Merge pull request #308 from abdeljalil-salhi/305-add-xtwitter-oauth

Add X/Twitter OAuth with passport-twitter in the NestJS session

Author: abdeljalil-salhi

backend-nestjs/package-lock.json

@@ -42,12 +42,14 @@
     "class-validator": "^0.14.1",
     "graphql": "^16.8.1",
     "multer": "^1.4.5-lts.1",
+    "nestjs-session": "^3.0.1",
     "nodemailer": "^6.9.13",
     "otplib": "^12.0.1",
     "passport": "^0.7.0",
     "passport-google-oauth2": "^0.2.0",
     "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
+    "passport-twitter": "^1.0.4",
     "qrcode": "^1.5.3",
     "reflect-metadata": "^0.2.1",
     "rxjs": "^7.8.1",
@@ -66,6 +68,7 @@
     "@types/passport-google-oauth2": "^0.1.8",
     "@types/passport-jwt": "^4.0.1",
     "@types/passport-local": "^1.0.38",
+    "@types/passport-twitter": "^1.0.40",
     "@types/supertest": "^6.0.2",
     "@types/uuid": "^9.0.8",
     "@typescript-eslint/eslint-plugin": "^7.2.0",

backend-nestjs/package.json

@@ -36,6 +36,7 @@ import { mailerConfig } from 'src/config/mailer.config';
 import { graphQLErrorFormatter } from './utils/graphql-error-formatter';
 import { SocketGateway } from 'src/socket/socket.gateway';
 import { SocketService } from 'src/socket/socket.service';
+import { SessionModule } from 'nestjs-session';
 
 /**
  * The root module of the application.
@@ -66,6 +67,18 @@ import { SocketService } from 'src/socket/socket.service';
     // Enable the scheduling module
     ScheduleModule.forRoot(),
 
+    // Configure the session module
+    SessionModule.forRoot({
+      session: {
+        secret: process.env.SESSION_SECRET, // Use the session secret from the environment variables
+        resave: false, // Do not save the session if it has not been modified
+        saveUninitialized: true, // Save the session even if it is new
+        cookie: {
+          secure: process.env.NODE_ENV === 'production', // Use secure cookies in production
+        },
+      },
+    }),
+
     AuthModule,
     UserModule,
     AvatarModule,

backend-nestjs/src/app/app.module.ts

@@ -13,10 +13,13 @@ import {
 import { AuthService } from './auth.service';
 // Guards
 import { GoogleOAuthGuard } from './guards/google-oauth.guard';
+import { XTwitterOAuthGuard } from './guards/xtwitter-oauth.guard';
 // Decorators
 import { Public } from './decorators/public.decorator';
 // Interfaces
-import { GoogleUser } from './interfaces/google-user.interface';
+import { OAuthUser } from './interfaces/oauth-user.interface';
+// DTOs
+import { AuthResponse } from './dtos/auth.response';
 
 /**
  * The controller that handles the authentication routes.
@@ -45,7 +48,7 @@ export class AuthController {
   @Public()
   @Get('google')
   @UseGuards(GoogleOAuthGuard)
-  public async auth(): Promise<void> {}
+  public async googleAuth(): Promise<void> {}
 
   /**
    * Handles the Google OAuth callback.
@@ -68,8 +71,8 @@ export class AuthController {
       /**
        * The response containing the tokens and the user information.
        */
-      const response = await this.authService.loginWithGoogle(
-        req.user as GoogleUser,
+      const response: AuthResponse = await this.authService.loginWithOAuth(
+        req.user as OAuthUser,
       );
 
