@point3/logto-module
Version:
포인트3 내부 logto Authentication 모듈입니다
83 lines • 4.18 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.LogtoTokenGuard = exports.LogtoTokenGuardToken = void 0;
const common_1 = require("@nestjs/common");
const graphql_1 = require("@nestjs/graphql");
const core_1 = require("@nestjs/core");
const jose_1 = require("jose");
const point3_common_tool_1 = require("point3-common-tool");
const token_1 = require("../token");
const config_1 = require("@nestjs/config");
exports.LogtoTokenGuardToken = Symbol('LogtoTokenGuard');
let LogtoTokenGuard = class LogtoTokenGuard {
constructor(tokenVerifier, configService) {
this.tokenVerifier = tokenVerifier;
this.configService = configService;
this.reflector = new core_1.Reflector();
}
async canActivate(context) {
if (this.configService.get('NODE_ENV') === 'local') {
return true;
}
const requiredScopes = this.reflector.get('requiredScopes', context.getHandler());
const requiredRoles = this.reflector.get('requiredRoles', context.getHandler());
const request = this.getRequest(context);
try {
const bearerToken = this.extractBearerTokenFrom(request.headers);
const result = await this.tokenVerifier.verifyToken(bearerToken, requiredScopes, requiredRoles);
request.user = {
userId: result.sub,
managerId: point3_common_tool_1.p3Values.Guid.parse(result.managerId),
clientId: result.clientId ? point3_common_tool_1.p3Values.Guid.parse(result.clientId) : undefined,
};
return true;
}
catch (error) {
if (error instanceof common_1.UnauthorizedException)
throw error;
if (error instanceof jose_1.errors.JOSEError)
throw new common_1.UnauthorizedException(error);
if (error instanceof Error)
throw new common_1.InternalServerErrorException("요청을 처리하지 못하였습니다.", `${common_1.HttpStatus.INTERNAL_SERVER_ERROR}`);
throw new common_1.UnauthorizedException("접근이 허용되지 않습니다.");
}
}
extractBearerTokenFrom(headers) {
const bearerTokenIdentifier = 'Bearer';
if (!headers.authorization) {
throw new common_1.UnauthorizedException('Authorization header is missing');
}
if (!headers.authorization.startsWith(bearerTokenIdentifier)) {
throw new common_1.UnauthorizedException('Authorization token type not supported');
}
return headers.authorization.slice(bearerTokenIdentifier.length + 1);
}
;
getRequest(context) {
if (context.getType() === 'graphql') {
const gqlCtx = graphql_1.GqlExecutionContext.create(context);
return gqlCtx.getContext().req;
}
return context.switchToHttp().getRequest();
}
};
exports.LogtoTokenGuard = LogtoTokenGuard;
exports.LogtoTokenGuard = LogtoTokenGuard = __decorate([
(0, common_1.Injectable)(),
__param(0, (0, common_1.Inject)(token_1.LogtoTokenVerifierToken)),
__metadata("design:paramtypes", [token_1.LogtoTokenVerifier,
config_1.ConfigService])
], LogtoTokenGuard);
//# sourceMappingURL=guard.js.map