✨ Implement admin JWT authentication and enhance user login with username or email

Xen0Xys · Xen0Xys · commit 9740f7bdaa22 · 2025-04-04T09:28:52.000+02:00
diff --git a/.env.example b/.env.example
@@ -6,6 +6,11 @@ DATABASE_URL=
 APP_SECRET=supersecret
 ADMIN_KEY="admin"
 
+# First startup only
+ADMIN_USERNAME=admin
+ADMIN_EMAIL=admin@admin.com
+ADMIN_PASSWORD=password@admin.com
+
 # S3
 FILESYSTEM=local#local or s3
 S3_ENDPOINT=endpoint
diff --git a/bun.lock b/bun.lock
@@ -21,7 +21,6 @@
         "axios": "^1.8.4",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.1",
-        "dotenv": "^16.4.7",
         "fastify": "5.2.1",
         "jsdom": "^26.0.0",
         "jszip": "^3.10.1",
diff --git a/package.json b/package.json
@@ -29,7 +29,6 @@
         "axios": "^1.8.4",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.1",
-        "dotenv": "^16.4.7",
         "fastify": "5.2.1",
         "jsdom": "^26.0.0",
         "jszip": "^3.10.1",
diff --git a/prisma/migrations/20250404071740_user_avatar/migration.sql b/prisma/migrations/20250404071740_user_avatar/migration.sql
@@ -1,12 +1,16 @@
 /*
   Warnings:
 
+  - A unique constraint covering the columns `[username]` on the table `users` will be added. If there are existing duplicate values, this will fail.
   - A unique constraint covering the columns `[avatar_id]` on the table `users` will be added. If there are existing duplicate values, this will fail.
 
 */
 -- AlterTable
 ALTER TABLE "users" ADD COLUMN     "avatar_id" INTEGER;
 
+-- CreateIndex
+CREATE UNIQUE INDEX "users_username_key" ON "users"("username");
+
 -- CreateIndex
 CREATE UNIQUE INDEX "users_avatar_id_key" ON "users"("avatar_id");
 
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -15,7 +15,7 @@ datasource db {
 
 model Users {
   id                   String                @id @db.VarChar(36)
-  username             String                @db.VarChar(30)
+  username             String                @unique @db.VarChar(30)
   email                String                @unique @db.VarChar(255)
   password             String
   jwt_id               String                @db.VarChar(64)
diff --git a/prisma/seed.ts b/prisma/seed.ts
@@ -1,11 +1,8 @@
 import {PrismaClient, Users} from "@prisma/client";
-import * as dotenv from "dotenv";
 import WebtoonGenres from "./../src/modules/webtoon/webtoon/models/enums/webtoon-genres";
 import ImageTypes from "./../src/modules/webtoon/webtoon/models/enums/image-types";
 import {MiscService} from "../src/modules/misc/misc.service";
 
-dotenv.config();
-
 // initialize Prisma Client
 const prisma = new PrismaClient();
 const miscService = new MiscService();
@@ -21,9 +18,9 @@ async function main(){
     const users_values = [
         {
             id: "0195dc7c-f315-7881-b35b-da9cbb6ee4a0",
-            username: "admin",
-            email: "admin@admin.com",
-            password: miscService.hashPassword("password@admin.com"),
+            username: process.env.ADMIN_USERNAME || "admin",
+            email: process.env.ADMIN_EMAIL || "admin@admin.com",
+            password: miscService.hashPassword(process.env.ADMIN_PASSWORD || "password@admin.com"),
             jwt_id: miscService.generateRandomBytes(32),
             admin: true,
         } as Users,
diff --git a/src/app.ts b/src/app.ts
@@ -2,16 +2,13 @@ import {FastifyAdapter, NestFastifyApplication} from "@nestjs/platform-fastify";
 import {LoggerMiddleware} from "./common/middlewares/logger.middleware";
 import {SwaggerTheme, SwaggerThemeNameEnum} from "swagger-themes";
 import {DocumentBuilder, SwaggerModule} from "@nestjs/swagger";
+import {FastifyListenOptions} from "fastify/types/instance";
 import fastifyHelmet from "@fastify/helmet";
+import {RawServerDefault} from "fastify";
 import {NestFactory} from "@nestjs/core";
 import {AppModule} from "./app.module";
 import {Logger} from "@nestjs/common";
 import * as process from "process";
-import * as dotenv from "dotenv";
-import {FastifyListenOptions} from "fastify/types/instance";
-import {RawServerDefault} from "fastify";
-
-dotenv.config();
 