       // Set the access token cookie
@@ -106,4 +109,77 @@ export class AuthController {
       res.redirect(`${process.env.FRONTEND_URL}/google?error=${errorCode}`);
     }
   }
+
+  /**
+   * Authenticates the user using Twitter OAuth.
+   * This route redirects the user to the Twitter OAuth page.
+   *
+   * @public
+   * @useGuards XTwitterOAuthGuard
+   * @returns {Promise<void>} - The response
+   */
+  @Public()
+  @Get('twitter')
+  @UseGuards(XTwitterOAuthGuard)
+  public async twitterAuth(): Promise<void> {}
+
+  /**
+   * Handles the Twitter OAuth callback.
+   * This route is called after the user authenticates with Twitter.
+   *
+   * @public
+   * @useGuards XTwitterOAuthGuard
+   * @param {Request} req - The request object.
+   * @param {Response} res - The response object.
+   * @returns {Promise<void>} - The response
+   */
+  @Public()
+  @Get('twitter/callback')
+  @UseGuards(XTwitterOAuthGuard)
+  public async twitterAuthCallback(
+    @Req() req: Request,
+    @Res() res: Response,
+  ): Promise<void> {
+    try {
+      /**
+       * The response containing the tokens and the user information.
+       */
+      const response: AuthResponse = await this.authService.loginWithOAuth(
+        req.user as OAuthUser,
+      );
+
+      // Set the access token cookie
+      res.cookie('access_token', response.accessToken, {
+        maxAge: 60 * 60 * 24 * 7 * 1000, // 7 days
+        sameSite: true,
+        secure: process.env.NODE_ENV === 'production',
+      });
+
+      if (response.is2faEnabled)
+        // Set the short-lived token cookie
+        res.cookie('short_lived_token', response.shortLivedToken, {
+          maxAge: 60 * 30 * 1000, // 30 minutes
+          sameSite: true,
+          secure: process.env.NODE_ENV === 'production',
+        });
+
+      // Redirect the user to the frontend with the 2FA status
+      res.redirect(
+        `${process.env.FRONTEND_URL}/x?2fa=${response.is2faEnabled ? 1 : 0}`,
+      );
+    } catch (e) {
+      console.log(e);
+
+      let errorCode: string = '0';
+
+      if (e instanceof HttpException) {
+        const response: string | object = e.getResponse();
+        if (typeof response === 'object' && response !== null)
+          errorCode = response['error'] || errorCode;
+      }
+
+      // Redirect the user to the frontend with the error code
+      res.redirect(`${process.env.FRONTEND_URL}/x?error=${errorCode}`);
+    }
+  }
 }

backend-nestjs/src/auth/auth.controller.ts

@@ -17,6 +17,7 @@ import { AccessTokenStrategy } from './strategies/access-token.strategy';
 import { RefreshTokenStrategy } from './strategies/refresh-token.strategy';
 import { ShortLivedTokenStrategy } from './strategies/short-lived-token.strategy';
 import { GoogleStrategy } from './strategies/google.strategy';
+import { XTwitterStrategy } from './strategies/xtwitter.strategy';
 // Controllers
 import { AuthController } from './auth.controller';
 
@@ -46,6 +47,7 @@ import { AuthController } from './auth.controller';
     RefreshTokenStrategy,
     ShortLivedTokenStrategy,
     GoogleStrategy,
+    XTwitterStrategy,
   ],
   controllers: [AuthController],
 })

backend-nestjs/src/auth/auth.module.ts

@@ -27,14 +27,14 @@ import { ForgotPasswordInput } from './dtos/forgot-password.input';
 import { ChangePasswordInput } from './dtos/change-password.input';
 import { ShortLivedTokenResponse } from './dtos/short-lived-token.response';
 // Interfaces
-import { GoogleUser } from './interfaces/google-user.interface';
+import { OAuthUser } from './interfaces/oauth-user.interface';
 
 /**
  * The authentication service that encapsulates all authentication-related features and functionalities.
  *
  * @method register - Registers a new user with the specified details.
  * @method login - Logs in the user with the specified details.
- * @method loginWithGoogle - Logs in the user with the specified Google profile.
+ * @method loginWithOAuth - Logs in the user with the specified OAuth profile.
  * @method logout - Logs out the user with the specified ID.
  * @method me - Returns the currently authenticated user.
  * @method verifyPassword - Verifies the password of the user with the specified ID.
@@ -225,33 +225,33 @@ export class AuthService {
   }
 
   /**
-   * Logs in the user with the specified Google profile.
+   * Logs in the user with the specified OAuth profile.
    *
-   * @param {GoogleUser} profile - The Google profile details for the user to login.
+   * @param {OAuthUser} profile - The OAuth profile details for the user to login.
    * @returns {Promise<AuthResponse>} - The result of the login operation.
-   * @throws {BadRequestException} - Thrown if the Google profile is invalid.
+   * @throws {BadRequestException} - Thrown if the OAuth profile is invalid.
    * @throws {ForbiddenException} - Thrown if the user has already registered with a different provider.
    */
-  public async loginWithGoogle(profile: GoogleUser): Promise<AuthResponse> {
+  public async loginWithOAuth(profile: OAuthUser): Promise<AuthResponse> {
     if (!profile)
       throw new BadRequestException(
-        'You must provide a valid Google profile to proceed with the login process. Please try again.',
+        'You must provide a valid OAuth profile to proceed with the login process. Please try again.',
         { cause: new Error(), description: '1' },
       );
 
