11340871916

Committed 15 Oct 2024 06:58AM UTC coverage: 46.83% (-45.0%) from 91.836%

Build # 11340871916

Build Type

push

github

Committed by

web-flow

Commit Message

Bump typescript from 5.6.2 to 5.6.3 (#2015)

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.6.2 to 5.6.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.6.2...v5.6.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Run Details

500 of 3096 branches covered (16.15%)

Branch coverage included in aggregate %.

5092 of 8845 relevant lines covered (57.57%)

12.16 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

55.56

/src/routes/auth/auth.controller.ts

import { IConfigurationService } from '@/config/configuration.service.interface';
import { getMillisecondsUntil } from '@/domain/common/utils/time';
import { AuthService } from '@/routes/auth/auth.service';
import { AuthNonce } from '@/routes/auth/entities/auth-nonce.entity';
import { SiweDto, SiweDtoSchema } from '@/routes/auth/entities/siwe.dto.entity';
import { ValidationPipe } from '@/validation/pipes/validation.pipe';
import {
  Body,
  Controller,
  Get,
  HttpCode,
  Inject,
  Post,
  Res,
} from '@nestjs/common';
import { ApiOkResponse, ApiTags } from '@nestjs/swagger';
import { Response } from 'express';

/**
 * The AuthController is responsible for handling authentication:
 *
 * 1. Calling `/v1/auth/nonce` returns a unique nonce to be signed.
 * 2. The client signs this nonce in a SiWe message, sending it and
 *    the signature to `/v1/auth/verify` for verification.
 * 3. If verification succeeds, JWT token is added to `access_token`
 *    Set-Cookie.
 */
@ApiTags('auth')
@Controller({ path: 'auth', version: '1' })
export class AuthController {
  static readonly ACCESS_TOKEN_COOKIE_NAME = 'access_token';
  static readonly ACCESS_TOKEN_COOKIE_SAME_SITE_LAX = 'lax';
  static readonly ACCESS_TOKEN_COOKIE_SAME_SITE_NONE = 'none';
  static readonly CGW_ENV_PRODUCTION = 'production';
  private readonly isProduction: boolean;

  constructor(
    @Inject(IConfigurationService)
    private readonly configurationService: IConfigurationService,
    private readonly authService: AuthService,
  ) {
    this.isProduction = this.configurationService.getOrThrow<boolean>(
      'application.isProduction',
    );
  }

  @ApiOkResponse({ type: AuthNonce })
  @Get('nonce')
  async getNonce(): Promise<AuthNonce> {
    return this.authService.getNonce();
  }

  @HttpCode(200)
  @Post('verify')
  @ApiOkResponse({
    description: 'Empty response body. JWT token is set as response cookie.',
  })
  async verify(
    @Res({ passthrough: true })
    res: Response,
    @Body(new ValidationPipe(SiweDtoSchema))
    siweDto: SiweDto,
  ): Promise<void> {
    const { accessToken } = await this.authService.getAccessToken(siweDto);

    res.cookie(AuthController.ACCESS_TOKEN_COOKIE_NAME, accessToken, {
      httpOnly: true,
      secure: true,
      sameSite: this.isProduction
        ? AuthController.ACCESS_TOKEN_COOKIE_SAME_SITE_LAX
        : AuthController.ACCESS_TOKEN_COOKIE_SAME_SITE_NONE,
      path: '/',
      // Extract maxAge from token as it may slightly differ to SiWe message
      maxAge: this.getMaxAge(accessToken),
    });
  }

  /**
   * Extract the expiration time from the token and return the maximum age.
   * @param accessToken - JWT token
   * @returns maximum age of the token in milliseconds or undefined if none set
   *
   * Note: the `Max-Age` of a cookie is in seconds, but express' requires it in
   * milliseconds when setting it with `res.cookie()`.
   * @see http://expressjs.com/en/api.html
   */
  private getMaxAge(accessToken: string): number | undefined {
    const { exp } = this.authService.getTokenPayloadWithClaims(accessToken);
    return exp ? getMillisecondsUntil(exp) : undefined;
  }
}

