feat: enable roles guard

skku-royals · Mar 5, 2024 · 62638ec · 62638ec
1 parent bf88464
commit 62638ec
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 24 deletions.
diff --git a/backend/app/src/app.module.ts b/backend/app/src/app.module.ts
@@ -2,7 +2,12 @@ import { CacheModule } from '@nestjs/cache-manager'
 import { Module } from '@nestjs/common'
 import { ConfigModule } from '@nestjs/config'
 import { APP_FILTER, APP_GUARD } from '@nestjs/core'
-import { JwtAuthGuard, JwtAuthModule, RolesModule } from '@libs/auth'
+import {
+  JwtAuthGuard,
+  JwtAuthModule,
+  RolesGuard,
+  RolesModule
+} from '@libs/auth'
 import { CacheConfigService } from '@libs/cache'
 import { ExceptionsFilter } from '@libs/exception'
 import { PrismaModule } from '@libs/prisma'
@@ -32,7 +37,8 @@ import { UserModule } from './user/user.module'
   providers: [
     AppService,
     { provide: APP_FILTER, useClass: ExceptionsFilter },
-    { provide: APP_GUARD, useClass: JwtAuthGuard }
+    { provide: APP_GUARD, useClass: JwtAuthGuard },
+    { provide: APP_GUARD, useClass: RolesGuard }
   ]
 })
 export class AppModule {}
diff --git a/backend/app/src/user/user.service.ts b/backend/app/src/user/user.service.ts
@@ -1,5 +1,4 @@
 import { Inject } from '@nestjs/common'
-import { ConfigService } from '@nestjs/config'
 import { Service } from '@libs/decorator'
 import {
   BusinessException,
@@ -17,8 +16,7 @@ export class UserService {
   constructor(
     private readonly prisma: PrismaService,
     @Inject('ImageStorageService')
-    private readonly imageStorageService: StorageService,
-    private readonly configService: ConfigService
+    private readonly imageStorageService: StorageService
   ) {}
 
   async getUserProfile(userId: number) {

diff --git a/backend/libs/auth/src/role/roles.guard.ts b/backend/libs/auth/src/role/roles.guard.ts
@@ -1,6 +1,6 @@
 import type { CanActivate, ExecutionContext } from '@nestjs/common'
 import { Reflector } from '@nestjs/core'
-import { Guard, ROLES_KEY } from '@libs/decorator'
+import { Guard, PUBLIC_KEY, ROLES_KEY } from '@libs/decorator'
 import { ForbiddenException } from '@libs/exception'
 import { Role } from '@prisma/client'
 import type { AuthenticatedRequest } from '../authenticated-request.interface'
@@ -20,29 +20,34 @@ export class RolesGuard implements CanActivate {
   }
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
-    try {
-      let request: AuthenticatedRequest
+    const request: AuthenticatedRequest = context.switchToHttp().getRequest()
 
-      const role =
-        this.reflector.getAllAndOverride<Role>(ROLES_KEY, [
-          context.getHandler(),
-          context.getClass()
-        ]) ?? Role.User
+    const isPublic = this.reflector.getAllAndOverride<boolean>(PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass()
+    ])
 
-      const user = request.user
+    if (isPublic) {
+      return true
+    }
+
+    const role =
+      this.reflector.getAllAndOverride<Role>(ROLES_KEY, [
+        context.getHandler(),
+        context.getClass()
+      ]) ?? Role.User
 
-      if (!user.role) {
-        const userRole = (await this.service.getUserRole(user.id)).role
-        user.role = userRole
-      }
+    const user = request.user
 
-      if (this.#rolesHierarchy[user.role] >= this.#rolesHierarchy[role]) {
-        return true
-      }
+    if (!user.role) {
+      const userRole = (await this.service.getUserRole(user.id)).role
+      user.role = userRole
+    }
 
-      return false
-    } catch (error) {
-      throw new ForbiddenException('접근 권한이 없습니다')
+    if (this.#rolesHierarchy[user.role] >= this.#rolesHierarchy[role]) {
+      return true
     }
+
+    throw new ForbiddenException('접근 권한이 없습니다')
   }
 }