feat(Switchboard): DID user authentication and registration prototype

packages/origin-backend-core/src/DidUserRegistrationData.ts

@@ -0,0 +1,31 @@
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
+import { Transform } from 'class-transformer';
+import { Role } from './User';
+
+export class DidUserRegistrationData {
+    @IsNotEmpty()
+    @IsString()
+    title: string;
+
+    @IsNotEmpty()
+    @IsString()
+    firstName: string;
+
+    @IsNotEmpty()
+    @IsString()
+    lastName: string;
+
+    @IsEmail()
+    @Transform((value: string) => value.toLowerCase())
+    email: string;
+
+    @IsNotEmpty()
+    @IsString()
+    did: string;
+
+    @IsNotEmpty()
+    @IsString()
+    telephone: string;
+
+    role: Role;
+}

packages/origin-backend-core/src/User.ts

@@ -53,6 +53,7 @@ export interface IUserProperties {
     firstName: string;
     lastName: string;
     email: string;
+    did?: string;
     telephone: string;
     notifications: boolean;
     rights: number;

packages/origin-backend-core/src/index.ts

@@ -8,4 +8,5 @@ export * from './OrganizationInvitation';
 export * from './OriginConfiguration';
 export * from './User';
 export * from './UserRegistrationData';
+export * from './DidUserRegistrationData';
 export * from './queries';

packages/origin-backend/migrations/1621942514841-UserPasswordNullable.ts

@@ -0,0 +1,13 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class UserPasswordNullable1621942514841 implements MigrationInterface {
+    name = 'UserPasswordNullable1621942514841';
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "user" ALTER COLUMN "password" DROP NOT NULL`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "user" ALTER COLUMN "password" SET NOT NULL`);
+    }
+}

packages/origin-backend/migrations/1621942557906-UserDidField.ts

@@ -0,0 +1,19 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class UserDidField1621942557906 implements MigrationInterface {
+    name = 'UserDidField1621942557906';
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "user" ADD "did" character varying`);
+        await queryRunner.query(
+            `ALTER TABLE "user" ADD CONSTRAINT "UQ_7d4ee7205853cfea0f68240b589" UNIQUE ("did")`
+        );
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(
+            `ALTER TABLE "user" DROP CONSTRAINT "UQ_7d4ee7205853cfea0f68240b589"`
+        );
+        await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "did"`);
+    }
+}

packages/origin-backend/package.json

@@ -65,7 +65,8 @@
         "reflect-metadata": "0.1.13",
         "rxjs": "6.6.7",
         "typeorm": "0.2.34",
-        "uuid": "8.3.2"
+        "uuid": "8.3.2",
+        "passport-did-auth": "1.0.0-alpha.13"
     },
     "devDependencies": {
         "typescript": "4.3.4",
@@ -98,7 +99,9 @@
         "shx": "0.3.3",
         "chai": "4.3.0",
         "@types/chai": "4.2.15",
-        "ts-node": "9.1.1"
+        "ts-node": "9.1.1",
+        "iam-client-lib": "3.0.0-alpha.21",
+        "jsonwebtoken": "8.5.1"
     },
     "files": [
         "dist",

packages/origin-backend/src/app.controller.ts

@@ -1,12 +1,21 @@
-import { Controller, Request, Post, UseGuards, HttpCode, HttpStatus } from '@nestjs/common';
+import {
+    Controller,
+    Request,
+    Response,
+    Post,
+    UseGuards,
+    HttpCode,
+    HttpStatus
+} from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
-import { Request as ExpressRequest } from 'express';
+import { Request as ExpressRequest, Response as ExpressResponse } from 'express';
 import { IUser } from '@energyweb/origin-backend-core';
 
 import { ApiBearerAuth, ApiBody, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { AuthService } from './auth/auth.service';
 import { LoginReturnDataDTO } from './auth/login-return-data.dto';
 import { LoginDataDTO } from './auth/login-data.dto';
+import { LoginDataDidDTO } from './auth/login-data-did.dto';
 
