From f79e581dbfd05ce8a55919e65261e684c4195904 Mon Sep 17 00:00:00 2001 From: vigdorov Date: Tue, 4 Aug 2020 22:44:05 +0300 Subject: [PATCH] on auth token for users --- src/app.module.ts | 5 ++++- src/auth/auth.service.ts | 21 +++++++++++++++++++++ src/users/users.contoller.ts | 16 ++++++++++++++-- 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 src/auth/auth.service.ts diff --git a/src/app.module.ts b/src/app.module.ts index bd04e78..15e55b7 100644 --- a/src/app.module.ts +++ b/src/app.module.ts @@ -1,10 +1,11 @@ -import { Module } from '@nestjs/common'; +import { Module, HttpModule } from '@nestjs/common'; import { UsersController } from './users/users.contoller'; import {MongooseModule} from '@nestjs/mongoose'; import {MONGO_URL, DB_NAME} from './consts'; import {User, UserSchema} from './users/users.schema'; import {UserService} from './users/users.service'; import {AuthController} from './auth/auth.controller'; +import {AuthService} from './auth/auth.service'; @Module({ imports: [ @@ -14,6 +15,7 @@ import {AuthController} from './auth/auth.controller'; MongooseModule.forFeature([ {name: User.name, schema: UserSchema}, ], DB_NAME), + HttpModule, ], controllers: [ UsersController, @@ -21,6 +23,7 @@ import {AuthController} from './auth/auth.controller'; ], providers: [ UserService, + AuthService, ], }) export class AppModule {} diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts new file mode 100644 index 0000000..92d4a2f --- /dev/null +++ b/src/auth/auth.service.ts @@ -0,0 +1,21 @@ +import {Injectable, UnauthorizedException, HttpService} from '@nestjs/common'; +import {Request} from 'express'; + +@Injectable() +export class AuthService { + constructor( + private http: HttpService + ) {} + + async checkRequest(request: Request): Promise { + const {data} = await this.http.post('http://api.auth.vigdorov.ru/auth/check', { + access_token: request.headers.authorization, + agent: request.headers['user-agent'] + }).toPromise(); + + if (!data) { + throw new UnauthorizedException('Доступ запрещен'); + } + return data; + } +} diff --git a/src/users/users.contoller.ts b/src/users/users.contoller.ts index 228ad7b..edda313 100644 --- a/src/users/users.contoller.ts +++ b/src/users/users.contoller.ts @@ -29,18 +29,22 @@ import { REMOVE_SUCCESS, REMOVE_NOT_FOUND, } from './users.responses'; +import {AuthService} from 'src/auth/auth.service'; @Controller(USERS_CONTROLLER) @ApiTags(USERS_CONTROLLER) export class UsersController { constructor( - private readonly userService: UserService + private readonly userService: UserService, + private readonly authService: AuthService, ) {} @Get() @Header(...ALLOW_ORIGIN_ALL) @ApiResponse(FIND_ALL_SUCCESS) - async findAll(): Promise { + async findAll(@Req() request: Request): Promise { + await this.authService.checkRequest(request); + return this.userService.findAll(); } @@ -53,6 +57,8 @@ export class UsersController { description: 'Логин пользователя', }) async findOne(@Req() request: Request<{login: string}>): Promise { + await this.authService.checkRequest(request); + return await this.userService.findOne(request.params.login); } @@ -66,6 +72,8 @@ export class UsersController { description: 'Объект для создания пользователя' }) async createUser(@Req() request: Request): Promise { + await this.authService.checkRequest(request); + return await this.userService.create(request.body); } @@ -79,6 +87,8 @@ export class UsersController { description: 'Объект обновления данных пользователя' }) async updateUser(@Req() request: Request): Promise { + await this.authService.checkRequest(request); + return await this.userService.update(request.body); } @@ -91,6 +101,8 @@ export class UsersController { description: 'Логин пользователя', }) async removeUser(@Req() request: Request<{login: string}>): Promise { + await this.authService.checkRequest(request); + return await this.userService.removeOne(request.params.login); }