From 87a5f5385b8a4686b1046f9dcce1b05a80123448 Mon Sep 17 00:00:00 2001 From: Samuel Imolorhe Date: Sat, 11 Mar 2023 19:23:14 +0100 Subject: [PATCH] created separate events JWT access secret --- packages/altair-api/.env.example | 1 + packages/altair-api/src/app.controller.ts | 4 ++-- packages/altair-api/src/auth/auth.controller.ts | 4 ++-- packages/altair-api/src/auth/auth.module.ts | 4 ++-- packages/altair-api/src/auth/auth.service.ts | 5 +++-- .../{short-jwt-auth.guard.ts => events-jwt-auth.guard.ts} | 2 +- .../{jwt-short.strategy.ts => events-jwt.strategy.ts} | 7 +++++-- 7 files changed, 16 insertions(+), 11 deletions(-) rename packages/altair-api/src/auth/guards/{short-jwt-auth.guard.ts => events-jwt-auth.guard.ts} (61%) rename packages/altair-api/src/auth/strategies/{jwt-short.strategy.ts => events-jwt.strategy.ts} (83%) diff --git a/packages/altair-api/.env.example b/packages/altair-api/.env.example index b664615226..01496bbd27 100644 --- a/packages/altair-api/.env.example +++ b/packages/altair-api/.env.example @@ -1,4 +1,5 @@ JWT_ACCESS_SECRET= +EVENTS_JWT_ACCESS_SECRET= JWT_REFRESH_SECRET= GOOGLE_OAUTH_CLIENT_ID= GOOGLE_OAUTH_CLIENT_SECRET= diff --git a/packages/altair-api/src/app.controller.ts b/packages/altair-api/src/app.controller.ts index f4dd79a50e..e9115b2842 100644 --- a/packages/altair-api/src/app.controller.ts +++ b/packages/altair-api/src/app.controller.ts @@ -4,7 +4,7 @@ import { Request, Response } from 'express'; import { PrismaService } from 'nestjs-prisma'; import { map, Subject } from 'rxjs'; import { AppService } from './app.service'; -import { ShortJwtAuthGuard } from './auth/guards/short-jwt-auth.guard'; +import { EventsJwtAuthGuard } from './auth/guards/events-jwt-auth.guard'; import { EVENTS } from './common/events'; @Controller() @@ -20,7 +20,7 @@ export class AppController { return res.redirect('https://altairgraphql.dev'); } - @UseGuards(ShortJwtAuthGuard) + @UseGuards(EventsJwtAuthGuard) @Sse('events') handleUserEvents(@Req() req: Request) { const subject$ = new Subject(); diff --git a/packages/altair-api/src/auth/auth.controller.ts b/packages/altair-api/src/auth/auth.controller.ts index 0afbba14c8..01aa6102ee 100644 --- a/packages/altair-api/src/auth/auth.controller.ts +++ b/packages/altair-api/src/auth/auth.controller.ts @@ -50,7 +50,7 @@ export class AuthController { @Get('slt') @UseGuards(JwtAuthGuard) - getShortlivedToken(@Req() req: Request) { - return { slt: this.authService.getShortLivedToken(req.user.id) }; + getShortlivedEventsToken(@Req() req: Request) { + return { slt: this.authService.getShortLivedEventsToken(req.user.id) }; } } diff --git a/packages/altair-api/src/auth/auth.module.ts b/packages/altair-api/src/auth/auth.module.ts index ce3c3a7a90..b4e2c5adaf 100644 --- a/packages/altair-api/src/auth/auth.module.ts +++ b/packages/altair-api/src/auth/auth.module.ts @@ -8,7 +8,7 @@ import { PasswordService } from './password/password.service'; import { JwtStrategy } from './strategies/jwt.strategy'; import { AuthController } from './auth.controller'; import { GoogleStrategy } from './strategies/google.strategy'; -import { ShortJwtStrategy } from './strategies/jwt-short.strategy'; +import { EventsJwtStrategy } from './strategies/events-jwt.strategy'; import { StripeService } from 'src/stripe/stripe.service'; import { UserService } from './user/user.service'; import { UserController } from './user/user.controller'; @@ -32,7 +32,7 @@ import { UserController } from './user/user.controller'; providers: [ AuthService, JwtStrategy, - ShortJwtStrategy, + EventsJwtStrategy, GoogleStrategy, PasswordService, StripeService, diff --git a/packages/altair-api/src/auth/auth.service.ts b/packages/altair-api/src/auth/auth.service.ts index 2e6adc2956..fd3478da98 100644 --- a/packages/altair-api/src/auth/auth.service.ts +++ b/packages/altair-api/src/auth/auth.service.ts @@ -113,13 +113,14 @@ export class AuthService { } /** - * Generates a short-lived token for the purpose of event connection + * Generates a short-lived events token for the purpose of event connection */ - getShortLivedToken(userId: string): string { + getShortLivedEventsToken(userId: string): string { const securityConfig = this.configService.get('security'); return this.jwtService.sign( { userId }, { + secret: this.configService.get('EVENTS_JWT_ACCESS_SECRET'), expiresIn: securityConfig.shortExpiresIn, } ); diff --git a/packages/altair-api/src/auth/guards/short-jwt-auth.guard.ts b/packages/altair-api/src/auth/guards/events-jwt-auth.guard.ts similarity index 61% rename from packages/altair-api/src/auth/guards/short-jwt-auth.guard.ts rename to packages/altair-api/src/auth/guards/events-jwt-auth.guard.ts index 4cdd4b336c..f41515807e 100644 --- a/packages/altair-api/src/auth/guards/short-jwt-auth.guard.ts +++ b/packages/altair-api/src/auth/guards/events-jwt-auth.guard.ts @@ -2,4 +2,4 @@ import { Injectable } from '@nestjs/common'; import { AuthGuard } from '@nestjs/passport'; @Injectable() -export class ShortJwtAuthGuard extends AuthGuard('short-jwt') {} +export class EventsJwtAuthGuard extends AuthGuard('events-jwt') {} diff --git a/packages/altair-api/src/auth/strategies/jwt-short.strategy.ts b/packages/altair-api/src/auth/strategies/events-jwt.strategy.ts similarity index 83% rename from packages/altair-api/src/auth/strategies/jwt-short.strategy.ts rename to packages/altair-api/src/auth/strategies/events-jwt.strategy.ts index b89480a407..2705f54011 100644 --- a/packages/altair-api/src/auth/strategies/jwt-short.strategy.ts +++ b/packages/altair-api/src/auth/strategies/events-jwt.strategy.ts @@ -7,14 +7,17 @@ import { AuthService } from '../auth.service'; import { JwtDto } from '../models/jwt.dto'; @Injectable() -export class ShortJwtStrategy extends PassportStrategy(Strategy, 'short-jwt') { +export class EventsJwtStrategy extends PassportStrategy( + Strategy, + 'events-jwt' +) { constructor( private readonly authService: AuthService, readonly configService: ConfigService ) { super({ jwtFromRequest: ExtractJwt.fromUrlQueryParameter('slt'), - secretOrKey: configService.get('JWT_ACCESS_SECRET'), + secretOrKey: configService.get('EVENTS_JWT_ACCESS_SECRET'), }); }