 const logger: Logger = new Logger("App");
 
diff --git a/src/modules/file/file.controller.ts b/src/modules/file/file.controller.ts
@@ -1,11 +1,11 @@
 import {Controller, Post, UseGuards} from "@nestjs/common";
 import {ApiBearerAuth, ApiTags} from "@nestjs/swagger";
-import {AdminGuard} from "../webtoon/admin/guard/admin.guard";
 import {FileService} from "./file.service";
+import {AuthGuard} from "@nestjs/passport";
 
 @Controller("file")
 @ApiTags("File")
-@UseGuards(AdminGuard)
+@UseGuards(AuthGuard("admin-jwt"))
 export class FileController{
     constructor(
         private readonly fileService: FileService,
diff --git a/src/modules/misc/misc.service.ts b/src/modules/misc/misc.service.ts
@@ -3,7 +3,7 @@ import axios, {AxiosInstance} from "axios";
 import {Injectable} from "@nestjs/common";
 import {createHash, randomBytes} from "crypto";
 import * as JSZip from "jszip";
-import * as sharp from "sharp";
+import sharp from "sharp";
 import * as fs from "fs";
 
 @Injectable()
diff --git a/src/modules/users/models/dto/login.dto.ts b/src/modules/users/models/dto/login.dto.ts
@@ -1,10 +1,9 @@
-import {IsEmail, IsNotEmpty, IsString} from "class-validator";
+import {IsNotEmpty, IsString} from "class-validator";
 
 export class LoginDto{
-    @IsEmail()
     @IsString()
     @IsNotEmpty()
-    email: string;
+    usernameOrEmail: string;
 
     @IsString()
     @IsNotEmpty()
diff --git a/src/modules/users/models/entities/user.entity.ts b/src/modules/users/models/entities/user.entity.ts
@@ -5,6 +5,7 @@ export class UserEntity{
     username: string;
     email: string;
     avatar: string;
+    admin: boolean;
 
     @Exclude()
     password: string;
diff --git a/src/modules/users/strategies/admin-jwt.strategy.ts b/src/modules/users/strategies/admin-jwt.strategy.ts
@@ -0,0 +1,31 @@
+import {Injectable, NotFoundException, UnauthorizedException} from "@nestjs/common";
+import {UserEntity} from "../models/entities/user.entity";
+import {UsersService} from "../users.service";
+import {ExtractJwt, Strategy} from "passport-jwt";
+import {PassportStrategy} from "@nestjs/passport";
+
+@Injectable()
+export class AdminJwtStrategy extends PassportStrategy(Strategy, "admin-jwt"){
+    constructor(
+        private readonly usersService: UsersService,
+    ){
+        super({
+            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKey: process.env.APP_SECRET,
+            issuer: "OWR",
+            algorithms: ["HS512"],
+        });
+    }
+
+    async validate(payload: any): Promise<UserEntity>{
+        const user: UserEntity = await this.usersService.getUserById(payload.sub);
+        if(!user)
+            throw new NotFoundException("User not found");
+        if(user.jwtId !== payload.jti)
+            throw new UnauthorizedException("Invalid token");
+        if(!user.admin)
+            throw new UnauthorizedException("User is not admin");
+        return user;
+    }
+}
diff --git a/src/modules/users/strategies/jwt.strategy.ts b/src/modules/users/strategies/jwt.strategy.ts
@@ -5,7 +5,7 @@ import {ExtractJwt, Strategy} from "passport-jwt";
 import {PassportStrategy} from "@nestjs/passport";
 
