feat: implement AuthModule with authentication and RBAC features

Added AuthModule with services, controllers, and guards for authentication. Implements session management, role-based access control, 2FA, and DTOs for user login, registration, and token refresh.
2026-01-08 15:24:40 +01:00
parent 9406ed9350
commit 42805e371e
12 changed files with 509 additions and 0 deletions
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -0,0 +1,120 @@
+import { Body, Controller, Headers, Post, Req, Res } from "@nestjs/common";
+import { ConfigService } from "@nestjs/config";
+import type { Request, Response } from "express";
+import { getIronSession } from "iron-session";
+import { AuthService } from "./auth.service";
+import { LoginDto } from "./dto/login.dto";
+import { RefreshDto } from "./dto/refresh.dto";
+import { RegisterDto } from "./dto/register.dto";
+import { Verify2faDto } from "./dto/verify-2fa.dto";
+import { getSessionOptions, SessionData } from "./session.config";
+
+@Controller("auth")
+export class AuthController {
+	constructor(
+		private readonly authService: AuthService,
+		private readonly configService: ConfigService,
+	) {}
+
+	@Post("register")
+	register(@Body() registerDto: RegisterDto) {
+		return this.authService.register(registerDto);
+	}
+
+	@Post("login")
+	async login(
+		@Body() loginDto: LoginDto,
+		@Headers("user-agent") userAgent: string,
+		@Req() req: Request,
+		@Res() res: Response,
+	) {
+		const ip = req.ip;
+		const result = await this.authService.login(loginDto, userAgent, ip);
+
+		if (result.access_token) {
+			const session = await getIronSession<SessionData>(
+				req,
+				res,
+				getSessionOptions(this.configService.get("SESSION_PASSWORD") as string),
+			);
+			session.accessToken = result.access_token;
+			session.refreshToken = result.refresh_token;
+			session.userId = result.userId;
+			await session.save();
+
+			// On ne renvoie pas les tokens dans le body pour plus de sécurité
+			return res.json({
+				message: result.message,
+				userId: result.userId,
+			});
+		}
+
+		return res.json(result);
+	}
+
+	@Post("verify-2fa")
+	async verifyTwoFactor(
+		@Body() verify2faDto: Verify2faDto,
+		@Headers("user-agent") userAgent: string,
+		@Req() req: Request,
+		@Res() res: Response,
+	) {
+		const ip = req.ip;
+		const result = await this.authService.verifyTwoFactorLogin(
+			verify2faDto.userId,
+			verify2faDto.token,
+			userAgent,
+			ip,
+		);
+
+		if (result.access_token) {
+			const session = await getIronSession<SessionData>(
+				req,
+				res,
+				getSessionOptions(this.configService.get("SESSION_PASSWORD") as string),
+			);
+			session.accessToken = result.access_token;
+			session.refreshToken = result.refresh_token;
+			session.userId = verify2faDto.userId;
+			await session.save();
+
+			return res.json({
+				message: result.message,
+			});
+		}
+
+		return res.json(result);
+	}
+
+	@Post("refresh")
+	async refresh(@Req() req: Request, @Res() res: Response) {
+		const session = await getIronSession<SessionData>(
+			req,
+			res,
+			getSessionOptions(this.configService.get("SESSION_PASSWORD") as string),
+		);
+
+		if (!session.refreshToken) {
+			return res.status(401).json({ message: "No refresh token" });
+		}
+
+		const result = await this.authService.refresh(session.refreshToken);
+
+		session.accessToken = result.access_token;
+		session.refreshToken = result.refresh_token;
+		await session.save();
+
+		return res.json({ message: "Token refreshed" });
+	}
+
+	@Post("logout")
+	async logout(@Req() req: Request, @Res() res: Response) {
+		const session = await getIronSession<SessionData>(
+			req,
+			res,
+			getSessionOptions(this.configService.get("SESSION_PASSWORD") as string),
+		);
+		session.destroy();
+		return res.json({ message: "User logged out" });
+	}
+}