Retranscription du PAI dans le backend

backend/src/auth/auth.module.ts

@@ -4,6 +4,7 @@ import { JwtModule } from '@nestjs/jwt';
 import { CommonModule } from '../common/common.module';
 import { AuthGuard } from './guards/auth.guard';
 import { AuthService } from './services/auth.service';
+import { CollectivitesModule } from '../collectivites/collectivites.module';
 import { ConfigurationModule } from '../config/configuration.module';
 
 @Module({
@@ -14,6 +15,7 @@ import { ConfigurationModule } from '../config/configuration.module';
     }),
     ConfigurationModule,
     CommonModule,
+    CollectivitesModule,
   ],
   providers: [
     {

backend/src/auth/decorators/token-info.decorators.ts

@@ -4,5 +4,5 @@ export const TokenInfo = createParamDecorator(
   (data: unknown, ctx: ExecutionContext) => {
     const request = ctx.switchToHttp().getRequest();
     return request.tokenInfo;
-  },
+  }
 );

backend/src/auth/guards/auth.guard.ts

@@ -11,11 +11,12 @@ import { Request } from 'express';
 import BackendConfigurationService from '../../config/configuration.service';
 import { getErrorMessage } from '../../common/services/errors.helper';
 import { PublicEndpoint } from '../decorators/public-endpoint.decorator';
-import { SupabaseJwtPayload } from '../models/auth.models';
+import { SupabaseJwtPayload } from '../models/supabase-jwt.models';
 
 @Injectable()
 export class AuthGuard implements CanActivate {
   private readonly logger = new Logger(AuthGuard.name);
+
   constructor(
     private jwtService: JwtService,
     private reflector: Reflector,

backend/src/auth/models/auth-users.table.ts

@@ -0,0 +1,52 @@
+import { pgSchema } from 'drizzle-orm/pg-core';
+import { timestamp, uuid, varchar } from 'drizzle-orm/pg-core';
+
+export const authSchemaDB = pgSchema('auth');
+
+export const authUsersTable = authSchemaDB.table('users', {
+  id: uuid('user_id').primaryKey().notNull(),
+  email: varchar('email', { length: 255 }),
+  createdAt: timestamp('created_at', { withTimezone: true, mode: 'string' }),
+  lastSignInAt: timestamp('last_sign_in_at', {
+    withTimezone: true,
+    mode: 'string',
+  }),
+
+  /*
+  TODO
+  instance_id                 uuid,
+  aud                         varchar(255),
+  role                        varchar(255),
+  encrypted_password          varchar(255),
+  email_confirmed_at          timestamp with time zone,
+  invited_at                  timestamp with time zone,
+  confirmation_token          varchar(255),
+  confirmation_sent_at        timestamp with time zone,
+  recovery_token              varchar(255),
+  recovery_sent_at            timestamp with time zone,
+  email_change_token_new      varchar(255),
+  email_change                varchar(255),
+  email_change_sent_at        timestamp with time zone,
+  raw_app_meta_data           jsonb,
+  raw_user_meta_data          jsonb,
+  is_super_admin              boolean,
+  updated_at                  timestamp with time zone,
+  phone                       text         default NULL::character varying
+unique,
+  phone_confirmed_at          timestamp with time zone,
+  phone_change                text         default ''::character varying,
+  phone_change_token          varchar(255) default ''::character varying,
+  phone_change_sent_at        timestamp with time zone,
+  confirmed_at                timestamp with time zone generated always as (LEAST(email_confirmed_at, phone_confirmed_at)) stored,
+  email_change_token_current  varchar(255) default ''::character varying,
+  email_change_confirm_status smallint     default 0
+constraint users_email_change_confirm_status_check
+check ((email_change_confirm_status >= 0) AND (email_change_confirm_status <= 2)),
+banned_until                timestamp with time zone,
+  reauthentication_token      varchar(255) default ''::character varying,
+  reauthentication_sent_at    timestamp with time zone,
+  is_sso_user                 boolean      default false not null,
+  deleted_at                  timestamp with time zone,
+  is_anonymous                boolean      default false not null
+   */
+});

backend/src/auth/models/dcp.table.ts

@@ -0,0 +1,22 @@
+import { boolean, pgTable, uuid, varchar } from 'drizzle-orm/pg-core';
+import { text, timestamp } from 'drizzle-orm/pg-core';
+
+export const dcpTable = pgTable('dcp', {
+  userId: uuid('user_id').primaryKey().notNull(), // TODO .references(() => users.id),
+  nom: text('nom').notNull(),
+  prenom: text('prenom').notNull(),
+  email: text('email').notNull(),
+  limited: boolean('limited').default(false).notNull(),
+  deleted: boolean('deleted').default(false).notNull(),
+  createdAt: timestamp('created_at', { withTimezone: true, mode: 'string' })
+    .defaultNow()
+    .notNull(),
+  modifiedAt: timestamp('modified_at', { withTimezone: true, mode: 'string' })
+    .defaultNow()
+    .notNull(),
+  telephone: varchar('telephone', { length: 30 }),
+  cguAccepteesLe: timestamp('cgu_acceptees_le', {
+    withTimezone: true,
+    mode: 'string',
+  }),
+});

backend/src/auth/models/auth.models.ts → backend/src/auth/models/private-utilisateur-droit.table.ts

