创建了完整的NestJS项目结构,包含配置文件、核心模块、工具类、拦截器、过滤器等基础代码,实现了健康检查、用户认证、管理员RBAC、剧集管理、订单支付、媒体管理等核心功能的基础框架,配置了ESLint、TypeScript、Jest等开发工具链。
53 lines
1.4 KiB
TypeScript
53 lines
1.4 KiB
TypeScript
import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { Request } from 'express';
|
|
import {
|
|
REQUIRED_PERMISSIONS_METADATA,
|
|
} from '../decorators/require-permissions.decorator';
|
|
import { AdminUserRecord } from '../interfaces/admin-records.interface';
|
|
import { AdminService } from '../admin.service';
|
|
|
|
@Injectable()
|
|
export class PermissionsGuard implements CanActivate {
|
|
constructor(
|
|
private readonly reflector: Reflector,
|
|
private readonly adminService: AdminService,
|
|
) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const required =
|
|
this.reflector.getAllAndOverride<string[]>(
|
|
REQUIRED_PERMISSIONS_METADATA,
|
|
[context.getHandler(), context.getClass()],
|
|
) ?? [];
|
|
|
|
if (required.length === 0) {
|
|
return true;
|
|
}
|
|
|
|
const request = context
|
|
.switchToHttp()
|
|
.getRequest<Request & { adminUser?: AdminUserRecord }>();
|
|
const adminUser = request.adminUser;
|
|
|
|
if (!adminUser) {
|
|
throw new ForbiddenException('No permission');
|
|
}
|
|
|
|
if (adminUser.isSuperAdmin) {
|
|
return true;
|
|
}
|
|
|
|
const permissions = this.adminService.getPermissionCodesForAdmin(adminUser.id);
|
|
const allowed = required.every((permission) =>
|
|
permissions.includes(permission),
|
|
);
|
|
|
|
if (!allowed) {
|
|
throw new ForbiddenException('No permission');
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|