RI-6154 updates in cloud session

kchepikava · kchepikava · commit 3443f3205b9c · 2024-10-16T12:04:37.000+02:00
diff --git a/redisinsight/api/config/ormconfig.ts b/redisinsight/api/config/ormconfig.ts
@@ -21,6 +21,7 @@ import { CloudDatabaseDetailsEntity } from 'src/modules/cloud/database/entities/
 import { CloudCapiKeyEntity } from 'src/modules/cloud/capi-key/entity/cloud-capi-key.entity';
 import { RdiEntity } from 'src/modules/rdi/entities/rdi.entity';
 import { AiQueryMessageEntity } from 'src/modules/ai/query/entities/ai-query.message.entity';
+import { CloudSessionEntity } from 'src/modules/cloud/session/entities/cloud.session.entity';
 import migrations from '../migration';
 import * as config from '../src/utils/config';
 
@@ -52,6 +53,7 @@ const ormConfig = {
     CloudCapiKeyEntity,
     RdiEntity,
     AiQueryMessageEntity,
+    CloudSessionEntity,
   ],
   migrations,
 };
diff --git a/redisinsight/api/migration/1729024196797-cloud-session.ts b/redisinsight/api/migration/1729024196797-cloud-session.ts
@@ -0,0 +1,14 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class CloudSession1729024196797 implements MigrationInterface {
+    name = 'CloudSession1729024196797'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`CREATE TABLE "cloud_session" ("id" integer PRIMARY KEY NOT NULL, "data" varchar, "encryption" varchar)`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`DROP TABLE "cloud_session"`);
+    }
+
+}
diff --git a/redisinsight/api/migration/index.ts b/redisinsight/api/migration/index.ts
@@ -42,6 +42,7 @@ import { AiHistory1713515657364 } from './1713515657364-ai-history';
 import { AiHistorySteps1714501203616 } from './1714501203616-ai-history-steps';
 import { Rdi1716370509836 } from './1716370509836-rdi';
 import { AiHistory1718260230164 } from './1718260230164-ai-history';
+import { CloudSession1729024196797 } from './1729024196797-cloud-session';
 
 export default [
   initialMigration1614164490968,
@@ -88,4 +89,5 @@ export default [
   AiHistorySteps1714501203616,
   Rdi1716370509836,
   AiHistory1718260230164,
+  CloudSession1729024196797,
 ];
diff --git a/redisinsight/api/src/modules/cloud/auth/cloud-auth.module.ts b/redisinsight/api/src/modules/cloud/auth/cloud-auth.module.ts
@@ -8,7 +8,7 @@ import { CloudAuthController } from 'src/modules/cloud/auth/cloud-auth.controlle
 import { CloudAuthAnalytics } from 'src/modules/cloud/auth/cloud-auth.analytics';
 
 @Module({
-  imports: [CloudSessionModule],
+  imports: [CloudSessionModule.register()],
   providers: [
     GoogleIdpCloudAuthStrategy,
     GithubIdpCloudAuthStrategy,
diff --git a/redisinsight/api/src/modules/cloud/auth/cloud-auth.service.spec.ts b/redisinsight/api/src/modules/cloud/auth/cloud-auth.service.spec.ts
@@ -41,7 +41,7 @@ import { CloudSsoFeatureStrategy } from 'src/modules/cloud/cloud-sso.feature.fla
 import { CloudApiUnauthorizedException } from 'src/modules/cloud/common/exceptions';
 import { SsoIdpCloudAuthStrategy } from 'src/modules/cloud/auth/auth-strategy/sso-idp.cloud.auth-strategy';
 import {
-  CloudOauthSsoUnsupportedEmailException
+  CloudOauthSsoUnsupportedEmailException,
 } from 'src/modules/cloud/auth/exceptions/cloud-oauth.sso-unsupported-email.exception';
 
