admin/clipperia-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add logs

Browse Source
This commit is contained in:
LeoMortari
2025-09-15 01:05:40 -03:00
parent c10e51a060
commit 1537dff3b2
3 changed files with 59 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/auth/keycloak.strategy.ts
View File

@@ -50,6 +50,35 @@ export class KeycloakJwtStrategy extends PassportStrategy(Strategy, 'jwt') {
} }
validate(payload: JwtPayload): JwtPayload { validate(payload: JwtPayload): JwtPayload {
console.log('JWT Payload received:', JSON.stringify(payload, null, 2));
// Log important JWT claims
console.log('JWT Subject (sub):', payload.sub);
console.log('JWT Issuer (iss):', payload.iss);
console.log('JWT Audience (aud):', payload.aud);
console.log(
'JWT Expiration (exp):',
new Date(payload.exp * 1000).toISOString(),
);
console.log(
'JWT Issued At (iat):',
new Date(payload.iat * 1000).toISOString(),
);
// Log user info
console.log('User email:', payload.email);
console.log('Username:', payload.preferred_username);
// Log roles
console.log('Realm access roles:', payload.realm_access?.roles || []);
if (payload.resource_access) {
console.log('Resource access:');
Object.entries(payload.resource_access).forEach(([resource, data]) => {
console.log(` ${resource}:`, data.roles || []);
});
}
if (payload.exp < Date.now() / 1000) { if (payload.exp < Date.now() / 1000) {
throw new UnauthorizedException('Token expirado'); throw new UnauthorizedException('Token expirado');
} }

25
src/auth/roles.guard.ts
View File

@@ -16,19 +16,30 @@ export class RolesGuard implements CanActivate {
private extractRoles(user: JwtPayload): string[] { private extractRoles(user: JwtPayload): string[] {
const roles: string[] = []; const roles: string[] = [];
console.log('Extracting roles from user object');
console.log('realm_access:', user.realm_access);
console.log('resource_access:', user.resource_access);
if (user.realm_access?.roles) { if (user.realm_access?.roles) {
console.log('Found realm roles:', user.realm_access.roles);
roles.push(...user.realm_access.roles); roles.push(...user.realm_access.roles);
} }
if (user.resource_access) { if (user.resource_access) {
Object.values(user.resource_access).forEach((resource) => { console.log('Processing resource_access');
Object.entries(user.resource_access).forEach(
([resourceName, resource]) => {
console.log(`Resource ${resourceName} roles:`, resource?.roles);
if (resource?.roles) { if (resource?.roles) {
roles.push(...resource.roles); roles.push(...resource.roles);
} }
}); },
);
} }
return [...new Set(roles)]; const uniqueRoles = [...new Set(roles)];
console.log('Final extracted roles:', uniqueRoles);
return uniqueRoles;
} }
canActivate(context: ExecutionContext): boolean { canActivate(context: ExecutionContext): boolean {
@@ -37,14 +48,20 @@ export class RolesGuard implements CanActivate {
[context.getHandler(), context.getClass()], [context.getHandler(), context.getClass()],
); );
console.log('Required roles:', requiredRoles);
if (!requiredRoles || !requiredRoles.length) { if (!requiredRoles || !requiredRoles.length) {
return false; console.log('No roles required for this route');
return true;
} }
const request = context.switchToHttp().getRequest<{ user: JwtPayload }>(); const request = context.switchToHttp().getRequest<{ user: JwtPayload }>();
const user = request.user; const user = request.user;
console.log('User object from request:', JSON.stringify(user, null, 2));
if (!user) { if (!user) {
console.error('No user found in request');
throw new ForbiddenException('Usuário não autenticado'); throw new ForbiddenException('Usuário não autenticado');
} }

12
src/videos/videos.controller.ts
View File

@@ -5,7 +5,7 @@ import {
Patch, Patch,
Body, Body,
Query, Query,
// UseGuards, UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { videos, Prisma, video_situation } from 'generated/prisma'; import { videos, Prisma, video_situation } from 'generated/prisma';
@@ -13,17 +13,17 @@ import { VideosService } from './videos.service';
import { VideoResponseDto } from './dto/video-response.dto'; import { VideoResponseDto } from './dto/video-response.dto';
import { PaginatedQueryDto, PaginatedResponse } from '../shared/dto/paginated'; import { PaginatedQueryDto, PaginatedResponse } from '../shared/dto/paginated';
import { EBooleanPipe } from '../shared/pipe'; import { EBooleanPipe } from '../shared/pipe';
// import { KeycloakAuthGuard } from '../auth/keycloak-auth.guard'; import { KeycloakAuthGuard } from '../auth/keycloak-auth.guard';
// import { Roles } from 'src/auth/decorator/roles.decorator'; import { Roles } from 'src/auth/decorator/roles.decorator';
// import { RolesGuard } from 'src/auth/roles.guard'; import { RolesGuard } from 'src/auth/roles.guard';
@Controller('videos') @Controller('videos')
// @UseGuards(KeycloakAuthGuard, RolesGuard) @UseGuards(KeycloakAuthGuard, RolesGuard)
export class VideosController { export class VideosController {
constructor(private readonly videosService: VideosService) {} constructor(private readonly videosService: VideosService) {}
@Get() @Get()
// @Roles('user', 'admin') @Roles('user', 'admin')
async list( async list(
@Query() query: PaginatedQueryDto, @Query() query: PaginatedQueryDto,
@Query('situation') situation?: video_situation, @Query('situation') situation?: video_situation,