Merge pull request #33 from flowcore-io/feature/add-token-to-request-…

…and-create-token-decorator feat: added token decorator
flowcore-io · Dec 9, 2024 · e0491bd · e0491bd
2 parents 71b110a + fe7f2f6
commit e0491bd
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 11 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,15 +2,13 @@ name: Test
 
 on:
   push:
-    branches-ignore: [ "main" ]
+    branches-ignore: ["main"]
 
 env:
   NODE_VERSION: ">=18.12.1"
 
 jobs:
-
   test:
-
     runs-on: ubuntu-latest
 
     steps:
@@ -30,7 +28,7 @@ jobs:
         run: yarn lint
       - name: Start Keycloak
         run: |
-          docker-compose -f test/docker/docker-compose.yaml up -d
+          docker compose -f test/docker/docker-compose.yaml up -d
           chmod +x test/docker/await-testing.sh
           test/docker/await-testing.sh
       - name: Test

diff --git a/src/library/decorator/index.ts b/src/library/decorator/index.ts
@@ -1,4 +1,5 @@
+export * from "./authenticated-user.decorator";
 export * from "./public.decorator";
-export * from "./resource-roles.decorator";
 export * from "./realm-roles.decorator";
-export * from "./authenticated-user.decorator";
+export * from "./resource-roles.decorator";
+export * from "./token.decorator";
diff --git a/src/library/decorator/token.decorator.ts b/src/library/decorator/token.decorator.ts
@@ -0,0 +1,21 @@
+import { createParamDecorator, type ExecutionContext } from "@nestjs/common";
+import { OidcProtectService } from "../oidc-protect/oidc-protect.service";
+
+export interface TokenOptions {
+	required?: boolean;
+	storedIn?: string;
+}
+
+export const Token = createParamDecorator<TokenOptions>(
+	async (data, ctx: ExecutionContext) => {
+		const request = await OidcProtectService.getRequest(ctx);
+
+		const { required = true, storedIn = "token" } = data || {};
+
+		if (!request[storedIn] && required) {
+			throw new Error("Token not found");
+		}
+
+		return request[storedIn];
+	},
+);
diff --git a/src/library/guard/auth.guard.ts b/src/library/guard/auth.guard.ts
@@ -1,14 +1,14 @@
+import { InjectLogger, LoggerService } from "@flowcore/microservice";
 import {
   CanActivate,
   ExecutionContext,
   Injectable,
-  UnauthorizedException,
+  UnauthorizedException
 } from "@nestjs/common";
-import { InjectLogger, LoggerService } from "@flowcore/microservice";
-import dayjs from "dayjs";
-import { OidcProtectService } from "../oidc-protect/oidc-protect.service";
 import { Reflector } from "@nestjs/core";
+import dayjs from "dayjs";
 import { PUBLIC_OPERATION_KEY } from "../decorator/public.decorator";
+import { OidcProtectService } from "../oidc-protect/oidc-protect.service";
 
 @Injectable()
 export class AuthGuard implements CanActivate {
@@ -56,7 +56,7 @@ export class AuthGuard implements CanActivate {
     }
 
     request.authenticatedUser = decodedToken;
-
+    request.token = token;
     return true;
   }
 
@@ -78,6 +78,7 @@ export class AuthGuard implements CanActivate {
       }
 
       request.authenticatedUser = decodedToken;
+      request.token = token;
       return true;
     } catch (e) {
       return true;

diff --git a/test/fixtures/test.resolver.ts b/test/fixtures/test.resolver.ts
@@ -4,6 +4,7 @@ import {
   Public,
   RealmRoles,
   ResourceRoles,
+  Token,
 } from "../../src";
 import { CLIENT_ROLE, REALM_ROLE } from "./keycloak/keycloak-prep.service";
 
@@ -39,4 +40,10 @@ export class TestResolver {
   public authenticatedUser(@AuthenticatedUser() user: any): string {
     return user.preferred_username;
   }
+
+  @RealmRoles([REALM_ROLE])
+  @Query(() => String, { name: "token" })
+  public token(@Token() token: string): string {
+    return token;
+  }
 }
diff --git a/test/oidc-protect.module.spec.ts b/test/oidc-protect.module.spec.ts
@@ -286,6 +286,26 @@ describe("OIDC Protect Module", () => {
       );
     });
 
+    it("should get access to token", async () => {
+      const token = await (
+        await app.resolve(KeycloakPrepService)
+      ).getUserToken(UserType.TEST_USER);
+
+      const decoded: any = jwtDecode(token);
+
+      const response = await queryGraphQLEndpoint(
+        app,
+        gql`
+          query {
+            token
+          }
+        `,
+        token,
+      );
+
+      expect(response.body.data.token).toBe(token);
+    });
+
     it("should return forbidden with no access to resource role", async () => {
       const token = await (
         await app.resolve(KeycloakPrepService)

diff --git a/test/test.schema.gql b/test/test.schema.gql
@@ -15,5 +15,6 @@ type Query {
   realmRole: String!
   resourceRole: String!
   authenticatedUser: String!
+  token: String!
   testPerson: TestPerson!
 }