From 05b195926bfd53ce91219b9dde8fc0ec3fe24fd1 Mon Sep 17 00:00:00 2001
From: N08I40K <nhomcencko1@gmail.com>
Date: Sat, 25 Jan 2025 22:52:04 +0400
Subject: [PATCH] 3.0.1

- Switch VK ID authentication to use JWT tokens
- Implement JWT verification and decoding
- Validate JWT issuer and app ID
- Add VKID OAuth integration and constants
---
 package.json                |  3 ++-
 src/auth/auth.service.ts    | 53 ++++++++++++++++++++++++++++---------
 src/vkid/vkid.controller.ts |  2 --
 3 files changed, 42 insertions(+), 16 deletions(-)

diff --git a/package.json b/package.json
index c574f0c..5fc3966 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "schedule-parser-next",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "",
   "author": "N08I40K",
   "private": true,
@@ -41,6 +41,7 @@
     "dotenv": "^16.4.7",
     "firebase-admin": "^13.0.2",
     "jsdom": "^26.0.0",
+    "jsonwebtoken": "^9.0.2",
     "object-hash": "^3.0.0",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.1",
diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index 3f788fa..76655c1 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -1,6 +1,7 @@
 import {
 	ConflictException,
 	Injectable,
+	NotAcceptableException,
 	UnauthorizedException,
 } from "@nestjs/common";
 import { JwtService } from "@nestjs/jwt";
@@ -15,8 +16,8 @@ import SignUpErrorDto, { SignUpErrorCode } from "./dto/sign-up-error.dto";
 import { SignInDto, SignInVKDto } from "./dto/sign-in.dto";
 import ObjectID from "bson-objectid";
 import UserDto from "../users/dto/user.dto";
-import { decodeJwt, verifyJwtSignature } from "firebase-admin/lib/utils/jwt";
 import { vkIdConstants } from "../contants";
+import * as jwt from "jsonwebtoken";
 
 @Injectable()
 export class AuthService {
@@ -136,16 +137,6 @@ export class AuthService {
 	 * }
 	 */
 	private static async parseVKID(idToken: string): Promise<number> {
-		try {
-			await verifyJwtSignature(idToken, vkIdConstants.jwtPubKey, {
-				issuer: "VK",
-				jwtid: "21",
-			});
-		} catch {
-			return null;
-		}
-
-		const decodedToken = await decodeJwt(idToken);
 		type TokenData = {
 			iis: string;
 			sub: number;
@@ -155,9 +146,45 @@ export class AuthService {
 			jti: number;
 		};
 
-		const payload = decodedToken.payload as TokenData;
+		const payload = await new Promise<TokenData>((resolve, reject) => {
+			jwt.verify(idToken, vkIdConstants.jwtPubKey, (err, data) => {
+				if (err) return reject(new NotAcceptableException(err.message));
 
-		if (payload.app !== vkIdConstants.clientId) return null;
+				const payload = data as unknown as TokenData;
+
+				if (typeof payload !== "object") {
+					return reject(
+						new NotAcceptableException("Invalid token payload"),
+					);
+				}
+
+				if (payload.iis !== "VK") {
+					return reject(
+						new NotAcceptableException(
+							`Unknown issuer, excepted "VK", got "${payload.iis}"`,
+						),
+					);
+				}
+
+				if (payload.jti !== 21) {
+					return reject(
+						new NotAcceptableException(
+							`Unknown type, excepted 21, got ${payload.jti}`,
+						),
+					);
+				}
+
+				if (payload.app !== vkIdConstants.clientId) {
+					return reject(
+						new NotAcceptableException(
+							`Invalid client_id ${payload.app}`,
+						),
+					);
+				}
+
+				resolve(payload);
+			});
+		});
 
 		return payload.sub;
 	}
diff --git a/src/vkid/vkid.controller.ts b/src/vkid/vkid.controller.ts
index a8d0516..4ce4ad1 100644
--- a/src/vkid/vkid.controller.ts
+++ b/src/vkid/vkid.controller.ts
@@ -38,8 +38,6 @@ export class VKIDController {
 		const result = await this.vkidService.oauth(oAuthRequestDto);
 		if (!result) throw new NotAcceptableException("OAuth process failed");
 
-		console.log("Access token exchanged!", result.accessToken);
-
 		return result;
 	}
 }