einbau von rollen, neue Admin Ansicht

2025-03-08 11:18:31 +01:00
parent dded8b8ca9
commit 5a56b3554d
29 changed files with 788 additions and 426 deletions
--- a/bizmatch-server/src/jwt-auth/optional-auth.guard.ts
+++ b/bizmatch-server/src/jwt-auth/optional-auth.guard.ts
@@ -3,54 +3,70 @@ import * as admin from 'firebase-admin';

@Injectable()
 export class OptionalAuthGuard implements CanActivate {
-  constructor(
-    @Inject('FIREBASE_ADMIN')
-    private readonly firebaseAdmin: typeof admin,
-  ) {}
+  constructor(@Inject('FIREBASE_ADMIN') private firebaseAdmin: admin.app.App) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
-    const request = context.switchToHttp().getRequest<Request>();
-    const token = this.extractTokenFromHeader(request);
+    const request = context.switchToHttp().getRequest();
+    const authHeader = request.headers.authorization;

-    if (!token) {
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+      //throw new UnauthorizedException('Missing or invalid authorization token');
      return true;
    }

+    const token = authHeader.split('Bearer ')[1];
+
    try {
      const decodedToken = await this.firebaseAdmin.auth().verifyIdToken(token);
-      request['user'] = decodedToken;
+
+      // Check if email is verified (optional but recommended)
+      if (!decodedToken.email_verified) {
+        //throw new UnauthorizedException('Email not verified');
+        return true;
+      }
+
+      // Add the user to the request
+      request.user = {
+        uid: decodedToken.uid,
+        email: decodedToken.email,
+        role: decodedToken.role || null,
+        // Add other user info as needed
+      };
+
      return true;
    } catch (error) {
      //throw new UnauthorizedException('Invalid token');
-      request['user'] = null;
      return true;
    }
  }
-
-  private extractTokenFromHeader(request: Request): string | undefined {
-    const [type, token] = request.headers['authorization']?.split(' ') ?? [];
-    return type === 'Bearer' ? token : undefined;
-  }
 }
+// import { CanActivate, ExecutionContext, Inject, Injectable } from '@nestjs/common';
+// import * as admin from 'firebase-admin';
+
 // @Injectable()
 // export class OptionalAuthGuard implements CanActivate {
+//   constructor(
+//     @Inject('FIREBASE_ADMIN')
+//     private readonly firebaseAdmin: typeof admin,
+//   ) {}
+
 //   async canActivate(context: ExecutionContext): Promise<boolean> {
 //     const request = context.switchToHttp().getRequest<Request>();
 //     const token = this.extractTokenFromHeader(request);

 //     if (!token) {
-//       return true; // Kein Token vorhanden, aber Zugriff erlaubt
+//       return true;
 //     }

 //     try {
-//       const decodedToken = await admin.auth().verifyIdToken(token);
-//       request['user'] = decodedToken; // Benutzerdaten zum Request hinzufügen, wenn Token gültig
+//       const decodedToken = await this.firebaseAdmin.auth().verifyIdToken(token);
+//       request['user'] = decodedToken;
+//       return true;
 //     } catch (error) {
-//       // Bei ungültigem Token wird kein Fehler geworfen, sondern einfach kein User gesetzt
+//       //throw new UnauthorizedException('Invalid token');
 //       request['user'] = null;
+//       return true;
 //     }
-
-//     return true; // Zugriff wird immer erlaubt
 //   }

 //   private extractTokenFromHeader(request: Request): string | undefined {