dwindown/tabungin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
89f881e7cfb25d1b18d2726758346d33dce3a5a4
tabungin/apps/api/dist/otp/otp-gate.guard.js
dwindown 249f3a9d7d feat: remove OTP gate from transactions, fix categories auth, add implementation plan 
- Remove OtpGateGuard from transactions controller (OTP verified at login)
- Fix categories controller to use authenticated user instead of TEMP_USER_ID
- Add comprehensive implementation plan document
- Update .env.example with WEB_APP_URL
- Prepare for admin dashboard development
2025-10-11 14:00:11 +07:00

56 lines
2.4 KiB
JavaScript
Raw Blame History

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.OtpGateGuard = void 0;
const common_1 = require("@nestjs/common");
const otp_service_1 = require("./otp.service");
let OtpGateGuard = class OtpGateGuard {
otpService;
constructor(otpService) {
this.otpService = otpService;
}
async canActivate(context) {
const request = context.switchToHttp().getRequest();
const userId = request.user?.userId;
if (!userId) {
return true;
}
const status = await this.otpService.getStatus(userId);
if (!status.emailEnabled && !status.totpEnabled) {
return true;
}
const otpCode = request.headers['x-otp-code'] || request.body?.otpCode;
const otpMethod = (request.headers['x-otp-method'] ||
request.body?.otpMethod ||
'totp');
if (!otpCode) {
throw new common_1.UnauthorizedException({
message: 'OTP verification required',
requiresOtp: true,
availableMethods: {
email: status.emailEnabled,
totp: status.totpEnabled,
},
});
}
const isValid = await this.otpService.verifyOtpGate(userId, otpCode, otpMethod);
if (!isValid) {
throw new common_1.UnauthorizedException('Invalid OTP code');
}
return true;
}
};
exports.OtpGateGuard = OtpGateGuard;
exports.OtpGateGuard = OtpGateGuard = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [otp_service_1.OtpService])
], OtpGateGuard);
//# sourceMappingURL=otp-gate.guard.js.map
Reference in New Issue View Git Blame Copy Permalink