diff --git a/src/game/game.entity.ts b/src/game/game.entity.ts
index 293b420dd90d2a3bfaad9a0afa97d3c5f0681522..12106afe5d1b14b1853aa23a0d1847c4ed920232 100644
--- a/src/game/game.entity.ts
+++ b/src/game/game.entity.ts
@@ -75,10 +75,11 @@ export class Game_PersonEntity {
return gametoken;
}
private get gametoken() {
- const { gamepersonId, role } = this;
+ const { gamepersonId, game, role } = this;
return jwt.sign(
{
gamepersonId,
+ game,
role,
},
process.env.SECRET,
diff --git a/src/shared/roles.guard.ts b/src/shared/roles.guard.ts
index fcb7ae8f172b240b340063d2f6dd72a5e9efa527..2397ac38f1872491ccc5753d4dfed8c11f0589d1 100644
--- a/src/shared/roles.guard.ts
+++ b/src/shared/roles.guard.ts
@@ -5,9 +5,7 @@ import {
HttpException,
HttpStatus,
} from '@nestjs/common';
-import { Observable } from 'rxjs';
import { Reflector } from '@nestjs/core';
-
import * as jwt from 'jsonwebtoken';
@Injectable()
@@ -15,13 +13,16 @@ export class RolesGuard implements CanActivate {
constructor(private readonly reflector: Reflector) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
+ // get roles that are allowed access, identified by @Roles('role') decorators in controllers
const roles = this.reflector.get<string[]>('roles', context.getHandler());
if (!roles) {
return true;
}
const request = context.switchToHttp().getRequest();
+ const gameId = request.params.id
const role = await this.checkRole(request.headers.authorization);
- return roles.includes(role['role'])
+ // check that the role matches the criteria and that token is valid for this game
+ return roles.includes(role['role']) && role['game']['id'] === gameId;
}
async checkRole(auth: string) {
@@ -32,7 +33,6 @@ export class RolesGuard implements CanActivate {
// get the token
const token = auth.split(' ')[1];
try {
- console.log(jwt.verify(token, process.env.SECRET))
return await jwt.verify(token, process.env.SECRET)
} catch (err) {
const message = `Token error: ${err.message || err.name}`;