Change log to logger
This commit is contained in:
LeoMortari
@@ -1,4 +1,4 @@
|
||||
import { Injectable, UnauthorizedException } from '@nestjs/common';
|
||||
import { Injectable, UnauthorizedException, Logger } from '@nestjs/common';
|
||||
import { PassportStrategy } from '@nestjs/passport';
|
||||
import { ExtractJwt, Strategy } from 'passport-jwt';
|
||||
|
||||
@@ -49,33 +49,37 @@ export class KeycloakJwtStrategy extends PassportStrategy(Strategy, 'jwt') {
|
||||
});
|
||||
}
|
||||
|
||||
private readonly logger = new Logger(KeycloakJwtStrategy.name);
|
||||
|
||||
validate(payload: JwtPayload): JwtPayload {
|
||||
console.log('JWT Payload received:', JSON.stringify(payload, null, 2));
|
||||
this.logger.debug(
|
||||
`JWT Payload received: ${JSON.stringify(payload, null, 2)}`,
|
||||
);
|
||||
|
||||
// Log important JWT claims
|
||||
console.log('JWT Subject (sub):', payload.sub);
|
||||
console.log('JWT Issuer (iss):', payload.iss);
|
||||
console.log('JWT Audience (aud):', payload.aud);
|
||||
console.log(
|
||||
'JWT Expiration (exp):',
|
||||
new Date(payload.exp * 1000).toISOString(),
|
||||
this.logger.debug(`JWT Subject (sub): ${payload.sub}`);
|
||||
this.logger.debug(`JWT Issuer (iss): ${payload.iss}`);
|
||||
this.logger.debug(`JWT Audience (aud): ${JSON.stringify(payload.aud)}`);
|
||||
this.logger.debug(
|
||||
`JWT Expiration (exp): ${new Date(payload.exp * 1000).toISOString()}`,
|
||||
);
|
||||
console.log(
|
||||
'JWT Issued At (iat):',
|
||||
new Date(payload.iat * 1000).toISOString(),
|
||||
this.logger.debug(
|
||||
`JWT Issued At (iat): ${new Date(payload.iat * 1000).toISOString()}`,
|
||||
);
|
||||
|
||||
// Log user info
|
||||
console.log('User email:', payload.email);
|
||||
console.log('Username:', payload.preferred_username);
|
||||
this.logger.debug(`User email: ${payload.email}`);
|
||||
this.logger.debug(`Username: ${payload.preferred_username}`);
|
||||
|
||||
// Log roles
|
||||
console.log('Realm access roles:', payload.realm_access?.roles || []);
|
||||
this.logger.debug(
|
||||
`Realm access roles: ${JSON.stringify(payload.realm_access?.roles || [])}`,
|
||||
);
|
||||
|
||||
if (payload.resource_access) {
|
||||
console.log('Resource access:');
|
||||
this.logger.debug('Resource access:');
|
||||
Object.entries(payload.resource_access).forEach(([resource, data]) => {
|
||||
console.log(` ${resource}:`, data.roles || []);
|
||||
this.logger.debug(` ${resource}: ${JSON.stringify(data.roles || [])}`);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ import {
|
||||
CanActivate,
|
||||
ExecutionContext,
|
||||
ForbiddenException,
|
||||
Logger,
|
||||
} from '@nestjs/common';
|
||||
import { Reflector } from '@nestjs/core';
|
||||
import { ROLES_KEY } from './decorator/roles.decorator';
|
||||
@@ -13,23 +14,31 @@ import type { JwtPayload } from './keycloak.strategy';
|
||||
export class RolesGuard implements CanActivate {
|
||||
constructor(private reflector: Reflector) {}
|
||||
|
||||
private readonly logger = new Logger(RolesGuard.name);
|
||||
|
||||
private extractRoles(user: JwtPayload): string[] {
|
||||
const roles: string[] = [];
|
||||
|
||||
console.log('Extracting roles from user object');
|
||||
console.log('realm_access:', user.realm_access);
|
||||
console.log('resource_access:', user.resource_access);
|
||||
this.logger.debug('Extracting roles from user object');
|
||||
this.logger.debug(`realm_access: ${JSON.stringify(user.realm_access)}`);
|
||||
this.logger.debug(
|
||||
`resource_access: ${JSON.stringify(user.resource_access)}`,
|
||||
);
|
||||
|
||||
if (user.realm_access?.roles) {
|
||||
console.log('Found realm roles:', user.realm_access.roles);
|
||||
this.logger.debug(
|
||||
`Found realm roles: ${JSON.stringify(user.realm_access.roles)}`,
|
||||
);
|
||||
roles.push(...user.realm_access.roles);
|
||||
}
|
||||
|
||||
if (user.resource_access) {
|
||||
console.log('Processing resource_access');
|
||||
this.logger.debug('Processing resource_access');
|
||||
Object.entries(user.resource_access).forEach(
|
||||
([resourceName, resource]) => {
|
||||
console.log(`Resource ${resourceName} roles:`, resource?.roles);
|
||||
this.logger.debug(
|
||||
`Resource ${resourceName} roles: ${JSON.stringify(resource?.roles)}`,
|
||||
);
|
||||
if (resource?.roles) {
|
||||
roles.push(...resource.roles);
|
||||
}
|
||||
@@ -38,7 +47,7 @@ export class RolesGuard implements CanActivate {
|
||||
}
|
||||
|
||||
const uniqueRoles = [...new Set(roles)];
|
||||
console.log('Final extracted roles:', uniqueRoles);
|
||||
this.logger.debug(`Final extracted roles: ${JSON.stringify(uniqueRoles)}`);
|
||||
return uniqueRoles;
|
||||
}
|
||||
|
||||
@@ -48,20 +57,22 @@ export class RolesGuard implements CanActivate {
|
||||
[context.getHandler(), context.getClass()],
|
||||
);
|
||||
|
||||
console.log('Required roles:', requiredRoles);
|
||||
this.logger.debug(`Required roles: ${JSON.stringify(requiredRoles)}`);
|
||||
|
||||
if (!requiredRoles || !requiredRoles.length) {
|
||||
console.log('No roles required for this route');
|
||||
this.logger.debug('No roles required for this route');
|
||||
return true;
|
||||
}
|
||||
|
||||
const request = context.switchToHttp().getRequest<{ user: JwtPayload }>();
|
||||
const user = request.user;
|
||||
|
||||
console.log('User object from request:', JSON.stringify(user, null, 2));
|
||||
this.logger.debug(
|
||||
`User object from request: ${JSON.stringify(user, null, 2)}`,
|
||||
);
|
||||
|
||||
if (!user) {
|
||||
console.error('No user found in request');
|
||||
this.logger.error('No user found in request');
|
||||
throw new ForbiddenException('Usuário não autenticado');
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user