feat - auth session mongodb ttl

live-apps-in · Dec 16, 2023 · d5f1ee4 · d5f1ee4
1 parent a8f8d81
commit d5f1ee4
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 38 deletions.
diff --git a/src/modules/auth/auth.module.ts b/src/modules/auth/auth.module.ts
@@ -2,7 +2,7 @@ import { Module } from '@nestjs/common';
 import { JwtModule } from '@nestjs/jwt';
 import { MongooseModule } from '@nestjs/mongoose';
 import { AuthController } from 'src/modules/auth/auth.controller';
-import { Auth, AuthSchema } from 'src/modules/auth/model/auth.model';
+import { AuthSessionSchema } from 'src/modules/auth/model/auth-session.model';
 import { AuthService } from 'src/modules/auth/service/auth.service';
 import { DiscordAuthService } from 'src/modules/auth/service/discord_auth.service';
 import { UserModule } from 'src/modules/users/user.module';
@@ -15,12 +15,16 @@ import { DiscordProvider } from 'src/providers/discord.provider';
       global: true,
       secret: process.env.JWT_SECRET,
     }),
-    MongooseModule.forFeature([{ name: Auth.name, schema: AuthSchema }]),
+    MongooseModule.forFeature([
+      { name: 'auth_session', schema: AuthSessionSchema },
+    ]),
   ],
   controllers: [AuthController],
   providers: [AuthService, DiscordAuthService, DiscordProvider],
   exports: [
-    MongooseModule.forFeature([{ name: Auth.name, schema: AuthSchema }]),
+    MongooseModule.forFeature([
+      { name: 'auth_session', schema: AuthSessionSchema },
+    ]),
   ],
 })
 export class AuthModule {}
diff --git a/src/modules/auth/guards/auth.guard.ts b/src/modules/auth/guards/auth.guard.ts
@@ -8,13 +8,14 @@ import {
 import { JwtService } from '@nestjs/jwt';
 import { InjectModel } from '@nestjs/mongoose';
 import { Model } from 'mongoose';
-import { Auth } from 'src/modules/auth/model/auth.model';
+import { AuthSession } from 'src/modules/auth/model/auth-session.model';
 import { Req } from 'src/types/express.types';
 
 @Injectable()
 export class AuthGuard implements CanActivate {
   constructor(
-    @InjectModel(Auth.name) private readonly authModel: Model<Auth>,
+    @InjectModel('auth_session')
+    private readonly authSessionModel: Model<AuthSession>,
     private readonly jwtService: JwtService,
   ) {}
   async canActivate(context: ExecutionContext) {
@@ -34,10 +35,13 @@ export class AuthGuard implements CanActivate {
         secret: process.env.JWT_SECRET,
       });
 
-      const userAuth = await this.authModel.findOne({
-        sessions: decoded.sessionId,
+      const userAuth = await this.authSessionModel.findOne({
+        sessionId: decoded.sessionId,
       });
-      if (!userAuth) throw new Error();
+
+      if (!userAuth) {
+        throw new Error();
+      }
 
       const guildId = request.headers['x-guild-id'] as string;
       request.userData = { ...decoded, guildId };

diff --git a/src/modules/auth/model/auth-session.model.ts b/src/modules/auth/model/auth-session.model.ts
@@ -0,0 +1,19 @@
+import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
+import { Types } from 'mongoose';
+
+@Schema()
+export class AuthSession {
+  @Prop({ ref: 'User' })
+  userId: Types.ObjectId;
+
+  @Prop()
+  discordAccessToken: string;
+
+  @Prop()
+  sessionId: string;
+
+  @Prop({ default: new Date(), index: { expireAfterSeconds: 604800 } })
+  createdAt: Date;
+}
+
+export const AuthSessionSchema = SchemaFactory.createForClass(AuthSession);
diff --git a/src/modules/auth/model/auth.model.ts b/src/modules/auth/model/auth.model.ts
diff --git a/src/modules/auth/service/auth.service.ts b/src/modules/auth/service/auth.service.ts
@@ -5,7 +5,7 @@ import { InjectModel } from '@nestjs/mongoose';
 import 'dotenv/config';
 import { Model, Types } from 'mongoose';
 import { PROVIDER_TYPES } from 'src/core/provider.types';
-import { Auth } from 'src/modules/auth/model/auth.model';
+import { AuthSession } from 'src/modules/auth/model/auth-session.model';
 import { DiscordAuthService } from 'src/modules/auth/service/discord_auth.service';
 import { UserRepository } from 'src/modules/users/repository/user.repo';
 import { UserService } from 'src/modules/users/service/user.service';
@@ -21,7 +21,8 @@ export class AuthService {
     @Inject(UserRepository) private readonly userRepository: UserRepository,
     private readonly jwtService: JwtService,
     @Inject(UserService) private readonly userService: UserService,
-    @InjectModel(Auth.name) private readonly authModel: Model<Auth>,
+    @InjectModel('auth_session')
+    private readonly authSessionModel: Model<AuthSession>,
   ) {}
 
   async discordLogin(code: string) {
@@ -47,7 +48,6 @@ export class AuthService {
       });
 
       localUserId = createdUser.id;
-      await this.authModel.insertMany({ userId: createdUser._id });
     } else {
       /**Update local user profile */
       await this.userRepository.update(new Types.ObjectId(localUserId), {
@@ -72,15 +72,11 @@ export class AuthService {
       { expiresIn: '7d' },
     );
 
-    await this.authModel.updateOne(
-      { userId: new Types.ObjectId(localUserId) },
-      {
-        discordAccessToken: getToken.access_token,
-        $push: {
-          sessions: sessionId,
-        },
-      },
-    );
+    await this.authSessionModel.insertMany({
+      userId: new Types.ObjectId(localUserId),
+      discordAccessToken: getToken.access_token,
+      sessionId,
+    });
 
     return {
       accessToken: jwt,