Merge pull request #219 from spiffamani/feat/jwt-auth-system

feat: add Redis service and rate limiting to JWT auth system (#140)

Author: llins

backend/package-lock.json

@@ -53,8 +53,7 @@
     "crypto-js": "^4.2.0",
     "express": "^5.2.1",
     "fluent-ffmpeg": "^2.1.3",
-    "helmet": "^8.1.0",
-    "ioredis": "^5.9.2",
+    "ioredis": "^5.10.1",
     "json2csv": "^6.0.0-alpha.2",
     "kubo-rpc-client": "^6.1.0",
     "multer": "^2.0.2",

backend/package.json

@@ -1,4 +1,5 @@
 import { Module } from '@nestjs/common';
+import { ThrottlerModule } from '@nestjs/throttler';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { ScheduleModule } from '@nestjs/schedule';
@@ -72,7 +73,10 @@ import { WebSocketModule } from './websocket/websocket.module';
       ],
       envFilePath: '.env',
     }),
-
+ThrottlerModule.forRoot([{
+      ttl: 60000,
+      limit: 5,
+    }]),
     // Scheduler Module
     ScheduleModule.forRoot(),
 

backend/src/app.module.ts

@@ -8,6 +8,7 @@ import {
   Req,
 } from '@nestjs/common';
 import type { Request } from 'express';
+import { Throttle } from '@nestjs/throttler';
 import { AuthService } from './auth.service';
 import {
   RegisterDto,
@@ -25,6 +26,7 @@ import { CurrentUser } from './decorators/current-user.decorator';
 import { User } from '../modules/users/entities/user.entity';
 import { DeviceFingerprintUtil } from './utils/device-fingerprint.util';
 
+@Throttle({ default: { limit: 5, ttl: 60000 } })
 @Controller('auth')
 export class AuthController {
   constructor(private readonly authService: AuthService) {}
@@ -102,4 +104,4 @@ export class AuthController {
     await this.authService.resetPassword(resetPasswordDto);
     return { message: 'Password reset successfully' };
   }
-}
+}

backend/src/auth/auth.controller.ts

@@ -25,6 +25,7 @@ import { RolesService } from './services/roles.service';
 import { RolesController } from './controllers/roles.controller';
 import { PermissionsService } from './services/permissions.service';
 import { RolesPermissionsSeeder } from './seeds/roles-permissions.seed';
+import { RedisService } from './services/redis.service';
 import { SmsModule } from '../modules/sms/sms.module';
 import { EmailModule } from '../modules/email/email.module';
 import { EmailService as AppEmailService } from '../modules/email/email.service';
@@ -85,14 +86,15 @@ import { EmailService as AppEmailService } from '../modules/email/email.service'
     EmailModule,
   ],
   controllers: [AuthController, RolesController],
-  providers: [
+ providers: [
     AuthService,
     JwtStrategy,
     JwtAuthGuard,
     RolesGuard,
     RolesService,
     PermissionsService,
     RolesPermissionsSeeder,
+    RedisService,
     {
       provide: EMAIL_SERVICE,
       useExisting: AppEmailService,

backend/src/auth/auth.module.ts

@@ -0,0 +1,39 @@
+import { Injectable, OnModuleDestroy, OnModuleInit } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import Redis from 'ioredis';
+
+@Injectable()
+export class RedisService implements OnModuleInit, OnModuleDestroy {
+  private client: Redis;
+
+  constructor(private readonly configService: ConfigService) {}
+
+  onModuleInit() {
+    this.client = new Redis({
+      host: this.configService.get<string>('REDIS_HOST') || 'localhost',
+      port: this.configService.get<number>('REDIS_PORT') || 6379,
+      password: this.configService.get<string>('REDIS_PASSWORD') || undefined,
+    });
+  }
+
+  onModuleDestroy() {
+    this.client.disconnect();
+  }
+
+  async set(key: string, value: string, ttlSeconds: number): Promise<void> {
+    await this.client.set(key, value, 'EX', ttlSeconds);
+  }
+
+  async get(key: string): Promise<string | null> {
+    return this.client.get(key);
+  }
+
+  async del(key: string): Promise<void> {
+    await this.client.del(key);
+  }
+
+  async exists(key: string): Promise<boolean> {
+    const result = await this.client.exists(key);
+    return result === 1;
+  }
+}