feat: protegendo as rotas de upload pdf e pagina web com JWT

Author: renanjava

src/common/guards/auth.guard.ts

@@ -0,0 +1,41 @@
+/* eslint-disable @typescript-eslint/no-unsafe-argument */
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common'
+import { JwtService } from '@nestjs/jwt'
+import { Request } from 'express'
+import { ConfigService } from '@nestjs/config'
+import { TokenInvalidoException } from '@/errors/auth/token-invalido.exception'
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  constructor(
+    private jwtService: JwtService,
+    private configService: ConfigService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest()
+    const token = this.extractTokenFromHeader(request)
+    if (!token) {
+      throw new TokenInvalidoException()
+    }
+    try {
+      const payload = await this.jwtService.verifyAsync(token, {
+        secret: this.configService.get<string>('JWT_SECRET'),
+      })
+      request['user'] = payload
+    } catch {
+      throw new UnauthorizedException()
+    }
+    return true
+  }
+
+  private extractTokenFromHeader(request: Request): string | undefined {
+    const [type, token] = request.headers.authorization?.split(' ') ?? []
+    return type === 'Bearer' ? token : undefined
+  }
+}

src/contracts/user-payload.props.ts

@@ -0,0 +1,4 @@
+export interface UserPayload {
+  sub: string
+  username: string
+}

src/contracts/user-request.interface.ts

@@ -0,0 +1,6 @@
+import { Request } from 'express'
+import { UserPayload } from './user-payload.props'
+
+export interface UserRequest extends Request {
+  user: UserPayload
+}

src/controllers/__tests__/unit/document.controller.spec.ts

@@ -1,13 +1,14 @@
 /* eslint-disable @typescript-eslint/no-unused-vars */
-/* eslint-disable @typescript-eslint/unbound-method */
-/* eslint-disable @typescript-eslint/no-unsafe-argument */
+
 import { Test, TestingModule } from '@nestjs/testing'
 import { DocumentController } from '../../document.controller'
 import { DocumentService } from '../../../services/document.service'
 import { PdfProcessingService } from '../../../services/pdf-processing.service'
 import { ClientService } from '../../../services/client.service'
 import { WebProcessingService } from '@/services/web-processing.service'
 import { HttpModule } from '@nestjs/axios'
+import { JwtModule } from '@nestjs/jwt'
+import { ConfigModule } from '@nestjs/config'
 
 describe('DocumentController', () => {
   let controller: DocumentController
@@ -17,7 +18,7 @@ describe('DocumentController', () => {
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
-      imports: [HttpModule],
+      imports: [HttpModule, JwtModule, ConfigModule],
       controllers: [DocumentController],
       providers: [
         WebProcessingService,
@@ -57,6 +58,7 @@ describe('DocumentController', () => {
     expect(controller).toBeDefined()
   })
 
+  /*
   describe('create', () => {
     it('should call service.create and return the result', async () => {
       const dto = { title: 'Test', content: 'Content', clientId: '1' } as any
@@ -69,4 +71,5 @@ describe('DocumentController', () => {
       expect(result).toEqual(createdDocument)
     })
   })
+  */
 })

src/controllers/document.controller.ts

@@ -8,15 +8,18 @@ import {
   Delete,
   UseInterceptors,
   UploadedFile,
+  UseGuards,
+  Req,
 } from '@nestjs/common'
 import { DocumentService } from '../services/document.service'
-import { CreateDocumentDto } from '@/dtos/document/create-document.dto'
 import { UpdateDocumentDto } from '@/dtos/document/update-document.dto'
 import { FileInterceptor } from '@nestjs/platform-express'
 import { PdfProcessingService } from '@/services/pdf-processing.service'
 import { ClientService } from '@/services/client.service'
 import { WebDocumentDto } from '@/dtos/document/web-document.dto'
 import { WebProcessingService } from '@/services/web-processing.service'
+import { AuthGuard } from '@/common/guards/auth.guard'
+import { UserRequest } from '@/contracts/user-request.interface'
 
 @Controller('document')
 export class DocumentController {
@@ -27,39 +30,36 @@ export class DocumentController {
     private readonly clientService: ClientService,
   ) {}
 
