aknuth
/
bizmatch-project
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects 5 Releases Wiki Activity

Auth Token Übersendung eingebaut

This commit is contained in:
Andreas Knuth 2024-05-27 18:02:47 -05:00
parent 0473f74241
commit 226d2ebc1e
15 changed files with 131 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bizmatch-server/package.json
View File

@ -39,6 +39,7 @@
"drizzle-orm": "^0.30.8",
"fs-extra": "^11.2.0",
"handlebars": "^4.7.8",
"jwks-rsa": "^3.1.0",
"ky": "^1.2.0",
"nest-winston": "^1.9.4",
"nodemailer": "^6.9.10",

15
bizmatch-server/src/app.controller.ts
View File

@ -1,12 +1,19 @@
import { Controller, Get } from '@nestjs/common';
import { Controller, Get, Request, UseGuards } from '@nestjs/common';
import { AppService } from './app.service.js';
import { AuthService } from './auth/auth.service.js';
import { JwtAuthGuard } from './jwt-auth/jwt-auth.guard.js';
@Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
constructor(
private readonly appService: AppService,
private authService: AuthService,
) {}
@UseGuards(JwtAuthGuard)
@Get()
getHello(): string {
return this.appService.getHello();
getHello(@Request() req): string {
return req.user;
//return 'dfgdf';
}
}

9
bizmatch-server/src/app.module.ts
View File

@ -15,6 +15,7 @@ import { MailModule } from './mail/mail.module.js';
import { RequestDurationMiddleware } from './request-duration/request-duration.middleware.js';
import { SelectOptionsModule } from './select-options/select-options.module.js';
import { PassportModule } from '@nestjs/passport';
import { UserModule } from './user/user.module.js';
const __filename = fileURLToPath(import.meta.url);
@ -41,11 +42,19 @@ const __dirname = path.dirname(__filename);
],
// other options
}),
// KeycloakConnectModule.register({
// authServerUrl: 'http://auth.bizmatch.net',
// realm: 'dev',
// clientId: 'dev',
// secret: 'Yu3lETbYUphDiJxgnhhpelcJ63p2FCDM',
// // Secret key of the client taken from keycloak server
// }),
GeoModule,
UserModule,
ListingsModule,
SelectOptionsModule,
ImageModule,
PassportModule,
],
controllers: [AppController],
providers: [AppService, FileService],

15
bizmatch-server/src/auth/auth.module.ts
View File

@ -1,17 +1,16 @@
import { Module } from '@nestjs/common';
import { MailerModule } from '@nestjs-modules/mailer';
import path, { join } from 'path';
import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter.js';
import { PassportModule } from '@nestjs/passport';
import path from 'path';
import { fileURLToPath } from 'url';
import { AuthService } from './auth.service.js';
import { JwtStrategy } from '../jwt.strategy.js';
import { AuthController } from './auth.controller.js';
import { AuthService } from './auth.service.js';
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
@Module({
imports: [
],
providers: [AuthService],
imports: [PassportModule],
providers: [AuthService, JwtStrategy],
controllers: [AuthController],
exports:[AuthService]
exports: [AuthService],
})
export class AuthModule {}

1
bizmatch-server/src/drizzle/import.ts
View File

@ -109,6 +109,7 @@ for (const commercial of commercialJsonData) {
commercial.created = insertionDate;
commercial.updated = insertionDate;
commercial.userId = user.insertedId;
commercial.draft = false;
const result = await db.insert(schema.commercials).values(commercial).returning();
//fs.ensureDirSync(`./pictures/property/${result[0].imagePath}/${result[0].serialId}`);
try {

18
bizmatch-server/src/jwt-auth/jwt-auth.guard.ts Normal file
View File

@ -0,0 +1,18 @@
import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') implements CanActivate {
canActivate(context: ExecutionContext) {
// Add your custom authentication logic here
// for example, call super.logIn(request) to establish a session.
return super.canActivate(context);
}
handleRequest(err, user, info) {
// You can throw an exception based on either "info" or "err" arguments
if (err || !user) {
throw err || new UnauthorizedException(info);
}
return user;
}
}

13
bizmatch-server/src/jwt-auth/optional-jwt-auth.guard.ts Normal file
View File

@ -0,0 +1,13 @@
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class OptionalJwtAuthGuard extends AuthGuard('jwt') {
handleRequest(err, user, info) {
// Wenn der Benutzer nicht authentifiziert ist, aber kein Fehler vorliegt, geben Sie null zurück
if (err || !user) {
return null;
}
return user;
}
}

