@mamoorali295/rbac
Version:
Complete RBAC (Role-Based Access Control) system for Node.js with Express middleware, NestJS integration, GraphQL support, MongoDB & PostgreSQL support, modern admin dashboard, TypeScript support, and dynamic permission management
115 lines (114 loc) • 5.48 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.RegisterUserGuard = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const register_user_decorator_1 = require("../decorators/register-user.decorator");
const core_2 = require("../../core");
/**
* NestJS guard that automatically registers users in the RBAC system.
* Uses the @RegisterUser decorator to determine user extraction logic.
* Automatically assigns default role if configured and calls registration hooks.
*
* @example
* ```typescript
* // Apply to specific routes
* @Post('signup')
* @UseGuards(RegisterUserGuard)
* @RegisterUser()
* createUser(@Body() userData: CreateUserDto) { ... }
*
* // With custom user extraction
* @Post('signup')
* @UseGuards(RegisterUserGuard)
* @RegisterUser({
* userExtractor: (body) => ({
* user_id: body.id,
* name: body.fullName,
* email: body.emailAddress
* })
* })
* createUser(@Body() userData: CreateUserDto) { ... }
* ```
*/
let RegisterUserGuard = class RegisterUserGuard {
constructor(reflector) {
this.reflector = reflector;
}
canActivate(context) {
return __awaiter(this, void 0, void 0, function* () {
const registerOptions = this.reflector.getAllAndOverride(register_user_decorator_1.REGISTER_USER_KEY, [context.getHandler(), context.getClass()]);
if (!registerOptions) {
return true;
}
const request = context.switchToHttp().getRequest();
try {
if (!core_2.CoreRBAC.config || !core_2.CoreRBAC.initialized || !core_2.CoreRBAC.dbAdapter) {
throw new common_1.InternalServerErrorException('RBAC system not initialized');
}
const userData = registerOptions.userExtractor
? registerOptions.userExtractor(request.body, request.user)
: {
user_id: request.body.user_id || request.body.id,
name: request.body.name,
email: request.body.email,
};
if (!userData.user_id) {
throw new common_1.BadRequestException('user_id is required');
}
const existingUser = yield core_2.CoreRBAC.dbAdapter.findUserByUserId(userData.user_id);
if (existingUser) {
throw new common_1.ConflictException('User already registered in RBAC system');
}
let defaultRoleId = undefined;
if (core_2.CoreRBAC.config.defaultRole) {
const role = yield core_2.CoreRBAC.dbAdapter.findRoleByName(core_2.CoreRBAC.config.defaultRole);
if (role) {
defaultRoleId = role.id;
}
}
yield core_2.CoreRBAC.dbAdapter.createUser({
user_id: userData.user_id,
name: userData.name || '',
email: userData.email || '',
role_id: defaultRoleId,
});
if (core_2.CoreRBAC.config.onUserRegister) {
yield core_2.CoreRBAC.config.onUserRegister(userData);
}
// Attach user info to request for downstream handlers
request.rbacUser = userData;
return true;
}
catch (error) {
if (error instanceof common_1.ConflictException || error instanceof common_1.BadRequestException) {
throw error;
}
throw new common_1.InternalServerErrorException('Internal server error during user registration');
}
});
}
};
exports.RegisterUserGuard = RegisterUserGuard;
exports.RegisterUserGuard = RegisterUserGuard = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [core_1.Reflector])
], RegisterUserGuard);