✨ Add tokens module, 2FA

staart · Oct 27, 2020 · e362889 · e362889
1 parent 6877265
commit e362889
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 3 deletions.
diff --git a/src/modules/auth/auth.module.ts b/src/modules/auth/auth.module.ts
@@ -5,6 +5,7 @@ import { PassportModule } from '@nestjs/passport';
 import { EmailModule } from '../email/email.module';
 import { PrismaModule } from '../prisma/prisma.module';
 import { PwnedModule } from '../pwned/pwned.module';
+import { TokensModule } from '../tokens/tokens.module';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
 import { JwtStrategy } from './jwt.strategy';
@@ -14,6 +15,7 @@ import { JwtStrategy } from './jwt.strategy';
     PassportModule.register({ defaultStrategy: 'jwt' }),
     PrismaModule,
     EmailModule,
+    TokensModule,
     ConfigModule,
     PwnedModule,
     JwtModule.register({

diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts
@@ -21,6 +21,8 @@ import { PrismaService } from '../prisma/prisma.service';
 import { PwnedService } from '../pwned/pwned.service';
 import { RegisterDto } from './auth.dto';
 import { AccessTokenClaims } from './auth.interface';
+import { TokensService } from '../tokens/tokens.service';
+import { TWO_FACTOR_TOKEN } from '../tokens/tokens.constants';
 
 @Injectable()
 export class AuthService {
@@ -30,6 +32,7 @@ export class AuthService {
     private configService: ConfigService,
     private jwtService: JwtService,
     private pwnedService: PwnedService,
+    private tokensService: TokensService,
   ) {
     authenticator.options.window = [
       this.configService.get<number>('security.totpWindowPast'),
@@ -64,7 +67,7 @@ export class AuthService {
   ) {
     const id = await this.validateUser(email, password);
     if (!id) throw new UnauthorizedException();
-    if (code) return this.loginWithTotp(ipAddress, userAgent, id, code);
+    if (code) return this.loginUserWithTotpCode(ipAddress, userAgent, id, code);
     return this.loginResponse(ipAddress, userAgent, id);
   }
 
@@ -190,9 +193,22 @@ export class AuthService {
     userAgent: string,
     token: string,
     code: string,
+  ) {
+    const { id } = this.tokensService.verify<{ id: number }>(
+      TWO_FACTOR_TOKEN,
+      token,
+    );
+    return this.loginUserWithTotpCode(ipAddress, userAgent, id, code);
+  }
+
+  private async loginUserWithTotpCode(
+    ipAddress: string,
+    userAgent: string,
+    id: number,
+    code: string,
   ) {
     const user = await this.prisma.users.findOne({
-      where: { id: userId },
+      where: { id },
       select: { twoFactorSecret: true, twoFactorEnabled: true },
     });
     if (!user) throw new NotFoundException();
@@ -202,7 +218,7 @@ export class AuthService {
       throw new UnauthorizedException(
         'Two-factor authentication code is invalid',
       );
-    return this.loginResponse(ipAddress, userAgent, userId);
+    return this.loginResponse(ipAddress, userAgent, id);
   }
 
   private async getAccessToken(userId: number): Promise<string> {

diff --git a/src/modules/tokens/tokens.constants.ts b/src/modules/tokens/tokens.constants.ts
@@ -0,0 +1 @@
+export const TWO_FACTOR_TOKEN = 'TWO_FACTOR_TOKEN';
diff --git a/src/modules/tokens/tokens.module.ts b/src/modules/tokens/tokens.module.ts
@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { TokensService } from './tokens.service';
+
+@Module({
+  imports: [ConfigModule],
+  providers: [TokensService],
+  exports: [TokensService],
+})
+export class TokensModule {}
diff --git a/src/modules/tokens/tokens.service.ts b/src/modules/tokens/tokens.service.ts
@@ -0,0 +1,45 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { v4 } from 'uuid';
+import {
+  sign,
+  decode,
+  verify,
+  SignOptions,
+  VerifyOptions,
+  DecodeOptions,
+} from 'jsonwebtoken';
+
+@Injectable()
+export class TokensService {
+  constructor(private configService: ConfigService) {}
+
+  signJwt(
+    subject: string,
+    payload: string | object | Buffer,
+    expiresIn?: string,
+    options?: SignOptions,
+  ) {
+    return sign(payload, this.configService.get<string>('security.jwtSecret'), {
+      ...options,
+      subject,
+      expiresIn,
+    });
+  }
+
+  verify<T>(subject: string, token: string, options?: VerifyOptions) {
+    return (verify(
+      token,
+      this.configService.get<string>('security.jwtSecret'),
+      { ...options, subject },
+    ) as any) as T;
+  }
+
+  decode<T>(token: string, options?: DecodeOptions) {
+    return decode(token, options) as T;
+  }
+
+  generateUuid() {
+    return v4();
+  }
+}