Auth Token Übersendung eingebaut

bizmatch-server/package.json

@@ -39,6 +39,7 @@
     "drizzle-orm": "^0.30.8",
     "fs-extra": "^11.2.0",
     "handlebars": "^4.7.8",
+    "jwks-rsa": "^3.1.0",
     "ky": "^1.2.0",
     "nest-winston": "^1.9.4",
     "nodemailer": "^6.9.10",

bizmatch-server/src/app.controller.ts

@@ -1,12 +1,19 @@
-import { Controller, Get } from '@nestjs/common';
+import { Controller, Get, Request, UseGuards } from '@nestjs/common';
 import { AppService } from './app.service.js';
+import { AuthService } from './auth/auth.service.js';
+import { JwtAuthGuard } from './jwt-auth/jwt-auth.guard.js';
 
 @Controller()
 export class AppController {
-  constructor(private readonly appService: AppService) {}
+  constructor(
+    private readonly appService: AppService,
+    private authService: AuthService,
+  ) {}
 
+  @UseGuards(JwtAuthGuard)
   @Get()
-  getHello(): string {
-    return this.appService.getHello();
+  getHello(@Request() req): string {
+    return req.user;
+    //return 'dfgdf';
   }
 }

bizmatch-server/src/app.module.ts

@@ -15,6 +15,7 @@ import { MailModule } from './mail/mail.module.js';
 import { RequestDurationMiddleware } from './request-duration/request-duration.middleware.js';
 import { SelectOptionsModule } from './select-options/select-options.module.js';
 
+import { PassportModule } from '@nestjs/passport';
 import { UserModule } from './user/user.module.js';
 
 const __filename = fileURLToPath(import.meta.url);
@@ -41,11 +42,19 @@ const __dirname = path.dirname(__filename);
       ],
       // other options
     }),
+    // KeycloakConnectModule.register({
+    //   authServerUrl: 'http://auth.bizmatch.net',
+    //   realm: 'dev',
+    //   clientId: 'dev',
+    //   secret: 'Yu3lETbYUphDiJxgnhhpelcJ63p2FCDM',
+    //   // Secret key of the client taken from keycloak server
+    // }),
     GeoModule,
     UserModule,
     ListingsModule,
     SelectOptionsModule,
     ImageModule,
+    PassportModule,
   ],
   controllers: [AppController],
   providers: [AppService, FileService],

bizmatch-server/src/auth/auth.module.ts

@@ -1,17 +1,16 @@
 import { Module } from '@nestjs/common';
-import { MailerModule } from '@nestjs-modules/mailer';
-import path, { join } from 'path';
-import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter.js';
+import { PassportModule } from '@nestjs/passport';
+import path from 'path';
 import { fileURLToPath } from 'url';
-import { AuthService } from './auth.service.js';
+import { JwtStrategy } from '../jwt.strategy.js';
 import { AuthController } from './auth.controller.js';
+import { AuthService } from './auth.service.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 @Module({
-  imports: [
-  ],
-  providers: [AuthService],
+  imports: [PassportModule],
+  providers: [AuthService, JwtStrategy],
   controllers: [AuthController],
-  exports:[AuthService]
+  exports: [AuthService],
 })
-export class AuthModule {}
+export class AuthModule {}

bizmatch-server/src/drizzle/import.ts

@@ -109,6 +109,7 @@ for (const commercial of commercialJsonData) {
   commercial.created = insertionDate;
   commercial.updated = insertionDate;
   commercial.userId = user.insertedId;
+  commercial.draft = false;
   const result = await db.insert(schema.commercials).values(commercial).returning();
   //fs.ensureDirSync(`./pictures/property/${result[0].imagePath}/${result[0].serialId}`);
   try {

bizmatch-server/src/jwt-auth/jwt-auth.guard.ts

@@ -0,0 +1,18 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') implements CanActivate {
+  canActivate(context: ExecutionContext) {
+    // Add your custom authentication logic here
+    // for example, call super.logIn(request) to establish a session.
+    return super.canActivate(context);
+  }
+  handleRequest(err, user, info) {
+    // You can throw an exception based on either "info" or "err" arguments
+    if (err || !user) {
+      throw err || new UnauthorizedException(info);
+    }
+    return user;
+  }
+}

bizmatch-server/src/jwt-auth/optional-jwt-auth.guard.ts

@@ -0,0 +1,13 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class OptionalJwtAuthGuard extends AuthGuard('jwt') {
+  handleRequest(err, user, info) {
+    // Wenn der Benutzer nicht authentifiziert ist, aber kein Fehler vorliegt, geben Sie null zurück
+    if (err || !user) {
+      return null;
+    }
+    return user;
+  }
+}

bizmatch-server/src/jwt.strategy.ts

@@ -0,0 +1,36 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { passportJwtSecret } from 'jwks-rsa';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKeyProvider: passportJwtSecret({
+        cache: true,
+        rateLimit: true,
+        jwksRequestsPerMinute: 5,
+        jwksUri: 'https://auth.bizmatch.net/realms/dev/protocol/openid-connect/certs',
+      }),
+      audience: 'account', // Keycloak Client ID
+      issuer: 'https://auth.bizmatch.net/realms/dev',
+      algorithms: ['RS256'],
+    });
+  }
+
+  async validate(payload: any) {
+    console.log('JWT Payload:', payload); // Debugging: JWT Payload anzeigen
+    if (!payload) {
+      console.error('Invalid payload');
+      throw new UnauthorizedException();
+    }
+    if (!payload.sub || !payload.preferred_username) {
+      console.error('Missing required claims');
+      throw new UnauthorizedException();
+    }
+    return { userId: payload.sub, username: payload.preferred_username, roles: payload.realm_access?.roles };
+  }
+}

