Add user authentication (#1)

Author: nramadas

.dockerignore

@@ -3,3 +3,4 @@ Dockerfile
 node_modules
 npm-debug.log
 dist
+.env

.eslintrc.js

@@ -12,18 +12,29 @@ module.exports = {
     node: true,
     jest: true,
   },
-  ignorePatterns: ['.eslintrc.js'],
+  ignorePatterns: ['.eslintrc.js', 'migrations/*', 'dist/*'],
   rules: {
     '@typescript-eslint/interface-name-prefix': 'off',
     '@typescript-eslint/explicit-function-return-type': 'off',
     '@typescript-eslint/explicit-module-boundary-types': 'off',
     '@typescript-eslint/ban-ts-comment': 'off',
     '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-empty-interface': 'off',
     'import/order': [
       'error',
       {
         'newlines-between': 'always-and-inside-groups',
         'pathGroupsExcludedImportTypes': ['builtin'],
+        'pathGroups': [
+          {
+            pattern: '@src/**/**',
+            group: 'parent',
+          },
+          {
+            pattern: '@lib/**/**',
+            group: 'parent',
+          },
+        ],
         'alphabetize': {
           order: 'asc',
           caseInsensitive: true,

.gitignore

@@ -32,4 +32,7 @@ lerna-debug.log*
 !.vscode/settings.json
 !.vscode/tasks.json
 !.vscode/launch.json
-!.vscode/extensions.json
+!.vscode/extensions.json
+
+# env
+.env

.prettierignore

@@ -9,3 +9,4 @@ lib
 out
 
 *.svg
+migrations/*

.prettierrc

@@ -1,6 +1,6 @@
 {
   "printWidth": 100,
-  "trailingComma": "es5",
+  "trailingComma": "all",
   "tabWidth": 2,
   "semi": true,
   "singleQuote": true,

migrations/1659985471735-AuthClaim.ts

@@ -0,0 +1,26 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class AuthClaim1659985471735 implements MigrationInterface {
+    name = 'AuthClaim1659985471735'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`
+            CREATE TABLE "auth_claim" (
+                "id" uuid NOT NULL DEFAULT uuid_generate_v4(),
+                "nonce" character varying NOT NULL,
+                "onBehalfOf" character varying NOT NULL,
+                "created" TIMESTAMP NOT NULL DEFAULT now(),
+                "deleted" TIMESTAMP,
+                "updated" TIMESTAMP NOT NULL DEFAULT now(),
+                CONSTRAINT "PK_b0d640283a501763c9f7e6e942d" PRIMARY KEY ("id")
+            )
+        `);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`
+            DROP TABLE "auth_claim"
+        `);
+    }
+
+}

migrations/1660000538731-Auth.ts

@@ -0,0 +1,26 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class Auth1660000538731 implements MigrationInterface {
+    name = 'Auth1660000538731'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`
+            CREATE TABLE "auth" (
+                "id" uuid NOT NULL DEFAULT uuid_generate_v4(),
+                "data" jsonb NOT NULL,
+                "publicKeyStr" character varying NOT NULL,
+                "created" TIMESTAMP NOT NULL DEFAULT now(),
+                "deleted" TIMESTAMP,
+                "updated" TIMESTAMP NOT NULL DEFAULT now(),
+                CONSTRAINT "PK_7e416cf6172bc5aec04244f6459" PRIMARY KEY ("id")
+            )
+        `);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`
+            DROP TABLE "auth"
+        `);
+    }
+
+}

migrations/1660048272853-User.ts

@@ -0,0 +1,28 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class User1660048272853 implements MigrationInterface {
+    name = 'User1660048272853'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`
+            CREATE TABLE "user" (
+                "id" uuid NOT NULL DEFAULT uuid_generate_v4(),
+                "data" jsonb NOT NULL,
+                "authId" character varying NOT NULL,
+                "publicKeyStr" character varying NOT NULL,
+                "created" TIMESTAMP NOT NULL DEFAULT now(),
+                "deleted" TIMESTAMP,
+                "updated" TIMESTAMP NOT NULL DEFAULT now(),
+                CONSTRAINT "UQ_ad5065ee18a722baaa932d1c3c6" UNIQUE ("authId"),
+                CONSTRAINT "PK_cace4a159ff9f2512dd42373760" PRIMARY KEY ("id")
+            )
+        `);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`
+            DROP TABLE "user"
+        `);
+    }
+
+}

