From 7ed2d80111b5e72966ea0e243a4bb9e9ceae4d60 Mon Sep 17 00:00:00 2001
From: L4168 <L4168@student.jamk.fi>
Date: Wed, 26 Jun 2019 11:47:18 +0300
Subject: [PATCH] added check for authorization header
---
src/shared/roles.guard.ts | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/shared/roles.guard.ts b/src/shared/roles.guard.ts
index 1f05fc9..e65916a 100644
--- a/src/shared/roles.guard.ts
+++ b/src/shared/roles.guard.ts
@@ -18,7 +18,7 @@ export class RolesGuard implements CanActivate {
private readonly reflector: Reflector,
@InjectRepository(Game_PersonEntity)
private game_PersonRepository: Repository<Game_PersonEntity>,
- ) {}
+ ) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
// get roles that are allowed access, identified by @Roles('role') decorators in controllers
@@ -27,9 +27,16 @@ export class RolesGuard implements CanActivate {
return true;
}
const request = context.switchToHttp().getRequest();
- const gameId = request.params.id
+ // check for authorization header
+ if (!request.headers.authorization) {
+ return false;
+ }
+ const gameId = request.params.id;
const user = await this.getUserObject(request.headers.authorization);
- const role = await this.game_PersonRepository.findOne({person: user['id'], game: gameId})
+ const role = await this.game_PersonRepository.findOne({
+ person: user['id'],
+ game: gameId,
+ });
// check that the role matches the criteria and that token is valid for this game
return role && roles.includes(role['role']);
}
@@ -42,7 +49,7 @@ export class RolesGuard implements CanActivate {
// get the token
const token = auth.split(' ')[1];
try {
- return await jwt.verify(token, process.env.SECRET)
+ return await jwt.verify(token, process.env.SECRET);
} catch (err) {
const message = `Token error: ${err.message || err.name}`;
throw new HttpException(message, HttpStatus.FORBIDDEN);
--
GitLab