This repository has been archived by the owner on May 11, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(social): add validating google auth payload
- Loading branch information
1 parent
c620e6a
commit cb5136e
Showing
13 changed files
with
287 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
import { Injectable } from '@nestjs/common'; | ||
|
||
import { GoogleProfile } from '&shared/models/user/external/GoogleProfile'; | ||
|
||
import { UserRepository } from '../domain/UserRepository'; | ||
import { InvalidSocialRequestException } from './exception/InvalidSocialRequestException'; | ||
import { GoogleValidator } from './social/GoogleValidator'; | ||
|
||
@Injectable() | ||
export class SocialBinder { | ||
constructor( | ||
private readonly googleValidator: GoogleValidator, | ||
private readonly userRepo: UserRepository, | ||
) {} | ||
|
||
async bindGoogle(login: string, profile: GoogleProfile) { | ||
const [valid, user] = await Promise.all([ | ||
this.googleValidator.isValid(profile), | ||
this.userRepo.getOne(login), | ||
]); | ||
|
||
if (!valid) { | ||
throw new InvalidSocialRequestException(login, 'Google', profile); | ||
} | ||
|
||
// TODO: bind | ||
} | ||
} |
9 changes: 9 additions & 0 deletions
9
back/src/user/application/exception/InvalidSocialRequestException.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
export class InvalidSocialRequestException extends Error { | ||
public constructor( | ||
public readonly login: string, | ||
public readonly social: string, | ||
public readonly payload: any, | ||
) { | ||
super(`Invalid credentials for ${login} from ${social}`); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
import { Injectable } from '@nestjs/common'; | ||
import { OAuth2Client } from 'google-auth-library'; | ||
import * as deepEqual from 'fast-deep-equal'; | ||
|
||
import { Configuration } from '&back/config/Configuration'; | ||
import { GoogleProfile } from '&shared/models/user/external/GoogleProfile'; | ||
|
||
@Injectable() | ||
export class GoogleValidator { | ||
private readonly client: OAuth2Client; | ||
private readonly googleClientId: string; | ||
|
||
constructor(config: Configuration) { | ||
this.googleClientId = config.getStringOrThrow('GOOGLE_CLIENT_ID'); | ||
|
||
const googleClientSecret = config.getStringOrThrow('GOOGLE_CLIENT_SECRET'); | ||
|
||
this.client = new OAuth2Client(this.googleClientId, googleClientSecret); | ||
} | ||
|
||
async isValid(profile: GoogleProfile): Promise<boolean> { | ||
const { token } = profile; | ||
|
||
try { | ||
const ticket = await this.client.verifyIdToken({ | ||
idToken: profile.token, | ||
audience: this.googleClientId, | ||
}); | ||
|
||
const payload = ticket.getPayload(); | ||
|
||
const payloadProfile: GoogleProfile = { | ||
token, | ||
name: payload.name, | ||
id: payload.sub, | ||
photo: payload.picture, | ||
email: payload.email, | ||
}; | ||
|
||
return deepEqual(profile, payloadProfile); | ||
} catch (error) { | ||
return false; | ||
} | ||
} | ||
} |
33 changes: 33 additions & 0 deletions
33
back/src/user/presentation/http/controller/SocialController.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
import { Body, Controller } from '@nestjs/common'; | ||
import { | ||
ApiBadRequestResponse, | ||
ApiOkResponse, | ||
ApiOperation, | ||
ApiUseTags, | ||
} from '@nestjs/swagger'; | ||
|
||
import { SocialBinder } from '&back/user/application/SocialBinder'; | ||
import { PostNoCreate } from '&back/utils/presentation/http/PostNoCreate'; | ||
import { TokenPayloadModel } from '&shared/models/user/TokenPayloadModel'; | ||
|
||
import { CurrentUser } from '../decorator/CurrentUser'; | ||
import { GoogleBindRequest } from '../request/GoogleBindRequest'; | ||
import { OnlyForUsers } from '../security/OnlyForUsers'; | ||
|
||
@Controller('user/bind') | ||
@ApiUseTags('user') | ||
@OnlyForUsers() | ||
export class SocialController { | ||
public constructor(private readonly binder: SocialBinder) {} | ||
|
||
@PostNoCreate('google') | ||
@ApiOperation({ title: 'Bind Google profile to exist user account' }) | ||
@ApiOkResponse({ description: 'Valid request', type: GoogleBindRequest }) | ||
@ApiBadRequestResponse({ description: 'Invalid request' }) | ||
public async signIn( | ||
@Body() request: GoogleBindRequest, | ||
@CurrentUser() { login }: TokenPayloadModel, | ||
): Promise<void> { | ||
await this.binder.bindGoogle(login, request); | ||
} | ||
} |
24 changes: 24 additions & 0 deletions
24
back/src/user/presentation/http/request/GoogleBindRequest.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
import { ApiModelProperty } from '@nestjs/swagger'; | ||
|
||
import { GoogleProfile } from '&shared/models/user/external/GoogleProfile'; | ||
|
||
export class GoogleBindRequest implements GoogleProfile { | ||
@ApiModelProperty({ example: '118386561850719338466' }) | ||
public readonly id: string; | ||
|
||
@ApiModelProperty({ example: 'Игорь Камышев' }) | ||
public readonly name: string; | ||
|
||
@ApiModelProperty({ | ||
example: | ||
'https://lh5.googleusercontent.com/-jM0jW1cJaCc/AAAAAAAAAAI/AAAAAAACM-E/l7C1Y9QNEMw/s96-c/photo.jpg', | ||
required: false, | ||
}) | ||
public readonly photo?: string; | ||
|
||
@ApiModelProperty({ example: 'garik.novel@gmail.com', required: false }) | ||
public readonly email?: string; | ||
|
||
@ApiModelProperty({ example: 'hkdsfkllkds' }) | ||
public readonly token: string; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
import { fetchOrFail } from '&front/domain/store'; | ||
import { GoogleProfile } from '&shared/models/user/external/GoogleProfile'; | ||
|
||
export const bindGoogle = (profile: GoogleProfile) => | ||
fetchOrFail(undefined, async (_, getApi) => { | ||
// TODO: react on response | ||
await getApi().client.post('/user/bind/google', profile); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
export interface GoogleProfile { | ||
readonly id: string; | ||
readonly name: string; | ||
readonly token: string; | ||
readonly photo?: string; | ||
readonly email?: string; | ||
} |
Oops, something went wrong.