♻️ Use global guards, @public decorator

Co-Authored-By: Jay McDoniel <jmcdo29@gmail.com> Addition context: nestjs/nest#5598
staart · Oct 24, 2020 · 959dc7b · 959dc7b
1 parent 818ad11
commit 959dc7b
Show file tree

Hide file tree

Showing 11 changed files with 46 additions and 29 deletions.
diff --git a/src/app.constants.ts b/src/app.constants.ts
@@ -0,0 +1 @@
+export const STAART_PUBLIC_ENDPOINT = 'STAART_PUBLIC_ENDPOINT';
diff --git a/src/app.module.ts b/src/app.module.ts
@@ -1,12 +1,14 @@
 import { Module } from '@nestjs/common';
 import { ConfigModule } from '@nestjs/config';
-import { APP_INTERCEPTOR } from '@nestjs/core';
+import { APP_GUARD, APP_INTERCEPTOR } from '@nestjs/core';
 import { RateLimiterInterceptor, RateLimiterModule } from 'nestjs-rate-limiter';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
 import configuration from './config/configuration';
 import { AccessTokensModule } from './modules/access-tokens/access-tokens.module';
 import { AuthModule } from './modules/auth/auth.module';
+import { JwtAuthGuard } from './modules/auth/jwt-auth.guard';
+import { ScopesGuard } from './modules/auth/scope.guard';
 import { EmailModule } from './modules/email/email.module';
 import { EmailsModule } from './modules/emails/emails.module';
 import { GroupsModule } from './modules/groups/groups.module';
@@ -39,6 +41,14 @@ import { UsersModule } from './modules/user/user.module';
       provide: APP_INTERCEPTOR,
       useClass: RateLimiterInterceptor,
     },
+    {
+      provide: APP_GUARD,
+      useClass: JwtAuthGuard,
+    },
+    {
+      provide: APP_GUARD,
+      useClass: ScopesGuard,
+    },
   ],
 })
 export class AppModule {}
diff --git a/src/modules/access-tokens/access-tokens.controller.ts b/src/modules/access-tokens/access-tokens.controller.ts
@@ -33,7 +33,6 @@ export class AccessTokenController {
   constructor(private accessTokensService: AccessTokensService) {}
 
   @Post()
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:write', 'access-token:write')
   async create(
     @Param('userId', ParseIntPipe) userId: number,
@@ -43,7 +42,6 @@ export class AccessTokenController {
   }
 
   @Get()
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'access-token:read')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
@@ -63,7 +61,6 @@ export class AccessTokenController {
   }
 
   @Get(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'access-token{id}:read')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
@@ -73,7 +70,6 @@ export class AccessTokenController {
   }
 
   @Patch(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:write', 'access-token{id}:write')
   async update(
     @Body() data: UpdateAccessTokenDto,
@@ -84,7 +80,6 @@ export class AccessTokenController {
   }
 
   @Put(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:write', 'access-token{id}:write')
   async replace(
     @Body() data: ReplaceAccessTokenDto,
@@ -95,7 +90,6 @@ export class AccessTokenController {
   }
 
   @Delete(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:delete', 'access-token{id}:delete')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,

diff --git a/src/modules/auth/auth.controller.ts b/src/modules/auth/auth.controller.ts
@@ -4,8 +4,10 @@ import { RateLimit } from 'nestjs-rate-limiter';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { LoginDto, RegisterDto, ResendEmailVerificationDto } from './auth.dto';
 import { AuthService } from './auth.service';
+import { Public } from './public.decorator';
 
 @Controller('auth')
+@Public()
 export class AuthController {
   constructor(private authService: AuthService) {}
 

diff --git a/src/modules/auth/jwt-auth.guard.ts b/src/modules/auth/jwt-auth.guard.ts
@@ -1,5 +1,19 @@
-import { Injectable } from '@nestjs/common';
+import { ExecutionContext, Injectable } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';
+import { STAART_PUBLIC_ENDPOINT } from 'src/app.constants';
 
 @Injectable()
-export class JwtAuthGuard extends AuthGuard('jwt') {}
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  constructor(private readonly reflector: Reflector) {
+    super();
+  }
+
+  public canActivate(context: ExecutionContext) {
+    const decoratorSkip =
+      this.reflector.get(STAART_PUBLIC_ENDPOINT, context.getClass()) ||
+      this.reflector.get(STAART_PUBLIC_ENDPOINT, context.getHandler());
+    if (decoratorSkip) return true;
+    return super.canActivate(context);
+  }
+}
diff --git a/src/modules/auth/public.decorator.ts b/src/modules/auth/public.decorator.ts
@@ -0,0 +1,16 @@
+import { STAART_PUBLIC_ENDPOINT } from 'src/app.constants';
+
+export function Public() {
+  return (
+    target: any,
+    _?: string | symbol,
+    descriptor?: TypedPropertyDescriptor<any>,
+  ) => {
+    if (descriptor) {
+      Reflect.defineMetadata(STAART_PUBLIC_ENDPOINT, true, descriptor.value);
+      return descriptor;
+    }
+    Reflect.defineMetadata(STAART_PUBLIC_ENDPOINT, true, target);
+    return target;
+  };
+}
diff --git a/src/modules/emails/emails.controller.ts b/src/modules/emails/emails.controller.ts
@@ -27,7 +27,6 @@ export class EmailController {
   constructor(private emailsService: EmailsService) {}
 