@@ -8,8 +8,8 @@ import {
   timestamp,
   uuid,
 } from 'drizzle-orm/pg-core';
+import { collectiviteTable } from '../../collectivites/models/collectivite.table';
 import { default as jwt } from 'jsonwebtoken';
-import { collectiviteTable } from '../../collectivites/models/collectivite.models';
 
 export enum NiveauAcces {
   LECTURE = 'lecture',
@@ -26,43 +26,25 @@ export const niveauAccessEnum = pgEnum('niveau_acces', niveauAccessOrdonne);
 
 export const utilisateurDroitTable = pgTable('private_utilisateur_droit', {
   id: serial('id').primaryKey(),
-  user_id: uuid('user_id').notNull(), // TODO: reference user table
-  collectivite_id: integer('collectivite_id')
+  userId: uuid('user_id').notNull(), // TODO: reference user table
+  collectiviteId: integer('collectivite_id')
     .notNull()
     .references(() => collectiviteTable.id),
-  created_at: timestamp('created_at', { withTimezone: true })
+  createdAt: timestamp('created_at', { withTimezone: true })
     .default(sql.raw(`CURRENT_TIMESTAMP`))
     .notNull(),
-  modified_at: timestamp('modified_at', { withTimezone: true }).default(
+  modifiedAt: timestamp('modified_at', { withTimezone: true }).default(
     sql.raw(`CURRENT_TIMESTAMP`)
   ),
   active: boolean('active').notNull(),
-  niveau_acces: niveauAccessEnum('niveau_acces')
+  niveauAcces: niveauAccessEnum('niveau_acces')
     .notNull()
     .default(NiveauAcces.LECTURE),
-  invitation_id: uuid('invitation_id'), // TODO: reference invitation table
+  invitationId: uuid('invitation_id'), // TODO: reference invitation table
 });
 export type UtilisateurDroitType = InferSelectModel<
   typeof utilisateurDroitTable
 >;
 export type CreateUtilisateurDroitType = InferInsertModel<
   typeof utilisateurDroitTable
 >;
-
-export enum SupabaseRole {
-  AUTHENTICATED = 'authenticated',
-  SERVICE_ROLE = 'service_role',
-  ANON = 'anon', // Anonymous
-}
-
-export interface SupabaseJwtPayload extends jwt.JwtPayload {
-  email?: string;
-  phone?: string;
-  app_metadata?: {
-    provider: string;
-    providers: string[];
-  };
-  session_id: string;
-  role: SupabaseRole;
-  is_anonymous: boolean;
-}

backend/src/auth/models/supabase-jwt.models.ts

@@ -0,0 +1,19 @@
+import * as jwt from 'jsonwebtoken';
+
+export enum SupabaseRole {
+  AUTHENTICATED = 'authenticated',
+  SERVICE_ROLE = 'service_role',
+  ANON = 'anon', // Anonymous
+}
+
+export interface SupabaseJwtPayload extends jwt.JwtPayload {
+  email?: string;
+  phone?: string;
+  app_metadata?: {
+    provider: string;
+    providers: string[];
+  };
+  session_id: string;
+  role: SupabaseRole;
+  is_anonymous: boolean;
+}

backend/src/auth/models/user-crm.dto.ts

@@ -0,0 +1,8 @@
+export type userCrm = {
+  prenom: string;
+  nom: string;
+  email: string;
+  telephone: string | null;
+  creation: string | null;
+  derniereConnexion: string | null;
+};

backend/src/auth/models/utilisateur-support.table.ts

@@ -0,0 +1,10 @@
+import { boolean, pgTable, uuid } from 'drizzle-orm/pg-core';
+import { dcpTable } from './dcp.table';
+
+export const utilisateurSupportTable = pgTable('utilisateur_support', {
+  userId: uuid('user_id')
+    .primaryKey()
+    .notNull()
+    .references(() => dcpTable.userId, { onDelete: 'cascade' }),
+  support: boolean('support').default(false).notNull(),
+});

backend/src/auth/models/utilisateur-verifie.table.ts

@@ -0,0 +1,10 @@
+import { boolean, pgTable, uuid } from 'drizzle-orm/pg-core';
+import { dcpTable } from './dcp.table';
+
+export const utilisateurVerifieTable = pgTable('utilisateur_verifie', {
+  userId: uuid('user_id')
+    .primaryKey()
+    .notNull()
+    .references(() => dcpTable.userId, { onDelete: 'cascade' }),
+  verifie: boolean('verifie').default(false).notNull(),
+});