4 files changed, 73 insertions, 9 deletions

diff --git a/server/providers/guards/auth.guard.ts b/server/providers/guards/auth.guard.ts
new file mode 100644
index 0000000..d7da81e
--- /dev/null
+++ b/server/providers/guards/auth.guard.ts
@@ -0,0 +1,20 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { JwtService } from '../services/jwt.service';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  constructor(private jwtService: JwtService) {}
+
+  canActivate(context: ExecutionContext) {
+    const req = context.switchToHttp().getRequest();
+    const authHeader = req.headers.authorization;
+    const jwt = authHeader.split(' ')[1];
+    try {
+      req.jwtBody = this.jwtService.parseToken(jwt);
+    } catch (e) {
+      return false;
+    }
+
+    return true;
+  }
+}
diff --git a/server/providers/services/jwt.service.ts b/server/providers/services/jwt.service.ts
new file mode 100644
index 0000000..ac7f359
--- /dev/null
+++ b/server/providers/services/jwt.service.ts
@@ -0,0 +1,27 @@
+import { HttpException, Injectable } from '@nestjs/common';
+import * as jwt from 'jsonwebtoken';
+import { JwtBodyDto } from 'server/dto/jwt_body.dto';
+import { RefreshTokenBody } from 'server/dto/refresh_token_body.dto';
+
+@Injectable()
+export class JwtService {
+  issueToken(body: JwtBodyDto | RefreshTokenBody, expiresIn = '15m', key = process.env.ENCRYPTION_KEY): string {
+    return jwt.sign(body, key, { expiresIn });
+  }
+
+  issueRefreshToken(body: RefreshTokenBody) {
+    return this.issueToken(body, '1y', process.env.REFRESH_ENCRYPTION_KEY);
+  }
+
+  parseToken(token: string, key = process.env.ENCRYPTION_KEY): JwtBodyDto | RefreshTokenBody {
+    try {
+      return jwt.verify(token, key);
+    } catch (e) {
+      throw new HttpException('Invalid jwt token', 401);
+    }
+  }
+
+  parseRefreshToken(token: string) {
+    return this.parseToken(token, process.env.REFRESH_ENCRYPTION_KEY);
+  }
+}
diff --git a/server/providers/services/refresh_tokens.service.ts b/server/providers/services/refresh_tokens.service.ts
new file mode 100644
index 0000000..e085129
--- /dev/null
+++ b/server/providers/services/refresh_tokens.service.ts
@@ -0,0 +1,20 @@
+import { Injectable } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { RefreshToken } from 'server/entities/refresh_token.entity';
+
+@Injectable()
+export class RefreshTokensService {
+  constructor(
+    @InjectRepository(RefreshToken)
+    private refreshTokenRespository: Repository<RefreshToken>,
+  ) {}
+
+  create(refreshToken: RefreshToken) {
+    return this.refreshTokenRespository.save(refreshToken);
+  }
+
+  destroy(refreshToken: RefreshToken) {
+    return this.refreshTokenRespository.remove(refreshToken);
+  }
+}
diff --git a/server/providers/services/users.service.ts b/server/providers/services/users.service.ts
index 21438a4..47a0360 100644
--- a/server/providers/services/users.service.ts
+++ b/server/providers/services/users.service.ts
@@ -11,12 +11,12 @@ export class UsersService {
     private usersRespository: Repository<User>,
   ) {}
 
-  findBy(options: Record<string, any>) {
-    return this.usersRespository.findOne(options);
+  findBy(options: Record<string, any>, relations: string[] = []) {
+    return this.usersRespository.findOne(options, { relations });
   }
 
-  find(id: number) {
-    return this.usersRespository.findOne(id);
+  find(id: number, relations: string[] = []) {
+    return this.usersRespository.findOne(id, { relations });
   }
 
   create(user: User) {
@@ -24,12 +24,9 @@ export class UsersService {
   }
 
   async verify(email: string, password: string) {
-    const user = await this.usersRespository.findOne({ email });
+    const user = await this.usersRespository.findOne({ email }, { relations: ['refreshTokens'] });
     if (!user) return { verified: false, user: null };
-    const verified: boolean = await bcrypt.compare(
-      password,
-      user.password_hash,
-    );
+    const verified: boolean = await bcrypt.compare(password, user.passwordHash);
     return { verified, user: verified ? user : null };
   }
 }