vivid-planet · johnnyomair · Feb 17, 2025 · Nov 22, 2024 · Nov 28, 2024 · Dec 2, 2024
diff --git a/.changeset/rude-laws-pretend.md b/.changeset/rude-laws-pretend.md
@@ -0,0 +1,7 @@
+---
+"@comet/cms-api": major
+---
+
+Replace passport with auth services
+
+See the migration guide to upgrade.
diff --git a/demo/api/package.json b/demo/api/package.json
@@ -37,6 +37,7 @@
         "@nestjs/common": "^10.4.8",
         "@nestjs/core": "^10.4.8",
         "@nestjs/graphql": "^12.2.1",
+        "@nestjs/jwt": "^10.2.0",
         "@nestjs/platform-express": "^10.4.8",
         "@opentelemetry/api": "^1.9.0",
         "@opentelemetry/auto-instrumentations-node": "^0.50.0",

diff --git a/demo/api/schema.gql b/demo/api/schema.gql
@@ -2,34 +2,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED (DO NOT MODIFY)
 # ------------------------------------------------------
 
-type UserPermissionsUser {
-  id: String!
-  name: String!
-  email: String!
-  permissionsCount: Int!
-  contentScopesCount: Int!
-}
-
-type CurrentUserPermission {
-  permission: String!
-  contentScopes: [JSONObject!]!
-}
-
-"""
-The `JSONObject` scalar type represents JSON objects as specified by [ECMA-404](http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf).
-"""
-scalar JSONObject @specifiedBy(url: "http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf")
-
-type CurrentUser {
-  id: String!
-  name: String!
-  email: String!
-  permissions: [CurrentUserPermission!]!
-  impersonated: Boolean
-  authenticatedUser: UserPermissionsUser
-  permissionsForScope(scope: JSONObject!): [String!]!
-}
-
 type UserPermission {
   id: ID!
   source: UserPermissionSource!
@@ -53,6 +25,34 @@ A date-time string at UTC, such as 2019-12-03T09:54:33Z, compliant with the date
 """
 scalar DateTime
 
+"""
+The `JSONObject` scalar type represents JSON objects as specified by [ECMA-404](http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf).
+"""
+scalar JSONObject @specifiedBy(url: "http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf")
+
+type UserPermissionsUser {
+  id: String!
+  name: String!
+  email: String!
+  permissionsCount: Int!
+  contentScopesCount: Int!
+}
+
+type CurrentUserPermission {
+  permission: String!
+  contentScopes: [JSONObject!]!
+}
+
+type CurrentUser {
+  id: String!
+  name: String!
+  email: String!
+  permissions: [CurrentUserPermission!]!
+  impersonated: Boolean
+  authenticatedUser: UserPermissionsUser
+  permissionsForScope(scope: JSONObject!): [String!]!
+}
+
 type Dependency {
   rootId: String!
   rootGraphqlObjectType: String!

diff --git a/demo/api/src/auth/auth.module.ts b/demo/api/src/auth/auth.module.ts
@@ -1,6 +1,14 @@
-import { createAuthResolver, createCometAuthGuard, createStaticAuthedUserStrategy, createStaticCredentialsBasicStrategy } from "@comet/cms-api";
+import {
+    CometAuthGuard,
+    createAuthGuardProviders,
+    createAuthResolver,
+    createBasicAuthService,
+    createJwtAuthService,
+    createStaticUserAuthService,
+} from "@comet/cms-api";
 import { DynamicModule, Module } from "@nestjs/common";
 import { APP_GUARD } from "@nestjs/core";
+import { JwtModule } from "@nestjs/jwt";
 import { Config } from "@src/config/config";
 
