mirror of
https://github.com/HamzaSha1/zod-backend.git
synced 2025-07-15 18:07:02 +00:00
feat: protecting endpoint by roles
This commit is contained in:
5
src/common/decorators/allowed-roles.decorator.ts
Normal file
5
src/common/decorators/allowed-roles.decorator.ts
Normal file
@ -0,0 +1,5 @@
|
||||
import { SetMetadata } from '@nestjs/common';
|
||||
import { Roles } from '~/auth/enums';
|
||||
|
||||
export const ROLE_METADATA_KEY = 'roles';
|
||||
export const AllowedRoles = (...roles: Roles[]) => SetMetadata(ROLE_METADATA_KEY, roles);
|
@ -1,2 +1,3 @@
|
||||
export * from './allowed-roles.decorator';
|
||||
export * from './public.decorator';
|
||||
export * from './user.decorator';
|
||||
|
@ -6,7 +6,7 @@ import { IS_PUBLIC_KEY } from '../decorators';
|
||||
|
||||
@Injectable()
|
||||
export class AccessTokenGuard extends AuthGuard('access-token') {
|
||||
constructor(private reflector: Reflector) {
|
||||
constructor(protected reflector: Reflector) {
|
||||
super();
|
||||
}
|
||||
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
|
||||
|
@ -1 +1,2 @@
|
||||
export * from './access-token.guard';
|
||||
export * from './roles-guard';
|
||||
|
28
src/common/guards/roles-guard.ts
Normal file
28
src/common/guards/roles-guard.ts
Normal file
@ -0,0 +1,28 @@
|
||||
import { ExecutionContext, Injectable } from '@nestjs/common';
|
||||
import { Roles } from '~/auth/enums';
|
||||
import { ROLE_METADATA_KEY } from '../decorators';
|
||||
import { AccessTokenGuard } from './access-token.guard';
|
||||
|
||||
@Injectable()
|
||||
export class RolesGuard extends AccessTokenGuard {
|
||||
async canActivate(context: ExecutionContext): Promise<boolean> {
|
||||
await super.canActivate(context);
|
||||
|
||||
const request = context.switchToHttp().getRequest();
|
||||
const user = request.user;
|
||||
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
const allowedRoles = this.reflector.getAllAndOverride<Roles[]>(ROLE_METADATA_KEY, [
|
||||
context.getHandler(),
|
||||
context.getClass(),
|
||||
]);
|
||||
|
||||
if (!allowedRoles) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return allowedRoles.some((role) => user.roles.includes(role));
|
||||
}
|
||||
}
|
@ -1,8 +1,9 @@
|
||||
import { Body, Controller, Patch, UseGuards } from '@nestjs/common';
|
||||
import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
|
||||
import { Roles } from '~/auth/enums';
|
||||
import { IJwtPayload } from '~/auth/interfaces';
|
||||
import { AuthenticatedUser } from '~/common/decorators';
|
||||
import { AccessTokenGuard } from '~/common/guards';
|
||||
import { AllowedRoles, AuthenticatedUser } from '~/common/decorators';
|
||||
import { AccessTokenGuard, RolesGuard } from '~/common/guards';
|
||||
import { ResponseFactory } from '~/core/utils';
|
||||
import { UpdateCustomerRequestDto, UpdateNotificationsSettingsRequestDto } from '../dtos/request';
|
||||
import { CustomerResponseDto, NotificationSettingsResponseDto } from '../dtos/response';
|
||||
@ -11,11 +12,12 @@ import { CustomerService } from '../services';
|
||||
@Controller('customers')
|
||||
@ApiTags('Customers')
|
||||
@ApiBearerAuth()
|
||||
