forked from Ynov/ptitspas-ynov-back
guards edited
This commit is contained in:
parent
bb26d36cf5
commit
f70f614dd1
@ -15,6 +15,7 @@
|
|||||||
import { ParentsModule } from './routes/parents/parents.module';
|
import { ParentsModule } from './routes/parents/parents.module';
|
||||||
import { JwtModule } from '@nestjs/jwt';
|
import { JwtModule } from '@nestjs/jwt';
|
||||||
import { AuthModule } from './routes/auth/auth.module';
|
import { AuthModule } from './routes/auth/auth.module';
|
||||||
|
import { AuthGuard } from './common/guards/auth.guard';
|
||||||
|
|
||||||
@Module({
|
@Module({
|
||||||
imports: [
|
imports: [
|
||||||
@ -53,7 +54,9 @@
|
|||||||
providers: [AppService,
|
providers: [AppService,
|
||||||
{ provide: APP_FILTER, useClass: AllExceptionsFilter },
|
{ provide: APP_FILTER, useClass: AllExceptionsFilter },
|
||||||
{ provide: APP_INTERCEPTOR, useClass: TransformInterceptor },
|
{ provide: APP_INTERCEPTOR, useClass: TransformInterceptor },
|
||||||
{ provide: APP_GUARD, useClass: RolesGuard }
|
{ provide: APP_GUARD, useClass: RolesGuard },
|
||||||
|
{ provide: APP_GUARD, useClass: AuthGuard },
|
||||||
|
|
||||||
],
|
],
|
||||||
})
|
})
|
||||||
export class AppModule { }
|
export class AppModule { }
|
||||||
|
|||||||
@ -3,13 +3,20 @@ import { Reflector } from "@nestjs/core";
|
|||||||
import { JwtService } from "@nestjs/jwt";
|
import { JwtService } from "@nestjs/jwt";
|
||||||
import { Request } from 'express';
|
import { Request } from 'express';
|
||||||
import { IS_PUBLIC_KEY } from "../decorators/public.decorator";
|
import { IS_PUBLIC_KEY } from "../decorators/public.decorator";
|
||||||
|
import { ConfigService } from "@nestjs/config";
|
||||||
|
|
||||||
|
interface AuthenticatedRequest extends Request {
|
||||||
|
user?: any;
|
||||||
|
}
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class AuthGuard implements CanActivate {
|
export class AuthGuard implements CanActivate {
|
||||||
constructor(
|
constructor(
|
||||||
private readonly jwtService: JwtService,
|
private readonly jwtService: JwtService,
|
||||||
private readonly reflector: Reflector,
|
private readonly reflector: Reflector,
|
||||||
) {}
|
private readonly configService: ConfigService,
|
||||||
|
) { }
|
||||||
|
|
||||||
|
|
||||||
async canActivate(context: ExecutionContext): Promise<boolean> {
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
||||||
const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
|
const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
|
||||||
@ -21,14 +28,14 @@ export class AuthGuard implements CanActivate {
|
|||||||
const request = context.switchToHttp().getRequest<Request>();
|
const request = context.switchToHttp().getRequest<Request>();
|
||||||
const authHeader = request.headers['authorization'] as string | undefined;
|
const authHeader = request.headers['authorization'] as string | undefined;
|
||||||
|
|
||||||
if (!authHeader || !authHeader.startsWith('Bearer')) {
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||||
throw new UnauthorizedException('Token manquant ou invalide');
|
throw new UnauthorizedException('Token manquant ou invalide');
|
||||||
}
|
}
|
||||||
|
|
||||||
const token = authHeader.split(' ')[1];
|
const token = authHeader.split(' ')[1];
|
||||||
try {
|
try {
|
||||||
const payload = await this.jwtService.verifyAsync(token,
|
const payload = await this.jwtService.verifyAsync(token,
|
||||||
{ secret: process.env.JWT_SECRET },
|
{ secret: this.configService.get<string>('jwt.secret') },
|
||||||
);
|
);
|
||||||
request.user = payload;
|
request.user = payload;
|
||||||
return true;
|
return true;
|
||||||
|
|||||||
@ -5,16 +5,21 @@ import { Observable } from "rxjs";
|
|||||||
@Injectable()
|
@Injectable()
|
||||||
export class RolesGuard implements CanActivate {
|
export class RolesGuard implements CanActivate {
|
||||||
constructor(private readonly reflector: Reflector) {}
|
constructor(private readonly reflector: Reflector) {}
|
||||||
|
|
||||||
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
|
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
|
||||||
const requiredRoles = this.reflector.get<string[]>('roles', context.getHandler());
|
const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
|
||||||
|
context.getHandler(),
|
||||||
|
context.getClass(),
|
||||||
|
]);
|
||||||
|
|
||||||
if (!requiredRoles || requiredRoles.length === 0) {
|
if (!requiredRoles || requiredRoles.length === 0) {
|
||||||
return true; // Si aucun role est requis -> accès autorise
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
const request = context.switchToHttp().getRequest();
|
const request = context.switchToHttp().getRequest();
|
||||||
const user = request.user;
|
const user = request.user;
|
||||||
if (!user || !user.role) {
|
if (!user || !user.role) {
|
||||||
return false; // Si l'utilisateur est pas authentifie ou a pas de role -> accès refusé
|
return false;
|
||||||
}
|
}
|
||||||
return requiredRoles.includes(user.role);
|
return requiredRoles.includes(user.role);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user