@bitwild/rockets-auth
Version:
Rockets Auth - Complete authentication and authorization solution for NestJS with JWT, OAuth, OTP, role-based access control, and more
73 lines • 3.57 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
var AdminGuard_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AdminGuard = void 0;
const nestjs_role_1 = require("@concepta/nestjs-role");
const common_1 = require("@nestjs/common");
const rockets_auth_constants_1 = require("../shared/constants/rockets-auth.constants");
const error_logging_helper_1 = require("../shared/utils/error-logging.helper");
let AdminGuard = AdminGuard_1 = class AdminGuard {
constructor(settings, roleModelService, roleService) {
this.settings = settings;
this.roleModelService = roleModelService;
this.roleService = roleService;
this.logger = new common_1.Logger(AdminGuard_1.name);
}
async canActivate(context) {
const request = context.switchToHttp().getRequest();
const user = request.user;
const ADMIN_ROLE = this.settings.role.adminRoleName;
if (!user)
throw new common_1.UnauthorizedException('User not authenticated');
if (!ADMIN_ROLE) {
throw new common_1.ForbiddenException('Admin Role not defined');
}
try {
const roles = await this.roleModelService.find({
where: {
name: ADMIN_ROLE,
},
});
if (roles && roles.length > 0) {
const admin = roles[0];
const isAdmin = await this.roleService.isAssignedRole({
assignment: 'user',
assignee: { id: user.id },
role: { id: admin.id },
});
return isAdmin;
}
else
throw new common_1.ForbiddenException();
}
catch (error) {
if (error instanceof common_1.ForbiddenException) {
throw error;
}
(0, error_logging_helper_1.logAndGetErrorDetails)(error, this.logger, 'Error checking admin role for user', { userId: user.id, errorId: 'ADMIN_CHECK_FAILED' });
throw new common_1.ServiceUnavailableException('Unable to verify admin access');
}
}
};
exports.AdminGuard = AdminGuard;
exports.AdminGuard = AdminGuard = AdminGuard_1 = __decorate([
(0, common_1.Injectable)(),
__param(0, (0, common_1.Inject)(rockets_auth_constants_1.ROCKETS_AUTH_MODULE_OPTIONS_DEFAULT_SETTINGS_TOKEN)),
__param(1, (0, common_1.Inject)(nestjs_role_1.RoleModelService)),
__param(2, (0, common_1.Inject)(nestjs_role_1.RoleService)),
__metadata("design:paramtypes", [Object, nestjs_role_1.RoleModelService,
nestjs_role_1.RoleService])
], AdminGuard);
//# sourceMappingURL=admin.guard.js.map