152 lines
5.1 KiB
TypeScript
152 lines
5.1 KiB
TypeScript
// File: src/common/auth/auth.service.ts
|
|
// บันทึกการแก้ไข:
|
|
// 1. แก้ไข Type Mismatch ใน signAsync
|
|
// 2. แก้ไข validateUser ให้ดึง password_hash ออกมาด้วย (Fix HTTP 500: data and hash arguments required)
|
|
|
|
import {
|
|
Injectable,
|
|
UnauthorizedException,
|
|
Inject,
|
|
BadRequestException,
|
|
} from '@nestjs/common';
|
|
import { JwtService } from '@nestjs/jwt';
|
|
import { ConfigService } from '@nestjs/config';
|
|
import { CACHE_MANAGER } from '@nestjs/cache-manager';
|
|
import { InjectRepository } from '@nestjs/typeorm'; // [NEW]
|
|
import { Repository } from 'typeorm'; // [NEW]
|
|
import type { Cache } from 'cache-manager';
|
|
import * as bcrypt from 'bcrypt';
|
|
|
|
import { UserService } from '../../modules/user/user.service.js';
|
|
import { User } from '../../modules/user/entities/user.entity.js'; // [NEW] ต้อง Import Entity เพื่อใช้ Repository
|
|
import { RegisterDto } from './dto/register.dto.js';
|
|
|
|
@Injectable()
|
|
export class AuthService {
|
|
constructor(
|
|
private userService: UserService,
|
|
private jwtService: JwtService,
|
|
private configService: ConfigService,
|
|
@Inject(CACHE_MANAGER) private cacheManager: Cache,
|
|
// [NEW] Inject Repository เพื่อใช้ QueryBuilder
|
|
@InjectRepository(User)
|
|
private usersRepository: Repository<User>,
|
|
) {}
|
|
|
|
// 1. ตรวจสอบ Username/Password
|
|
async validateUser(username: string, pass: string): Promise<any> {
|
|
console.log(`🔍 Checking login for: ${username}`); // [DEBUG]
|
|
// [FIXED] ใช้ createQueryBuilder เพื่อ addSelect field 'password' ที่ถูกซ่อนไว้
|
|
const user = await this.usersRepository
|
|
.createQueryBuilder('user')
|
|
.addSelect('user.password') // สำคัญ! สั่งให้ดึง column password มาด้วย
|
|
.where('user.username = :username', { username })
|
|
.getOne();
|
|
|
|
if (!user) {
|
|
console.log('❌ User not found in database'); // [DEBUG]
|
|
return null;
|
|
}
|
|
|
|
console.log('✅ User found. Hash from DB:', user.password); // [DEBUG]
|
|
|
|
const isMatch = await bcrypt.compare(pass, user.password);
|
|
console.log(`🔐 Password match result: ${isMatch}`); // [DEBUG]
|
|
|
|
// ตรวจสอบว่ามี user และมี password hash หรือไม่
|
|
if (user && user.password && (await bcrypt.compare(pass, user.password))) {
|
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
const { password, ...result } = user;
|
|
return result;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
// 2. Login: สร้าง Access & Refresh Token
|
|
async login(user: any) {
|
|
const payload = {
|
|
username: user.username,
|
|
sub: user.user_id,
|
|
scope: 'Global',
|
|
};
|
|
|
|
const [accessToken, refreshToken] = await Promise.all([
|
|
this.jwtService.signAsync(payload, {
|
|
secret: this.configService.get<string>('JWT_SECRET'),
|
|
// ✅ Fix: Cast as any
|
|
expiresIn: (this.configService.get<string>('JWT_EXPIRATION') ||
|
|
'15m') as any,
|
|
}),
|
|
this.jwtService.signAsync(payload, {
|
|
secret: this.configService.get<string>('JWT_REFRESH_SECRET'),
|
|
// ✅ Fix: Cast as any
|
|
expiresIn: (this.configService.get<string>('JWT_REFRESH_EXPIRATION') ||
|
|
'7d') as any,
|
|
}),
|
|
]);
|
|
|
|
return {
|
|
access_token: accessToken,
|
|
refresh_token: refreshToken,
|
|
user: user,
|
|
};
|
|
}
|
|
|
|
// 3. Register (สำหรับ Admin)
|
|
async register(userDto: RegisterDto) {
|
|
const existingUser = await this.userService.findOneByUsername(
|
|
userDto.username,
|
|
);
|
|
if (existingUser) {
|
|
throw new BadRequestException('Username already exists');
|
|
}
|
|
|
|
const salt = await bcrypt.genSalt();
|
|
const hashedPassword = await bcrypt.hash(userDto.password, salt);
|
|
|
|
return this.userService.create({
|
|
...userDto,
|
|
password: hashedPassword,
|
|
});
|
|
}
|
|
|
|
// 4. Refresh Token: ออก Token ใหม่
|
|
async refreshToken(userId: number, refreshToken: string) {
|
|
const user = await this.userService.findOne(userId);
|
|
if (!user) throw new UnauthorizedException('User not found');
|
|
|
|
const payload = { username: user.username, sub: user.user_id };
|
|
|
|
const accessToken = await this.jwtService.signAsync(payload, {
|
|
secret: this.configService.get<string>('JWT_SECRET'),
|
|
// ✅ Fix: Cast as any
|
|
expiresIn: (this.configService.get<string>('JWT_EXPIRATION') ||
|
|
'15m') as any,
|
|
});
|
|
|
|
return {
|
|
access_token: accessToken,
|
|
};
|
|
}
|
|
|
|
// 5. Logout: นำ Token เข้า Blacklist ใน Redis
|
|
async logout(userId: number, accessToken: string) {
|
|
try {
|
|
const decoded = this.jwtService.decode(accessToken);
|
|
if (decoded && decoded.exp) {
|
|
const ttl = decoded.exp - Math.floor(Date.now() / 1000);
|
|
if (ttl > 0) {
|
|
await this.cacheManager.set(
|
|
`blacklist:token:${accessToken}`,
|
|
true,
|
|
ttl * 1000,
|
|
);
|
|
}
|
|
}
|
|
} catch (error) {
|
|
// Ignore decoding error
|
|
}
|
|
return { message: 'Logged out successfully' };
|
|
}
|
|
}
|