Merge pull request #712 from Sanofi-IADC/feature/Add_global_auth_guards

feat(auth): Add global auth guards
Sanofi-IADC · Jun 22, 2022 · 3c6b607 · 3c6b607
2 parents 0836b3e + 67421f5
commit 3c6b607
Show file tree

Hide file tree

Showing 14 changed files with 103 additions and 5 deletions.
diff --git a/package.json b/package.json
@@ -116,6 +116,7 @@
     "eslint-plugin-standard": "4.1.0",
     "husky": "7.0.4",
     "jest": "27.5.1",
+    "jsonwebtoken": "^8.2.0",
     "mock-jwks": "1.0.3",
     "mongodb-memory-server": "8.5.2",
     "prettier": "2.6.2",

diff --git a/src/tag/tag.controller.ts b/src/tag/tag.controller.ts
@@ -1,11 +1,24 @@
 import {
-  Controller, Post, Body, Get, Put, Delete, Param, HttpCode, Patch, UsePipes, ValidationPipe,
+  Controller,
+  Post,
+  Body,
+  Get,
+  Put,
+  Delete,
+  Param,
+  HttpCode,
+  Patch,
+  UsePipes,
+  ValidationPipe,
+  UseGuards,
 } from '@nestjs/common';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { TagService } from './tag.service';
 import { TagInputType } from './tag.input';
 import { ITag } from '../interfaces/tag.interface';
 
 @Controller('Tag')
+@UseGuards(JwtAuthGuard)
 export class TagController {
   constructor(private readonly tagService: TagService) {}
 

diff --git a/src/tag/tag.resolver.ts b/src/tag/tag.resolver.ts
@@ -1,14 +1,17 @@
 import {
   Resolver, Query, Mutation, Args, Root, ResolveField,
 } from '@nestjs/graphql';
+import { UseGuards } from '@nestjs/common';
 import { Tag } from './tag.entity';
 import { TagService } from './tag.service';
 import { TagInputType } from './tag.input';
 import { TagGroupService } from '../tagGroup/tagGroup.service';
 import { ITagGroup } from '../interfaces/tagGroup.interface';
 import { ITag } from '../interfaces/tag.interface';
+import { GqlJwtAuthGuard } from '../auth/gql-jwt-auth.guard';
 
 @Resolver(() => Tag)
+@UseGuards(GqlJwtAuthGuard)
 export class TagResolver {
   constructor(private readonly tagService: TagService, private readonly tagGroupService: TagGroupService) {}
 

diff --git a/src/tagGroup/tagGroup.controller.ts b/src/tagGroup/tagGroup.controller.ts
@@ -1,11 +1,24 @@
 import {
-  Controller, Post, Body, Get, Put, Delete, Param, HttpCode, Patch, UsePipes, ValidationPipe,
+  Controller,
+  Post,
+  Body,
+  Get,
+  Put,
+  Delete,
+  Param,
+  HttpCode,
+  Patch,
+  UsePipes,
+  ValidationPipe,
+  UseGuards,
 } from '@nestjs/common';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { ITagGroup } from '../interfaces/tagGroup.interface';
 import { TagGroupService } from './tagGroup.service';
 import { TagGroupInputType } from './tagGroup.input';
 
 @Controller('TagGroup')
+@UseGuards(JwtAuthGuard)
 export class TagGroupController {
   constructor(private readonly tagGroupService: TagGroupService) {}
 

diff --git a/src/tagGroup/tagGroup.resolver.ts b/src/tagGroup/tagGroup.resolver.ts
@@ -1,15 +1,18 @@
 import {
   Resolver, Query, Mutation, Args, ResolveField, Root,
 } from '@nestjs/graphql';
+import { UseGuards } from '@nestjs/common';
 import { ITagGroup } from '../interfaces/tagGroup.interface';
 import { TagGroup } from './tagGroup.entity';
 import { TagGroupService } from './tagGroup.service';
 import { TagGroupInputType } from './tagGroup.input';
 import { Tag } from '../tag/tag.entity';
 import { TagService } from '../tag/tag.service';
 import { ITag } from '../interfaces/tag.interface';
+import { GqlJwtAuthGuard } from '../auth/gql-jwt-auth.guard';
 
