backend/src/auth/auth.controller.ts

import {
  Body,
  Controller,
  ForbiddenException,
  HttpCode,
  Patch,
  Post,
  UseGuards,
} from "@nestjs/common";
import { Throttle } from "@nestjs/throttler";
import { User } from "@prisma/client";
import { ConfigService } from "src/config/config.service";
import { AuthService } from "./auth.service";
import { AuthTotpService } from "./authTotp.service";
import { GetUser } from "./decorator/getUser.decorator";
import { AuthRegisterDTO } from "./dto/authRegister.dto";
import { AuthSignInDTO } from "./dto/authSignIn.dto";
import { AuthSignInTotpDTO } from "./dto/authSignInTotp.dto";
import { EnableTotpDTO } from "./dto/enableTotp.dto";
import { RefreshAccessTokenDTO } from "./dto/refreshAccessToken.dto";
import { UpdatePasswordDTO } from "./dto/updatePassword.dto";
import { VerifyTotpDTO } from "./dto/verifyTotp.dto";
import { JwtGuard } from "./guard/jwt.guard";

@Controller("auth")
export class AuthController {
  constructor(
    private authService: AuthService,
    private authTotpService: AuthTotpService,
    private config: ConfigService
  ) {}

  @Throttle(10, 5 * 60)
  @Post("signUp")
  async signUp(@Body() dto: AuthRegisterDTO) {
    if (!this.config.get("ALLOW_REGISTRATION"))
      throw new ForbiddenException("Registration is not allowed");
    return this.authService.signUp(dto);
  }

  @Throttle(10, 5 * 60)
  @Post("signIn")
  @HttpCode(200)
  signIn(@Body() dto: AuthSignInDTO) {
    return this.authService.signIn(dto);
  }

  @Throttle(10, 5 * 60)
  @Post("signIn/totp")
  @HttpCode(200)
  signInTotp(@Body() dto: AuthSignInTotpDTO) {
    return this.authTotpService.signInTotp(dto);
  }

  @Patch("password")
  @UseGuards(JwtGuard)
  async updatePassword(@GetUser() user: User, @Body() dto: UpdatePasswordDTO) {
    await this.authService.updatePassword(user, dto.oldPassword, dto.password);
  }

  @Post("token")
  @HttpCode(200)
  async refreshAccessToken(@Body() body: RefreshAccessTokenDTO) {
    const accessToken = await this.authService.refreshAccessToken(
      body.refreshToken
    );
    return { accessToken };
  }

  @Post("totp/enable")
  @UseGuards(JwtGuard)
  async enableTotp(@GetUser() user: User, @Body() body: EnableTotpDTO) {
    return this.authTotpService.enableTotp(user, body.password);
  }

  @Post("totp/verify")
  @UseGuards(JwtGuard)
  async verifyTotp(@GetUser() user: User, @Body() body: VerifyTotpDTO) {
    return this.authTotpService.verifyTotp(user, body.password, body.code);
  }

  @Post("totp/disable")
  @UseGuards(JwtGuard)
  async disableTotp(@GetUser() user: User, @Body() body: VerifyTotpDTO) {
    // Note: We use VerifyTotpDTO here because it has both fields we need: password and totp code
    return this.authTotpService.disableTotp(user, body.password, body.code);
  }
}
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`import {`
			`Body,`
			`Controller,`
			`ForbiddenException,`
			`HttpCode,`
feat: add user management 2022-12-05 15:53:24 +01:00			`Patch,`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`Post,`
feat: add user management 2022-12-05 15:53:24 +01:00			`UseGuards,`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`} from "@nestjs/common";`
feat: add rate limiting 2022-10-24 12:11:10 +02:00			`import { Throttle } from "@nestjs/throttler";`
feat: add user management 2022-12-05 15:53:24 +01:00			`import { User } from "@prisma/client";`
feat: add new config strategy to backend 2022-11-28 15:04:32 +01:00			`import { ConfigService } from "src/config/config.service";`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`import { AuthService } from "./auth.service";`
refactor: extract totp operations in seperate service 2022-12-26 12:43:36 +01:00			`import { AuthTotpService } from "./authTotp.service";`
feat: add user management 2022-12-05 15:53:24 +01:00			`import { GetUser } from "./decorator/getUser.decorator";`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`import { AuthRegisterDTO } from "./dto/authRegister.dto";`
fix: dto returns 2022-10-10 17:58:42 +02:00			`import { AuthSignInDTO } from "./dto/authSignIn.dto";`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`import { AuthSignInTotpDTO } from "./dto/authSignInTotp.dto";`
			`import { EnableTotpDTO } from "./dto/enableTotp.dto";`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`import { RefreshAccessTokenDTO } from "./dto/refreshAccessToken.dto";`
feat: add user management 2022-12-05 15:53:24 +01:00			`import { UpdatePasswordDTO } from "./dto/updatePassword.dto";`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`import { VerifyTotpDTO } from "./dto/verifyTotp.dto";`
feat: add user management 2022-12-05 15:53:24 +01:00			`import { JwtGuard } from "./guard/jwt.guard";`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00
			`@Controller("auth")`
			`export class AuthController {`
			`constructor(`
			`private authService: AuthService,`
refactor: extract totp operations in seperate service 2022-12-26 12:43:36 +01:00			`private authTotpService: AuthTotpService,`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`private config: ConfigService`
			`) {}`

