Add roles to user payload in JWT and refresh token strategies

2025-07-14 18:05:48 +00:00 · 2024-05-07 00:32:53 +03:00
parent a093fd3f72
commit 85424554cb
5 changed files with 43 additions and 2 deletions
--- a/libs/common/src/auth/interfaces/auth.interface.ts
+++ b/libs/common/src/auth/interfaces/auth.interface.ts
@ -4,4 +4,5 @@ export class AuthInterface {
  uuid: string;
  sessionId: string;
  id: number;
+  roles: string[];
 }
--- a/libs/common/src/auth/strategies/jwt.strategy.ts
+++ b/libs/common/src/auth/strategies/jwt.strategy.ts
@ -28,9 +28,10 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
    if (validateUser) {
      return {
        email: payload.email,
-        userId: payload.id,
+        userUuid: payload.uuid,
        uuid: payload.uuid,
        sessionId: payload.sessionId,
+        roles: payload.roles,
      };
    } else {
      throw new BadRequestException('Unauthorized');
--- a/libs/common/src/auth/strategies/refresh-token.strategy.ts
+++ b/libs/common/src/auth/strategies/refresh-token.strategy.ts
@ -31,9 +31,10 @@ export class RefreshTokenStrategy extends PassportStrategy(
    if (validateUser) {
      return {
        email: payload.email,
-        userId: payload.id,
+        userUuid: payload.uuid,
        uuid: payload.uuid,
        sessionId: payload.sessionId,
+        roles: payload.roles,
      };
    } else {
      throw new BadRequestException('Unauthorized');
--- a/src/guards/admin.role.guard.ts
+++ b/src/guards/admin.role.guard.ts
@ -0,0 +1,17 @@
+import { RoleType } from '@app/common/constants/role.type.enum';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+export class AdminRoleGuard extends AuthGuard('jwt') {
+  handleRequest(err, user) {
+    const isAdmin = user.roles.some((role) => role.type === RoleType.ADMIN);
+    if (err || !user) {
+      throw err || new UnauthorizedException();
+    } else {
+      if (!isAdmin) {
+        throw new BadRequestException('Only admin role can access this route');
+      }
+    }
+    return user;
+  }
+}
--- a/src/guards/user.role.guard.ts
+++ b/src/guards/user.role.guard.ts
@ -0,0 +1,21 @@
+import { RoleType } from '@app/common/constants/role.type.enum';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+export class UserRoleGuard extends AuthGuard('jwt') {
+  handleRequest(err, user) {
+    const isUserOrAdmin = user.roles.some(
+      (role) => role.type === RoleType.ADMIN || role.type === RoleType.USER,
+    );
+    if (err || !user) {
+      throw err || new UnauthorizedException();
+    } else {
+      if (!isUserOrAdmin) {
+        throw new BadRequestException(
+          'Only admin or user role can access this route',
+        );
+      }
+    }
+    return user;
+  }
+}