39 lines
1.1 KiB
TypeScript
39 lines
1.1 KiB
TypeScript
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { InjectRepository } from '@nestjs/typeorm';
|
|
import { Repository } from 'typeorm';
|
|
import { UserEntity } from '@app/database/entities/user.entity';
|
|
import { ImmichJwtService } from '../modules/immich-jwt/immich-jwt.service';
|
|
|
|
@Injectable()
|
|
export class AdminRolesGuard implements CanActivate {
|
|
constructor(
|
|
private reflector: Reflector,
|
|
private jwtService: ImmichJwtService,
|
|
@InjectRepository(UserEntity)
|
|
private userRepository: Repository<UserEntity>,
|
|
) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest();
|
|
|
|
if (request.headers['authorization']) {
|
|
const bearerToken = request.headers['authorization'].split(' ')[1];
|
|
const { userId } = await this.jwtService.validateToken(bearerToken);
|
|
|
|
if (!userId) {
|
|
return false;
|
|
}
|
|
|
|
const user = await this.userRepository.findOne(userId);
|
|
if (!user) {
|
|
return false;
|
|
}
|
|
|
|
return user.isAdmin;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|