@ackplus/nest-auth 0.1.36 → 0.1.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/auth/guards/auth.guard.d.ts +6 -0
- package/src/lib/auth/guards/auth.guard.js +79 -2
- package/src/lib/auth/guards/auth.guard.js.map +1 -1
- package/src/lib/auth/index.d.ts +0 -2
- package/src/lib/auth/index.js +0 -2
- package/src/lib/auth/index.js.map +1 -1
- package/src/lib/auth/guards/permissions.guard.d.ts +0 -8
- package/src/lib/auth/guards/permissions.guard.js +0 -51
- package/src/lib/auth/guards/permissions.guard.js.map +0 -1
- package/src/lib/auth/guards/role.guard.d.ts +0 -7
- package/src/lib/auth/guards/role.guard.js +0 -40
- package/src/lib/auth/guards/role.guard.js.map +0 -1
package/package.json
CHANGED
|
@@ -18,4 +18,10 @@ export declare class NestAuthAuthGuard implements CanActivate {
|
|
|
18
18
|
private handleApiKeyAuth;
|
|
19
19
|
private extractRefreshToken;
|
|
20
20
|
private checkMfa;
|
|
21
|
+
private checkAuthorization;
|
|
22
|
+
private getRequiredPermissions;
|
|
23
|
+
private getRequiredRoles;
|
|
24
|
+
private checkRoles;
|
|
25
|
+
private checkPermissions;
|
|
26
|
+
private getUserPermissions;
|
|
21
27
|
}
|
|
@@ -11,6 +11,8 @@ const base_session_service_1 = require("../../session/services/base-session.serv
|
|
|
11
11
|
const cookie_service_1 = require("../services/cookie.service");
|
|
12
12
|
const access_key_service_1 = require("../../user/services/access-key.service");
|
|
13
13
|
const skip_mfa_decorator_1 = require("../../core/decorators/skip-mfa.decorator");
|
|
14
|
+
const permissions_decorator_1 = require("../../core/decorators/permissions.decorator");
|
|
15
|
+
const role_decorator_1 = require("../../core/decorators/role.decorator");
|
|
14
16
|
let NestAuthAuthGuard = class NestAuthAuthGuard {
|
|
15
17
|
constructor(reflector, jwtService, authService, sessionService, cookieService, accessKeyService) {
|
|
16
18
|
this.reflector = reflector;
|
|
@@ -31,17 +33,25 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
|
|
|
31
33
|
});
|
|
32
34
|
}
|
|
33
35
|
const [type, token] = authHeader.split(' ');
|
|
36
|
+
let isAuthenticated = false;
|
|
34
37
|
switch (type.toLowerCase()) {
|
|
35
38
|
case 'bearer':
|
|
36
|
-
|
|
39
|
+
isAuthenticated = await this.handleJwtAuth(context, request, response, token);
|
|
40
|
+
break;
|
|
37
41
|
case 'apikey':
|
|
38
|
-
|
|
42
|
+
isAuthenticated = await this.handleApiKeyAuth(request, token);
|
|
43
|
+
break;
|
|
39
44
|
default:
|
|
40
45
|
throw new common_1.UnauthorizedException({
|
|
41
46
|
message: 'Invalid authentication type',
|
|
42
47
|
code: 'INVALID_AUTH_TYPE'
|
|
43
48
|
});
|
|
44
49
|
}
|
|
50
|
+
if (!isAuthenticated) {
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
53
|
+
await this.checkAuthorization(context, request);
|
|
54
|
+
return true;
|
|
45
55
|
}
|
|
46
56
|
async handleJwtAuth(context, request, response, token) {
|
|
47
57
|
try {
|
|
@@ -121,6 +131,73 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
|
|
|
121
131
|
});
|
|
122
132
|
}
|
|
123
133
|
}
|
|
134
|
+
async checkAuthorization(context, request) {
|
|
135
|
+
const requiredPermissions = this.getRequiredPermissions(context);
|
|
136
|
+
const requiredRoles = this.getRequiredRoles(context);
|
|
137
|
+
if (!requiredPermissions.length && !requiredRoles.length) {
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
140
|
+
const user = request['user'];
|
|
141
|
+
if (!user) {
|
|
142
|
+
throw new common_1.ForbiddenException('Access denied: User not authenticated');
|
|
143
|
+
}
|
|
144
|
+
if (requiredRoles.length > 0) {
|
|
145
|
+
this.checkRoles(user, requiredRoles);
|
|
146
|
+
}
|
|
147
|
+
if (requiredPermissions.length > 0) {
|
|
148
|
+
