found more and more junk everywhere, almost cleared

backend/src/auth/CustomJwtPayload.ts

@@ -1,5 +1,5 @@
 import { JwtPayload } from 'jsonwebtoken'
 
 export interface CustomJwtPayload extends JwtPayload {
-  gradidoID: Buffer
+  gradidoID: string
 }

backend/src/auth/JWT.ts

@@ -11,7 +11,7 @@ export const decode = (token: string): CustomJwtPayload | null => {
   }
 }
 
-export const encode = (gradidoID: Buffer): string => {
+export const encode = (gradidoID: string): string => {
   const token = jwt.sign({ gradidoID }, CONFIG.JWT_SECRET, {
     expiresIn: CONFIG.JWT_EXPIRES_IN,
   })

backend/src/graphql/directive/isAuthorized.ts

@@ -5,9 +5,8 @@ import { AuthChecker } from 'type-graphql'
 import { decode, encode } from '@/auth/JWT'
 import { ROLE_UNAUTHORIZED, ROLE_USER, ROLE_ADMIN } from '@/auth/ROLES'
 import { RIGHTS } from '@/auth/RIGHTS'
-import { getCustomRepository } from '@dbTools/typeorm'
-import { UserRepository } from '@repository/User'
 import { INALIENABLE_RIGHTS } from '@/auth/INALIENABLE_RIGHTS'
+import { User } from '@entity/User'
 
 const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   context.role = ROLE_UNAUTHORIZED // unauthorized user
@@ -26,14 +25,13 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   if (!decoded) {
     throw new Error('403.13 - Client certificate revoked')
   }
-  // Set context pubKey
-  context.pubKey = Buffer.from(decoded.pubKey).toString('hex')
+  // Set context gradidoID
+  context.gradidoID = decoded.gradidoID
 
   // TODO - load from database dynamically & admin - maybe encode this in the token to prevent many database requests
   // TODO this implementation is bullshit - two database queries cause our user identifiers are not aligned and vary between email, id and pubKey
-  const userRepository = getCustomRepository(UserRepository)
   try {
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
+    const user = await User.findOneOrFail({ where: { gradidoID: decoded.gradidoID } })
     context.user = user
     context.role = user.isAdmin ? ROLE_ADMIN : ROLE_USER
   } catch {
@@ -48,7 +46,7 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   }
 
   // set new header token
-  context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
+  context.setHeaders.push({ key: 'token', value: encode(decoded.gradidoID) })
   return true
 }
 

backend/src/graphql/resolver/UserResolver.ts

@@ -243,7 +243,7 @@ export class UserResolver {
 
     context.setHeaders.push({
       key: 'token',
-      value: encode(Buffer.from(dbUser.gradidoID)),
+      value: encode(dbUser.gradidoID),
     })
     const ev = new EventLogin()
     ev.userId = user.id

backend/src/typeorm/repository/User.ts

@@ -4,21 +4,6 @@ import { User as DbUser } from '@entity/User'
 
 @EntityRepository(DbUser)
 export class UserRepository extends Repository<DbUser> {
-  async findByPubkeyHex(pubkeyHex: string): Promise<DbUser> {
-    const dbUser = await this.createQueryBuilder('user')
-      .leftJoinAndSelect('user.emailContact', 'emailContact')
-      .where('hex(user.pubKey) = :pubkeyHex', { pubkeyHex })
-      .getOneOrFail()
-    /*
-    const dbUser = await this.findOneOrFail(`hex(user.pubKey) = { pubkeyHex }`)
-    const emailContact = await this.query(
-      `SELECT * from user_contacts where id = { dbUser.emailId }`,
-    )
-    dbUser.emailContact = emailContact
-    */
-    return dbUser
-  }
-
   async findBySearchCriteriaPagedFiltered(
     select: string[],
     searchCriteria: string,

backend/src/util/validate.ts

@@ -41,4 +41,4 @@ async function calculateBalance(
   return { balance, lastTransactionId: lastTransaction.id, decay }
 }
 
-export { isHexPublicKey, calculateBalance, isStringBoolean }
+export { calculateBalance, isStringBoolean }