feat: jwt token validation and scope checks (#38)

Aam-Digital · Feb 29, 2024 · 078157b · 078157b
1 parent 9732920
commit 078157b
Show file tree

Hide file tree

Showing 18 changed files with 385 additions and 59 deletions.
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ curl -X "POST" "https://keycloak.aam-digital.net/realms/<your_realm>/protocol/op
      --data-urlencode "client_id=<your_client_id>" \
      --data-urlencode "client_secret=<your_client_secret>" \
      --data-urlencode "grant_type=client_credentials" \
-     --data-urlencode "scopes=openid reports_read reports_write"
+     --data-urlencode "scopes=openid reporting_read reporting_write"
 ```
 Check API docs for the required "scopes".
 This returns a JWT access token required to provided as Bearer Token for any request to the API endpoints. Sample token:
@@ -45,7 +45,7 @@ This returns a JWT access token required to provided as Bearer Token for any req
   "refresh_expires_in": 0,
   "token_type": "Bearer",
   "not-before-policy": 0,
-  "scope": "openid reports_read reports_write"
+  "scope": "openid reporting_read reporting_write"
 }
 ```
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,6 +25,7 @@
     "@nestjs/common": "^10.3.3",
     "@nestjs/config": "^3.2.0",
     "@nestjs/core": "^10.3.3",
+    "@nestjs/jwt": "10.2.0",
     "@nestjs/platform-express": "^10.3.3",
     "@nestjs/schedule": "4.0.1",
     "@ntegral/nestjs-sentry": "^4.0.1",

diff --git a/src/app.module.ts b/src/app.module.ts
@@ -9,6 +9,7 @@ import { ScheduleModule } from '@nestjs/schedule';
 import { AppConfiguration } from './config/configuration';
 import { ReportChangesModule } from './report-changes/report-changes.module';
 import { NotificationModule } from './notification/notification.module';
+import { AuthModule } from './auth/auth.module';
 
 const lowSeverityLevels: SeverityLevel[] = ['log', 'info'];
 
@@ -35,6 +36,7 @@ const lowSeverityLevels: SeverityLevel[] = ['log', 'info'];
       ignoreEnvFile: false,
       load: [AppConfiguration],
     }),
+    AuthModule,
     SentryModule.forRootAsync({
       imports: [ConfigModule],
       inject: [ConfigService],

diff --git a/src/auth/auth.module.ts b/src/auth/auth.module.ts
@@ -0,0 +1,27 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { JwtAuthGuard } from './core/jwt-auth.guard';
+import { APP_GUARD } from '@nestjs/core';
+import { JwtConfigurationFactory } from './core/jwt.configuration';
+import { ConfigService } from '@nestjs/config';
+import { HttpModule } from '@nestjs/axios';
+
+@Module({
+  imports: [
+    HttpModule,
+    JwtModule.registerAsync({
+      global: true,
+      useFactory: JwtConfigurationFactory,
+      inject: [ConfigService],
+    }),
+  ],
+  providers: [
+    JwtAuthGuard,
+    {
+      provide: APP_GUARD,
+      useClass: JwtAuthGuard,
+    },
+  ],
+  exports: [JwtAuthGuard],
+})
+export class AuthModule {}