this.checkPermissions(user, requiredPermissions);
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
getRequiredPermissions(context) {
|
|
152
|
+
let permissions = this.reflector.getAllAndOverride(permissions_decorator_1.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
|
|
153
|
+
if (!permissions) {
|
|
154
|
+
return [];
|
|
155
|
+
}
|
|
156
|
+
return typeof permissions === 'string' ? [permissions] : permissions;
|
|
157
|
+
}
|
|
158
|
+
getRequiredRoles(context) {
|
|
159
|
+
let roles = this.reflector.getAllAndOverride(role_decorator_1.ROLES_KEY, [context.getHandler(), context.getClass()]);
|
|
160
|
+
if (!roles) {
|
|
161
|
+
return [];
|
|
162
|
+
}
|
|
163
|
+
return typeof roles === 'string' ? [roles] : roles;
|
|
164
|
+
}
|
|
165
|
+
checkRoles(user, requiredRoles) {
|
|
166
|
+
if (!user.roles || !Array.isArray(user.roles)) {
|
|
167
|
+
throw new common_1.ForbiddenException('Access denied: No roles assigned');
|
|
168
|
+
}
|
|
169
|
+
const userRoleNames = user.roles
|
|
170
|
+
.filter(role => role.isActive)
|
|
171
|
+
.map(role => role.name);
|
|
172
|
+
const hasAllRoles = requiredRoles.every(role => userRoleNames.includes(role));
|
|
173
|
+
if (!hasAllRoles) {
|
|
174
|
+
const missingRoles = requiredRoles.filter(role => !userRoleNames.includes(role));
|
|
175
|
+
throw new common_1.ForbiddenException(`Access denied: Missing required roles: ${missingRoles.join(', ')}`);
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
checkPermissions(user, requiredPermissions) {
|
|
179
|
+
if (!user.roles || !Array.isArray(user.roles)) {
|
|
180
|
+
throw new common_1.ForbiddenException('Access denied: No roles assigned for permission check');
|
|
181
|
+
}
|
|
182
|
+
const userPermissions = this.getUserPermissions(user.roles);
|
|
183
|
+
const hasAllPermissions = requiredPermissions.every(permission => userPermissions.includes(permission));
|
|
184
|
+
if (!hasAllPermissions) {
|
|
185
|
+
const missingPermissions = requiredPermissions.filter(permission => !userPermissions.includes(permission));
|
|
186
|
+
throw new common_1.ForbiddenException(`Access denied: Missing required permissions: ${missingPermissions.join(', ')}`);
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
getUserPermissions(roles) {
|
|
190
|
+
const permissions = new Set();
|
|
191
|
+
roles.forEach(role => {
|
|
192
|
+
if (!role.isActive) {
|
|
193
|
+
return;
|
|
194
|
+
}
|
|
195
|
+
if (role.permissions && Array.isArray(role.permissions)) {
|
|
196
|
+
role.permissions.forEach(permission => permissions.add(permission));
|
|
197
|
+
}
|
|
198
|
+
});
|
|
199
|
+
return Array.from(permissions);
|
|
200
|
+
}
|
|
124
201
|
};
|
|
125
202
|
exports.NestAuthAuthGuard = NestAuthAuthGuard;
|
|
126
203
|
exports.NestAuthAuthGuard = NestAuthAuthGuard = tslib_1.__decorate([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/guards/auth.guard.ts"],"names":[],"mappings":";;;;AAAA,
|
|
1
|
+
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/guards/auth.guard.ts"],"names":[],"mappings":";;;;AAAA,2CAAsH;AACtH,yDAA8F;AAC9F,uCAAyC;AAEzC,iEAA6D;AAC7D,2DAAuD;AACvD,sFAAiF;AACjF,+DAA2D;AAC3D,+EAA0E;AAE1E,iFAAwE;AACxE,uFAA8E;AAC9E,yEAAiE;AAG1D,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAC1B,YACY,SAAoB,EACpB,UAAsB,EACtB,WAAwB,EACxB,cAAkC,EAClC,aAA4B,EAC5B,gBAAkC;QALlC,cAAS,GAAT,SAAS,CAAW;QACpB,eAAU,GAAV,UAAU,CAAY;QACtB,gBAAW,GAAX,WAAW,CAAa;QACxB,mBAAc,GAAd,cAAc,CAAoB;QAClC,kBAAa,GAAb,aAAa,CAAe;QAC5B,qBAAgB,GAAhB,gBAAgB,CAAkB;IAC1C,CAAC;IAEL,KAAK,CAAC,WAAW,CAAC,OAAyB;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAW,CAAC;QAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAY,CAAC;QAEhE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