575a29ac8f
主要变更: 1. 代码风格统一 - 统一使用双引号替代单引号 - 保持项目代码风格一致性 - 涵盖所有模块、配置、实体和服务文件 2. 项目文档 - 新增 SECURITY_FIXES_SUMMARY.md - 安全修复总结文档 - 新增 项目问题评估报告.md - 项目问题评估文档 3. 包含修改的文件类别 - 配置文件:app, database, jwt, redis, cache, performance - 实体文件:所有 TypeORM 实体 - 模块文件:所有业务模块 - 公共模块:guards, decorators, interceptors, filters, utils - 测试文件:单元测试和 E2E 测试 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
51 lines
1.3 KiB
TypeScript
51 lines
1.3 KiB
TypeScript
import {
|
|
Injectable,
|
|
CanActivate,
|
|
ExecutionContext,
|
|
ForbiddenException,
|
|
} from "@nestjs/common";
|
|
import { Reflector } from "@nestjs/core";
|
|
import { ROLES_KEY } from "../decorators/roles.decorator";
|
|
import { UserRole } from "../enums";
|
|
import { ErrorCode, ErrorMessage } from "../interfaces/response.interface";
|
|
|
|
/**
|
|
* 角色守卫
|
|
* 检查用户是否拥有所需的角色
|
|
*/
|
|
@Injectable()
|
|
export class RolesGuard implements CanActivate {
|
|
constructor(private reflector: Reflector) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
|
|
ROLES_KEY,
|
|
[context.getHandler(), context.getClass()],
|
|
);
|
|
|
|
if (!requiredRoles) {
|
|
return true;
|
|
}
|
|
|
|
const { user } = context.switchToHttp().getRequest();
|
|
|
|
if (!user) {
|
|
throw new ForbiddenException({
|
|
code: ErrorCode.UNAUTHORIZED,
|
|
message: ErrorMessage[ErrorCode.UNAUTHORIZED],
|
|
});
|
|
}
|
|
|
|
const hasRole = requiredRoles.some((role) => user.role === role);
|
|
|
|
if (!hasRole) {
|
|
throw new ForbiddenException({
|
|
code: ErrorCode.NO_PERMISSION,
|
|
message: ErrorMessage[ErrorCode.NO_PERMISSION],
|
|
});
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|