 @Injectable()
-export class JwtStrategy extends PassportStrategy(Strategy){
+export class JwtStrategy extends PassportStrategy(Strategy, "jwt"){
     constructor(
         private readonly usersService: UsersService,
     ){
@@ -19,7 +19,6 @@ export class JwtStrategy extends PassportStrategy(Strategy){
     }
 
     async validate(payload: any): Promise<UserEntity>{
-        console.log(payload);
         const user: UserEntity = await this.usersService.getUserById(payload.sub);
         if(!user)
             throw new NotFoundException("User not found");
diff --git a/src/modules/users/users.controller.ts b/src/modules/users/users.controller.ts
@@ -1,4 +1,4 @@
-import {Body, Controller, Get, Post, UseGuards} from "@nestjs/common";
+import {Body, Controller, Get, Param, Post, UseGuards} from "@nestjs/common";
 import {UserEntity} from "./models/entities/user.entity";
 import {LoginPayload} from "./models/payloads/login.payload";
 import {User} from "./decorators/user.decorator";
@@ -15,7 +15,7 @@ export class UsersController{
 
     @Post("login")
     async login(@Body() body: LoginDto): Promise<LoginPayload>{
-        return await this.usersService.login(body.email, body.password);
+        return await this.usersService.login(body.usernameOrEmail, body.password);
     }
 
     @Get("me")
@@ -24,4 +24,19 @@ export class UsersController{
     getMe(@User() user: UserEntity): UserEntity{
         return user;
     }
+
+    @Get("avatars")
+    async getAvailableAvatars(): Promise<string[]>{
+        const avatars: string[] = await this.usersService.getAvailableAvatars();
+        if(!avatars.length)
+            return undefined;
+        return avatars;
+    }
+
+    @Post("avatar/:sum")
+    @UseGuards(AuthGuard("jwt"))
+    @ApiBearerAuth()
+    async setAvatar(@User() user: UserEntity, @Param("sum") sum: string): Promise<void>{
+        await this.usersService.setAvatar(user, sum);
+    }
 }
diff --git a/src/modules/users/users.module.ts b/src/modules/users/users.module.ts
@@ -5,6 +5,7 @@ import {MiscModule} from "../misc/misc.module";
 import {JwtStrategy} from "./strategies/jwt.strategy";
 import {ConfigService} from "@nestjs/config";
 import {JwtModule} from "@nestjs/jwt";
+import {AdminJwtStrategy} from "./strategies/admin-jwt.strategy";
 
 @Module({
     imports: [
@@ -29,6 +30,7 @@ import {JwtModule} from "@nestjs/jwt";
     providers: [
         UsersService,
         JwtStrategy,
+        AdminJwtStrategy,
     ],
 })
 export class UsersModule{}
diff --git a/src/modules/users/users.service.ts b/src/modules/users/users.service.ts
@@ -1,9 +1,10 @@
-import {Injectable, NotFoundException, UnauthorizedException} from "@nestjs/common";
+import {BadRequestException, Injectable, NotFoundException, UnauthorizedException} from "@nestjs/common";
+import ImageTypes from "../webtoon/webtoon/models/enums/image-types";
+import {LoginPayload} from "./models/payloads/login.payload";
 import {UserEntity} from "./models/entities/user.entity";
 import {PrismaService} from "../misc/prisma.service";
-import {Images, Users} from "@prisma/client";
-import {LoginPayload} from "./models/payloads/login.payload";
 import {MiscService} from "../misc/misc.service";
+import {Images, Users} from "@prisma/client";
 import {JwtService} from "@nestjs/jwt";
 
 @Injectable()
@@ -22,10 +23,11 @@ export class UsersService{
             password: user.password,
             avatar: avatar,
             jwtId: user.jwt_id,
+            admin: user.admin,
         });
     }
 
-    async getAvailableAvatars(): Promise<Images[]>{
+    async getAvailableAvatars(): Promise<string[]>{
         const webtoons: any[] = await this.prismaService.webtoons.findMany({
             include: {
                 thumbnail: true,
@@ -37,15 +39,30 @@ export class UsersService{
         for(const webtoon of webtoons)
             if(webtoon.thumbnail)
                 avatars.push(webtoon.thumbnail);
-        return avatars;
+        return avatars.map((avatar: Images): string => avatar.sum);
     }
 
