feat: added gateway public key

internxt · Mar 15, 2024 · 11498f8 · 11498f8
1 parent e801cc8
commit 11498f8
Show file tree

Hide file tree

Showing 9 changed files with 52 additions and 19 deletions.
diff --git a/.env.template b/.env.template
@@ -1,6 +1,7 @@
 CRYPTO_SECRET=6KYQBP847D4ATSFA
 CRYPTO_SECRET2=8Q8VMUE3BJZV87GT
 GATEWAY_SECRET=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlCT3dJQkFBSkJBTDlDTVRlZGEramdIcGJuTmtlSm51TlpnYzg5TGFvMGNQNkl6dlJrYTJ0MUVKbnh5ZTA1CndSWGZLMXFpbTFOMGU3cGhkd0RkRWYvNGJ1eFc5V2g1UWxzQ0F3RUFBUUpCQUpnRXljLzF2VDdGWFNyK3JpTWcKWFAxQ09LNTdaeCtCUFVyamZQTytHYSszWk1MRHhqaG44dGZmV1E4VUpKemJ5VkQ0Q0JqTmNra2xRN3phQ29BNwo1WWtDSVFEd0h2MXhVRkFVUkI2b3QwL0JMMWNxek5SNU80dFBMT0NjL2gyK0o4Y09WUUloQU12b0FrMm5IQWhSClpRNmhNZGFTdWtPVTE3MTYvRGxnNWNiSXNWYXh0bDN2QWlBTUdTT2YzL0lJODEyd0ZueFlPWEJrNGFrYTZwc2MKUkNDVkNHQ3JRZ25QZVFJZ2NTU2E2cFc0YzFFZTN5Qkl0RVNVZ0YxOTNKRDZsYWdUdDlxeXRHVkZ5UmNDSVFDYgp6dE85ampXcERmYTlnWTV2dVB4MFgyUkcxbjJQb0ZYVjVXT29RanNqbnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+DRIVE_GATEWAY_PUBLIC_SECRET=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE0bmVlL0Y5OC8wTjJhbFNKQ3JnMAp5bzJRRysydzR5SGk3ZXVDT3JYYUhENzFmN0NrWExWdHlxWTFRRWNFVnFuQm5QUnVpR1EvSklzWkJKVXhoQTlOCmdwdUpIbVY0aytnMEorRGcxeS9wd3k4L0lNM0FhTnNtWWp4c0NZQUZBSWhqUDZNZlBsVTNTYWdyekVRNklFU3MKeHBzT1JhRXd3WUZIWm42TU50b0FGbktMb3VlMVprUVpSSlVwNGZSSlMvcGNrdVNSNjZFcjFLMjhYckpieGE5egpCNG9SbFJMb0ExQ2cvTFN6ZEFQc2lVMzlSOWtlamxBKzFOMkxLVWFrNVJ3OWN5TkM0N3lHS3ZicSt2TTNYaUFmCk43Wk1teTdkY09aeXcyZW9idFFUVzVtTmR1WElWOHhWeWUzMkpyY3BuYWVqbDlUMG5TWGJEWE9OV2d6N0lWcmoKNFFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t
 HOST_DRIVE_WEB=http://localhost:3000
 JWT_SECRET=38FTANE5LY90NHYZ
 MAGIC_IV=d139cb9a2cd17092e79e1861cf9d7023

diff --git a/src/config/configuration.ts b/src/config/configuration.ts
@@ -39,6 +39,7 @@ export default () => ({
     cryptoSecret2: process.env.CRYPTO_SECRET2,
     jwt: process.env.JWT_SECRET,
     gateway: process.env.GATEWAY_SECRET,
+    driveGateway: process.env.DRIVE_GATEWAY_PUBLIC_SECRET,
     captcha: process.env.RECAPTCHA_V3,
   },
   apis: {

diff --git a/src/modules/auth/auth.guard.ts b/src/modules/auth/auth.guard.ts
@@ -11,11 +11,12 @@ export class AuthGuard extends PassportAuthGuard([JwtStrategy.id]) {
 
   canActivate(context: ExecutionContext) {
     const handlerContext = context.getHandler();
+    const classContext = context.getClass();
 
     const isPublic = this.reflector.get<boolean>('isPublic', handlerContext);
-    const disableGlobalAuth = this.reflector.get<boolean>(
+    const disableGlobalAuth = this.reflector.getAllAndOverride<boolean>(
       'disableGlobalAuth',
-      handlerContext,
+      [handlerContext, classContext],
     );
 
     if (isPublic || disableGlobalAuth) {

diff --git a/src/modules/auth/auth.module.ts b/src/modules/auth/auth.module.ts
@@ -6,7 +6,7 @@ import { JwtStrategy } from './jwt.strategy';
 import { UserModule } from '../user/user.module';
 import { UserUseCases } from '../user/user.usecase';
 import { BasicStrategy } from './basic.strategy';
-import { RS256JwtStrategy } from './rs256jwt.strategy';
+import { GatewayRS256JwtStrategy } from './gateway-rs256jwt.strategy';
 
 @Module({
   imports: [
@@ -26,8 +26,8 @@ import { RS256JwtStrategy } from './rs256jwt.strategy';
       },
     }),
   ],
-  providers: [JwtStrategy, BasicStrategy, RS256JwtStrategy],
+  providers: [JwtStrategy, BasicStrategy, GatewayRS256JwtStrategy],
   controllers: [],
-  exports: [JwtStrategy, BasicStrategy, RS256JwtStrategy, PassportModule],
+  exports: [JwtStrategy, BasicStrategy, PassportModule],
 })
 export class AuthModule {}
diff --git a/src/modules/auth/gateway-rs256jwt.strategy.ts b/src/modules/auth/gateway-rs256jwt.strategy.ts
@@ -0,0 +1,28 @@
+import { PassportStrategy } from '@nestjs/passport';
+import { ConfigService } from '@nestjs/config';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { Injectable } from '@nestjs/common';
+
+const strategyId = 'gateway.jwt.rs256';
+@Injectable()
+export class GatewayRS256JwtStrategy extends PassportStrategy(
+  Strategy,
+  strategyId,
+) {
+  static id = strategyId;
+  constructor(configService: ConfigService) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: Buffer.from(
+        configService.get('secrets.driveGateway') as string,
+        'base64',
+      ).toString('utf8'),
+      algorithms: ['RS256'],
+    });
+  }
+
+  async validate(): Promise<boolean> {
+    return true;
+  }
+}
diff --git a/src/modules/gateway/gateway.guard.ts → src/modules/auth/gateway.guard.ts b/src/modules/gateway/gateway.guard.ts → src/modules/auth/gateway.guard.ts
@@ -1,10 +1,12 @@
 import { ExecutionContext, Injectable } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { AuthGuard as PassportAuthGuard } from '@nestjs/passport';
-import { RS256JwtStrategy } from '../auth/rs256jwt.strategy';
+import { GatewayRS256JwtStrategy } from './gateway-rs256jwt.strategy';
 
 @Injectable()
-export class GatewayGuard extends PassportAuthGuard([RS256JwtStrategy.id]) {
+export class GatewayGuard extends PassportAuthGuard(
+  GatewayRS256JwtStrategy.id,
+) {
   constructor(private readonly reflector: Reflector) {
     super();
   }

diff --git a/src/modules/gateway/gateway.controller.ts b/src/modules/gateway/gateway.controller.ts
@@ -3,20 +3,20 @@ import { ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger';
 import { GatewayUseCases } from './gateway.usecase';
 import { InitializeWorkspaceDto } from './dto/initialize-workspace.dto';
 import { DisableGlobalAuth } from '../auth/decorators/disable-global-auth.decorator';
-import { GatewayGuard } from './gateway.guard';
+import { GatewayGuard } from '../auth/gateway.guard';
 
 @ApiTags('Gateway')
 @Controller('gateway')
+@DisableGlobalAuth()
 export class GatewayController {
   constructor(private gatewayUseCases: GatewayUseCases) {}
 
   @Post('/workspaces')
   @ApiOperation({
     summary: 'Initiates a workspace',
   })
-  @ApiOkResponse({ description: 'Returns the workspace created' })
-  @DisableGlobalAuth()
   @UseGuards(GatewayGuard)
+  @ApiOkResponse({ description: 'Returns the workspace created' })
   async initializeWorkspace(
     @Body() initializeWorkspaceDto: InitializeWorkspaceDto,
   ) {

diff --git a/src/modules/workspaces/attributes/workspace-users.attributes.ts b/src/modules/workspaces/attributes/workspace-users.attributes.ts
@@ -3,9 +3,9 @@ export interface WorkspaceUserAttributes {
   memberId: string;
   key: string;
   workspaceId: string;
-  spaceLimit: number;
-  driveUsage: number;
-  backupsUsage: number;
+  spaceLimit: bigint;
+  driveUsage: bigint;
+  backupsUsage: bigint;
   deactivated: boolean;
   createdAt: Date;
   updatedAt: Date;

diff --git a/src/modules/workspaces/models/workspace-users.model.ts b/src/modules/workspaces/models/workspace-users.model.ts
@@ -49,14 +49,14 @@ export class WorkspaceUserModel
   })
   workspace: WorkspaceModel;
 
-  @Column(DataType.DOUBLE)
-  spaceLimit: number;
+  @Column(DataType.BIGINT)
+  spaceLimit: bigint;
 
-  @Column(DataType.DOUBLE)
-  driveUsage: number;
+  @Column(DataType.BIGINT)
+  driveUsage: bigint;
 
-  @Column(DataType.DOUBLE)
-  backupsUsage: number;
+  @Column(DataType.BIGINT)
+  backupsUsage: bigint;
 
   @Column(DataType.BOOLEAN)
   deactivated: boolean;