@nestjs-mod/webhook/src/lib/webhook.guard.js

Webhook module with an error filter, guard, controller, database migrations and rest-sdk for work with module from other nodejs appliaction

"use strict";
var WebhookGuard_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.WebhookGuard = void 0;
const tslib_1 = require("tslib");
const common_1 = require("@nestjs-mod/common");
const misc_1 = require("@nestjs-mod/misc");
const prisma_1 = require("@nestjs-mod/prisma");
const common_2 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const class_validator_1 = require("class-validator");
const prisma_client_1 = require("./generated/prisma-client");
const webhook_cache_service_1 = require("./services/webhook-cache.service");
const webhook_constants_1 = require("./webhook.constants");
const webhook_decorators_1 = require("./webhook.decorators");
const webhook_environments_1 = require("./webhook.environments");
const webhook_errors_1 = require("./webhook.errors");
let WebhookGuard = WebhookGuard_1 = class WebhookGuard {
    constructor(prismaClient, reflector, webhookStaticEnvironments, webhookCacheService) {
        this.prismaClient = prismaClient;
        this.reflector = reflector;
        this.webhookStaticEnvironments = webhookStaticEnvironments;
        this.webhookCacheService = webhookCacheService;
        this.logger = new common_2.Logger(WebhookGuard_1.name);
    }
    async canActivate(context) {
        try {
            const { checkWebhookRole } = this.getHandlersReflectMetadata(context);
            const req = this.getRequestFromExecutionContext(context);
            const externalUserId = this.getExternalUserIdFromRequest(req);
            const externalTenantId = this.getExternalTenantIdFromRequest(req);
            await this.tryGetOrCreateCurrentUserWithExternalUserId(req, externalTenantId, externalUserId);
            this.throwErrorIfCurrentUserNotSet(req);
            this.throwErrorIfCurrentUserNotHaveNeededRoles(checkWebhookRole, req);
        }
        catch (err) {
            this.throwAllGuardErrorsIfItNeeded(err);
        }
        return true;
    }
    throwAllGuardErrorsIfItNeeded(err) {
        if (!this.webhookStaticEnvironments.skipGuardErrors) {
            throw err;
        }
        else {
            this.logger.error(err, err.stack);
        }
    }
    throwErrorIfCurrentUserNotHaveNeededRoles(checkWebhookRole, req) {
        if (checkWebhookRole &&
            req.webhookUser &&
            !(0, misc_1.searchIn)(req.webhookUser.userRole, checkWebhookRole)) {
            throw new webhook_errors_1.WebhookError(webhook_errors_1.WebhookErrorEnum.FORBIDDEN);
        }
    }
    throwErrorIfCurrentUserNotSet(req) {
        if (!req.webhookUser) {
            throw new webhook_errors_1.WebhookError(webhook_errors_1.WebhookErrorEnum.USER_NOT_FOUND);
        }
    }
    async tryGetOrCreateCurrentUserWithExternalUserId(req, externalTenantId, externalUserId) {
        if (!req.webhookUser) {
            if (!externalTenantId || !(0, class_validator_1.isUUID)(externalTenantId)) {
                throw new webhook_errors_1.WebhookError(webhook_errors_1.WebhookErrorEnum.FORBIDDEN);
            }
            if (this.webhookStaticEnvironments.autoCreateUser) {
                req.webhookUser =
                    await this.webhookCacheService.getCachedUserByExternalUserId(externalUserId, externalTenantId);
                if (!req.webhookUser) {
                    await this.prismaClient.webhookUser.create({
                        data: {
                            externalTenantId,
                            externalUserId,
                            userRole: prisma_client_1.WebhookRole.User,
                        },
                    });
                }
            }
            req.webhookUser =
                await this.webhookCacheService.getCachedUserByExternalUserId(externalUserId, externalTenantId);
        }
    }
    getExternalTenantIdFromRequest(req) {
        return req.externalTenantId;
    }
    getExternalUserIdFromRequest(req) {
        if (!req.externalUserId || !(0, class_validator_1.isUUID)(req.externalUserId)) {
            throw new webhook_errors_1.WebhookError(webhook_errors_1.WebhookErrorEnum.FORBIDDEN);
        }
        return req.externalUserId;
    }
    getRequestFromExecutionContext(context) {
        const req = (0, common_1.getRequestFromExecutionContext)(context);
        req.headers = req.headers || {};
        return req;
    }
    getHandlersReflectMetadata(context) {
        const checkWebhookRole = (typeof context.getHandler === 'function' &&
            this.reflector.get(webhook_decorators_1.CheckWebhookRole, context.getHandler())) ||
            (typeof context.getClass === 'function' &&
                this.reflector.get(webhook_decorators_1.CheckWebhookRole, context.getClass())) ||
            undefined;
        return { checkWebhookRole };
    }
};
exports.WebhookGuard = WebhookGuard;
exports.WebhookGuard = WebhookGuard = WebhookGuard_1 = tslib_1.__decorate([
    (0, common_2.Injectable)(),
    tslib_1.__param(0, (0, prisma_1.InjectPrismaClient)(webhook_constants_1.WEBHOOK_FEATURE)),
    tslib_1.__metadata("design:paramtypes", [prisma_client_1.PrismaClient,
        core_1.Reflector,
        webhook_environments_1.WebhookStaticEnvironments,
        webhook_cache_service_1.WebhookCacheService])
], WebhookGuard);
//# sourceMappingURL=webhook.guard.js.map