Merge pull request #19 from bcgov/feat/guard-get-record-and-validate

WIP: Get Record and Validate Case/Incident (guard refactor)

.env.example

@@ -1,7 +1,14 @@
+NODE_ENV=production
+
 RECORD_CACHE_MS = 60000
 
 ACCESS_TOKEN_URL='url here'
 CLIENT_ID='id here'
 CLIENT_SECRET='secret here'
 UPSTREAM_BASE_URL=http://www.google.com
-SUPPORT_NETWORK_ENDPOINT=/endpoint/path/here
+SUPPORT_NETWORK_ENDPOINT=/endpoint/path/here
+CASE_ENDPOINT=/endpoint/path/here
+INCIDENT_ENDPOINT=/endpoint/path/here
+SR_ENDPOINT=/endpoint/path/here
+MEMO_ENDPOINT=/endpoint/path/here
+SKIP_AUTH_GUARD=false

helm/templates/deployment.yaml

@@ -77,4 +77,9 @@ spec:
                 secretKeyRef:
                     name: visitz-api
                     key: CLIENT_SECRET
+            - name: SKIP_AUTH_GUARD
+              valueFrom:
+                secretKeyRef:
+                    name: visitz-api
+                    key: SKIP_AUTH_GUARD
       restartPolicy: Always

package.json

@@ -39,6 +39,7 @@
     "save": "^2.9.0"
   },
   "devDependencies": {
+    "@jest-mock/express": "^2.1.0",
     "@nestjs/cli": "^10.0.0",
     "@nestjs/schematics": "^10.0.0",
     "@nestjs/testing": "^10.0.0",

src/common/common.module.ts

@@ -1,7 +1,15 @@
 import { Module } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { HttpModule } from '@nestjs/axios';
+import { UtilitiesModule } from '../helpers/utilities/utilities.module';
+import { UtilitiesService } from '../helpers/utilities/utilities.service';
+import { AuthService } from './guards/auth/auth.service';
+import { AuthModule } from './guards/auth/auth.module';
+import { TokenRefresherModule } from '../helpers/token-refresher/token-refresher.module';
 
 @Module({
-  providers: [],
-  imports: [],
+  providers: [UtilitiesService, AuthService, UtilitiesService, ConfigService],
+  imports: [UtilitiesModule, AuthModule, HttpModule, TokenRefresherModule],
+  exports: [AuthService],
 })
 export class CommonModule {}

