feat: add session auth with redis cache

- style: sort imports
- chore: delete jwt

Author: ChingCdesu

.eslintrc.js

@@ -21,5 +21,14 @@ module.exports = {
     '@typescript-eslint/explicit-function-return-type': 'off',
     '@typescript-eslint/explicit-module-boundary-types': 'off',
     '@typescript-eslint/no-explicit-any': 'off',
+    'sort-imports': [
+      'error',
+      {
+        ignoreCase: false,
+        ignoreDeclarationSort: false,
+        ignoreMemberSort: false,
+        allowSeparatedGroups: true,
+      },
+    ],
   },
 };

package.json

@@ -25,21 +25,21 @@
   "dependencies": {
     "@nestjs/common": "^9.0.0",
     "@nestjs/core": "^9.0.0",
-    "@nestjs/jwt": "^10.0.2",
     "@nestjs/passport": "^9.0.1",
     "@nestjs/platform-express": "^9.0.0",
     "@nestjs/sequelize": "^9.0.0",
     "@nestjs/swagger": "^6.1.4",
     "bindings": "^1.5.0",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.0",
+    "connect-redis": "^6.1.3",
     "express-session": "^1.17.3",
+    "ioredis": "^5.3.1",
     "lodash": "^4.17.21",
     "mysql2": "^3.1.0",
     "node-addon-api": "^5.1.0",
     "openid-client": "^5.3.2",
     "passport": "^0.6.0",
-    "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
     "pg": "^8.9.0",
     "reflect-metadata": "^0.1.13",
@@ -54,13 +54,13 @@
     "@nestjs/schematics": "^9.0.0",
     "@nestjs/testing": "^9.0.0",
     "@types/bindings": "^1.5.1",
+    "@types/connect-redis": "^0.0.20",
     "@types/express": "^4.17.13",
     "@types/express-session": "^1.17.6",
     "@types/jest": "29.2.4",
     "@types/lodash": "^4.14.191",
     "@types/node": "18.11.18",
     "@types/passport": "^1.0.12",
-    "@types/passport-jwt": "^3.0.8",
     "@types/passport-local": "^1.0.35",
     "@types/sequelize": "^4.28.14",
     "@types/supertest": "^2.0.11",

pnpm-lock.yaml

@@ -2,11 +2,11 @@ import { Module } from '@nestjs/common';
 
 import { DatabaseConfig } from '@/config/database.config';
 
-import { SupernodeModule } from '@/modules/supernode/supernode.module';
-import { OidcModule } from '@/auth/oidc/oidc.module';
-import { UserModule } from '@/modules/user/user.module';
 import { AuditModule } from '@/modules/audit/audit.module';
 import { LocalAuthModule } from '@/auth/local/local.module';
+import { OidcModule } from '@/auth/oidc/oidc.module';
+import { SupernodeModule } from '@/modules/supernode/supernode.module';
+import { UserModule } from '@/modules/user/user.module';
 
 @Module({
   imports: [

src/app.module.ts

@@ -1,6 +1,8 @@
-import { LocalAuthGuard } from '@/common/guards/local-auth.guard';
-import { Controller, Delete, Post, Req, UseGuards } from '@nestjs/common';
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
+import { Controller, Delete, Post, Req, UseGuards } from '@nestjs/common';
+
+import { LocalAuthGuard } from '@/common/guards/local-auth.guard';
+
 import { LocalAuthService } from './local.service';
 
 @ApiTags('Auth')

src/auth/jwt/jwt.module.ts

@@ -1,12 +1,12 @@
 import { Module } from '@nestjs/common';
 import { PassportModule } from '@nestjs/passport';
 
-import { UserModule } from '@/modules/user/user.module';
 import { SessionSerializer } from '@/auth/session/session.serializer';
+import { UserModule } from '@/modules/user/user.module';
 
-import { LocalAuthStrategy } from './local.strategy';
-import { LocalAuthService } from './local.service';
 import { LocalAuthController } from './local.controller';
+import { LocalAuthService } from './local.service';
+import { LocalAuthStrategy } from './local.strategy';
 
 @Module({
   imports: [UserModule, PassportModule.register({ session: true })],

src/auth/jwt/jwt.strategy.ts

@@ -1,7 +1,7 @@
 import { Injectable } from '@nestjs/common';
 
