From 62638ec6762daef2e83cd079b0f483743581fa6e Mon Sep 17 00:00:00 2001 From: jspark2000 Date: Tue, 5 Mar 2024 07:20:49 +0000 Subject: [PATCH] feat: enable roles guard --- backend/app/src/app.module.ts | 10 ++++-- backend/app/src/user/user.service.ts | 4 +-- backend/libs/auth/src/role/roles.guard.ts | 43 +++++++++++++---------- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/backend/app/src/app.module.ts b/backend/app/src/app.module.ts index 22f089e..bb49d7c 100644 --- a/backend/app/src/app.module.ts +++ b/backend/app/src/app.module.ts @@ -2,7 +2,12 @@ import { CacheModule } from '@nestjs/cache-manager' import { Module } from '@nestjs/common' import { ConfigModule } from '@nestjs/config' import { APP_FILTER, APP_GUARD } from '@nestjs/core' -import { JwtAuthGuard, JwtAuthModule, RolesModule } from '@libs/auth' +import { + JwtAuthGuard, + JwtAuthModule, + RolesGuard, + RolesModule +} from '@libs/auth' import { CacheConfigService } from '@libs/cache' import { ExceptionsFilter } from '@libs/exception' import { PrismaModule } from '@libs/prisma' @@ -32,7 +37,8 @@ import { UserModule } from './user/user.module' providers: [ AppService, { provide: APP_FILTER, useClass: ExceptionsFilter }, - { provide: APP_GUARD, useClass: JwtAuthGuard } + { provide: APP_GUARD, useClass: JwtAuthGuard }, + { provide: APP_GUARD, useClass: RolesGuard } ] }) export class AppModule {} diff --git a/backend/app/src/user/user.service.ts b/backend/app/src/user/user.service.ts index 33363d0..0ef859c 100644 --- a/backend/app/src/user/user.service.ts +++ b/backend/app/src/user/user.service.ts @@ -1,5 +1,4 @@ import { Inject } from '@nestjs/common' -import { ConfigService } from '@nestjs/config' import { Service } from '@libs/decorator' import { BusinessException, @@ -17,8 +16,7 @@ export class UserService { constructor( private readonly prisma: PrismaService, @Inject('ImageStorageService') - private readonly imageStorageService: StorageService, - private readonly configService: ConfigService + private readonly imageStorageService: StorageService ) {} async getUserProfile(userId: number) { diff --git a/backend/libs/auth/src/role/roles.guard.ts b/backend/libs/auth/src/role/roles.guard.ts index 6745123..e306364 100644 --- a/backend/libs/auth/src/role/roles.guard.ts +++ b/backend/libs/auth/src/role/roles.guard.ts @@ -1,6 +1,6 @@ import type { CanActivate, ExecutionContext } from '@nestjs/common' import { Reflector } from '@nestjs/core' -import { Guard, ROLES_KEY } from '@libs/decorator' +import { Guard, PUBLIC_KEY, ROLES_KEY } from '@libs/decorator' import { ForbiddenException } from '@libs/exception' import { Role } from '@prisma/client' import type { AuthenticatedRequest } from '../authenticated-request.interface' @@ -20,29 +20,34 @@ export class RolesGuard implements CanActivate { } async canActivate(context: ExecutionContext): Promise { - try { - let request: AuthenticatedRequest + const request: AuthenticatedRequest = context.switchToHttp().getRequest() - const role = - this.reflector.getAllAndOverride(ROLES_KEY, [ - context.getHandler(), - context.getClass() - ]) ?? Role.User + const isPublic = this.reflector.getAllAndOverride(PUBLIC_KEY, [ + context.getHandler(), + context.getClass() + ]) - const user = request.user + if (isPublic) { + return true + } + + const role = + this.reflector.getAllAndOverride(ROLES_KEY, [ + context.getHandler(), + context.getClass() + ]) ?? Role.User - if (!user.role) { - const userRole = (await this.service.getUserRole(user.id)).role - user.role = userRole - } + const user = request.user - if (this.#rolesHierarchy[user.role] >= this.#rolesHierarchy[role]) { - return true - } + if (!user.role) { + const userRole = (await this.service.getUserRole(user.id)).role + user.role = userRole + } - return false - } catch (error) { - throw new ForbiddenException('접근 권한이 없습니다') + if (this.#rolesHierarchy[user.role] >= this.#rolesHierarchy[role]) { + return true } + + throw new ForbiddenException('접근 권한이 없습니다') } }