Job Launcher - Refactor auth (#740)

* Auth refactor JL

* authentication fixes

* remove jwt interface

* fix tests and clean code

* fix review comments

* Refactored services and removed unnecessary nesting (#747)

* database and payment fixes (#743)

Co-authored-by: Eugene Voronov <[email protected]>

* use of access and refresh tokens for auth

* fix tests

* make sure token contains bearer

* rename jwt prefix

---------

Co-authored-by: Francisco López <[email protected]>
Co-authored-by: eugenvoronov <[email protected]>
Co-authored-by: Eugene Voronov <[email protected]>

packages/apps/job-launcher/server/.env.example

@@ -1,44 +1,41 @@
 # General
-NODE_ENV=
-HOST=
-PORT=
-FE_URL=
-SESSION_SECRET=
-PASSWORD_SECRET='$2b$10$EICgM2wYixoJisgqckU9gu'
-EMAIL_FROM=
+NODE_ENV=development
+HOST=localhost
+PORT=3000
+FE_URL=http://localhost:3001
+SESSION_SECRET=test
+PASSWORD_SECRET=test
 
 # Database
-DB_TYPE=
-POSTGRES_HOST=
-POSTGRES_USER=
-POSTGRES_PASSWORD=
-POSTGRES_DB=
-POSTGRES_SYNC=
-POSTGRES_PORT=
+POSTGRES_HOST=0.0.0.0
+POSTGRES_USER=operator
+POSTGRES_PASSWORD=qwerty
+POSTGRES_DB=job-launcher
+POSTGRES_SYNC=false
+POSTGRES_PORT=5432
 
 #Web3
 WEB3_PRIVATE_KEY=
-JOB_LAUNCHER_FEE=
-RECORDING_ORACLE_FEE=
-REPUTATION_ORACLE_FEE=
+JOB_LAUNCHER_FEE=1
+RECORDING_ORACLE_FEE=1
+REPUTATION_ORACLE_FEE=1
 EXCHANGE_ORACLE_ADDRESS=
 EXCHANGE_ORACLE_WEBHOOK_URL=
 RECORDING_ORACLE_ADDRESS=
 REPUTATION_ORACLE_ADDRESS=
 
 # Auth
-JWT_SECRET=
-JWT_ACCESS_TOKEN_EXPIRES_IN=
-JWT_REFRESH_TOKEN_EXPIRES_IN=
+JWT_SECRET=test-secret
+JWT_ACCESS_TOKEN_EXPIRES_IN=1d
+JWT_REFRESH_TOKEN_EXPIRES_IN=1d
 
 # S3
-S3_ENDPOINT=
-S3_PORT=
-S3_ACCESS_KEY=
-S3_SECRET_KEY=
-S3_REGION=
-S3_BACKET=
-S3_USE_SSL=
+S3_ENDPOINT=localhost
+S3_PORT=9000
+S3_ACCESS_KEY=access-key
+S3_SECRET_KEY=secret-key
+S3_BUCKET=manifests
+S3_USE_SSL=false
 
 # Stripe
 STRIPE_SECRET_KEY=

packages/apps/job-launcher/server/docker-compose.yml

@@ -1,21 +1,50 @@
-version: '3.7'
+version: '3.8'
 
 services:
   postgres:
     image: postgres:latest
     restart: always
     environment:
-      - POSTGRES_HOST=0.0.0.0
-      - POSTGRES_USER=operator
-      - POSTGRES_PASSWORD=qwerty
-      - POSTGRES_DB=job-launcher
-      - POSTGRES_PORT=5435
-      - POSTGRES_SYNC=false
+      - POSTGRES_HOST=${POSTGRES_HOST}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_PORT=${POSTGRES_PORT}
+      - POSTGRES_SYNC=${POSTGRES_SYNC}
     logging:
       options:
         max-size: 10m
         max-file: "3"
     ports:
-      - '5435:5432'
-    volumes: 
-      - ./db:/var/lib/postgresql/data
+      - '${POSTGRES_PORT}:${POSTGRES_PORT}'
+    # volumes: 
+    #   - ./db:/var/lib/postgresql/data
+  minio:
+    container_name: minio
+    image: minio/minio:RELEASE.2022-05-26T05-48-41Z
+    ports:
+      - 9001:9001
+      - 9000:9000
+    environment:
+      MINIO_ROOT_USER: ${S3_ACCESS_KEY}
+      MINIO_ROOT_PASSWORD: ${S3_SECRET_KEY}
+    entrypoint: 'sh'
+    command:
+      -c "mkdir -p /data/manifests && minio server /data --console-address ':9001'"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      interval: 5s
+      timeout: 5s
+      retries: 3
+  minio-mc:
+    container_name: minio-mc
+    image: minio/mc
+    depends_on:
+      minio:
+        condition: service_healthy
+    entrypoint: >
+      /bin/sh -c "
+      /usr/bin/mc config host add myminio http://minio:9000 ${S3_ACCESS_KEY} ${S3_SECRET_KEY};
+      /usr/bin/mc mb myminio/manifests;
+      /usr/bin/mc anonymous set public myminio/manifests;
+      "

