adds roles

author: Joseph Ditton <jditton.atomic@gmail.com> 2021-12-01 20:18:26 -0700
committer: Joseph Ditton <jditton.atomic@gmail.com> 2021-12-01 20:18:26 -0700
commit: 84b45cd6b11347e66437cd92dc20372d0abd6eb9 (patch)
tree: 6e42b5861278485c67159dc57c225983e3fd69f8 /server/controllers
parent: d803aaaf1be441f55fe674c3b0c6793e77a9203f (diff)
download: locchat-84b45cd6b11347e66437cd92dc20372d0abd6eb9.tar.gz
locchat-84b45cd6b11347e66437cd92dc20372d0abd6eb9.zip
3 files changed, 39 insertions, 7 deletions
diff --git a/server/controllers/refresh_tokens.controller.ts b/server/controllers/refresh_tokens.controller.ts
index 2a24abe..6aa696f 100644
--- a/server/controllers/refresh_tokens.controller.ts
+++ b/server/controllers/refresh_tokens.controller.ts
@@ -4,14 +4,18 @@ import { UsersService } from 'server/providers/services/users.service';
 import { SignInDto } from 'server/dto/sign_in.dto';
 import { RefreshTokenBody } from 'server/dto/refresh_token_body.dto';
 import { JwtService } from 'server/providers/services/jwt.service';
+import { Skip } from 'server/decorators/skip.decorator';
+import { AuthGuard } from 'server/providers/guards/auth.guard';
+import { RolesService } from 'server/providers/services/roles.service';
 
 // this is kind of a misnomer because we are doing token based auth
 // instead of session based auth
 @Controller()
 export class RefreshTokensController {
-  constructor(private usersService: UsersService, private jwtService: JwtService) {}
+  constructor(private usersService: UsersService, private rolesService: RolesService, private jwtService: JwtService) {}
 
   @Get('/refresh_token')
+  @Skip(AuthGuard)
   async get(@Body() body: SignInDto, @Req() req: Request) {
     const refreshToken: string = req.cookies['_refresh_token'];
     if (!refreshToken) {
@@ -20,13 +24,15 @@ export class RefreshTokensController {
 
     const tokenBody = this.jwtService.parseRefreshToken(refreshToken) as RefreshTokenBody;
 
-    const user = await this.usersService.find(tokenBody.userId, ['refreshTokens']);
+    const user = await this.usersService.find(tokenBody.userId, ['refreshTokens', 'userRoles']);
+    const userRoles = await this.rolesService.findByIds(user.userRoles.map((ur) => ur.roleId));
+
     const userRefreshToken = user.refreshTokens.find((t) => t.id === tokenBody.id);
     if (!userRefreshToken) {
       throw new HttpException('User refresh token not found', 401);
     }
 
-    const token = this.jwtService.issueToken({ userId: user.id });
+    const token = this.jwtService.issueToken({ userId: user.id, roles: userRoles.map((r) => r.key) });
     return { token };
   }
 }
diff --git a/server/controllers/sessions.controller.ts b/server/controllers/sessions.controller.ts
index 9ae647b..e1d1155 100644
--- a/server/controllers/sessions.controller.ts
+++ b/server/controllers/sessions.controller.ts
@@ -5,6 +5,9 @@ import { SignInDto } from 'server/dto/sign_in.dto';
 import { JwtService } from 'server/providers/services/jwt.service';
 import { RefreshTokensService } from 'server/providers/services/refresh_tokens.service';
 import { RefreshToken } from 'server/entities/refresh_token.entity';
+import { Skip } from 'server/decorators/skip.decorator';
+import { AuthGuard } from 'server/providers/guards/auth.guard';
+import { RolesService } from 'server/providers/services/roles.service';
 
 // this is kind of a misnomer because we are doing token based auth
 // instead of session based auth
@@ -13,10 +16,12 @@ export class SessionsController {
   constructor(
     private usersService: UsersService,
     private jwtService: JwtService,
+    private rolesService: RolesService,
     private refreshTokenService: RefreshTokensService,
   ) {}
 
   @Post('/sessions')
+  @Skip(AuthGuard)
   async create(@Body() body: SignInDto, @Res({ passthrough: true }) res: Response) {
     const { verified, user } = await this.usersService.verify(body.email, body.password);
 
@@ -32,8 +37,10 @@ export class SessionsController {
       // generate new refresh token
     }
 