1	import { IConfigurationService } from '@/config/configuration.service.interface';	16✔
2	import { getMillisecondsUntil } from '@/domain/common/utils/time';	16✔
3	import { AuthService } from '@/routes/auth/auth.service';	16✔
4	import { AuthNonce } from '@/routes/auth/entities/auth-nonce.entity';	16✔
5	import { SiweDto, SiweDtoSchema } from '@/routes/auth/entities/siwe.dto.entity';	16✔
6	import { ValidationPipe } from '@/validation/pipes/validation.pipe';	16✔
7	import {	16✔
8	Body,
9	Controller,
10	Get,
11	HttpCode,
12	Inject,
13	Post,
14	Res,
15	} from '@nestjs/common';
16	import { ApiOkResponse, ApiTags } from '@nestjs/swagger';	16✔
17	import { Response } from 'express';
18
19	/**
20	* The AuthController is responsible for handling authentication:
21	*
22	* 1. Calling `/v1/auth/nonce` returns a unique nonce to be signed.
23	* 2. The client signs this nonce in a SiWe message, sending it and
24	* the signature to `/v1/auth/verify` for verification.
25	* 3. If verification succeeds, JWT token is added to `access_token`
26	* Set-Cookie.
27	*/
28	@ApiTags('auth')
29	@Controller({ path: 'auth', version: '1' })
30	export class AuthController {	16✔
31	static readonly ACCESS_TOKEN_COOKIE_NAME = 'access_token';	16✔
32	static readonly ACCESS_TOKEN_COOKIE_SAME_SITE_LAX = 'lax';	16✔
33	static readonly ACCESS_TOKEN_COOKIE_SAME_SITE_NONE = 'none';	16✔
34	static readonly CGW_ENV_PRODUCTION = 'production';	16✔
35	private readonly isProduction: boolean;
36
37	constructor(
38	@Inject(IConfigurationService)
39	private readonly configurationService: IConfigurationService,	×
40	private readonly authService: AuthService,	×
41	) {
42	this.isProduction = this.configurationService.getOrThrow<boolean>(	×
43	'application.isProduction',
44	);
45	}
46
47	@ApiOkResponse({ type: AuthNonce })
48	@Get('nonce')
49	async getNonce(): Promise<AuthNonce> {	16✔
50	return this.authService.getNonce();	×
51	}
52
53	@HttpCode(200)
54	@Post('verify')
55	@ApiOkResponse({
56	description: 'Empty response body. JWT token is set as response cookie.',
57	})
58	async verify(	16✔
59	@Res({ passthrough: true })
60	res: Response,
61	@Body(new ValidationPipe(SiweDtoSchema))
62	siweDto: SiweDto,
63	): Promise<void> {
64	const { accessToken } = await this.authService.getAccessToken(siweDto);	×
65
66	res.cookie(AuthController.ACCESS_TOKEN_COOKIE_NAME, accessToken, {	×
67	httpOnly: true,
68	secure: true,
69	sameSite: this.isProduction	×
70	? AuthController.ACCESS_TOKEN_COOKIE_SAME_SITE_LAX
71	: AuthController.ACCESS_TOKEN_COOKIE_SAME_SITE_NONE,
72	path: '/',
73	// Extract maxAge from token as it may slightly differ to SiWe message
74	maxAge: this.getMaxAge(accessToken),
75	});
76	}
77
78	/**
79	* Extract the expiration time from the token and return the maximum age.
80	* @param accessToken - JWT token
81	* @returns maximum age of the token in milliseconds or undefined if none set
82	*
83	* Note: the `Max-Age` of a cookie is in seconds, but express' requires it in
84	* milliseconds when setting it with `res.cookie()`.
85	* @see http://expressjs.com/en/api.html
86	*/
87	private getMaxAge(accessToken: string): number \| undefined {
88	const { exp } = this.authService.getTokenPayloadWithClaims(accessToken);	×
89	return exp ? getMillisecondsUntil(exp) : undefined;	×
90	}
91	}

safe-global / safe-client-gateway / 11340871916

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous