| 1 | 9 |  | import { Injectable, ForbiddenException } from '@nestjs/common'; | 
            
                                                        
            
                                    
            
            
                | 2 | 9 |  | import { JwtService } from '@nestjs/jwt'; | 
            
                                                        
            
                                    
            
            
                | 3 | 9 |  | import { HttpService } from '@nestjs/axios'; | 
            
                                                        
            
                                    
            
            
                | 4 | 9 |  | import { InjectRepository } from '@nestjs/typeorm'; | 
            
                                                        
            
                                    
            
            
                | 5 | 9 |  | import { Repository } from 'typeorm'; | 
            
                                                        
            
                                    
            
            
                | 6 | 9 |  | import { firstValueFrom } from 'rxjs'; | 
            
                                                        
            
                                    
            
            
                | 7 | 9 |  | import { ConfigService } from '@nestjs/config'; | 
            
                                                        
            
                                    
            
            
                | 8 | 9 |  | import { User } from '../users/entities/user.entity'; | 
            
                                                        
            
                                    
            
            
                | 9 |  |  | import { GithubUser } from './types/github-user.interface'; | 
            
                                                        
            
                                    
            
            
                | 10 |  |  | import { JwtPayload } from './types/jwt-payload.interface'; | 
            
                                                        
            
                                    
            
            
                | 11 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 12 |  |  | @Injectable() | 
            
                                                        
            
                                    
            
            
                | 13 | 9 |  | export class AuthService { | 
            
                                                        
            
                                    
            
            
                | 14 |  |  |   constructor( | 
            
                                                        
            
                                    
            
            
                | 15 |  |  |     @InjectRepository(User) | 
            
                                                        
            
                                    
            
            
                | 16 | 11 |  |     private userRepository: Repository<User>, | 
            
                                                        
            
                                    
            
            
                | 17 | 11 |  |     private jwtService: JwtService, | 
            
                                                        
            
                                    
            
            
                | 18 | 11 |  |     private httpService: HttpService, | 
            
                                                        
            
                                    
            
            
                | 19 | 11 |  |     private configService: ConfigService, | 
            
                                                        
            
                                    
            
            
                | 20 |  |  |   ) {} | 
            
                                                        
            
                                    
            
            
                | 21 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 22 |  |  |   async exchangeGithubCode(code: string) { | 
            
                                                        
            
                                    
            
            
                | 23 |  |  |     // console.log('Attempting exchange with code:', code); | 
            
                                                        
            
                                    
            
            
                | 24 |  |  |     // console.log('Using client ID:', this.configService.get('OAUTH_CLIENT_ID')); | 
            
                                                        
            
                                    
            
            
                | 25 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 26 | 3 |  |     const githubToken = await this.getGithubToken(code); | 
            
                                                        
            
                                    
            
            
                | 27 | 3 |  |     const githubUser = await this.getGithubUser(githubToken); | 
            
                                                        
            
                                    
            
            
                | 28 | 3 |  |     const user = await this.findOrCreateUser(githubUser); | 
            
                                                        
            
                                    
            
            
                | 29 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 30 |  |  |       // Check if the user's account is inactive | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                        
            
                                    
            
            
                | 31 | 3 |  |     if (user.roles.includes('inactive')) { | 
            
                                                        
            
                                    
            
            
                | 32 | 1 |  |       throw new ForbiddenException('Your account is inactive.'); | 
            
                                                        
            
                                    
            
            
                | 33 |  |  |     } | 
            
                                                        
            
                                    
            
            
                | 34 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 35 | 2 |  |     const token = this.createToken(user); | 
            
                                                        
            
                                    
            
            
                | 36 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 37 | 2 |  |     return { | 
            
                                                        
            
                                    
            
            
                | 38 |  |  |       access_token: token, | 
            
                                                        
            
                                    
            
            
                | 39 |  |  |       user: { | 
            
                                                        
            
                                    
            
            
                | 40 |  |  |         githubId: user.githubId, | 
            
                                                        
            
                                    
            
            
                | 41 |  |  |         username: user.username, | 
            
                                                        
            
                                    
            
            
                | 42 |  |  |         email: user.email, | 
            
                                                        
            
