[Deploy] 5주차 스프린트 배포 - 3

backend/package.json

@@ -6,7 +6,7 @@
   "private": true,
   "license": "UNLICENSED",
   "scripts": {
-    "build": "nest build",
+    "build": "NODE_ENV=production nest build",
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "start": "nest start",
     "start:dev": "nest start --watch",
@@ -21,6 +21,7 @@
     "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
+    "@moozeh/nestjs-redis-om": "^0.1.4",
     "@nestjs/common": "^10.0.0",
     "@nestjs/core": "^10.0.0",
     "@nestjs/jwt": "^10.2.0",
@@ -32,16 +33,18 @@
     "@socket.io/redis-adapter": "^8.3.0",
     "@types/passport-jwt": "^4.0.1",
     "axios": "^1.7.7",
-    "cookie-parser": "^1.4.7",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
+    "cookie-parser": "^1.4.7",
     "dotenv": "^16.4.5",
     "ioredis": "^5.4.1",
     "mysql2": "^3.11.4",
+    "nestjs-paginate": "^10.0.0",
     "nestjs-redis-om": "^0.1.2",
     "passport": "^0.7.0",
     "passport-custom": "^1.1.1",
     "passport-jwt": "^4.0.1",
+    "passport-local": "^1.0.0",
     "redis-om": "^0.4.7",
     "reflect-metadata": "^0.2.0",
     "rxjs": "^7.8.1",
@@ -59,6 +62,7 @@
     "@types/jest": "^29.5.2",
     "@types/node": "^20.3.1",
     "@types/passport-github": "^1.1.12",
+    "@types/passport-local": "^1.0.38",
     "@types/supertest": "^6.0.0",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "@typescript-eslint/parser": "^8.0.0",

backend/src/app.module.ts

@@ -12,7 +12,7 @@ import "dotenv/config";
 
 import { createDataSource, typeOrmConfig } from "./config/typeorm.config";
 import { QuestionListModule } from "./question-list/question-list.module";
-import { RedisOmModule } from "nestjs-redis-om";
+import { RedisOmModule } from "@moozeh/nestjs-redis-om";
 import { SigServerModule } from "@/signaling-server/sig-server.module";
 
 @Module({

backend/src/auth/auth.controller.ts

@@ -1,12 +1,10 @@
-import { Controller, Get, Post, Res, Req, UseGuards } from "@nestjs/common";
+import { Controller, Get, Post, Res, UseGuards } from "@nestjs/common";
 import { AuthGuard } from "@nestjs/passport";
-import { Request, Response } from "express";
+import { Response } from "express";
 import { AuthService } from "./auth.service";
-import { GithubProfile } from "./github/gitub-profile.decorator";
-import { Profile } from "passport-github";
-import { setCookieConfig } from "../config/cookie.config";
+import { setCookieConfig } from "@/config/cookie.config";
 import { JwtPayload, JwtTokenPair } from "./jwt/jwt.decorator";
-import { IJwtPayload, IJwtTokenPair } from "./jwt/jwt.model";
+import { IJwtPayload, IJwtToken, IJwtTokenPair } from "./jwt/jwt.model";
 
 @Controller("auth")
 export class AuthController {
@@ -18,46 +16,45 @@ export class AuthController {
     @Post("github")
     @UseGuards(AuthGuard("github"))
     async githubCallback(
-        @Req() req: Request,
         @Res({ passthrough: true }) res: Response,
-        @GithubProfile() profile: Profile
+        @JwtTokenPair() pair: IJwtTokenPair
     ) {
-        const id = parseInt(profile.id);
-
-        const result = await this.authService.getTokenByGithubId(id);
-
-        res.cookie("accessToken", result.accessToken.token, {
-            maxAge: result.accessToken.expireTime,
-            ...setCookieConfig,
-        });
-
-        res.cookie("refreshToken", result.refreshToken.token, {
-            maxAge: result.refreshToken.expireTime,
-            ...setCookieConfig,
-        });
-
-        return {
-            success: true,
-        };
+        return this.setCookie(res, pair.accessToken, pair.refreshToken);
     }
 
     @Get("whoami")
     @UseGuards(AuthGuard("jwt"))
-    async handleWhoami(@Req() req: Request, @JwtPayload() token: IJwtPayload) {
-        return token;
+    async handleWhoami(@JwtPayload() payload: IJwtPayload) {
+        return payload;
     }
 
