38 lines
977 B
TypeScript
38 lines
977 B
TypeScript
import {
|
|
BadRequestException,
|
|
CanActivate,
|
|
ExecutionContext,
|
|
ForbiddenException,
|
|
Injectable,
|
|
} from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { Role } from 'src/auth/role.enum';
|
|
import { User } from 'src/user/entities/user.entity';
|
|
|
|
@Injectable()
|
|
export class RolesGuard implements CanActivate {
|
|
constructor(private reflector: Reflector) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const requiredRoles = this.reflector.getAllAndOverride<Role[] | undefined>(
|
|
'roles',
|
|
[context.getHandler(), context.getClass()],
|
|
);
|
|
|
|
if (!requiredRoles) return true;
|
|
|
|
const request = context.switchToHttp().getRequest();
|
|
const user = request.user as User | void;
|
|
|
|
if (!user) {
|
|
throw new BadRequestException('服务器内部错误');
|
|
}
|
|
|
|
if (!requiredRoles.some((role) => user.roles.includes(role))) {
|
|
throw new ForbiddenException('权限不足');
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|