,4BAA4B;gBACrC,IAAI,EAAE,SAAS;aAClB,CAAC,CAAC;QACP,CAAC;QAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAG5C,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACT,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC9E,MAAM;YACV,KAAK,QAAQ;gBACT,eAAe,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC9D,MAAM;YACV;gBACI,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,6BAA6B;oBACtC,IAAI,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;QACX,CAAC;QAGD,IAAI,CAAC,eAAe,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACjB,CAAC;QAGD,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEhD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAAyB,EAAE,OAAgB,EAAE,QAAkB,EAAE,KAAa;QACtG,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC;YAC1B,OAAO,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAE5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACxE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,mBAAmB;oBAC5B,IAAI,EAAE,4CAA2B;iBACpC,CAAC,CAAC;YACP,CAAC;YAED,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC;YAC7B,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEb,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAChB,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,4CAA2B;iBACpC,CAAC,CAAC;YACP,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;YAExF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1E,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAgB,EAAE,KAAa;QAE1D,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,wBAAwB;gBACjC,IAAI,EAAE,wBAAwB;aACjC,CAAC,CAAC;QACP,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACrF,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,iBAAiB;gBAC1B,IAAI,EAAE,iBAAiB;aAC1B,CAAC,CAAC;QACP,CAAC;QAGD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAGtE,MAAM,IAAI,CAAC,gBAAgB,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;QAG/D,OAAO,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC;QACjC,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;QACjC,OAAO,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC;QAEhC,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,mBAAmB,CAAC,OAAgB;QAExC,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,0CAAyB,CAAC,CAAC;QACrE,IAAI,eAAe,EAAE,CAAC;YAClB,OAAO,eAAe,CAAC;QAC3B,CAAC;QAGD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACtD,IAAI,UAAU,EAAE,CAAC;YACb,OAAO,UAAoB,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,OAAyB,EAAE,OAAwB;QAEtE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,iCAAY,EAAE;YACpE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QAGH,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAG5C,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7C,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,yCAAyC;gBAClD,IAAI,EAAE,4CAA2B;aACpC,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAKO,KAAK,CAAC,kBAAkB,CAAC,OAAyB,EAAE,OAAgB;QAExE,MAAM,mBAAmB,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAGrD,IAAI,CAAC,mBAAmB,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YACvD,OAAO;QACX,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAG7B,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,2BAAkB,CAAC,uCAAuC,CAAC,CAAC;QAC1E,CAAC;QAGD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACzC,CAAC;QAGD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAKO,sBAAsB,CAAC,OAAyB;QACpD,IAAI,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAC9C,uCAAe,EACf,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACd,CAAC;QAGD,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACzE,CAAC;IAKO,gBAAgB,CAAC,OAAyB;QAC9C,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACxC,0BAAS,EACT,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAEF,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,EAAE,CAAC;QACd,CAAC;QAGD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACvD,CAAC;IAKO,UAAU,CAAC,IAAS,EAAE,aAAuB;QACjD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,2BAAkB,CAAC,kCAAkC,CAAC,CAAC;QACrE,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK;aAC3B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;aAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAG5B,MAAM,WAAW,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAE9E,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YACjF,MAAM,IAAI,2BAAkB,CACxB,0CAA0C,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtE,CAAC;QACN,CAAC;IACL,CAAC;IAKO,gBAAgB,CAAC,IAAS,EAAE,mBAA6B;QAC7D,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,2BAAkB,CAAC,uDAAuD,CAAC,CAAC;QAC1F,CAAC;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAG5D,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAC7D,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACvC,CAAC;QAEF,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACrB,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAC/D,CAAC,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACxC,CAAC;YAEF,MAAM,IAAI,2BAAkB,CACxB,gDAAgD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClF,CAAC;QACN,CAAC;IACL,CAAC;IAKO,kBAAkB,CAAC,KAAY;QACnC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QAEtC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAEjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACjB,OAAO;YACX,CAAC;YAGD,IAAI,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;YACxE,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;CACJ,CAAA;AApSY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;6CAGc,gBAAS;QACR,wBAAU;QACT,0BAAW;QACR,yCAAkB;QACnB,8BAAa;QACV,qCAAgB;GAPrC,iBAAiB,CAoS7B"}
|
package/src/lib/auth/index.d.ts
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
1
|
export * from './guards/auth.guard';
|
|
2
|
-
export * from './guards/role.guard';
|
|
3
|
-
export * from './guards/permissions.guard';
|
|
4
2
|
export * from './events/logged-out-all.event';
|
|
5
3
|
export * from './events/logged-out.event';
|
|
6
4
|
export * from './events/password-reset-requested.event';
|
package/src/lib/auth/index.js
CHANGED
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const tslib_1 = require("tslib");
|
|
4
4
|
tslib_1.__exportStar(require("./guards/auth.guard"), exports);
|
|
5
|
-
tslib_1.__exportStar(require("./guards/role.guard"), exports);
|
|
6
|
-
tslib_1.__exportStar(require("./guards/permissions.guard"), exports);
|
|
7
5
|
tslib_1.__exportStar(require("./events/logged-out-all.event"), exports);
|
|
8
6
|
tslib_1.__exportStar(require("./events/logged-out.event"), exports);
|
|
9
7
|
tslib_1.__exportStar(require("./events/password-reset-requested.event"), exports);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/auth/index.ts"],"names":[],"mappings":";;;AACA,8DAAoC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/auth/index.ts"],"names":[],"mappings":";;;AACA,8DAAoC;AAGpC,wEAA8C;AAC9C,oEAA0C;AAC1C,kFAAwD;AACxD,wEAA8C;AAC9C,2EAAiD;AACjD,wEAA8C;AAC9C,4EAAkD;AAClD,yEAA+C;AAG/C,kEAAwC;AACxC,oEAA0C;AAC1C,iEAAuC;AAGvC,wEAA8C;AAC9C,uEAA6C;AAG7C,2EAAiD;AACjD,4EAAkD;AAClD,kFAAwD;AACxD,qFAA2D;AAC3D,oFAA0D;AAC1D,mFAAyD;AACzD,mFAAyD;AACzD,gFAAsD;AACtD,uFAA6D;AAC7D,4EAAkD"}
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { Reflector } from '@nestjs/core';
|
|
3
|
-
export declare class NestAuthPermissionsGuard implements CanActivate {
|
|
4
|
-
private reflector;
|
|
5
|
-
constructor(reflector: Reflector);
|
|
6
|
-
canActivate(context: ExecutionContext): boolean;
|
|
7
|
-
private getUserPermissions;
