Moved security into backend. Fronted should not depend on KC

dBildungsplattform · Oct 5, 2023 · fcdf8a1 · fcdf8a1
1 parent 00dff3c
commit fcdf8a1
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 19 deletions.
diff --git a/src/frontend/frontend.module.ts b/src/frontend/frontend.module.ts
@@ -6,10 +6,10 @@ import { defineConfig } from '@mikro-orm/postgresql';
 import { Module } from '@nestjs/common';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { APP_GUARD } from '@nestjs/core';
-import { AuthGuard, KeycloakConnectModule, ResourceGuard, RoleGuard } from 'nest-keycloak-connect';
+import { AuthGuard, ResourceGuard, RoleGuard } from 'nest-keycloak-connect';
 
 import { FrontendApiModule } from '../modules/frontend/frontend-api.module.js';
-import { DbConfig, KeycloakConfig, loadConfigFiles, loadEnvConfig, ServerConfig } from '../shared/config/index.js';
+import { DbConfig, loadConfigFiles, loadEnvConfig, ServerConfig } from '../shared/config/index.js';
 import { mappingErrorHandler } from '../shared/error/mapping.error.js';
 import { HealthModule } from '../health/health.module.js';
 
@@ -37,19 +37,6 @@ import { HealthModule } from '../health/health.module.js';
             },
             inject: [ConfigService],
         }),
-        KeycloakConnectModule.registerAsync({
-            useFactory: (config: ConfigService<ServerConfig, true>) => {
-                const keycloakConfig: KeycloakConfig = config.getOrThrow<KeycloakConfig>('KEYCLOAK');
-
-                return {
-                    authServerUrl: keycloakConfig.BASE_URL,
-                    realm: keycloakConfig.REALM_NAME,
-                    clientId: keycloakConfig.CLIENT_ID,
-                    secret: keycloakConfig.SECRET,
-                };
-            },
-            inject: [ConfigService],
-        }),
         FrontendApiModule,
         HealthModule,
     ],

diff --git a/src/frontend/main.ts b/src/frontend/main.ts
@@ -11,15 +11,15 @@ import { FrontendModule } from './frontend.module.js';
 async function bootstrap(): Promise<void> {
     const app: INestApplication = await NestFactory.create(FrontendModule);
     app.useGlobalPipes(new GlobalValidationPipe());
-    app.setGlobalPrefix('api', {
-        exclude: ['health'],
-    });
     const swagger: Omit<OpenAPIObject, 'paths'> = new DocumentBuilder()
         .setTitle('dBildungs IAM')
         .setDescription('The dBildungs IAM server API description')
         .setVersion('1.0')
         .build();
 
+    app.setGlobalPrefix('api', {
+        exclude: ['health'],
+    });
     SwaggerModule.setup('docs', app, SwaggerModule.createDocument(app, swagger));
 
     const configService: ConfigService<ServerConfig, true> = app.get(ConfigService<ServerConfig, true>);

diff --git a/src/health/health.controller.ts b/src/health/health.controller.ts
@@ -8,8 +8,10 @@ import {
 } from '@nestjs/terminus';
 import { EntityManager } from '@mikro-orm/postgresql';
 import { ApiExcludeController } from '@nestjs/swagger';
+import { Unprotected } from 'nest-keycloak-connect';
 
 @Controller('health')
+@Unprotected()
 @ApiExcludeController()
 export class HealthController {
     public constructor(

diff --git a/src/server/server.module.ts b/src/server/server.module.ts
@@ -5,12 +5,13 @@ import { MikroOrmModule } from '@mikro-orm/nestjs';
 import { Module } from '@nestjs/common';
 import { defineConfig } from '@mikro-orm/postgresql';
 import { ConfigModule, ConfigService } from '@nestjs/config';
-import { DbConfig, loadConfigFiles, loadEnvConfig, ServerConfig } from '../shared/config/index.js';
+import { DbConfig, KeycloakConfig, loadConfigFiles, loadEnvConfig, ServerConfig } from '../shared/config/index.js';
 import { mappingErrorHandler } from '../shared/error/index.js';
 import { PersonApiModule } from '../modules/person/person-api.module.js';
 import { HealthModule } from '../health/health.module.js';
 import { KeycloakAdministrationModule } from '../modules/keycloak-administration/keycloak-administration.module.js';
 import { OrganisationApiModule } from '../modules/organisation/organisation-api.module.js';
+import { KeycloakConnectModule } from 'nest-keycloak-connect';
 
 @Module({
     imports: [
@@ -43,6 +44,19 @@ import { OrganisationApiModule } from '../modules/organisation/organisation-api.
             },
             inject: [ConfigService],
         }),
+        KeycloakConnectModule.registerAsync({
+            useFactory: (config: ConfigService<ServerConfig, true>) => {
+                const keycloakConfig: KeycloakConfig = config.getOrThrow<KeycloakConfig>('KEYCLOAK');
+
+                return {
+                    authServerUrl: keycloakConfig.BASE_URL,
+                    realm: keycloakConfig.REALM_NAME,
+                    clientId: keycloakConfig.CLIENT_ID,
+                    secret: keycloakConfig.SECRET,
+                };
+            },
+            inject: [ConfigService],
+        }),
         PersonApiModule,
         OrganisationApiModule,
         KeycloakAdministrationModule,