packages/apps/job-launcher/server/package.json

@@ -13,11 +13,11 @@
     "start:debug": "nest start --debug --watch",
     "start:prod": "node dist/main",
     "migration:create": "typeorm-ts-node-commonjs migration:create",
-    "migration:generate": "typeorm-ts-node-commonjs migration:generate -d typeorm.config.ts",
+    "migration:generate": "yarn build && typeorm-ts-node-commonjs migration:generate -p -d typeorm.config.ts",
     "migration:revert": "typeorm-ts-node-commonjs migration:revert -d typeorm.config.ts",
     "migration:run": "typeorm-ts-node-commonjs migration:run -d typeorm.config.ts",
     "migration:show": "typeorm-ts-node-commonjs migration:show -d typeorm.config.ts",
-    "docker:db:up": "docker-compose up -d && yarn migration:run",
+    "docker:db:up": "docker-compose up -d postgres && yarn build && yarn migration:run",
     "docker:db:down": "docker-compose down",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
     "test": "jest",
@@ -30,46 +30,47 @@
     "@human-protocol/sdk": "*",
     "@nestjs/axios": "^2.0.0",
     "@nestjs/common": "^9.4.3",
+    "@nestjs/config": "^3.0.0",
     "@nestjs/core": "^9.4.3",
-    "@nestjs/platform-express": "^9.4.3",
-    "passport": "^0.6.0",
-    "@types/passport-jwt": "^3.0.8",
-    "passport-jwt": "^4.0.1",
     "@nestjs/jwt": "^10.0.3",
-    "@nestjs/terminus": "^10.0.1",
-    "@nestjs/schedule": "^3.0.1",
-    "typeorm-naming-strategies": "^4.1.0",
-    "zxcvbn": "^4.4.2",
     "@nestjs/passport": "^10.0.0",
-    "@nestjs/typeorm": "^10.0.0",
-    "ethers": "^5.7.2",
-    "joi": "^17.9.2",
-    "reflect-metadata": "^0.1.13",
-    "rxjs": "^7.2.0",
-    "nestjs-minio-client": "^2.0.0",
+    "@nestjs/platform-express": "^9.4.3",
+    "@nestjs/schedule": "^3.0.1",
     "@nestjs/swagger": "^7.0.6",
-    "class-transformer": "^0.5.1",
-    "bcrypt": "^5.1.0",
-    "@nestjs/config": "^3.0.0",
+    "@nestjs/terminus": "^10.0.1",
+    "@nestjs/typeorm": "^10.0.0",
     "@types/cookie-parser": "^1.4.3",
     "@types/express-session": "^1.17.7",
-    "express-session": "^1.17.3",
+    "@types/passport-jwt": "^3.0.8",
+    "bcrypt": "^5.1.0",
+    "class-transformer": "^0.5.1",
     "cookie-parser": "^1.4.6",
+    "ethers": "^5.7.2",
+    "express-session": "^1.17.3",
+    "joi": "^17.9.2",
+    "nestjs-minio-client": "^2.0.0",
+    "passport": "^0.6.0",
+    "passport-jwt": "^4.0.1",
     "pg": "8.11.0",
-    "typeorm": "^0.3.16"
+    "reflect-metadata": "^0.1.13",
+    "rxjs": "^7.2.0",
+    "typeorm": "^0.3.17",
+    "typeorm-naming-strategies": "^4.1.0",
+    "zxcvbn": "^4.4.2"
   },
   "devDependencies": {
     "@golevelup/ts-jest": "^0.3.7",
     "@nestjs/cli": "^9.4.3",
     "@nestjs/schematics": "^9.2.0",
     "@nestjs/testing": "^9.4.3",
+    "@types/bcrypt": "^5.0.0",
     "@types/express": "^4.17.13",
     "@types/jest": "29.5.1",
     "@types/node": "18.16.12",
     "@types/supertest": "^2.0.11",
+    "@types/zxcvbn": "4.4.1",
     "@typescript-eslint/eslint-plugin": "^5.0.0",
     "@typescript-eslint/parser": "^5.0.0",
-    "@types/zxcvbn": "4.4.1",
     "eslint": "^8.0.1",
     "eslint-config-prettier": "^8.3.0",
     "eslint-plugin-prettier": "^4.0.0",
@@ -81,7 +82,6 @@
     "ts-loader": "^9.2.3",
     "ts-node": "^10.0.0",
     "tsconfig-paths": "4.2.0",
-    "typescript": "^5.0.0",
-    "@types/bcrypt": "^5.0.0"
+    "typescript": "^5.0.0"
   }
 }