 @ApiTags('auth')
 @ApiBearerAuth('access-token')
@@ -22,4 +31,13 @@ export class AppController {
     async login(@Request() req: ExpressRequest): Promise<LoginReturnDataDTO> {
         return this.authService.login(req.user as Omit<IUser, 'password'>);
     }
+
+    @UseGuards(AuthGuard('did'))
+    @Post('auth/login-did')
+    @HttpCode(HttpStatus.OK)
+    @ApiBody({ type: LoginDataDidDTO })
+    @ApiResponse({ status: HttpStatus.OK, type: LoginReturnDataDTO, description: 'Log in (DID)' })
+    async loginDid(@Request() req: ExpressRequest, @Response() res: ExpressResponse) {
+        return res.send({ accessToken: req.user });
+    }
 }

packages/origin-backend/src/auth/auth.module.ts

@@ -6,7 +6,9 @@ import { ConfigService } from '@nestjs/config';
 import { UserModule } from '../pods/user/user.module';
 import { AuthService } from './auth.service';
 import { LocalStrategy } from './local.strategy';
+import { DidStrategy } from './did.strategy';
 import { JwtStrategy } from './jwt.strategy';
+import { JwtBasicStrategy } from './jwt-basic.strategy';
 
 @Global()
 @Module({
@@ -21,7 +23,7 @@ import { JwtStrategy } from './jwt.strategy';
             inject: [ConfigService]
         })
     ],
-    providers: [AuthService, LocalStrategy, JwtStrategy],
+    providers: [AuthService, LocalStrategy, DidStrategy, JwtStrategy, JwtBasicStrategy],
     exports: [AuthService, PassportModule, JwtModule]
 })
 export class AuthModule {}

packages/origin-backend/src/auth/auth.service.ts

@@ -1,13 +1,15 @@
 import { Injectable } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import bcrypt from 'bcryptjs';
-import { IUser, UserLoginReturnData } from '@energyweb/origin-backend-core';
+import { IUser, UserLoginReturnData, Role, LoggedInUser } from '@energyweb/origin-backend-core';
 
 import { UserService } from '../pods/user/user.service';
 
 export interface IJWTPayload {
-    id: number;
-    email: string;
+    id?: number;
+    did?: string;
+    email?: string;
+    verifiedRoles?: { name: string; nameSpace: string }[];
 }
 
 @Injectable()
@@ -34,4 +36,32 @@ export class AuthService {
             accessToken: this.jwtService.sign(payload)
         };
     }
+
+    /** TODO: this is a simulation of logging in with the passport-did-auth LoginStrategy
+     *    parked until https://energyweb.atlassian.net/browse/SWTCH-949 is solved
+     */
+
+    async loginDid(user: Omit<IUser, 'password'>): Promise<UserLoginReturnData> {
+        const loggedInUser = new LoggedInUser(user);
+
+        const rights: { name: string; nameSpace: string }[] = [];
+
+        Object.values(Role).forEach((role: Role) => {
+            if (loggedInUser.hasRole(role)) {
+                const roleName = Role[role].toString().toLowerCase();
+                rights.push({ name: roleName, nameSpace: `${roleName}.bogus.iat.ewc` });
+            }
+        });
+
+        const payload: IJWTPayload = {
+            email: user.email,
+            id: user.id,
+            //TODO: DID - this is going to be provided by passport-did-auth LoginStrategy
+            verifiedRoles: rights
+        };
+
+        return {
+            accessToken: this.jwtService.sign(payload)
+        };
+    }
 }

packages/origin-backend/src/auth/did.strategy.ts

@@ -0,0 +1,22 @@
+import { LoginStrategy } from 'passport-did-auth';
+import { PassportStrategy } from '@nestjs/passport';
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class DidStrategy extends PassportStrategy(LoginStrategy, 'did') {
+    constructor() {
+        super({
+            jwtSecret: process.env.JWT_SECRET,
+            jwtSignOptions: {
+                expiresIn: process.env.JWT_EXPIRY_TIME
+            },
+            rpcUrl: process.env.RPC_URL || 'https://volta-rpc.energyweb.org/',
+            cacheServerUrl:
+                process.env.CACHE_SERVER_URL || 'https://identitycache-dev.energyweb.org/',
+            acceptedRoles: [],
+            privateKey:
+                process.env.DEPLOY_KEY ||
+                '9945c05be0b1b7b35b7cec937e78c6552ecedca764b53a772547d94a687db929'
+        });
+    }
+}