-    async randomAvatar(): Promise<Images | undefined>{
-        const avatars = await this.getAvailableAvatars();
-        if(!avatars.length)
-            return undefined;
-        const randomWebtoon: any = avatars[Math.floor(Math.random() * avatars.length)];
-        return randomWebtoon.thumbnail;
+    async setAvatar(user: UserEntity, sum: string){
+        const avatar = await this.prismaService.images.findUnique({
+            where: {
+                sum,
+            },
+            include: {
+                type: true,
+            },
+        });
+        if(!avatar)
+            throw new NotFoundException("Image not found");
+        if(avatar.type.name !== ImageTypes.WEBTOON_THUMBNAIL)
+            throw new BadRequestException("Specified image is not a webtoon thumbnail");
+        await this.prismaService.users.update({
+            where: {
+                id: user.id,
+            },
+            data: {
+                avatar_id: avatar.id,
+            },
+        });
     }
 
     async getUserById(userId: string): Promise<UserEntity>{
@@ -62,10 +79,17 @@ export class UsersService{
         return this.toUserEntity(user, user.avatar?.sum);
     }
 
-    async login(email: string, password: string): Promise<LoginPayload>{
-        const user = await this.prismaService.users.findUnique({
+    async login(usernameOrEmail: string, password: string): Promise<LoginPayload>{
+        const user = await this.prismaService.users.findFirst({
             where: {
-                email,
+                OR: [
+                    {
+                        username: usernameOrEmail,
+                    },
+                    {
+                        email: usernameOrEmail,
+                    },
+                ],
             },
             include: {
                 avatar: true,
diff --git a/src/modules/webtoon/admin/admin.controller.ts b/src/modules/webtoon/admin/admin.controller.ts
@@ -1,14 +1,14 @@
 import {Body, Controller, Delete, Get, HttpCode, Post, UseGuards} from "@nestjs/common";
-import {ApiBearerAuth, ApiResponse, ApiTags} from "@nestjs/swagger";
+import CachedWebtoonModel from "../webtoon/models/models/cached-webtoon.model";
 import {DownloadManagerService} from "../webtoon/download-manager.service";
 import {AddWebtoonToQueueDto} from "./models/dto/add-webtoon-to-queue.dto";
+import {ApiBearerAuth, ApiResponse, ApiTags} from "@nestjs/swagger";
+import {AuthGuard} from "@nestjs/passport";
 import {HttpStatusCode} from "axios";
-import CachedWebtoonModel from "../webtoon/models/models/cached-webtoon.model";
-import {AdminGuard} from "./guard/admin.guard";
 
 @Controller("admin")
 @ApiTags("Admin")
-@UseGuards(AdminGuard)
+@UseGuards(AuthGuard("admin-jwt"))
 export class AdminController{
     constructor(
         private readonly downloadManagerService: DownloadManagerService,
diff --git a/src/modules/webtoon/admin/guard/admin.guard.ts b/src/modules/webtoon/admin/guard/admin.guard.ts
diff --git a/src/modules/webtoon/migration/migration.controller.ts b/src/modules/webtoon/migration/migration.controller.ts
@@ -5,12 +5,12 @@ import {ReadStream} from "fs";
 import {ChunkNumberDto} from "../../../common/models/dto/chunk-number.dto";
 import MigrationInfosResponse from "./models/responses/migration-infos.response";
 import MigrateFromDto from "./models/dto/migrate-from.dto";
-import {AdminGuard} from "../admin/guard/admin.guard";
 import {HttpStatusCode} from "axios";
+import {AuthGuard} from "@nestjs/passport";
 
 @Controller("migration")
 @ApiTags("Migration")
-@UseGuards(AdminGuard)
+@UseGuards(AuthGuard("admin-jwt"))
 export class MigrationController{
     constructor(
         private readonly migrationService: MigrationService,
diff --git a/src/modules/webtoon/update/update.controller.ts b/src/modules/webtoon/update/update.controller.ts
