applied CQRS & DDD

src/application/queries/get-current-user-by-access-token.query.ts

@@ -0,0 +1,5 @@
+import { IJwtPayload } from '../../domain'
+
+export class GetCurrentUserByAccessTokenQuery {
+  public constructor(public input: IJwtPayload) {}
+}

src/application/queries/get-current-user-by-refresh-token.query.ts

@@ -0,0 +1,3 @@
+export class GetCurrentUserByRefreshTokenQuery {
+  public constructor(public token: string) {}
+}

src/application/queries/handlers/get-current-user-by-access-token.query.handler.ts

@@ -0,0 +1,27 @@
+import { UnauthorizedException } from '@nestjs/common'
+import { IQueryHandler, QueryHandler } from '@nestjs/cqrs'
+import { lastValueFrom } from 'rxjs'
+import {
+  GetUserByJwtTokenAction,
+  IAuthUserEntityForResponse,
+} from '../../../domain'
+import { GetCurrentUserByAccessTokenQuery } from '../get-current-user-by-access-token.query'
+
+@QueryHandler(GetCurrentUserByAccessTokenQuery)
+export class GetCurrentUserByAccessTokenQueryHandler
+  implements
+    IQueryHandler<
+      GetCurrentUserByAccessTokenQuery,
+      IAuthUserEntityForResponse | undefined
+    >
+{
+  public constructor(protected readonly action: GetUserByJwtTokenAction) {}
+
+  public async execute(query: GetCurrentUserByAccessTokenQuery) {
+    try {
+      return await lastValueFrom(this.action.handle(query.input))
+    } catch (error) {
+      throw new UnauthorizedException()
+    }
+  }
+}

src/application/queries/handlers/get-current-user-by-refresh-token.query.handler.ts

@@ -0,0 +1,41 @@
+import { IQueryHandler, QueryHandler } from '@nestjs/cqrs'
+import { lastValueFrom, map } from 'rxjs'
+import {
+  AuthRepository,
+  hideRedactedFields,
+  IAuthDefinitions,
+  IAuthUserEntityForResponse,
+  InjectAuthDefinitions,
+  TokenService,
+} from '../../../domain'
+import { GetCurrentUserByRefreshTokenQuery } from '../get-current-user-by-refresh-token.query'
+
+@QueryHandler(GetCurrentUserByRefreshTokenQuery)
+export class GetCurrentUserByRefreshTokenQueryHandler
+  implements
+    IQueryHandler<
+      GetCurrentUserByRefreshTokenQuery,
+      IAuthUserEntityForResponse | undefined
+    >
+{
+  public constructor(
+    @InjectAuthDefinitions()
+    protected readonly authDefinitions: IAuthDefinitions,
+    protected readonly authRepository: AuthRepository,
+    protected readonly jwtService: TokenService
+  ) {}
+
+  public async execute(query: GetCurrentUserByRefreshTokenQuery) {
+    const jwtPayload = query.token
+      ? this.jwtService.decodeRefreshToken(query.token)
+      : undefined
+
+    return jwtPayload
+      ? await lastValueFrom(
+          this.authRepository
+            .getAuthUserByUsername(jwtPayload.username)
+            .pipe(map(hideRedactedFields(this.authDefinitions.redactedFields)))
+        )
+      : undefined
+  }
+}

src/application/queries/handlers/index.ts

@@ -0,0 +1,3 @@
+export * from './get-current-user-by-access-token.query.handler'
+export * from './get-current-user-by-refresh-token.query.handler'
+export * from './login.query.handler'

src/application/queries/handlers/login.query.handler.ts

@@ -0,0 +1,15 @@
+import { IQueryHandler, QueryHandler } from '@nestjs/cqrs'
+import { lastValueFrom } from 'rxjs'
+import { IAuthUserEntityForResponse, LocalLoginAction } from '../../../domain'
+import { LoginQuery } from '../login.query'
+
+@QueryHandler(LoginQuery)
+export class LoginQueryHandler
+  implements IQueryHandler<LoginQuery, IAuthUserEntityForResponse> {
+  public constructor(protected readonly action: LocalLoginAction) {
+  }
+
+  public async execute(query: LoginQuery) {
+    return lastValueFrom(this.action.handle(query.input))
+  }
+}