 import { AccessControlService } from "./access-control.service";
@@ -15,23 +23,24 @@ export class AuthModule {
         return {
             module: AuthModule,
             providers: [
-                createStaticCredentialsBasicStrategy({
-                    username: SYSTEM_USER_NAME,
-                    password: config.auth.systemUserPassword,
-                    strategyName: "system-user",
-                }),
-                createStaticAuthedUserStrategy({
-                    staticAuthedUser: staticUsers[0],
-                }),
+                ...createAuthGuardProviders(
+                    createBasicAuthService({
+                        username: SYSTEM_USER_NAME,
+                        password: config.auth.systemUserPassword,
+                    }),
+                    createJwtAuthService({ verifyOptions: { secret: "secret" } }), // for testing purposes, send header "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIyIiwiaWF0IjoxNTE2MjM5MDIyfQ.fG9j2rVOgunoya_njgn9w1t8muFlrpE9ffJ9i8sJYsQ"
+                    createStaticUserAuthService({ staticUser: staticUsers[0] }),
+                ),
                 createAuthResolver(),
                 {
                     provide: APP_GUARD,
-                    useClass: createCometAuthGuard(["system-user", "static-authed-user"]),
+                    useClass: CometAuthGuard,
                 },
                 UserService,
                 AccessControlService,
             ],
             exports: [UserService, AccessControlService],
+            imports: [JwtModule],
         };
     }
 }
diff --git a/docs/docs/migration/migration-from-v7-to-v8.md b/docs/docs/migration/migration-from-v7-to-v8.md
@@ -16,6 +16,8 @@ It automatically installs the new versions of all `@comet` libraries, runs an ES
 -   Run MUI codemods
 -   Upgrade MUI X packages to v6
 -   Upgrade NestJS packages to v10
+-   Remove passport-dependencies (we don't use passport anymore)
+-   Add @nestjs/jwt dependencies
 