   @Post()
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:write', 'email:write')
   async create(
     @Param('userId', ParseIntPipe) userId: number,
@@ -37,7 +36,6 @@ export class EmailController {
   }
 
   @Get()
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'email:read')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
@@ -57,7 +55,6 @@ export class EmailController {
   }
 
   @Get(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'email{id}:read')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
@@ -67,7 +64,6 @@ export class EmailController {
   }
 
   @Delete(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:delete', 'email{id}:delete')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,

diff --git a/src/modules/groups/groups.controller.ts b/src/modules/groups/groups.controller.ts
@@ -31,7 +31,6 @@ export class GroupController {
   constructor(private groupsService: GroupsService) {}
 
   @Post()
-  @UseGuards(ScopesGuard)
   @Scopes('user:write', 'group:write')
   async create(
     @Req() req: UserRequest,
@@ -41,7 +40,6 @@ export class GroupController {
   }
 
   @Get()
-  @UseGuards(ScopesGuard)
   @Scopes('group:read')
   async getAll(
     @Query('skip', OptionalIntPipe) skip?: number,
@@ -60,14 +58,12 @@ export class GroupController {
   }
 
   @Get(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('group{id}:read')
   async get(@Param('id', ParseIntPipe) id: number): Promise<Expose<groups>> {
     return this.groupsService.getGroup(Number(id));
   }
 
   @Patch(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('group{id}:write')
   async update(
     @Body() data: UpdateGroupDto,
@@ -77,7 +73,6 @@ export class GroupController {
   }
 
   @Put(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('group{id}:write')
   async replace(
     @Body() data: ReplaceGroupDto,
@@ -87,7 +82,6 @@ export class GroupController {
   }
 
   @Delete(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('group{id}:delete')
   async remove(@Param('id', ParseIntPipe) id: number): Promise<Expose<groups>> {
     return this.groupsService.deleteGroup(Number(id));

diff --git a/src/modules/memberships/memberships.controller.ts b/src/modules/memberships/memberships.controller.ts
@@ -24,7 +24,6 @@ export class MembershipController {
   constructor(private membershipsService: MembershipsService) {}
 
   @Get()
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'membership:read')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
@@ -44,7 +43,6 @@ export class MembershipController {
   }
 
   @Get(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'membership{id}:read')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
@@ -54,7 +52,6 @@ export class MembershipController {
   }
 
   @Delete(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:delete', 'membership{id}:delete')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,

diff --git a/src/modules/sessions/sessions.controller.ts b/src/modules/sessions/sessions.controller.ts
@@ -24,7 +24,6 @@ export class SessionController {
   constructor(private sessionsService: SessionsService) {}
 
   @Get()
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'session:read')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
@@ -44,7 +43,6 @@ export class SessionController {
   }
 
   @Get(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:read', 'session{id}:read')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
@@ -54,7 +52,6 @@ export class SessionController {
   }
 
   @Delete(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{userId}:delete', 'session{id}:delete')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,

diff --git a/src/modules/user/user.controller.ts b/src/modules/user/user.controller.ts
@@ -27,7 +27,6 @@ export class UserController {
   constructor(private usersService: UsersService) {}
 
   @Get()
-  @UseGuards(ScopesGuard)
   @Scopes('user:read')
   async getAll(
     @Query('skip', OptionalIntPipe) skip?: number,
@@ -40,14 +39,12 @@ export class UserController {
   }
 
   @Get(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{id}:read')
   async get(@Param('id', ParseIntPipe) id: number): Promise<Expose<users>> {
     return this.usersService.user({ id: Number(id) });
   }
 
   @Patch(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{id}:write')
   async update(
     @Param('id', ParseIntPipe) id: number,
@@ -57,7 +54,6 @@ export class UserController {
   }
 
   @Delete(':id')
-  @UseGuards(ScopesGuard)
   @Scopes('user{id}:delete')
   async remove(@Param('id', ParseIntPipe) id: number): Promise<Expose<users>> {
     return this.usersService.deleteUser({ id: Number(id) });