-import { UserService } from '@/modules/user/user.service';
 import { User as UserModel } from '@/modules/user/entities/user.entity';
+import { UserService } from '@/modules/user/user.service';
 
 @Injectable()
 export class LocalAuthService {

src/auth/local/local.controller.ts

@@ -1,6 +1,7 @@
-import { Strategy } from 'passport-local';
-import { PassportStrategy } from '@nestjs/passport';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { Strategy } from 'passport-local';
+
 import { LocalAuthService } from './local.service';
 
 @Injectable()

src/auth/local/local.module.ts

@@ -1,16 +1,16 @@
-import { Controller, Delete, Get, Req, Res, UseGuards } from '@nestjs/common';
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
+import { Controller, Delete, Get, Req, Res, UseGuards } from '@nestjs/common';
 import { Request, Response } from 'express';
+import { Issuer } from 'openid-client';
 
-import { OidcGuard } from '@/common/guards/oidc.guard';
+import { AuthenticatedGuard } from '@/common/guards/authenticated.guard';
 import { LoggerProvider } from '@/utils/logger.util';
-
-import { OidcService } from './oidc.service';
+import { OidcGuard } from '@/common/guards/oidc.guard';
 import { OidcUserDto } from '@/modules/user/dto/oidc-user.dto';
-import { AuthenticatedGuard } from '@/common/guards/authenticated.guard';
-import { Issuer } from 'openid-client';
 import { useConfig } from '@/utils/config.util';
 
+import { OidcService } from './oidc.service';
+
 @ApiTags('Auth')
 @Controller()
 export class OidcController extends LoggerProvider {

src/auth/local/local.service.ts

@@ -1,15 +1,14 @@
 import { Module } from '@nestjs/common';
 import { PassportModule } from '@nestjs/passport';
 
-import { useConfig } from '@/utils/config.util';
 import { AuditModule } from '@/modules/audit/audit.module';
+import { SessionSerializer } from '@/auth/session/session.serializer';
 import { UserModule } from '@/modules/user/user.module';
-import { JwtAuthModule } from '@/auth/jwt/jwt.module';
+import { useConfig } from '@/utils/config.util';
 
 import { OidcStrategy, buildOpenIdClient } from './oidc.strategy';
-import { OidcService } from './oidc.service';
 import { OidcController } from './oidc.controller';
-import { SessionSerializer } from '../session/session.serializer';
+import { OidcService } from './oidc.service';
 
 const config = useConfig();
 
@@ -30,7 +29,6 @@ const OidcStrategyFactory = {
           PassportModule.register({ session: true }),
           AuditModule,
           UserModule,
-          JwtAuthModule,
         ],
         controllers: [OidcController],
         providers: [OidcStrategyFactory, OidcService, SessionSerializer],

src/auth/local/local.strategy.ts

@@ -3,11 +3,11 @@ import { useConfig } from '@/utils/config.util';
 import { UnauthorizedException } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import {
-  Strategy,
   Client,
-  UserinfoResponse,
-  TokenSet,
   Issuer,
+  Strategy,
+  TokenSet,
+  UserinfoResponse,
 } from 'openid-client';
 import { OidcService } from './oidc.service';
 

src/auth/oidc/oidc.controller.ts

@@ -0,0 +1,9 @@
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AdministrationGuard implements CanActivate {
+  async canActivate(context: ExecutionContext) {
+    const request = context.switchToHttp().getRequest();
+    return request.user.isAdmin;
+  }
+}

src/auth/oidc/oidc.module.ts

@@ -1,4 +1,4 @@
-import { ExecutionContext, Injectable, CanActivate } from '@nestjs/common';
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
 
