Feat/guard (#9)

* feat: passport 사용한 guard 작업을 위한 라이브러리 설치

- @nestjs/jwt, @nestjs/passport, passport, passport-jwt, passport-local 설치
- @types/passport-jwt, @types/passport-local 설치

* feat: auth module 생성

* feat: bcrypt, class-validator 설치

* feat: auth module에 jwt module 추가 및 user module과 연결

- .example.env에 jwt 관련 환경변수 추가

* feat: LocalAuthGuard 구현

* feat: 로그인 후 반환되는 ObjectType JwtWithUser 구현

* feat: current-user.decorator.ts 구현

- gql 속 현재 user 정보를 가져오는 커스텀 데코레이터 구현

* feat: LocalAuthGuard에 사용되는 authenticate 메서드 구현

* chore: @nestjs/passport 버전 변경

- passport-jwt와의 호환성 문제 해결

* feat: JwtAuthGuard 구현

* feat: AuthModule에 AuthGuard들 추가

* feat: RS256에서 HS256으로 변경

* chore: AuthModule에 Strategy들 추가

* feat: signIn, signUp 구현

* chore: 400에러를 401에러로 구체화

* chore: @nestjs/passport 버전 복구

- ^10.0.3으로 다운그레이드 -> ^11.0.5로 복구

* chore: JwtStrategy 타입 이슈 해결

Author: labyrinth30

.example.env

@@ -8,3 +8,7 @@ DB_NAME=postgres
 DB_SCHEMA=public
 
 PORT=8000
+
+# JWT
+ACCESS_TOKEN_SECRET=
+REFRESH_TOKEN_SECRET=

package.json

@@ -29,15 +29,22 @@
     "@nestjs/config": "^4.0.2",
     "@nestjs/core": "^11.0.1",
     "@nestjs/graphql": "^13.0.3",
+    "@nestjs/jwt": "^11.0.0",
     "@nestjs/mercurius": "^13.0.3",
+    "@nestjs/passport": "^11.0.5",
     "@nestjs/platform-express": "^11.0.1",
     "@nestjs/platform-fastify": "11.0.12",
     "@prisma/client": "^6.5.0",
     "aws-lambda": "^1.0.7",
+    "bcrypt": "^5.1.1",
     "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.1",
     "fastify": "5.2.1",
     "graphql": "^16.10.0",
     "mercurius": "^16.1.0",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
+    "passport-local": "^1.0.0",
     "prisma": "^6.5.0",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.1"
@@ -51,9 +58,12 @@
     "@swc/cli": "^0.6.0",
     "@swc/core": "^1.10.7",
     "@types/aws-lambda": "^8.10.148",
+    "@types/bcrypt": "^5.0.2",
     "@types/express": "^5.0.0",
     "@types/jest": "^29.5.14",
     "@types/node": "^22.10.7",
+    "@types/passport-jwt": "^4.0.1",
+    "@types/passport-local": "^1.0.38",
     "@types/supertest": "^6.0.2",
     "eslint": "^9.18.0",
     "eslint-config-prettier": "^10.0.1",
@@ -89,4 +99,4 @@
     "coverageDirectory": "../coverage",
     "testEnvironment": "node"
   }
-}
+}

src/app.module.ts

@@ -4,6 +4,7 @@ import { GraphQLModule } from '@nestjs/graphql';
 import { MercuriusDriver, MercuriusDriverConfig } from '@nestjs/mercurius';
 import { UserModule } from './user/user.module';
 import { ConfigModule, ConfigService } from '@nestjs/config';
+import { AuthModule } from './auth/auth.module';
 import { errorFormatter } from './common/exception/exception.format';
 
 @Module({
@@ -24,6 +25,7 @@ import { errorFormatter } from './common/exception/exception.format';
       },
     }),
     UserModule,
+    AuthModule,
   ],
   controllers: [],
   providers: [],

src/auth/auth.module.ts

@@ -0,0 +1,23 @@
+import { Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { AuthResolver } from './auth.resolver';
+import { UserModule } from '../user/user.module';
+import { JwtModule } from '@nestjs/jwt';
+import { ConfigModule } from '@nestjs/config';
+import { PrismaModule } from '../prisma/prisma.module';
+import { LocalAuthGuard, LocalStrategy } from './strategies/local.strategy';
+import { JwtAuthGuard, JwtStrategy } from './strategies/jwt.strategy';
+
+@Module({
+  imports: [JwtModule.register({}), PrismaModule, ConfigModule, UserModule],
+  providers: [
+    AuthService,
+    AuthResolver,
+    LocalAuthGuard,
+    JwtAuthGuard,
+    LocalStrategy,
+    JwtStrategy,
+  ],
+  exports: [AuthService, JwtModule],
+})
+export class AuthModule {}

src/auth/auth.resolver.ts

@@ -0,0 +1,19 @@
+import { Args, Mutation, Resolver } from '@nestjs/graphql';
+import { AuthService } from './auth.service';
+import { SignInInput, SignUpInput } from './inputs/auth.input';
+import { JwtWithUser } from './entities/auth.entity';
+
+@Resolver()
+export class AuthResolver {
+  constructor(private readonly authService: AuthService) {}
+
+  @Mutation(() => JwtWithUser)
+  signIn(@Args('data') data: SignInInput) {
+    return this.authService.signIn(data);
+  }
+
+  @Mutation(() => JwtWithUser)
+  signUp(@Args('data') data: SignUpInput) {
+    return this.authService.signUp(data);
+  }
+}

