81 lines
2.4 KiB
TypeScript
81 lines
2.4 KiB
TypeScript
// auth/otp-auth.guard.ts
|
|
import {
|
|
CanActivate,
|
|
ExecutionContext,
|
|
Injectable,
|
|
UnprocessableEntityException,
|
|
} from '@nestjs/common';
|
|
import { JwtService } from '@nestjs/jwt';
|
|
import { InjectDataSource } from '@nestjs/typeorm';
|
|
import { validatePassword } from 'src/core/helpers/password/bcrypt.helpers';
|
|
import {
|
|
CONNECTION_NAME,
|
|
STATUS,
|
|
} from 'src/core/strings/constants/base.constants';
|
|
import { UserRole } from 'src/modules/user-related/user/constants';
|
|
import { UserModel } from 'src/modules/user-related/user/data/models/user.model';
|
|
import { DataSource, Not } from 'typeorm';
|
|
|
|
@Injectable()
|
|
export class OtpAuthGuard implements CanActivate {
|
|
constructor(
|
|
private readonly jwtService: JwtService,
|
|
|
|
@InjectDataSource(CONNECTION_NAME.DEFAULT)
|
|
protected readonly dataSource: DataSource,
|
|
) {}
|
|
|
|
get userRepository() {
|
|
return this.dataSource.getRepository(UserModel);
|
|
}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest();
|
|
const jwtAuth = request.headers['authorization'];
|
|
const basicAuth = request.headers['x-basic-authorization'];
|
|
|
|
// 1. Cek OTP Auth (basic_authorization header)
|
|
if (basicAuth) {
|
|
try {
|
|
const decoded = Buffer.from(basicAuth, 'base64').toString('ascii');
|
|
const [username, password] = decoded.split('|');
|
|
|
|
const userLogin = await this.userRepository.findOne({
|
|
where: {
|
|
username: username,
|
|
status: STATUS.ACTIVE,
|
|
role: Not(UserRole.QUEUE_ADMIN),
|
|
},
|
|
});
|
|
|
|
const valid = await validatePassword(password, userLogin?.password);
|
|
|
|
if (userLogin && valid) {
|
|
request.user = userLogin;
|
|
return true;
|
|
} else {
|
|
throw new UnprocessableEntityException('Invalid OTP credentials');
|
|
}
|
|
} catch (err) {
|
|
throw new UnprocessableEntityException('Invalid OTP encoding');
|
|
}
|
|
}
|
|
|
|
// 2. Cek JWT (Authorization: Bearer <token>)
|
|
if (jwtAuth && jwtAuth.startsWith('Bearer ')) {
|
|
const token = jwtAuth.split(' ')[1];
|
|
try {
|
|
const payload = await this.jwtService.verifyAsync(token);
|
|
request.user = payload;
|
|
return true;
|
|
} catch (err) {
|
|
throw new UnprocessableEntityException('Invalid JWT token');
|
|
}
|
|
}
|
|
|
|
throw new UnprocessableEntityException(
|
|
'No valid authentication method found',
|
|
);
|
|
}
|
|
}
|