nestjs-security-cli/dist/guards/admin.guard.js

Advanced IP blocking, role-based security, and attack detection for NestJS applications

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AdminGuard = void 0;
const common_1 = require("@nestjs/common");
const jwt_1 = require("@nestjs/jwt");
const config_1 = require("@nestjs/config");
const common_2 = require("@nestjs/common");
let AdminGuard = class AdminGuard {
    constructor() {
        this.logger = new common_2.Logger('AdminGuard');
        this.jwtService = new jwt_1.JwtService();
        this.configService = new config_1.ConfigService();
    }
    async canActivate(context) {
        const request = context.switchToHttp().getRequest();
        const token = this.extractTokenFromCookie(request);
        if (!token) {
            throw new common_1.UnauthorizedException('You are not logged in.');
        }
        try {
            const user = await this.jwtService.verifyAsync(token, {
                secret: this.configService.get('JWT_SECRET')
            });
            request.user = user;
            if (!user?.Roles || !user?.Roles?.includes('Admin')) {
                throw new common_1.ForbiddenException('Access denied: Admin role required');
            }
            return true;
        }
        catch (err) {
            this.logger.error('Authentication/Authorization error:', err?.message);
            if (err instanceof common_1.ForbiddenException) {
                throw err;
            }
            let description = err?.message ?? err;
            if (err?.message === 'jwt expired') {
                description = 'Your session has expired. Please login again.';
            }
            throw new common_1.UnauthorizedException(description);
        }
    }
    extractTokenFromCookie(request) {
        return request?.cookies?.access_token ?? request?.headers?.authorization?.split(' ')[1];
    }
};
exports.AdminGuard = AdminGuard;
exports.AdminGuard = AdminGuard = __decorate([
    (0, common_1.Injectable)()
], AdminGuard);
//# sourceMappingURL=admin.guard.js.map