packages/apps/job-launcher/server/src/app.module.ts

@@ -4,7 +4,7 @@ import { ConfigModule } from '@nestjs/config';
 import { ScheduleModule } from '@nestjs/schedule';
 import { AppController } from './app.controller';
 import { DatabaseModule } from './database/database.module';
-import { JwtHttpGuard, RolesGuard } from './common/guards';
+import { JwtAuthGuard } from './common/guards';
 import { HttpValidationPipe } from './common/pipes';
 import { HealthModule } from './modules/health/health.module';
 import { AuthModule } from './modules/auth/auth.module';
@@ -18,11 +18,7 @@ import { envValidator } from './common/config';
   providers: [
     {
       provide: APP_GUARD,
-      useClass: JwtHttpGuard,
-    },
-    {
-      provide: APP_GUARD,
-      useClass: RolesGuard,
+      useClass: JwtAuthGuard,
     },
     {
       provide: APP_PIPE,

packages/apps/job-launcher/server/src/common/config/env.ts

@@ -10,7 +10,6 @@ export const ConfigNames = {
   JWT_SECRET: 'JWT_SECRET',
   JWT_ACCESS_TOKEN_EXPIRES_IN: 'JWT_ACCESS_TOKEN_EXPIRES_IN',
   JWT_REFRESH_TOKEN_EXPIRES_IN: 'JWT_REFRESH_TOKEN_EXPIRES_IN',
-  DB_TYPE: 'DB_TYPE',
   POSTGRES_HOST: 'POSTGRES_HOST',
   POSTGRES_USER: 'POSTGRES_USER',
   POSTGRES_PASSWORD: 'POSTGRES_PASSWORD',
@@ -29,7 +28,7 @@ export const ConfigNames = {
   S3_PORT: 'S3_PORT',
   S3_ACCESS_KEY: 'S3_ACCESS_KEY',
   S3_SECRET_KEY: 'S3_SECRET_KEY',
-  S3_BACKET: 'S3_BACKET',
+  S3_BUCKET: 'S3_BUCKET',
   S3_USE_SSL: 'S3_USE_SSL',
   STRIPE_SECRET_KEY: 'STRIPE_SECRET_KEY',
   STRIPE_API_VERSION: 'STRIPE_API_VERSION',
@@ -72,7 +71,7 @@ export const envValidator = Joi.object({
   S3_PORT: Joi.string().default(9000),
   S3_ACCESS_KEY: Joi.string().required(),
   S3_SECRET_KEY: Joi.string().required(),
-  S3_BACKET: Joi.string().default('launcher'),
+  S3_BUCKET: Joi.string().default('launcher'),
   S3_USE_SSL: Joi.string().default(false),
   // Stripe
   STRIPE_SECRET_KEY: Joi.string().default(

packages/apps/job-launcher/server/src/common/constants/errors.ts

@@ -27,6 +27,8 @@ export enum ErrorEscrow {
 export enum ErrorUser {
   NotFound = 'User not found',
   AccountCannotBeRegistered = 'Account cannot be registered',
+  BalanceCouldNotBeRetreived = 'User balance could not be retrieved',
+  InvalidCredentials = 'Invalid credentials',
 }
 
 /**
@@ -63,6 +65,7 @@ export enum ErrorPayment {
   TransactionHasNotEnoughAmountOfConfirmations = 'Transaction has not enough amount of confirmations',
   UnsupportedToken = 'Unsupported token',
   InvalidRecipient = 'Invalid recipient',
+  ChainIdMissing = 'ChainId is missing',
 }
 
 /**

packages/apps/job-launcher/server/src/common/constants/index.ts

@@ -3,3 +3,5 @@ export const COINGECKO_API_URL =
   'https://api.coingecko.com/api/v3/simple/price';
 export const JOB_RETRIES_COUNT_THRESHOLD = 3;
 export const TX_CONFIRMATION_TRESHOLD = 1;
+
+export const JWT_PREFIX = 'bearer ';

packages/apps/job-launcher/server/src/common/constants/payment.ts

@@ -1,3 +1,5 @@
+import { ICoingeckoTokenId } from '../interfaces';
+
 export const CoingeckoTokenId: ICoingeckoTokenId = {
   hmt: 'human-protocol',
 };

packages/apps/job-launcher/server/src/common/decorators/index.ts

@@ -1,2 +1 @@
-export * from './role';
 export * from './public';

packages/apps/job-launcher/server/src/common/guards/index.ts

@@ -1,2 +1 @@
-export * from './jwt.http';
-export * from './roles';
+export * from './jwt.auth';

packages/apps/job-launcher/server/src/common/guards/jwt.http.ts → packages/apps/job-launcher/server/src/common/guards/jwt.auth.ts

@@ -8,7 +8,7 @@ import { Reflector } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';
 
 @Injectable()
-export class JwtHttpGuard extends AuthGuard('jwt-http') implements CanActivate {
+export class JwtAuthGuard extends AuthGuard('jwt-http') implements CanActivate {
   constructor(private readonly reflector: Reflector) {
     super();
   }