 const mockedAxios = axios as jest.Mocked<typeof axios>;
@@ -255,7 +255,9 @@ describe('CloudAuthService', () => {
           error: 'access_denied',
           error_description: 'Some required properties are missing: email and lastName',
         },
-      )).rejects.toThrow(new CloudOauthMissedRequiredDataException('Some required properties are missing: email and lastName'));
+      )).rejects.toThrow(
+        new CloudOauthMissedRequiredDataException('Some required properties are missing: email and lastName'),
+      );
     });
     it('should throw an error if request not found', async () => {
       expect(service['authRequests'].size).toEqual(1);
diff --git a/redisinsight/api/src/modules/cloud/auth/cloud-auth.service.ts b/redisinsight/api/src/modules/cloud/auth/cloud-auth.service.ts
@@ -200,7 +200,6 @@ export class CloudAuthService {
   private async revokeRefreshToken(sessionMetadata: SessionMetadata): Promise<void> {
     try {
       const session = await this.sessionService.getSession(sessionMetadata.sessionId);
-
       if (!session?.refreshToken) {
         return;
       }
@@ -270,6 +269,7 @@ export class CloudAuthService {
       await this.sessionService.updateSessionData(sessionMetadata.sessionId, {
         accessToken: data.access_token,
         refreshToken: data.refresh_token,
+        idpType,
         csrf: null,
         apiSessionId: null,
       });
diff --git a/redisinsight/api/src/modules/cloud/capi-key/cloud-capi-key.module.ts b/redisinsight/api/src/modules/cloud/capi-key/cloud-capi-key.module.ts
@@ -11,7 +11,7 @@ import { CloudCapiKeyAnalytics } from 'src/modules/cloud/capi-key/cloud-capi-key
 @Module({
   imports: [
     CloudUserModule,
-    CloudSessionModule,
+    CloudSessionModule.register(),
   ],
   controllers: [CloudCapiKeyController],
   providers: [
diff --git a/redisinsight/api/src/modules/cloud/session/cloud-session.module.ts b/redisinsight/api/src/modules/cloud/session/cloud-session.module.ts
@@ -1,8 +1,23 @@
-import { Module } from '@nestjs/common';
+import { Module, Type } from '@nestjs/common';
 import { CloudSessionService } from 'src/modules/cloud/session/cloud-session.service';
+import { CloudSessionRepository } from './repositories/cloud.session.repository';
+import { LocalCloudSessionRepository } from './repositories/local.cloud.session.repository';
 
-@Module({
-  providers: [CloudSessionService],
-  exports: [CloudSessionService],
-})
-export class CloudSessionModule {}
+@Module({})
+export class CloudSessionModule {
+  static register(
+    cloudSessionRepository: Type<CloudSessionRepository> = LocalCloudSessionRepository,
+  ) {
+    return {
+      module: CloudSessionModule,
+      providers: [
+        CloudSessionService,
+        {
+          provide: CloudSessionRepository,
+          useClass: cloudSessionRepository,
+        },
+      ],
+      exports: [CloudSessionService],
+    };
+  }
+}
diff --git a/redisinsight/api/src/modules/cloud/session/cloud-session.service.ts b/redisinsight/api/src/modules/cloud/session/cloud-session.service.ts
@@ -3,31 +3,71 @@ import { SessionService } from 'src/modules/session/session.service';
 import { CloudSession } from 'src/modules/cloud/session/models/cloud-session';
 import { classToPlain, plainToClass } from 'class-transformer';
 import { TransformGroup } from 'src/common/constants';
+import { CloudSessionRepository } from './repositories/cloud.session.repository';
 
 @Injectable()
 export class CloudSessionService {
   constructor(
     private readonly sessionService: SessionService,
+    private readonly cloudSessionRepository: CloudSessionRepository,
   ) {}
 
   async getSession(id: string): Promise<CloudSession> {
     const session = await this.sessionService.getSession(id);
-    return session?.data?.cloud || null;
+    const cloud = session?.data?.cloud;
+    if (!cloud?.refreshToken) {
+      try {
+        const cloudSessionData = await this.cloudSessionRepository.get();
+        if (cloudSessionData?.data) {
+          const { data } = cloudSessionData;
+
+          return {
+            ...cloud,
+            refreshToken: data.refreshToken,
+            idpType: data.idpType,
+          };
+        }
+      } catch (e) {
+        // ignore
+      }
+    }
+    return cloud;
   }
 
   async updateSessionData(id: string, cloud: any): Promise<CloudSession> {
     const session = await this.getSession(id);
 
-    return (await this.sessionService.updateSessionData(id, {
+    const cloudSession = (await this.sessionService.updateSessionData(id, {
       cloud: plainToClass(CloudSession, {
         ...classToPlain(session, { groups: [TransformGroup.Secure] }),
         ...classToPlain(cloud, { groups: [TransformGroup.Secure] }),
       }, { groups: [TransformGroup.Secure] }),
     }))?.data?.cloud || null;
+
+    if (cloudSession && cloud?.refreshToken && cloud?.idpType) {
+      try {
+        this.cloudSessionRepository.save({
+          data: {
+            refreshToken: cloud.refreshToken,
+            idpType: cloud.idpType,
+          },
+        });
+      } catch (e) {
+        // ignore
+      }
+    }
+
+    return cloudSession;
   }
 
