refactor: improve JWT guard role-based authentication logic

kastov · kastov · commit a14995b3d80e · 2025-03-05T07:43:32.000+03:00
- Restructure JWT guard to use switch statement for role-based authentication
diff --git a/.env.sample b/.env.sample
@@ -13,7 +13,6 @@ API_INSTANCES=1
 DATABASE_URL="postgresql://postgres:postgres@remnawave-db:5432/postgres"
 
 ### REDIS ###
-# FORMAT: redis://{user}:{password}@{host}:{port}/{database}
 REDIS_HOST=remnawave-redis
 REDIS_PORT=6379
 
diff --git a/src/common/guards/jwt-guards/def-jwt-guard.ts b/src/common/guards/jwt-guards/def-jwt-guard.ts
@@ -28,31 +28,32 @@ export class JwtDefaultGuard extends AuthGuard('registeredUserJWT') {
             return false;
         }
 
-        if (ROLE.API) {
-            const token = await this.getTokenByUuid({ uuid: user.uuid });
-            if (!token.isOk) {
-                return false;
+        switch (user.role) {
+            case ROLE.API: {
+                const token = await this.getTokenByUuid({ uuid: user.uuid });
+                if (!token.isOk) {
+                    return false;
+                }
+                return true;
             }
+            case ROLE.ADMIN: {
+                if (!user.username) {
+                    return false;
+                }
 
-            return true;
-        }
-
-        if (user.role === ROLE.ADMIN) {
-            if (!user.username) {
-                return false;
-            }
+                const adminEntity = await this.getAdminByUsername({
+                    username: user.username,
+                    role: user.role,
+                });
 
-            const adminEntity = await this.getAdminByUsername({
-                username: user.username,
-                role: user.role,
-            });
-
-            if (!adminEntity.isOk || !adminEntity.response) {
-                return false;
-            }
+                if (!adminEntity.isOk || !adminEntity.response) {
+                    return false;
+                }
 
-            if (adminEntity.response.uuid !== user.uuid) {
-                return false;
+                if (adminEntity.response.uuid !== user.uuid) {
+                    return false;
+                }
+                break;
             }
         }
 
