47 lines
1.2 KiB
TypeScript
47 lines
1.2 KiB
TypeScript
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
|
import { Observable } from 'rxjs';
|
|
import { OAuth2Service } from 'src/modules/oauth2/oauth2.service';
|
|
import { UserService } from 'src/modules/objects/user/user.service';
|
|
|
|
/**
|
|
* Injects and validates OAuth2 bearer tokens.
|
|
*/
|
|
@Injectable()
|
|
export class OAuth2Guard implements CanActivate {
|
|
constructor(
|
|
private _oauth2: OAuth2Service,
|
|
private _user: UserService,
|
|
) {}
|
|
|
|
canActivate(
|
|
context: ExecutionContext,
|
|
): boolean | Promise<boolean> | Observable<boolean> {
|
|
const http = context.switchToHttp();
|
|
const request = http.getRequest();
|
|
const response = http.getResponse();
|
|
|
|
return new Promise((resolve, reject) => {
|
|
try {
|
|
this._oauth2.oauth.bearer(request, response, (content) => {
|
|
if (content instanceof Error) {
|
|
return reject(content);
|
|
}
|
|
|
|
this._user
|
|
.getById(response.locals.accessToken.user_id, [
|
|
'picture',
|
|
'privileges',
|
|
])
|
|
.then((user) => {
|
|
request.user = user;
|
|
resolve(true);
|
|
})
|
|
.catch(reject);
|
|
});
|
|
} catch (e: unknown) {
|
|
reject(e);
|
|
}
|
|
});
|
|
}
|
|
}
|