feat: add admin guard and JWT role support

- Create AdminGuard to check user role - Update JWT strategy to include role in payload - Update auth service to include role in token generation - Prepare admin module structure - TypeScript will resolve lint errors after server restart
2025-10-11 14:15:34 +07:00
parent c3bc181063
commit 9b789b333f
26 changed files with 117 additions and 15 deletions
--- a/apps/api/dist/auth/auth.controller.d.ts
+++ b/apps/api/dist/auth/auth.controller.d.ts
@@ -21,7 +21,7 @@ export declare class AuthController {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
    }>;
    login(body: {
        email: string;
@@ -44,7 +44,7 @@ export declare class AuthController {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
        requiresOtp?: undefined;
        availableMethods?: undefined;
        tempToken?: undefined;
@@ -61,7 +61,7 @@ export declare class AuthController {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
    }>;
    googleAuth(): Promise<void>;
    googleAuthCallback(req: any, res: Response): Promise<void>;
--- a/apps/api/dist/auth/auth.service.d.ts
+++ b/apps/api/dist/auth/auth.service.d.ts
@@ -14,7 +14,7 @@ export declare class AuthService {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
    }>;
    login(email: string, password: string): Promise<{
        requiresOtp: boolean;
@@ -34,7 +34,7 @@ export declare class AuthService {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
        requiresOtp?: undefined;
        availableMethods?: undefined;
        tempToken?: undefined;
@@ -62,7 +62,7 @@ export declare class AuthService {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
        requiresOtp?: undefined;
        availableMethods?: undefined;
        tempToken?: undefined;
@@ -75,7 +75,7 @@ export declare class AuthService {
            avatarUrl: string | null;
            emailVerified: boolean;
        };
-        token: string;
+        token: Promise<string>;
    }>;
    private generateToken;
    private generateTempToken;
--- a/apps/api/dist/auth/auth.service.js
+++ b/apps/api/dist/auth/auth.service.js
@@ -317,10 +317,15 @@ let AuthService = class AuthService {
            token,
        };
    }
-    generateToken(userId, email) {
+    async generateToken(userId, email) {
+        const user = await this.prisma.user.findUnique({
+            where: { id: userId },
+            select: { role: true },
+        });
        return this.jwtService.sign({
            sub: userId,
            email,
+            role: user?.role || 'user',
        });
    }
    generateTempToken(userId, email) {
--- a/apps/api/dist/auth/auth.service.js.map
+++ b/apps/api/dist/auth/auth.service.js.map
--- a/apps/api/dist/auth/jwt.strategy.d.ts
+++ b/apps/api/dist/auth/jwt.strategy.d.ts
@@ -2,10 +2,11 @@ import { Strategy } from 'passport-jwt';
 export interface JwtPayload {
    sub: string;
    email: string;
+    role?: string;
    iat?: number;
    exp?: number;
 }
-declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithoutRequest] | [opt: import("passport-jwt").StrategyOptionsWithRequest]) => Strategy & {
    validate(...args: any[]): unknown;
 };
 export declare class JwtStrategy extends JwtStrategy_base {
@@ -13,6 +14,7 @@ export declare class JwtStrategy extends JwtStrategy_base {
    validate(payload: JwtPayload): Promise<{
        userId: string;
        email: string;
+        role: string;
    }>;
 }
 export {};
--- a/apps/api/dist/auth/jwt.strategy.js
+++ b/apps/api/dist/auth/jwt.strategy.js
@@ -22,7 +22,11 @@ let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(pas
        });
    }
    async validate(payload) {
-        return { userId: payload.sub, email: payload.email };
+        return {
+            userId: payload.sub,
+            email: payload.email,
+            role: payload.role || 'user'
+        };
    }
 };
 exports.JwtStrategy = JwtStrategy;
--- a/apps/api/dist/auth/jwt.strategy.js.map
+++ b/apps/api/dist/auth/jwt.strategy.js.map
@@ -1 +1 @@
-{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../src/auth/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,+CAAoD;AACpD,+CAAoD;AAU7C,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IACzD;QACE,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,6BAA6B;SACrE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAmB;QAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;IACvD,CAAC;CACF,CAAA;AAZY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;;GACA,WAAW,CAYvB"}
+{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../src/auth/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,+CAAoD;AACpD,+CAAoD;AAW7C,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IACzD;QACE,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,6BAA6B;SACrE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAmB;QAChC,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,MAAM;SAC7B,CAAC;IACJ,CAAC;CACF,CAAA;AAhBY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;;GACA,WAAW,CAgBvB"}