adds api, guard, tailwind

1 files changed, 36 insertions, 29 deletions

diff --git a/server/controllers/users.controller.ts b/server/controllers/users.controller.ts
index 120a2b3..f9aba90 100644
--- a/server/controllers/users.controller.ts
+++ b/server/controllers/users.controller.ts
@@ -1,50 +1,57 @@
-import {
-  Body,
-  Controller,
-  HttpException,
-  HttpStatus,
-  Post,
-  Res,
-} from '@nestjs/common';
+import { Body, Controller, Get, HttpException, HttpStatus, Post, Res, UseGuards } from '@nestjs/common';
 import * as bcrypt from 'bcrypt';
 import { Response } from 'express';
-import * as jwt from 'jsonwebtoken';
+import { JwtBody } from 'server/decorators/jwt_body.decorator';
 import { CreateUserDto } from 'server/dto/create_user.dto';
+import { JwtBodyDto } from 'server/dto/jwt_body.dto';
+import { RefreshToken } from 'server/entities/refresh_token.entity';
 import { User } from 'server/entities/user.entity';
+import { AuthGuard } from 'server/providers/guards/auth.guard';
+import { JwtService } from 'server/providers/services/jwt.service';
+import { RefreshTokensService } from 'server/providers/services/refresh_tokens.service';
 import { UsersService } from 'server/providers/services/users.service';
 
 @Controller()
 export class UsersController {
-  constructor(private usersService: UsersService) {}
+  constructor(
+    private usersService: UsersService,
+    private jwtService: JwtService,
+    private refreshTokenService: RefreshTokensService,
+  ) {}
+
+  @Get('/users/me')
+  @UseGuards(AuthGuard)
+  async getCurrentUser(@JwtBody() jwtBody: JwtBodyDto) {
+    const user = await this.usersService.find(jwtBody.userId);
+    return { user };
+  }
 
   @Post('/users')
-  async create(
-    @Body() userPayload: CreateUserDto,
-    @Res({ passthrough: true }) res: Response,
-  ) {
+  async create(@Body() userPayload: CreateUserDto, @Res({ passthrough: true }) res: Response) {
     const newUser = new User();
     newUser.email = userPayload.email;
     newUser.name = userPayload.name;
-    newUser.password_hash = await bcrypt.hash(userPayload.password, 10);
+    newUser.passwordHash = await bcrypt.hash(userPayload.password, 10);
 
     try {
       const user = await this.usersService.create(newUser);
-      // assume signup and write cookie
-      // Write JWT to cookie and send with response.
-      const token = jwt.sign(
-        {
-          user_id: user.id,
-        },
-        process.env.ENCRYPTION_KEY,
-        { expiresIn: '1h' },
-      );
-      res.cookie('_token', token);
+      // create refresh token in database for user
+      const newRefreshToken = new RefreshToken();
+      newRefreshToken.user = user;
+      const refreshToken = await this.refreshTokenService.create(newRefreshToken);
+
+      // issue jwt and refreshJwtToken
+      const token = this.jwtService.issueToken({ userId: user.id });
+      const refreshJwtToken = this.jwtService.issueRefreshToken({ id: refreshToken.id, userId: user.id });
+
+      // only refresh token should go in the cookie
+      res.cookie('_refresh_token', refreshJwtToken, {
+        httpOnly: true, // prevents javascript code from accessing cookie (helps protect against XSS attacks)
+      });
+
       return { user, token };
     } catch (e) {
-      throw new HttpException(
-        `User creation failed. ${e.message}`,
-        HttpStatus.BAD_REQUEST,
-      );
+      throw new HttpException(`User creation failed. ${e.message}`, HttpStatus.BAD_REQUEST);
     }
   }
 }