feat: add JWT

2024-10-26 16:36:24 +02:00 · 2024-10-26 16:36:24 +02:00 · 945109a6f0
commit 945109a6f0
parent 68773db8d6
4 changed files with 28 additions and 11 deletions
--- a/back-end/.env.example
+++ b/back-end/.env.example
@ -2,7 +2,8 @@
 # .env.production for production
 NODE_PORT=3000
 NODE_ENV=dev
-
+NODE_JWT_ISSUER="free-briques"
+NODE_JWT_SECRET="ec2fbbfed81a2fef0115ed3de701071db6a6234550624f604f14ddf422bb9761"
 # those values must be the same as in ../docker-compose.dev.yml 
 DB_HOST=localhost
 DB_NAME=briques_db
--- a/back-end/.env.production
+++ b/back-end/.env.production
@ -1,5 +1,7 @@
 NODE_PORT=3000
 NODE_ENV=production
+NODE_JWT_ISSUER="free-briques"
+NODE_JWT_SECRET="ec2fbbfed81a2fef0115ed3de701071db6a6234550624f604f14ddf422bb9761"
 DB_HOST=briques_postgres
 DB_NAME=briques_db
 DB_USER=briques_llm
--- a/back-end/src/config/auth.config.ts
+++ b/back-end/src/config/auth.config.ts
@ -1,8 +1,8 @@
 import { createSecretKey } from 'crypto';

-const JWT_ISSUER = process.env.NODE_JWT_ISSUER as string;
+const JWT_ISSUER = (process.env.NODE_JWT_ISSUER ?? 'free-briques') as string;
 const JWT_AUDIENCE = '*';
-const JWT_SECRET = process.env.NODE_JWT_SECRET as string;
+const JWT_SECRET = (process.env.NODE_JWT_SECRET) as string;
 const JWT_EXPIRATION = '1 week';
 const JWT_SECRET_KEY = createSecretKey(JWT_SECRET as string, 'utf-8');

--- a/back-end/src/controllers/auth.controller.ts
+++ b/back-end/src/controllers/auth.controller.ts
@ -1,5 +1,7 @@
 import { Request, Response, Router } from 'express';
 import bcrypt from 'bcrypt';
+import { SignJWT } from 'jose';
+import { JWT_ISSUER, JWT_AUDIENCE, JWT_SECRET, JWT_EXPIRATION, JWT_SECRET_KEY } from '../config/auth.config';
 import { Member, User } from '../types/member';
 import { new_client } from '../db/db_client';
 import { Either, eitherLeft, eitherRight } from '../utils/utils';
@ -47,7 +49,6 @@ function userAdapter(member: Member): User {
    return { id_member: member.id_member, name: member.name };
 }

-
 const register = (req: Request, res: Response) => {
    if (!req || !req.body || !req.body.name || !req.body.password) {
        res.status(400).send();
@ -66,10 +67,17 @@ const register = (req: Request, res: Response) => {
            }

            const member: Either<Member, string> = await createMember(name, hash);
-            if (member.hasRight)
-                res.send(member.right);
-            else
-                res.send(userAdapter(member.left));
+            if (member.hasRight) {
+                res.status(401).send(member.right);
+                return;
+            }
+            const token = await new SignJWT({ name })
+                .setProtectedHeader({ alg: 'HS256' })
+                .setAudience(JWT_AUDIENCE)
+                .setIssuer(JWT_ISSUER)
+                .setExpirationTime(JWT_EXPIRATION)
+                .sign(JWT_SECRET_KEY);
+            res.status(200).send({ member: userAdapter(member.left), token: token});
        });
    });
 };
@ -85,7 +93,7 @@ const login = async (req: Request, res: Response) => {
        res.send(member.right).send();
        return;
    }
-    bcrypt.compare(req.body.password, member.left.password, (err, r) => {
+    bcrypt.compare(req.body.password, member.left.password, async (err, r) => {
        if (err) {
            res.status(500).send();
            return;
@ -94,7 +102,13 @@ const login = async (req: Request, res: Response) => {
            res.status(401).send();
            return;
        }
-        res.status(200).send();
+        const token = await new SignJWT({ name })
+            .setProtectedHeader({ alg: 'HS256' })
+            .setAudience(JWT_AUDIENCE)
+            .setIssuer(JWT_ISSUER)
+            .setExpirationTime(JWT_EXPIRATION)
+            .sign(JWT_SECRET_KEY);
+        res.status(200).send({ member: userAdapter(member.left), token: token});
    });
 };