(userid, businesses, req.user?.username);
   }
 
   @Post('search')

bizmatch-server/src/listings/commercial-property-listings.controller.ts

@@ -1,8 +1,9 @@
-import { Body, Controller, Delete, Get, Inject, Param, Post, Put } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Inject, Param, Post, Put, Request, UseGuards } from '@nestjs/common';
 import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
 import { Logger } from 'winston';
 import { commercials } from '../drizzle/schema.js';
 import { FileService } from '../file/file.service.js';
+import { OptionalJwtAuthGuard } from '../jwt-auth/optional-jwt-auth.guard.js';
 import { ListingCriteria } from '../models/main.model.js';
 import { ListingsService } from './listings.service.js';
 
@@ -18,9 +19,12 @@ export class CommercialPropertyListingsController {
   findById(@Param('id') id: string): any {
     return this.listingsService.findById(id, commercials);
   }
+
+  @UseGuards(OptionalJwtAuthGuard)
   @Get('user/:userid')
-  findByUserId(@Param('userid') userid: string): any {
+  findByUserId(@Request() req, @Param('userid') userid: string): any {
-    return this.listingsService.findByUserId(userid, commercials);
+    console.log(req.user?.username);
+    return this.listingsService.findByUserId(userid, commercials, req.user?.username);
   }
   @Post('search')
   async find(@Body() criteria: ListingCriteria): Promise<any> {

bizmatch-server/src/listings/listings.module.ts

@@ -1,4 +1,5 @@
 import { Module } from '@nestjs/common';
+import { AuthModule } from '../auth/auth.module.js';
 import { DrizzleModule } from '../drizzle/drizzle.module.js';
 import { FileService } from '../file/file.service.js';
 import { UserService } from '../user/user.service.js';
@@ -9,7 +10,7 @@ import { ListingsService } from './listings.service.js';
 import { UnknownListingsController } from './unknown-listings.controller.js';
 
 @Module({
-  imports: [DrizzleModule],
+  imports: [DrizzleModule, AuthModule],
   controllers: [BusinessListingsController, CommercialPropertyListingsController, UnknownListingsController, BrokerListingsController],
   providers: [ListingsService, FileService, UserService],
   exports: [ListingsService],

bizmatch-server/src/listings/listings.service.ts

@@ -68,17 +68,17 @@ export class ListingsService {
     const result = await this.conn
       .select()
       .from(table)
-      .where(sql`${table.id} = ${id}`);
+      .where(and(sql`${table.id} = ${id}`, ne(table.draft, true)));
     return result[0] as BusinessListing | CommercialPropertyListing;
   }
   async findByImagePath(imagePath: string, serial: string): Promise<CommercialPropertyListing> {
     const result = await this.conn
       .select()
       .from(commercials)
-      .where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`));
+      .where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`, ne(commercials.draft, true)));
     return result[0] as CommercialPropertyListing;
   }
-  async findByUserId(userId: string, table: typeof businesses | typeof commercials): Promise<BusinessListing[] | CommercialPropertyListing[]> {
+  async findByUserId(userId: string, table: typeof businesses | typeof commercials, email: string): Promise<BusinessListing[] | CommercialPropertyListing[]> {
     return (await this.conn.select().from(table).where(eq(table.userId, userId))) as BusinessListing[] | CommercialPropertyListing[];
   }
 

bizmatch-server/src/main.ts

@@ -1,17 +1,19 @@
 import { NestFactory } from '@nestjs/core';
-import { AppModule } from './app.module.js';
+import express from 'express';
-import * as express from 'express';
+import path from 'path';
-import path, { join } from 'path';
 import { fileURLToPath } from 'url';
+import { AppModule } from './app.module.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 async function bootstrap() {
+  const server = express();
   const app = await NestFactory.create(AppModule);
   app.setGlobalPrefix('bizmatch');
   app.enableCors({
     origin: '*',
+    //origin: 'http://localhost:4200', // Die URL Ihrer Angular-App
     methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
-    allowedHeaders: 'Content-Type, Accept',
+    allowedHeaders: 'Content-Type, Accept, Authorization',
   });
   //origin: 'http://localhost:4200',
   await app.listen(3000);

bizmatch/src/app/app.config.ts

@@ -3,7 +3,7 @@ import { provideRouter, withEnabledBlockingInitialNavigation, withInMemoryScroll
 