36
bizmatch-server/src/jwt.strategy.ts Normal file
View File

@ -0,0 +1,36 @@
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { passportJwtSecret } from 'jwks-rsa';
import { ExtractJwt, Strategy } from 'passport-jwt';
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: false,
secretOrKeyProvider: passportJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://auth.bizmatch.net/realms/dev/protocol/openid-connect/certs',
}),
audience: 'account', // Keycloak Client ID
issuer: 'https://auth.bizmatch.net/realms/dev',
algorithms: ['RS256'],
});
}
async validate(payload: any) {
console.log('JWT Payload:', payload); // Debugging: JWT Payload anzeigen
if (!payload) {
console.error('Invalid payload');
throw new UnauthorizedException();
}
if (!payload.sub || !payload.preferred_username) {
console.error('Missing required claims');
throw new UnauthorizedException();
}
return { userId: payload.sub, username: payload.preferred_username, roles: payload.realm_access?.roles };
}
}

9
bizmatch-server/src/listings/business-listings.controller.ts
View File

@ -1,7 +1,8 @@
import { Body, Controller, Delete, Get, Inject, Param, Post, Put } from '@nestjs/common';
import { Body, Controller, Delete, Get, Inject, Param, Post, Put, Request, UseGuards } from '@nestjs/common';
import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
import { Logger } from 'winston';
import { businesses } from '../drizzle/schema.js';
import { OptionalJwtAuthGuard } from '../jwt-auth/optional-jwt-auth.guard.js';
import { ListingCriteria } from '../models/main.model.js';
import { ListingsService } from './listings.service.js';
@ -16,9 +17,11 @@ export class BusinessListingsController {
findById(@Param('id') id: string): any {
return this.listingsService.findById(id, businesses);
}
@UseGuards(OptionalJwtAuthGuard)
@Get('user/:userid')
findByUserId(@Param('userid') userid: string): any {
return this.listingsService.findByUserId(userid, businesses);
findByUserId(@Request() req, @Param('userid') userid: string): any {
return this.listingsService.findByUserId(userid, businesses, req.user?.username);
}
@Post('search')

10
bizmatch-server/src/listings/commercial-property-listings.controller.ts
View File

@ -1,8 +1,9 @@
import { Body, Controller, Delete, Get, Inject, Param, Post, Put } from '@nestjs/common';
import { Body, Controller, Delete, Get, Inject, Param, Post, Put, Request, UseGuards } from '@nestjs/common';
import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
import { Logger } from 'winston';
import { commercials } from '../drizzle/schema.js';
import { FileService } from '../file/file.service.js';
import { OptionalJwtAuthGuard } from '../jwt-auth/optional-jwt-auth.guard.js';
import { ListingCriteria } from '../models/main.model.js';
import { ListingsService } from './listings.service.js';
@ -18,9 +19,12 @@ export class CommercialPropertyListingsController {
findById(@Param('id') id: string): any {
return this.listingsService.findById(id, commercials);
}
@UseGuards(OptionalJwtAuthGuard)
@Get('user/:userid')
findByUserId(@Param('userid') userid: string): any {
return this.listingsService.findByUserId(userid, commercials);
findByUserId(@Request() req, @Param('userid') userid: string): any {
console.log(req.user?.username);
return this.listingsService.findByUserId(userid, commercials, req.user?.username);
}
@Post('search')
async find(@Body() criteria: ListingCriteria): Promise<any> {

3
bizmatch-server/src/listings/listings.module.ts
View File

@ -1,4 +1,5 @@
import { Module } from '@nestjs/common';
import { AuthModule } from '../auth/auth.module.js';
import { DrizzleModule } from '../drizzle/drizzle.module.js';
import { FileService } from '../file/file.service.js';
import { UserService } from '../user/user.service.js';
@ -9,7 +10,7 @@ import { ListingsService } from './listings.service.js';
import { UnknownListingsController } from './unknown-listings.controller.js';
@Module({
imports: [DrizzleModule],
imports: [DrizzleModule, AuthModule],
controllers: [BusinessListingsController, CommercialPropertyListingsController, UnknownListingsController, BrokerListingsController],
providers: [ListingsService, FileService, UserService],
exports: [ListingsService],

6
bizmatch-server/src/listings/listings.service.ts
View File

@ -68,17 +68,17 @@ export class ListingsService {
const result = await this.conn
.select()
.from(table)
.where(sql`${table.id} = ${id}`);
.where(and(sql`${table.id} = ${id}`, ne(table.draft, true)));
return result[0] as BusinessListing | CommercialPropertyListing;
}
async findByImagePath(imagePath: string, serial: string): Promise<CommercialPropertyListing> {
const result = await this.conn
.select()
.from(commercials)
.where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`));
.where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`, ne(commercials.draft, true)));
return result[0] as CommercialPropertyListing;
}
async findByUserId(userId: string, table: typeof businesses | typeof commercials): Promise<BusinessListing[] | CommercialPropertyListing[]> {
async findByUserId(userId: string, table: typeof businesses | typeof commercials, email: string): Promise<BusinessListing[] | CommercialPropertyListing[]> {
return (await this.conn.select().from(table).where(eq(table.userId, userId))) as BusinessListing[] | CommercialPropertyListing[];
}

