Spaces:
Running
Running
Commit
·
6a7bf05
1
Parent(s):
e9affa5
update: refactor guards
Browse files
src/lib/guards/gen-guard.ts
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import { IJwtLoginPayload } from "@common/interfaces/jwt-payload.interface";
|
| 2 |
+
import { JwtPayload, verify } from "jsonwebtoken";
|
| 3 |
+
import { HttpError } from "@lib/error-handling/http-error";
|
| 4 |
+
import { NextFunction, Request, Response } from "express";
|
| 5 |
+
import { config } from "@configs/config";
|
| 6 |
+
|
| 7 |
+
type OptionalIfUndefined<T> = [T] extends [undefined]
|
| 8 |
+
? (args?: T) => void
|
| 9 |
+
: (args: T) => void;
|
| 10 |
+
|
| 11 |
+
export const genGuard =
|
| 12 |
+
<T = undefined>(
|
| 13 |
+
validationMethod?: (
|
| 14 |
+
validationArgs: T,
|
| 15 |
+
payload: IJwtLoginPayload,
|
| 16 |
+
req: Request,
|
| 17 |
+
res: Response
|
| 18 |
+
) => boolean | Promise<boolean>
|
| 19 |
+
): OptionalIfUndefined<T> =>
|
| 20 |
+
(args: T) =>
|
| 21 |
+
async (req: Request, res: Response, next: NextFunction) => {
|
| 22 |
+
// get token from cookie
|
| 23 |
+
const token = req.headers.authorization?.split(" ")[1];
|
| 24 |
+
let payload: IJwtLoginPayload;
|
| 25 |
+
|
| 26 |
+
// validate token
|
| 27 |
+
if (!token) {
|
| 28 |
+
throw new HttpError(401, "Unauthorized");
|
| 29 |
+
}
|
| 30 |
+
|
| 31 |
+
try {
|
| 32 |
+
payload = verify(token, config.jwt.secret);
|
| 33 |
+
} catch (err) {
|
| 34 |
+
throw new HttpError(401, "Unauthorized");
|
| 35 |
+
}
|
| 36 |
+
|
| 37 |
+
if (
|
| 38 |
+
validationMethod &&
|
| 39 |
+
!(await validationMethod(args, payload, req, res))
|
| 40 |
+
) {
|
| 41 |
+
throw new HttpError(401, "Unauthorized");
|
| 42 |
+
}
|
| 43 |
+
|
| 44 |
+
// inject payload in request
|
| 45 |
+
(req as unknown as { jwtPayload: JwtPayload }).jwtPayload = payload;
|
| 46 |
+
|
| 47 |
+
// go on
|
| 48 |
+
next();
|
| 49 |
+
};
|
src/modules/console/common/guards/admins.guard.ts
CHANGED
|
@@ -1,45 +1,23 @@
|
|
| 1 |
-
import { JwtPayload, verify } from "jsonwebtoken";
|
| 2 |
-
import { Request } from "express";
|
| 3 |
import { Role } from "@common/enums/role.enum";
|
| 4 |
-
import { HttpError } from "@lib/error-handling/http-error";
|
| 5 |
-
import { config } from "@configs/config";
|
| 6 |
import { IJwtLoginPayload } from "@common/interfaces/jwt-payload.interface";
|
|
|
|
| 7 |
|
| 8 |
type AdminGuardMiddlewareProps = {
|
| 9 |
roles?: Role[];
|
| 10 |
};
|
| 11 |
|
| 12 |
-
export const AdminGuardMiddleware =
|
| 13 |
-
|
| 14 |
-
// get token from cookie
|
| 15 |
-
const token = req.headers.authorization?.split(" ")[1];
|
| 16 |
-
let payload: IJwtLoginPayload;
|
| 17 |
-
|
| 18 |
-
// validate token
|
| 19 |
-
if (!token) {
|
| 20 |
-
throw new HttpError(401, "Unauthorized");
|
| 21 |
-
}
|
| 22 |
-
|
| 23 |
-
try {
|
| 24 |
-
payload = verify(token, config.jwt.secret);
