feat(auth): register StrategyAuthGuard globally & consolidate auth flow#18
Open
NteinPrecious wants to merge 1 commit into
Open
feat(auth): register StrategyAuthGuard globally & consolidate auth flow#18NteinPrecious wants to merge 1 commit into
NteinPrecious wants to merge 1 commit into
Conversation
- Register StrategyAuthGuard as global APP_GUARD in AppModule (first in chain) so all routes are protected by default; open routes use @public() decorator - Apply @public() to GET /health and GET /info in AppController - Add JSDoc @deprecated to AuthService.register() and AuthService.login() directing callers to use EnhancedAuthService instead - Add architecture overview JSDoc to AuthModule explaining legacy, enhanced, and strategy-pattern auth flows; documents TokenBlacklistService injection - TokenBlacklistService already exported from AuthModule and injected into AuthService.logout() — no additional injection required
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #8
StrategyAuthGuardis now registered as the firstAPP_GUARDinAppModule, so every route is protected by default via the pluggable strategy system (wallet, traditional, OAuth, API-key). No more per-controller@UseGuards(JwtAuthGuard)needed for new routes.@Public()on open endpoints:GET /healthandGET /infoinAppControllerare decorated with@Public()so they remain unauthenticated.StrategyAuthGuardalready readsIS_PUBLIC_KEYviaReflectorto skip those routes.TokenBlacklistServiceis already exported fromAuthModuleand injected intoAuthService.logout()(which callstokenBlacklist.revoke(jti, exp)).EnhancedAuthServiceuses refresh-token table revocation;WalletAuthServicehas no logout path — no additional injection required.AuthService.register()andAuthService.login()now carry@deprecatedJSDoc comments directing callers toEnhancedAuthService, which adds refresh-token rotation and 2FA.@Module()inauth.module.tsexplains all three flows (legacy, enhanced, strategy) and their boundaries.npm run buildcompiles with zero errors.Test plan
GET /healthandGET /inforeturn 200 without anAuthorizationheaderGET /protected) returns 401 without a valid Bearer tokenAuthService.register/AuthService.loginshow@deprecatedin IDE toolingnpm run buildpasses cleanly