Merge pull request #84 from CS3219-AY2425S1/ms4-evan/matching-logic

Enhance matching validation logic

Author: evanyan13

backend/auth-service/.env.example

@@ -31,6 +31,7 @@
     "bcryptjs": "^2.4.3",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
+    "dotenv": "^16.4.5",
     "google-auth-library": "^9.14.1",
     "nodemailer": "^6.9.15",
     "passport": "^0.7.0",

backend/auth-service/package-lock.json

@@ -11,19 +11,22 @@ import {
   GoogleStrategy,
   GithubStrategy,
 } from './strategies';
+import { config } from './configs';
 
 @Module({
   imports: [
-    PassportModule.register({ defaultStrategy: 'jwt' }),
+    PassportModule.register({
+      defaultStrategy: config.strategies.accessTokenStrategy,
+    }),
     HttpModule,
     JwtModule.register({}),
     ClientsModule.register([
       {
         name: 'USER_SERVICE',
-        transport: Transport.TCP,
+        transport: config.userService.transport,
         options: {
-          host: 'user-service',
-          port: 3001,
+          host: config.userService.host,
+          port: config.userService.port,
         },
       },
     ]),

backend/auth-service/package.json

@@ -17,6 +17,7 @@ import axios, { AxiosResponse } from 'axios';
 import { Token, TokenPayload } from './interfaces';
 import { AccountProvider } from './constants/account-provider.enum';
 import * as nodemailer from 'nodemailer';
+import { config } from 'src/configs';
 
 const SALT_ROUNDS = 10;
 
@@ -30,9 +31,9 @@ export class AppService {
     @Inject('USER_SERVICE') private readonly userClient: ClientProxy,
   ) {
     this.oauthClient = new OAuth2Client({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-      redirectUri: process.env.GOOGLE_CALLBACK_URL,
+      clientId: config.auth.google.clientId,
+      clientSecret: config.auth.google.clientSecret,
+      redirectUri: config.auth.google.callbackUrl,
     });
   }
 
@@ -173,8 +174,8 @@ export class AppService {
     const resetToken = this.jwtService.sign(
       { userId: user._id.toString(), email: dto.email, type: 'reset-password' },
       {
-        secret: process.env.JWT_SECRET,
-        expiresIn: '1hr',
+        secret: config.auth.local.jwtSecret,
+        expiresIn: config.auth.local.jwtTokenExpiration,
       },
     );
 
@@ -206,7 +207,7 @@ export class AppService {
   public async validatePasswordResetToken(token: string): Promise<any> {
     try {
       const decoded = this.jwtService.verify(token, {
-        secret: process.env.JWT_SECRET,
+        secret: config.auth.local.jwtSecret,
       });
       const { userId, email, type } = decoded;
       if (type !== 'reset-password') {
@@ -225,16 +226,16 @@ export class AppService {
   }
 
   private async sendResetEmail(email: string, token: string) {
-    const resetUrl = `${process.env.FRONTEND_URL}/reset-password?token=${token}`; // To change next time
+    const resetUrl = `${config.frontendUrl}/reset-password?token=${token}`; // To change next time
 
     const transporter = nodemailer.createTransport({
       service: 'gmail',
       host: 'smtp.gmail.com',
       port: 465,
       secure: true,
       auth: {
-        user: process.env.NODEMAILER_GMAIL_USER,
-        pass: process.env.NODEMAILER_GMAIL_PASSWORD,
+        user: config.mailer.user,
+        pass: config.mailer.password,
       },
     });
 
