43 lines
1.1 KiB
TypeScript
43 lines
1.1 KiB
TypeScript
import {
|
|
Injectable,
|
|
CanActivate,
|
|
ExecutionContext,
|
|
ForbiddenException,
|
|
} from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { ROLES_KEY } from './decorator/roles.decorator';
|
|
|
|
import type { JwtPayload } from './keycloak.strategy';
|
|
|
|
@Injectable()
|
|
export class RolesGuard implements CanActivate {
|
|
constructor(private reflector: Reflector) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const requiredRoles = this.reflector.getAllAndOverride<string[]>(
|
|
ROLES_KEY,
|
|
[context.getHandler(), context.getClass()],
|
|
);
|
|
if (!requiredRoles || requiredRoles.length === 0) {
|
|
return true;
|
|
}
|
|
|
|
const request = context.switchToHttp().getRequest<{ user: JwtPayload }>();
|
|
const user = request.user;
|
|
|
|
const userRoles: string[] = [
|
|
...(user?.resource_access?.clipperia?.roles || []),
|
|
];
|
|
|
|
console.log(context);
|
|
const hasRole = requiredRoles.some((role) => userRoles.includes(role));
|
|
if (!hasRole) {
|
|
throw new ForbiddenException(
|
|
'O usuário não possui permissão para acessar esta rota',
|
|
);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|