guards edited

2025-09-03 16:12:30 +02:00 · 2025-09-03 16:12:30 +02:00 · f70f614dd1
commit f70f614dd1
parent bb26d36cf5
3 changed files with 33 additions and 18 deletions
--- a/src/app.module.ts
+++ b/src/app.module.ts
@ -15,6 +15,7 @@
  import { ParentsModule } from './routes/parents/parents.module';
  import { JwtModule } from '@nestjs/jwt';
  import { AuthModule } from './routes/auth/auth.module';
+import { AuthGuard } from './common/guards/auth.guard';

  @Module({
    imports: [
@ -53,7 +54,9 @@
    providers: [AppService,
      { provide: APP_FILTER, useClass: AllExceptionsFilter },
      { provide: APP_INTERCEPTOR, useClass: TransformInterceptor },
-      { provide: APP_GUARD, useClass: RolesGuard }
+      { provide: APP_GUARD, useClass: RolesGuard },
+      { provide: APP_GUARD, useClass: AuthGuard },
+
    ],
  })
  export class AppModule { }
--- a/src/common/guards/auth.guard.ts
+++ b/src/common/guards/auth.guard.ts
@ -3,14 +3,21 @@ import { Reflector } from "@nestjs/core";
 import { JwtService } from "@nestjs/jwt";
 import { Request } from 'express';
 import { IS_PUBLIC_KEY } from "../decorators/public.decorator";
+import { ConfigService } from "@nestjs/config";
+
+interface AuthenticatedRequest extends Request {
+    user?: any;
+}

@Injectable()
 export class AuthGuard implements CanActivate {
    constructor(
        private readonly jwtService: JwtService,
        private readonly reflector: Reflector,
+        private readonly configService: ConfigService,
    ) { }

+
    async canActivate(context: ExecutionContext): Promise<boolean> {
        const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
            context.getHandler(),
@ -28,7 +35,7 @@ export class AuthGuard implements CanActivate {
        const token = authHeader.split(' ')[1];
        try {
            const payload = await this.jwtService.verifyAsync(token,
-                { secret: process.env.JWT_SECRET },
+                { secret: this.configService.get<string>('jwt.secret') },
            );
            request.user = payload;
            return true;
--- a/src/common/guards/roles.guard.ts
+++ b/src/common/guards/roles.guard.ts
@ -5,16 +5,21 @@ import { Observable } from "rxjs";
@Injectable()
 export class RolesGuard implements CanActivate {
  constructor(private readonly reflector: Reflector) {}
+
  canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
-        const requiredRoles = this.reflector.get<string[]>('roles', context.getHandler());
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
    if (!requiredRoles || requiredRoles.length === 0) {
-            return true; // Si aucun role est requis -> accès autorise
+      return true;
    }

    const request = context.switchToHttp().getRequest();
    const user = request.user;
    if (!user || !user.role) {
-            return false; // Si l'utilisateur est pas authentifie ou a pas de role -> accès refusé
+      return false;
    }
    return requiredRoles.includes(user.role);
  }