init project evolution api

2025-12-25 22:57:44 -06:00 · 2023-06-09 07:48:59 -03:00
commit 2a1c426311
90 changed files with 9820 additions and 0 deletions
--- a/src/whatsapp/guards/auth.guard.ts
+++ b/src/whatsapp/guards/auth.guard.ts
@@ -0,0 +1,94 @@
+import { isJWT } from 'class-validator';
+import { NextFunction, Request, Response } from 'express';
+import jwt from 'jsonwebtoken';
+import { Auth, configService } from '../../config/env.config';
+import { Logger } from '../../config/logger.config';
+import { name } from '../../../package.json';
+import { InstanceDto } from '../dto/instance.dto';
+import { JwtPayload } from '../services/auth.service';
+import { ForbiddenException, UnauthorizedException } from '../../exceptions';
+import { repository } from '../whatsapp.module';
+
+const logger = new Logger('GUARD');
+
+async function jwtGuard(req: Request, res: Response, next: NextFunction) {
+  const key = req.get('apikey');
+
+  if (key && configService.get<Auth>('AUTHENTICATION').API_KEY.KEY !== key) {
+    throw new UnauthorizedException();
+  }
+
+  if (configService.get<Auth>('AUTHENTICATION').API_KEY.KEY === key) {
+    return next();
+  }
+
+  if (
+    (req.originalUrl.includes('/instance/create') ||
+      req.originalUrl.includes('/instance/fetchInstances')) &&
+    !key
+  ) {
+    throw new ForbiddenException(
+      'Missing global api key',
+      'The global api key must be set',
+    );
+  }
+
+  const jwtOpts = configService.get<Auth>('AUTHENTICATION').JWT;
+  try {
+    const [bearer, token] = req.get('authorization').split(' ');
+
+    if (bearer.toLowerCase() !== 'bearer') {
+      throw new UnauthorizedException();
+    }
+
+    if (!isJWT(token)) {
+      throw new UnauthorizedException();
+    }
+
+    const param = req.params as unknown as InstanceDto;
+    const decode = jwt.verify(token, jwtOpts.SECRET, {
+      ignoreExpiration: jwtOpts.EXPIRIN_IN === 0,
+    }) as JwtPayload;
+
+    if (param.instanceName !== decode.instanceName || name !== decode.apiName) {
+      throw new UnauthorizedException();
+    }
+
+    return next();
+  } catch (error) {
+    logger.error(error);
+    throw new UnauthorizedException();
+  }
+}
+
+async function apikey(req: Request, res: Response, next: NextFunction) {
+  const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
+  const key = req.get('apikey');
+
+  if (env.KEY === key) {
+    return next();
+  }
+
+  if (
+    (req.originalUrl.includes('/instance/create') ||
+      req.originalUrl.includes('/instance/fetchInstances')) &&
+    !key
+  ) {
+    throw new ForbiddenException(
+      'Missing global api key',
+      'The global api key must be set',
+    );
+  }
+
+  try {
+    const param = req.params as unknown as InstanceDto;
+    const instanceKey = await repository.auth.find(param.instanceName);
+    if (instanceKey.apikey === key) {
+      return next();
+    }
+  } catch (error) {}
+
+  throw new UnauthorizedException();
+}
+
+export const authGuard = { jwt: jwtGuard, apikey };
--- a/src/whatsapp/guards/instance.guard.ts
+++ b/src/whatsapp/guards/instance.guard.ts
@@ -0,0 +1,63 @@
+import { NextFunction, Request, Response } from 'express';
+import { existsSync } from 'fs';
+import { join } from 'path';
+import { INSTANCE_DIR } from '../../config/path.config';
+import { db, dbserver } from '../../db/db.connect';
+import {
+  BadRequestException,
+  ForbiddenException,
+  NotFoundException,
+} from '../../exceptions';
+import { InstanceDto } from '../dto/instance.dto';
+import { waMonitor } from '../whatsapp.module';
+
+async function getInstance(instanceName: string) {
+  const exists = waMonitor.waInstances[instanceName];
+
+  if (db.ENABLED) {
+    const collection = dbserver
+      .getClient()
+      .db(db.CONNECTION.DB_PREFIX_NAME + '-instances')
+      .collection(instanceName);
+    return exists || (await collection.find({}).toArray()).length > 0;
+  }
+
+  return exists || existsSync(join(INSTANCE_DIR, instanceName));
+}
+
+export async function instanceExistsGuard(req: Request, _: Response, next: NextFunction) {
+  if (
+    req.originalUrl.includes('/instance/create') ||
+    req.originalUrl.includes('/instance/fetchInstances')
+  ) {
+    return next();
+  }
+
+  const param = req.params as unknown as InstanceDto;
+  if (!param?.instanceName) {
+    throw new BadRequestException('"instanceName" not provided.');
+  }
+
+  if (!(await getInstance(param.instanceName))) {
+    throw new NotFoundException(`The "${param.instanceName}" instance does not exist`);
+  }
+
+  next();
+}
+
+export async function instanceLoggedGuard(req: Request, _: Response, next: NextFunction) {
+  if (req.originalUrl.includes('/instance/create')) {
+    const instance = req.body as InstanceDto;
+    if (await getInstance(instance.instanceName)) {
+      throw new ForbiddenException(
+        `This name "${instance.instanceName}" is already in use.`,
+      );
+    }
+
+    if (waMonitor.waInstances[instance.instanceName]) {
+      delete waMonitor.waInstances[instance.instanceName];
+    }
+  }
+
+  next();
+}