diff --git a/docker-compose.yml b/docker-compose.yml index 363d864..4964458 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,11 +12,6 @@ services: DATABASE_URL: postgresql://leolitas:L@l321321321@postgres:5432/clipperia?schema=public networks: - dokploy-network - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.backend.rule=Host(`api.clipperia.com.br`)' - - 'traefik.http.routers.backend.entrypoints=websecure' - - 'traefik.http.routers.backend.tls.certresolver=letsencrypt' networks: dokploy-network: diff --git a/src/app.module.ts b/src/app.module.ts index 7013532..04b2093 100644 --- a/src/app.module.ts +++ b/src/app.module.ts @@ -9,7 +9,6 @@ import { VideosController } from './videos/videos.controller'; import { UsuariosModule } from './usuarios/usuarios.module'; import { LoggerMiddleware } from './middleware/logger.middleware'; import { RolesGuard } from './auth/roles.guard'; -import { TestModule } from './test/test.module'; @Module({ imports: [ @@ -18,7 +17,6 @@ import { TestModule } from './test/test.module'; VideosModule, AuthModule, UsuariosModule, - TestModule, ], controllers: [AppController], providers: [AppService, RolesGuard], diff --git a/src/auth/keycloak-auth.guard.ts b/src/auth/keycloak-auth.guard.ts index 37f046a..cca016e 100644 --- a/src/auth/keycloak-auth.guard.ts +++ b/src/auth/keycloak-auth.guard.ts @@ -1,21 +1,16 @@ -import { Injectable, Logger, UnauthorizedException } from '@nestjs/common'; +import { Injectable, UnauthorizedException } from '@nestjs/common'; import { AuthGuard } from '@nestjs/passport'; import type { JwtPayload } from './keycloak.strategy'; @Injectable() export class KeycloakAuthGuard extends AuthGuard('jwt') { - private readonly logger = new Logger(KeycloakAuthGuard.name); - handleRequest( err: unknown, user: JwtPayload | false, info: unknown, context: import('@nestjs/common').ExecutionContext, ): TUser { - this.logger.log(`KEYCLOAK_URL: ${process.env.KEYCLOAK_URL}`); - this.logger.log(`NODE_ENV: ${process.env.NODE_ENV}`); - if (err || !user) { if (err instanceof UnauthorizedException) { throw err; diff --git a/src/auth/keycloak.strategy.ts b/src/auth/keycloak.strategy.ts index cf7b23f..87ef0c3 100644 --- a/src/auth/keycloak.strategy.ts +++ b/src/auth/keycloak.strategy.ts @@ -49,71 +49,23 @@ export class KeycloakJwtStrategy extends PassportStrategy(Strategy, 'jwt') { issuer: 'https://auth.clipperia.com.br/realms/clipperia', ignoreExpiration: false, }); - - this.logger.verbose(`Using Keycloak URL: ${baseUrl}`); } - validate(payload: JwtPayload): JwtPayload { + validate(payload: JwtPayload) { try { - this.logger.verbose('=== JWT Validation Start ==='); - - this.logger.verbose(`Subject (sub): ${payload.sub}`); - this.logger.verbose(`Issuer (iss): ${payload.iss}`); - this.logger.verbose(`Audience (aud): ${JSON.stringify(payload.aud)}`); - this.logger.verbose( - `Issued At (iat): ${new Date(payload.iat * 1000).toISOString()}`, - ); - this.logger.verbose( - `Expiration (exp): ${new Date(payload.exp * 1000).toISOString()}`, - ); - this.logger.verbose('--- User Info ---'); - this.logger.verbose(`Email: ${payload.email || 'N/A'}`); - this.logger.verbose(`Username: ${payload.preferred_username || 'N/A'}`); - this.logger.verbose( - `Name: ${payload.given_name || ''} ${payload.family_name || ''}`.trim() || - 'N/A', - ); - - // Realm roles - this.logger.verbose('--- Realm Access ---'); - if (payload.realm_access?.roles?.length) { - payload.realm_access.roles.forEach((role: string) => { - this.logger.verbose(`- ${role}`); - }); - } else { - this.logger.verbose('No realm roles found'); - } - - // Resource access - this.logger.verbose('--- Resource Access ---'); - if (payload.resource_access) { - Object.entries(payload.resource_access).forEach(([resource, data]) => { - if (data?.roles?.length) { - this.logger.verbose(`${resource} roles:`); - data.roles.forEach((role: string) => { - this.logger.verbose(` - ${role}`); - }); - } - }); - } else { - this.logger.verbose('No resource access found'); - } - - // Token expiration check const now = Math.floor(Date.now() / 1000); + if (payload.exp < now) { - const minutesAgo = Math.round((now - payload.exp) / 60); - this.logger.warn(`Token expired ${minutesAgo} minutes ago`); throw new UnauthorizedException('Token expirado'); } - this.logger.verbose('=== JWT Validation Successful ==='); return payload; } catch (error: unknown) { const errorMessage = error instanceof Error ? error.stack : String(error); + this.logger.error('JWT Validation Error:', errorMessage); + throw error; } - return payload; } } diff --git a/src/auth/roles.guard.ts b/src/auth/roles.guard.ts index 74c0fde..7071fa4 100644 --- a/src/auth/roles.guard.ts +++ b/src/auth/roles.guard.ts @@ -3,7 +3,6 @@ import { CanActivate, ExecutionContext, ForbiddenException, - Logger, } from '@nestjs/common'; import { Reflector } from '@nestjs/core'; import { ROLES_KEY } from './decorator/roles.decorator'; @@ -14,38 +13,22 @@ import type { JwtPayload } from './keycloak.strategy'; export class RolesGuard implements CanActivate { constructor(private reflector: Reflector) {} - private readonly logger = new Logger(RolesGuard.name); - private extractRoles(user: JwtPayload): string[] { const roles: string[] = []; - this.logger.log('Extracting roles from user object'); - this.logger.log(`realm_access: ${JSON.stringify(user.realm_access)}`); - this.logger.log(`resource_access: ${JSON.stringify(user.resource_access)}`); - if (user.realm_access?.roles) { - this.logger.log( - `Found realm roles: ${JSON.stringify(user.realm_access.roles)}`, - ); roles.push(...user.realm_access.roles); } if (user.resource_access) { - this.logger.log('Processing resource_access'); - Object.entries(user.resource_access).forEach( - ([resourceName, resource]) => { - this.logger.log( - `Resource ${resourceName} roles: ${JSON.stringify(resource?.roles)}`, - ); - if (resource?.roles) { - roles.push(...resource.roles); - } - }, - ); + Object.entries(user.resource_access).forEach(([, resource]) => { + if (resource?.roles) { + roles.push(...resource.roles); + } + }); } const uniqueRoles = [...new Set(roles)]; - this.logger.log(`Final extracted roles: ${JSON.stringify(uniqueRoles)}`); return uniqueRoles; } @@ -55,22 +38,14 @@ export class RolesGuard implements CanActivate { [context.getHandler(), context.getClass()], ); - this.logger.log(`Required roles: ${JSON.stringify(requiredRoles)}`); - if (!requiredRoles || !requiredRoles.length) { - this.logger.log('No roles required for this route'); return true; } const request = context.switchToHttp().getRequest<{ user: JwtPayload }>(); const user = request.user; - this.logger.log( - `User object from request: ${JSON.stringify(user, null, 2)}`, - ); - if (!user) { - this.logger.error('No user found in request'); throw new ForbiddenException('Usuário não autenticado'); } diff --git a/src/test/test.controller.spec.ts b/src/test/test.controller.spec.ts deleted file mode 100644 index 9986ea5..0000000 --- a/src/test/test.controller.spec.ts +++ /dev/null @@ -1,18 +0,0 @@ -import { Test, TestingModule } from '@nestjs/testing'; -import { TestController } from './test.controller'; - -describe('TestController', () => { - let controller: TestController; - - beforeEach(async () => { - const module: TestingModule = await Test.createTestingModule({ - controllers: [TestController], - }).compile(); - - controller = module.get(TestController); - }); - - it('should be defined', () => { - expect(controller).toBeDefined(); - }); -}); diff --git a/src/test/test.controller.ts b/src/test/test.controller.ts deleted file mode 100644 index 923b5cd..0000000 --- a/src/test/test.controller.ts +++ /dev/null @@ -1,12 +0,0 @@ -import { Controller, Get, Req } from '@nestjs/common'; -import type { Request } from 'express'; - -@Controller('test') -export class TestController { - @Get() - debug(@Req() req: Request): string { - console.log('HEADERS:', req.headers); - - return JSON.stringify(req.headers); - } -} diff --git a/src/test/test.module.ts b/src/test/test.module.ts deleted file mode 100644 index b3df703..0000000 --- a/src/test/test.module.ts +++ /dev/null @@ -1,9 +0,0 @@ -import { Module } from '@nestjs/common'; -import { TestController } from './test.controller'; -import { TestService } from './test.service'; - -@Module({ - controllers: [TestController], - providers: [TestService] -}) -export class TestModule {} diff --git a/src/test/test.service.spec.ts b/src/test/test.service.spec.ts deleted file mode 100644 index 1aacbe5..0000000 --- a/src/test/test.service.spec.ts +++ /dev/null @@ -1,18 +0,0 @@ -import { Test, TestingModule } from '@nestjs/testing'; -import { TestService } from './test.service'; - -describe('TestService', () => { - let service: TestService; - - beforeEach(async () => { - const module: TestingModule = await Test.createTestingModule({ - providers: [TestService], - }).compile(); - - service = module.get(TestService); - }); - - it('should be defined', () => { - expect(service).toBeDefined(); - }); -}); diff --git a/src/test/test.service.ts b/src/test/test.service.ts deleted file mode 100644 index 0d79b70..0000000 --- a/src/test/test.service.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Injectable } from '@nestjs/common'; - -@Injectable() -export class TestService {}