 @Injectable()
 export class AuthenticatedGuard implements CanActivate {

src/auth/oidc/oidc.strategy.ts

@@ -1,8 +1,8 @@
 import {
   ArgumentMetadata,
+  BadRequestException,
   Injectable,
   PipeTransform,
-  BadRequestException,
 } from '@nestjs/common';
 import { validate } from 'class-validator';
 import { plainToClass } from 'class-transformer';

src/common/guards/administration.guard.ts

@@ -1,8 +1,10 @@
+import * as ConnectRedis from 'connect-redis';
+import * as passport from 'passport';
+import * as session from 'express-session';
+import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
 import { NestFactory } from '@nestjs/core';
-import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
+import { Redis } from 'ioredis';
 import { VersioningType } from '@nestjs/common';
-import * as session from 'express-session';
-import * as passport from 'passport';
 
 import { LogLevels } from '@/utils/logger.util';
 import { useConfig } from '@/utils/config.util';
@@ -14,10 +16,12 @@ async function bootstrap() {
   const app = await NestFactory.create(AppModule, {
     logger: LogLevels.slice(0, config.app.logLevel),
   });
+
   // Versioning API
   app.enableVersioning({
     type: VersioningType.URI,
   });
+
   // Swagger & OpenAPI
   const swaggerBuilder = new DocumentBuilder()
     .setTitle('Supernode server')
@@ -26,22 +30,31 @@ async function bootstrap() {
     .build();
   const document = SwaggerModule.createDocument(app, swaggerBuilder);
   SwaggerModule.setup('swagger', app, document);
+
   // Session & Authentication
+  const RedisSessionStore = ConnectRedis(session);
   app.use(
     session({
+      store: config.cache.redisUrl
+        ? new RedisSessionStore({
+            client: new Redis(config.cache.redisUrl),
+            logErrors: true,
+          })
+        : new session.MemoryStore(),
       secret: 'secret', // to sign session id
       resave: false, // will default to false in near future: https://github.com/expressjs/session#resave
       saveUninitialized: false, // will default to false in near future: https://github.com/expressjs/session#saveuninitialized
       rolling: true, // keep session alive
       cookie: {
-        maxAge: 30 * 60 * 1000, // session expires in 1hr, refreshed by `rolling: true` option.
+        maxAge: 60 * 60 * 1000, // session expires in 1hr, refreshed by `rolling: true` option.
         httpOnly: true, // so that cookie can't be accessed via client-side script
       },
     }),
   );
   app.use(passport.initialize());
   app.use(passport.session());
 
+  // Start app
   await app.listen(3000);
 }
 bootstrap();

src/common/guards/authenticated.guard.ts

@@ -1,7 +1,7 @@
 import { Controller, Get, Query } from '@nestjs/common';
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
 
-import { PaginationOptions, Pagination } from '@/utils/pagination.util';
+import { Pagination, PaginationOptions } from '@/utils/pagination.util';
 
 import { AuditService } from './audit.service';
 import { AuditLog as AuditLogModel } from './entities/audit.entity';

src/common/guards/jwt-auth.guard.ts

@@ -1,9 +1,9 @@
 import {
-  Table,
-  Model,
-  Column,
   BelongsTo,
+  Column,
   ForeignKey,
+  Model,
+  Table,
 } from 'sequelize-typescript';
 
 import { User } from '@/modules/user/entities/user.entity';

src/common/pipes/validation.pipe.ts

@@ -1,10 +1,10 @@
 import {
-  Model,
-  Table,
-  Column,
-  HasMany,
   BelongsTo,
+  Column,
   ForeignKey,
+  HasMany,
+  Model,
+  Table,
 } from 'sequelize-typescript';
 
 @Table

src/main.ts

@@ -1,8 +1,9 @@
 import { Module } from '@nestjs/common';
-import { SupernodeService } from './supernode.service';
-import { SupernodeControllerV1 } from './supernode.controller';
 import { SequelizeModule } from '@nestjs/sequelize';
+
 import { Community, CommunityUser } from './community.entity';
+import { SupernodeControllerV1 } from './supernode.controller';
+import { SupernodeService } from './supernode.service';
 
 @Module({
   imports: [SequelizeModule.forFeature([Community, CommunityUser])],

src/modules/audit/audit.controller.ts

@@ -1,12 +1,12 @@
 import { Injectable, OnModuleDestroy, OnModuleInit } from '@nestjs/common';
 import { InjectModel } from '@nestjs/sequelize';
 import {
+  Community as NativeCommunity,
   createServer,
+  getCommunities,
   loadCommunities,
   startServer,
   stopServer,
-  getCommunities,
-  Community as NativeCommunity,
 } from '@/utils/native.util';
 import { LoggerProvider } from '@/utils/logger.util';
 import { Community as CommunityModal } from './community.entity';