@@ -255,7 +256,7 @@ export class AppService {
   public async validateAccessToken(accessToken: string): Promise<any> {
     try {
       const decoded = this.jwtService.verify(accessToken, {
-        secret: process.env.JWT_SECRET,
+        secret: config.auth.local.jwtSecret,
       });
       return decoded;
     } catch (error) {
@@ -266,7 +267,7 @@ export class AppService {
   public async validateRefreshToken(refreshToken: string): Promise<any> {
     try {
       const decoded = this.jwtService.verify(refreshToken, {
-        secret: process.env.JWT_REFRESH_SECRET,
+        secret: config.auth.local.jwtRefreshSecret,
       });
       return decoded;
     } catch (error) {
@@ -300,8 +301,8 @@ export class AppService {
           ...rest,
         },
         {
-          secret: process.env.JWT_SECRET,
-          expiresIn: '1h', // 1 hour
+          secret: config.auth.local.jwtSecret,
+          expiresIn: config.auth.local.jwtTokenExpiration,
         },
       ),
       this.jwtService.signAsync(
@@ -310,8 +311,8 @@ export class AppService {
           ...rest,
         },
         {
-          secret: process.env.JWT_REFRESH_SECRET,
-          expiresIn: '7d', // 1 week
+          secret: config.auth.local.jwtRefreshSecret,
+          expiresIn: config.auth.local.jwtRefreshTokenExpiration,
         },
       ),
     ]);
@@ -323,8 +324,8 @@ export class AppService {
   }
 
   getGoogleOAuthUrl(): string {
-    const clientId = process.env.GOOGLE_CLIENT_ID;
-    const redirectUri = process.env.GOOGLE_CALLBACK_URL;
+    const clientId = config.auth.google.clientId;
+    const redirectUri = config.auth.google.callbackUrl;
     const scope = encodeURIComponent('email profile');
     const responseType = 'code';
     const state = 'secureRandomState';
@@ -404,7 +405,7 @@ export class AppService {
 
       const ticket = await this.oauthClient.verifyIdToken({
         idToken: tokens.id_token,
-        audience: process.env.GOOGLE_CLIENT_ID,
+        audience: config.auth.google.clientId,
       });
 
       const payload = ticket.getPayload();
@@ -428,8 +429,8 @@ export class AppService {
   }
 
   getGithubOAuthUrl(): string {
-    const clientId = process.env.GITHUB_CLIENT_ID;
-    const redirectUri = process.env.GITHUB_CALLBACK_URL;
+    const clientId = config.auth.github.clientId;
+    const redirectUri = config.auth.github.callbackUrl;
     const scope = 'user:email';
 
     const githubLoginUrl = `https://github.com/login/oauth/authorize?client_id=${clientId}&redirect_uri=${encodeURIComponent(
@@ -486,10 +487,10 @@ export class AppService {
   private async exchangeGithubCodeForTokens(code: string) {
     try {
       const params = {
-        client_id: process.env.GITHUB_CLIENT_ID,
-        client_secret: process.env.GITHUB_CLIENT_SECRET,
+        client_id: config.auth.github.clientId,
+        client_secret: config.auth.github.clientSecret,
         code: code,
-        redirect_uri: process.env.GITHUB_CALLBACK_URL,
+        redirect_uri: config.auth.github.callbackUrl,
       };
       const headers = {
         Accept: 'application/json',