feat: add rate limiting 2022-10-24 12:11:10 +02:00			`@Throttle(10, 5 * 60)`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`@Post("signUp")`
feat: add new config strategy to backend 2022-11-28 15:04:32 +01:00			`async signUp(@Body() dto: AuthRegisterDTO) {`
refactor: convert config variables to upper case 2022-12-05 16:53:52 +01:00			`if (!this.config.get("ALLOW_REGISTRATION"))`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`throw new ForbiddenException("Registration is not allowed");`
			`return this.authService.signUp(dto);`
			`}`

feat: add rate limiting 2022-10-24 12:11:10 +02:00			`@Throttle(10, 5 * 60)`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`@Post("signIn")`
feat: improve share security 2022-10-13 23:23:33 +02:00			`@HttpCode(200)`
fix: dto returns 2022-10-10 17:58:42 +02:00			`signIn(@Body() dto: AuthSignInDTO) {`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`return this.authService.signIn(dto);`
			`}`

feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`@Throttle(10, 5 * 60)`
			`@Post("signIn/totp")`
			`@HttpCode(200)`
			`signInTotp(@Body() dto: AuthSignInTotpDTO) {`
refactor: extract totp operations in seperate service 2022-12-26 12:43:36 +01:00			`return this.authTotpService.signInTotp(dto);`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`}`

feat: add user management 2022-12-05 15:53:24 +01:00			`@Patch("password")`
			`@UseGuards(JwtGuard)`
			`async updatePassword(@GetUser() user: User, @Body() dto: UpdatePasswordDTO) {`
			`await this.authService.updatePassword(user, dto.oldPassword, dto.password);`
			`}`

feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`@Post("token")`
			`@HttpCode(200)`
			`async refreshAccessToken(@Body() body: RefreshAccessTokenDTO) {`
			`const accessToken = await this.authService.refreshAccessToken(`
			`body.refreshToken`
			`);`
			`return { accessToken };`
			`}`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00
			`@Post("totp/enable")`
			`@UseGuards(JwtGuard)`
			`async enableTotp(@GetUser() user: User, @Body() body: EnableTotpDTO) {`
refactor: extract totp operations in seperate service 2022-12-26 12:43:36 +01:00			`return this.authTotpService.enableTotp(user, body.password);`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`}`

			`@Post("totp/verify")`
			`@UseGuards(JwtGuard)`
			`async verifyTotp(@GetUser() user: User, @Body() body: VerifyTotpDTO) {`
refactor: extract totp operations in seperate service 2022-12-26 12:43:36 +01:00			`return this.authTotpService.verifyTotp(user, body.password, body.code);`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`}`

			`@Post("totp/disable")`
			`@UseGuards(JwtGuard)`
			`async disableTotp(@GetUser() user: User, @Body() body: VerifyTotpDTO) {`
			`// Note: We use VerifyTotpDTO here because it has both fields we need: password and totp code`
refactor: extract totp operations in seperate service 2022-12-26 12:43:36 +01:00			`return this.authTotpService.disableTotp(user, body.password, body.code);`
feat: TOTP (two-factor) Authentication (#55) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com> 2022-12-21 11:58:37 -05:00			`}`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`}`