-    // Extract the provider, email, name, and avatar from the Google profile
+    // Extract the provider, email, name, and avatar from the OAuth profile
     const { provider, email, name, avatar } = profile;
 
-    // Check if the Google profile is valid
+    // Check if the OAuth profile is valid
     if (!provider || !email || !name || !avatar)
       throw new BadRequestException(
-        'The Google profile provided is invalid. Please try again.',
+        'The OAuth profile provided is invalid. Please try again.',
         { cause: new Error(), description: '1' },
       );
 
     /**
-     * Find the user by the email provided in the Google profile.
-     * If the user is not found, create a new user with the Google profile details and authenticate the user.
+     * Find the user by the email provided in the OAuth profile.
+     * If the user is not found, create a new user with the OAuth profile details and authenticate the user.
      * If the user is found, continue with the login process.
      */
     const user: User = await this.userService
@@ -262,7 +262,7 @@ export class AuthService {
 
     if (!user) {
       /**
-       * Generate a random username by appending random numbers to the Google given name.
+       * Generate a random username by appending random numbers to the OAuth given name.
        */
       let username: string = name.toLowerCase() + '_';
 
@@ -291,7 +291,7 @@ export class AuthService {
      */
     if (user.connection.provider !== provider)
       throw new ForbiddenException(
-        'You have already registered with a different provider. Please login using your email and password.',
+        'You have already registered with a different provider. Please try logging in using your email and password.',
         { cause: new Error(), description: '2' },
       );
 

backend-nestjs/src/auth/auth.service.ts

@@ -0,0 +1,16 @@
+// Dependencies
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+/**
+ * Guard class representing a Twitter OAuth authentication guard.
+ *
+ * This guard utilizes the 'twitter' strategy to validate Twitter accounts.
+ *
+ * @export
+ * @class XTwitterOAuthGuard
+ * @extends {AuthGuard('xtwitter')}
+ * @module AuthModule
+ */
+@Injectable()
+export class XTwitterOAuthGuard extends AuthGuard('twitter') {}

backend-nestjs/src/auth/guards/xtwitter-oauth.guard.ts

@@ -0,0 +1,36 @@
+/**
+ * The OAuthUser interface represents the structure of the OAuth account.
+ *
+ * @export
+ * @interface OAuthUser
+ * @property {('google' | 'xtwitter')} provider - The provider of the OAuth account.
+ * @property {string} email - The email of the OAuth account.
+ * @property {string} name - The name of the OAuth account.
+ * @property {string} avatar - The avatar of the OAuth account.
+ * @module AuthModule
+ */
+export interface OAuthUser {
+  /**
+   * The provider of the OAuth account.
+   * @type {('google' | 'xtwitter')}
+   */
+  provider: 'google' | 'xtwitter';
+
+  /**
+   * The email of the OAuth account.
+   * @type {string}
+   */
+  email: string;
+
+  /**
+   * The name of the OAuth account.
+   * @type {string}
+   */
+  name: string;
+
+  /**
+   * The avatar of the OAuth account.
+   * @type {string}
+   */
+  avatar: string;
+}

backend-nestjs/src/auth/interfaces/google-user.interface.ts

@@ -4,7 +4,7 @@ import { PassportStrategy } from '@nestjs/passport';
 import { Strategy, VerifyCallback } from 'passport-google-oauth2';
 
 // Interfaces
-import { GoogleUser } from '../interfaces/google-user.interface';
+import { OAuthUser } from '../interfaces/oauth-user.interface';
 
 /**
  * The strategy that handles the validation of Google accounts.
@@ -40,7 +40,7 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
    * @param {string} _refreshToken - The refresh token of the Google account.
    * @param {*} profile - The profile of the Google account.
    * @param {VerifyCallback} done - The callback function.
-   * @returns {Promise<any>} - The validated user.
+   * @returns {Promise<void>} - The validated user.
    */
   public async validate(
     _accessToken: string,
@@ -51,13 +51,15 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
     // Extract the required information from the Google profile
     const { name, emails, photos } = profile;
 
-    const user: GoogleUser = {
+    // Prepare the OAuth user object
+    const user: OAuthUser = {
       provider: 'google',
       email: emails[0].value,
       name: name.givenName,
       avatar: photos[0].value,
     };
 
+    // Return the validated user
     done(null, user);
   }
 }