forked from datawhale/whale-town-end
47a738067a
- 新增auth模块处理认证逻辑 - 新增security模块处理安全相关功能 - 新增user-mgmt模块管理用户相关操作 - 新增shared模块存放共享组件 - 重构admin模块,添加DTO和Guards - 为admin模块添加测试文件结构
44 lines
1.2 KiB
TypeScript
44 lines
1.2 KiB
TypeScript
/**
|
|
* 管理员鉴权守卫
|
|
*
|
|
* 功能描述:
|
|
* - 保护后台管理接口
|
|
* - 校验 Authorization: Bearer <admin_token>
|
|
* - 仅允许 role=9 的管理员访问
|
|
*
|
|
* @author jianuo
|
|
* @version 1.0.0
|
|
* @since 2025-12-19
|
|
*/
|
|
|
|
import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
|
|
import { Request } from 'express';
|
|
import { AdminCoreService, AdminAuthPayload } from '../../../core/admin_core/admin_core.service';
|
|
|
|
export interface AdminRequest extends Request {
|
|
admin?: AdminAuthPayload;
|
|
}
|
|
|
|
@Injectable()
|
|
export class AdminGuard implements CanActivate {
|
|
constructor(private readonly adminCoreService: AdminCoreService) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const req = context.switchToHttp().getRequest<AdminRequest>();
|
|
const auth = req.headers['authorization'];
|
|
|
|
if (!auth || Array.isArray(auth)) {
|
|
throw new UnauthorizedException('缺少Authorization头');
|
|
}
|
|
|
|
const [scheme, token] = auth.split(' ');
|
|
if (scheme !== 'Bearer' || !token) {
|
|
throw new UnauthorizedException('Authorization格式错误');
|
|
}
|
|
|
|
const payload = this.adminCoreService.verifyToken(token);
|
|
req.admin = payload;
|
|
return true;
|
|
}
|
|
}
|