orm-cli-config.ts

@@ -0,0 +1,20 @@
+import * as path from 'path';
+
+import * as dotenv from 'dotenv';
+import * as dotenvExpand from 'dotenv-expand';
+import { DataSource } from 'typeorm';
+
+const env = dotenv.config({ path: '.env' });
+dotenvExpand.expand(env);
+
+export default new DataSource({
+  type: 'postgres',
+  connectTimeoutMS: 3000,
+  entities: [path.join(__dirname, '**', '*.entity.{ts,js}')],
+  migrations: ['./migrations/*.ts'],
+  migrationsTableName: 'typeorm_migrations',
+  password: process.env.DATABASE_PASSWORD,
+  ssl: process.env.DATABASE_USE_SSL === 'true' ? { rejectUnauthorized: false } : false,
+  url: process.env.DATABASE_URL,
+  username: process.env.DATABASE_USERNAME,
+});

package.json

@@ -8,6 +8,10 @@
   "scripts": {
     "prebuild": "rimraf dist",
     "build": "nest build",
+    "db:m:new": "ts-node -r tsconfig-paths/register --project ./tsconfig.json ./node_modules/typeorm/cli.js -d ./orm-cli-config.ts migration:generate -p ./migrations/${npm_config_name}",
+    "db:m:revert": "ts-node -r tsconfig-paths/register --project ./tsconfig.json ./node_modules/typeorm/cli.js -d ./orm-cli-config.ts migration:revert",
+    "db:m:run": "ts-node -r tsconfig-paths/register --project ./tsconfig.json ./node_modules/typeorm/cli.js -d ./orm-cli-config.ts migration:run",
+    "db": "ts-node -r tsconfig-paths/register --project ./tsconfig.json ./node_modules/typeorm/cli.js -d ./orm-cli-config.ts",
     "fmt": "prettier --write '{*,**/*}.{js,ts,jsx,tsx,json}'",
     "lint": "eslint --ext .ts . && prettier --check '{*,**/*}.{js,ts,jsx,tsx,json}'",
     "lint:fix": "eslint --fix --ext .ts . && yarn fmt",
@@ -25,38 +29,60 @@
     "@nestjs/common": "^9.0.0",
     "@nestjs/config": "^2.2.0",
     "@nestjs/core": "^9.0.0",
+    "@nestjs/graphql": "^10.0.21",
+    "@nestjs/jwt": "^9.0.0",
+    "@nestjs/mercurius": "^10.0.21",
+    "@nestjs/passport": "^9.0.0",
     "@nestjs/platform-express": "^9.0.0",
+    "@nestjs/platform-fastify": "^9.0.8",
+    "@nestjs/typeorm": "^9.0.0",
+    "@solana/web3.js": "^1.50.1",
+    "altair-fastify-plugin": "^4.5.3",
+    "date-fns": "^2.29.1",
+    "fp-ts": "^2.12.2",
+    "graphql": "^16.5.0",
+    "graphql-upload": "13.0.0",
+    "io-ts": "^2.2.17",
+    "io-ts-types": "^0.5.16",
+    "mercurius": "^9",
+    "mercurius-upload": "^5.0.0",
+    "passport": "^0.6.0",
+    "passport-jwt": "^4.0.0",
+    "pg": "^8.7.3",
     "reflect-metadata": "^0.1.13",
     "rimraf": "^3.0.2",
-    "rxjs": "^7.2.0"
+    "rxjs": "^7.2.0",
+    "tweetnacl": "^1.0.3",
+    "typeorm": "^0.3.7"
   },
   "devDependencies": {
     "@babel/eslint-parser": "^7.18.9",
     "@nestjs/cli": "^9.0.0",
     "@nestjs/schematics": "^9.0.0",
     "@nestjs/testing": "^9.0.0",
-    "@types/eslint-plugin-prettier": "^3.1.0",
     "@types/eslint": "^8.4.5",
+    "@types/eslint-plugin-prettier": "^3.1.0",
     "@types/express": "^4.17.13",
+    "@types/graphql-upload": "^8.0.11",
     "@types/jest": "28.1.4",
     "@types/node": "^16.0.0",
     "@types/prettier": "^2.7.0",
     "@types/supertest": "^2.0.11",
     "@typescript-eslint/eslint-plugin": "^5.32.0",
     "@typescript-eslint/parser": "^5.32.0",
     "babel-eslint": "^10.1.0",
+    "eslint": "^8.21.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-import": "^2.26.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "eslint": "^8.21.0",
     "jest": "28.1.2",
     "prettier": "^2.3.2",
     "source-map-support": "^0.5.20",
     "supertest": "^6.1.3",
     "ts-jest": "28.0.5",
     "ts-loader": "^9.2.3",
-    "ts-node": "^10.0.0",
-    "tsconfig-paths": "4.0.0",
+    "ts-node": "^10.9.1",
+    "tsconfig-paths": "^4.1.0",
     "typescript": "^4.3.5"
   },
   "jest": {

src/app.module.ts

@@ -1,11 +1,51 @@
+import { join } from 'path';
+
 import { Module } from '@nestjs/common';
-import { ConfigModule } from '@nestjs/config';
+import { GraphQLModule } from '@nestjs/graphql';
+import { MercuriusDriver, MercuriusDriverConfig } from '@nestjs/mercurius';
+import { TypeOrmModule } from '@nestjs/typeorm';
+
+// import { NonceScalar } from '@lib/scalars/Nonce';
+import { PublicKeyScalar } from '@lib/scalars/PublicKey';
+import { AppController } from '@src/app.controller';
+import { AppService } from '@src/app.service';
+import { AuthModule } from '@src/auth/auth.module';
+import { ConfigModule } from '@src/config/config.module';
+import { ConfigService } from '@src/config/config.service';
 
