Adding the ability to guard APIs using JWT

Author: amitavroy

server/package.json

@@ -29,13 +29,18 @@
     "@nestjs/common": "^7.5.1",
     "@nestjs/config": "^0.6.3",
     "@nestjs/core": "^7.5.1",
+    "@nestjs/jwt": "^8.0.0",
+    "@nestjs/passport": "^8.2.1",
     "@nestjs/platform-express": "^7.5.1",
     "@nestjs/typeorm": "^7.1.5",
     "@types/bcrypt": "^3.0.1",
     "bcrypt": "^5.0.1",
     "class-transformer": "^0.3.2",
     "class-validator": "^0.13.1",
     "mysql2": "^2.3.3",
+    "passport": "^0.5.2",
+    "passport-jwt": "^4.0.0",
+    "passport-local": "^1.0.0",
     "reflect-metadata": "^0.1.13",
     "rimraf": "^3.0.2",
     "rxjs": "^6.6.3",
@@ -48,6 +53,9 @@
     "@types/express": "^4.17.8",
     "@types/jest": "^26.0.15",
     "@types/node": "^14.14.6",
+    "@types/passport": "^1.0.7",
+    "@types/passport-jwt": "^3.0.6",
+    "@types/passport-local": "^1.0.34",
     "@types/supertest": "^2.0.10",
     "@typescript-eslint/eslint-plugin": "^4.6.1",
     "@typescript-eslint/parser": "^4.6.1",

server/src/app.module.ts

@@ -6,12 +6,14 @@ import { AppService } from './app.service';
 import { typeOrmAsyncConfig } from './config/typeorm.config';
 import { QuizModule } from './modules/quiz/quiz.module';
 import { UserModule } from './modules/user/user.module';
+import { AuthModule } from './modules/auth/auth.module';
 @Module({
   imports: [
     ConfigModule.forRoot({ isGlobal: true }),
     TypeOrmModule.forRootAsync(typeOrmAsyncConfig),
     QuizModule,
     UserModule,
+    AuthModule,
   ],
   controllers: [AppController],
   providers: [AppService],

server/src/modules/auth/auth.controller.ts

@@ -0,0 +1,21 @@
+import { Controller, Get, Post, Request, UseGuards } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { JwtAuthGuard } from './jwt-auth.guard';
+import { LocalAuthGuard } from './local-auth.guard';
+
+@Controller('auth')
+export class AuthController {
+  constructor(private authService: AuthService) {}
+
+  @UseGuards(LocalAuthGuard)
+  @Post('login')
+  async login(@Request() req): Promise<any> {
+    return this.authService.generateToken(req.user);
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Get('user')
+  async user(@Request() req): Promise<any> {
+    return req.user;
+  }
+}

server/src/modules/auth/auth.module.ts

@@ -0,0 +1,22 @@
+import { Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { AuthController } from './auth.controller';
+import { LocalStrategy } from './local.strategy';
+import { UserModule } from '../user/user.module';
+import { PassportModule } from '@nestjs/passport';
+import { JwtModule } from '@nestjs/jwt';
+import { JwtStrategy } from './jwt.strategy';
+
+@Module({
+  imports: [
+    UserModule,
+    PassportModule,
+    JwtModule.register({
+      secret: 'asdasghgfhgfh5355dfgfg345345',
+      signOptions: { expiresIn: '1d' },
+    }),
+  ],
+  providers: [AuthService, LocalStrategy, JwtStrategy],
+  controllers: [AuthController],
+})
+export class AuthModule {}

server/src/modules/auth/auth.service.ts

@@ -0,0 +1,36 @@
+import {
+  BadRequestException,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { UserService } from '../user/user.service';
+import * as bcrypt from 'bcrypt';
+import { JwtService } from '@nestjs/jwt';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private userService: UserService,
+    private jwtService: JwtService,
+  ) {}
+
+  async validateUserCreds(email: string, password: string): Promise<any> {
+    const user = await this.userService.getUserByEmail(email);
+
+    if (!user) throw new BadRequestException();
+
+    if (!(await bcrypt.compare(password, user.password)))
+      throw new UnauthorizedException();
+
+    return user;
+  }
+
+  generateToken(user: any) {
+    return {
+      access_token: this.jwtService.sign({
+        name: user.name,
+        sub: user.id,
+      }),
+    };
+  }
+}

server/src/modules/auth/jwt-auth.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {}

server/src/modules/auth/jwt.strategy.ts

@@ -0,0 +1,19 @@
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      secretOrKey: 'asdasghgfhgfh5355dfgfg345345',
+    });
+  }
+
+  async validate(payload: any) {
+    return {
+      id: payload.sub,
+      name: payload.name,
+      tenant: 'amitav',
+    };
+  }
+}

server/src/modules/auth/local-auth.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class LocalAuthGuard extends AuthGuard('local') {}

server/src/modules/auth/local.strategy.ts

@@ -0,0 +1,17 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { Strategy } from 'passport-local';
+import { AuthService } from './auth.service';
+
+@Injectable()
+export class LocalStrategy extends PassportStrategy(Strategy) {
+  constructor(private authService: AuthService) {
+    super();
+  }
+
+  async validate(email: string, password: string) {
+    const user = await this.authService.validateUserCreds(email, password);
+    if (!user) throw new UnauthorizedException();
+    return user;
+  }
+}

server/src/modules/user/user.module.ts

@@ -5,5 +5,6 @@ import { UserService } from './user.service';
 @Module({
   providers: [UserService],
   controllers: [UserController],
+  exports: [UserService],
 })
 export class UserModule {}

server/src/modules/user/user.service.ts

@@ -14,4 +14,8 @@ export class UserService {
 
     return await user.save();
   }
+
+  async getUserByEmail(email: string): Promise<User | undefined> {
+    return User.findOne({ where: { email } });
+  }
 }