140 cognito

[chnnick]

ℹ️ Issue

Closes #140

📝 Description

Created an easily-importable NestJS guard that can be used by future projects to implement Cognito Authentication into their application. Allows for both the use of ID and Access tokens within Cognito for Authentication and Authorization.

Briefly list the changes made to the code:

1. NestJS guard that checks and verifies the Bearer token in the authorization header via AWS Cognito to determine access onto specific routes, puts the verified token payload under a user field of the request that can be read by other methods.
2. CognitoService getUser() method that exposes the verified JWT payload attached to the request by the guard
3. Cognito module that can be imported into App Module for authentication across entire application
4. @public decorator that allows one to bypass authentication by putting metadata read by the guard
5. Interface for an expected JWT payload used by the guard and service
6. Cognito config that allows for a centralized place to extract env variables for Cognito
7. Tests for the cognito service and cognito guard
8. Implemented Amplify on the frontend to show an auth screen and configure auth for the application if frontend cognito env variables are set, if frontend cognito env values are not set, there is no auth screen
9. Added new env variables for frontend and backend to example.env
10. README.md in backend/aws/cognito for new devs/TLs that provides quickstart instructions for implementing auth either across the app or on specific controllers
11. Registered CognitoService as a provider in App Module

✔️ Verification

Backend TESTS:

Frontend TESTS:
No Auth:

With Auth:

🏕️ (Optional) Future Work / Notes

• No styling on auth page, can import the @aws-amplify/ui-react/styles.css library on main.tsx to use their premade styling?
• The ticket said to turn off auth when COGNITO_USER_POOL_ID is unset so I only check for that field to be missing to tell if Auth should be on or off, but I believe Cognito won't work unless Client_id and Region are also set? Right now the guard rejects access to routes when those fields are missing, but I can put the checks for those fields into the logic for whether or not auth should be turned on as well.
• While merging with main I noticed that a lot of .nx files were pushed to main by dependabot, not sure if I should keep those, but deleted them in the merge j in case (can always repull). Maybe consider putting .nx/ in gitignore?

[dburkhart07]

Amazing! Very educational for me to read through as well!