From 822b39f4fd6ae0c3be6a4da9f373d047f7907f1a Mon Sep 17 00:00:00 2001
From: Sven Czarnian <devel@svcz.de>
Date: Fri, 4 Nov 2022 21:47:34 +0100
Subject: [PATCH] add functions to login the radar scope

---
 src/auth/auth.controller.ts    | 35 +++++++++++++++++++++++++++++++++-
 src/auth/auth.service.ts       |  9 +++++++++
 src/auth/dto/radarscope.dto.ts | 18 +++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 src/auth/dto/radarscope.dto.ts

diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts
index 3c93172..cae99d6 100644
--- a/src/auth/auth.controller.ts
+++ b/src/auth/auth.controller.ts
@@ -1,18 +1,21 @@
 import {
+  Body,
   Controller,
   Get,
   HttpException,
   HttpStatus,
   Patch,
+  Post,
   Query,
   Redirect,
   Req,
   UseGuards,
 } from '@nestjs/common';
-import { ApiQuery } from '@nestjs/swagger';
+import { ApiBody, ApiQuery, ApiResponse } from '@nestjs/swagger';
 import { ConfigService } from '@nestjs/config';
 import { AuthService } from './auth.service';
 import { JwtGuard } from './guards/jwt.guard';
+import { RadarScopeDto } from './dto/radarscope.dto';
 import { UserDto } from './dto/user.dto';
 import { Request } from 'express';
 
@@ -57,6 +60,36 @@ export class AuthController {
     }
   }
 
+  @Post('/radarScope')
+  @ApiBody({
+    description: 'The airport definition',
+    type: RadarScopeDto,
+  })
+  @ApiResponse({
+    status: 200,
+    description: 'The created Bearer token to use endpoints',
+    type: String,
+  })
+  @ApiResponse({
+    status: 404,
+    description: 'The VATSIM ID and key combination is invalid',
+  })
+  async radarScope(
+    @Body('scopeData') scopeData: RadarScopeDto,
+  ): Promise<string> {
+    return this.authService
+      .loginRadarScope(scopeData.vatsimId, scopeData.key)
+      .then((token) => {
+        if (token === undefined) {
+          throw new HttpException(
+            'Unknown VATSIM ID or invalid key',
+            HttpStatus.NOT_FOUND,
+          );
+        }
+        return token;
+      });
+  }
+
   @UseGuards(JwtGuard)
   @Get('/user')
   async user(@Req() request: Request): Promise<UserDto> {
diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index e633499..ff45751 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -113,6 +113,15 @@ export class AuthService {
       });
   }
 
+  async loginRadarScope(vatsimId: string, key: string): Promise<string> {
+    return this.userModel.findOne({ vatsimId }).then((user) => {
+      if (!user || user.radarScopeKey !== key) return undefined;
+
+      const payload = { vatsimId: vatsimId, sub: key };
+      return this.jwtService.sign(payload);
+    });
+  }
+
   async resetRadarScopeKey(token: string): Promise<void> {
     const payload = this.jwtService.verify(token, {
       secret: this.config.get<string>('server.jwt-secret'),
diff --git a/src/auth/dto/radarscope.dto.ts b/src/auth/dto/radarscope.dto.ts
new file mode 100644
index 0000000..717b0d0
--- /dev/null
+++ b/src/auth/dto/radarscope.dto.ts
@@ -0,0 +1,18 @@
+import { IsNotEmpty } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+
+export class RadarScopeDto {
+  @IsNotEmpty()
+  @ApiProperty({
+    description: 'The VATSIM ID of the controller',
+    example: '10000001',
+  })
+  vatsimId: string;
+
+  @IsNotEmpty()
+  @ApiProperty({
+    description: 'The unique key to logon the RADAR scope',
+    example: 'SECRET',
+  })
+  key: string;
+}