From f70f614dd1f1bbf75bf35bb1363d51ef289e3686 Mon Sep 17 00:00:00 2001 From: sdraris Date: Wed, 3 Sep 2025 16:12:30 +0200 Subject: [PATCH] guards edited --- src/app.module.ts | 5 ++++- src/common/guards/auth.guard.ts | 15 +++++++++++---- src/common/guards/roles.guard.ts | 31 ++++++++++++++++++------------- 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/src/app.module.ts b/src/app.module.ts index a5e5928..cfe3b6d 100644 --- a/src/app.module.ts +++ b/src/app.module.ts @@ -15,6 +15,7 @@ import { ParentsModule } from './routes/parents/parents.module'; import { JwtModule } from '@nestjs/jwt'; import { AuthModule } from './routes/auth/auth.module'; +import { AuthGuard } from './common/guards/auth.guard'; @Module({ imports: [ @@ -53,7 +54,9 @@ providers: [AppService, { provide: APP_FILTER, useClass: AllExceptionsFilter }, { provide: APP_INTERCEPTOR, useClass: TransformInterceptor }, - { provide: APP_GUARD, useClass: RolesGuard } + { provide: APP_GUARD, useClass: RolesGuard }, + { provide: APP_GUARD, useClass: AuthGuard }, + ], }) export class AppModule { } diff --git a/src/common/guards/auth.guard.ts b/src/common/guards/auth.guard.ts index 6bef54a..0260dce 100644 --- a/src/common/guards/auth.guard.ts +++ b/src/common/guards/auth.guard.ts @@ -3,13 +3,20 @@ import { Reflector } from "@nestjs/core"; import { JwtService } from "@nestjs/jwt"; import { Request } from 'express'; import { IS_PUBLIC_KEY } from "../decorators/public.decorator"; +import { ConfigService } from "@nestjs/config"; + +interface AuthenticatedRequest extends Request { + user?: any; +} @Injectable() export class AuthGuard implements CanActivate { constructor( private readonly jwtService: JwtService, private readonly reflector: Reflector, - ) {} + private readonly configService: ConfigService, + ) { } + async canActivate(context: ExecutionContext): Promise { const isPublic = this.reflector.getAllAndOverride(IS_PUBLIC_KEY, [ @@ -21,15 +28,15 @@ export class AuthGuard implements CanActivate { const request = context.switchToHttp().getRequest(); const authHeader = request.headers['authorization'] as string | undefined; - if (!authHeader || !authHeader.startsWith('Bearer')) { + if (!authHeader || !authHeader.startsWith('Bearer ')) { throw new UnauthorizedException('Token manquant ou invalide'); } const token = authHeader.split(' ')[1]; try { const payload = await this.jwtService.verifyAsync(token, - { secret: process.env.JWT_SECRET }, - ); + { secret: this.configService.get('jwt.secret') }, + ); request.user = payload; return true; } catch (error) { diff --git a/src/common/guards/roles.guard.ts b/src/common/guards/roles.guard.ts index 6df212e..f9152f0 100644 --- a/src/common/guards/roles.guard.ts +++ b/src/common/guards/roles.guard.ts @@ -4,18 +4,23 @@ import { Observable } from "rxjs"; @Injectable() export class RolesGuard implements CanActivate { - constructor(private readonly reflector: Reflector) {} - canActivate(context: ExecutionContext): boolean | Promise | Observable { - const requiredRoles = this.reflector.get('roles', context.getHandler()); - if (!requiredRoles || requiredRoles.length === 0) { - return true; // Si aucun role est requis -> accès autorise - } + constructor(private readonly reflector: Reflector) {} - const request = context.switchToHttp().getRequest(); - const user = request.user; - if (!user || !user.role) { - return false; // Si l'utilisateur est pas authentifie ou a pas de role -> accès refusé - } - return requiredRoles.includes(user.role); + canActivate(context: ExecutionContext): boolean | Promise | Observable { + const requiredRoles = this.reflector.getAllAndOverride('roles', [ + context.getHandler(), + context.getClass(), + ]); + + if (!requiredRoles || requiredRoles.length === 0) { + return true; } -} \ No newline at end of file + + const request = context.switchToHttp().getRequest(); + const user = request.user; + if (!user || !user.role) { + return false; + } + return requiredRoles.includes(user.role); + } +}