Move tokens from memory to DataStax DB

package.json

@@ -96,4 +96,4 @@
     "coverageDirectory": "../coverage",
     "testEnvironment": "node"
   }
-}
+}

src/app.controller.spec.ts

@@ -1,7 +1,9 @@
+import { AstraModule } from '@cahllagerfeld/nestjs-astra';
 import { ConfigModule } from '@nestjs/config';
 import { Test, TestingModule } from '@nestjs/testing';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
+import { AstraConfigService } from './astra/astra-config.service';
 import { AuthModule } from './auth/auth.module';
 
 describe('AppController', () => {
@@ -14,6 +16,9 @@ describe('AppController', () => {
         ConfigModule.forRoot({
           isGlobal: true,
         }),
+        AstraModule.forRootAsync({
+          useClass: AstraConfigService,
+        }),
       ],
       controllers: [AppController],
       providers: [AppService],

src/auth/auth.controller.spec.ts

@@ -1,5 +1,9 @@
+import { AstraModule } from '@cahllagerfeld/nestjs-astra';
+import { ConfigModule } from '@nestjs/config';
 import { JwtModule } from '@nestjs/jwt';
 import { Test, TestingModule } from '@nestjs/testing';
+import { AstraConfigService } from '../astra/astra-config.service';
+import { AstraService } from '../astra/astra.service';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
 
@@ -8,9 +12,17 @@ describe('AuthController', () => {
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
-      imports: [JwtModule.register({ secret: 'test-secret' })],
+      imports: [
+        ConfigModule.forRoot({
+          isGlobal: true,
+        }),
+        JwtModule.register({ secret: 'Test' }),
+        AstraModule.forRootAsync({
+          useClass: AstraConfigService,
+        }),
+      ],
       controllers: [AuthController],
-      providers: [AuthService],
+      providers: [AuthService, AstraService],
     }).compile();
 
     controller = module.get<AuthController>(AuthController);

src/auth/auth.controller.ts

@@ -4,36 +4,40 @@ import {
   Delete,
   Get,
   HttpCode,
+  HttpStatus,
+  Param,
   Post,
   Query,
+  Res,
   UseGuards,
 } from '@nestjs/common';
-import { ApiQuery, ApiSecurity, ApiTags } from '@nestjs/swagger';
+import { ApiParam, ApiQuery, ApiSecurity, ApiTags } from '@nestjs/swagger';
+import { Response } from 'express';
 import { AuthService } from './auth.service';
-import { AuthDTO } from './dto/auth.dto';
+import { AuthDTO, TokenValidationDTO } from './dto/auth.dto';
 import { TokenGuard } from './token.strategy';
 
 @ApiTags('Auth')
 @Controller('auth')
 export class AuthController {
   constructor(private readonly authService: AuthService) {}
 
-  @Get()
+  @Get('token/:keyspace')
   @UseGuards(TokenGuard)
   @ApiSecurity('token')
-  @ApiQuery({ name: 'keyspace', required: true })
-  getTokens(@Query('keyspace') keyspace: string) {
+  @ApiParam({ name: 'keyspace', required: true })
+  getTokens(@Param('keyspace') keyspace: string) {
     return this.authService.getClientIds(keyspace);
   }
 
-  @Post()
+  @Post('token')
   @UseGuards(TokenGuard)
   @ApiSecurity('token')
   register(@Body() body: AuthDTO) {
     return this.authService.register(body);
   }
 
-  @Delete()
+  @Delete('token')
   @UseGuards(TokenGuard)
   @ApiSecurity('token')
   @ApiQuery({
@@ -45,4 +49,16 @@ export class AuthController {
   deleteClient(@Query() query) {
     return this.authService.removeClient(query.token);
   }
+
+  @Post('validate')
+  @UseGuards(TokenGuard)
+  @ApiSecurity('token')
+  validateToken(@Body() body: TokenValidationDTO, @Res() response: Response) {
+    const valid = this.authService.validateToken(body.token);
+    if (!valid) {
+      response.status(HttpStatus.BAD_REQUEST).json({ valid });
+      return;
+    }
+    response.status(HttpStatus.OK).json({ valid });
+  }
 }

src/auth/auth.module.ts

@@ -6,6 +6,7 @@ import { AuthService } from './auth.service';
 import { JwtModule } from '@nestjs/jwt';
 import { JwtStrategy } from './jwt.strategy';
 import { ConfigModule, ConfigService } from '@nestjs/config';
+import { AstraService } from '../astra/astra.service';
 
 @Module({
   imports: [
@@ -17,7 +18,13 @@ import { ConfigModule, ConfigService } from '@nestjs/config';
       inject: [ConfigService],
     }),
   ],
-  providers: [TokenStrategy, ValidationService, AuthService, JwtStrategy],
+  providers: [
+    TokenStrategy,
+    ValidationService,
+    AuthService,
+    JwtStrategy,
+    AstraService,
+  ],
   exports: [ValidationService],
   controllers: [AuthController],
 })

src/auth/auth.service.spec.ts

@@ -1,14 +1,26 @@
+import { AstraModule } from '@cahllagerfeld/nestjs-astra';
+import { ConfigModule } from '@nestjs/config';
 import { JwtModule } from '@nestjs/jwt';
 import { Test, TestingModule } from '@nestjs/testing';
+import { AstraConfigService } from '../astra/astra-config.service';
+import { AstraService } from '../astra/astra.service';
 import { AuthService } from './auth.service';
 