src/application/queries/index.ts

@@ -0,0 +1,3 @@
+export * from './get-current-user-by-access-token.query'
+export * from './get-current-user-by-refresh-token.query'
+export * from './login.query'

src/application/queries/login.query.ts

@@ -0,0 +1,5 @@
+import { AuthDto } from '../../domain'
+
+export class LoginQuery {
+  public constructor(public input: AuthDto) {}
+}

src/auth.module.ts

@@ -12,6 +12,11 @@ import {
 import { APP_GUARD, Reflector } from '@nestjs/core'
 import { CqrsModule } from '@nestjs/cqrs'
 import { JwtModule } from '@nestjs/jwt'
+import {
+  GetCurrentUserByAccessTokenQueryHandler,
+  GetCurrentUserByRefreshTokenQueryHandler,
+  LoginQueryHandler,
+} from './application/queries/handlers'
 import {
   AUTH_PASSWORD_HASHER,
   AuthBasicGuard,
@@ -117,6 +122,10 @@ export class AuthModule implements NestModule {
 
         TokenService,
 
+        LoginQueryHandler,
+        GetCurrentUserByAccessTokenQueryHandler,
+        GetCurrentUserByRefreshTokenQueryHandler,
+
         GetUserByJwtTokenAction,
         LocalLoginAction,
         ParseJwtTokenAction,
@@ -190,10 +199,15 @@ export class AuthModule implements NestModule {
 
         ClearAuthCookieInterceptor,
         CookieAuthInterceptor,
+
         LocalStrategy,
         JwtStrategy,
         RefreshTokenStrategy,
 
+        LoginQueryHandler,
+        GetCurrentUserByAccessTokenQueryHandler,
+        GetCurrentUserByRefreshTokenQueryHandler,
+
         HashingModule,
       ],
     }

src/domain/guards/__tests__/auth.jwt.guard.spec.ts

@@ -1,4 +1,5 @@
 import { HttpStatus, UnauthorizedException } from '@nestjs/common'
+import { TestingModule } from '@nestjs/testing/testing-module'
 import { lastValueFrom, map } from 'rxjs'
 import {
   createTestingModule,
@@ -12,13 +13,17 @@ import { generateExecutionContextForJwtStrategy } from './helpers/test-guard.hel
 describe('AuthJwtGuard', () => {
   let correctAccessToken: string
 
+  let app: TestingModule
+
   beforeAll(async () => {
     const userInfo: IAuthUserEntityForResponse = {
       id: '123456',
       username: '[email protected]',
     }
 
-    const app = await createTestingModule(defaultAuthDefinitionsFixture())
+    app = await createTestingModule(defaultAuthDefinitionsFixture())
+
+    await app.init()
 
     const service = app.get(TokenService)
 
@@ -30,7 +35,7 @@ describe('AuthJwtGuard', () => {
   })
 
   it('should allow user to continue when accessToken is correct', async function () {
-    const guard = new AuthJwtGuard()
+    const guard = app.get(AuthJwtGuard)
 
     expect(
       await guard.canActivate(
@@ -40,7 +45,7 @@ describe('AuthJwtGuard', () => {
   })
 
   it('should not allow user to continue when accessToken is invalid', async function () {
-    const guard = new AuthJwtGuard()
+    const guard = app.get(AuthJwtGuard)
 
     try {
       await guard.canActivate(

src/domain/guards/__tests__/auth.local.guard.spec.ts

@@ -1,7 +1,8 @@
 import { HttpStatus, UnauthorizedException } from '@nestjs/common'
+import { TestingModule } from '@nestjs/testing/testing-module'
 import {
   createTestingModule,
-  defaultAuthDefinitionsFixture
+  defaultAuthDefinitionsFixture,
 } from '../../../__tests__/helpers'
 import { AuthLocalGuard } from '../auth.local.guard'
 import { generateExecutionContextForLocalAuth } from './helpers/test-guard.helper'
@@ -14,12 +15,16 @@ describe('AuthLocalGuard', () => {
     password: 'testLogin@12345',
   }
 
