ghostfolio/apps/api/src/app/auth/auth.controller.ts

import { WebAuthService } from '@ghostfolio/api/app/auth/web-auth.service';
import { ConfigurationService } from '@ghostfolio/api/services/configuration.service';
import {
  Body,
  Controller,
  Get,
  HttpException,
  Param,
  Post,
  Req,
  Res,
  UseGuards
} from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { StatusCodes, getReasonPhrase } from 'http-status-codes';

import { AuthService } from './auth.service';
import {
  AssertionCredentialJSON,
  AttestationCredentialJSON
} from './interfaces/simplewebauthn';

@Controller('auth')
export class AuthController {
  public constructor(
    private readonly authService: AuthService,
    private readonly configurationService: ConfigurationService,
    private readonly webAuthService: WebAuthService
  ) {}

  @Get('anonymous/:accessToken')
  public async accessTokenLogin(@Param('accessToken') accessToken: string) {
    try {
      const authToken = await this.authService.validateAnonymousLogin(
        accessToken
      );
      return { authToken };
    } catch {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }
  }

  @Get('google')
  @UseGuards(AuthGuard('google'))
  public googleLogin() {
    // Initiates the Google OAuth2 login flow
  }

  @Get('google/callback')
  @UseGuards(AuthGuard('google'))
  public googleLoginCallback(@Req() req, @Res() res) {
    // Handles the Google OAuth2 callback
    const jwt: string = req.user.jwt;

    if (jwt) {
      res.redirect(`${this.configurationService.get('ROOT_URL')}/auth/${jwt}`);
    } else {
      res.redirect(`${this.configurationService.get('ROOT_URL')}/auth`);
    }
  }

  @Get('webauthn/generate-attestation-options')
  @UseGuards(AuthGuard('jwt'))
  public async generateAttestationOptions() {
    return this.webAuthService.generateAttestationOptions();
  }

  @Post('webauthn/verify-attestation')
  @UseGuards(AuthGuard('jwt'))
  public async verifyAttestation(
    @Body() body: { deviceName: string; credential: AttestationCredentialJSON }
  ) {
    return this.webAuthService.verifyAttestation(
      body.deviceName,
      body.credential
    );
  }

  @Post('webauthn/generate-assertion-options')
  public async generateAssertionOptions(@Body() body: { deviceId: string }) {
    return this.webAuthService.generateAssertionOptions(body.deviceId);
  }

  @Post('webauthn/verify-assertion')
  public async verifyAssertion(
    @Body() body: { deviceId: string; credential: AssertionCredentialJSON }
  ) {
    try {
      const authToken = await this.webAuthService.verifyAssertion(
        body.deviceId,
        body.credential
      );
      return { authToken };
    } catch {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }
  }
}
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`import { WebAuthService } from '@ghostfolio/api/app/auth/web-auth.service';`
Feature/improve imports with paths in tsconfig (#32) * Improve imports 2021-04-21 20:27:39 +02:00			`import { ConfigurationService } from '@ghostfolio/api/services/configuration.service';`
Initial commit 2021-04-13 21:53:58 +02:00			`import {`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`Body,`
Initial commit 2021-04-13 21:53:58 +02:00			`Controller,`
			`Get,`
			`HttpException,`
			`Param,`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`Post,`
Initial commit 2021-04-13 21:53:58 +02:00			`Req,`
			`Res,`
			`UseGuards`
			`} from '@nestjs/common';`
			`import { AuthGuard } from '@nestjs/passport';`
			`import { StatusCodes, getReasonPhrase } from 'http-status-codes';`

			`import { AuthService } from './auth.service';`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`import {`
			`AssertionCredentialJSON,`
			`AttestationCredentialJSON`
			`} from './interfaces/simplewebauthn';`
Initial commit 2021-04-13 21:53:58 +02:00
			`@Controller('auth')`
			`export class AuthController {`
Simplify initial project setup (#12) * Simplify initial project setup * Added a validation for environment variables * Added support for feature flags to simplify the initial project setup * Add configuration service to test * Optimize data gathering and exchange rate calculation (#14) * Clean up changelog 2021-04-18 19:06:54 +02:00			`public constructor(`
			`private readonly authService: AuthService,`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`private readonly configurationService: ConfigurationService,`
			`private readonly webAuthService: WebAuthService`
Simplify initial project setup (#12) * Simplify initial project setup * Added a validation for environment variables * Added support for feature flags to simplify the initial project setup * Add configuration service to test * Optimize data gathering and exchange rate calculation (#14) * Clean up changelog 2021-04-18 19:06:54 +02:00			`) {}`
Initial commit 2021-04-13 21:53:58 +02:00
			`@Get('anonymous/:accessToken')`
			`public async accessTokenLogin(@Param('accessToken') accessToken: string) {`
			`try {`
			`const authToken = await this.authService.validateAnonymousLogin(`
			`accessToken`
			`);`
			`return { authToken };`
			`} catch {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`
			`}`

			`@Get('google')`
			`@UseGuards(AuthGuard('google'))`
			`public googleLogin() {`
			`// Initiates the Google OAuth2 login flow`
			`}`

			`@Get('google/callback')`
			`@UseGuards(AuthGuard('google'))`
			`public googleLoginCallback(@Req() req, @Res() res) {`
			`// Handles the Google OAuth2 callback`
			`const jwt: string = req.user.jwt;`

			`if (jwt) {`
Simplify initial project setup (#12) * Simplify initial project setup * Added a validation for environment variables * Added support for feature flags to simplify the initial project setup * Add configuration service to test * Optimize data gathering and exchange rate calculation (#14) * Clean up changelog 2021-04-18 19:06:54 +02:00			res.redirect(`${this.configurationService.get('ROOT_URL')}/auth/${jwt}`);
Initial commit 2021-04-13 21:53:58 +02:00			`} else {`
Simplify initial project setup (#12) * Simplify initial project setup * Added a validation for environment variables * Added support for feature flags to simplify the initial project setup * Add configuration service to test * Optimize data gathering and exchange rate calculation (#14) * Clean up changelog 2021-04-18 19:06:54 +02:00			res.redirect(`${this.configurationService.get('ROOT_URL')}/auth`);
Initial commit 2021-04-13 21:53:58 +02:00			`}`
			`}`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00
			`@Get('webauthn/generate-attestation-options')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async generateAttestationOptions() {`
			`return this.webAuthService.generateAttestationOptions();`
			`}`

			`@Post('webauthn/verify-attestation')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async verifyAttestation(`
			`@Body() body: { deviceName: string; credential: AttestationCredentialJSON }`
			`) {`
			`return this.webAuthService.verifyAttestation(`
			`body.deviceName,`
			`body.credential`
			`);`
			`}`

			`@Post('webauthn/generate-assertion-options')`
			`public async generateAssertionOptions(@Body() body: { deviceId: string }) {`
			`return this.webAuthService.generateAssertionOptions(body.deviceId);`
			`}`

			`@Post('webauthn/verify-assertion')`
			`public async verifyAssertion(`
			`@Body() body: { deviceId: string; credential: AssertionCredentialJSON }`
			`) {`
			`try {`
			`const authToken = await this.webAuthService.verifyAssertion(`
			`body.deviceId,`
			`body.credential`
			`);`
			`return { authToken };`
			`} catch {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`
			`}`
Initial commit 2021-04-13 21:53:58 +02:00			`}`