bizmatch-server/src/listings/business-listings.controller.ts

@@ -1,7 +1,8 @@
-import { Body, Controller, Delete, Get, Inject, Param, Post, Put } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Inject, Param, Post, Put, Request, UseGuards } from '@nestjs/common';
 import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
 import { Logger } from 'winston';
 import { businesses } from '../drizzle/schema.js';
+import { OptionalJwtAuthGuard } from '../jwt-auth/optional-jwt-auth.guard.js';
 import { ListingCriteria } from '../models/main.model.js';
 import { ListingsService } from './listings.service.js';
 
@@ -16,9 +17,11 @@ export class BusinessListingsController {
   findById(@Param('id') id: string): any {
     return this.listingsService.findById(id, businesses);
   }
+
+  @UseGuards(OptionalJwtAuthGuard)
   @Get('user/:userid')
-  findByUserId(@Param('userid') userid: string): any {
-    return this.listingsService.findByUserId(userid, businesses);
+  findByUserId(@Request() req, @Param('userid') userid: string): any {
+    return this.listingsService.findByUserId(userid, businesses, req.user?.username);
   }
 
   @Post('search')

bizmatch-server/src/listings/commercial-property-listings.controller.ts

@@ -1,8 +1,9 @@
-import { Body, Controller, Delete, Get, Inject, Param, Post, Put } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Inject, Param, Post, Put, Request, UseGuards } from '@nestjs/common';
 import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
 import { Logger } from 'winston';
 import { commercials } from '../drizzle/schema.js';
 import { FileService } from '../file/file.service.js';
+import { OptionalJwtAuthGuard } from '../jwt-auth/optional-jwt-auth.guard.js';
 import { ListingCriteria } from '../models/main.model.js';
 import { ListingsService } from './listings.service.js';
 
@@ -18,9 +19,12 @@ export class CommercialPropertyListingsController {
   findById(@Param('id') id: string): any {
     return this.listingsService.findById(id, commercials);
   }
+
+  @UseGuards(OptionalJwtAuthGuard)
   @Get('user/:userid')
-  findByUserId(@Param('userid') userid: string): any {
-    return this.listingsService.findByUserId(userid, commercials);
+  findByUserId(@Request() req, @Param('userid') userid: string): any {
+    console.log(req.user?.username);
+    return this.listingsService.findByUserId(userid, commercials, req.user?.username);
   }
   @Post('search')
   async find(@Body() criteria: ListingCriteria): Promise<any> {

bizmatch-server/src/listings/listings.module.ts

@@ -1,4 +1,5 @@
 import { Module } from '@nestjs/common';
+import { AuthModule } from '../auth/auth.module.js';
 import { DrizzleModule } from '../drizzle/drizzle.module.js';
 import { FileService } from '../file/file.service.js';
 import { UserService } from '../user/user.service.js';
@@ -9,7 +10,7 @@ import { ListingsService } from './listings.service.js';
 import { UnknownListingsController } from './unknown-listings.controller.js';
 
 @Module({
-  imports: [DrizzleModule],
+  imports: [DrizzleModule, AuthModule],
   controllers: [BusinessListingsController, CommercialPropertyListingsController, UnknownListingsController, BrokerListingsController],
   providers: [ListingsService, FileService, UserService],
   exports: [ListingsService],

bizmatch-server/src/listings/listings.service.ts

@@ -68,17 +68,17 @@ export class ListingsService {
     const result = await this.conn
       .select()
       .from(table)
-      .where(sql`${table.id} = ${id}`);
+      .where(and(sql`${table.id} = ${id}`, ne(table.draft, true)));
     return result[0] as BusinessListing | CommercialPropertyListing;
   }
   async findByImagePath(imagePath: string, serial: string): Promise<CommercialPropertyListing> {
     const result = await this.conn
       .select()
       .from(commercials)
-      .where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`));
+      .where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`, ne(commercials.draft, true)));
     return result[0] as CommercialPropertyListing;
   }
-  async findByUserId(userId: string, table: typeof businesses | typeof commercials): Promise<BusinessListing[] | CommercialPropertyListing[]> {
+  async findByUserId(userId: string, table: typeof businesses | typeof commercials, email: string): Promise<BusinessListing[] | CommercialPropertyListing[]> {
     return (await this.conn.select().from(table).where(eq(table.userId, userId))) as BusinessListing[] | CommercialPropertyListing[];
   }
 

bizmatch-server/src/main.ts

@@ -1,17 +1,19 @@
 import { NestFactory } from '@nestjs/core';
-import { AppModule } from './app.module.js';
-import * as express from 'express';
-import path, { join } from 'path';
+import express from 'express';
+import path from 'path';
 import { fileURLToPath } from 'url';
+import { AppModule } from './app.module.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 async function bootstrap() {
+  const server = express();
   const app = await NestFactory.create(AppModule);
   app.setGlobalPrefix('bizmatch');
   app.enableCors({
     origin: '*',
+    //origin: 'http://localhost:4200', // Die URL Ihrer Angular-App
     methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
-    allowedHeaders: 'Content-Type, Accept',
+    allowedHeaders: 'Content-Type, Accept, Authorization',
   });
   //origin: 'http://localhost:4200',
   await app.listen(3000);