Get user from the request

Author: GuidoBR

backend/src/app.module.ts

@@ -1,4 +1,4 @@
-import { Module, NestModule } from '@nestjs/common';
+import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
 import { ConfigModule } from '@nestjs/config';
 import configuration from './config/configuration';
 import { AppController } from './app.controller';
@@ -9,6 +9,8 @@ import { PerplexityController } from './controllers/perplexity/perplexity.contro
 import { UserController } from './user/user.controller';
 import { ReportsModule } from './reports/reports.module';
 import { HealthController } from './health/health.controller';
+import { AuthMiddleware } from './auth/auth.middleware';
+
 @Module({
   imports: [
     ConfigModule.forRoot({
@@ -21,8 +23,9 @@ import { HealthController } from './health/health.controller';
   providers: [AppService, AwsSecretsService, PerplexityService],
 })
 export class AppModule implements NestModule {
-  configure() {
-    // Add your middleware configuration here if needed
-    // If you don't need middleware, you can leave this empty
+  configure(consumer: MiddlewareConsumer) {
+    consumer
+      .apply(AuthMiddleware)
+      .forRoutes('*'); // Apply to all routes
   }
 }

backend/src/auth/auth.middleware.ts

@@ -0,0 +1,44 @@
+import { Injectable, NestMiddleware } from '@nestjs/common';
+import { Request, Response, NextFunction } from 'express';
+import { ConfigService } from '@nestjs/config';
+import * as jwt from 'jsonwebtoken';
+
+// Extend the Express Request interface to include the user property
+export interface RequestWithUser extends Request {
+  user?: {
+    sub: string;
+    email?: string;
+    groups?: string[];
+    [key: string]: any;
+  } | null;
+}
+
+@Injectable()
+export class AuthMiddleware implements NestMiddleware {
+  constructor(private configService: ConfigService) {}
+
+  use(req: RequestWithUser, res: Response, next: NextFunction) {
+    const authHeader = req.headers.authorization;
+
+    if (authHeader && authHeader.startsWith('Bearer ')) {
+      const token = authHeader.substring(7);
+      try {
+        // Verify the JWT token
+        const decoded = jwt.verify(token, this.configService.get('JWT_SECRET') || 'dev-secret');
+
+        // Attach the decoded user to the request
+        req.user = {
+          sub: decoded.sub as string,
+        };
+      } catch (error) {
+        // If token verification fails, set user to null
+        req.user = null;
+      }
+    } else {
+      // No token provided
+      req.user = null;
+    }
+
+    next();
+  }
+}

backend/src/reports/reports.controller.ts

@@ -1,4 +1,14 @@
-import { Controller, Get, Patch, Param, Body, Query, ValidationPipe, Req } from '@nestjs/common';
+import {
+  Controller,
+  Get,
+  Patch,
+  Param,
+  Body,
+  Query,
+  ValidationPipe,
+  Req,
+  UnauthorizedException,
+} from '@nestjs/common';
 import {
   ApiTags,
   ApiOperation,
@@ -11,7 +21,7 @@ import { ReportsService } from './reports.service';
 import { Report } from './models/report.model';
 import { GetReportsQueryDto } from './dto/get-reports.dto';
 import { UpdateReportStatusDto } from './dto/update-report-status.dto';
-import { Request } from 'express';
+import { RequestWithUser } from '../auth/auth.middleware';
 
 @ApiTags('reports')
 @Controller('reports')
@@ -22,19 +32,19 @@ export class ReportsController {
   @ApiOperation({ summary: 'Get all reports' })
   @ApiResponse({
     status: 200,
-    description: 'Returns all reports',
+    description: 'Returns all reports for the authenticated user',
     type: [Report],
   })
   @Get()
-  async findAll(@Req() request: Request): Promise<Report[]> {
+  async findAll(@Req() request: RequestWithUser): Promise<Report[]> {
     const userId = this.extractUserId(request);
     return this.reportsService.findAll(userId);
   }
 
   @ApiOperation({ summary: 'Get latest reports' })
   @ApiResponse({
     status: 200,
-    description: 'Returns the latest reports',
+    description: 'Returns the latest reports for the authenticated user',
     type: [Report],
   })
   @ApiQuery({
@@ -45,7 +55,7 @@ export class ReportsController {
   @Get('latest')
   async findLatest(
     @Query(ValidationPipe) queryDto: GetReportsQueryDto,
-    @Req() request: Request,
+    @Req() request: RequestWithUser,
   ): Promise<Report[]> {
     const userId = this.extractUserId(request);
     return this.reportsService.findLatest(queryDto, userId);
@@ -66,7 +76,7 @@ export class ReportsController {
     description: 'Report ID',
   })
   @Get(':id')
-  async getReport(@Param('id') id: string, @Req() request: Request): Promise<Report> {
+  async getReport(@Param('id') id: string, @Req() request: RequestWithUser): Promise<Report> {
     const userId = this.extractUserId(request);
     return this.reportsService.findOne(id, userId);
   }
@@ -89,19 +99,18 @@ export class ReportsController {
   async updateStatus(
     @Param('id') id: string,
     @Body(ValidationPipe) updateDto: UpdateReportStatusDto,
-    @Req() request: Request,
+    @Req() request: RequestWithUser,
   ): Promise<Report> {
     const userId = this.extractUserId(request);
     return this.reportsService.updateStatus(id, updateDto, userId);
   }
 
-  private extractUserId(request: Request): string {
-    console.log(request);
-    // The user object is attached to the request by the AuthGuard
-    const user = request.user as any;
+  private extractUserId(request: RequestWithUser): string {
+    // The user object is attached to the request by our middleware
+    const user = request.user;
 
     if (!user || !user.sub) {
-      throw new Error('User ID not found in token');
+      throw new UnauthorizedException('User ID not found in request');
     }
 
     return user.sub;