backend/auth-service/src/app.module.ts

@@ -0,0 +1,54 @@
+import { Transport } from '@nestjs/microservices';
+import * as dotenv from 'dotenv';
+
+dotenv.config();
+
+function getEnvVar(name: string): string {
+  const value = process.env[name];
+  if (!value) {
+    throw new Error(`Environment variable ${name} is not defined`);
+  }
+  return value;
+}
+
+export const config = {
+  userService: {
+    port: parseInt(getEnvVar('USER_SERVICE_PORT')),
+    host: getEnvVar('USER_SERVICE_HOST'),
+    transport: Transport[getEnvVar('USER_SERVICE_TRANSPORT')] || Transport.TCP,
+  },
+  authService: {
+    port: parseInt(getEnvVar('AUTH_SERVICE_PORT')),
+    host: getEnvVar('AUTH_SERVICE_HOST'),
+    transport: Transport[getEnvVar('AUTH_SERVICE_TRANSPORT')] || Transport.TCP,
+  },
+  strategies: {
+    accessTokenStrategy: getEnvVar('ACCESS_TOKEN_STRATEGY'),
+    refreshTokenStrategy: getEnvVar('REFRESH_TOKEN_STRATEGY'),
+    googleStrategy: getEnvVar('GOOGLE_STRATEGY'),
+    githubStrategy: getEnvVar('GITHUB_STRATEGY'),
+  },
+  auth: {
+    local: {
+      jwtSecret: getEnvVar('JWT_SECRET'),
+      jwtTokenExpiration: getEnvVar('JWT_TOKEN_EXPIRATION'),
+      jwtRefreshSecret: getEnvVar('JWT_REFRESH_SECRET'),
+      jwtRefreshTokenExpiration: getEnvVar('JWT_REFRESH_TOKEN_EXPIRATION'),
+    },
+    google: {
+      clientId: getEnvVar('GOOGLE_CLIENT_ID'),
+      clientSecret: getEnvVar('GOOGLE_CLIENT_SECRET'),
+      callbackUrl: getEnvVar('GOOGLE_CALLBACK_URL'),
+    },
+    github: {
+      clientId: getEnvVar('GITHUB_CLIENT_ID'),
+      clientSecret: getEnvVar('GITHUB_CLIENT_SECRET'),
+      callbackUrl: getEnvVar('GITHUB_CALLBACK_URL'),
+    },
+  },
+  mailer: {
+    user: getEnvVar('NODEMAILER_GMAIL_USER'),
+    password: getEnvVar('NODEMAILER_GMAIL_PASSWORD'),
+  },
+  frontendUrl: getEnvVar('FRONTEND_URL'),
+};

backend/auth-service/src/app.service.ts

@@ -0,0 +1 @@
+export { config } from './env.config';

backend/auth-service/src/configs/env.config.ts

@@ -2,20 +2,24 @@ import { NestFactory } from '@nestjs/core';
 import { AppModule } from './app.module';
 import { MicroserviceOptions, Transport } from '@nestjs/microservices';
 import { ValidationPipe } from '@nestjs/common';
+import { config } from 'src/configs';
+import * as dotenv from 'dotenv';
+
+dotenv.config();
 
 async function bootstrap() {
   const app = await NestFactory.createMicroservice<MicroserviceOptions>(
     AppModule,
     {
-      transport: Transport.TCP,
+      transport: config.authService.transport,
       options: {
-        host: '0.0.0.0',
-        port: 3003,
+        host: config.authService.host,
+        port: config.authService.port,
       },
     },
   );
   app.useGlobalPipes(new ValidationPipe());
   await app.listen();
-  console.log('Auth Service is listening on port 3003');
+  console.log('Auth Service is listening on port', config.authService.port);
 }
 bootstrap();

backend/auth-service/src/configs/index.ts

@@ -1,14 +1,18 @@
 import { Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { Strategy, ExtractJwt } from 'passport-jwt';
+import { config } from 'src/configs';
 
 @Injectable()
-export class AccessTokenStrategy extends PassportStrategy(Strategy, 'jwt') {
+export class AccessTokenStrategy extends PassportStrategy(
+  Strategy,
+  config.strategies.accessTokenStrategy,
+) {
   constructor() {
     super({
       jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
       ignoreExpiration: false,
-      secretOrKey: process.env.JWT_SECRET,
+      secretOrKey: config.auth.local.jwtSecret,
     });
   }
 

backend/auth-service/src/main.ts

@@ -1,14 +1,18 @@
 import { PassportStrategy } from '@nestjs/passport';
 import { Strategy, VerifyCallback } from 'passport-google-oauth20';
 import { Injectable } from '@nestjs/common';
+import { config } from 'src/configs';
 
 @Injectable()
-export class GithubStrategy extends PassportStrategy(Strategy, 'github') {
+export class GithubStrategy extends PassportStrategy(
+  Strategy,
+  config.strategies.githubStrategy,
+) {
   constructor() {
     super({
-      clientID: process.env.GITHUB_CLIENT_ID,
-      clientSecret: process.env.GITHUB_CLIENT_SECRET,
-      callbackURL: process.env.GITHUB_CALLBACK_URL,
+      clientID: config.auth.github.clientId,
+      clientSecret: config.auth.github.clientSecret,
+      callbackURL: config.auth.github.callbackUrl,
       scope: ['user:email'],
     });
   }