src/modules/audit/entities/audit.entity.ts

@@ -1,4 +1,3 @@
-import { ApiProperty } from '@nestjs/swagger';
 import {
   Equals,
   IsBoolean,
@@ -7,6 +6,7 @@ import {
   IsOptional,
   IsString,
 } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
 
 export class CreateUserDto {
   @ApiProperty({ example: 'username', description: '用户名' })

src/modules/supernode/community.entity.ts

@@ -1,11 +1,11 @@
-import { ApiProperty } from '@nestjs/swagger';
 import {
-  IsOptional,
-  IsString,
   IsBoolean,
-  IsEmpty,
   IsEmail,
+  IsEmpty,
+  IsOptional,
+  IsString,
 } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
 
 export class UpdateUserDto {
   @ApiProperty({ example: 'username', description: '用户名', required: false })

src/modules/supernode/supernode.module.ts

@@ -1,4 +1,4 @@
-import { Table, Column, Model, Default } from 'sequelize-typescript';
+import { Column, Default, Model, Table } from 'sequelize-typescript';
 
 @Table
 export class User extends Model {

src/modules/supernode/supernode.service.ts

@@ -1,3 +1,4 @@
+import { ApiOperation, ApiTags } from '@nestjs/swagger';
 import {
   Body,
   Controller,
@@ -7,19 +8,20 @@ import {
   Post,
   Put,
   Query,
+  Req,
   UseGuards,
   UsePipes,
   ValidationPipe,
 } from '@nestjs/common';
-import { ApiOperation, ApiTags } from '@nestjs/swagger';
 
 import { Pagination, PaginationOptions } from '@/utils/pagination.util';
+import { AdministrationGuard } from '@/common/guards/administration.guard';
+import { AuthenticatedGuard } from '@/common/guards/authenticated.guard';
 
-import { User as UserModel } from './entities/user.entity';
 import { CreateUserDto } from './dto/create-user.dto';
 import { UpdateUserDto } from './dto/update-user.dto';
+import { User as UserModel } from './entities/user.entity';
 import { UserService } from './user.service';
-import { AuthenticatedGuard } from '@/common/guards/authenticated.guard';
 
 @ApiTags('Users')
 @Controller({
@@ -30,7 +32,7 @@ export class UserControllerV1 {
   constructor(private readonly _userService: UserService) {}
 
   @ApiOperation({ summary: '列出用户列表' })
-  @UseGuards(AuthenticatedGuard)
+  @UseGuards(AuthenticatedGuard, AdministrationGuard)
   @UsePipes(new ValidationPipe({ transform: true }))
   @Get()
   async list(
@@ -40,34 +42,50 @@ export class UserControllerV1 {
   }
 
   @ApiOperation({ summary: '获取特定id的用户' })
-  @UseGuards(AuthenticatedGuard)
+  @UseGuards(AuthenticatedGuard, AdministrationGuard)
   @UsePipes(new ValidationPipe({ transform: true }))
   @Get(':id')
   async get(@Param('id') userId: number): Promise<UserModel> {
     return await this._userService.get(userId);
   }
 
   @ApiOperation({ summary: '添加用户' })
-  @UseGuards(AuthenticatedGuard)
-  @Post()
+  @UseGuards(AuthenticatedGuard, AdministrationGuard)
   @UsePipes(new ValidationPipe({ transform: true }))
+  @Post()
   async create(@Body() body: CreateUserDto) {
     return await this._userService.create(body);
   }
 
   @ApiOperation({ summary: '更新用户' })
-  @UseGuards(AuthenticatedGuard)
-  @Put(':id')
+  @UseGuards(AuthenticatedGuard, AdministrationGuard)
   @UsePipes(new ValidationPipe({ transform: true }))
+  @Put(':id')
   async update(@Param('id') userId: number, @Body() body: UpdateUserDto) {
     return await this._userService.update(userId, body);
   }
 
