mukeshs/twenty_crm
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3674365e6fa6f1f83dc79138b2739a3624ebb750
twenty_crm/server/src/auth/guards/jwt.auth.guard.ts
Charles Bochet 3674365e6f Scope server with workspace (#157) 
* Rename User to AuthUser to avoid naming conflict with user business entity

* Prevent query by workspace in graphql

* Make full user and workspace object available in graphql resolvers

* Add Seed to create companies and people accross two workspace

* Check workspace on all entities findMany, find, create, update)
2023-05-30 20:40:04 +02:00

71 lines
2.0 KiB
TypeScript
Raw Blame History

import {
CanActivate,
ExecutionContext,
HttpException,
HttpStatus,
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { GqlExecutionContext } from '@nestjs/graphql';
import { Request } from 'express';
import { ConfigService } from '@nestjs/config';
import { PrismaService } from 'src/database/prisma.service';
import { JwtPayload } from '../strategies/jwt.auth.strategy';
@Injectable()
export class JwtAuthGuard implements CanActivate {
constructor(
private jwtService: JwtService,
private configService: ConfigService,
private prismaService: PrismaService,
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const gqlContext = GqlExecutionContext.create(context);
const request = gqlContext.getContext().req;
const token = this.extractTokenFromHeader(request);
if (!token) {
throw new UnauthorizedException();
}
try {
const payload: JwtPayload = await this.jwtService.verifyAsync(token, {
secret: this.configService.get('JWT_SECRET'),
});
const user = this.prismaService.user.findUniqueOrThrow({
where: { id: payload.userId },
});
if (!user) {
throw new HttpException(
{ reason: 'User does not exist' },
HttpStatus.FORBIDDEN,
);
}
const workspace = this.prismaService.workspace.findUniqueOrThrow({
where: { id: payload.workspaceId },
});
if (!workspace) {
throw new HttpException(
{ reason: 'Workspace does not exist' },
HttpStatus.FORBIDDEN,
);
}
request.user = user;
request.workspace = workspace;
} catch (exception) {
throw new UnauthorizedException();
}
return true;
}
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers.authorization?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}
Reference in New Issue View Git Blame Copy Permalink