diff --git a/packages/bridge-server/src/authorization/roles.decorator.ts b/packages/bridge-server/src/authorization/roles.decorator.ts new file mode 100644 index 0000000..12f0336 --- /dev/null +++ b/packages/bridge-server/src/authorization/roles.decorator.ts @@ -0,0 +1,3 @@ +import { Reflector } from '@nestjs/core'; + +export const Roles = Reflector.createDecorator(); \ No newline at end of file diff --git a/packages/bridge-server/src/authorization/roles.guard.ts b/packages/bridge-server/src/authorization/roles.guard.ts new file mode 100644 index 0000000..ab26f93 --- /dev/null +++ b/packages/bridge-server/src/authorization/roles.guard.ts @@ -0,0 +1,26 @@ +import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'; +import { Reflector } from '@nestjs/core'; +import { Roles } from './roles.decorator'; + +@Injectable() +export class RolesGuard implements CanActivate { + constructor(private reflector: Reflector) {} + + canActivate(context: ExecutionContext): boolean { + const roles = this.reflector.get(Roles, context.getHandler()); + if (!roles) { + return true; + } + const request = context.switchToHttp().getRequest(); + const user = request.user; + + roles.forEach(role => { + if(user.permissions.includes(role) == false) { + console.log("Missing " + role + " permission") + return false; + } + }); + + return true; + } +} diff --git a/packages/bridge-server/src/authz/authz.guard.ts b/packages/bridge-server/src/authz/authz.guard.ts index 053c56e..d2c4833 100644 --- a/packages/bridge-server/src/authz/authz.guard.ts +++ b/packages/bridge-server/src/authz/authz.guard.ts @@ -9,14 +9,12 @@ import { AuthGuard } from '@nestjs/passport'; @Injectable() export class JwtAuthGuard extends AuthGuard('jwt') { canActivate(context: ExecutionContext) { - console.log("runnign") // Add your custom authentication logic here // for example, call super.logIn(request) to establish a session. return super.canActivate(context); } handleRequest(err, user, info) { - console.log("runnign!!") // You can throw an exception based on either "info" or "err" arguments if (err || !user) { throw err || new UnauthorizedException(); diff --git a/packages/bridge-server/src/seasons/seasons.controller.ts b/packages/bridge-server/src/seasons/seasons.controller.ts index 29279ed..16aedd4 100644 --- a/packages/bridge-server/src/seasons/seasons.controller.ts +++ b/packages/bridge-server/src/seasons/seasons.controller.ts @@ -2,6 +2,9 @@ import { Body, Controller, Get, Param, Post, UseGuards } from '@nestjs/common'; import { SeasonsService } from './seasons.service'; import { SeasonStandingsService } from 'src/season-standings/season-standings.service'; import { AuthGuard } from '@nestjs/passport'; +import { JwtAuthGuard } from 'src/authz/authz.guard'; +import { RolesGuard } from 'src/authorization/roles.guard'; +import { Roles } from 'src/authorization/roles.decorator'; @Controller('seasons') export class SeasonsController { @@ -25,8 +28,9 @@ export class SeasonsController { return this.seasonStandingsService.updateStandings(params.id); } - @UseGuards(AuthGuard('jwt')) + @UseGuards(JwtAuthGuard, RolesGuard) @Post('create') + @Roles(['create:seasons']) create(@Body() body: any) { return this.seasonsService.create(body.title, body.subTitle, body.startingDate); }