后端实现权限验证

tone-page-server/src/common/guard/roles.guard.ts

@@ -1,5 +1,7 @@
-import { CanActivate, ExecutionContext, Injectable, RequestTimeoutException } from '@nestjs/common';
+import { BadRequestException, CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
+import { Role } from 'src/auth/role.enum';
+import { User } from 'src/user/entities/user.entity';
 
 @Injectable()
 export class RolesGuard implements CanActivate {
@@ -8,7 +10,7 @@ export class RolesGuard implements CanActivate {
   ) { }
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
-    const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
+    const requiredRoles = this.reflector.getAllAndOverride<Role[] | undefined>('roles', [
       context.getHandler(),
       context.getClass(),
     ]);
@@ -16,13 +18,16 @@ export class RolesGuard implements CanActivate {
     if (!requiredRoles) return true;
 
     const request = context.switchToHttp().getRequest();
-    const userId = request.user?.userId;
+    const user = request.user as (User | void);
 
-    if (!userId) return false;
+    if (!user) {
+      throw new BadRequestException('服务器内部错误');
+    }
 
-    // 查询用户拥有的有效角色Id TODO
+    if (!requiredRoles.some(role => user.roles.includes(role))) {
+      throw new ForbiddenException('权限不足');
+    }
 
-    // return requiredRoles.some((role) => userRoleNames.includes(role));
-    return false;
+    return true;
   }
 }