DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers
Signed-off-by: Yannick Bungers <git@innay.de>
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should make the translation from env var name to config name and vice versa more consistent.
Fixes#751
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.
Signed-off-by: Philip Molares <philip.molares@udo.edu>