Add logs
This commit is contained in:
LeoMortari
@@ -50,6 +50,35 @@ export class KeycloakJwtStrategy extends PassportStrategy(Strategy, 'jwt') {
|
||||
}
|
||||
|
||||
validate(payload: JwtPayload): JwtPayload {
|
||||
console.log('JWT Payload received:', JSON.stringify(payload, null, 2));
|
||||
|
||||
// Log important JWT claims
|
||||
console.log('JWT Subject (sub):', payload.sub);
|
||||
console.log('JWT Issuer (iss):', payload.iss);
|
||||
console.log('JWT Audience (aud):', payload.aud);
|
||||
console.log(
|
||||
'JWT Expiration (exp):',
|
||||
new Date(payload.exp * 1000).toISOString(),
|
||||
);
|
||||
console.log(
|
||||
'JWT Issued At (iat):',
|
||||
new Date(payload.iat * 1000).toISOString(),
|
||||
);
|
||||
|
||||
// Log user info
|
||||
console.log('User email:', payload.email);
|
||||
console.log('Username:', payload.preferred_username);
|
||||
|
||||
// Log roles
|
||||
console.log('Realm access roles:', payload.realm_access?.roles || []);
|
||||
|
||||
if (payload.resource_access) {
|
||||
console.log('Resource access:');
|
||||
Object.entries(payload.resource_access).forEach(([resource, data]) => {
|
||||
console.log(` ${resource}:`, data.roles || []);
|
||||
});
|
||||
}
|
||||
|
||||
if (payload.exp < Date.now() / 1000) {
|
||||
throw new UnauthorizedException('Token expirado');
|
||||
}
|
||||
|
||||
@@ -16,19 +16,30 @@ export class RolesGuard implements CanActivate {
|
||||
private extractRoles(user: JwtPayload): string[] {
|
||||
const roles: string[] = [];
|
||||
|
||||
console.log('Extracting roles from user object');
|
||||
console.log('realm_access:', user.realm_access);
|
||||
console.log('resource_access:', user.resource_access);
|
||||
|
||||
if (user.realm_access?.roles) {
|
||||
console.log('Found realm roles:', user.realm_access.roles);
|
||||
roles.push(...user.realm_access.roles);
|
||||
}
|
||||
|
||||
if (user.resource_access) {
|
||||
Object.values(user.resource_access).forEach((resource) => {
|
||||
if (resource?.roles) {
|
||||
roles.push(...resource.roles);
|
||||
}
|
||||
});
|
||||
console.log('Processing resource_access');
|
||||
Object.entries(user.resource_access).forEach(
|
||||
([resourceName, resource]) => {
|
||||
console.log(`Resource ${resourceName} roles:`, resource?.roles);
|
||||
if (resource?.roles) {
|
||||
roles.push(...resource.roles);
|
||||
}
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
return [...new Set(roles)];
|
||||
const uniqueRoles = [...new Set(roles)];
|
||||
console.log('Final extracted roles:', uniqueRoles);
|
||||
return uniqueRoles;
|
||||
}
|
||||
|
||||
canActivate(context: ExecutionContext): boolean {
|
||||
@@ -37,14 +48,20 @@ export class RolesGuard implements CanActivate {
|
||||
[context.getHandler(), context.getClass()],
|
||||
);
|
||||
|
||||
console.log('Required roles:', requiredRoles);
|
||||
|
||||
if (!requiredRoles || !requiredRoles.length) {
|
||||
return false;
|
||||
console.log('No roles required for this route');
|
||||
return true;
|
||||
}
|
||||
|
||||
const request = context.switchToHttp().getRequest<{ user: JwtPayload }>();
|
||||
const user = request.user;
|
||||
|
||||
console.log('User object from request:', JSON.stringify(user, null, 2));
|
||||
|
||||
if (!user) {
|
||||
console.error('No user found in request');
|
||||
throw new ForbiddenException('Usuário não autenticado');
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ import {
|
||||
Patch,
|
||||
Body,
|
||||
Query,
|
||||
// UseGuards,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { videos, Prisma, video_situation } from 'generated/prisma';
|
||||
|
||||
@@ -13,17 +13,17 @@ import { VideosService } from './videos.service';
|
||||
import { VideoResponseDto } from './dto/video-response.dto';
|
||||
import { PaginatedQueryDto, PaginatedResponse } from '../shared/dto/paginated';
|
||||
import { EBooleanPipe } from '../shared/pipe';
|
||||
// import { KeycloakAuthGuard } from '../auth/keycloak-auth.guard';
|
||||
// import { Roles } from 'src/auth/decorator/roles.decorator';
|
||||
// import { RolesGuard } from 'src/auth/roles.guard';
|
||||
import { KeycloakAuthGuard } from '../auth/keycloak-auth.guard';
|
||||
import { Roles } from 'src/auth/decorator/roles.decorator';
|
||||
import { RolesGuard } from 'src/auth/roles.guard';
|
||||
|
||||
@Controller('videos')
|
||||
// @UseGuards(KeycloakAuthGuard, RolesGuard)
|
||||
@UseGuards(KeycloakAuthGuard, RolesGuard)
|
||||
export class VideosController {
|
||||
constructor(private readonly videosService: VideosService) {}
|
||||
|
||||
@Get()
|
||||
// @Roles('user', 'admin')
|
||||
@Roles('user', 'admin')
|
||||
async list(
|
||||
@Query() query: PaginatedQueryDto,
|
||||
@Query('situation') situation?: video_situation,
|
||||
|
||||
Reference in New Issue
Block a user