packages/origin-backend/src/auth/jwt-basic.strategy.ts

@@ -0,0 +1,28 @@
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { PassportStrategy } from '@nestjs/passport';
+import { Injectable, Inject } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+
+import { UserService } from '../pods/user/user.service';
+import { IJWTPayload } from './auth.service';
+
+@Injectable()
+export class JwtBasicStrategy extends PassportStrategy(Strategy, 'jwt-basic') {
+    constructor(
+        @Inject(ConfigService) configService: ConfigService,
+        private readonly userService: UserService
+    ) {
+        super({
+            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKey: configService.get<string>('JWT_SECRET')
+        });
+    }
+
+    async validate(payload: IJWTPayload): Promise<IJWTPayload> {
+        if (!payload.did) {
+            return null;
+        }
+        return payload;
+    }
+}

packages/origin-backend/src/auth/jwt.strategy.ts

@@ -2,11 +2,21 @@ import { ExtractJwt, Strategy } from 'passport-jwt';
 import { PassportStrategy } from '@nestjs/passport';
 import { Injectable, Inject } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
-import { IUser } from '@energyweb/origin-backend-core';
+import { IUser, Role } from '@energyweb/origin-backend-core';
 
 import { UserService } from '../pods/user/user.service';
 import { IJWTPayload } from './auth.service';
 
+const chainToOriginRoleNamesMap: { [index: string]: string } = Object.keys(Role)
+    .map((key: keyof typeof Role) => Role[key])
+    .filter((value) => typeof value === 'string')
+    .reduce((acc: { [index: string]: string }, val) => {
+        const originRoleName = val.toString();
+        const chainRoleName = originRoleName.toLowerCase();
+        acc[chainRoleName] = originRoleName;
+        return acc;
+    }, {});
+
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
     constructor(
@@ -21,12 +31,38 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     }
 
     async validate(payload: IJWTPayload): Promise<IUser> {
-        const user = await this.userService.findByEmail(payload.email);
+        let user;
 
-        if (user) {
+        if (payload.verifiedRoles) {
+            user = await this.userService.findByDid(payload.did);
+        } else {
+            user = await this.userService.findByEmail(payload.email);
             return user;
         }
 
-        return null;
+        if (!user) {
+            return null;
+        }
+
+        const roles: Role[] = payload.verifiedRoles
+            .filter((role) => Role[chainToOriginRoleNamesMap[role.name] as keyof typeof Role]) // only roles that are recognized by the Origin
+            .map((role) => chainToOriginRoleNamesMap[role.name])
+            .map((roleName: keyof typeof Role) => Role[roleName]);
+
+        // TODO: design and implement functionality onboarding users and organizaitons
+        //  then, based on it implement filtering roles used to build user.rights value
+
+        let rights = roles.reduce((acc, role) => {
+            return acc | role;
+        }, 0);
+
+        if (user.rights !== rights) {
+            // if DID roles are changed on Switchboard, the Origin DB record needs to be synchronized
+            await this.userService.changeRole(user.id, ...roles);
+        }
+
+        user.rights = rights;
+
+        return user;
     }
 }

packages/origin-backend/src/auth/login-data-did.dto.ts

@@ -0,0 +1,9 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class LoginDataDidDTO {
+    @ApiProperty({ type: String })
+    @IsString()
+    @IsNotEmpty()
+    identityToken: string;
+}

packages/origin-backend/src/pods/user/dto/register-did-user.dto.ts

@@ -0,0 +1,10 @@
+import { PickType } from '@nestjs/swagger';
+import { UserDTO } from './user.dto';
+
+export class RegisterDidUserDTO extends PickType(UserDTO, [
+    'title',
+    'firstName',
+    'lastName',
+    'email',
+    'telephone'
+] as const) {}