changes

2023-01-11 18:23:08 +02:00 · 2023-01-11 18:23:08 +02:00 · 799f50ea08
parent 2305b97364
commit 799f50ea08
7 changed files with 30 additions and 21 deletions
--- a/src/modules/config/config.providers.ts
+++ b/src/modules/config/config.providers.ts
@ -2,7 +2,7 @@ import * as toml from 'toml';
 import { resolve } from 'path';
 import { readFile } from 'fs/promises';
 import { Configuration } from './config.interfaces';
-import { FactoryProvider, ValueProvider } from '@nestjs/common';
+import { FactoryProvider, Logger, ValueProvider } from '@nestjs/common';

 const CONFIG_ENV = process.env.NODE_ENV === 'production' ? 'prod' : 'dev';
 const CONFIG_FILENAME = process.env.CONFIG || `config.${CONFIG_ENV}.toml`;
@ -71,7 +71,7 @@ export const configProviders = [
          ...JSON.parse(JSON.stringify(toml.parse(file))),
        };
      } catch (e: unknown) {
-        console.error('Failed to load configuration:', (e as Error).message);
+        Logger.error('Failed to load configuration:', (e as Error).message);
        return defaultConfig;
      }
    },
--- a/src/modules/oauth2/oauth2.service.ts
+++ b/src/modules/oauth2/oauth2.service.ts
@ -73,9 +73,9 @@ export class OAuth2Service {
    public clientService: OAuth2ClientService,
    public tokenService: OAuth2TokenService,
  ) {
-    // if (process.env.NODE_ENV === 'development') {
-    //   this.oauth.logger.setLogLevel('debug');
-    // }
+    if (!!process.env.DEBUG_OAUTH2) {
+      this.oauth.logger.setLogLevel('debug');
+    }
  }

  public splitScope(scope: string | string[]): string[] {
--- a/src/modules/objects/oauth2-token/oauth2-token.service.ts
+++ b/src/modules/objects/oauth2-token/oauth2-token.service.ts
@ -1,5 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
-import { Repository } from 'typeorm';
+import { Raw, Repository } from 'typeorm';
 import { OAuth2Client } from '../oauth2-client/oauth2-client.entity';
 import { User } from '../user/user.entity';
 import { OAuth2Token, OAuth2TokenType } from './oauth2-token.entity';
@ -78,6 +78,12 @@ export class OAuth2TokenService {
    });
  }

+  public async wipeExpiredTokens() {
+    await this.tokenRepository.delete({
+      expires_at: Raw((alias) => `${alias} < NOW()`),
+    });
+  }
+
  public async remove(token: OAuth2Token): Promise<void> {
    await this.tokenRepository.remove(token);
  }
--- a/src/modules/objects/upload/upload.service.ts
+++ b/src/modules/objects/upload/upload.service.ts
@ -1,4 +1,4 @@
-import { Inject, Injectable } from '@nestjs/common';
+import { Inject, Injectable, Logger } from '@nestjs/common';
 import { readFile, unlink } from 'fs/promises';
 import { imageSize } from 'image-size';
 import { join } from 'path';
@ -57,7 +57,7 @@ export class UploadService {
    try {
      await unlink(path);
    } catch (e: unknown) {
-      console.error('Failed to unlink avatar file:', (e as Error).stack);
+      Logger.error('Failed to unlink avatar file:', (e as Error).stack);
    }

    await this.uploadRepository.remove(upload);
--- a/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts
+++ b/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts
@ -14,7 +14,6 @@ import { Scope } from 'src/decorators/scope.decorator';
 import { CurrentUser } from 'src/decorators/user.decorator';
 import { OAuth2Guard } from 'src/guards/oauth2.guard';
 import { ConfigurationService } from 'src/modules/config/config.service';
-import { JWTService } from 'src/modules/jwt/jwt.service';
 import { User } from 'src/modules/objects/user/user.entity';
 import { OAuth2Service } from '../../oauth2/oauth2.service';

@ -24,7 +23,6 @@ export class OAuth2Controller {
  constructor(
    private _service: OAuth2Service,
    private _config: ConfigurationService,
-    private _jwt: JWTService,
  ) {}

  // These requests are just passed straight on to the provider controller
@ -119,11 +117,4 @@ export class OAuth2Controller {

    return userData;
  }
-
-  @Get('jwks')
-  getJWKS() {
-    return {
-      keys: [this._jwt.jwks],
-    };
-  }
 }
--- a/src/modules/well-known/well-known.controller.ts
+++ b/src/modules/well-known/well-known.controller.ts
@ -1,12 +1,16 @@
 import { Controller, Get, Redirect, Res } from '@nestjs/common';
 import { Response } from 'express';
 import { ConfigurationService } from '../config/config.service';
+import { JWTService } from '../jwt/jwt.service';

@Controller({
  path: '/.well-known/',
 })
 export class WellKnownController {
-  constructor(private config: ConfigurationService) {}
+  constructor(
+    private readonly config: ConfigurationService,
+    private readonly jwt: JWTService,
+  ) {}

  @Get('security.txt')
  securityTXT(@Res({ passthrough: true }) res: Response) {
@ -28,6 +32,13 @@ Contact: mailto:evert@lunasqu.ee
    return;
  }

+  @Get('jwks.json')
+  getJWKS() {
+    return {
+      keys: [this.jwt.jwks],
+    };
+  }
+
  @Get('openid-configuration')
  openidConfiguration() {
    const base = this.config.get<string>('app.base_url');
@ -35,7 +46,7 @@ Contact: mailto:evert@lunasqu.ee
      issuer: this.config.get('jwt.issuer'),
      authorization_endpoint: `${base}/oauth2/authorize`,
      token_endpoint: `${base}/oauth2/token`,
-      jwks_uri: `${base}/oauth2/jwks`,
+      jwks_uri: `${base}/.well-known/jwks.json`,
      userinfo_endpoint: `${base}/api/user`,
      introspection_endpoint: `${base}/oauth2/introspect`,
      response_types_supported: ['code', 'id_token'],
--- a/views/partials/logo.pug
+++ b/views/partials/logo.pug
@ -1,2 +1,3 @@
-div.logo-container
-  img(src="/public/image/icynet-icon.svg", alt="Icy Network")
+.logo-container
+  a(href="/", aria-label="Icy Network Home")
+    img(src="/public/image/icynet-icon.svg", alt="Icy Network")