@mamoorali295/rbac/dist/nestjs/guards/admin-auth.guard.js

Complete RBAC (Role-Based Access Control) system for Node.js with Express middleware, NestJS integration, GraphQL support, MongoDB & PostgreSQL support, modern admin dashboard, TypeScript support, and dynamic permission management

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AdminAuthGuard = void 0;
const common_1 = require("@nestjs/common");
/**
 * NestJS Guard for Admin Dashboard Authentication
 * Protects admin routes by checking for valid authentication session.
 * Redirects to login page if user is not authenticated.
 *
 * Features:
 * - Session-based authentication
 * - Automatic redirect to login for unauthenticated requests
 * - Compatible with NestJS guard system
 *
 * @example
 * ```typescript
 * @Controller('rbac-admin')
 * export class RbacAdminController {
 *   @Get('dashboard')
 *   @UseGuards(AdminAuthGuard)
 *   async getDashboard() {
 *     // This route is protected by admin authentication
 *     return { message: 'Welcome to admin dashboard' };
 *   }
 * }
 * ```
 */
let AdminAuthGuard = class AdminAuthGuard {
    /**
     * Determines if the current request is authorized to access admin routes
     * @param context - ExecutionContext containing request/response objects
     * @returns boolean - True if authenticated, false otherwise
     */
    canActivate(context) {
        const request = context.switchToHttp().getRequest();
        const response = context.switchToHttp().getResponse();
        // Check if user is authenticated via session
        if (request.session && request.session.authenticated === true) {
            return true;
        }
        // For HTML requests, redirect to login page
        const acceptHeader = request.headers.accept || '';
        if (acceptHeader.includes('text/html')) {
            response.redirect('/rbac-admin/login');
            return false;
        }
        // For API requests, throw unauthorized exception
        throw new common_1.UnauthorizedException({
            error: 'Authentication required',
            message: 'Please log in to access the admin dashboard',
            loginUrl: '/rbac-admin/login'
        });
    }
};
exports.AdminAuthGuard = AdminAuthGuard;
exports.AdminAuthGuard = AdminAuthGuard = __decorate([
    (0, common_1.Injectable)()
], AdminAuthGuard);