Implement Guard for all authentication method

server/.vscode/launch.json

@@ -0,0 +1,23 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+      {
+        "type": "node",
+        "request": "launch",
+        "name": "Debug Nest Framework",
+        "args": ["${workspaceFolder}/src/main.ts"],
+        "runtimeArgs": [
+          "--nolazy",
+          "-r",
+          "ts-node/register",
+          "-r",
+          "tsconfig-paths/register"
+        ],
+        "sourceMaps": true,
+        "envFile": "${workspaceFolder}/.env",
+        "cwd": "${workspaceRoot}",
+        "console": "integratedTerminal",
+        "protocol": "inspector"
+      }
+    ]
+  }

server/src/iam/authentication/authentication.module.ts

@@ -9,16 +9,24 @@ import { AuthenticationService } from './services/authentication.service';
 import { AuthenticationController } from './controllers/authentication.controller';
 import jwtConfig from '../config/jwt.config/jwt.config';
 import { AccessTokenStrategy } from './strategies/access-token/access-token.strategy';
+import { AccessTokenGuard } from './guards/access-token/access-token.guard';
+import { AuthenticationGuard } from './guards/authentication/authentication.guard';
+import { APP_GUARD } from '@nestjs/core';
 
 @Module({
   providers: [
     {
       provide: HashingService,
       useClass: BcryptService,
     },
+    {
+      provide: APP_GUARD,
+      useClass: AuthenticationGuard,
+    },
     AuthenticationService,
     PrismaService,
     AccessTokenStrategy,
+    AccessTokenGuard,
   ],
   imports: [
     PassportModule,

server/src/iam/authentication/controllers/authentication.controller.ts

@@ -3,7 +3,10 @@ import { AuthenticationService } from '../services/authentication.service';
 import { SignUpDto } from '../dto/sign-up.dto/sign-up.dto';
 import { SignInDto } from '../dto/sign-in.dto/sign-in.dto';
 import { AccessTokenStrategy } from '../strategies/access-token/access-token.strategy';
+import { Auth } from '../decorators/auth/auth.decorator';
+import { AuthType } from '../enums/auth-type.enum';
 
+@Auth(AuthType.None)
 @Controller('authentication')
 export class AuthenticationController {
   constructor(

server/src/iam/authentication/decorators/active-user/active-user.decorator.ts

@@ -0,0 +1,11 @@
+import { ExecutionContext, createParamDecorator } from '@nestjs/common';
+import { ActiveUserData } from '../../interfaces/active-user-data.interface';
+import { REQUEST_USER_KEY } from 'src/iam/constants/iam.contant';
+
+export const ActiveUser = createParamDecorator(
+  (field: keyof ActiveUserData | undefined, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest();
+    const user: ActiveUserData | undefined = request[REQUEST_USER_KEY];
+    return field ? user && user?.[field] : user;
+  },
+);

server/src/iam/authentication/decorators/auth/auth.decorator.ts

@@ -0,0 +1,7 @@
+import { SetMetadata } from '@nestjs/common';
+import { AuthType } from '../../enums/auth-type.enum';
+
+export const AUTH_TYPE_KEY = 'authType';
+
+export const Auth = (...authTypes: AuthType[]) =>
+  SetMetadata(AUTH_TYPE_KEY, authTypes);

server/src/iam/authentication/enums/auth-type.enum.ts

@@ -0,0 +1,4 @@
+export enum AuthType {
+  Bearer,
+  None,
+}

server/src/iam/authentication/guards/access-token/access-token.guard.spec.ts

@@ -0,0 +1,7 @@
+import { AccessTokenGuard } from './access-token.guard';
+
+describe('AccessTokenGuard', () => {
+  it('should be defined', () => {
+    expect(new AccessTokenGuard()).toBeDefined();
+  });
+});