|
| 25 |
-
} catch (err) {
|
| 26 |
-
throw new HttpError(401, "Unauthorized");
|
| 27 |
-
}
|
| 28 |
-
|
| 29 |
if (payload.type !== "admin") {
|
| 30 |
-
|
| 31 |
}
|
| 32 |
|
| 33 |
-
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
throw new HttpError(401, "Unauthorized");
|
| 37 |
}
|
| 38 |
}
|
| 39 |
|
| 40 |
-
|
| 41 |
-
|
| 42 |
-
|
| 43 |
-
// go on
|
| 44 |
-
next();
|
| 45 |
-
};
|
|
|
|
|
|
|
|
|
|
| 1 |
import { Role } from "@common/enums/role.enum";
|
|
|
|
|
|
|
| 2 |
import { IJwtLoginPayload } from "@common/interfaces/jwt-payload.interface";
|
| 3 |
+
import { genGuard } from "@lib/guards/gen-guard";
|
| 4 |
|
| 5 |
type AdminGuardMiddlewareProps = {
|
| 6 |
roles?: Role[];
|
| 7 |
};
|
| 8 |
|
| 9 |
+
export const AdminGuardMiddleware = genGuard(
|
| 10 |
+
async (args: AdminGuardMiddlewareProps, payload: IJwtLoginPayload) => {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
if (payload.type !== "admin") {
|
| 12 |
+
return false;
|
| 13 |
}
|
| 14 |
|
| 15 |
+
if (args?.roles && args?.roles.length > 0) {
|
| 16 |
+
if (!args.roles.includes(payload.role)) {
|
| 17 |
+
return false;
|
|
|
|
| 18 |
}
|
| 19 |
}
|
| 20 |
|
| 21 |
+
return true;
|
| 22 |
+
}
|
| 23 |
+
);
|
|
|
|
|
|
|
|
|
src/modules/users/common/guards/users.guard.ts
CHANGED
|
@@ -1,34 +1,6 @@
|
|
| 1 |
-
import { JwtPayload, verify } from "jsonwebtoken";
|
| 2 |
-
import { Request } from "express";
|
| 3 |
-
import { HttpError } from "@lib/error-handling/http-error";
|
| 4 |
-
import { config } from "@configs/config";
|
| 5 |
import { IJwtLoginPayload } from "@common/interfaces/jwt-payload.interface";
|
|
|
|
| 6 |
|
| 7 |
-
export const UsersGuardMiddleware =
|
| 8 |
-
|
| 9 |
-
|
| 10 |
-
const token = req.headers.authorization?.split(" ")[1];
|
| 11 |
-
let payload: IJwtLoginPayload;
|
| 12 |
-
|
| 13 |
-
// validate token
|
| 14 |
-
if (!token) {
|
| 15 |
-
throw new HttpError(401, "Unauthorized");
|
| 16 |
-
}
|
| 17 |
-
|
| 18 |
-
try {
|
| 19 |
-
payload = verify(token, config.jwt.secret);
|
| 20 |
-
} catch (err) {
|
| 21 |
-
throw new HttpError(401, "Unauthorized");
|
| 22 |
-
}
|
| 23 |
-
|
| 24 |
-
if (payload.type !== "user") {
|
| 25 |
-
throw new HttpError(401, "Unauthorized");
|
| 26 |
-
}
|
| 27 |
-
|
| 28 |
-
|
| 29 |
-
// inject payload in request
|
| 30 |
-
(req as unknown as { jwtPayload: JwtPayload }).jwtPayload = payload;
|
| 31 |
-
|
| 32 |
-
// go on
|
| 33 |
-
next();
|
| 34 |
-
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
import { IJwtLoginPayload } from "@common/interfaces/jwt-payload.interface";
|
| 2 |
+
import { genGuard } from "@lib/guards/gen-guard";
|
| 3 |
|
| 4 |
+
export const UsersGuardMiddleware = genGuard(
|
| 5 |
+
async (args, payload: IJwtLoginPayload) => payload.type === "user"
|
| 6 |
+
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|