on auth token for users

src/app.module.ts

@@ -1,10 +1,11 @@
-import { Module } from '@nestjs/common';
+import { Module, HttpModule } from '@nestjs/common';
 import { UsersController } from './users/users.contoller';
 import {MongooseModule} from '@nestjs/mongoose';
 import {MONGO_URL, DB_NAME} from './consts';
 import {User, UserSchema} from './users/users.schema';
 import {UserService} from './users/users.service';
 import {AuthController} from './auth/auth.controller';
+import {AuthService} from './auth/auth.service';
 
 @Module({
   imports: [
@@ -14,6 +15,7 @@ import {AuthController} from './auth/auth.controller';
       MongooseModule.forFeature([
           {name: User.name, schema: UserSchema},
       ], DB_NAME),
+      HttpModule,
   ],
   controllers: [
       UsersController,
@@ -21,6 +23,7 @@ import {AuthController} from './auth/auth.controller';
     ],
   providers: [
       UserService,
+      AuthService,
   ],
 })
 export class AppModule {}

src/auth/auth.service.ts

@@ -0,0 +1,21 @@
+import {Injectable, UnauthorizedException, HttpService} from '@nestjs/common';
+import {Request} from 'express';
+
+@Injectable()
+export class AuthService {
+    constructor(
+        private http: HttpService
+    ) {}
+
+    async checkRequest(request: Request): Promise<boolean> {
+        const {data} = await this.http.post('http://api.auth.vigdorov.ru/auth/check', {
+            access_token: request.headers.authorization,
+            agent: request.headers['user-agent']
+        }).toPromise();
+
+        if (!data) {
+            throw new UnauthorizedException('Доступ запрещен');
+        }
+        return data;
+    }
+}

src/users/users.contoller.ts

@@ -29,18 +29,22 @@ import {
   REMOVE_SUCCESS,
   REMOVE_NOT_FOUND,
 } from './users.responses';
+import {AuthService} from 'src/auth/auth.service';
 
 @Controller(USERS_CONTROLLER)
 @ApiTags(USERS_CONTROLLER)
 export class UsersController {
     constructor(
-        private readonly userService: UserService
+        private readonly userService: UserService,
+        private readonly authService: AuthService,
     ) {}
 
     @Get()
     @Header(...ALLOW_ORIGIN_ALL)
     @ApiResponse(FIND_ALL_SUCCESS)
-    async findAll(): Promise<UserResponse[]> {
+    async findAll(@Req() request: Request): Promise<UserResponse[]> {
+        await this.authService.checkRequest(request);
+
         return this.userService.findAll();
     }
 
@@ -53,6 +57,8 @@ export class UsersController {
         description: 'Логин пользователя',
     })
     async findOne(@Req() request: Request<{login: string}>): Promise<UserResponse> {
+        await this.authService.checkRequest(request);
+
         return await this.userService.findOne(request.params.login);
     }
 
@@ -66,6 +72,8 @@ export class UsersController {
         description: 'Объект для создания пользователя'
     })
     async createUser(@Req() request: Request<null, CreateUserRequest>): Promise<UserResponse> {
+        await this.authService.checkRequest(request);
+
         return await this.userService.create(request.body);
     }
 
@@ -79,6 +87,8 @@ export class UsersController {
         description: 'Объект обновления данных пользователя'
     })
     async updateUser(@Req() request: Request<null, UpdateUserRequest>): Promise<UserResponse> {
+        await this.authService.checkRequest(request);
+
         return await this.userService.update(request.body);
     }
 
@@ -91,6 +101,8 @@ export class UsersController {
         description: 'Логин пользователя',
     })
     async removeUser(@Req() request: Request<{login: string}>): Promise<UpdateUserRequest> {
+        await this.authService.checkRequest(request);
+
         return await this.userService.removeOne(request.params.login);
     }