Commit graph

23 commits

Author SHA1 Message Date
David Mehren
b128efebff
Enforce explicit function return types
This re-enables the `@typescript-eslint/explicit-module-boundary-types`
check and also enables the
`@typescript-eslint/explicit-function-return-type` check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 17:41:32 +01:00
David Mehren
cc1ca69bc1
Fix various ESLint errors in services
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 22:35:06 +01:00
David Mehren
def4ef145e
AuthService: randomString does not need to by async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-23 22:16:27 +01:00
David Mehren
e83f1e206b
ESLint: Enable @typescript-eslint/naming-convention rule
This check enforces consistent variable naming.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-20 21:15:45 +01:00
David Mehren
9485597e6f
ESLint: Enable @typescript-eslint/return-await rule
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).

Fixes #838

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-20 20:14:36 +01:00
David Mehren
99ddee7815
Add missing logging context at various places
Our custom logger supports providing the name of the function that
calls the logger, this commit adds this context string where it
was previously missing.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-05 22:30:22 +01:00
Philip Molares
08ba52293c
auth: Fix undefined secret error
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:24:19 +01:00
Philip Molares
aa10e10412
auth: Fix UnauthorizedException throwing
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:00:47 +01:00
Philip Molares
46b5cdfb47
auth: Fix secret length
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-28 12:18:20 +01:00
Philip Molares
8b27f6f393
auth: Fix handling of internal server errors
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-27 21:55:30 +01:00
Philip Molares
62a5215242
auth: Encode secret in base64url
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:19:12 +01:00
Philip Molares
1791cb7c82
auth: Fix base64url transformation
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:18:52 +01:00
Philip Molares
c8da989f25
auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 16:29:09 +01:00
Philip Molares
ad0ab648bc
auth: Add maximum token lifetime of 2 years.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 12:14:26 +01:00
Philip Molares
6686fa58c5
auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 18:16:08 +01:00
Philip Molares
af993407b3
auth: Add token limit of 200
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 12:05:25 +01:00
Philip Molares
8f008c7cc5
auth: Add cron to clean old tokens
Rename AuthToken.identifier to label

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-24 20:37:04 +01:00
Philip Molares
14a4872f49
auth: Remove userName parameter of removeToken function
As suggested by @innaytool

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-23 22:24:59 +01:00
Philip Molares
a8b46923fd
auth: Integrate suggestions by @davidmehren
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-23 21:24:11 +01:00
Philip Molares
e6dc8c7678
auth: Split randomBase64UrlString in two functions
add test for BufferToBase64Url and toAuthTokenDto

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-23 19:04:00 +01:00
Philip Molares
508ad26771
auth: Add tests for AuthService
Move AuthTokens to auth folder

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-22 15:29:10 +01:00
Philip Molares
c9751404f7
tokens: Add token creation
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-21 19:37:43 +01:00
Philip Molares
2ab950c5c3
auth: adds token-auth to public api
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-15 18:53:09 +01:00