 import { HTTP_INTERCEPTORS, provideHttpClient, withInterceptorsFromDi } from '@angular/common/http';
 import { provideAnimations } from '@angular/platform-browser/animations';
-import { KeycloakService } from 'keycloak-angular';
+import { KeycloakBearerInterceptor, KeycloakService } from 'keycloak-angular';
 import { environment } from '../environments/environment';
 import { customKeycloakAdapter } from '../keycloak';
 import { routes } from './app.routes';
@@ -37,6 +37,11 @@ export const appConfig: ApplicationConfig = {
       useClass: LoadingInterceptor,
       multi: true,
     },
+    {
+      provide: HTTP_INTERCEPTORS,
+      useClass: KeycloakBearerInterceptor,
+      multi: true,
+    },
     provideRouter(
       routes,
       withEnabledBlockingInitialNavigation(),
@@ -89,6 +94,10 @@ function initializeKeycloak(keycloak: KeycloakService) {
         onLoad: 'check-sso',
         silentCheckSsoRedirectUri: (<any>window).location.origin + '/assets/silent-check-sso.html',
       },
+      bearerExcludedUrls: ['/assets'],
+      shouldUpdateToken(request) {
+        return !request.headers.get('token-update') === false;
+      },
     });
     logger.info(`+++>${authenticated}`);
   };

bizmatch/src/app/interceptors/keycloak-bearer.interceptor.ts

@@ -1,95 +0,0 @@
-/**
- * @license
- * Copyright Mauricio Gemelli Vigolo and contributors.
- *
- * Use of this source code is governed by a MIT-style license that can be
- * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
- */
-
-import { HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http';
-import { Injectable } from '@angular/core';
-
-import { Observable, combineLatest, from, of } from 'rxjs';
-import { mergeMap } from 'rxjs/operators';
-
-import { ExcludedUrlRegex } from '../models/keycloak-options';
-import { KeycloakService } from '../services/keycloak.service';
-
-/**
- * This interceptor includes the bearer by default in all HttpClient requests.
- *
- * If you need to exclude some URLs from adding the bearer, please, take a look
- * at the {@link KeycloakOptions} bearerExcludedUrls property.
- */
-@Injectable()
-export class KeycloakBearerInterceptor implements HttpInterceptor {
-  constructor(private keycloak: KeycloakService) {}
-
-  /**
-   * Calls to update the keycloak token if the request should update the token.
-   *
-   * @param req http request from @angular http module.
-   * @returns
-   * A promise boolean for the token update or noop result.
-   */
-  private async conditionallyUpdateToken(req: HttpRequest<unknown>): Promise<boolean> {
-    if (this.keycloak.shouldUpdateToken(req)) {
-      return await this.keycloak.updateToken();
-    }
-
-    return true;
-  }
-
-  /**
-   * @deprecated
-   * Checks if the url is excluded from having the Bearer Authorization
-   * header added.
-   *
-   * @param req http request from @angular http module.
-   * @param excludedUrlRegex contains the url pattern and the http methods,
-   * excluded from adding the bearer at the Http Request.
-   */
-  private isUrlExcluded({ method, url }: HttpRequest<unknown>, { urlPattern, httpMethods }: ExcludedUrlRegex): boolean {
-    const httpTest = httpMethods.length === 0 || httpMethods.join().indexOf(method.toUpperCase()) > -1;
-
-    const urlTest = urlPattern.test(url);
-
-    return httpTest && urlTest;
-  }
-
-  /**
-   * Intercept implementation that checks if the request url matches the excludedUrls.
-   * If not, adds the Authorization header to the request if the user is logged in.
-   *
-   * @param req
-   * @param next
-   */
-  public intercept(req: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
-    const { enableBearerInterceptor, excludedUrls } = this.keycloak;
-    if (!enableBearerInterceptor) {
-      return next.handle(req);
-    }
-
-    const shallPass: boolean = !this.keycloak.shouldAddToken(req) || excludedUrls.findIndex(item => this.isUrlExcluded(req, item)) > -1;
-    if (shallPass) {
-      return next.handle(req);
-    }
-
-    return combineLatest([from(this.conditionallyUpdateToken(req)), of(this.keycloak.isLoggedIn())]).pipe(mergeMap(([_, isLoggedIn]) => (isLoggedIn ? this.handleRequestWithTokenHeader(req, next) : next.handle(req))));
-  }
-
-  /**
-   * Adds the token of the current user to the Authorization header
-   *
-   * @param req
-   * @param next
-   */
-  private handleRequestWithTokenHeader(req: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
-    return this.keycloak.addTokenToHeader(req.headers).pipe(
-      mergeMap(headersWithBearer => {
-        const kcReq = req.clone({ headers: headersWithBearer });
-        return next.handle(kcReq);
-      }),
-    );
-  }
-}