Add platform type to user login and enforce access restrictions

libs/common/src/auth/services/auth.service.ts

@@ -11,6 +11,8 @@ import { UserSessionRepository } from '../../../../common/src/modules/session/re
 import { UserSessionEntity } from '../../../../common/src/modules/session/entities';
 import { ConfigService } from '@nestjs/config';
 import { OAuth2Client } from 'google-auth-library';
+import { PlatformType } from '@app/common/constants/platform-type.enum';
+import { RoleType } from '@app/common/constants/role.type.enum';
 
 @Injectable()
 export class AuthService {
@@ -29,6 +31,7 @@ export class AuthService {
     email: string,
     pass: string,
     regionUuid?: string,
+    platform?: PlatformType,
   ): Promise<any> {
     const user = await this.userRepository.findOne({
       where: {
@@ -37,7 +40,13 @@ export class AuthService {
       },
       relations: ['roleType'],
     });
-
+    if (
+      platform === PlatformType.WEB &&
+      (user.roleType.type === RoleType.SPACE_OWNER ||
+        user.roleType.type === RoleType.SPACE_MEMBER)
+    ) {
+      throw new UnauthorizedException('Access denied for web platform');
+    }
     if (!user) {
       throw new BadRequestException('Invalid credentials');
     }

libs/common/src/constants/platform-type.enum.ts

@@ -0,0 +1,4 @@
+export enum PlatformType {
+  WEB = 'web',
+  MOBILE = 'mobile',
+}

src/auth/dtos/user-login.dto.ts

@@ -1,5 +1,6 @@
+import { PlatformType } from '@app/common/constants/platform-type.enum';
 import { ApiProperty } from '@nestjs/swagger';
-import { IsEmail, IsOptional, IsString } from 'class-validator';
+import { IsEmail, IsEnum, IsOptional, IsString } from 'class-validator';
 
 export class UserLoginDto {
   @ApiProperty()
@@ -20,4 +21,9 @@ export class UserLoginDto {
   @IsOptional()
   @IsString()
   googleCode?: string;
+
+  @ApiProperty()
+  @IsOptional()
+  @IsEnum(PlatformType)
+  platform?: PlatformType;
 }

src/auth/services/user-auth.service.ts

@@ -132,6 +132,7 @@ export class UserAuthService {
           data.email,
           data.password,
           data.regionUuid,
+          data.platform,
         );
       }
       const session = await Promise.all([