   async deleteSessionData(id: string): Promise<void> {
     await this.sessionService.updateSessionData(id, { cloud: null });
+
+    try {
+      await this.cloudSessionRepository.save({ data: null });
+    } catch (e) {
+      // ignore
+    }
   }
 
   async invalidateApiSession(id: string): Promise<void> {
diff --git a/redisinsight/api/src/modules/cloud/session/entities/cloud.session.entity.ts b/redisinsight/api/src/modules/cloud/session/entities/cloud.session.entity.ts
@@ -0,0 +1,18 @@
+import { Expose } from 'class-transformer';
+import { DataAsJsonString } from 'src/common/decorators';
+import { Column, Entity } from 'typeorm';
+
+@Entity('cloud_session')
+export class CloudSessionEntity {
+  @Column({ nullable: false, primary: true })
+  @Expose()
+  id: number;
+
+  @Column({ nullable: true })
+  @DataAsJsonString()
+  @Expose()
+  data: string;
+
+  @Column({ nullable: true })
+  encryption: string;
+}
diff --git a/redisinsight/api/src/modules/cloud/session/models/cloud-session.ts b/redisinsight/api/src/modules/cloud/session/models/cloud-session.ts
@@ -1,5 +1,6 @@
 import { CloudUser } from 'src/modules/cloud/user/models';
 import { CloudAuthIdpType } from 'src/modules/cloud/auth/models';
+import { Expose } from 'class-transformer';
 
 export class CloudSession {
   accessToken?: string;
@@ -14,3 +15,11 @@ export class CloudSession {
 
   user?: CloudUser;
 }
+
+export class CloudSessionData {
+  @Expose()
+  id: number;
+
+  @Expose()
+  data: CloudSession;
+}
diff --git a/redisinsight/api/src/modules/cloud/session/repositories/cloud.session.repository.ts b/redisinsight/api/src/modules/cloud/session/repositories/cloud.session.repository.ts
@@ -0,0 +1,7 @@
+// import { SessionMetadata } from 'src/common/models';
+import { CloudSessionData } from '../models/cloud-session';
+
+export abstract class CloudSessionRepository {
+  abstract get(): Promise<CloudSessionData>;
+  abstract save(data: Partial<CloudSessionData>): Promise<void>;
+}
diff --git a/redisinsight/api/src/modules/cloud/session/repositories/local.cloud.session.repository.spec.ts b/redisinsight/api/src/modules/cloud/session/repositories/local.cloud.session.repository.spec.ts
@@ -0,0 +1 @@
+// TODO
diff --git a/redisinsight/api/src/modules/cloud/session/repositories/local.cloud.session.repository.ts b/redisinsight/api/src/modules/cloud/session/repositories/local.cloud.session.repository.ts
@@ -0,0 +1,43 @@
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { classToClass } from 'src/utils';
+// import { SessionMetadata } from 'src/common/models';
+import { EncryptionService } from 'src/modules/encryption/encryption.service';
+import { ModelEncryptor } from 'src/modules/encryption/model.encryptor';
+import { CloudSessionRepository } from './cloud.session.repository';
+import { CloudSessionEntity } from '../entities/cloud.session.entity';
+import { CloudSessionData } from '../models/cloud-session';
+
+const SESSION_ID = 1;
+
+export class LocalCloudSessionRepository extends CloudSessionRepository {
+  private readonly modelEncryptor: ModelEncryptor;
+
+  constructor(
+    @InjectRepository(CloudSessionEntity)
+    private readonly repository: Repository<CloudSessionEntity>,
+    private readonly encryptionService: EncryptionService,
+  ) {
+    super();
+    this.modelEncryptor = new ModelEncryptor(this.encryptionService, ['data']);
+  }
+
+  async get(): Promise<CloudSessionData> {
+    const entity = await this.repository.findOneBy({ id: SESSION_ID });
+
+    if (!entity) {
+      return null;
+    }
+
+    const decrypted = await this.modelEncryptor.decryptEntity(entity, false);
+    return classToClass(CloudSessionData, decrypted);
+  }
+
+  async save(cloudAuth: Partial<CloudSessionData>): Promise<void> {
+    const entity = await this.modelEncryptor.encryptEntity(
+      classToClass(CloudSessionEntity, { id: SESSION_ID, ...cloudAuth }),
+    );
+
+    await this.repository.upsert(entity, ['id']);
+  }
+}
diff --git a/redisinsight/api/src/modules/cloud/subscription/cloud-subscription.module.ts b/redisinsight/api/src/modules/cloud/subscription/cloud-subscription.module.ts
@@ -11,7 +11,7 @@ import { CloudSubscriptionCapiProvider } from './providers/cloud-subscription.ca
 @Module({
   imports: [
     CloudUserModule,
-    CloudSessionModule,
+    CloudSessionModule.register(),
     CloudCapiKeyModule,
   ],
   providers: [
diff --git a/redisinsight/api/src/modules/cloud/user/cloud-user.api.service.ts b/redisinsight/api/src/modules/cloud/user/cloud-user.api.service.ts
@@ -1,5 +1,4 @@
 import { find } from 'lodash';
-import { decode } from 'jsonwebtoken';
 import { Injectable, Logger } from '@nestjs/common';
 import { SessionMetadata } from 'src/common/models';
 import { CloudUserRepository } from 'src/modules/cloud/user/repositories/cloud-user.repository';
@@ -10,11 +9,9 @@ import { CloudApiUnauthorizedException } from 'src/modules/cloud/common/exceptio
 import { CloudUserApiProvider } from 'src/modules/cloud/user/providers/cloud-user.api.provider';
 import { CloudRequestUtm } from 'src/modules/cloud/common/models';
 import { CloudAuthService } from 'src/modules/cloud/auth/cloud-auth.service';
-import config from 'src/utils/config';
 import { CloudSession } from 'src/modules/cloud/session/models/cloud-session';
 import { ServerService } from 'src/modules/server/server.service';
-
-const cloudConfig = config.get('cloud');
+import { isValidToken } from './utils';
 
