HSB-462 feat: infra token module and sh apis (#4191)

* feat: infra token module added * feat: infra token guard added * feat: token prefix removed * feat: get pending invites api added * docs: swagger doc added for get user invites api * feat: delete user invitation api added * feat: get users api added * feat: update user api added * feat: update admin status api added * feat: create invitation api added * chore: swagger doc update for create user invite * feat: interceptor added to track last used on * feat: change db schema * chore: readonly tag added * feat: get user by id api added * fix: return type of a function * feat: controller name change * chore: improve token extractino * chore: added email validation logic --------- Co-authored-by: Balu Babu <balub997@gmail.com>
2024-07-29 13:06:18 +06:00
parent c88ea5c8b2
commit 783d911f8d
21 changed files with 1075 additions and 126 deletions
--- a/packages/hoppscotch-backend/src/guards/infra-token.guard.ts
+++ b/packages/hoppscotch-backend/src/guards/infra-token.guard.ts
@@ -0,0 +1,47 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { PrismaService } from 'src/prisma/prisma.service';
+import { DateTime } from 'luxon';
+import {
+  INFRA_TOKEN_EXPIRED,
+  INFRA_TOKEN_HEADER_MISSING,
+  INFRA_TOKEN_INVALID_TOKEN,
+} from 'src/errors';
+
+@Injectable()
+export class InfraTokenGuard implements CanActivate {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest<Request>();
+    const authorization = request.headers['authorization'];
+
+    if (!authorization)
+      throw new UnauthorizedException(INFRA_TOKEN_HEADER_MISSING);
+
+    if (!authorization.startsWith('Bearer '))
+      throw new UnauthorizedException(INFRA_TOKEN_INVALID_TOKEN);
+
+    const token = authorization.split(' ')[1];
+
+    if (!token) throw new UnauthorizedException(INFRA_TOKEN_INVALID_TOKEN);
+
+    const infraToken = await this.prisma.infraToken.findUnique({
+      where: { token },
+    });
+
+    if (infraToken === null)
+      throw new UnauthorizedException(INFRA_TOKEN_INVALID_TOKEN);
+
+    const currentTime = DateTime.now().toISO();
+    if (currentTime > infraToken.expiresOn.toISOString()) {
+      throw new UnauthorizedException(INFRA_TOKEN_EXPIRED);
+    }
+
+    return true;
+  }
+}