@alpha018/nestjs-firebase-auth/dist/firebase/guard/firebase.guard.js

NestJS Firebase library and Role based guard for authentication with some utils functions

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
    return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseGuard = void 0;
const common_1 = require("@nestjs/common");
const passport_jwt_1 = require("passport-jwt");
const core_1 = require("@nestjs/core");
const firebase_constant_1 = require("../constant/firebase.constant");
const firebase_provider_1 = require("../provider/firebase.provider");
let FirebaseGuard = class FirebaseGuard {
    constructor(firebaseProvider, config, reflector) {
        this.firebaseProvider = firebaseProvider;
        this.config = config;
        this.reflector = reflector;
    }
    async canActivate(context) {
        const request = context.switchToHttp().getRequest();
        const token = this.extractTokenFromRequest(request);
        if (!token) {
            return false;
        }
        let decodedToken;
        try {
            decodedToken = await this.firebaseProvider.auth.verifyIdToken(token, this.config.auth?.config?.checkRevoked || false);
        }
        catch {
            return false;
        }
        request['metadata'] = {
            ...request['metadata'],
            [firebase_constant_1.FIREBASE_TOKEN_USER_METADATA]: {
                user: decodedToken,
            },
        };
        if (!this.config.auth?.config?.validateRole) {
            return true;
        }
        const roles = this.reflector.get(firebase_constant_1.FIREBASE_APP_ROLES_DECORATOR, context.getHandler());
        if (!roles) {
            return true;
        }
        const claims = await this.firebaseProvider.getClaimsRoleBase(decodedToken, this.config.auth?.config?.useLocalRoles || false);
        request['metadata'] = {
            ...request['metadata'],
            [firebase_constant_1.FIREBASE_CLAIMS_USER_METADATA]: {
                claims: claims,
            },
        };
        const requiredRoles = new Set(roles);
        return claims?.some((role) => requiredRoles.has(role));
    }
    extractTokenFromRequest(request) {
        const extractor = this.config.auth?.config?.extractor || passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken();
        return extractor(request);
    }
};
exports.FirebaseGuard = FirebaseGuard;
exports.FirebaseGuard = FirebaseGuard = __decorate([
    (0, common_1.Injectable)(),
    __param(1, (0, common_1.Inject)(firebase_constant_1.FIREBASE_ADMIN_CONFIG)),
    __metadata("design:paramtypes", [firebase_provider_1.FirebaseProvider, Object, core_1.Reflector])
], FirebaseGuard);
//# sourceMappingURL=firebase.guard.js.map