feat cookie set response

Author: vinodnextcoder

src/auth/auth.controller.spec.ts

@@ -1,6 +1,8 @@
 import { Test, TestingModule } from "@nestjs/testing";
 import { AuthController } from "./auth.controller";
 import { AuthService } from "./auth.service";
+import { MockResponse, createResponse } from "node-mocks-http";
+import { Response } from "express";
 
 
 describe("User Controller", () => {
@@ -33,11 +35,14 @@ describe("User Controller", () => {
  describe("auth controller ()", () => {
 
  it("should create access token", async () => {
+ let response1: MockResponse<Response> = createResponse();
+ response1.json = jest.fn();
+ response1.cookie = jest.fn();
  let response = { access_token: "s" };
  const createSpy = jest
  .spyOn(service, "signIn")
  .mockResolvedValueOnce(response);
- await controller.signIn(mockUserRequest);
+ await controller.signIn(mockUserRequest,response1);
  expect(createSpy).toHaveBeenCalled();
  });
 

src/auth/auth.controller.ts

@@ -1,14 +1,17 @@
 import {
  Body,
  Controller,
- Get,
  HttpCode,
  HttpStatus,
  Post,
- Request,
+ Res,
+ UseFilters,
 } from '@nestjs/common';
+import { Response } from 'express';
 import { AuthService } from './auth.service';
 import { Public } from './decorators/public.decorator';
+import { GetCurrentUser, GetCurrentUserId } from '../common/decorators';
+import { HttpExceptionFilter } from '../utils/http-exception.filter';
 
 @Controller('auth')
 export class AuthController {
@@ -17,7 +20,28 @@ export class AuthController {
  @Public()
  @HttpCode(HttpStatus.OK)
  @Post('login')
- signIn(@Body() signInDto: Record<string, any>) {
- return this.authService.signIn(signInDto.email, signInDto.password);
+ signIn(@Body() signInDto: Record<string, any>, @Res({ passthrough: true }) res: Response) {
+ const access_token = this.authService.signIn(signInDto.email, signInDto.password);
+ res.cookie('access_cookies', access_token, {
+ httpOnly: true,
+ expires: new Date(Date.now() + 1 * 24 * 60 * 60 * 1000),
+ path: '/',
+ sameSite: 'none',
+ secure: true,
+ });
+ return access_token;
  }
+
+ @Public()
+ @Post('/refresh')
+ @UseFilters(new HttpExceptionFilter())
+ @HttpCode(HttpStatus.OK)
+ async refreshTokens(
+ @GetCurrentUser('refreshToken') refreshToken: string,
+ @GetCurrentUserId() userId: string,
+ ) {
+ return await this.authService.refreshTokens(userId, refreshToken);
+ }
+
+
 }

src/auth/auth.service.ts

@@ -1,4 +1,4 @@
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { ForbiddenException, Injectable, UnauthorizedException } from '@nestjs/common';
 import { UserService } from '../users/users.service';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
@@ -24,4 +24,57 @@ export class AuthService {
  }
  throw new UnauthorizedException();
  }
+
+
+ async refreshTokens(userId: string, rt: string) {
+ const user = await this.usersService.findOne(userId);
+
+ if (!user || !user.hashdRt) throw new ForbiddenException('Access Denied.');
+
+ const rtMatches = await bcrypt.compare(rt, user.hashdRt);
+
+ if (!rtMatches) throw new ForbiddenException('Access Denied.');
+
+ const tokens = await this.getTokens(user);
+
+ const rtHash = await this.hashPassword(tokens.refresh_token);
+
+ await this.usersService.updateOne(user._id, { hashdRt: rtHash });
+ return tokens;
+ }
+ 
+ async getTokens(user: any) {
+ const [at, rt] = await Promise.all([
+ this.jwtService.signAsync(
+ {
+ sub: user._id,
+ email: user.email,
+ },
+ {
+ secret: 'at-secret',
+ expiresIn: '24h',
+ },
+ ),
+ this.jwtService.signAsync(
+ {
+ sub: user._id,
+ email: user.email,
+ },
+ {
+ secret: 'rt-secret',
+ expiresIn: '30d',
+ },
+ ),
+ ]);
+
+ return {
+ access_token: at,
+ refresh_token: rt,
+ };
+ }
+
+ //Encriptación de la copntraseña
+ async hashPassword(data: string) {
+ return bcrypt.hash(data, 10);
+ }
 }

src/common/decorators/cookies.decorator.ts

@@ -0,0 +1,8 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export const CookiesDecorator = createParamDecorator(
+ (data: string, ctx: ExecutionContext) => {
+ const request = ctx.switchToHttp().getRequest();
+ return data ? request.cookies?.[data] : request.cookies;
+ },
+);

src/common/decorators/get-current-user-id.decorator.ts

@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export const GetCurrentUserId = createParamDecorator(
+ (data: undefined, context: ExecutionContext): string => {
+ const request = context.switchToHttp().getRequest();
+ console.log(request)
+ return request.user['sub'];
+ },
+);

src/common/decorators/get-current-user.decorator.ts

@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export const GetCurrentUser = createParamDecorator(
+ (data: string, context: ExecutionContext) => {
+ const request = context.switchToHttp().getRequest();
+ if (!data) return request.user;
+ return request.user[data];
+ },
+);

src/common/decorators/index.ts

@@ -0,0 +1,3 @@
+export * from './get-current-user.decorator';
+export * from './get-current-user-id.decorator';
+export * from './cookies.decorator';

src/common/guards/at.guard.ts

@@ -0,0 +1,52 @@
+import {
+ CanActivate,
+ ExecutionContext,
+ Injectable,
+ UnauthorizedException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { JwtService } from '@nestjs/jwt';
+import { Request } from 'express';
+import { jwtConstants } from '../../auth/constants';
+import { IS_PUBLIC_KEY } from '../../auth/decorators/public.decorator';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+ constructor(
+ private jwtService: JwtService,
+ private reflector: Reflector,
+ ) {}
+
+ async canActivate(context: ExecutionContext): Promise<boolean> {
+ const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+ context.getHandler(),
+ context.getClass(),
+ ]);
+ if (isPublic) {
+ // 💡 See this condition
+ return true;
+ }
+
+ const request = context.switchToHttp().getRequest();
+ const token = this.extractTokenFromHeader(request);
+ if (!token) {
+ throw new UnauthorizedException();
+ }
+ try {
+ const payload = await this.jwtService.verifyAsync(token, {
+ secret: jwtConstants.secret,
+ });
+ // 💡 We're assigning the payload to the request object here
+ // so that we can access it in our route handlers
+ request['user'] = payload;
+ } catch {
+ throw new UnauthorizedException();
+ }
+ return true;
+ }
+
+ private extractTokenFromHeader(request: Request): string | undefined {
+ const [type, token] = request.headers.authorization?.split(' ') ?? [];
+ return type === 'Bearer' ? token : undefined;
+ }
+}

src/common/guards/index.ts

@@ -0,0 +1,2 @@
+export * from './at.guard';
+// export * from './rt.guard';

src/common/guards/rt.guard.ts

@@ -0,0 +1,7 @@
+// import { AuthGuard } from '@nestjs/passport';
+
+// export class RtGuard extends AuthGuard('jwt-refresh') {
+// constructor() {
+// super();
+// }
+// }