From dc23cce89a76e55d9c7cd57e536046d26660137e Mon Sep 17 00:00:00 2001 From: faris Aljohari <83524184+farisaljohari@users.noreply.github.com> Date: Tue, 28 Jan 2025 19:41:03 -0600 Subject: [PATCH] Add platform type to user login and enforce access restrictions --- libs/common/src/auth/services/auth.service.ts | 11 ++++++++++- libs/common/src/constants/platform-type.enum.ts | 4 ++++ src/auth/dtos/user-login.dto.ts | 8 +++++++- src/auth/services/user-auth.service.ts | 1 + 4 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 libs/common/src/constants/platform-type.enum.ts diff --git a/libs/common/src/auth/services/auth.service.ts b/libs/common/src/auth/services/auth.service.ts index 528db56..fdba2f0 100644 --- a/libs/common/src/auth/services/auth.service.ts +++ b/libs/common/src/auth/services/auth.service.ts @@ -11,6 +11,8 @@ import { UserSessionRepository } from '../../../../common/src/modules/session/re import { UserSessionEntity } from '../../../../common/src/modules/session/entities'; import { ConfigService } from '@nestjs/config'; import { OAuth2Client } from 'google-auth-library'; +import { PlatformType } from '@app/common/constants/platform-type.enum'; +import { RoleType } from '@app/common/constants/role.type.enum'; @Injectable() export class AuthService { @@ -29,6 +31,7 @@ export class AuthService { email: string, pass: string, regionUuid?: string, + platform?: PlatformType, ): Promise { const user = await this.userRepository.findOne({ where: { @@ -37,7 +40,13 @@ export class AuthService { }, relations: ['roleType'], }); - + if ( + platform === PlatformType.WEB && + (user.roleType.type === RoleType.SPACE_OWNER || + user.roleType.type === RoleType.SPACE_MEMBER) + ) { + throw new UnauthorizedException('Access denied for web platform'); + } if (!user) { throw new BadRequestException('Invalid credentials'); } diff --git a/libs/common/src/constants/platform-type.enum.ts b/libs/common/src/constants/platform-type.enum.ts new file mode 100644 index 0000000..e8216c0 --- /dev/null +++ b/libs/common/src/constants/platform-type.enum.ts @@ -0,0 +1,4 @@ +export enum PlatformType { + WEB = 'web', + MOBILE = 'mobile', +} diff --git a/src/auth/dtos/user-login.dto.ts b/src/auth/dtos/user-login.dto.ts index 198ae12..6af12aa 100644 --- a/src/auth/dtos/user-login.dto.ts +++ b/src/auth/dtos/user-login.dto.ts @@ -1,5 +1,6 @@ +import { PlatformType } from '@app/common/constants/platform-type.enum'; import { ApiProperty } from '@nestjs/swagger'; -import { IsEmail, IsOptional, IsString } from 'class-validator'; +import { IsEmail, IsEnum, IsOptional, IsString } from 'class-validator'; export class UserLoginDto { @ApiProperty() @@ -20,4 +21,9 @@ export class UserLoginDto { @IsOptional() @IsString() googleCode?: string; + + @ApiProperty() + @IsOptional() + @IsEnum(PlatformType) + platform?: PlatformType; } diff --git a/src/auth/services/user-auth.service.ts b/src/auth/services/user-auth.service.ts index c9c9436..aaa2b34 100644 --- a/src/auth/services/user-auth.service.ts +++ b/src/auth/services/user-auth.service.ts @@ -132,6 +132,7 @@ export class UserAuthService { data.email, data.password, data.regionUuid, + data.platform, ); } const session = await Promise.all([