From 1537dff3b2018ca1acce562f7604e44effced740 Mon Sep 17 00:00:00 2001
From: LeoMortari <leo.mortari.forinn@gmail.com>
Date: Mon, 15 Sep 2025 01:05:40 -0300
Subject: [PATCH] Add logs

---
 src/auth/keycloak.strategy.ts   | 29 +++++++++++++++++++++++++++++
 src/auth/roles.guard.ts         | 31 ++++++++++++++++++++++++-------
 src/videos/videos.controller.ts | 12 ++++++------
 3 files changed, 59 insertions(+), 13 deletions(-)

diff --git a/src/auth/keycloak.strategy.ts b/src/auth/keycloak.strategy.ts
index 4d435fc..fe59ad1 100644
--- a/src/auth/keycloak.strategy.ts
+++ b/src/auth/keycloak.strategy.ts
@@ -50,6 +50,35 @@ export class KeycloakJwtStrategy extends PassportStrategy(Strategy, 'jwt') {
   }
 
   validate(payload: JwtPayload): JwtPayload {
+    console.log('JWT Payload received:', JSON.stringify(payload, null, 2));
+
+    // Log important JWT claims
+    console.log('JWT Subject (sub):', payload.sub);
+    console.log('JWT Issuer (iss):', payload.iss);
+    console.log('JWT Audience (aud):', payload.aud);
+    console.log(
+      'JWT Expiration (exp):',
+      new Date(payload.exp * 1000).toISOString(),
+    );
+    console.log(
+      'JWT Issued At (iat):',
+      new Date(payload.iat * 1000).toISOString(),
+    );
+
+    // Log user info
+    console.log('User email:', payload.email);
+    console.log('Username:', payload.preferred_username);
+
+    // Log roles
+    console.log('Realm access roles:', payload.realm_access?.roles || []);
+
+    if (payload.resource_access) {
+      console.log('Resource access:');
+      Object.entries(payload.resource_access).forEach(([resource, data]) => {
+        console.log(`  ${resource}:`, data.roles || []);
+      });
+    }
+
     if (payload.exp < Date.now() / 1000) {
       throw new UnauthorizedException('Token expirado');
     }
diff --git a/src/auth/roles.guard.ts b/src/auth/roles.guard.ts
index 63e1050..b9bd065 100644
--- a/src/auth/roles.guard.ts
+++ b/src/auth/roles.guard.ts
@@ -16,19 +16,30 @@ export class RolesGuard implements CanActivate {
   private extractRoles(user: JwtPayload): string[] {
     const roles: string[] = [];
 
+    console.log('Extracting roles from user object');
+    console.log('realm_access:', user.realm_access);
+    console.log('resource_access:', user.resource_access);
+
     if (user.realm_access?.roles) {
+      console.log('Found realm roles:', user.realm_access.roles);
       roles.push(...user.realm_access.roles);
     }
 
     if (user.resource_access) {
-      Object.values(user.resource_access).forEach((resource) => {
-        if (resource?.roles) {
-          roles.push(...resource.roles);
-        }
-      });
+      console.log('Processing resource_access');
+      Object.entries(user.resource_access).forEach(
+        ([resourceName, resource]) => {
+          console.log(`Resource ${resourceName} roles:`, resource?.roles);
+          if (resource?.roles) {
+            roles.push(...resource.roles);
+          }
+        },
+      );
     }
 
-    return [...new Set(roles)];
+    const uniqueRoles = [...new Set(roles)];
+    console.log('Final extracted roles:', uniqueRoles);
+    return uniqueRoles;
   }
 
   canActivate(context: ExecutionContext): boolean {
@@ -37,14 +48,20 @@ export class RolesGuard implements CanActivate {
       [context.getHandler(), context.getClass()],
     );
 
+    console.log('Required roles:', requiredRoles);
+
     if (!requiredRoles || !requiredRoles.length) {
-      return false;
+      console.log('No roles required for this route');
+      return true;
     }
 
     const request = context.switchToHttp().getRequest<{ user: JwtPayload }>();
     const user = request.user;
 
+    console.log('User object from request:', JSON.stringify(user, null, 2));
+
     if (!user) {
+      console.error('No user found in request');
       throw new ForbiddenException('Usuário não autenticado');
     }
 
diff --git a/src/videos/videos.controller.ts b/src/videos/videos.controller.ts
index 4845509..8ca7a93 100644
--- a/src/videos/videos.controller.ts
+++ b/src/videos/videos.controller.ts
@@ -5,7 +5,7 @@ import {
   Patch,
   Body,
   Query,
-  // UseGuards,
+  UseGuards,
 } from '@nestjs/common';
 import { videos, Prisma, video_situation } from 'generated/prisma';
 
@@ -13,17 +13,17 @@ import { VideosService } from './videos.service';
 import { VideoResponseDto } from './dto/video-response.dto';
 import { PaginatedQueryDto, PaginatedResponse } from '../shared/dto/paginated';
 import { EBooleanPipe } from '../shared/pipe';
-// import { KeycloakAuthGuard } from '../auth/keycloak-auth.guard';
-// import { Roles } from 'src/auth/decorator/roles.decorator';
-// import { RolesGuard } from 'src/auth/roles.guard';
+import { KeycloakAuthGuard } from '../auth/keycloak-auth.guard';
+import { Roles } from 'src/auth/decorator/roles.decorator';
+import { RolesGuard } from 'src/auth/roles.guard';
 
 @Controller('videos')
-// @UseGuards(KeycloakAuthGuard, RolesGuard)
+@UseGuards(KeycloakAuthGuard, RolesGuard)
 export class VideosController {
   constructor(private readonly videosService: VideosService) {}
 
   @Get()
-  // @Roles('user', 'admin')
+  @Roles('user', 'admin')
   async list(
     @Query() query: PaginatedQueryDto,
     @Query('situation') situation?: video_situation,