30 lines
987 B
TypeScript
30 lines
987 B
TypeScript
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
|
import { Request, Response } from 'express';
|
|
import { ManagerService } from 'src/modules/objects/manager/manager.service';
|
|
|
|
@Injectable()
|
|
export class ZoneAccessGuard implements CanActivate {
|
|
constructor(private service: ManagerService) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest<Request>();
|
|
const response = context.switchToHttp().getResponse<Response>();
|
|
const authHeader = request.headers.authorization;
|
|
|
|
if (!authHeader) return false;
|
|
|
|
const [base, token] = authHeader.split(' ');
|
|
if (!base || base.toLowerCase() !== 'bearer' || !token) return false;
|
|
|
|
const access = await this.service.getZoneForKey(token);
|
|
if (!access) return false;
|
|
|
|
const domain = request.params?.domain;
|
|
if (domain && access.zone !== domain) return false;
|
|
|
|
response.locals.zone = access;
|
|
|
|
return true;
|
|
}
|
|
}
|