@UseGuards(AccessTokenGuard)
|
||||
export class CustomerController {
|
||||
constructor(private readonly customerService: CustomerService) {}
|
||||
|
||||
@Patch('')
|
||||
@UseGuards(RolesGuard)
|
||||
@AllowedRoles(Roles.GUARDIAN)
|
||||
async updateCustomer(@AuthenticatedUser() { sub }: IJwtPayload, @Body() body: UpdateCustomerRequestDto) {
|
||||
const customer = await this.customerService.updateCustomer(sub, body);
|
||||
|
||||
@ -23,6 +25,7 @@ export class CustomerController {
|
||||
}
|
||||
|
||||
@Patch('settings/notifications')
|
||||
@UseGuards(AccessTokenGuard)
|
||||
async updateNotificationSettings(
|
||||
@AuthenticatedUser() { sub }: IJwtPayload,
|
||||
@Body() body: UpdateNotificationsSettingsRequestDto,
|
||||
|
@ -1,8 +1,9 @@
|
||||
import { Body, Controller, Get, Param, Post, Query, UseGuards } from '@nestjs/common';
|
||||
import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
|
||||
import { Roles } from '~/auth/enums';
|
||||
import { IJwtPayload } from '~/auth/interfaces';
|
||||
import { AuthenticatedUser } from '~/common/decorators';
|
||||
import { AccessTokenGuard } from '~/common/guards';
|
||||
import { AllowedRoles, AuthenticatedUser } from '~/common/decorators';
|
||||
import { RolesGuard } from '~/common/guards';
|
||||
import { ApiDataPageResponse, ApiDataResponse } from '~/core/decorators';
|
||||
import { PageOptionsRequestDto } from '~/core/dtos';
|
||||
import { CustomParseUUIDPipe } from '~/core/pipes';
|
||||
@ -18,7 +19,8 @@ export class JuniorController {
|
||||
constructor(private readonly juniorService: JuniorService) {}
|
||||
|
||||
@Post()
|
||||
@UseGuards(AccessTokenGuard)
|
||||
@UseGuards(RolesGuard)
|
||||
@AllowedRoles(Roles.GUARDIAN)
|
||||
@ApiDataResponse(JuniorResponseDto)
|
||||
async createJunior(@Body() body: CreateJuniorRequestDto, @AuthenticatedUser() user: IJwtPayload) {
|
||||
const junior = await this.juniorService.createJuniors(body, user.sub);
|
||||
@ -27,7 +29,8 @@ export class JuniorController {
|
||||
}
|
||||
|
||||
@Get()
|
||||
@UseGuards(AccessTokenGuard)
|
||||
@UseGuards(RolesGuard)
|
||||
@AllowedRoles(Roles.GUARDIAN)
|
||||
@ApiDataPageResponse(JuniorResponseDto)
|
||||
async findJuniors(@AuthenticatedUser() user: IJwtPayload, @Query() pageOptions: PageOptionsRequestDto) {
|
||||
const [juniors, count] = await this.juniorService.findJuniorsByGuardianId(user.sub, pageOptions);
|
||||
@ -43,7 +46,8 @@ export class JuniorController {
|
||||
}
|
||||
|
||||
@Get(':juniorId')
|
||||
@UseGuards(AccessTokenGuard)
|
||||
@UseGuards(RolesGuard)
|
||||
@AllowedRoles(Roles.GUARDIAN)
|
||||
@ApiDataResponse(JuniorResponseDto)
|
||||
async findJuniorById(
|
||||
@AuthenticatedUser() user: IJwtPayload,
|
||||
@ -55,7 +59,8 @@ export class JuniorController {
|
||||
}
|
||||
|
||||
@Post('set-theme')
|
||||
@UseGuards(AccessTokenGuard)
|
||||
@UseGuards(RolesGuard)
|
||||
@AllowedRoles(Roles.JUNIOR)
|
||||
@ApiDataResponse(JuniorResponseDto)
|
||||
async setTheme(@Body() body: SetThemeRequestDto, @AuthenticatedUser() user: IJwtPayload) {
|
||||
const theme = await this.juniorService.setTheme(body, user.sub);
|
||||
|
Reference in New Issue
Block a user