 @Resolver(() => TagGroup)
+@UseGuards(GqlJwtAuthGuard)
 export class TagGroupResolver {
   constructor(private readonly tagGroupService: TagGroupService, private readonly tagService: TagService) {}
 

diff --git a/src/webhook/webhook.controller.ts b/src/webhook/webhook.controller.ts
@@ -1,11 +1,13 @@
 import {
-  Controller, Post, Get, Body, HttpCode, Delete, Param, UsePipes, ValidationPipe,
+  Controller, Post, Get, Body, HttpCode, Delete, Param, UsePipes, ValidationPipe, UseGuards,
 } from '@nestjs/common';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { WebhookService } from './webhook.service';
 import { WebhookInputType } from './webhook.input';
 import { IWebhook } from '../interfaces/webhook.interface';
 
 @Controller('webhook')
+@UseGuards(JwtAuthGuard)
 export class WebhookController {
   constructor(private readonly webhookService: WebhookService) {}
 

diff --git a/src/webhook/webhook.resolver.ts b/src/webhook/webhook.resolver.ts
@@ -1,12 +1,15 @@
 import {
   Resolver, Query, Mutation, Args,
 } from '@nestjs/graphql';
+import { UseGuards } from '@nestjs/common';
 import { WebhookService } from './webhook.service';
 import { Webhook } from './webhook.entity';
 import { WebhookInputType } from './webhook.input';
 import { IWebhook } from '../interfaces/webhook.interface';
+import { GqlJwtAuthGuard } from '../auth/gql-jwt-auth.guard';
 
 @Resolver(() => Webhook)
+@UseGuards(GqlJwtAuthGuard)
 export class WebhookResolver {
   constructor(private readonly webhookService: WebhookService) {}
 

diff --git a/src/whisp/whisp.controller.ts b/src/whisp/whisp.controller.ts
@@ -1,11 +1,24 @@
 import {
-  Controller, Post, Body, Get, Patch, Put, Delete, Param, HttpCode, UsePipes, ValidationPipe,
+  Body,
+  Controller,
+  Delete,
+  Get,
+  HttpCode,
+  Param,
+  Patch,
+  Post,
+  Put,
+  UseGuards,
+  UsePipes,
+  ValidationPipe,
 } from '@nestjs/common';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { IWhisp } from '../interfaces/whisp.interface';
 import { WhispService } from './whisp.service';
 import { WhispInputType } from './whisp.input';
 
 @Controller('whisp')
+@UseGuards(JwtAuthGuard)
 export class WhispController {
   constructor(private readonly whispService: WhispService) {}
 

diff --git a/src/whisp/whisp.resolver.ts b/src/whisp/whisp.resolver.ts
@@ -16,6 +16,7 @@ import { TagInputType } from '../tag/tag.input';
 import { WhispCount } from './whispCount.entity';
 
 @Resolver(() => Whisp)
+@UseGuards(GqlJwtAuthGuard)
 export class WhispResolver {
   constructor(
     private readonly whispService: WhispService,
@@ -47,7 +48,6 @@ export class WhispResolver {
     return this.whispService.findAll(filter, sort, limit);
   }
 
-  @UseGuards(GqlJwtAuthGuard)
   @Query(() => [Whisp], { nullable: true })
   async whispsAuthBeta(
     @Args('filter', { type: () => GraphQLJSONObject, nullable: true })

diff --git a/tests/e2e/tag/graphql.e2e-spec.ts b/tests/e2e/tag/graphql.e2e-spec.ts
@@ -2,7 +2,9 @@ import { getModelToken } from '@nestjs/mongoose';
 import { Test, TestingModule } from '@nestjs/testing';
 import { Model } from 'mongoose';
 import { AppModule } from 'src/app.module';
+import { sign } from 'jsonwebtoken';
 import request from 'supertest';
+import { AUTH } from '../../testUtils/testingConsts';
 import { ITag } from '../../../src/interfaces/tag.interface';
 import { TagService } from '../../../src/tag/tag.service';
 import { TagGroupService } from '../../../src/tagGroup/tagGroup.service';
@@ -35,6 +37,7 @@ let tagService: TagService;
 let tagGroupService: TagGroupService;
 let createdTagId: string;
 let tagGroupId: string;
+let token: string;
 
 describe('Tags', () => {
   let moduleRef: TestingModule;
@@ -51,6 +54,9 @@ describe('Tags', () => {
     });
     // eslint-disable-next-line no-underscore-dangle
     tagGroupId = tagGroup._id;
+    const { config } = JSON.parse(AUTH.AUTH_CONFIG_SECRET_JWKS);
+    const secret = config.filter((item) => item.secretOrKey !== undefined);
+    token = sign({ sender: TAG_TITLE }, secret[0]?.secretOrKey);
   });
 
   afterAll(async () => {
@@ -66,6 +72,7 @@ describe('Tags', () => {
     it('should create a new tag and return a 200', async () => {
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: CREATE_TAG_GQL,
           variables: {
@@ -90,6 +97,7 @@ describe('Tags', () => {
       const NEW_TITLE = 'New Title';
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: UPDATE_TAG_GQL,
           variables: {
@@ -110,6 +118,7 @@ describe('Tags', () => {
     it('should delete a new tag and return a 200', async () => {
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: DELETE_TAG_GQL,
           variables: {

diff --git a/tests/e2e/tagGroup/graphql.e2e-spec.ts b/tests/e2e/tagGroup/graphql.e2e-spec.ts
@@ -3,7 +3,9 @@ import { getModelToken } from '@nestjs/mongoose';
 import { Test, TestingModule } from '@nestjs/testing';
 import { Model } from 'mongoose';
 import { AppModule } from 'src/app.module';
+import { sign } from 'jsonwebtoken';
 import request from 'supertest';
+import { AUTH } from '../../testUtils/testingConsts';
 import { ITagGroup } from '../../../src/interfaces/tagGroup.interface';
 import { TagGroupService } from '../../../src/tagGroup/tagGroup.service';
 
@@ -34,6 +36,7 @@ const TAG_GROUP_TYPE = 'E2E_TEST';
 let tagGroupService: TagGroupService;
 let createdTagGroupId: string;
 let app: INestApplication;
+let token: string;
 
 describe('TagGroup', () => {
   beforeAll(async () => {
@@ -45,6 +48,9 @@ describe('TagGroup', () => {
     await app.init();
 
     tagGroupService = moduleRef.get<TagGroupService>(TagGroupService);
+    const { config } = JSON.parse(AUTH.AUTH_CONFIG_SECRET_JWKS);
+    const secret = config.filter((item) => item.secretOrKey !== undefined);
+    token = sign({ sender: TAG_GROUP_TYPE }, secret[0]?.secretOrKey);
   });
 
   afterAll(async () => {
@@ -60,6 +66,7 @@ describe('TagGroup', () => {
     it('should create a new tag group and return a 200', async () => {
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: CREATE_TAG_GROUP_GQL,
           variables: {
@@ -81,6 +88,7 @@ describe('TagGroup', () => {
       const NEW_TITLE = 'New Title';
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: UPDATE_TAG_GROUP_GQL,
           variables: {
@@ -101,6 +109,7 @@ describe('TagGroup', () => {
     it('should delete a new tag group and return a 200', async () => {
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: DELETE_TAG_GROUP_GQL,
           variables: {

diff --git a/tests/e2e/webhook/webhook.e2e-spec.ts b/tests/e2e/webhook/webhook.e2e-spec.ts
@@ -1,10 +1,12 @@
 import fastify from 'fastify';
 import { Model } from 'mongoose';
+import { sign } from 'jsonwebtoken';
 import request from 'supertest';
 import { getModelToken } from '@nestjs/mongoose';
 import { Test, TestingModule } from '@nestjs/testing';
 import { AppModule } from 'src/app.module';
 import { FastifyAdapter, NestFastifyApplication } from '@nestjs/platform-fastify';
+import { AUTH } from '../../testUtils/testingConsts';
 import { WhispService } from '../../../src/whisp/whisp.service';
 import { WhispInputType } from '../../../src/whisp/whisp.input';
 import { IWhisp } from '../../../src/interfaces/whisp.interface';
@@ -98,8 +100,12 @@ describe('webhooks', () => {
     let whisp: IWhisp;
 
