62 lines
1.8 KiB
TypeScript
62 lines
1.8 KiB
TypeScript
import {
|
|
CanActivate,
|
|
ExecutionContext,
|
|
HttpException,
|
|
HttpStatus,
|
|
Injectable,
|
|
UnauthorizedException,
|
|
} from '@nestjs/common';
|
|
import { ConfigService } from '@nestjs/config';
|
|
import { JsonWebTokenError, JwtService } from '@nestjs/jwt';
|
|
import { Request } from 'express';
|
|
import { IPayload } from 'src/model/interface';
|
|
import { AuthService } from 'src/modules/auth/auth.service';
|
|
|
|
@Injectable()
|
|
export class AuthGuard implements CanActivate {
|
|
constructor(
|
|
private readonly jwtService: JwtService,
|
|
private config: ConfigService,
|
|
private authService: AuthService,
|
|
) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest<Request>();
|
|
const token = this.extractTokenFromHeader(request);
|
|
|
|
if (!token) {
|
|
throw new UnauthorizedException('Token not provided');
|
|
}
|
|
|
|
try {
|
|
const secret = this.config.get('JWT_SECRET');
|
|
// Überprüft das JWT und dekodiert es
|
|
const payload: IPayload = this.jwtService.verify(token, { secret });
|
|
if (payload.type != 'access') {
|
|
throw new UnauthorizedException('wrong token');
|
|
}
|
|
const user = await this.authService.getUserById(payload.id, true);
|
|
if (!user.isActive) {
|
|
throw new HttpException('not active', HttpStatus.FORBIDDEN);
|
|
}
|
|
request['user'] = user;
|
|
} catch (error) {
|
|
const j = error as JsonWebTokenError;
|
|
const m = j.message;
|
|
|
|
throw new UnauthorizedException(m);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
private extractTokenFromHeader(request: Request): string | null {
|
|
const authHeader = request.headers['authorization'];
|
|
if (!authHeader) {
|
|
return null;
|
|
}
|
|
const [type, token] = authHeader.split(' ');
|
|
return type === 'Bearer' && token ? token : null;
|
|
}
|
|
}
|