role verification 50%

unknowncoder05 · unknowncoder05 · commit 0909adc7a46a · 2021-07-07T21:35:42.000-05:00
diff --git a/src/controllers/projects/projects.controller.ts b/src/controllers/projects/projects.controller.ts
@@ -7,26 +7,32 @@ import {AuthGuard} from '@nestjs/passport'
 import { JoiValidationPipe } from '../../pipe/joi-validation.pipe'
 import { ProjectService } from './../../services/project/project.service';
 import { projectSchema } from './../../schemas/project.schema';
-import { JwtAuthGuard, Public } from '../../modules/auth/guards/jwt-auth.guard'
-
-
-@UseGuards(JwtAuthGuard)
+import { JwtAuthGuard } from '../../modules/auth/guards/jwt-auth.guard'
+import { RolesGuard } from '../../modules/auth/guards/roles.guard'
+import { Public } from '../../modules/auth/decorators/public.decorator'
+import { Roles } from '../../modules/auth/decorators/roles.decorator'
+import { Role } from '../../entities/user.entity'
+@UseGuards(JwtAuthGuard, RolesGuard)
 @Controller('project')
 export class ProjectsController {
     constructor(private projectService: ProjectService) { }
     @Public()
+    @Roles(Role.DEFAULT)
     @Get(":projectID")
     @HttpCode(HttpStatus.FOUND)
     async get(@Param("projectID", ParseIntPipe) projectID: number): Promise<object> {
         return { data: await this.projectService.getProject(projectID) }//AppService.getProject(projectID);
     }
     @Public()
+    @Roles(Role.DEFAULT)
     @Get()
     @HttpCode(HttpStatus.FOUND)
     async list(@Query() params: any): Promise<object> {
         return { data: await this.projectService.getProjects(params) }
     }
+    
     @Post()
+    @Roles(Role.DEFAULT)
     @HttpCode(HttpStatus.CREATED)
     @UsePipes(new JoiValidationPipe(projectSchema))
     async create(@Body() payload: any): Promise<object> {
@@ -35,6 +41,8 @@ export class ProjectsController {
 
         return { msg: "created", data: newProduct };
     }
+    
+    @Roles(Role.DEFAULT)
     @Put(":projectID")
     @HttpCode(HttpStatus.ACCEPTED)
     async update(@Param("projectID", ParseIntPipe) projectID: number, @Body(new JoiValidationPipe(projectSchema)) payload: any): Promise<object> {
diff --git a/src/entities/user.entity.ts b/src/entities/user.entity.ts
@@ -9,9 +9,8 @@ import {
 import { Project } from './project.entity'
 
 
-export enum UserRole {
+export enum Role {
     ADMIN = "admin",
-    EDITOR = "editor",
     DEFAULT = "default"
 }
 @Entity()
@@ -27,10 +26,10 @@ export class User {
 
     @Column({
         type: "enum",
-        enum: UserRole,
-        default: UserRole.DEFAULT
+        enum: Role,
+        default: Role.DEFAULT
     })
-    role: UserRole;
+    role: Role;
 
     @OneToMany(() => Project, photo => photo.owner, { nullable: true })
     projects: Project
diff --git a/src/modules/auth/decorators/public.decorator.ts b/src/modules/auth/decorators/public.decorator.ts
@@ -0,0 +1,5 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
diff --git a/src/modules/auth/decorators/roles.decorator.ts b/src/modules/auth/decorators/roles.decorator.ts
@@ -0,0 +1,7 @@
+import { SetMetadata } from '@nestjs/common';
+
+import { Role } from '../../../entities/user.entity'
+
+export const ROLE_KEY = 'roles';
+
+export const Roles = (...roles: Role[]) => SetMetadata(ROLE_KEY, roles.concat(Role.ADMIN));
diff --git a/src/modules/auth/guards/jwt-auth.guard.ts b/src/modules/auth/guards/jwt-auth.guard.ts
@@ -3,24 +3,19 @@ import { Reflector } from '@nestjs/core';
 
 import { AuthGuard } from '@nestjs/passport'
 
-import { SetMetadata } from '@nestjs/common';
-
-export const IS_PUBLIC = 'isPublic';
-
-export const Public = () => SetMetadata(IS_PUBLIC, true);
-
+import { IS_PUBLIC_KEY } from '../decorators/public.decorator'
 
 @Injectable()
 export class JwtAuthGuard extends AuthGuard('jwt'){
   constructor(private reflector: Reflector) {
     super()
   }
-  canActivate(ctx: ExecutionContext){
-    const isPublic = this.reflector.get(IS_PUBLIC, ctx.getHandler())
+  canActivate(context: ExecutionContext){
+    const isPublic = this.reflector.get(IS_PUBLIC_KEY, context.getHandler())
     
     if(isPublic){
       return true
     }
-    return super.canActivate(ctx)
+    return super.canActivate(context)
   }
 }
diff --git a/src/modules/auth/guards/roles.guard.spec.ts b/src/modules/auth/guards/roles.guard.spec.ts
@@ -0,0 +1,7 @@
+import { RolesGuard } from './roles.guard';
+
+describe('RolesGuard', () => {
+  it('should be defined', () => {
+    expect(new RolesGuard()).toBeDefined();
+  });
+});
diff --git a/src/modules/auth/guards/roles.guard.ts b/src/modules/auth/guards/roles.guard.ts
@@ -0,0 +1,23 @@
+import { CanActivate, ExecutionContext, Injectable, ForbiddenException} from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { Reflector } from '@nestjs/core';
+import { ROLE_KEY } from '../decorators/roles.decorator'
+import { Role } from '../../../entities/user.entity'
+import { UsersService } from '../../users/services/users/users.service'
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private userService: UsersService, private reflector: Reflector) {
+  }
+
+  async canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    const roles =  this.reflector.get(ROLE_KEY, context.getHandler())
+    const request = context.switchToHttp().getRequest();
+    const userId = request.id
+    const user = await this.userService.get(userId)
+    if(user.role == Role.ADMIN) return true
+    if(roles.some(item => item === user.role)) return true
+    throw new ForbiddenException('not enough privilages')
+  }
+}