 @Injectable()
 export class CloudUserApiService {
@@ -70,20 +67,15 @@ export class CloudUserApiService {
     try {
       const session = await this.sessionService.getSession(sessionMetadata.sessionId);
 
-      if (!session?.accessToken) {
+      if (!session?.refreshToken) {
         throw new CloudApiUnauthorizedException();
       }
 
-      const { exp } = JSON.parse(Buffer.from(session.accessToken.split('.')[1], 'base64').toString());
-
-      const expiresIn = exp * 1_000 - Date.now();
-
-      if (expiresIn < cloudConfig.renewTokensBeforeExpire) {
-        // need to renew
-        await this.cloudAuthService.renewTokens(sessionMetadata, session.idpType, session.refreshToken);
+      if (!isValidToken(session?.accessToken)) {
+        await this.cloudAuthService.renewTokens(sessionMetadata, session?.idpType, session?.refreshToken);
       }
     } catch (e) {
-      throw new CloudApiUnauthorizedException();
+      throw new CloudApiUnauthorizedException(e.message);
     }
   }
 
diff --git a/redisinsight/api/src/modules/cloud/user/cloud-user.module.ts b/redisinsight/api/src/modules/cloud/user/cloud-user.module.ts
@@ -11,7 +11,7 @@ import { CloudAuthModule } from 'src/modules/cloud/auth/cloud-auth.module';
 
 @Global()
 @Module({
-  imports: [CloudSessionModule, CloudAuthModule],
+  imports: [CloudSessionModule.register(), CloudAuthModule],
   providers: [
     CloudUserApiProvider,
     CloudUserCapiProvider,
diff --git a/redisinsight/api/src/modules/cloud/user/utils/index.ts b/redisinsight/api/src/modules/cloud/user/utils/index.ts
@@ -1 +1,2 @@
 export * from './cloud-data-converter';
+export * from './token';
diff --git a/redisinsight/api/src/modules/cloud/user/utils/token.ts b/redisinsight/api/src/modules/cloud/user/utils/token.ts
@@ -0,0 +1,15 @@
+import config from 'src/utils/config';
+
+const cloudConfig = config.get('cloud');
+
+export const isValidToken = (token?: string) => {
+  if (!token) {
+    return false;
+  }
+
+  const { exp } = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
+
+  const expiresIn = exp * 1_000 - Date.now();
+
+  return expiresIn > cloudConfig.renewTokensBeforeExpire;
+};
diff --git a/redisinsight/api/src/modules/rdi/rdi.service.ts b/redisinsight/api/src/modules/rdi/rdi.service.ts
@@ -16,6 +16,7 @@ import { RdiPipelineNotFoundException, wrapRdiPipelineError } from 'src/modules/
 import { isUndefined, omitBy } from 'lodash';
 import { deepMerge } from 'src/common/utils';
 import { RdiAnalytics } from './rdi.analytics';
+import { CloudAuthService } from '../cloud/auth/cloud-auth.service';
 
 @Injectable()
 export class RdiService {
