From 35a4c76477459cbb43841319786de2d89d5281e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=B5=9C=EC=A4=80=ED=9D=A0?= Date: Sat, 10 Sep 2022 18:48:13 +0900 Subject: [PATCH] nestjs_auth... --- .env | 8 +++----- src/auth/auth.controller.ts | 9 +++++---- src/auth/auth.module.ts | 6 +++--- src/auth/auth.service.ts | 24 ++---------------------- src/auth/guards/jwt.auth.guard.ts | 3 +-- src/auth/guards/jwt.constants.ts | 13 +++---------- src/auth/guards/jwt.strategy.ts | 3 +-- src/auth/guards/local.auth.guard.ts | 2 +- src/auth/guards/local.strategy.ts | 1 + src/auth/guards/roles.guard.ts | 5 +++-- src/prisma.service.ts | 26 +++++++++++++------------- 11 files changed, 36 insertions(+), 64 deletions(-) diff --git a/.env b/.env index 8687165..ca8e579 100644 --- a/.env +++ b/.env @@ -10,13 +10,11 @@ CORS_ALLOW_METHOD = "GET,PUT,POST,DELETE,PATCH,OPTIONS" AUTH_USERNAME_FIELD="email" -JWT_REFRESH_TOKEN_SECRET = "security_key" -JWT_REFRESH_TOKEN_EXPIREIN = "14d" -JWT_REFRESH_TOKEN_ISSUER = "idcjp" +JWT_CONSTANTS_SECRET = "security_key" +JWT_CONSTANTS_EXPIRESIN ="60s" -JWT_ACCESS_TOKEN_SECRET = "security_key" +JWT_REFRESH_TOKEN_EXPIREIN = "14d" JWT_ACCESS_TOKEN_EXPIREIN = "60s" -JWT_ACCESS_TOKEN_ISSUER = "idcjp" DEFAULT_TABLE_PERPAGE = 10 DEFAULT_TABLE_PAGE = 1 \ No newline at end of file diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts index 9f29a6c..a68ab86 100644 --- a/src/auth/auth.controller.ts +++ b/src/auth/auth.controller.ts @@ -18,16 +18,17 @@ import { LocalAuthGuard } from './guards/local.auth.guard' export class AuthController { constructor(private authService: AuthService) {} - //Login용 @UseGuards(LocalAuthGuard) + //local.strategy의 validate에서 Login처리후 넘어옴 + //결과오류시 NotFoundError: No User found라고 console log에 출력됨 @Post('login') - login(@Param('email') email: string, @Param('password') password: string) { - //console.log(req) - return this.authService.login(email, password) + async login(@Request() req) { + return this.authService.getTokens(req.user) } //Profile 여부 확인용 @UseGuards(JwtAuthGuard) + //jwt.strategy의 validate에서 token확인후 넘어옴 @Get('profile') getProfile(@Request() req) { //console.log(req) diff --git a/src/auth/auth.module.ts b/src/auth/auth.module.ts index 43f0c28..abc6b16 100644 --- a/src/auth/auth.module.ts +++ b/src/auth/auth.module.ts @@ -6,7 +6,7 @@ import { Module } from '@nestjs/common' import { PassportModule } from '@nestjs/passport' import { AuthService } from './auth.service' import { JwtModule } from '@nestjs/jwt' -import { jwtAcceesTokenOptions } from './guards/jwt.constants' +import { jwtConstants } from './guards/jwt.constants' import { AuthController } from './auth.controller' import { LocalStrategy } from './guards/local.strategy' import { JwtStrategy } from './guards/jwt.strategy' @@ -17,8 +17,8 @@ import { UsersModule } from '../user/user.module' UsersModule, PassportModule, JwtModule.register({ - secret: jwtAcceesTokenOptions.secret, - signOptions: { expiresIn: jwtAcceesTokenOptions.expiresIn } + secret: jwtConstants.secret, + signOptions: { expiresIn: jwtConstants.expiresIn } }) ], controllers: [AuthController], diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts index 46c1380..9176b60 100644 --- a/src/auth/auth.service.ts +++ b/src/auth/auth.service.ts @@ -4,11 +4,6 @@ import { JwtService } from '@nestjs/jwt' import { User } from '@prisma/client' import { UserDTO } from 'src/user/dtos/user.dto' import { UserService } from '../user/user.service' -import { - jwtAcceesTokenOptions, - jwtRefreshTokenTypes -} from './guards/jwt.constants' - @Injectable() export class AuthService { constructor( @@ -22,8 +17,6 @@ export class AuthService { if (user && user.password === password) { // eslint-disable-next-line @typescript-eslint/no-unused-vars const { password, ...result } = user - // result는 password 를 제외한 user의 모든 정보를 포함한다. - //console.log(result) return result } return null @@ -36,27 +29,14 @@ export class AuthService { name: user.name } const refresh_token_payload = {} - // console.log(payload) return { tokens: { - access_token: this.jwtService.sign( - access_token_payload, - jwtAcceesTokenOptions - ), - refresh_token: this.jwtService.sign( - refresh_token_payload, - jwtRefreshTokenTypes - ) + access_token: this.jwtService.sign(access_token_payload), + refresh_token: this.jwtService.sign(refresh_token_payload) } } } - async login(email: string, password: string): Promise { - const user = await this.validateUser(email, password) - if (!user) return null - return await this.getTokens(user) - } - async register(data: UserDTO): Promise { const user = await this.userService.add(data) if (!user) return null diff --git a/src/auth/guards/jwt.auth.guard.ts b/src/auth/guards/jwt.auth.guard.ts index 99e81e6..e1d9414 100644 --- a/src/auth/guards/jwt.auth.guard.ts +++ b/src/auth/guards/jwt.auth.guard.ts @@ -13,7 +13,6 @@ export class JwtAuthGuard extends AuthGuard('jwt') { ): boolean | Promise | Observable { // Add your custom authentication logic here // for example, call super.logIn(request) to establish a session. - console.log(context) return super.canActivate(context) } @@ -22,7 +21,7 @@ export class JwtAuthGuard extends AuthGuard('jwt') { if (err || !user) { throw err || new UnauthorizedException() } - console.log(info) + console.log('JwtAuthGuard.handleRequest().info =>' + info) return user } } diff --git a/src/auth/guards/jwt.constants.ts b/src/auth/guards/jwt.constants.ts index 10bbd3a..50678ec 100644 --- a/src/auth/guards/jwt.constants.ts +++ b/src/auth/guards/jwt.constants.ts @@ -1,11 +1,4 @@ -export const jwtAcceesTokenOptions = { - secret: process.env.JWT_ACCESS_TOKEN_SECRET, - expiresIn: process.env.JWT_ACCESS_TOKEN_EXPIREIN, - issuer: process.env.JWT_ACCESS_TOKEN_ISSUER -} - -export const jwtRefreshTokenTypes = { - secret: process.env.JWT_REFRESH_TOKEN_SECRET, - expiresIn: process.env.JWT_REFRESH_TOKEN_EXPIREIN, - issuer: process.env.JWT_REFRESH_TOKEN_ISSUER +export const jwtConstants = { + secret: process.env.JWT_CONSTANTS_SECRET, + expiresIn: process.env.JWT_CONSTANTS_EXPIRESIN } diff --git a/src/auth/guards/jwt.strategy.ts b/src/auth/guards/jwt.strategy.ts index 3ae7755..c158826 100644 --- a/src/auth/guards/jwt.strategy.ts +++ b/src/auth/guards/jwt.strategy.ts @@ -1,7 +1,6 @@ import { ExtractJwt, Strategy } from 'passport-jwt' import { PassportStrategy } from '@nestjs/passport' import { Injectable } from '@nestjs/common' -import { jwtAcceesTokenOptions } from './jwt.constants' @Injectable() export class JwtStrategy extends PassportStrategy(Strategy) { @@ -9,7 +8,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) { super({ jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), ignoreExpiration: false, - secretOrKey: jwtAcceesTokenOptions.secret + secretOrKey: process.env.JWT_SECRET }) } diff --git a/src/auth/guards/local.auth.guard.ts b/src/auth/guards/local.auth.guard.ts index 1fd990c..4cb5fd3 100644 --- a/src/auth/guards/local.auth.guard.ts +++ b/src/auth/guards/local.auth.guard.ts @@ -21,7 +21,7 @@ export class LocalAuthGuard extends AuthGuard('local') { if (err || !user) { throw err || new UnauthorizedException() } - console.log(info) + console.log('LocalAuthGuard.handleRequest().info =>' + info) return user } } diff --git a/src/auth/guards/local.strategy.ts b/src/auth/guards/local.strategy.ts index d2ebb3a..10eed3a 100644 --- a/src/auth/guards/local.strategy.ts +++ b/src/auth/guards/local.strategy.ts @@ -12,6 +12,7 @@ export class LocalStrategy extends PassportStrategy(Strategy) { super({ usernameField: process.env.AUTH_USERNAME_FIELD }) } + //Login인증용 async validate(email: string, password: string): Promise { const user = await this.authService.validateUser(email, password) if (!user) { diff --git a/src/auth/guards/roles.guard.ts b/src/auth/guards/roles.guard.ts index 90eb518..a01c689 100644 --- a/src/auth/guards/roles.guard.ts +++ b/src/auth/guards/roles.guard.ts @@ -9,6 +9,7 @@ import { ROLES_KEY } from '../decorators/roles.decorator' export class RolesGuard implements CanActivate { constructor(private reflector: Reflector) {} + //조건 검색용 canActivate( context: ExecutionContext ): boolean | Promise | Observable { @@ -16,12 +17,12 @@ export class RolesGuard implements CanActivate { context.getHandler(), context.getClass() ]) + //Role조건이 없는 경우 if (!requiredRoles) { return true } + //Role조건이 있는 경우 판단 const { user } = context.switchToHttp().getRequest() - //console.log(requiredRoles) - //console.log(user) return requiredRoles.some((role) => user?.roles?.includes(role)) //return true } diff --git a/src/prisma.service.ts b/src/prisma.service.ts index f8ee818..8651d3d 100644 --- a/src/prisma.service.ts +++ b/src/prisma.service.ts @@ -4,18 +4,18 @@ import { PrismaClient } from '@prisma/client' @Injectable() export class PrismaService extends PrismaClient implements OnModuleInit { [x: string]: any - constructor() { - //SQL 로그를 출력하기위해 추가 - super({ - log: [ - { emit: 'event', level: 'query' }, - { emit: 'stdout', level: 'info' }, - { emit: 'stdout', level: 'warn' }, - { emit: 'stdout', level: 'error' } - ], - errorFormat: 'colorless' - }) - } + // constructor() { + // //SQL 로그를 출력하기위해 추가 + // super({ + // log: [ + // { emit: 'event', level: 'query' }, + // { emit: 'stdout', level: 'info' }, + // { emit: 'stdout', level: 'warn' }, + // { emit: 'stdout', level: 'error' } + // ], + // errorFormat: 'colorless' + // }) + // } async onModuleInit() { await this.$connect() @@ -24,7 +24,7 @@ export class PrismaService extends PrismaClient implements OnModuleInit { async enableShutdownHooks(app: INestApplication) { this.$on('beforeExit', async (event) => { //SQL 로그를 출력하기위해 추가 - console.log(event.name) + //console.log(event.name) await app.close() }) }