Add authentication with multiple jwt providers

.github/workflows/k6-load-test.yml

@@ -20,6 +20,7 @@ jobs:
       AWS_S3_ENDPOINT: http://localhost:4566
       AWS_ACCESS_KEY_ID: dummy
       AWS_SECRET_ACCESS_KEY: dummy
+      AUTH_CONFIG: '{"config":[{"jwtFromRequest":"ExtractJwt.fromAuthHeaderAsBearerToken()","ignoreExpiration":false,"secretOrKey":"VALID_SECRET_KEY"},{"jwtFromRequest":"ExtractJwt.fromAuthHeaderAsBearerToken()","ignoreExpiration":false,"secretOrKey":"another_secret_key"}]}'
     services:
       mongo:
         image: mongo

example.env

@@ -25,3 +25,4 @@ AWS_S3_ENDPOINT = http://localstack:4566/
 AWS_BUCKET_NAME = demo-bucket
 
 EXAMPLE_TEST = test
+AUTH_CONFIG = {"config":[{"jwtFromRequest":"ExtractJwt.fromAuthHeaderAsBearerToken()","ignoreExpiration":false,"secretOrKey":"a_secret_key"},{"jwtFromRequest":"ExtractJwt.fromAuthHeaderAsBearerToken()","ignoreExpiration":false,"secretOrKey":"a_secret_keyx"}]}

example.rep.env

@@ -25,4 +25,5 @@ COGNITO_REGION
 COGNITO_IDENTITY_POOL_ID
 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
 AWS_S3_ENDPOINT
-AWS_BUCKET_NAME
+AWS_BUCKET_NAME
+AUTH_CONFIG = {"config":[{"jwtFromRequest":"ExtractJwt.fromAuthHeaderAsBearerToken()","ignoreExpiration":false,"secretOrKey":"a_secret_key"},{"jwtFromRequest":"ExtractJwt.fromAuthHeaderAsBearerToken()","ignoreExpiration":false,"secretOrKey":"a_secret_keyx"}]}

package.json

@@ -21,21 +21,23 @@
     "test:unit:cov": "jest --coverage --forceExit --detectOpenHandles",
     "test:unit:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
     "test:integration": "jest --config jest-integration.json --runInBand --forceExit",
-    "test:e2e": "jest --config jest-e2e.json --runInBand --forceExit",
+    "test:e2e": "jest --config jest-e2e.json --verbose --runInBand --forceExit",
     "test:e2e:debug": "node --inspect-brk=0.0.0.0 -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand --config jest-e2e.json",
     "docs:build": "vuepress build docs",
     "docs:dev": "vuepress dev docs"
   },
   "dependencies": {
     "@apollo/gateway": "0.44.1",
     "@instana/collector": "1.137.2",
+    "@mestrak/passport-multi-jwt": "0.0.3",
     "@nestjs/axios": "0.0.3",
     "@nestjs/common": "8.2.3",
     "@nestjs/config": "1.1.5",
     "@nestjs/core": "8.2.3",
     "@nestjs/graphql": "9.1.2",
+    "@nestjs/jwt": "^8.0.0",
     "@nestjs/mongoose": "8.0.1",
-    "@nestjs/passport": "8.0.1",
+    "@nestjs/passport": "^8.0.1",
     "@nestjs/platform-fastify": "8.2.3",
     "@nestjs/platform-socket.io": "8.2.3",
     "@nestjs/terminus": "8.0.3",
@@ -67,6 +69,8 @@
     "lodash": "4.17.21",
     "mongoose": "5.13.13",
     "mongoose-cast-aggregation": "0.2.1",
+    "passport": "^0.5.2",
+    "passport-jwt": "^4.0.0",
     "reflect-metadata": "0.1.13",
     "request": "2.88.2",
     "rimraf": "3.0.2",

schema.gql

@@ -73,6 +73,7 @@ type WhispCount {
 type Query {
   whispById(id: String!): Whisp
   whisps(limit: Int, sort: JSONObject, filter: JSONObject): [Whisp!]
+  whispsAuthBeta(limit: Int, sort: JSONObject, filter: JSONObject): [Whisp!]
   countWhisps(group: JSONObject, filter: [JSONObject!]): [WhispCount!]!
   webhooks: [Webhook!]
   tagGroups(tagGroup: TagGroupInputType!): [TagGroup!]

sonarcloud.properties

@@ -0,0 +1 @@
+sonar.cpd.exclusions=tests/**/*.spec.ts

src/app.module.ts

@@ -4,7 +4,7 @@ import { MongooseModule } from '@nestjs/mongoose';
 
 import { TerminusModule } from '@nestjs/terminus';
 import { ApolloServerPluginLandingPageLocalDefault } from 'apollo-server-core';
-import { AWSCredsModule } from './auth/aws-creds.module';
+import { AWSCredsModule } from './aws-creds/aws-creds.module';
 import { ConfigModule } from './config/config.module';
 import { DistributionModule } from './distribution/distribution.module';
 import { EventModule } from './event/event.module';
@@ -20,6 +20,7 @@ import { ConfigService } from './config/config.service';
 import { WebhookModule } from './webhook/webhook.module';
 import { TagModule } from './tag/tag.module';
 import { HealthController } from './health/health.controller';
+import { AuthModule } from './auth/auth.module';
 
 @Module({
   imports: [
@@ -52,6 +53,7 @@ import { HealthController } from './health/health.controller';
     DistributionModule,
     EventModule,
     WebhookModule,
+    AuthModule,
   ],
   providers: [AppService],
   controllers: [AppController, HealthController],

src/auth/auth.module.ts

@@ -0,0 +1,18 @@
+import { Module } from '@nestjs/common';
+import { PassportModule } from '@nestjs/passport';
+import { JwtModule } from '@nestjs/jwt';
+import { JwtStrategy } from './jwt.strategy';
+import { ConfigModule } from '../config/config.module';
+
+@Module({
+  imports: [
+    PassportModule,
+    ConfigModule,
+    JwtModule.register({
+      secret: 'some_secret_thing',
+      signOptions: { expiresIn: '60s' },
+    }),
+  ],
+  providers: [JwtStrategy],
+})
+export class AuthModule {}

src/auth/gql-jwt-auth.guard.ts

@@ -0,0 +1,12 @@
+/* eslint-disable class-methods-use-this */
+import { ExecutionContext, Injectable } from '@nestjs/common';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class GqlJwtAuthGuard extends AuthGuard('jwt') {
+  getRequest(context: ExecutionContext) {
+    const ctx = GqlExecutionContext.create(context);
+    return ctx.getContext().req;
+  }
+}

src/auth/jwt-auth.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {}