add login validation

2026-04-21 15:45:49 +00:00 · 2026-04-17 13:34:57 +01:00
commit 36b2eee680
19 changed files with 6834 additions and 0 deletions
@@ -0,0 +1,22 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+
+describe('AppController', () => {
+  let appController: AppController;
+
+  beforeEach(async () => {
+    const app: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+      providers: [AppService],
+    }).compile();
+
+    appController = app.get<AppController>(AppController);
+  });
+
+  describe('root', () => {
+    it('should return "Hello World!"', () => {
+      expect(appController.getHello()).toBe('Hello World!');
+    });
+  });
+});
@@ -0,0 +1,21 @@
+import { Controller, Get, UseGuards } from '@nestjs/common';
+import { AppService } from './app.service';
+import { KeycloakAuthGuard } from './auth/keycloak.guard';
+
+
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+
+  @UseGuards(KeycloakAuthGuard)
+  @Get()
+  getHello(): string {
+    return this.appService.getHello();
+  }
+
+  @UseGuards(KeycloakAuthGuard)
+  @Get('teste')
+  teste(): string {
+    return this.appService.getHello();
+  }
+}
@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+import { AuthModule } from './auth/auth.module';
+
+@Module({
+  imports: [AuthModule],
+  controllers: [AppController],
+  providers: [AppService],
+})
+export class AppModule {}
@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {
+  getHello(): string {
+    return 'Hello World!';
+  }
+}
@@ -0,0 +1,11 @@
+// auth.module.ts
+import { Module } from "@nestjs/common";
+import { PassportModule } from "@nestjs/passport";
+import { KeycloakStrategy } from "./keycloak.strategy";
+
+@Module({
+  imports: [PassportModule],
+  providers: [KeycloakStrategy], // 👈 THIS IS THE FIX
+  exports: [PassportModule],
+})
+export class AuthModule {}
@@ -0,0 +1,5 @@
+import { Injectable } from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+
+@Injectable()
+export class KeycloakAuthGuard extends AuthGuard("keycloak") {}
@@ -0,0 +1,35 @@
+import { Injectable } from "@nestjs/common";
+import { PassportStrategy } from "@nestjs/passport";
+import { ExtractJwt, Strategy } from "passport-jwt";
+import * as jwksRsa from "jwks-rsa";
+
+@Injectable()
+export class KeycloakStrategy extends PassportStrategy(Strategy, "keycloak") {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+
+      // 🔑 Get signing key from Keycloak
+      secretOrKeyProvider: jwksRsa.passportJwtSecret({
+        cache: true,
+        rateLimit: true,
+        jwksRequestsPerMinute: 5,
+        jwksUri:
+          "https://keycloak.petermaquiran.xyz/realms/tvone/protocol/openid-connect/certs",
+      }),
+
+      //audience: "tvone-web", // your Keycloak clientId
+      issuer: "https://keycloak.petermaquiran.xyz/realms/tvone",
+      algorithms: ["RS256"],
+    });
+  }
+
+  async validate(payload: any) {
+    return {
+      userId: payload.sub,
+      email: payload.email,
+      roles: payload.realm_access?.roles || [],
+      raw: payload,
+    };
+  }
+}
@@ -0,0 +1,14 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  app.enableCors({
+    origin: ["http://localhost:3000"], // 👈 array is safer
+    methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization"],
+    credentials: true,
+  });
+  await app.listen(process.env.PORT ?? 3001);
+}
+bootstrap();