+    const userRoles = await this.rolesService.findByIds(user.userRoles.map((ur) => ur.roleId));
+
     // JWT gets sent with response
-    const token = this.jwtService.issueToken({ userId: user.id });
+    const token = this.jwtService.issueToken({ userId: user.id, roles: userRoles.map((r) => r.key) });
 
     const refreshJwtToken = this.jwtService.issueRefreshToken({ id: refreshToken.id, userId: user.id });
 
diff --git a/server/controllers/users.controller.ts b/server/controllers/users.controller.ts
index f9aba90..fda71b3 100644
--- a/server/controllers/users.controller.ts
+++ b/server/controllers/users.controller.ts
@@ -2,36 +2,53 @@ import { Body, Controller, Get, HttpException, HttpStatus, Post, Res, UseGuards
 import * as bcrypt from 'bcrypt';
 import { Response } from 'express';
 import { JwtBody } from 'server/decorators/jwt_body.decorator';
+import { Roles } from 'server/decorators/roles.decorator';
+import { Skip } from 'server/decorators/skip.decorator';
 import { CreateUserDto } from 'server/dto/create_user.dto';
 import { JwtBodyDto } from 'server/dto/jwt_body.dto';
 import { RefreshToken } from 'server/entities/refresh_token.entity';
+import { RoleKey } from 'server/entities/role.entity';
 import { User } from 'server/entities/user.entity';
+import { UserRole } from 'server/entities/user_role.entity';
 import { AuthGuard } from 'server/providers/guards/auth.guard';
 import { JwtService } from 'server/providers/services/jwt.service';
 import { RefreshTokensService } from 'server/providers/services/refresh_tokens.service';
+import { RolesService } from 'server/providers/services/roles.service';
 import { UsersService } from 'server/providers/services/users.service';
 
 @Controller()
 export class UsersController {
   constructor(
     private usersService: UsersService,
+    private rolesService: RolesService,
     private jwtService: JwtService,
     private refreshTokenService: RefreshTokensService,
   ) {}
 
+  @Get('/users')
+  @Roles(RoleKey.ADMIN)
+  async index() {
+    const users = await this.usersService.findAll();
+    return { users };
+  }
+
   @Get('/users/me')
-  @UseGuards(AuthGuard)
   async getCurrentUser(@JwtBody() jwtBody: JwtBodyDto) {
     const user = await this.usersService.find(jwtBody.userId);
     return { user };
   }
 
   @Post('/users')
+  @Skip(AuthGuard)
   async create(@Body() userPayload: CreateUserDto, @Res({ passthrough: true }) res: Response) {
     const newUser = new User();
     newUser.email = userPayload.email;
     newUser.name = userPayload.name;
     newUser.passwordHash = await bcrypt.hash(userPayload.password, 10);
+    const [role] = await this.rolesService.findByKey(RoleKey.USER);
+    const userRole = new UserRole();
+    userRole.role = role;
+    newUser.userRoles = [userRole];
 
     try {
       const user = await this.usersService.create(newUser);
@@ -39,9 +56,11 @@ export class UsersController {
       const newRefreshToken = new RefreshToken();
       newRefreshToken.user = user;
       const refreshToken = await this.refreshTokenService.create(newRefreshToken);
-
       // issue jwt and refreshJwtToken
-      const token = this.jwtService.issueToken({ userId: user.id });
+      // note the roles hard coded to just USER.
+      // If you want to allow users to sign up as different roles then
+      // you will need to update this here.
+      const token = this.jwtService.issueToken({ userId: user.id, roles: [RoleKey.USER] });
       const refreshJwtToken = this.jwtService.issueRefreshToken({ id: refreshToken.id, userId: user.id });
 
       // only refresh token should go in the cookie
author	Joseph Ditton <jditton.atomic@gmail.com>	2021-12-01 20:18:26 -0700
committer	Joseph Ditton <jditton.atomic@gmail.com>	2021-12-01 20:18:26 -0700
commit	84b45cd6b11347e66437cd92dc20372d0abd6eb9 (patch)
tree	6e42b5861278485c67159dc57c225983e3fd69f8 /server/controllers
parent	d803aaaf1be441f55fe674c3b0c6793e77a9203f (diff)
download	locchat-84b45cd6b11347e66437cd92dc20372d0abd6eb9.tar.gz locchat-84b45cd6b11347e66437cd92dc20372d0abd6eb9.zip