-import { AppController } from './app.controller';
-import { AppService } from './app.service';
+import { UserModule } from './user/user.module';
 
 @Module({
-  imports: [ConfigModule.forRoot()],
+  imports: [
+    ConfigModule,
+    GraphQLModule.forRoot<MercuriusDriverConfig>({
+      autoSchemaFile: true,
+      buildSchemaOptions: {
+        dateScalarMode: 'timestamp',
+      },
+      driver: MercuriusDriver,
+      resolvers: {
+        // Nonce: NonceScalar,
+        PublicKey: PublicKeyScalar,
+      },
+      sortSchema: true,
+    }),
+    TypeOrmModule.forRootAsync({
+      imports: [ConfigModule],
+      useFactory: async (configService: ConfigService) => ({
+        type: 'postgres',
+        autoLoadEntities: true,
+        entities: [join(__dirname, '/**/entity{.ts,.js}')],
+        password: configService.get('database.password'),
+        ssl: configService.get('database.useSsl') ? { rejectUnauthorized: true } : false,
+        url: configService.get('database.url'),
+        username: configService.get('database.username'),
+      }),
+      inject: [ConfigService],
+    }),
+    AuthModule,
+    UserModule,
+  ],
   controllers: [AppController],
   providers: [AppService],
 })

src/auth/auth.jwt.guard.ts

@@ -0,0 +1,19 @@
+import type { ExecutionContext } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { AuthGuard } from '@nestjs/passport';
+import type { Request } from 'express';
+
+import type { User } from '@src/user/entities/User.entity';
+
+@Injectable()
+export class AuthJwtGuard extends AuthGuard('authJwt') {
+  getRequest(context: ExecutionContext) {
+    const ctx = GqlExecutionContext.create(context);
+    return ctx.getContext().req;
+  }
+}
+
+export interface GuardedReq extends Request {
+  user: User;
+}

src/auth/auth.jwt.strategy.ts

@@ -0,0 +1,39 @@
+import { Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { PublicKey } from '@solana/web3.js';
+import * as FN from 'fp-ts/function';
+import * as TE from 'fp-ts/TaskEither';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+import * as errors from '@lib/errors/gql';
+import { ConfigService } from '@src/config/config.service';
+import { UserService } from '@src/user/user.service';
+
+import { AuthService } from './auth.service';
+
+@Injectable()
+export class AuthJwtStrategy extends PassportStrategy(Strategy, 'authJwt') {
+  constructor(
+    private readonly configService: ConfigService,
+    private readonly authService: AuthService,
+    private readonly userService: UserService,
+  ) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      secretOrKey: configService.get('jwt.userSecret'),
+    });
+  }
+
+  validate(payload: { sub: string }) {
+    return FN.pipe(
+      this.userService.getUserById(payload.sub),
+      TE.chainW(TE.fromOption(() => new errors.Unauthorized())),
+      TE.matchW(
+        (error) => {
+          throw error;
+        },
+        (user) => ({ ...user.data, publicKey: new PublicKey(user.publicKeyStr) }),
+      ),
+    )();
+  }
+}

src/auth/auth.module.ts

@@ -0,0 +1,34 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { TypeOrmModule } from '@nestjs/typeorm';
+
+import { ConfigModule } from '@src/config/config.module';
+import { ConfigService } from '@src/config/config.service';
+import { UserModule } from '@src/user/user.module';
+
+import { AuthJwtStrategy } from './auth.jwt.strategy';
+import { AuthResolver } from './auth.resolver';
+import { AuthService } from './auth.service';
+import { Auth } from './entities/Auth.entity';
+import { AuthClaim } from './entities/AuthClaim.entity';
+
+@Module({
+  imports: [
+    ConfigModule,
+    PassportModule,
+    UserModule,
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      useFactory: (configService: ConfigService) => ({
+        secret: configService.get('jwt.userSecret'),
+        signOptions: { expiresIn: '7d' },
+      }),
+      inject: [ConfigService],
+    }),
+    TypeOrmModule.forFeature([Auth, AuthClaim]),
+  ],
+  providers: [AuthResolver, AuthService, AuthJwtStrategy],
+  exports: [AuthService],
+})
+export class AuthModule {}