auth setup

kkartunov · kkartunov · commit 9d503928c496 · 2025-07-01T13:18:24.000+03:00
diff --git a/src/app.module.ts b/src/app.module.ts
@@ -6,9 +6,6 @@ import { GlobalProvidersModule } from './shared/global/globalProviders.module';
 import { TopcoderModule } from './shared/topcoder/topcoder.module';
 import { HealthCheckController } from './api/health-check/healthCheck.controller';
 import { TokenValidatorMiddleware } from './core/auth/middleware/tokenValidator.middleware';
-import { CreateRequestStoreMiddleware } from './core/request/createRequestStore.middleware';
-import { AuthGuard, RolesGuard } from './core/auth/guards';
-import { APP_GUARD } from '@nestjs/core';
 
 @Module({
   imports: [
@@ -20,27 +17,15 @@ import { APP_GUARD } from '@nestjs/core';
         sessionIdGenerator: () => randomUUID(),
         statelessMode: false,
       },
-      // guards: [AuthGuard, RolesGuard],
     }),
     GlobalProvidersModule,
     TopcoderModule,
   ],
   controllers: [HealthCheckController],
-  providers: [
-    // {
-    //   provide: APP_GUARD,
-    //   useClass: AuthGuard,
-    // },
-    // {
-    //   provide: APP_GUARD,
-    //   useClass: RolesGuard,
-    // },
-    QueryChallengesTool,
-  ],
+  providers: [QueryChallengesTool],
 })
 export class AppModule implements NestModule {
   configure(consumer: MiddlewareConsumer) {
-    // consumer.apply(TokenValidatorMiddleware).forRoutes('*');
-    // consumer.apply(CreateRequestStoreMiddleware).forRoutes('*');
+    consumer.apply(TokenValidatorMiddleware).forRoutes('*');
   }
 }
diff --git a/src/core/auth/auth.constants.ts b/src/core/auth/auth.constants.ts
@@ -2,4 +2,6 @@ export enum Role {
   User = 'Topcoder User',
 }
 
-export enum M2mScope {}
+export enum M2mScope {
+  QueryPublicChallenges = 'query:public:challenges',
+}
diff --git a/src/core/auth/decorators/index.ts b/src/core/auth/decorators/index.ts
@@ -1,5 +1,4 @@
 export * from './m2m.decorator';
 export * from './m2mScope.decorator';
 export * from './public.decorator';
-export * from './roles.decorator';
 export * from './user.decorator';
diff --git a/src/core/auth/decorators/roles.decorator.ts b/src/core/auth/decorators/roles.decorator.ts
diff --git a/src/core/auth/guards/auth.guard.ts b/src/core/auth/guards/auth.guard.ts
@@ -1,59 +1,17 @@
-import {
-  CanActivate,
-  ExecutionContext,
-  Injectable,
-  UnauthorizedException,
-} from '@nestjs/common';
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
-import { IS_M2M_KEY } from '../decorators/m2m.decorator';
-import { M2mScope } from '../auth.constants';
-import { SCOPES_KEY } from '../decorators/m2mScope.decorator';
+import { Logger } from 'src/shared/global';
 
 @Injectable()
 export class AuthGuard implements CanActivate {
+  private readonly logger = new Logger(AuthGuard.name);
+
   constructor(private reflector: Reflector) {}
 
   canActivate(context: ExecutionContext): boolean {
-    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
-      context.getHandler(),
-      context.getClass(),
-    ]);
-
-    if (isPublic) return true;
-
-    const req = context.switchToHttp().getRequest();
-    const isM2M = this.reflector.getAllAndOverride<boolean>(IS_M2M_KEY, [
-      context.getHandler(),
-      context.getClass(),
-    ]);
-
-    const { m2mUserId } = req;
-    if (m2mUserId) {
-      req.user = {
-        id: m2mUserId,
-        handle: '',
-      };
-    }
-
-    // Regular authentication - check that we have user's email and have verified the id token
-    if (!isM2M) {
-      return Boolean(req.email && req.idTokenVerified);
-    }
-
-    // M2M authentication - check scopes
-    if (!req.idTokenVerified || !req.m2mTokenScope)
-      throw new UnauthorizedException();
-
-    const allowedM2mScopes = this.reflector.getAllAndOverride<M2mScope[]>(
-      SCOPES_KEY,
-      [context.getHandler(), context.getClass()],
-    );
+    this.logger.log('AuthGuard canActivate called...');
+    // Check if the route is marked as public...
 