-  @Post()
-  async create(@Body() createDocumentDto: CreateDocumentDto) {
-    return await this.documentService.create(createDocumentDto)
-  }
-
-  @Post('pdf/:id')
+  @Post('pdf')
+  @UseGuards(AuthGuard)
   @UseInterceptors(FileInterceptor('file'))
   async createPdfDocument(
     @UploadedFile() file: Express.Multer.File,
-    @Param('id') clientId: string,
+    @Req() request: UserRequest,
   ) {
     const { title, content } =
       await this.pdfProcessingService.extractTitleAndContent(file)
 
-    await this.clientService.findOne(clientId)
+    await this.clientService.findOne(request.user.sub)
     return await this.documentService.createPdfDocument(
       { title, content },
-      clientId,
+      request.user.sub,
     )
   }
 
-  @Post('web/:id')
+  @Post('web')
+  @UseGuards(AuthGuard)
   async createWebDocument(
     @Body() webDocumentDto: WebDocumentDto,
-    @Param('id') clientId: string,
+    @Req() request: UserRequest,
   ) {
     const { title, content } =
       await this.webProcessingService.extractTitleAndContent(webDocumentDto.url)
 
-    await this.clientService.findOne(clientId)
+    await this.clientService.findOne(request.user.sub)
     return await this.documentService.createWebDocument(
       { title, content },
-      clientId,
+      request.user.sub,
     )
   }
 

src/errors/auth/token-invalido.exception.ts

@@ -0,0 +1,7 @@
+import { HttpException, HttpStatus } from '@nestjs/common'
+
+export class TokenInvalidoException extends HttpException {
+  constructor() {
+    super('Token de acesso inválido', HttpStatus.UNAUTHORIZED)
+  }
+}

src/modules/auth.module.ts

@@ -8,6 +8,7 @@ import { ConfigModule, ConfigService } from '@nestjs/config'
 @Module({
   imports: [
     ClientModule,
+    ConfigModule,
     JwtModule.registerAsync({
       imports: [ConfigModule],
       inject: [ConfigService],

src/modules/client.module.ts

@@ -3,9 +3,10 @@ import { ClientService } from '../services/client.service'
 import { ClientController } from '../controllers/client.controller'
 import { ClientRepository } from '../repositories/client.repository'
 import { DatabaseModule } from '@/modules/database.module'
+import { JwtModule } from '@nestjs/jwt'
 
 @Module({
-  imports: [DatabaseModule],
+  imports: [DatabaseModule, JwtModule],
   controllers: [ClientController],
   providers: [ClientService, ClientRepository],
   exports: [ClientService, ClientRepository],

src/modules/document.module.ts

@@ -7,9 +7,11 @@ import { ClientModule } from './client.module'
 import { PdfProcessingService } from '@/services/pdf-processing.service'
 import { HttpModule } from '@nestjs/axios'
 import { WebProcessingService } from '@/services/web-processing.service'
+import { JwtModule } from '@nestjs/jwt'
+import { ConfigModule } from '@nestjs/config'
 
 @Module({
-  imports: [DatabaseModule, ClientModule, HttpModule],
+  imports: [DatabaseModule, ClientModule, HttpModule, JwtModule, ConfigModule],
   controllers: [DocumentController],
   providers: [
     DocumentService,

src/services/__tests__/unit/pdf-processing.service.spec.ts

@@ -5,6 +5,7 @@ import { DocumentModule } from '@/modules/document.module'
 import { ClientModule } from '@/modules/client.module'
 import { DocumentoPdfInvalidoException } from '@/errors/document/documento-pdf-invalido.exception'
 import { DocumentoConteudoInvalidoException } from '@/errors/document/documento-conteudo-invalido.exception'
+import { ConfigModule } from '@nestjs/config'
 
 jest.mock('pdf-parse', () => ({
   __esModule: true,
@@ -20,7 +21,7 @@ describe('PdfProcessingService', () => {
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
-      imports: [DocumentModule, ClientModule],
+      imports: [DocumentModule, ClientModule, ConfigModule],
       providers: [PdfProcessingService],
     }).compile()