@kitstack/nest-powertools/dist/guards/configurable-auth.guard.js

A comprehensive collection of NestJS powertools, decorators, and utilities to supercharge your backend development

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ConfigurableAuthGuard = void 0;
const common_1 = require("@nestjs/common");
let ConfigurableAuthGuard = class ConfigurableAuthGuard {
    constructor(reflector) {
        this.reflector = reflector;
    }
    async canActivate(context) {
        const authConfig = this.reflector.getAllAndOverride('authConfig', [context.getHandler(), context.getClass()]);
        if (!authConfig) {
            return true;
        }
        const request = context.switchToHttp().getRequest();
        const user = request.user;
        if (!user) {
            throw new common_1.UnauthorizedException('Authentication required');
        }
        if (authConfig.customValidator) {
            const isValid = await authConfig.customValidator(user, context);
            if (!isValid) {
                throw new common_1.ForbiddenException('Access denied by custom validator');
            }
            return true;
        }
        if (authConfig.guard) {
            const canAccess = await authConfig.guard.canActivate(context, user, authConfig.permissions);
            if (!canAccess) {
                throw new common_1.ForbiddenException('Access denied by custom guard');
            }
            return true;
        }
        if (authConfig.roles?.length) {
            const hasRole = authConfig.roles.some((role) => user.roles?.includes(role));
            if (!hasRole) {
                throw new common_1.ForbiddenException('Insufficient role permissions');
            }
        }
        if (authConfig.permissions?.length) {
            const hasPermission = authConfig.permissions.every((permission) => user.permissions?.includes(permission));
            if (!hasPermission) {
                throw new common_1.ForbiddenException('Insufficient permissions');
            }
        }
        return true;
    }
};
exports.ConfigurableAuthGuard = ConfigurableAuthGuard;
exports.ConfigurableAuthGuard = ConfigurableAuthGuard = __decorate([
    (0, common_1.Injectable)(),
    __metadata("design:paramtypes", [Function])
], ConfigurableAuthGuard);
//# sourceMappingURL=configurable-auth.guard.js.map