aknuth/bizmatch-project
1
0
Fork 0
Code Issues 9 Pull Requests Packages Projects 5 Releases Wiki Activity

einbau von rollen, neue Admin Ansicht

Browse Source
This commit is contained in:
Andreas Knuth
2025-03-08 11:18:31 +01:00
parent dded8b8ca9
commit 5a56b3554d
29 changed files with 788 additions and 426 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
bizmatch-server/src/jwt-auth/admin-auth.guard.ts Normal file
View File

@@ -0,0 +1,20 @@
import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
@Injectable()
export class AdminGuard implements CanActivate {
canActivate(context: ExecutionContext): boolean {
const request = context.switchToHttp().getRequest();
// The FirebaseAuthGuard should run before this guard
// and populate the request.user object
if (!request.user) {
throw new ForbiddenException('User not authenticated');
}
if (request.user.role !== 'admin') {
throw new ForbiddenException('Requires admin privileges');
}
return true;
}
}

56
bizmatch-server/src/jwt-auth/auth.guard.ts
View File

@@ -4,53 +4,39 @@ import * as admin from 'firebase-admin';
@Injectable()
export class AuthGuard implements CanActivate {
constructor(
@Inject('FIREBASE_ADMIN')
private readonly firebaseAdmin: typeof admin,
@Inject('FIREBASE_ADMIN') private firebaseAdmin: admin.app.App,
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const token = this.extractTokenFromHeader(request);
const request = context.switchToHttp().getRequest();
const authHeader = request.headers.authorization;
if (!token) {
throw new UnauthorizedException('No token provided');
if (!authHeader || !authHeader.startsWith('Bearer ')) {
throw new UnauthorizedException('Missing or invalid authorization token');
}
const token = authHeader.split('Bearer ')[1];
try {
const decodedToken = await this.firebaseAdmin.auth().verifyIdToken(token);
request['user'] = decodedToken;
// Check if email is verified (optional but recommended)
if (!decodedToken.email_verified) {
throw new UnauthorizedException('Email not verified');
}
// Add the user to the request
request.user = {
uid: decodedToken.uid,
email: decodedToken.email,
role: decodedToken.role || null,
// Add other user info as needed
};
return true;
} catch (error) {
throw new UnauthorizedException('Invalid token');
}
}
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers['authorization']?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}
// @Injectable()
// export class AuthGuard implements CanActivate {
// async canActivate(context: ExecutionContext): Promise<boolean> {
// const request = context.switchToHttp().getRequest<Request>();
// const token = this.extractTokenFromHeader(request);
// if (!token) {
// throw new UnauthorizedException('No token provided');
// }
// try {
// const decodedToken = await admin.auth().verifyIdToken(token);
// request['user'] = decodedToken; // Fügen Sie die Benutzerdaten dem Request-Objekt hinzu
// return true;
// } catch (error) {
// throw new UnauthorizedException('Invalid token');
// }
// }
// private extractTokenFromHeader(request: Request): string | undefined {
// const [type, token] = request.headers['authorization']?.split(' ') ?? [];
// return type === 'Bearer' ? token : undefined;
// }
// }

16
bizmatch-server/src/jwt-auth/firebase-admin.ts
View File

@@ -1,16 +0,0 @@
// import * as admin from 'firebase-admin';
// import { ServiceAccount } from 'firebase-admin';
// console.log('--> '+process.env['FIREBASE_PROJECT_ID'])
// const serviceAccount: ServiceAccount = {
// projectId: process.env['FIREBASE_PROJECT_ID'],
// clientEmail: process.env['FIREBASE_CLIENT_EMAIL'],
// privateKey: process.env['FIREBASE_PRIVATE_KEY']?.replace(/\\n/g, '\n'), // Ersetzen Sie escaped newlines
// };
// if (!admin.apps.length) {
// admin.initializeApp({
// credential: admin.credential.cert(serviceAccount),
// });
// }
// export default admin;

21
bizmatch-server/src/jwt-auth/localhost.guard.ts Normal file
View File

@@ -0,0 +1,21 @@
import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
import { Request } from 'express';
import { Observable } from 'rxjs';
@Injectable()
export class LocalhostGuard implements CanActivate {
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const ip = request.ip;
// Liste der erlaubten IPs
const allowedIPs = ['127.0.0.1', '::1', 'localhost', '::ffff:127.0.0.1'];
if (!allowedIPs.includes(ip)) {
console.warn(`Versuchter Zugriff von unerlaubter IP: ${ip}`);
throw new ForbiddenException('Dieser Endpunkt kann nur lokal aufgerufen werden');
}
return true;
}
}

56
bizmatch-server/src/jwt-auth/optional-auth.guard.ts
View File

@@ -3,54 +3,70 @@ import * as admin from 'firebase-admin';
@Injectable()
export class OptionalAuthGuard implements CanActivate {
constructor(
@Inject('FIREBASE_ADMIN')
private readonly firebaseAdmin: typeof admin,
) {}
constructor(@Inject('FIREBASE_ADMIN') private firebaseAdmin: admin.app.App) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const token = this.extractTokenFromHeader(request);
const request = context.switchToHttp().getRequest();
const authHeader = request.headers.authorization;
if (!token) {
if (!authHeader || !authHeader.startsWith('Bearer ')) {
//throw new UnauthorizedException('Missing or invalid authorization token');
return true;
}
const token = authHeader.split('Bearer ')[1];
try {
const decodedToken = await this.firebaseAdmin.auth().verifyIdToken(token);
request['user'] = decodedToken;
// Check if email is verified (optional but recommended)
if (!decodedToken.email_verified) {
//throw new UnauthorizedException('Email not verified');
return true;
}
// Add the user to the request
request.user = {
uid: decodedToken.uid,
email: decodedToken.email,
role: decodedToken.role || null,
// Add other user info as needed
};
return true;
} catch (error) {
//throw new UnauthorizedException('Invalid token');
request['user'] = null;
return true;
}
}
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers['authorization']?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}
// import { CanActivate, ExecutionContext, Inject, Injectable } from '@nestjs/common';
// import * as admin from 'firebase-admin';
// @Injectable()
// export class OptionalAuthGuard implements CanActivate {
// constructor(
// @Inject('FIREBASE_ADMIN')
// private readonly firebaseAdmin: typeof admin,
// ) {}
// async canActivate(context: ExecutionContext): Promise<boolean> {
// const request = context.switchToHttp().getRequest<Request>();
// const token = this.extractTokenFromHeader(request);
// if (!token) {
// return true; // Kein Token vorhanden, aber Zugriff erlaubt
// return true;
// }
// try {
// const decodedToken = await admin.auth().verifyIdToken(token);
// request['user'] = decodedToken; // Benutzerdaten zum Request hinzufügen, wenn Token gültig
// const decodedToken = await this.firebaseAdmin.auth().verifyIdToken(token);
// request['user'] = decodedToken;
// return true;
// } catch (error) {
// // Bei ungültigem Token wird kein Fehler geworfen, sondern einfach kein User gesetzt
// //throw new UnauthorizedException('Invalid token');
// request['user'] = null;
// return true;
// }
// return true; // Zugriff wird immer erlaubt
// }
// private extractTokenFromHeader(request: Request): string | undefined {