server/src/iam/authentication/guards/access-token/access-token.guard.ts

@@ -0,0 +1,29 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import { Observable } from 'rxjs';
+import { ActiveUserData } from '../../interfaces/active-user-data.interface';
+
+@Injectable()
+export class AccessTokenGuard extends AuthGuard('jwt') implements CanActivate {
+  constructor() {
+    super();
+  }
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    return super.canActivate(context);
+  }
+
+  handleRequest(err: any, user: any, info: any) {
+    // You can throw an exception based on either "info" or "err" arguments
+    if (err || !user) {
+      throw err || new UnauthorizedException('No access token found');
+    }
+    return user;
+  }
+}

server/src/iam/authentication/guards/authentication/authentication.guard.spec.ts

@@ -0,0 +1,7 @@
+import { AuthenticationGuard } from './authentication.guard';
+
+describe('AuthenticationGuard', () => {
+  it('should be defined', () => {
+    expect(new AuthenticationGuard()).toBeDefined();
+  });
+});

server/src/iam/authentication/guards/authentication/authentication.guard.ts

@@ -0,0 +1,51 @@
+import { AccessTokenGuard } from './../access-token/access-token.guard';
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { AuthType } from '../../enums/auth-type.enum';
+import { Reflector } from '@nestjs/core';
+import { AUTH_TYPE_KEY } from '../../decorators/auth/auth.decorator';
+
+@Injectable()
+export class AuthenticationGuard implements CanActivate {
+  constructor(
+    private readonly reflector: Reflector,
+    private readonly accessTokenGuard: AccessTokenGuard,
+  ) {}
+  private static readonly defaultAuthType = AuthType.Bearer;
+
+  private readonly authTypeGuardMap: Record<
+    AuthType,
+    CanActivate | CanActivate[]
+  > = {
+    [AuthType.None]: { canActivate: () => true },
+    [AuthType.Bearer]: this.accessTokenGuard,
+  };
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const authTypes = this.reflector.getAllAndOverride<AuthType[]>(
+      AUTH_TYPE_KEY,
+      [context.getHandler(), context.getClass()],
+    ) ?? [AuthenticationGuard.defaultAuthType];
+
+    const guards = authTypes
+      .map((type: any) => this.authTypeGuardMap[type])
+      .flat();
+
+    const guardPromises = guards.map((guard: any) =>
+      guard.canActivate(context),
+    );
+
+    const results = await Promise.allSettled(guardPromises); //? return 'rejected' or 'fulfilled'
+
+    const rejected = results.find((result: any) => {
+      return result.status === 'rejected';
+    });
+
+    if (rejected) {
+      throw rejected['reason'];
+    }
+
+    return results.some(
+      (result: any) => result.status === 'fulfilled' && result.value,
+    );
+  }
+}

server/src/iam/authentication/interfaces/active-user.interface.ts → server/src/iam/authentication/interfaces/active-user-data.interface.ts

@@ -1,4 +1,4 @@
-export interface ActiveUser {
+export interface ActiveUserData {
   sub: number;
   email: string;
 }

server/src/iam/authentication/services/authentication.service.ts

@@ -14,7 +14,7 @@ import { randomUUID } from 'crypto';
 import jwtConfig from '../../config/jwt.config/jwt.config';
 import { ConfigType } from '@nestjs/config';
 import { JwtService } from '@nestjs/jwt';
-import { ActiveUser } from '../interfaces/active-user.interface';
+import { ActiveUserData } from '../interfaces/active-user-data.interface';
 
 @Injectable()
 export class AuthenticationService {
@@ -83,7 +83,7 @@ export class AuthenticationService {
 
     const [accessToken, refreshToken] = await Promise.all([
       //* accessToken
-      this.signToken<Partial<ActiveUser>>(
+      this.signToken<Partial<ActiveUserData>>(
         user.id,
         this.jwtConfiguration.accessTokenTtl,
         payload,

server/src/iam/constants/iam.contant.ts

@@ -0,0 +1 @@
+export const REQUEST_USER_KEY = 'user';