🔒 Add scopes and guards on user routes

staart · Oct 23, 2020 · 653ccfc · 653ccfc
1 parent 93d82e1
commit 653ccfc
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/src/app.module.ts b/src/app.module.ts
@@ -18,7 +18,10 @@ import { UsersModule } from './modules/user/user.module';
     PrismaModule,
     UsersModule,
     AuthModule,
-    RateLimiterModule,
+    RateLimiterModule.register({
+      points: 100,
+      duration: 60,
+    }),
     EmailModule,
   ],
   controllers: [AppController],

diff --git a/src/modules/user/user.controller.ts b/src/modules/user/user.controller.ts
@@ -27,6 +27,8 @@ export class UserController {
   constructor(private usersService: UsersService) {}
 
   @Get()
+  @UseGuards(ScopesGuard)
+  @Scopes('user:read')
   async getAll(
     @Query('skip', OptionalIntPipe) skip?: number,
     @Query('take', OptionalIntPipe) take?: number,
@@ -45,6 +47,8 @@ export class UserController {
   }
 
   @Patch(':id')
+  @UseGuards(ScopesGuard)
+  @Scopes('user{id}:write')
   async update(
     @Param('id', ParseIntPipe) id: number,
     @Body() data: UpdateUserDto,
@@ -53,6 +57,8 @@ export class UserController {
   }
 
   @Delete(':id')
+  @UseGuards(ScopesGuard)
+  @Scopes('user{id}:delete')
   async remove(@Param('id', ParseIntPipe) id: number): Promise<Expose<users>> {
     return this.usersService.deleteUser({ id: Number(id) });
   }