ammar/backend
1
0
Fork 0
mirror of https://github.com/SyncrowIOT/backend.git synced 2025-07-15 02:15:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add roles to user payload in JWT and refresh token strategies

Browse Source
This commit is contained in:
faris Aljohari
2024-05-07 00:32:53 +03:00
parent a093fd3f72
commit 85424554cb
5 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libs/common/src/auth/interfaces/auth.interface.ts
View File

@ -4,4 +4,5 @@ export class AuthInterface {
uuid: string; uuid: string;
sessionId: string; sessionId: string;
id: number; id: number;
roles: string[];
} }

3
libs/common/src/auth/strategies/jwt.strategy.ts
View File

@ -28,9 +28,10 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
if (validateUser) { if (validateUser) {
return { return {
email: payload.email, email: payload.email,
userId: payload.id, userUuid: payload.uuid,
uuid: payload.uuid, uuid: payload.uuid,
sessionId: payload.sessionId, sessionId: payload.sessionId,
roles: payload.roles,
}; };
} else { } else {
throw new BadRequestException('Unauthorized'); throw new BadRequestException('Unauthorized');

3
libs/common/src/auth/strategies/refresh-token.strategy.ts
View File

@ -31,9 +31,10 @@ export class RefreshTokenStrategy extends PassportStrategy(
if (validateUser) { if (validateUser) {
return { return {
email: payload.email, email: payload.email,
userId: payload.id, userUuid: payload.uuid,
uuid: payload.uuid, uuid: payload.uuid,
sessionId: payload.sessionId, sessionId: payload.sessionId,
roles: payload.roles,
}; };
} else { } else {
throw new BadRequestException('Unauthorized'); throw new BadRequestException('Unauthorized');

17
src/guards/admin.role.guard.ts Normal file
View File

@ -0,0 +1,17 @@
import { RoleType } from '@app/common/constants/role.type.enum';
import { BadRequestException, UnauthorizedException } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
export class AdminRoleGuard extends AuthGuard('jwt') {
handleRequest(err, user) {
const isAdmin = user.roles.some((role) => role.type === RoleType.ADMIN);
if (err || !user) {
throw err || new UnauthorizedException();
} else {
if (!isAdmin) {
throw new BadRequestException('Only admin role can access this route');
}
}
return user;
}
}

21
src/guards/user.role.guard.ts Normal file
View File

@ -0,0 +1,21 @@
import { RoleType } from '@app/common/constants/role.type.enum';
import { BadRequestException, UnauthorizedException } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
export class UserRoleGuard extends AuthGuard('jwt') {
handleRequest(err, user) {
const isUserOrAdmin = user.roles.some(
(role) => role.type === RoleType.ADMIN || role.type === RoleType.USER,
);
if (err || !user) {
throw err || new UnauthorizedException();
} else {
if (!isUserOrAdmin) {
throw new BadRequestException(
'Only admin or user role can access this route',
);
}
}
return user;
}
}