+  let app: TestingModule
+
   beforeAll(async () => {
-    await createTestingModule(defaultAuthDefinitionsFixture())
+    app = await createTestingModule(defaultAuthDefinitionsFixture())
+
+    await app.init()
   })
 
-  it('should allow user to login when credentials is correct', async function() {
-    const guard = new AuthLocalGuard()
+  it('should allow user to login when credentials is correct', async function () {
+    const guard = app.get(AuthLocalGuard)
 
     expect(
       await guard.canActivate(
@@ -33,8 +38,8 @@ describe('AuthLocalGuard', () => {
     ).toBeTruthy()
   })
 
-  it('should not allow user to continue when accessToken is invalid', async function() {
-    const guard = new AuthLocalGuard()
+  it('should not allow user to continue when accessToken is invalid', async function () {
+    const guard = app.get(AuthLocalGuard)
 
     try {
       await guard.canActivate(

src/domain/guards/__tests__/auth.refresh-token.guard.spec.ts

@@ -20,6 +20,8 @@ describe('AuthRefreshTokenGuard', () => {
 
     const app = await createTestingModule(defaultAuthDefinitionsFixture())
 
+    await app.init()
+
     const service = app.get(TokenService)
 
     correctRefreshToken = await lastValueFrom(

src/domain/strategies/jwt.strategy.ts

@@ -1,13 +1,14 @@
-import { Injectable, UnauthorizedException } from '@nestjs/common'
+import { Injectable } from '@nestjs/common'
+import { QueryBus } from '@nestjs/cqrs'
 import { PassportStrategy } from '@nestjs/passport'
 import { ExtractJwt, JwtFromRequestFunction, Strategy } from 'passport-jwt'
-import { lastValueFrom } from 'rxjs'
+import { GetCurrentUserByAccessTokenQuery } from '../../application/queries'
 import { InjectAuthDefinitions } from '../decorators'
 import type { IAuthUserEntityForResponse } from '../definitions'
 import { AuthTransferTokenMethod } from '../definitions'
 import { IJwtPayload } from '../entities'
 import { getRequestCookie, getRequestHeader, IHttpRequest } from '../helpers'
-import { GetUserByJwtTokenAction, IAuthDefinitions } from '../index'
+import { IAuthDefinitions } from '../index'
 
 export const JWT_STRATEGY_NAME: string = 'jwt'
 
@@ -52,7 +53,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, JWT_STRATEGY_NAME) {
   public constructor(
     @InjectAuthDefinitions()
     protected readonly authDefinitions: IAuthDefinitions,
-    protected readonly getUserByJwtTokenAction: GetUserByJwtTokenAction
+    protected readonly queryBus: QueryBus
   ) {
     super({
       jwtFromRequest: ExtractJwt.fromExtractors([
@@ -67,10 +68,6 @@ export class JwtStrategy extends PassportStrategy(Strategy, JWT_STRATEGY_NAME) {
   public async validate(
     payload: IJwtPayload
   ): Promise<IAuthUserEntityForResponse | undefined> {
-    try {
-      return lastValueFrom(this.getUserByJwtTokenAction.handle(payload))
-    } catch (error) {
-      throw new UnauthorizedException()
-    }
+    return this.queryBus.execute(new GetCurrentUserByAccessTokenQuery(payload))
   }
 }

src/domain/strategies/local.strategy.ts

@@ -1,20 +1,20 @@
 import { Injectable } from '@nestjs/common'
+import { QueryBus } from '@nestjs/cqrs'
 import { PassportStrategy } from '@nestjs/passport'
 import { Strategy } from 'passport-local'
-import { lastValueFrom } from 'rxjs'
+import { LoginQuery } from '../../application/queries'
 import type { IAuthUserEntityForResponse } from '../definitions'
 import { InjectAuthDefinitions } from '../decorators'
 import { IAuthDefinitions } from '../index'
-import { LocalLoginAction } from '../actions'
 
 export const LOCAL_STRATEGY_NAME: string = 'local'
 
