feat/#55/admin guard 생성

modern-agile-team · Jan 2, 2025 · a8e81f5 · a8e81f5
1 parent e3393e0
commit a8e81f5
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 2 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -3,7 +3,7 @@ name: CI/CD Docker
 # 트리거를 수행할 브랜치를 지정합니다.
 on:
   push:
-    branches: [main, develop, feat/#39/jwt-verification]
+    branches: [main, develop]
 
 # 환경설정
 env:

diff --git a/src/auth/auth.module.ts b/src/auth/auth.module.ts
@@ -9,6 +9,7 @@ import { UsersModule } from 'src/users/modules/users.module';
 import { RedisModule } from './redis/redis.module';
 import { CookieService } from './services/cookie.service';
 import { AccessTokenStrategy, RefreshTokenStrategy } from './jwt/jwt.startegy';
+import { AdminGuard } from './guard/admin.guard';
 
 @Module({
   imports: [PassportModule, JwtModule, RedisModule, UsersModule],
@@ -19,6 +20,7 @@ import { AccessTokenStrategy, RefreshTokenStrategy } from './jwt/jwt.startegy';
     GoogleStrategy,
     AccessTokenStrategy,
     RefreshTokenStrategy,
+    AdminGuard,
   ],
   controllers: [AuthController],
 })

diff --git a/src/auth/guard/admin.guard.ts b/src/auth/guard/admin.guard.ts
@@ -0,0 +1,46 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { Request } from 'express';
+import * as jwt from 'jsonwebtoken';
+import { UsersService } from 'src/users/services/users.service';
+
+@Injectable()
+export class AdminGuard implements CanActivate {
+  constructor(
+    private readonly configservice: ConfigService,
+    private readonly userService: UsersService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest<Request>();
+
+    const accessToken = request?.cookies?.accessToken;
+    if (!accessToken) {
+      throw new UnauthorizedException('Access token not found');
+    }
+
+    try {
+      const payload = jwt.verify(
+        accessToken,
+        this.configservice.get<string>('ACCESS_SECRET'),
+      ) as any;
+
+      const { userId } = payload;
+      const user = await this.userService.getUser(userId);
+
+      if (user.role === true) {
+        return true;
+      }
+
+      throw new ForbiddenException('User does not have admin privileges');
+    } catch (accessError) {
+      throw new UnauthorizedException('Invalid access token or User not found');
+    }
+  }
+}
diff --git a/src/auth/jwt/jwt.startegy.ts b/src/auth/jwt/jwt.startegy.ts
@@ -1,7 +1,6 @@
 import { PassportStrategy } from '@nestjs/passport';
 import { Request } from 'express';
 import { ExtractJwt, Strategy } from 'passport-jwt';
-import * as jwt from 'jsonwebtoken';
 import { UsersService } from 'src/users/services/users.service';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
@@ -37,6 +36,7 @@ export class AccessTokenStrategy extends PassportStrategy(
 
   async validate(request: Request, payload: any): Promise<any> {
     const user = await this.userService.getUser(payload.userId);
+
     return user;
   }
 }

diff --git a/src/users/dtos/response-user.dto.ts b/src/users/dtos/response-user.dto.ts
@@ -14,6 +14,7 @@ export class ResponseUserDto {
   readonly lastLogin: Date;
   readonly createdAt: Date;
   readonly updatedAt: Date;
+  readonly role: Boolean;
 
   constructor(user: User) {
     this.id = user.id;
@@ -29,5 +30,6 @@ export class ResponseUserDto {
     this.lastLogin = user.lastLogin;
     this.createdAt = user.createdAt;
     this.updatedAt = user.createdAt;
+    this.role = user.role;
   }
 }