@alpha018/nestjs-firebase-auth
Version:
NestJS Firebase library and Role based guard for authentication with some utils functions
86 lines • 4.22 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseGuard = void 0;
const common_1 = require("@nestjs/common");
const passport_jwt_1 = require("passport-jwt");
const core_1 = require("@nestjs/core");
const firebase_constant_1 = require("../constant/firebase.constant");
const firebase_provider_1 = require("../provider/firebase.provider");
let FirebaseGuard = class FirebaseGuard {
constructor(firebaseProvider, config, reflector) {
this.firebaseProvider = firebaseProvider;
this.config = config;
this.reflector = reflector;
}
async canActivate(context) {
const request = context.switchToHttp().getRequest();
const authConfig = this.config.auth?.config;
const token = this.extractTokenFromRequest(request);
if (!token) {
return false;
}
if (request.metadata?.[firebase_constant_1.FIREBASE_TOKEN_USER_METADATA]) {
const decodedToken = request.metadata[firebase_constant_1.FIREBASE_TOKEN_USER_METADATA].user;
return this.handleRoleValidation(context, request, decodedToken, authConfig?.useLocalRoles ?? false);
}
const decodedToken = await this.verifyToken(token, authConfig?.checkRevoked ?? false);
if (!decodedToken) {
return false;
}
this.attachUserToRequest(request, decodedToken);
if (!authConfig?.validateRole) {
return true;
}
return this.handleRoleValidation(context, request, decodedToken, authConfig?.useLocalRoles ?? false);
}
async handleRoleValidation(context, request, decodedToken, useLocalRoles) {
const requiredRoles = this.reflector.get(firebase_constant_1.FIREBASE_APP_ROLES_DECORATOR, context.getHandler());
if (!requiredRoles) {
return true;
}
const userRoles = await this.firebaseProvider.getClaimsRoleBase(decodedToken, useLocalRoles);
this.attachClaimsToRequest(request, userRoles);
if (!userRoles) {
return false;
}
const requiredRolesSet = new Set(requiredRoles);
return userRoles.some((role) => requiredRolesSet.has(role));
}
async verifyToken(token, checkRevoked) {
try {
return await this.firebaseProvider.auth.verifyIdToken(token, checkRevoked);
}
catch {
return null;
}
}
extractTokenFromRequest(request) {
const extractor = this.config.auth?.config?.extractor || passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken();
return extractor(request);
}
attachUserToRequest(request, user) {
request.metadata = { ...request.metadata, [firebase_constant_1.FIREBASE_TOKEN_USER_METADATA]: { user } };
}
attachClaimsToRequest(request, claims) {
request.metadata = { ...request.metadata, [firebase_constant_1.FIREBASE_CLAIMS_USER_METADATA]: { claims } };
}
};
exports.FirebaseGuard = FirebaseGuard;
exports.FirebaseGuard = FirebaseGuard = __decorate([
(0, common_1.Injectable)(),
__param(1, (0, common_1.Inject)(firebase_constant_1.FIREBASE_ADMIN_CONFIG)),
__metadata("design:paramtypes", [firebase_provider_1.FirebaseProvider, Object, core_1.Reflector])
], FirebaseGuard);
//# sourceMappingURL=firebase.guard.js.map