|
|
8
|
-
}
|
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.NestAuthPermissionsGuard = void 0;
|
|
4
|
-
const tslib_1 = require("tslib");
|
|
5
|
-
const common_1 = require("@nestjs/common");
|
|
6
|
-
const core_1 = require("@nestjs/core");
|
|
7
|
-
const permissions_decorator_1 = require("../../core/decorators/permissions.decorator");
|
|
8
|
-
let NestAuthPermissionsGuard = class NestAuthPermissionsGuard {
|
|
9
|
-
constructor(reflector) {
|
|
10
|
-
this.reflector = reflector;
|
|
11
|
-
}
|
|
12
|
-
canActivate(context) {
|
|
13
|
-
let requiredPermissions = this.reflector.getAllAndOverride(permissions_decorator_1.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
|
|
14
|
-
if (!requiredPermissions || requiredPermissions.length === 0) {
|
|
15
|
-
return true;
|
|
16
|
-
}
|
|
17
|
-
if (typeof requiredPermissions === 'string') {
|
|
18
|
-
requiredPermissions = [requiredPermissions];
|
|
19
|
-
}
|
|
20
|
-
const request = context.switchToHttp().getRequest();
|
|
21
|
-
const user = request.user;
|
|
22
|
-
if (!user || !user.roles || !Array.isArray(user.roles)) {
|
|
23
|
-
throw new common_1.ForbiddenException('Access denied: User not authenticated or no roles assigned');
|
|
24
|
-
}
|
|
25
|
-
const userPermissions = this.getUserPermissions(user.roles);
|
|
26
|
-
const hasAllPermissions = requiredPermissions.every(permission => userPermissions.includes(permission));
|
|
27
|
-
if (!hasAllPermissions) {
|
|
28
|
-
const missingPermissions = requiredPermissions.filter(permission => !userPermissions.includes(permission));
|
|
29
|
-
throw new common_1.ForbiddenException(`Access denied: Missing required permissions: ${missingPermissions.join(', ')}`);
|
|
30
|
-
}
|
|
31
|
-
return true;
|
|
32
|
-
}
|
|
33
|
-
getUserPermissions(roles) {
|
|
34
|
-
const permissions = new Set();
|
|
35
|
-
roles.forEach(role => {
|
|
36
|
-
if (!role.isActive) {
|
|
37
|
-
return;
|
|
38
|
-
}
|
|
39
|
-
if (role.permissions && Array.isArray(role.permissions)) {
|
|
40
|
-
role.permissions.forEach(permission => permissions.add(permission));
|
|
41
|
-
}
|
|
42
|
-
});
|
|
43
|
-
return Array.from(permissions);
|
|
44
|
-
}
|
|
45
|
-
};
|
|
46
|
-
exports.NestAuthPermissionsGuard = NestAuthPermissionsGuard;
|
|
47
|
-
exports.NestAuthPermissionsGuard = NestAuthPermissionsGuard = tslib_1.__decorate([
|
|
48
|
-
(0, common_1.Injectable)(),
|
|
49
|
-
tslib_1.__metadata("design:paramtypes", [core_1.Reflector])
|
|
50
|
-
], NestAuthPermissionsGuard);
|
|
51
|
-
//# sourceMappingURL=permissions.guard.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.guard.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/guards/permissions.guard.ts"],"names":[],"mappings":";;;;AAAA,2CAA+F;AAC/F,uCAAyC;AACzC,uFAA8E;AAGvE,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IACjC,YAAoB,SAAoB;QAApB,cAAS,GAAT,SAAS,CAAW;IAAI,CAAC;IAE7C,WAAW,CAAC,OAAyB;QAEjC,IAAI,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACtD,uCAAe,EACf,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAGF,IAAI,CAAC,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3D,OAAO,IAAI,CAAC;QAChB,CAAC;QAGD,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YAC1C,mBAAmB,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAG1B,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,2BAAkB,CAAC,4DAA4D,CAAC,CAAC;QAC/F,CAAC;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAG5D,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAC7D,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACvC,CAAC;QAEF,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACrB,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAC/D,CAAC,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACxC,CAAC;YAEF,MAAM,IAAI,2BAAkB,CACxB,gDAAgD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClF,CAAC;QACN,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAKO,kBAAkB,CAAC,KAAY;QACnC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QAEtC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAEjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACjB,OAAO;YACX,CAAC;YAGD,IAAI,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;YACxE,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;CACJ,CAAA;AArEY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;6CAEsB,gBAAS;GAD/B,wBAAwB,CAqEpC"}
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { Reflector } from '@nestjs/core';
|
|
3
|
-
export declare class NestAuthRoleGuard implements CanActivate {
|
|
4
|
-
private reflector;
|
|
5
|
-
constructor(reflector: Reflector);
|
|
6
|
-
canActivate(context: ExecutionContext): boolean;
|
|
7
|
-
}
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.NestAuthRoleGuard = void 0;
|
|
4
|
-
const tslib_1 = require("tslib");
|
|
5
|
-
const common_1 = require("@nestjs/common");
|
|
6
|
-
const core_1 = require("@nestjs/core");
|
|
7
|
-
const role_decorator_1 = require("../../core/decorators/role.decorator");
|
|
8
|
-
const role_decorator_2 = require("../../core/decorators/role.decorator");
|
|
9
|
-
let NestAuthRoleGuard = class NestAuthRoleGuard {
|
|
10
|
-
constructor(reflector) {
|
|
11
|
-
this.reflector = reflector;
|
|
12
|
-
}
|
|
13
|
-
canActivate(context) {
|
|
14
|
-
let requiredRoles = this.reflector.getAllAndOverride(role_decorator_2.ROLES_KEY, [context.getHandler(), context.getClass()]);
|
|
15
|
-
if (typeof requiredRoles === 'string') {
|
|
16
|
-
requiredRoles = [requiredRoles];
|
|
17
|
-
}
|
|
18
|
-
const requiredGuard = this.reflector.getAllAndOverride(role_decorator_1.GUARD_KEY, [context.getHandler(), context.getClass()]);
|
|
19
|
-
if (!requiredRoles || !requiredGuard) {
|
|
20
|
-
return true;
|
|
21
|
-
}
|
|
22
|
-
const request = context.switchToHttp().getRequest();
|
|
23
|
-
const user = request.user;
|
|
24
|
-
if (!user || !user.roles) {
|
|
25
|
-
return false;
|
|
26
|
-
}
|
|
27
|
-
return user.roles.some((role) => {
|
|
28
|
-
if (role.guard !== requiredGuard) {
|
|
29
|
-
return false;
|
|
30
|
-
}
|
|
31
|
-
return requiredRoles.includes(role.name);
|
|
32
|
-
});
|
|
33
|
-
}
|
|
34
|
-
};
|
|
35
|
-
exports.NestAuthRoleGuard = NestAuthRoleGuard;
|
|
36
|
-
exports.NestAuthRoleGuard = NestAuthRoleGuard = tslib_1.__decorate([
|
|
37
|
-
(0, common_1.Injectable)(),
|
|
38
|
-
tslib_1.__metadata("design:paramtypes", [core_1.Reflector])
|
|
39
|
-
], NestAuthRoleGuard);
|
|
40
|
-
//# sourceMappingURL=role.guard.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"role.guard.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/guards/role.guard.ts"],"names":[],"mappings":";;;;AAAA,2CAA2E;AAC3E,uCAAyC;AACzC,yEAAiE;AACjE,yEAAiE;AAI1D,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAC1B,YAAoB,SAAoB;QAApB,cAAS,GAAT,SAAS,CAAW;IAAI,CAAC;IAE7C,WAAW,CAAC,OAAyB;QACjC,IAAI,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAChD,0BAAS,EACT,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAEF,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACpC,aAAa,GAAG,CAAC,aAAa,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAClD,0BAAS,EACT,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAEF,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAS,EAAE,EAAE;YACjC,IAAI,IAAI,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;gBAC/B,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AArCY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;6CAEsB,gBAAS;GAD/B,iBAAiB,CAqC7B"}
|