ModusCreateOrg
diff --git a/‎backend/package-lock.json‎
Lines changed: 77 additions & 2 deletions b/‎backend/package-lock.json‎
Lines changed: 77 additions & 2 deletions
diff --git a/‎backend/package.json‎
Lines changed: 5 additions & 1 deletion b/‎backend/package.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎backend/src/auth/auth.middleware.spec.ts‎
Lines changed: 75 additions & 17 deletions b/‎backend/src/auth/auth.middleware.spec.ts‎
Lines changed: 75 additions & 17 deletions
diff --git a/‎backend/src/auth/auth.middleware.ts‎
Lines changed: 24 additions & 12 deletions b/‎backend/src/auth/auth.middleware.ts‎
Lines changed: 24 additions & 12 deletions
diff --git a/‎backend/src/auth/auth.module.ts‎
Lines changed: 19 additions & 5 deletions b/‎backend/src/auth/auth.module.ts‎
Lines changed: 19 additions & 5 deletions
@@ -33,7 +33,9 @@
     "@nestjs/common": "^10.0.0",
     "@nestjs/config": "^3.1.1",
     "@nestjs/core": "^10.0.0",
+    "@nestjs/jwt": "^10.2.0",
     "@nestjs/platform-express": "^10.0.0",
+    "@nestjs/passport": "^10.0.3",
     "@types/jest": "^29.5.12",
     "axios": "^1.8.1",
     "class-transformer": "^0.5.1",
@@ -51,7 +53,9 @@
     "web-vitals": "^2.1.4",
     "aws-cdk-lib": "2.139.0",
     "@nestjs/swagger": "^7.1.13",
-    "swagger-ui-express": "^5.0.0"
+    "swagger-ui-express": "^5.0.0",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1"
   },
   "devDependencies": {
     "@aws-cdk/assert": "^2.68.0",
 
@@ -1,50 +1,108 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { AuthMiddleware } from './auth.middleware';
-import { JwtService } from './jwt.service';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 
 describe('AuthMiddleware', () => {
   let middleware: AuthMiddleware;
+  let jwtService: JwtService;
 
-  // Create a mock JwtService
   const mockJwtService = {
-    verifyToken: vi.fn(),
+    verify: vi.fn(),
   };
 
-  beforeEach(async () => {
-    vi.clearAllMocks();
+  const mockConfigService = {
+    get: vi.fn().mockReturnValue('test-secret'),
+  };
 
+  beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
       providers: [
         AuthMiddleware,
         {
           provide: JwtService,
           useValue: mockJwtService,
         },
+        {
+          provide: ConfigService,
+          useValue: mockConfigService,
+        },
       ],
     }).compile();
 
     middleware = module.get<AuthMiddleware>(AuthMiddleware);
+    jwtService = module.get<JwtService>(JwtService);
   });
 
   it('should be defined', () => {
     expect(middleware).toBeDefined();
   });
 
-  describe('use', () => {
-    it('should not add user to request when token is missing', async () => {
-      const mockRequest: any = {
-        headers: {},
-      };
-      const mockResponse = {};
-      const mockNext = vi.fn();
+  it('should set user on request when valid token is provided', () => {
+    const mockPayload = {
+      sub: 'user123',
+      username: 'testuser',
+      email: '[email protected]',
+      groups: ['users'],
+    };
+
+    mockJwtService.verify.mockReturnValue(mockPayload);
+
+    const mockRequest = {
+      headers: {
+        authorization: 'Bearer valid-token',
+      },
+      user: undefined,
+    };
+
+    const mockResponse = {};
+    const mockNext = vi.fn();
+
+    middleware.use(mockRequest as any, mockResponse as any, mockNext);
+
+    expect(mockRequest.user).toEqual({
+      id: 'user123',
+      username: 'testuser',
+      email: '[email protected]',
+      groups: ['users'],
+    });
+    expect(mockNext).toHaveBeenCalled();
+  });
+
+  it('should not set user when no token is provided', () => {
+    const mockRequest = {
+      headers: {},
+      user: undefined,
+    };
+
+    const mockResponse = {};
+    const mockNext = vi.fn();
+
+    middleware.use(mockRequest as any, mockResponse as any, mockNext);
 
