Add Identity.verifyLoggedIn

Author: CarsonF

src/common/session.ts

@@ -9,7 +9,6 @@ import { Context } from '@nestjs/graphql';
 import { type DateTime } from 'luxon';
 import { Identity } from '~/core/authentication';
 import { type ScopedRole } from '../components/authorization/dto';
-import { UnauthenticatedException } from './exceptions';
 import { type ID } from './id-field';
 
 export interface Session {
@@ -32,13 +31,6 @@ export interface Session {
   };
 }
 
-export function loggedInSession(session: Session): Session {
-  if (session.anonymous) {
-    throw new UnauthenticatedException('User is not logged in');
-  }
-  return session;
-}
-
 @Injectable()
 export class SessionPipe implements PipeTransform {
   constructor(private readonly identity: Identity) {}
@@ -49,8 +41,7 @@ export class SessionPipe implements PipeTransform {
 }
 
 /** @deprecated */
-export const LoggedInSession = () =>
-  AnonSession({ transform: loggedInSession });
+export const LoggedInSession = () => AnonSession();
 
 /** @deprecated */
 export const AnonSession =

src/components/authentication/session.interceptor.ts

@@ -21,8 +21,8 @@ import {
   type Session,
   UnauthenticatedException,
 } from '~/common';
-import { loggedInSession as verifyLoggedIn } from '~/common/session';
 import { ConfigService } from '~/core';
+import { Identity } from '~/core/authentication';
 import { GlobalHttpHook, type IRequest } from '~/core/http';
 import { rolesForScope } from '../authorization/dto';
 import { Anonymous } from './anonymous.decorator';
@@ -36,6 +36,7 @@ export class SessionInterceptor implements NestInterceptor {
     private readonly auth: AuthenticationService & {},
     private readonly config: ConfigService,
     private readonly sessionHost: SessionHost,
+    private readonly identity: Identity,
   ) {}
 
   private readonly sessionByRequest = new AsyncLocalStorage<
@@ -85,7 +86,7 @@ export class SessionInterceptor implements NestInterceptor {
       Anonymous.get(executionContext.getClass()) ??
       !isMutation;
     if (!allowAnonymous && session) {
-      verifyLoggedIn(session);
+      this.identity.verifyLoggedIn();
     }
 
     return next.handle();

src/components/comments/comment-thread.resolver.ts

@@ -1,8 +1,8 @@
 import { Args, Parent, Query, ResolveField, Resolver } from '@nestjs/graphql';
 import { stripIndent } from 'common-tags';
-import { AnonSession, type ID, IdArg, ListArg, type Session } from '~/common';
-import { loggedInSession as verifyLoggedIn } from '~/common/session';
+import { type ID, IdArg, ListArg } from '~/common';
 import { Loader, type LoaderOf, ResourceLoader } from '~/core';
+import { Identity } from '~/core/authentication';
 import { UserLoader } from '../user';
 import { User } from '../user/dto';
 import { CommentThreadLoader } from './comment-thread.loader';
@@ -23,6 +23,7 @@ export class CommentThreadResolver {
   constructor(
     private readonly service: CommentService,
     private readonly resources: ResourceLoader,
+    private readonly identity: Identity,
   ) {}
 
   @Query(() => CommentThread, {
@@ -41,11 +42,10 @@ export class CommentThreadResolver {
   async commentThreads(
     @IdArg({ name: 'resource' }) resourceId: ID,
     @ListArg(CommentThreadListInput) input: CommentThreadListInput,
-    @AnonSession() session: Session,
     @Loader(CommentThreadLoader) commentThreads: LoaderOf<CommentThreadLoader>,
   ): Promise<CommentThreadList> {
     // TODO move to auth policy
-    verifyLoggedIn(session);
+    this.identity.verifyLoggedIn();
     const resource = await this.service.loadCommentable(resourceId);
     const list = await this.service.listThreads(resource, input);
     commentThreads.primeAll(list.items);

src/components/file/file-url.controller.ts

@@ -10,7 +10,7 @@ import {
   Response,
 } from '@nestjs/common';
 import { type ID } from '~/common';
-import { loggedInSession as verifyLoggedIn } from '~/common/session';
+import { Identity } from '~/core/authentication';
 import { HttpAdapter, type IRequest, type IResponse } from '~/core/http';
 import { SessionInterceptor } from '../authentication/session.interceptor';
 import { FileService } from './file.service';
@@ -23,6 +23,7 @@ export class FileUrlController {
     @Inject(forwardRef(() => FileService))
     private readonly files: FileService & {},
     private readonly sessionHost: SessionInterceptor,
+    private readonly identity: Identity,
     private readonly http: HttpAdapter,
   ) {}
 
@@ -37,7 +38,7 @@ export class FileUrlController {
 
     if (!node.public) {
       const session = await this.sessionHost.hydrateSession({ request });
-      verifyLoggedIn(session);
+      this.identity.verifyLoggedIn(session);
     }
 
     // TODO authorization using session

src/core/authentication/identity.service.ts

@@ -1,5 +1,5 @@
 import { forwardRef, Inject, Injectable } from '@nestjs/common';
-import type { ID, Role } from '~/common';
+import { type ID, type Role, UnauthenticatedException } from '~/common';
 import { type AuthenticationService } from '../../components/authentication';
 import { SessionHost } from '../../components/authentication/session.host';
 
@@ -36,6 +36,15 @@ export class Identity {
     return this.current.anonymous;
   }
 
+  /**
+   * Manually verify the current requestor is logged in.
+   */
+  verifyLoggedIn(session?: Identity['current']) {
+    if ((session ?? this.current).anonymous) {
+      throw new UnauthenticatedException('User is not logged in');
+    }
+  }
+
   /**
    * Is the current user an admin?
    *