-    const reqScopes = req.m2mTokenScope.split(' ');
-    if (reqScopes.some((reqScope) => allowedM2mScopes.includes(reqScope))) {
-      return true;
-    }
-    return false;
+    return true;
   }
 }
diff --git a/src/core/auth/guards/index.ts b/src/core/auth/guards/index.ts
@@ -1,2 +1 @@
 export * from './auth.guard';
-export * from './roles.guard';
diff --git a/src/core/auth/guards/roles.guard.ts b/src/core/auth/guards/roles.guard.ts
diff --git a/src/core/request/createRequestStore.middleware.ts b/src/core/request/createRequestStore.middleware.ts
diff --git a/src/core/request/requestStore.ts b/src/core/request/requestStore.ts
diff --git a/src/main.ts b/src/main.ts
@@ -4,7 +4,9 @@ import { Logger } from 'src/shared/global';
 import { ENV_CONFIG } from './config';
 
 async function bootstrap() {
-  const app = await NestFactory.create(AppModule);
+  const app = await NestFactory.create(AppModule, {
+    logger: ['error', 'warn', 'log'],
+  });
 
   const logger = new Logger('bootstrap()');
 
diff --git a/src/mcp/tools/challenges/queryChallenges.tool.ts b/src/mcp/tools/challenges/queryChallenges.tool.ts
@@ -1,11 +1,12 @@
 // greeting.tool.ts
-import { Injectable, Inject } from '@nestjs/common';
+import { Injectable, Inject, UseGuards } from '@nestjs/common';
 import { Tool } from '@rekog/mcp-nest';
 import { REQUEST } from '@nestjs/core';
 import { QUERY_CHALLENGES_TOOL_PARAMETERS } from './queryChallenges.parameters';
 import { TopcoderChallengesService } from 'src/shared/topcoder/challenges.service';
 import { Logger } from 'src/shared/global';
 import { QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA } from './queryChallenges.output';
+import { AuthGuard } from 'src/core/auth/guards';
 
 @Injectable()
 export class QueryChallengesTool {
@@ -27,6 +28,7 @@ export class QueryChallengesTool {
       readOnlyHint: true,
     },
   })
+  @UseGuards(AuthGuard)
   async queryChallenges(params) {
     // Validate the input parameters
     const validatedParams = QUERY_CHALLENGES_TOOL_PARAMETERS.safeParse(params);
diff --git a/src/shared/global/logger.ts b/src/shared/global/logger.ts
@@ -1,12 +1,7 @@
 import { Logger as NestLogger } from '@nestjs/common';
 import * as stringify from 'json-stringify-safe';
-import { getStore } from 'src/core/request/requestStore';
 
 export class Logger extends NestLogger {
-  private get store() {
-    return getStore();
-  }
-
   log(...messages: any[]): void {
     super.log(this.formatMessages(messages));
   }
@@ -24,10 +19,7 @@ export class Logger extends NestLogger {
   }
 
   private formatMessages(messages: any[]): string {
-    const requestIdPrefix = this.store.requestId
-      ? [`{${this.store.requestId}}`]
-      : [];
-    return [...requestIdPrefix, ...messages]
+    return [...messages]
       .map((msg) =>
         // eslint-disable-next-line @typescript-eslint/no-unsafe-return
         typeof msg === 'object' ? stringify(msg, null, 2) : String(msg),

Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,6 @@ export enum Role {`
`2`	`2`	`User = 'Topcoder User',`
`3`	`3`	`}`
`4`	`4`
`5`		`-export enum M2mScope {}`
	`5`	`+export enum M2mScope {`
	`6`	`+ QueryPublicChallenges = 'query:public:challenges',`
	`7`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1 @@`
`1`	`1`	`export * from './auth.guard';`
`2`		`-export * from './roles.guard';`