diff --git a/.env.template b/.env.template index 855359e12..e7d5b71dc 100644 --- a/.env.template +++ b/.env.template @@ -1,6 +1,7 @@ CRYPTO_SECRET=6KYQBP847D4ATSFA CRYPTO_SECRET2=8Q8VMUE3BJZV87GT GATEWAY_SECRET=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlCT3dJQkFBSkJBTDlDTVRlZGEramdIcGJuTmtlSm51TlpnYzg5TGFvMGNQNkl6dlJrYTJ0MUVKbnh5ZTA1CndSWGZLMXFpbTFOMGU3cGhkd0RkRWYvNGJ1eFc5V2g1UWxzQ0F3RUFBUUpCQUpnRXljLzF2VDdGWFNyK3JpTWcKWFAxQ09LNTdaeCtCUFVyamZQTytHYSszWk1MRHhqaG44dGZmV1E4VUpKemJ5VkQ0Q0JqTmNra2xRN3phQ29BNwo1WWtDSVFEd0h2MXhVRkFVUkI2b3QwL0JMMWNxek5SNU80dFBMT0NjL2gyK0o4Y09WUUloQU12b0FrMm5IQWhSClpRNmhNZGFTdWtPVTE3MTYvRGxnNWNiSXNWYXh0bDN2QWlBTUdTT2YzL0lJODEyd0ZueFlPWEJrNGFrYTZwc2MKUkNDVkNHQ3JRZ25QZVFJZ2NTU2E2cFc0YzFFZTN5Qkl0RVNVZ0YxOTNKRDZsYWdUdDlxeXRHVkZ5UmNDSVFDYgp6dE85ampXcERmYTlnWTV2dVB4MFgyUkcxbjJQb0ZYVjVXT29RanNqbnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= +DRIVE_GATEWAY_PUBLIC_SECRET=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE0bmVlL0Y5OC8wTjJhbFNKQ3JnMAp5bzJRRysydzR5SGk3ZXVDT3JYYUhENzFmN0NrWExWdHlxWTFRRWNFVnFuQm5QUnVpR1EvSklzWkJKVXhoQTlOCmdwdUpIbVY0aytnMEorRGcxeS9wd3k4L0lNM0FhTnNtWWp4c0NZQUZBSWhqUDZNZlBsVTNTYWdyekVRNklFU3MKeHBzT1JhRXd3WUZIWm42TU50b0FGbktMb3VlMVprUVpSSlVwNGZSSlMvcGNrdVNSNjZFcjFLMjhYckpieGE5egpCNG9SbFJMb0ExQ2cvTFN6ZEFQc2lVMzlSOWtlamxBKzFOMkxLVWFrNVJ3OWN5TkM0N3lHS3ZicSt2TTNYaUFmCk43Wk1teTdkY09aeXcyZW9idFFUVzVtTmR1WElWOHhWeWUzMkpyY3BuYWVqbDlUMG5TWGJEWE9OV2d6N0lWcmoKNFFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t HOST_DRIVE_WEB=http://localhost:3000 JWT_SECRET=38FTANE5LY90NHYZ MAGIC_IV=d139cb9a2cd17092e79e1861cf9d7023 diff --git a/src/config/configuration.ts b/src/config/configuration.ts index 1a982a7be..07e9dfb33 100644 --- a/src/config/configuration.ts +++ b/src/config/configuration.ts @@ -39,6 +39,7 @@ export default () => ({ cryptoSecret2: process.env.CRYPTO_SECRET2, jwt: process.env.JWT_SECRET, gateway: process.env.GATEWAY_SECRET, + driveGateway: process.env.DRIVE_GATEWAY_PUBLIC_SECRET, captcha: process.env.RECAPTCHA_V3, }, apis: { diff --git a/src/modules/auth/auth.guard.ts b/src/modules/auth/auth.guard.ts index 3b99c6187..6e74d8648 100644 --- a/src/modules/auth/auth.guard.ts +++ b/src/modules/auth/auth.guard.ts @@ -11,11 +11,12 @@ export class AuthGuard extends PassportAuthGuard([JwtStrategy.id]) { canActivate(context: ExecutionContext) { const handlerContext = context.getHandler(); + const classContext = context.getClass(); const isPublic = this.reflector.get('isPublic', handlerContext); - const disableGlobalAuth = this.reflector.get( + const disableGlobalAuth = this.reflector.getAllAndOverride( 'disableGlobalAuth', - handlerContext, + [handlerContext, classContext], ); if (isPublic || disableGlobalAuth) { diff --git a/src/modules/auth/auth.module.ts b/src/modules/auth/auth.module.ts index 7fa7e3699..fe9f53fc2 100644 --- a/src/modules/auth/auth.module.ts +++ b/src/modules/auth/auth.module.ts @@ -6,7 +6,7 @@ import { JwtStrategy } from './jwt.strategy'; import { UserModule } from '../user/user.module'; import { UserUseCases } from '../user/user.usecase'; import { BasicStrategy } from './basic.strategy'; -import { RS256JwtStrategy } from './rs256jwt.strategy'; +import { GatewayRS256JwtStrategy } from './gateway-rs256jwt.strategy'; @Module({ imports: [ @@ -26,8 +26,8 @@ import { RS256JwtStrategy } from './rs256jwt.strategy'; }, }), ], - providers: [JwtStrategy, BasicStrategy, RS256JwtStrategy], + providers: [JwtStrategy, BasicStrategy, GatewayRS256JwtStrategy], controllers: [], - exports: [JwtStrategy, BasicStrategy, RS256JwtStrategy, PassportModule], + exports: [JwtStrategy, BasicStrategy, PassportModule], }) export class AuthModule {} diff --git a/src/modules/auth/gateway-rs256jwt.strategy.ts b/src/modules/auth/gateway-rs256jwt.strategy.ts new file mode 100644 index 000000000..419678768 --- /dev/null +++ b/src/modules/auth/gateway-rs256jwt.strategy.ts @@ -0,0 +1,28 @@ +import { PassportStrategy } from '@nestjs/passport'; +import { ConfigService } from '@nestjs/config'; +import { ExtractJwt, Strategy } from 'passport-jwt'; +import { Injectable } from '@nestjs/common'; + +const strategyId = 'gateway.jwt.rs256'; +@Injectable() +export class GatewayRS256JwtStrategy extends PassportStrategy( + Strategy, + strategyId, +) { + static id = strategyId; + constructor(configService: ConfigService) { + super({ + jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), + ignoreExpiration: false, + secretOrKey: Buffer.from( + configService.get('secrets.driveGateway') as string, + 'base64', + ).toString('utf8'), + algorithms: ['RS256'], + }); + } + + async validate(): Promise { + return true; + } +} diff --git a/src/modules/gateway/gateway.guard.ts b/src/modules/auth/gateway.guard.ts similarity index 68% rename from src/modules/gateway/gateway.guard.ts rename to src/modules/auth/gateway.guard.ts index eecf68a01..d31dd639a 100644 --- a/src/modules/gateway/gateway.guard.ts +++ b/src/modules/auth/gateway.guard.ts @@ -1,10 +1,12 @@ import { ExecutionContext, Injectable } from '@nestjs/common'; import { Reflector } from '@nestjs/core'; import { AuthGuard as PassportAuthGuard } from '@nestjs/passport'; -import { RS256JwtStrategy } from '../auth/rs256jwt.strategy'; +import { GatewayRS256JwtStrategy } from './gateway-rs256jwt.strategy'; @Injectable() -export class GatewayGuard extends PassportAuthGuard([RS256JwtStrategy.id]) { +export class GatewayGuard extends PassportAuthGuard( + GatewayRS256JwtStrategy.id, +) { constructor(private readonly reflector: Reflector) { super(); } diff --git a/src/modules/gateway/gateway.controller.ts b/src/modules/gateway/gateway.controller.ts index b476b6cd1..8934f5828 100644 --- a/src/modules/gateway/gateway.controller.ts +++ b/src/modules/gateway/gateway.controller.ts @@ -3,10 +3,11 @@ import { ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger'; import { GatewayUseCases } from './gateway.usecase'; import { InitializeWorkspaceDto } from './dto/initialize-workspace.dto'; import { DisableGlobalAuth } from '../auth/decorators/disable-global-auth.decorator'; -import { GatewayGuard } from './gateway.guard'; +import { GatewayGuard } from '../auth/gateway.guard'; @ApiTags('Gateway') @Controller('gateway') +@DisableGlobalAuth() export class GatewayController { constructor(private gatewayUseCases: GatewayUseCases) {} @@ -14,9 +15,8 @@ export class GatewayController { @ApiOperation({ summary: 'Initiates a workspace', }) - @ApiOkResponse({ description: 'Returns the workspace created' }) - @DisableGlobalAuth() @UseGuards(GatewayGuard) + @ApiOkResponse({ description: 'Returns the workspace created' }) async initializeWorkspace( @Body() initializeWorkspaceDto: InitializeWorkspaceDto, ) { diff --git a/src/modules/workspaces/attributes/workspace-users.attributes.ts b/src/modules/workspaces/attributes/workspace-users.attributes.ts index bb6b136d9..ec1abbe68 100644 --- a/src/modules/workspaces/attributes/workspace-users.attributes.ts +++ b/src/modules/workspaces/attributes/workspace-users.attributes.ts @@ -3,9 +3,9 @@ export interface WorkspaceUserAttributes { memberId: string; key: string; workspaceId: string; - spaceLimit: number; - driveUsage: number; - backupsUsage: number; + spaceLimit: bigint; + driveUsage: bigint; + backupsUsage: bigint; deactivated: boolean; createdAt: Date; updatedAt: Date; diff --git a/src/modules/workspaces/models/workspace-users.model.ts b/src/modules/workspaces/models/workspace-users.model.ts index 47a93804f..2e0333515 100644 --- a/src/modules/workspaces/models/workspace-users.model.ts +++ b/src/modules/workspaces/models/workspace-users.model.ts @@ -49,14 +49,14 @@ export class WorkspaceUserModel }) workspace: WorkspaceModel; - @Column(DataType.DOUBLE) - spaceLimit: number; + @Column(DataType.BIGINT) + spaceLimit: bigint; - @Column(DataType.DOUBLE) - driveUsage: number; + @Column(DataType.BIGINT) + driveUsage: bigint; - @Column(DataType.DOUBLE) - backupsUsage: number; + @Column(DataType.BIGINT) + backupsUsage: bigint; @Column(DataType.BOOLEAN) deactivated: boolean;