src/common/guards/auth/auth.guard.spec.ts

@@ -0,0 +1,133 @@
+import { HttpService } from '@nestjs/axios';
+import { CACHE_MANAGER } from '@nestjs/cache-manager';
+import { Controller, ExecutionContext, UseGuards } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { TestingModule, Test } from '@nestjs/testing';
+import { UtilitiesService } from '../../../helpers/utilities/utilities.service';
+import { AuthGuard } from './auth.guard';
+import { AuthService } from './auth.service';
+import { getMockReq } from '@jest-mock/express';
+import { TokenRefresherService } from '../../../helpers/token-refresher/token-refresher.service';
+
+describe('AuthGuard', () => {
+  let service: AuthService;
+  let configService: ConfigService;
+  let guard;
+
+  @Controller()
+  class TestController {
+    @UseGuards(AuthGuard)
+    async example() {
+      return true;
+    }
+  }
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        {
+          provide: AuthService,
+          useValue: { getRecordAndValidate: () => jest.fn() },
+        },
+        TokenRefresherService,
+        {
+          provide: CACHE_MANAGER,
+          useValue: {
+            set: () => jest.fn(),
+            get: () => jest.fn(),
+          },
+        },
+        UtilitiesService,
+        {
+          provide: ConfigService,
+          useValue: {
+            get: jest.fn((key: string) => {
+              const lookup = {
+                skipAuthGuard: true,
+              };
+              return lookup[key];
+            }),
+          },
+        },
+        { provide: HttpService, useValue: { get: jest.fn() } },
+      ],
+      controllers: [TestController],
+    }).compile();
+
+    service = module.get<AuthService>(AuthService);
+    configService = module.get<ConfigService>(ConfigService);
+    const guards = Reflect.getMetadata(
+      '__guards__',
+      TestController.prototype.example,
+    );
+    guard = new guards[0](service, configService);
+    jest.clearAllMocks();
+  });
+  it('should be defined', () => {
+    expect(guard).toBeDefined();
+    expect(guard).toBeInstanceOf(AuthGuard);
+  });
+
+  describe('canActivate tests', () => {
+    it('should always return true when skipping', async () => {
+      const authSpy = jest
+        .spyOn(service, 'getRecordAndValidate')
+        .mockResolvedValueOnce(false);
+      const guardSpy = jest.spyOn(AuthGuard.prototype, 'canActivate');
+      const execContext = {
+        switchToHttp: () => ({
+          getRequest: () => getMockReq(),
+        }),
+      };
+      const isAuthed = await guard.canActivate(execContext as ExecutionContext);
+      expect(authSpy).toHaveBeenCalledTimes(0);
+      expect(guardSpy).toHaveBeenCalledTimes(1);
+      expect(isAuthed).toBe(true);
+    });
+
+    it('should return the result of getRecordAndValidate when not skipping', async () => {
+      const module: TestingModule = await Test.createTestingModule({
+        providers: [
+          AuthService,
+          TokenRefresherService,
+          { provide: CACHE_MANAGER, useValue: {} },
+          UtilitiesService,
+          {
+            provide: ConfigService,
+            useValue: {
+              get: jest.fn((key: string) => {
+                const lookup = {
+                  skipAuthGuard: false,
+                };
+                return lookup[key];
+              }),
+            },
+          },
+
+          { provide: HttpService, useValue: { get: jest.fn() } },
+        ],
+      }).compile();
+      service = module.get<AuthService>(AuthService);
+      configService = module.get<ConfigService>(ConfigService);
+      const guards = Reflect.getMetadata(
+        '__guards__',
+        TestController.prototype.example,
+      );
+      guard = new guards[0](service, configService);
+
+      const authSpy = jest
+        .spyOn(service, 'getRecordAndValidate')
+        .mockResolvedValueOnce(false);
+      const guardSpy = jest.spyOn(AuthGuard.prototype, 'canActivate');
+      const execContext = {
+        switchToHttp: () => ({
+          getRequest: () => getMockReq(),
+        }),
+      };
+      const isAuthed = await guard.canActivate(execContext);
+      expect(authSpy).toHaveBeenCalledTimes(1);
+      expect(guardSpy).toHaveBeenCalledTimes(1);
+      expect(isAuthed).toBe(false);
+    });
+  });
+});

src/common/guards/auth/auth.guard.ts

@@ -0,0 +1,26 @@
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { Observable } from 'rxjs';
+import { AuthService } from './auth.service';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  skip;
+  constructor(
+    private readonly authService: AuthService,
+    private readonly configService: ConfigService,
+  ) {
+    this.skip = this.configService.get('skipAuthGuard');
+  }
+
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    if (this.skip) {
+      // skip for local development
+      return true;
+    }
+    const request = context.switchToHttp().getRequest();
+    return this.authService.getRecordAndValidate(request);
+  }
+}

src/common/guards/auth/auth.module.ts

@@ -0,0 +1,20 @@
+import { Module } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { HttpModule } from '@nestjs/axios';
+import { AuthService } from './auth.service';
+import { UtilitiesModule } from '../../../helpers/utilities/utilities.module';
+import { UtilitiesService } from '../../../helpers/utilities/utilities.service';
+import { TokenRefresherService } from '../../../helpers/token-refresher/token-refresher.service';
+import { TokenRefresherModule } from '../../../helpers/token-refresher/token-refresher.module';
+
+@Module({
+  providers: [
+    TokenRefresherService,
+    AuthService,
+    UtilitiesService,
+    ConfigService,
+  ],
+  imports: [UtilitiesModule, HttpModule, TokenRefresherModule],
+  exports: [AuthService],
+})
+export class AuthModule {}