tone/tonePage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

后端实现权限验证

Browse Source
This commit is contained in:
tone
2025-06-18 17:10:55 +08:00
parent a5b8fa49ed
commit 490f0b56cc
12 changed files with 72 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tone-page-server/src/common/decorators/permissions.decorator.ts
View File

@@ -1,4 +0,0 @@
import { SetMetadata } from '@nestjs/common';
export const Permissions = (...permissions: string[]) =>
SetMetadata('permissions', permissions);

3
tone-page-server/src/common/decorators/role.decorator.ts
View File

@@ -1,3 +1,4 @@
import { SetMetadata } from '@nestjs/common';
import { Role } from 'src/auth/role.enum';
export const Roles = (...roles: string[]) => SetMetadata('roles', roles);
export const Roles = (...roles: Role[]) => SetMetadata('roles', roles);

19
tone-page-server/src/common/guard/roles.guard.ts
View File

@@ -1,5 +1,7 @@
import { CanActivate, ExecutionContext, Injectable, RequestTimeoutException } from '@nestjs/common';
import { BadRequestException, CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Role } from 'src/auth/role.enum';
import { User } from 'src/user/entities/user.entity';
@Injectable()
export class RolesGuard implements CanActivate {
@@ -8,7 +10,7 @@ export class RolesGuard implements CanActivate {
) { }
async canActivate(context: ExecutionContext): Promise<boolean> {
const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
const requiredRoles = this.reflector.getAllAndOverride<Role[] | undefined>('roles', [
context.getHandler(),
context.getClass(),
]);
@@ -16,13 +18,16 @@ export class RolesGuard implements CanActivate {
if (!requiredRoles) return true;
const request = context.switchToHttp().getRequest();
const userId = request.user?.userId;
const user = request.user as (User | void);
if (!userId) return false;
if (!user) {
throw new BadRequestException('服务器内部错误');
}
// 查询用户拥有的有效角色Id TODO
if (!requiredRoles.some(role => user.roles.includes(role))) {
throw new ForbiddenException('权限不足');
}
// return requiredRoles.some((role) => userRoleNames.includes(role));
return false;
return true;
}
}