 @Injectable()
 export class LocalStrategy extends PassportStrategy(Strategy) {
   public constructor(
-    protected readonly loginAction: LocalLoginAction,
     @InjectAuthDefinitions()
-    protected readonly authDefinitions: IAuthDefinitions
+    protected readonly authDefinitions: IAuthDefinitions,
+    protected readonly queryBus: QueryBus
   ) {
     super({
       usernameField: authDefinitions.usernameField || 'username',
@@ -28,8 +28,8 @@ export class LocalStrategy extends PassportStrategy(Strategy) {
     username: string,
     password: string
   ): Promise<IAuthUserEntityForResponse> {
-    return lastValueFrom(
-      this.loginAction.handle({
+    return this.queryBus.execute(
+      new LoginQuery({
         ...request.body,
         username,
         password,

src/domain/strategies/refresh-token.strategy.ts

@@ -1,22 +1,17 @@
 import { HttpStatus, Injectable } from '@nestjs/common'
+import { QueryBus } from '@nestjs/cqrs'
 import { PassportStrategy } from '@nestjs/passport'
 import { ExtractJwt, JwtFromRequestFunction } from 'passport-jwt'
 import { Strategy } from 'passport-strategy'
-import { lastValueFrom, map } from 'rxjs'
+import { GetCurrentUserByRefreshTokenQuery } from '../../application/queries'
 import {
   AuthTransferTokenMethod,
   getRequestCookie,
   getRequestHeader,
-  hideRedactedFields,
-  IAuthUserEntityForResponse,
+  IAuthDefinitions,
   IHttpRequest,
-  IJwtPayload,
 } from '../index'
-
-import { IAuthDefinitions } from '../index'
 import { InjectAuthDefinitions } from '../decorators'
-import { AuthRepository } from '../repositories'
-import { TokenService } from '../services'
 
 export const REFRESH_TOKEN_STRATEGY_NAME: string = 'mercury-refresh-token'
 
@@ -58,8 +53,7 @@ export class RefreshTokenStrategy extends PassportStrategy(
   public constructor(
     @InjectAuthDefinitions()
     protected readonly authDefinitions: IAuthDefinitions,
-    protected readonly authRepository: AuthRepository,
-    protected readonly jwtService: TokenService
+    protected readonly queryBus: QueryBus
   ) {
     super()
 
@@ -72,26 +66,16 @@ export class RefreshTokenStrategy extends PassportStrategy(
   public async authenticate(req: any): Promise<void> {
     const token: string | any = this.jwtFromRequest(req)
 
-    const jwtPayload = token
-      ? this.jwtService.decodeRefreshToken(token)
+    const user = token
+      ? await this.queryBus.execute(
+          new GetCurrentUserByRefreshTokenQuery(token)
+        )
       : undefined
 
-    const user = jwtPayload ? await this.validate(jwtPayload) : undefined
-
-    if (!jwtPayload || !user) {
+    if (!user) {
       this.fail(HttpStatus.UNAUTHORIZED)
     } else {
       this.success(user)
     }
   }
-
-  protected async validate(
-    payload: IJwtPayload
-  ): Promise<IAuthUserEntityForResponse> {
-    return lastValueFrom(
-      this.authRepository
-        .getAuthUserByUsername(payload.username)
-        .pipe(map(hideRedactedFields(this.authDefinitions.redactedFields)))
-    )
-  }
 }