     @Get("refresh")
     @UseGuards(AuthGuard("jwt-refresh"))
     async handleRefresh(
         @Res({ passthrough: true }) res: Response,
-        @JwtTokenPair() token: IJwtTokenPair
+        @JwtTokenPair() pair: IJwtTokenPair
     ) {
-        res.cookie("accessToken", token.accessToken.token, {
-            maxAge: token.accessToken.expireTime,
+        return this.setCookie(res, pair.accessToken);
+    }
+
+    @Post("login")
+    @UseGuards(AuthGuard("local"))
+    async login(@Res({ passthrough: true }) res: Response, @JwtTokenPair() pair: IJwtTokenPair) {
+        return this.setCookie(res, pair.accessToken, pair.refreshToken);
+    }
+
+    private setCookie(res: Response, accessToken: IJwtToken, refreshToken?: IJwtToken) {
+        res.cookie("accessToken", accessToken.token, {
+            maxAge: accessToken.expireTime,
             ...setCookieConfig,
         });
 
+        if (refreshToken)
+            res.cookie("refreshToken", refreshToken.token, {
+                maxAge: refreshToken.expireTime,
+                ...setCookieConfig,
+            });
+
         return {
             success: true,
         };

backend/src/auth/auth.module.ts

@@ -2,12 +2,14 @@ import { Module } from "@nestjs/common";
 import { AuthController } from "./auth.controller";
 import { AuthService } from "./auth.service";
 import { GithubStrategy } from "./github/github.strategy";
-import { UserRepository } from "../user/user.repository";
+import { UserRepository } from "@/user/user.repository";
 import { JwtModule } from "./jwt/jwt.module";
+import { LocalStrategy } from "@/auth/local/local.strategy";
+import { UserService } from "@/user/user.service";
 
 @Module({
     imports: [JwtModule],
     controllers: [AuthController],
-    providers: [AuthService, GithubStrategy, UserRepository],
+    providers: [AuthService, GithubStrategy, LocalStrategy, UserRepository, UserService],
 })
 export class AuthModule {}

backend/src/auth/auth.service.ts

@@ -1,31 +1,45 @@
-import { Injectable, UnauthorizedException } from "@nestjs/common";
-import { UserRepository } from "../user/user.repository";
+import { Injectable } from "@nestjs/common";
+import { UserRepository } from "@/user/user.repository";
 import { Transactional } from "typeorm-transactional";
 import "dotenv/config";
-import { DAY, HOUR } from "../utils/time";
 import { JwtService } from "./jwt/jwt.service";
+import { LoginType } from "@/user/user.entity";
+import { createHash } from "node:crypto";
 
 @Injectable()
 export class AuthService {
-    private static ACCESS_TOKEN_EXPIRATION_TIME = 3 * HOUR;
-    private static ACCESS_TOKEN_EXPIRATION = 30 * DAY;
+    private static PASSWORD_SALT = process.env.PASSWORD_SALT;
 
     constructor(
         private readonly userRepository: UserRepository,
         private readonly jwtService: JwtService
     ) {}
 
     @Transactional()
-    public async getTokenByGithubId(id: number) {
+    public async getUserByGithubId(id: number) {
         let user = await this.userRepository.getUserByGithubId(id);
 
-        if (!user) {
+        if (!user)
             user = await this.userRepository.createUser({
                 githubId: id,
                 username: `camper_${id}`,
+                loginType: LoginType.GITHUB,
             });
-        }
 
-        return await this.jwtService.createJwtToken(user.id);
+        return user;
+    }
+
+    public async getUserByLocal(username: string, password: string) {
+        const user = await this.userRepository.getUserByLoginId(username);
+        if (!user) return null;
+        if (user.passwordHash !== this.generatePasswordHash(password)) return null;
+
+        return user;
+    }
+
+    public generatePasswordHash(password: string) {
+        return createHash("sha256")
+            .update(password + process.env.SESSION_HASH)
+            .digest("hex");
     }
 }

backend/src/auth/dto/login.dto.ts

@@ -0,0 +1,12 @@
+import { IsNotEmpty, IsString } from "class-validator";
+
+// TODO: 프론트에서 정의된 제약사항 이곳에서도 검증하도록 보완하기
+export class LoginDto {
+    @IsString()
+    @IsNotEmpty()
+    userId: string;
+
+    @IsString()
+    @IsNotEmpty()
+    password: string;
+}

backend/src/auth/github/github.strategy.ts

@@ -5,47 +5,59 @@ import { Strategy } from "passport-custom";
 import { Request } from "express";
 import axios from "axios";
 import "dotenv/config";
+import { AuthService } from "@/auth/auth.service";
+import { JwtService } from "@/auth/jwt/jwt.service";
 