                                    
            
            
                | 43 |  |  |         roles: user.roles, | 
            
                                                        
            
                                    
            
            
                | 44 |  |  |         hasAcceptedTerms: user.hasAcceptedTerms, | 
            
                                                        
            
                                    
            
            
                | 45 |  |  |       }, | 
            
                                                        
            
                                    
            
            
                | 46 |  |  |     }; | 
            
                                                        
            
                                    
            
            
                | 47 |  |  |   } | 
            
                                                        
            
                                    
            
            
                | 48 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 49 |  |  |   private async getGithubToken(code: string): Promise<string> { | 
            
                                                        
            
                                    
            
            
                | 50 | 4 |  |     const { data } = await firstValueFrom( | 
            
                                                        
            
                                    
            
            
                | 51 |  |  |       this.httpService.post( | 
            
                                                        
            
                                    
            
            
                | 52 |  |  |         'https://github.com/login/oauth/access_token', | 
            
                                                        
            
                                    
            
            
                | 53 |  |  |         { | 
            
                                                        
            
                                    
            
            
                | 54 |  |  |           client_id: this.configService.get('OAUTH_CLIENT_ID'), | 
            
                                                        
            
                                    
            
            
                | 55 |  |  |           client_secret: this.configService.get('OAUTH_CLIENT_SECRET'), | 
            
                                                        
            
                                    
            
            
                | 56 |  |  |           code, | 
            
                                                        
            
                                    
            
            
                | 57 |  |  |         }, | 
            
                                                        
            
                                    
            
            
                | 58 |  |  |         { | 
            
                                                        
            
                                    
            
            
                | 59 |  |  |           headers: { Accept: 'application/json' }, | 
            
                                                        
            
                                    
            
            
                | 60 |  |  |         }, | 
            
                                                        
            
                                    
            
            
                | 61 |  |  |       ), | 
            
                                                        
            
                                    
            
            
                | 62 |  |  |     ); | 
            
                                                        
            
                                    
            
            
                | 63 | 4 |  |     return data.access_token; | 
            
                                                        
            
                                    
            
            
                | 64 |  |  |   } | 
            
                                                        
            
                                    
            
            
                | 65 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 66 |  |  |   private async getGithubUser(token: string): Promise<GithubUser> { | 
            
                                                        
            
                                    
            
            
                | 67 | 4 |  |     const { data } = await firstValueFrom( | 
            
                                                        
            
                                    
            
            
                | 68 |  |  |       this.httpService.get('https://api.github.com/user', { | 
            
                                                        
            
                                    
            
            
                | 69 |  |  |         headers: { | 
            
                                                        
            
                                    
            
            
                | 70 |  |  |           Authorization: `Bearer ${token}`, | 
            
                                                        
            
                                    
            
            
                | 71 |  |  |           Accept: 'application/json', | 
            
                                                        
            
                                    
            
            
                | 72 |  |  |         }, | 
            
                                                        
            
                                    
            
            
                | 73 |  |  |       }), | 
            
                                                        
            
                                    
            
            
                | 74 |  |  |     ); | 
            
                                                        
            
                                    
            
            
                | 75 | 4 |  |     return data; | 
            
                                                        
            
                                    
            
            
                | 76 |  |  |   } | 
            
                                                        
            
                                    
            
            
                | 77 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 78 |  |  |   private async findOrCreateUser(githubUser: GithubUser): Promise<User> { | 
            
                                                        
            
                                    
            
            
                | 79 | 5 |  |     let user = await this.userRepository.findOne({ | 
            
                                                        
            
                                    
            
            
                | 80 |  |  |       where: { githubId: githubUser.id }, | 
            
                                                        
            
                                    
            
            
                | 81 |  |  |     }); | 
            
                                                        
            
                                    
            
            
                | 82 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 83 | 5 |  |     if (!user) { | 
            
                                                        
            
                                    
            
            
                | 84 | 2 |  |       user = await this.userRepository.save( | 
            
                                                        
            
                                    
            
            
                | 85 |  |  |         new User({ | 
            
                                                        
            
                                    
            
            
                | 86 |  |  |           githubId: githubUser.id, | 
            
                                                        
            
