@kenniy/godeye-data-contracts/dist/guards/auth.guard.js

Enterprise-grade base repository architecture for GOD-EYE microservices with zero overhead and maximum code reuse

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthGuard = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const auth_decorators_1 = require("../decorators/auth.decorators");
const auth_enums_1 = require("../enums/auth.enums");
let AuthGuard = class AuthGuard {
    constructor(reflector) {
        this.reflector = reflector;
    }
    canActivate(context) {
        const requiredRoles = this.reflector.getAllAndOverride(auth_decorators_1.REQUIRE_ROLE_KEY, [
            context.getHandler(),
            context.getClass(),
        ]);
        const requiresHospitalAccess = this.reflector.getAllAndOverride(auth_decorators_1.REQUIRE_HOSPITAL_ACCESS_KEY, [
            context.getHandler(),
            context.getClass(),
        ]);
        if (!requiredRoles && !requiresHospitalAccess) {
            return true;
        }
        const request = context.switchToHttp().getRequest();
        const user = request.user;
        if (!user) {
            throw new common_1.ForbiddenException('User context not found');
        }
        // Check role requirements
        if (requiredRoles) {
            const hasRole = requiredRoles.some(role => user.type.includes(role));
            if (!hasRole) {
                throw new common_1.ForbiddenException(`Access denied. Required roles: ${requiredRoles.join(', ')}`);
            }
        }
        // Check hospital access requirements for agents
        if (requiresHospitalAccess && user.type.includes(auth_enums_1.UserType.AGENT)) {
            const hospitalId = request.params.hospitalId || request.body?.hospitalId || request.query?.hospitalId;
            if (!hospitalId) {
                throw new common_1.ForbiddenException('Hospital ID required for agent access validation');
            }
            // TODO: Implement hospital access validation logic
            // This would typically check if the agent is assigned to the specific hospital
            // For now, we'll allow access if profile_id exists (indicating agent assignment)
            if (!user.profile_id) {
                throw new common_1.ForbiddenException('Agent not assigned to any hospital');
            }
        }
        return true;
    }
};
exports.AuthGuard = AuthGuard;
exports.AuthGuard = AuthGuard = __decorate([
    (0, common_1.Injectable)(),
    __metadata("design:paramtypes", [core_1.Reflector])
], AuthGuard);