 describe('AuthService', () => {
   let service: AuthService;
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
-      imports: [JwtModule.register({ secret: 'test-secret' })],
-      providers: [AuthService],
+      imports: [
+        ConfigModule.forRoot({
+          isGlobal: true,
+        }),
+        JwtModule.register({ secret: 'Test' }),
+        AstraModule.forRootAsync({
+          useClass: AstraConfigService,
+        }),
+      ],
+      providers: [AuthService, AstraService],
     }).compile();
 
     service = module.get<AuthService>(AuthService);

src/auth/auth.service.ts

@@ -3,20 +3,17 @@ import { TokenPayload } from './interfaces/token-payload.interface';
 import { JwtService } from '@nestjs/jwt';
 import { v4 as uuidv4 } from 'uuid';
 import { AuthDTO } from './dto/auth.dto';
+import { AstraService } from '../astra/astra.service';
+import { Response } from 'express';
 
 @Injectable()
 export class AuthService {
-  //TODO move configCollection to database => own ConfigDataModule
-  private configCollection: { [id: string]: { knownClients: string[] } } = {};
-  constructor(private readonly jwtService: JwtService) {}
+  constructor(
+    private readonly jwtService: JwtService,
+    private readonly astraService: AstraService,
+  ) {}
 
-  public getClientIds(keyspace: string) {
-    if (!this.configCollection[keyspace]) return {};
-    return { tokens: this.configCollection[keyspace]?.knownClients };
-  }
-
-  public register(body: AuthDTO) {
-    const tokenType = 'bearer';
+  public async register(body: AuthDTO) {
     const clientId = uuidv4();
     const { serverId, scopes } = body;
 
@@ -25,47 +22,81 @@ export class AuthService {
       keyspace: serverId,
       scopes,
     };
-    if (!this.configCollection[serverId]) {
-      this.configCollection[serverId] = { knownClients: [] };
+    try {
+      await this.astraService
+        .create({ clientId }, serverId, 'tokens', clientId)
+        .toPromise();
+    } catch (error) {
+      throw new HttpException(
+        "Token coundn't be created in the database",
+        HttpStatus.INTERNAL_SERVER_ERROR,
+      );
     }
-    this.configCollection[serverId].knownClients = [
-      ...this.configCollection[serverId].knownClients,
-      clientId,
-    ];
+
     //TODO token-expiry
     const signedToken = this.jwtService.sign(payload, { expiresIn: '1y' });
     const decoded: any = this.jwtService.decode(signedToken);
     const expiresIn: number = decoded.exp - Math.round(Date.now() / 1000);
-    return { ...payload, accessToken: signedToken, expiresIn, tokenType };
+    return { ...payload, accessToken: signedToken, expiresIn };
   }
 
-  public validateClient(payload: TokenPayload): boolean {
+  public async validateClient(payload: TokenPayload): Promise<boolean> {
     const { keyspace, clientId } = payload;
-    if (
-      this.configCollection[keyspace] &&
-      this.configCollection[keyspace].knownClients.includes(clientId)
-    ) {
-      return true;
+    let token: string = null;
+    try {
+      token = await this.astraService
+        .get<string>(clientId, keyspace, 'tokens')
+        .toPromise();
+    } catch {
+      return false;
+    }
+    if (!token) {
+      return false;
     }
-    return false;
+    return true;
   }
 
-  public removeClient(token: string) {
+  public async removeClient(token: string) {
+    let deleteSuccess = false;
+    let clientId: string;
+    let keyspace: string;
+
     if (!token)
       throw new HttpException('Please provide token', HttpStatus.BAD_REQUEST);
+    try {
+      ({ clientId, keyspace } = this.jwtService.verify<TokenPayload>(token));
+    } catch (error) {
+      throw new HttpException(
+        "Token couldn't be verified",
+        HttpStatus.BAD_REQUEST,
+      );
+    }
+    try {
+      await this.astraService.delete(clientId, keyspace, 'tokens').toPromise();
+      deleteSuccess = true;
+    } catch (error) {
+      throw new Error("Token couldn't be deleted");
+    }
 
-    const decoded = this.jwtService.decode(token) as TokenPayload;
+    return deleteSuccess;
+  }
 
+  public async getClientIds(keyspace: string) {
+    let clients;
     try {
-      this.configCollection[
-        decoded.keyspace
-      ].knownClients = this.configCollection[
-        decoded.keyspace
-      ].knownClients.filter((client) => client !== decoded.clientId);
-      console.log(this.configCollection);
-      return;
-    } catch (e) {
-      throw new HttpException('Invalid client id', HttpStatus.BAD_REQUEST);
+      clients = await this.astraService.find(keyspace, 'tokens').toPromise();
+    } catch (error) {
+      return { clients: [] };
+    }
+    return { clients: Object.keys(clients) };
+  }
+
+  public validateToken(token: string) {
+    try {
+      this.jwtService.verify(token);
+      return true;
+    } catch (error) {
+      return false;
     }
   }
 }

src/auth/dto/auth.dto.ts

@@ -20,3 +20,10 @@ export class AuthDTO {
   @ApiProperty({ required: true })
   serverId: string;
 }
+
+export class TokenValidationDTO {
+  @IsNotEmpty()
+  @IsString()
+  @ApiProperty({ required: true })
+  token: string;
+}

src/auth/token.strategy.ts

@@ -13,6 +13,7 @@ export class TokenStrategy extends PassportStrategy(
     super({
       tokenHeader: 'Client-Token',
       tokenQuery: 'Client-Token',
+      tokenField: 'Client-Token',
       passReqToCallback: true,
     });
   }