本次提交进行了大规模的项目结构调整: 1. 调整文件目录归属,将模块代码按功能域重新组织 2. 删除多处冗余的DTO、实体类和模块文件 3. 统一了常量、装饰器、工具类的存放位置 4. 修复了`.gitignore`的日志目录匹配规则 5. 新增了健康检查、认证、用户、剧集、订单等核心业务模块
54 lines
1.6 KiB
TypeScript
54 lines
1.6 KiB
TypeScript
import {
|
|
CanActivate,
|
|
ExecutionContext,
|
|
Injectable,
|
|
UnauthorizedException,
|
|
} from '@nestjs/common';
|
|
import { JwtService } from '@nestjs/jwt';
|
|
import { Request } from 'express';
|
|
import { AdminUserRecord } from '../interfaces/admin-records.interface';
|
|
import { AdminService } from '../admin.service';
|
|
|
|
@Injectable()
|
|
export class AdminJwtAuthGuard implements CanActivate {
|
|
constructor(
|
|
private readonly jwtService: JwtService,
|
|
private readonly adminService: AdminService,
|
|
) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context
|
|
.switchToHttp()
|
|
.getRequest<Request & { adminUser?: AdminUserRecord; adminId?: number }>();
|
|
const authHeader = request.get('authorization');
|
|
const token = authHeader?.startsWith('Bearer ')
|
|
? authHeader.slice('Bearer '.length)
|
|
: undefined;
|
|
|
|
if (!token) {
|
|
throw new UnauthorizedException('Admin not authenticated');
|
|
}
|
|
|
|
try {
|
|
const payload = await this.jwtService.verifyAsync<{
|
|
sub: number;
|
|
type: string;
|
|
}>(token);
|
|
if (payload.type !== 'admin') {
|
|
throw new UnauthorizedException('Admin not authenticated');
|
|
}
|
|
|
|
const adminUser = await this.adminService.findAdminById(payload.sub);
|
|
if (!adminUser || adminUser.status !== 'active') {
|
|
throw new UnauthorizedException('Admin not authenticated');
|
|
}
|
|
|
|
request.adminUser = adminUser;
|
|
request.adminId = adminUser.id;
|
|
return true;
|
|
} catch {
|
|
throw new UnauthorizedException('Admin not authenticated');
|
|
}
|
|
}
|
|
}
|