                                    
            
            
                | 87 |  |  |           username: githubUser.login, | 
            
                                                        
            
                                    
            
            
                | 88 |  |  |           email: githubUser.email, | 
            
                                                        
            
                                    
            
            
                | 89 |  |  |           avatarUrl: githubUser.avatar_url, | 
            
                                                        
            
                                    
            
            
                | 90 |  |  |           roles: ['user'], | 
            
                                                        
            
                                    
            
            
                | 91 |  |  |         }), | 
            
                                                        
            
                                    
            
            
                | 92 |  |  |       ); | 
            
                                                        
            
                                    
            
            
                | 93 |  |  |     } | 
            
                                                        
            
                                    
            
            
                | 94 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 95 | 5 |  |     return user; | 
            
                                                        
            
                                    
            
            
                | 96 |  |  |   } | 
            
                                                        
            
                                    
            
            
                | 97 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 98 |  |  |   private createToken(user: User): string { | 
            
                                                        
            
                                    
            
            
                | 99 | 2 |  |     const payload: JwtPayload = { | 
            
                                                        
            
                                    
            
            
                | 100 |  |  |       sub: user.githubId, | 
            
                                                        
            
                                    
            
            
                | 101 |  |  |       username: user.username, | 
            
                                                        
            
                                    
            
            
                | 102 |  |  |       email: user.email, | 
            
                                                        
            
                                    
            
            
                | 103 |  |  |       roles: user.roles, | 
            
                                                        
            
                                    
            
            
                | 104 |  |  |     }; | 
            
                                                        
            
                                    
            
            
                | 105 | 2 |  |     return this.jwtService.sign(payload); | 
            
                                                        
            
                                    
            
            
                | 106 |  |  |   } | 
            
                                                        
            
                                    
            
            
                | 107 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 108 |  |  |   async validateUserById(githubId: string): Promise<User | null> { | 
            
                                                        
            
                                    
            
            
                | 109 | 3 |  |     const user = await this.userRepository.findOne({ where: { githubId } }); | 
            
                                                        
            
                                    
            
            
                | 110 |  |  |    | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                        
            
                                    
            
            
                | 111 |  |  |     // Check if the user is inactive | 
            
                                                        
            
                                    
            
            
                | 112 | 3 |  |     if (user && user.roles.includes('inactive')) { | 
            
                                                        
            
                                    
            
            
                | 113 | 1 |  |       return null; // Treat inactive users as non-existent | 
            
                                                        
            
                                    
            
            
                | 114 |  |  |     } | 
            
                                                        
            
                                    
            
            
                | 115 |  |  |    | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                        
            
                                    
            
            
                | 116 | 2 |  |     return user; | 
            
                                                        
            
                                    
            
            
                | 117 |  |  |   } | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                        
            
                                    
            
            
                | 118 |  |  |    | 
            
                                                        
            
                                    
            
            
                | 119 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 120 |  |  |   async getStatus(user: User) { | 
            
                                                        
            
                                    
            
            
                | 121 | 1 |  |     return { | 
            
                                                        
            
                                    
            
            
                | 122 |  |  |       isAuthenticated: true, | 
            
                                                        
            
                                    
            
            
                | 123 |  |  |       user: { | 
            
                                                        
            
                                    
            
            
                | 124 |  |  |         githubId: user.githubId, | 
            
                                                        
            
                                    
            
            
                | 125 |  |  |         username: user.username, | 
            
                                                        
            
                                    
            
            
                | 126 |  |  |         email: user.email, | 
            
                                                        
            
                                    
            
            
                | 127 |  |  |         roles: user.roles, | 
            
                                                        
            
                                    
            
            
                | 128 |  |  |         hasAcceptedTerms: user.hasAcceptedTerms, | 
            
                                                        
            
                                    
            
            
                | 129 |  |  |       }, | 
            
                                                        
            
                                    
            
            
                | 130 |  |  |     }; | 
            
                                                        
            
                                    
            
            
                | 131 |  |  |   } | 
            
                                                        
            
                                    
            
            
                | 132 |  |  | } | 
            
                                                        
            
                                    
            
            
                | 133 |  |  |  |