Tetardtek/TetaRdPG
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: PKCE auth + CI/CD deploy
All checks were successful
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 1m2s
Details

Browse Source 
- Frontend: PKCE flow (oauth.ts, AuthCallback code exchange, 401 interceptor)
- Backend: token introspection via SuperOAuth (no more JWT secret)
- User model: superOauthId (unified) replaces oauthId+provider
- Cookies httpOnly session + refresh token
- POST /auth/refresh endpoint
- Gitea CI workflow (vps-runner pattern)
- DB_SYNC env var for initial schema creation
This commit is contained in:
Tetardtek
2026-03-24 13:01:14 +01:00
parent c1bf793234
commit 8c6777c980
61 changed files with 5850 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/auth/auth.controller.ts
View File

@@ -4,10 +4,11 @@ import {
Get,
Body,
Res,
Req,
UseGuards,
HttpCode,
HttpStatus,
Req,
UnauthorizedException,
} from '@nestjs/common';
import { Throttle } from '@nestjs/throttler';
import { Response, Request } from 'express';
@@ -30,6 +31,20 @@ export class AuthController {
return this.authService.setSession(dto, res);
}
@Post('refresh')
@HttpCode(HttpStatus.OK)
@Throttle({ default: { ttl: 60_000, limit: 10 } })
async refresh(
@Req() req: Request,
@Res({ passthrough: true }) res: Response,
) {
const refreshToken = (req.signedCookies as Record<string, string>)?.refresh_token;
if (!refreshToken) {
throw new UnauthorizedException('Pas de refresh token');
}
return this.authService.refreshSession(res, refreshToken);
}
@Get('me')
@UseGuards(AuthGuard)
async getMe(@Req() req: Request & { user: User }) {