@lygos/nestjs-better-auth/dist/auth-guard.js

Better Auth for NestJS

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
    return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthGuard = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const api_1 = require("better-auth/api");
const node_1 = require("better-auth/node");
const symbols_1 = require("./symbols");
/**
 * NestJS guard that handles authentication for protected routes
 * Can be configured with @Public() or @Optional() decorators to modify authentication behavior
 */
let AuthGuard = class AuthGuard {
    constructor(reflector, auth) {
        this.reflector = reflector;
        this.auth = auth;
    }
    /**
     * Validates if the current request is authenticated
     * Attaches session and user information to the request object
     * @param context - The execution context of the current request
     * @returns True if the request is authorized to proceed, throws an error otherwise
     */
    async canActivate(context) {
        var _a;
        const request = context.switchToHttp().getRequest();
        const session = await this.auth.api.getSession({
            headers: (0, node_1.fromNodeHeaders)(request.headers),
        });
        request.session = session;
        request.user = (_a = session === null || session === void 0 ? void 0 : session.user) !== null && _a !== void 0 ? _a : null; // useful for observability tools like Sentry
        const isPublic = this.reflector.getAllAndOverride("PUBLIC", [
            context.getHandler(),
            context.getClass(),
        ]);
        if (isPublic)
            return true;
        const isOptional = this.reflector.getAllAndOverride("OPTIONAL", [
            context.getHandler(),
            context.getClass(),
        ]);
        if (isOptional && !session)
            return true;
        if (!session)
            throw new api_1.APIError(401, {
                code: "UNAUTHORIZED",
                message: "Unauthorized",
            });
        return true;
    }
};
exports.AuthGuard = AuthGuard;
exports.AuthGuard = AuthGuard = __decorate([
    (0, common_1.Injectable)(),
    __param(0, (0, common_1.Inject)(core_1.Reflector)),
    __param(1, (0, common_1.Inject)(symbols_1.AUTH_INSTANCE_KEY)),
    __metadata("design:paramtypes", [core_1.Reflector, Object])
], AuthGuard);
//# sourceMappingURL=auth-guard.js.map