-      // Test the middleware
-      await middleware.use(mockRequest, mockResponse as any, mockNext);
+    expect(mockRequest.user).toBeUndefined();
+    expect(mockNext).toHaveBeenCalled();
+  });
 
-      expect(mockRequest).not.toHaveProperty('user');
-      expect(mockNext).toHaveBeenCalled();
-      expect(mockJwtService.verifyToken).not.toHaveBeenCalled();
+  it('should not set user when token verification fails', () => {
+    mockJwtService.verify.mockImplementation(() => {
+      throw new Error('Invalid token');
     });
+
+    const mockRequest = {
+      headers: {
+        authorization: 'Bearer invalid-token',
+      },
+      user: undefined,
+    };
+
+    const mockResponse = {};
+    const mockNext = vi.fn();
+
+    middleware.use(mockRequest as any, mockResponse as any, mockNext);
+
+    expect(mockRequest.user).toBeUndefined();
+    expect(mockNext).toHaveBeenCalled();
   });
 });
@@ -1,23 +1,35 @@
 import { Injectable, NestMiddleware } from '@nestjs/common';
 import { Request, Response, NextFunction } from 'express';
-import { JwtService } from './jwt.service';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
 
 @Injectable()
 export class AuthMiddleware implements NestMiddleware {
-  constructor(private jwtService: JwtService) {}
+  constructor(
+    private readonly jwtService: JwtService,
+    private readonly configService: ConfigService
+  ) {}
 
-  async use(req: Request, res: Response, next: NextFunction) {
-    const token = req.headers['x-amzn-oidc-data'] as string;
+  use(req: Request, res: Response, next: NextFunction) {
+    const authHeader = req.headers.authorization;
 
-    if (token) {
+    if (authHeader && authHeader.startsWith('Bearer ')) {
       try {
-        const user = await this.jwtService.verifyToken(token);
-        req.user = user;
-      } catch (error: unknown) {
-        console.error(
-          'Token validation failed:',
-          error instanceof Error ? error.message : 'Unknown error',
-        );
+        const token = authHeader.substring(7);
+        const payload = this.jwtService.verify(token, {
+          secret: this.configService.get<string>('JWT_SECRET')
+        });
+
+        req.user = {
+          id: payload.sub,
+          username: payload.username,
+          email: payload.email,
+          groups: payload.groups || [],
+        };
+      } catch (error) {
+        // If token verification fails, we don't set the user
+        // but we also don't block the request - protected routes
+        // will be handled by JwtAuthGuard
       }
     }
 
 
@@ -1,11 +1,25 @@
 import { Module } from '@nestjs/common';
-import { ConfigModule } from '@nestjs/config';
-import { JwtService } from './jwt.service';
+import { JwtModule } from '@nestjs/jwt';
+import { ConfigModule, ConfigService } from '@nestjs/config';
 import { JwtAuthGuard } from './jwt-auth.guard';
+import { JwtStrategy } from './jwt.strategy';
 
 @Module({
-  imports: [ConfigModule],
-  providers: [JwtService, JwtAuthGuard],
-  exports: [JwtService, JwtAuthGuard],
+  imports: [
+    ConfigModule,
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: async (configService: ConfigService) => ({
+        secret: configService.get<string>('JWT_SECRET'),
+        signOptions: {
+          expiresIn: configService.get<string>('JWT_EXPIRES_IN', '1h'),
+        },
+      }),
+    }),
+  ],
+  providers: [JwtAuthGuard, JwtStrategy],
+  exports: [JwtModule, JwtAuthGuard],
+  controllers: [],
 })
 export class AuthModule {}