27 lines
930 B
TypeScript
27 lines
930 B
TypeScript
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
|
import { ConfigService } from '@nestjs/config';
|
|
import { Request } from 'express';
|
|
import { timingSafeEqual } from 'crypto';
|
|
|
|
@Injectable()
|
|
export class ManagementGuard implements CanActivate {
|
|
constructor(private config: ConfigService) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest<Request>();
|
|
|
|
const ips = this.config.get<string[]>('managementIPs');
|
|
if (ips.length && !ips.includes(request.ip)) return;
|
|
|
|
const authHeader = request.headers.authorization;
|
|
if (!authHeader) return false;
|
|
|
|
const [base, token] = authHeader.split(' ');
|
|
if (!base || base.toLowerCase() !== 'bearer' || !token) return false;
|
|
|
|
const configured = this.config.get<string>('managementKey');
|
|
|
|
return timingSafeEqual(Buffer.from(token), Buffer.from(configured));
|
|
}
|
|
}
|