 </details>
 
@@ -126,8 +128,59 @@ The class-validator peer dependency has been bumped to v0.14.0:
 npx @comet/upgrade v8/update-class-validator.ts
 ```
 
+### Remove passport
+
+Remove all passport-dependencies and add @nestjs/jwt
+
+```diff title=api/package.json
+{
+    "dependencies": {
+-       "@nestjs/passport": "^9.0.0",
+-       ...other passport dependencies
++       "@nestjs/jwt": "^10.2.0",
+    }
+}
+```
+
+:::note Codemod available
+
+```sh
+npx @comet/upgrade v8/remove-passport.ts
+```
+
 :::
 
+Rename the `strategy`-factories and wrap them in `...createAuthGuardProviders()`:
+
+```diff title=api/src/auth/auth.module.ts
+-   createStaticCredentialsBasicStrategy({ ... }),
+-   createAuthProxyJwtStrategy({ ... }),
+-   createStaticCredentialsBasicStrategy({ ... }),
++   ...createAuthGuardProviders(
++       createBasicAuthService({ ... }),
++       createJwtAuthService({ ... }),
++       createStaticUserAuthService({ ... }),
++   ),
+```
+
+:::note The configuration of the AuthServices have changed slightly. Consulting the code completion should help to adapt.
+
+Replace `createAuthResolver` with the class name:
+
+```diff title=api/src/auth/auth.module.ts
+-   useClass: createCometAuthGuard([...]),
++   useClass: CometAuthGuard,
+```
+
+:::note `CometAuthGuard` does not support Passport strategies anymore. Consider rewriting or wrapping into `AuthServiceInterface`. However, you still can use passport strategies in conjunction with the provided `AuthGuard` from `@nestjs/passport`.
+
+Import `JwtModule` from `@nestjs/jwt`:
+
+```diff title=api/src/auth/auth.module.ts
+    exports: [UserService, AccessControlService],
++   imports: [JwtModule],
+```
+
 ## Admin
 
 ### Stay on same page after changing scope

diff --git a/packages/api/cms-api/package.json b/packages/api/cms-api/package.json
@@ -40,7 +40,6 @@
         "@golevelup/nestjs-discovery": "^4.0.2",
         "@hapi/accept": "^5.0.2",
         "@nestjs/mapped-types": "^2.0.6",
-        "@nestjs/passport": "^10.0.3",
         "@opentelemetry/api": "^1.9.0",
         "@types/get-image-colors": "^4.0.0",
         "base64url": "^3.0.0",
@@ -58,18 +57,13 @@
         "graphql-scalars": "^1.23.0",
         "hasha": "^5.2.2",
         "jose": "^5.2.4",
-        "jsonwebtoken": "^8.5.1",
         "jszip": "^3.10.1",
         "jwks-rsa": "^3.0.0",
         "lodash.isequal": "^4.0.0",
         "mime": "^3.0.0",
         "mime-db": "^1.0.0",
         "multer": "^1.4.4",
         "node-fetch": "^2.0.0",
-        "passport": "^0.6.0",
-        "passport-custom": "^1.1.1",
-        "passport-http": "^0.3.0",
-        "passport-jwt": "^4.0.0",
         "pluralize": "^8.0.0",
         "probe-image-size": "^7.0.0",
         "reflect-metadata": "^0.1.0",
@@ -92,21 +86,19 @@
         "@nestjs/common": "^10.4.8",
         "@nestjs/core": "^10.4.8",
         "@nestjs/graphql": "^12.2.1",
+        "@nestjs/jwt": "^10.2.0",
         "@nestjs/platform-express": "^10.4.8",
         "@nestjs/testing": "^10.4.8",
         "@sentry/node": "^7.0.0",
         "@types/draft-js": "^0.11.10",
         "@types/express": "^4.0.0",
         "@types/jest": "^29.5.0",
-        "@types/jsonwebtoken": "^8.5.9",
         "@types/lodash.isequal": "^4.0.0",
         "@types/mime": "^2.0.0",
         "@types/mime-db": "^1.0.0",
         "@types/multer": "^1.4.4",
         "@types/node": "^22.0.0",
         "@types/node-fetch": "^2.6.2",
-        "@types/passport-http": "^0.3.9",
-        "@types/passport-jwt": "^3.0.7",
         "@types/pluralize": "^0.0.29",
         "@types/probe-image-size": "^7.0.0",
         "@types/request-ip": "^0.0.41",
@@ -136,6 +128,7 @@
         "@nestjs/common": "^10.0.0",
         "@nestjs/core": "^10.0.0",
         "@nestjs/graphql": "^12.0.0",
+        "@nestjs/jwt": "^10.2.0",
         "@nestjs/platform-express": "^10.0.0",
         "@sentry/node": "^7.0.0",
         "class-validator": "^0.14.0",

diff --git a/packages/api/cms-api/schema.gql b/packages/api/cms-api/schema.gql
@@ -1,31 +1,3 @@
-type UserPermissionsUser {
-  id: String!
-  name: String!
-  email: String!
-  permissionsCount: Int!
-  contentScopesCount: Int!
-}
-
-type CurrentUserPermission {
-  permission: String!
-  contentScopes: [JSONObject!]!
-}
-
-"""
-The `JSONObject` scalar type represents JSON objects as specified by [ECMA-404](http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf).
-"""
-scalar JSONObject @specifiedBy(url: "http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf")
-
-type CurrentUser {
-  id: String!
-  name: String!
-  email: String!
-  permissions: [CurrentUserPermission!]!
-  impersonated: Boolean
-  authenticatedUser: UserPermissionsUser
-  permissionsForScope(scope: JSONObject!): [String!]!
-}
-
 type UserPermission {
   id: ID!
   source: UserPermissionSource!
@@ -49,6 +21,34 @@ A date-time string at UTC, such as 2019-12-03T09:54:33Z, compliant with the date
 """
 scalar DateTime
 
+"""
+The `JSONObject` scalar type represents JSON objects as specified by [ECMA-404](http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf).
+"""
+scalar JSONObject @specifiedBy(url: "http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf")
+
+type UserPermissionsUser {
+  id: String!
+  name: String!
+  email: String!
+  permissionsCount: Int!
+  contentScopesCount: Int!
+}
+
+type CurrentUserPermission {
+  permission: String!
+  contentScopes: [JSONObject!]!
+}
+
+type CurrentUser {
+  id: String!
+  name: String!
+  email: String!
+  permissions: [CurrentUserPermission!]!
+  impersonated: Boolean
+  authenticatedUser: UserPermissionsUser
+  permissionsForScope(scope: JSONObject!): [String!]!
+}
+
 type Dependency {
   rootId: String!
   rootGraphqlObjectType: String!