 @Injectable()
 export class GithubStrategy extends PassportStrategy(Strategy, "github") {
-    private static REQUEST_ACCESS_TOKEN_URL =
-        "https://github.com/login/oauth/access_token";
+    private static REQUEST_ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token";
     private static REQUEST_USER_URL = "https://api.github.com/user";
 
-    constructor() {
+    constructor(
+        private readonly authService: AuthService,
+        private readonly jwtService: JwtService
+    ) {
         super();
     }
 
-    async validate(req: Request, done: any) {
+    async validate(req: Request) {
         const { code } = req.body;
 
         if (!code) {
             throw new UnauthorizedException("Authorization code not found");
         }
 
-        const tokenResponse = await axios.post(
+        const { access_token: accessToken } = (await this.fetchAccessToken(code)).data;
+
+        const profile = (await this.fetchGithubUser(accessToken)).data;
+
+        const user = await this.authService.getUserByGithubId(profile.id);
+        const token = await this.jwtService.createJwtToken(user);
+
+        return {
+            jwtToken: token,
+        };
+    }
+
+    private async fetchAccessToken(code: string) {
+        return axios.post(
             GithubStrategy.REQUEST_ACCESS_TOKEN_URL,
             {
                 client_id: process.env.OAUTH_GITHUB_ID,
                 client_secret: process.env.OAUTH_GITHUB_SECRET,
-                code: code,
+                code,
             },
             {
                 headers: { Accept: "application/json" },
             }
         );
+    }
 
-        const { access_token } = tokenResponse.data;
-
-        // GitHub 사용자 정보 조회
-        const userResponse = await axios.get(GithubStrategy.REQUEST_USER_URL, {
+    private async fetchGithubUser(accessToken: string) {
+        return axios.get(GithubStrategy.REQUEST_USER_URL, {
             headers: {
-                Authorization: `Bearer ${access_token}`,
+                Authorization: `Bearer ${accessToken}`,
             },
         });
-
-        return done(null, {
-            profile: userResponse.data,
-        });
     }
 }

backend/src/auth/jwt/jwt.decorator.ts

@@ -6,55 +6,42 @@ import {
 } from "@nestjs/common";
 import {
     IJwtPayload as IJwtPayload,
-    IJwtTokenPair as IJwtTokenPair,
     IJwtToken as IJwtToken,
+    IJwtTokenPair as IJwtTokenPair,
 } from "./jwt.model";
 
-export const JwtPayload = createParamDecorator(
-    (data: unknown, ctx: ExecutionContext) => {
-        const request = ctx.switchToHttp().getRequest();
-        const payload = request.user.jwtToken;
+export const JwtPayload = createParamDecorator((data: unknown, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest();
+    const payload = request.user.jwtToken;
 
-        if (!isJwtTokenPayload(payload)) {
-            throw new UnauthorizedException("Invalid jwt token payload");
-        }
-
-        return payload;
+    if (!isJwtTokenPayload(payload)) {
+        throw new UnauthorizedException("Invalid jwt token payload");
     }
-);
 
-export const JwtTokenPair = createParamDecorator(
-    (data: unknown, ctx: ExecutionContext) => {
-        const request = ctx.switchToHttp().getRequest();
-        const payload = request.user.jwtToken;
+    return payload;
+});
 
-        if (!isJwtTokenPair(payload)) {
-            throw new InternalServerErrorException("Invalid jwt token");
-        }
+export const JwtTokenPair = createParamDecorator((data: unknown, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest();
+    const payload = request.user.jwtToken;
 
-        return payload;
+    if (!isJwtTokenPair(payload)) {
+        throw new InternalServerErrorException("Invalid jwt token");
     }
-);
+
+    return payload;
+});
 
 function isJwtTokenPayload(payload: any): payload is IJwtPayload {
-    return (
-        payload &&
-        typeof payload.userId === "number" &&
-        typeof payload.username === "string"
-    );
+    return payload && typeof payload.userId === "number" && typeof payload.username === "string";
 }
 
 function isJwtTokenPair(payload: any): payload is IJwtTokenPair {
     if (!payload.accessToken || !payload.refreshToken) return false;
     if (!isJwtToken(payload.accessToken)) return false;
-    if (!isJwtToken(payload.refreshToken)) return false;
-    return true;
+    return isJwtToken(payload.refreshToken);
 }
 
 function isJwtToken(token: any): token is IJwtToken {
-    return (
-        token &&
-        typeof token.token === "string" &&
-        typeof token.expireTime === "number"
-    );
+    return token && typeof token.token === "string" && typeof token.expireTime === "number";
 }