10
bizmatch-server/src/main.ts
View File

@ -1,17 +1,19 @@
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module.js';
import * as express from 'express';
import path, { join } from 'path';
import express from 'express';
import path from 'path';
import { fileURLToPath } from 'url';
import { AppModule } from './app.module.js';
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
async function bootstrap() {
const server = express();
const app = await NestFactory.create(AppModule);
app.setGlobalPrefix('bizmatch');
app.enableCors({
origin: '*',
//origin: 'http://localhost:4200', // Die URL Ihrer Angular-App
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
allowedHeaders: 'Content-Type, Accept',
allowedHeaders: 'Content-Type, Accept, Authorization',
});
//origin: 'http://localhost:4200',
await app.listen(3000);

11
bizmatch/src/app/app.config.ts
View File

@ -3,7 +3,7 @@ import { provideRouter, withEnabledBlockingInitialNavigation, withInMemoryScroll
import { HTTP_INTERCEPTORS, provideHttpClient, withInterceptorsFromDi } from '@angular/common/http';
import { provideAnimations } from '@angular/platform-browser/animations';
import { KeycloakService } from 'keycloak-angular';
import { KeycloakBearerInterceptor, KeycloakService } from 'keycloak-angular';
import { environment } from '../environments/environment';
import { customKeycloakAdapter } from '../keycloak';
import { routes } from './app.routes';
@ -37,6 +37,11 @@ export const appConfig: ApplicationConfig = {
useClass: LoadingInterceptor,
multi: true,
},
{
provide: HTTP_INTERCEPTORS,
useClass: KeycloakBearerInterceptor,
multi: true,
},
provideRouter(
routes,
withEnabledBlockingInitialNavigation(),
@ -89,6 +94,10 @@ function initializeKeycloak(keycloak: KeycloakService) {
onLoad: 'check-sso',
silentCheckSsoRedirectUri: (<any>window).location.origin + '/assets/silent-check-sso.html',
},
bearerExcludedUrls: ['/assets'],
shouldUpdateToken(request) {
return !request.headers.get('token-update') === false;
},
});
logger.info(`+++>${authenticated}`);
};

95
bizmatch/src/app/interceptors/keycloak-bearer.interceptor.ts
View File

@ -1,95 +0,0 @@
/**
* @license
* Copyright Mauricio Gemelli Vigolo and contributors.
*
* Use of this source code is governed by a MIT-style license that can be
* found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
*/
import { HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable, combineLatest, from, of } from 'rxjs';
import { mergeMap } from 'rxjs/operators';
import { ExcludedUrlRegex } from '../models/keycloak-options';
import { KeycloakService } from '../services/keycloak.service';
/**
* This interceptor includes the bearer by default in all HttpClient requests.
*
* If you need to exclude some URLs from adding the bearer, please, take a look
* at the {@link KeycloakOptions} bearerExcludedUrls property.
*/
@Injectable()
export class KeycloakBearerInterceptor implements HttpInterceptor {
constructor(private keycloak: KeycloakService) {}
/**
* Calls to update the keycloak token if the request should update the token.
*
* @param req http request from @angular http module.
* @returns
* A promise boolean for the token update or noop result.
*/
private async conditionallyUpdateToken(req: HttpRequest<unknown>): Promise<boolean> {
if (this.keycloak.shouldUpdateToken(req)) {
return await this.keycloak.updateToken();
}
return true;
}
/**
* @deprecated
* Checks if the url is excluded from having the Bearer Authorization
* header added.
*
* @param req http request from @angular http module.
* @param excludedUrlRegex contains the url pattern and the http methods,
* excluded from adding the bearer at the Http Request.
*/
private isUrlExcluded({ method, url }: HttpRequest<unknown>, { urlPattern, httpMethods }: ExcludedUrlRegex): boolean {
const httpTest = httpMethods.length === 0 || httpMethods.join().indexOf(method.toUpperCase()) > -1;
const urlTest = urlPattern.test(url);
return httpTest && urlTest;
}
/**
* Intercept implementation that checks if the request url matches the excludedUrls.
* If not, adds the Authorization header to the request if the user is logged in.
*
* @param req
* @param next
*/
public intercept(req: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
const { enableBearerInterceptor, excludedUrls } = this.keycloak;
if (!enableBearerInterceptor) {
return next.handle(req);
}
const shallPass: boolean = !this.keycloak.shouldAddToken(req) || excludedUrls.findIndex(item => this.isUrlExcluded(req, item)) > -1;
if (shallPass) {
return next.handle(req);
}
return combineLatest([from(this.conditionallyUpdateToken(req)), of(this.keycloak.isLoggedIn())]).pipe(mergeMap(([_, isLoggedIn]) => (isLoggedIn ? this.handleRequestWithTokenHeader(req, next) : next.handle(req))));
}
/**
* Adds the token of the current user to the Authorization header
*
* @param req
* @param next
*/
private handleRequestWithTokenHeader(req: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
return this.keycloak.addTokenToHeader(req.headers).pipe(
mergeMap(headersWithBearer => {
const kcReq = req.clone({ headers: headersWithBearer });
return next.handle(kcReq);
}),
);
}
}