   @ApiOperation({ summary: '删除用户' })
-  @UseGuards(AuthenticatedGuard)
-  @Delete(':id')
+  @UseGuards(AuthenticatedGuard, AdministrationGuard)
   @UsePipes(new ValidationPipe({ transform: true }))
+  @Delete(':id')
   async destroy(@Param('id') userId: number) {
     return await this._userService.destroy(userId);
   }
+
+  @ApiOperation({ summary: '获取自己的用户信息' })
+  @UseGuards(AuthenticatedGuard)
+  @Get('me')
+  async me(@Req() req: any) {
+    return req.user;
+  }
+
+  @ApiOperation({ summary: '更新自己的用户信息' })
+  @UseGuards(AuthenticatedGuard)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  @Put('me')
+  async updateMe(@Req() req: any, @Body() body: UpdateUserDto) {
+    const userId = req.user.userId;
+    return await this._userService.update(userId, body);
+  }
 }

src/modules/user/dto/create-user.dto.ts

@@ -3,8 +3,8 @@ import { SequelizeModule } from '@nestjs/sequelize';
 
 import { AuditModule } from '@/modules/audit/audit.module';
 
-import { UserControllerV1 } from './user.controller';
 import { User } from './entities/user.entity';
+import { UserControllerV1 } from './user.controller';
 import { UserService } from './user.service';
 
 @Module({

src/modules/user/dto/update-user.dto.ts

@@ -1,21 +1,22 @@
 import { Injectable, NotFoundException } from '@nestjs/common';
 import { InjectModel } from '@nestjs/sequelize';
+import { Op } from 'sequelize';
 import { isNull } from 'lodash';
 
-import { LoggerProvider } from '@/utils/logger.util';
 import {
   Pagination,
   PaginationMeta,
   PaginationOptions,
 } from '@/utils/pagination.util';
+import { LoggerProvider } from '@/utils/logger.util';
+import { useConfig } from '@/utils/config.util';
+
 import { AuditService } from '@/modules/audit/audit.service';
 
-import { User as UserModel } from './entities/user.entity';
 import { CreateUserDto } from './dto/create-user.dto';
-import { UpdateUserDto } from './dto/update-user.dto';
-import { Op } from 'sequelize';
 import { OidcUserDto } from './dto/oidc-user.dto';
-import { useConfig } from '@/utils/config.util';
+import { UpdateUserDto } from './dto/update-user.dto';
+import { User as UserModel } from './entities/user.entity';
 
 @Injectable()
 export class UserService extends LoggerProvider {

src/modules/user/entities/user.entity.ts

@@ -1,16 +1,17 @@
-import yaml from 'yaml';
-import path from 'path';
 import * as fs from 'fs';
-import { PartialDeep } from '@/utils/type.util';
-import { LogLevel } from '@/utils/logger.util';
+import type { Dialect } from 'sequelize';
+import path from 'path';
 import { set } from 'lodash';
+import yaml from 'yaml';
 
-import type { Dialect } from 'sequelize';
+import { LogLevel } from '@/utils/logger.util';
+import { PartialDeep } from '@/utils/type.util';
 
 export interface Config {
   app: AppConfig;
   dataSource: DataSourceConfig;
   oidc: OidcConfig;
+  cache: CacheConfig;
 }
 
 export interface AppConfig {
@@ -41,6 +42,10 @@ export interface DataSourceConfig {
   storage?: string;
 }
 
+export interface CacheConfig {
+  redisUrl?: string;
+}
+
 const defaultConfig: Config = {
   app: {
     logLevel: LogLevel.log,
@@ -66,6 +71,7 @@ const defaultConfig: Config = {
     database: '',
     storage: 'data.sqlite',
   },
+  cache: {},
 };
 
 const envConfigMap: Record<string, string> = {
@@ -90,6 +96,8 @@ const envConfigMap: Record<string, string> = {
   DATA_SOURCE_DATABASE: 'dataSource.database',
   DATA_SOURCE_SCHEMA: 'dataSource.schema',
   DATA_SOURCE_STORAGE: 'dataSource.storage',
+
+  CACHE_REDIS_URL: 'cache.redisUrl',
 };
 
 let computedConfig: Config | undefined = undefined;

src/modules/user/user.controller.ts

@@ -1,7 +1,8 @@
+import * as request from 'supertest';
 import { Test, TestingModule } from '@nestjs/testing';
 import { INestApplication } from '@nestjs/common';
-import * as request from 'supertest';
-import { AppModule } from './../src/app.module';
+
+import { AppModule } from '@/app.module';
 
 describe('AppController (e2e)', () => {
   let app: INestApplication;