auth: adds token-auth to public api

adds auth service adds auth module adds token-auth strategy adds token-auth to all public api calls Signed-off-by: Philip Molares <philip.molares@udo.edu>
2025-05-17 00:24:43 -04:00 · 2021-01-15 18:53:09 +01:00 · 2021-01-15 18:53:09 +01:00 · 2ab950c5c3
commit 2ab950c5c3
parent 4784a1aea2
11 changed files with 174 additions and 18 deletions
--- a/src/api/public/notes/notes.controller.ts
+++ b/src/api/public/notes/notes.controller.ts
@ -14,6 +14,8 @@ import {
  Param,
  Post,
  Put,
+  Request,
+  UseGuards,
 } from '@nestjs/common';
 import { NotInDBError } from '../../../errors/errors';
 import { ConsoleLoggerService } from '../../../logger/console-logger.service';
@ -21,6 +23,7 @@ import { NotePermissionsUpdateDto } from '../../../notes/note-permissions.dto';
 import { NotesService } from '../../../notes/notes.service';
 import { RevisionsService } from '../../../revisions/revisions.service';
 import { MarkdownBody } from '../../utils/markdownbody-decorator';
+import { TokenAuthGuard } from '../../../auth/token-auth.guard';

@Controller('notes')
 export class NotesController {
@ -32,14 +35,18 @@ export class NotesController {
    this.logger.setContext(NotesController.name);
  }

+  @UseGuards(TokenAuthGuard)
  @Post()
-  async createNote(@MarkdownBody() text: string) {
+  async createNote(@Request() req, @MarkdownBody() text: string) {
+    // ToDo: provide user for createNoteDto
    this.logger.debug('Got raw markdown:\n' + text);
    return this.noteService.createNoteDto(text);
  }

+  @UseGuards(TokenAuthGuard)
  @Get(':noteIdOrAlias')
-  async getNote(@Param('noteIdOrAlias') noteIdOrAlias: string) {
+  async getNote(@Request() req, @Param('noteIdOrAlias') noteIdOrAlias: string) {
+    // ToDo: check if user is allowed to view this note
    try {
      return await this.noteService.getNoteDtoByIdOrAlias(noteIdOrAlias);
    } catch (e) {
@ -50,17 +57,25 @@ export class NotesController {
    }
  }

+  @UseGuards(TokenAuthGuard)
  @Post(':noteAlias')
  async createNamedNote(
+    @Request() req,
    @Param('noteAlias') noteAlias: string,
    @MarkdownBody() text: string,
  ) {
+    // ToDo: check if user is allowed to view this note
    this.logger.debug('Got raw markdown:\n' + text);
    return this.noteService.createNoteDto(text, noteAlias);
  }

+  @UseGuards(TokenAuthGuard)
  @Delete(':noteIdOrAlias')
-  async deleteNote(@Param('noteIdOrAlias') noteIdOrAlias: string) {
+  async deleteNote(
+    @Request() req,
+    @Param('noteIdOrAlias') noteIdOrAlias: string,
+  ) {
+    // ToDo: check if user is allowed to delete this note
    this.logger.debug('Deleting note: ' + noteIdOrAlias);
    try {
      await this.noteService.deleteNoteByIdOrAlias(noteIdOrAlias);
@ -74,11 +89,14 @@ export class NotesController {
    return;
  }

+  @UseGuards(TokenAuthGuard)
  @Put(':noteIdOrAlias')
  async updateNote(
+    @Request() req,
    @Param('noteIdOrAlias') noteIdOrAlias: string,
    @MarkdownBody() text: string,
  ) {
+    // ToDo: check if user is allowed to change this note
    this.logger.debug('Got raw markdown:\n' + text);
    try {
      return await this.noteService.updateNoteByIdOrAlias(noteIdOrAlias, text);
@ -90,9 +108,14 @@ export class NotesController {
    }
  }

+  @UseGuards(TokenAuthGuard)
  @Get(':noteIdOrAlias/content')
  @Header('content-type', 'text/markdown')
-  async getNoteContent(@Param('noteIdOrAlias') noteIdOrAlias: string) {
+  async getNoteContent(
+    @Request() req,
+    @Param('noteIdOrAlias') noteIdOrAlias: string,
+  ) {
+    // ToDo: check if user is allowed to view this notes content
    try {
      return await this.noteService.getNoteContent(noteIdOrAlias);
    } catch (e) {
@ -103,8 +126,13 @@ export class NotesController {
    }
  }

+  @UseGuards(TokenAuthGuard)
  @Get(':noteIdOrAlias/metadata')
-  async getNoteMetadata(@Param('noteIdOrAlias') noteIdOrAlias: string) {
+  async getNoteMetadata(
+    @Request() req,
+    @Param('noteIdOrAlias') noteIdOrAlias: string,
+  ) {
+    // ToDo: check if user is allowed to view this notes metadata
    try {
      return await this.noteService.getNoteMetadata(noteIdOrAlias);
    } catch (e) {
@ -115,11 +143,14 @@ export class NotesController {
    }
  }

+  @UseGuards(TokenAuthGuard)
  @Put(':noteIdOrAlias/metadata/permissions')
  async updateNotePermissions(
+    @Request() req,
    @Param('noteIdOrAlias') noteIdOrAlias: string,
    @Body() updateDto: NotePermissionsUpdateDto,
  ) {
+    // ToDo: check if user is allowed to view this notes permissions
    try {
      return await this.noteService.updateNotePermissions(
        noteIdOrAlias,
@ -133,8 +164,13 @@ export class NotesController {
    }
  }

+  @UseGuards(TokenAuthGuard)
  @Get(':noteIdOrAlias/revisions')
-  async getNoteRevisions(@Param('noteIdOrAlias') noteIdOrAlias: string) {
+  async getNoteRevisions(
+    @Request() req,
+    @Param('noteIdOrAlias') noteIdOrAlias: string,
+  ) {
+    // ToDo: check if user is allowed to view this notes revisions
    try {
      return await this.revisionsService.getNoteRevisionMetadatas(
        noteIdOrAlias,
@ -147,11 +183,14 @@ export class NotesController {
    }
  }

+  @UseGuards(TokenAuthGuard)
  @Get(':noteIdOrAlias/revisions/:revisionId')
  async getNoteRevision(
+    @Request() req,
    @Param('noteIdOrAlias') noteIdOrAlias: string,
    @Param('revisionId') revisionId: number,
  ) {
+    // ToDo: check if user is allowed to view this notes revision
    try {
      return await this.revisionsService.getNoteRevision(
        noteIdOrAlias,