src/auth/auth.service.ts

@@ -0,0 +1,91 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { PrismaService } from '../prisma/prisma.service';
+import * as bcrypt from 'bcrypt';
+import { SignInInput, SignUpInput } from './inputs/auth.input';
+import { JwtService } from '@nestjs/jwt';
+import { User } from '../@generated/user/user.model';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private readonly configService: ConfigService,
+    private readonly prismaService: PrismaService,
+    private readonly jwtService: JwtService,
+  ) {}
+
+  async authenticate(input: SignInInput) {
+    const { email, password } = input;
+    const user = await this.prismaService.user.findUnique({
+      where: {
+        email,
+      },
+    });
+    if (!user) {
+      return null;
+    }
+
+    const passOk: boolean = await bcrypt.compare(password, user.password);
+    if (!passOk) {
+      return null;
+    }
+    return user;
+  }
+
+  async signUp(input: SignUpInput) {
+    const { email, password, nickname } = input;
+    const hashedPassword = await this.hashPassword(password);
+    const user = await this.prismaService.user.create({
+      data: {
+        email,
+        nickname,
+        password: hashedPassword,
+      },
+    });
+    const accessToken = await this.issueToken(user, false);
+    const refreshToken = await this.issueToken(user, true);
+    return {
+      accessToken,
+      refreshToken,
+      user,
+    };
+  }
+
+  async signIn(input: SignInInput) {
+    const { email, password } = input;
+    const user = await this.authenticate({ email, password });
+    if (!user) {
+      throw new UnauthorizedException('잘못된 로그인 정보입니다!');
+    }
+    const accessToken = await this.issueToken(user, false);
+    const refreshToken = await this.issueToken(user, true);
+    return {
+      accessToken,
+      refreshToken,
+      user,
+    };
+  }
+
+  async hashPassword(password: string): Promise<string> {
+    const salt = await bcrypt.genSalt(10);
+    return bcrypt.hash(password, salt);
+  }
+  async issueToken(user: User, isRefreshToken: boolean) {
+    const secret = this.configService
+      .get<string>(
+        isRefreshToken ? 'REFRESH_TOKEN_SECRET' : 'ACCESS_TOKEN_SECRET',
+      )
+      ?.replace(/\\n/g, '\n');
+    return this.jwtService.signAsync(
+      {
+        sub: user.id,
+        role: user.role,
+        type: isRefreshToken ? 'refresh' : 'access',
+      },
+      {
+        secret,
+        expiresIn: isRefreshToken ? '7d' : '15m',
+      },
+    );
+  }
+}

src/auth/entities/auth.entity.ts

@@ -0,0 +1,14 @@
+import { Field, ObjectType } from '@nestjs/graphql';
+import { User } from '../../@generated/user/user.model';
+
+@ObjectType()
+export class JwtWithUser {
+  @Field(() => String)
+  accessToken: string;
+
+  @Field(() => String)
+  refreshToken?: string;
+
+  @Field(() => User)
+  user: User;
+}

src/auth/inputs/auth.input.ts

@@ -0,0 +1,22 @@
+import { Field, InputType } from '@nestjs/graphql';
+
+import { IsEmail, IsNotEmpty } from 'class-validator';
+
+@InputType()
+export class SignInInput {
+  @Field(() => String)
+  @IsEmail()
+  @IsNotEmpty()
+  email: string;
+
+  @Field(() => String)
+  @IsNotEmpty()
+  password: string;
+}
+
+@InputType()
+export class SignUpInput extends SignInInput {
+  @Field(() => String)
+  @IsNotEmpty()
+  nickname: string;
+}

src/auth/strategies/jwt.strategy.ts

@@ -0,0 +1,34 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { AuthGuard, PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy, VerifiedCallback } from 'passport-jwt';
+import { UserService } from '../../user/user.service';
+
+export class JwtAuthGuard extends AuthGuard('jwt') {}
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
+  constructor(
+    private readonly userService: UserService,
+    private readonly configService: ConfigService,
+  ) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: configService.getOrThrow<string>('ACCESS_TOKEN_SECRET'),
+    });
+  }
+
+  async validate(payload: { id: string }, done: VerifiedCallback) {
+    try {
+      const user = await this.userService.findOneById(payload.id);
+      if (!user) {
+        return done(null, false);
+      }
+      const { id, role } = user;
+      done(null, { id, role });
+    } catch (err) {
+      throw new UnauthorizedException('Error', err);
+    }
+  }
+}

src/auth/strategies/local.strategy.ts

@@ -0,0 +1,28 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard, PassportStrategy } from '@nestjs/passport';
+
+import { Strategy } from 'passport-local';
+
+import { AuthService } from '../auth.service';
+import { SignInInput } from '../inputs/auth.input';
+
+export class LocalAuthGuard extends AuthGuard('local') {}
+
+@Injectable()
+export class LocalStrategy extends PassportStrategy(Strategy, 'local') {
+  constructor(private readonly authService: AuthService) {
+    super({
+      usernameField: 'email',
+      passwordField: 'password',
+    });
+  }
+  async validate(email: string, password: string): Promise<SignInInput> {
+    const user = await this.authService.authenticate({ email, password });
+
+    if (!user) {
+      throw new UnauthorizedException();
+    }
+
+    return user;
+  }
+}