     it('should create a new webhook', async () => {
+      const { config } = JSON.parse(AUTH.AUTH_CONFIG_SECRET_JWKS);
+      const secret = config.filter((item) => item.secretOrKey !== undefined);
+      const token = sign({ sender: WHISP_TEST_TYPE }, secret[0]?.secretOrKey);
       const result = await request(global.app.getHttpServer())
         .post('/graphql')
+        .set('Authorization', `Bearer ${token}`)
         .send({
           query: CREATE_WEBHOOK_GQL,
           variables: {

diff --git a/tests/e2e/whisp/graphql.e2e-spec.ts b/tests/e2e/whisp/graphql.e2e-spec.ts
@@ -2,7 +2,9 @@ import { getModelToken } from '@nestjs/mongoose';
 import { Test, TestingModule } from '@nestjs/testing';
 import { Model } from 'mongoose';
 import { AppModule } from 'src/app.module';
+import { sign } from 'jsonwebtoken';
 import request from 'supertest';
+import { AUTH } from '../../testUtils/testingConsts';
 import { FileService } from '../../../src/file/file.service';
 import { IWhisp } from '../../../src/interfaces/whisp.interface';
 import { WhispService } from '../../../src/whisp/whisp.service';
@@ -35,6 +37,7 @@ const WHISP_TEST_TYPE = 'E2E_TEST';
 let fileService: FileService;
 let whispService: WhispService;
 let createdWhispId: string;
+let token: string;
 
 describe('Whisps', () => {
   let moduleRef: TestingModule;
@@ -44,6 +47,9 @@ describe('Whisps', () => {
     }).compile();
     whispService = moduleRef.get<WhispService>(WhispService);
     fileService = moduleRef.get<FileService>(FileService);
+    const { config } = JSON.parse(AUTH.AUTH_CONFIG_SECRET_JWKS);
+    const secret = config.filter((item) => item.secretOrKey !== undefined);
+    token = sign({ sender: WHISP_TEST_TYPE }, secret[0]?.secretOrKey);
   });
 
   afterAll(async () => {
@@ -60,6 +66,7 @@ describe('Whisps', () => {
       it('should return a 200 and create a new Whisp and return its id', async () => {
         const result = await request(global.app.getHttpServer())
           .post('/graphql')
+          .set('Authorization', `Bearer ${token}`)
           .send({
             query: CREATE_WHISP_GQL,
             variables: {
@@ -76,6 +83,7 @@ describe('Whisps', () => {
         const now = new Date();
         const result = await request(global.app.getHttpServer())
           .post('/graphql')
+          .set('Authorization', `Bearer ${token}`)
           .send({
             query: CREATE_WHISP_GQL,
             variables: {
@@ -95,6 +103,7 @@ describe('Whisps', () => {
         it(`should upload ${fileName} to S3 when attached`, async () => {
           const result = await request(global.app.getHttpServer())
             .post('/graphql')
+            .set('Authorization', `Bearer ${token}`)
             .field(
               'operations',
               JSON.stringify({
@@ -130,6 +139,7 @@ describe('Whisps', () => {
       it('should change any field on a whisp and return a 200', async () => {
         const result = await request(global.app.getHttpServer())
           .post('/graphql')
+          .set('Authorization', `Bearer ${token}`)
           .send({
             query: UPDATE_WHISP_GQL,
             variables: {
@@ -149,6 +159,7 @@ describe('Whisps', () => {
       it('should preserve attachment field when not provided', async () => {
         const createResult = await request(global.app.getHttpServer())
           .post('/graphql')
+          .set('Authorization', `Bearer ${token}`)
           .field(
             'operations',
             JSON.stringify({
@@ -170,6 +181,7 @@ describe('Whisps', () => {
           .attach('file', 'tests/e2e/whisp/attached-file-1.png');
         await request(global.app.getHttpServer())
           .post('/graphql')
+          .set('Authorization', `Bearer ${token}`)
           .send({
             query: UPDATE_WHISP_GQL,
             variables: {
@@ -189,6 +201,7 @@ describe('Whisps', () => {
       it('should delete the whisp and return a 200', async () => {
         const result = await request(global.app.getHttpServer())
           .post('/graphql')
+          .set('Authorization', `Bearer ${token}`)
           .send({
             query: DELETE_WHISP_GQL,
             variables: {