Vibecode-Together/SEO_iamge_renamer_starting_point
1
0
Fork 0
Code Issues 10 Pull requests Projects 1 Releases Packages Wiki Activity Actions
SEO_iamge_renamer_starting_.../packages/api/src/auth/jwt.strategy.ts

56 lines
1.6 KiB
TypeScript
Raw Normal View History

feat(auth): implement complete Google OAuth authentication system - Add authentication module with Google OAuth 2.0 and JWT strategies - Create secure user management with email hashing (SHA-256) - Implement rate limiting (10 requests/minute) for auth endpoints - Add CSRF protection and security middleware - Create user registration with Basic plan (50 quota default) - Add JWT-based session management with secure cookies - Implement protected routes with authentication guards - Add comprehensive API documentation with Swagger - Configure environment variables for OAuth and security - Add user profile management and quota tracking Resolves authentication requirements §18-20: - §18: Google OAuth 2.0 with email scope only - §19: Auto-create User record on first OAuth callback - §20: Store only Google UID, display name, and email hash 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-05 17:09:43 +02:00
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, ExtractJwt } from 'passport-jwt';
import { AuthService } from './auth.service';
export interface JwtPayload {
sub: string; // User ID
email: string;
iat: number; // Issued at
exp: number; // Expires at
iss: string; // Issuer
aud: string; // Audience
}
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
constructor(
private readonly configService: ConfigService,
private readonly authService: AuthService,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: false,
secretOrKey: configService.get<string>('JWT_SECRET'),
issuer: 'seo-image-renamer',
audience: 'seo-image-renamer-users',
});
}
async validate(payload: JwtPayload) {
try {
// Verify the user still exists and is active
const user = await this.authService.validateUserById(payload.sub);
if (!user) {
throw new UnauthorizedException('User not found');
}
if (!user.isActive) {
throw new UnauthorizedException('User account is inactive');
}
// Return user object that will be attached to request
return {
id: user.id,
email: user.email,
plan: user.plan,
quotaRemaining: user.quotaRemaining,
isActive: user.isActive,
};
} catch (error) {
throw new UnauthorizedException('Invalid token');
}
}
}
Reference in a new issue Copy permalink