diff --git a/src/modules/config/config.providers.ts b/src/modules/config/config.providers.ts index 6e33905..311f91e 100644 --- a/src/modules/config/config.providers.ts +++ b/src/modules/config/config.providers.ts @@ -2,7 +2,7 @@ import * as toml from 'toml'; import { resolve } from 'path'; import { readFile } from 'fs/promises'; import { Configuration } from './config.interfaces'; -import { FactoryProvider, ValueProvider } from '@nestjs/common'; +import { FactoryProvider, Logger, ValueProvider } from '@nestjs/common'; const CONFIG_ENV = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'; const CONFIG_FILENAME = process.env.CONFIG || `config.${CONFIG_ENV}.toml`; @@ -71,7 +71,7 @@ export const configProviders = [ ...JSON.parse(JSON.stringify(toml.parse(file))), }; } catch (e: unknown) { - console.error('Failed to load configuration:', (e as Error).message); + Logger.error('Failed to load configuration:', (e as Error).message); return defaultConfig; } }, diff --git a/src/modules/oauth2/oauth2.service.ts b/src/modules/oauth2/oauth2.service.ts index 66d0e3e..71a1537 100644 --- a/src/modules/oauth2/oauth2.service.ts +++ b/src/modules/oauth2/oauth2.service.ts @@ -73,9 +73,9 @@ export class OAuth2Service { public clientService: OAuth2ClientService, public tokenService: OAuth2TokenService, ) { - // if (process.env.NODE_ENV === 'development') { - // this.oauth.logger.setLogLevel('debug'); - // } + if (!!process.env.DEBUG_OAUTH2) { + this.oauth.logger.setLogLevel('debug'); + } } public splitScope(scope: string | string[]): string[] { diff --git a/src/modules/objects/oauth2-token/oauth2-token.service.ts b/src/modules/objects/oauth2-token/oauth2-token.service.ts index 5e5c950..27e01a7 100644 --- a/src/modules/objects/oauth2-token/oauth2-token.service.ts +++ b/src/modules/objects/oauth2-token/oauth2-token.service.ts @@ -1,5 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; -import { Repository } from 'typeorm'; +import { Raw, Repository } from 'typeorm'; import { OAuth2Client } from '../oauth2-client/oauth2-client.entity'; import { User } from '../user/user.entity'; import { OAuth2Token, OAuth2TokenType } from './oauth2-token.entity'; @@ -78,6 +78,12 @@ export class OAuth2TokenService { }); } + public async wipeExpiredTokens() { + await this.tokenRepository.delete({ + expires_at: Raw((alias) => `${alias} < NOW()`), + }); + } + public async remove(token: OAuth2Token): Promise { await this.tokenRepository.remove(token); } diff --git a/src/modules/objects/upload/upload.service.ts b/src/modules/objects/upload/upload.service.ts index 8dc4410..2c3f771 100644 --- a/src/modules/objects/upload/upload.service.ts +++ b/src/modules/objects/upload/upload.service.ts @@ -1,4 +1,4 @@ -import { Inject, Injectable } from '@nestjs/common'; +import { Inject, Injectable, Logger } from '@nestjs/common'; import { readFile, unlink } from 'fs/promises'; import { imageSize } from 'image-size'; import { join } from 'path'; @@ -57,7 +57,7 @@ export class UploadService { try { await unlink(path); } catch (e: unknown) { - console.error('Failed to unlink avatar file:', (e as Error).stack); + Logger.error('Failed to unlink avatar file:', (e as Error).stack); } await this.uploadRepository.remove(upload); diff --git a/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts b/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts index f7745c2..5d48015 100644 --- a/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts +++ b/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts @@ -14,7 +14,6 @@ import { Scope } from 'src/decorators/scope.decorator'; import { CurrentUser } from 'src/decorators/user.decorator'; import { OAuth2Guard } from 'src/guards/oauth2.guard'; import { ConfigurationService } from 'src/modules/config/config.service'; -import { JWTService } from 'src/modules/jwt/jwt.service'; import { User } from 'src/modules/objects/user/user.entity'; import { OAuth2Service } from '../../oauth2/oauth2.service'; @@ -24,7 +23,6 @@ export class OAuth2Controller { constructor( private _service: OAuth2Service, private _config: ConfigurationService, - private _jwt: JWTService, ) {} // These requests are just passed straight on to the provider controller @@ -119,11 +117,4 @@ export class OAuth2Controller { return userData; } - - @Get('jwks') - getJWKS() { - return { - keys: [this._jwt.jwks], - }; - } } diff --git a/src/modules/well-known/well-known.controller.ts b/src/modules/well-known/well-known.controller.ts index f04dfd6..007e5f8 100644 --- a/src/modules/well-known/well-known.controller.ts +++ b/src/modules/well-known/well-known.controller.ts @@ -1,12 +1,16 @@ import { Controller, Get, Redirect, Res } from '@nestjs/common'; import { Response } from 'express'; import { ConfigurationService } from '../config/config.service'; +import { JWTService } from '../jwt/jwt.service'; @Controller({ path: '/.well-known/', }) export class WellKnownController { - constructor(private config: ConfigurationService) {} + constructor( + private readonly config: ConfigurationService, + private readonly jwt: JWTService, + ) {} @Get('security.txt') securityTXT(@Res({ passthrough: true }) res: Response) { @@ -28,6 +32,13 @@ Contact: mailto:evert@lunasqu.ee return; } + @Get('jwks.json') + getJWKS() { + return { + keys: [this.jwt.jwks], + }; + } + @Get('openid-configuration') openidConfiguration() { const base = this.config.get('app.base_url'); @@ -35,7 +46,7 @@ Contact: mailto:evert@lunasqu.ee issuer: this.config.get('jwt.issuer'), authorization_endpoint: `${base}/oauth2/authorize`, token_endpoint: `${base}/oauth2/token`, - jwks_uri: `${base}/oauth2/jwks`, + jwks_uri: `${base}/.well-known/jwks.json`, userinfo_endpoint: `${base}/api/user`, introspection_endpoint: `${base}/oauth2/introspect`, response_types_supported: ['code', 'id_token'], diff --git a/views/partials/logo.pug b/views/partials/logo.pug index 57e7478..9bab055 100644 --- a/views/partials/logo.pug +++ b/views/partials/logo.pug @@ -1,2 +1,3 @@ -div.logo-container - img(src="/public/image/icynet-icon.svg", alt="Icy Network") +.logo-container + a(href="/", aria-label="Icy Network Home") + img(src="/public/image/icynet-icon.svg", alt="Icy Network")