fix: auth middleware user object

Author: lujakob

src/user/auth.middleware.ts

@@ -22,7 +22,7 @@ export class AuthMiddleware implements NestMiddleware {
           throw new HttpException('User not found.', HttpStatus.UNAUTHORIZED);
         }
 
-        req.user = user;
+        req.user = user.user;
         next();
 
       } else {

src/user/user.controller.ts

@@ -21,8 +21,8 @@ export class UserController {
   constructor(private readonly userService: UserService) {}
 
   @Get('user')
-  async findMe(@User('id') userId: number): Promise<UserEntity> {
-    return await this.userService.findById(userId);
+  async findMe(@User('email') email: string): Promise<UserRO> {
+    return await this.userService.findByEmail(email);
   }
 
   @Put('user')
@@ -44,10 +44,10 @@ export class UserController {
   @UsePipes(new ValidationPipe())
   @Post('users/login')
   async login(@Body('user') loginUserDto: LoginUserDto): Promise<UserRO> {
-    console.log("loginUserDto", loginUserDto);
     const _user = await this.userService.findOne(loginUserDto);
 
-    if (!_user) throw new HttpException('User not found.', 401);
+    const errors = {User: ' not found'};
+    if (!_user) throw new HttpException({errors}, 401);
 
     const token = await this.userService.generateJWT(_user);
     const {email, username, bio, image} = _user;

src/user/user.decorator.ts

@@ -11,7 +11,6 @@ export const User = createRouteParamDecorator((data, req) => {
 
   // in case a route is not protected, we still want to get the optional auth user from jwt
   const token = req.headers.authorization ? (req.headers.authorization as string).split(' ') : null;
-
   if (token && token[1]) {
     const decoded: any = jwt.verify(token[1], SECRET);
     return !!data ? decoded[data] : decoded.user;

src/user/user.service.ts

@@ -61,15 +61,7 @@ export class UserService {
 
     } else {
       const savedUser = await this.userRepository.save(newUser);
-      const userRO = {
-        username: savedUser.username,
-        email: savedUser.email,
-        bio: savedUser.bio,
-        token: this.generateJWT(savedUser),
-        image: savedUser.image
-      };
-
-      return {user: userRO};
+      return this.buildUserRO(savedUser);
     }
 
   }
@@ -87,16 +79,20 @@ export class UserService {
     return await this.userRepository.delete({ email: email});
   }
 
-  async findById(id: number): Promise<UserEntity>{
+  async findById(id: number): Promise<UserRO>{
     const user = await this.userRepository.findOneById(id);
-    if (user) delete user.password;
-    return user;
+
+    if (!user) {
+      const errors = {User: ' not found'};
+      throw new HttpException({errors}, 401);
+    };
+
+    return this.buildUserRO(user);
   }
 
-  async findByEmail(email: string): Promise<UserEntity>{
+  async findByEmail(email: string): Promise<UserRO>{
     const user = await this.userRepository.findOne({email: email});
-    if (user) delete user.password;
-    return user;
+    return this.buildUserRO(user);
   }
 
   public generateJWT(user) {
@@ -111,4 +107,16 @@ export class UserService {
       exp: exp.getTime() / 1000,
     }, SECRET);
   };
+
+  private buildUserRO(user: UserEntity) {
+    const userRO = {
+      username: user.username,
+      email: user.email,
+      bio: user.bio,
+      token: this.generateJWT(user),
+      image: user.image
+    };
+
+    return {user: userRO};
+  }
 }