Inicio Explorar Ayuda
Iniciar sesión
anhuiqiang
/
KnowledgeBase
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 3cdfeda9da
Ramas Etiquetas
KnowledgeBase
/
server
/
src
/
auth
/
api-key.guard.ts

api-key.guard.ts 1.7 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. import { Injectable, CanActivate, ExecutionContext, UnauthorizedException } from '@nestjs/common';
    2. 

  2. import { Reflector } from '@nestjs/core';
    3. 

  3. import { UserService } from '../user/user.service';
    4. 

  4. import { Request } from 'express';
    5. 

  5. import { IS_PUBLIC_KEY } from './public.decorator';
    6. 

  6. 

  7. @Injectable()
    8. 

  8. export class ApiKeyGuard implements CanActivate {
    9. 

  9.     constructor(
    10. 

  10.         private reflector: Reflector,
    11. 

  11.         private userService: UserService,
    12. 

  12.     ) { }
    13. 

  13. 

  14.     async canActivate(context: ExecutionContext): Promise<boolean> {
    15. 

  15.         const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
    16. 

  16.             context.getHandler(),
    17. 

  17.             context.getClass(),
    18. 

  18.         ]);
    19. 

  19.         if (isPublic) {
    20. 

  20.             return true;
    21. 

  21.         }
    22. 

  22. 

  23.         const request = context.switchToHttp().getRequest<Request & { user?: any, tenantId?: string }>();
    24. 

  24.         const apiKey = this.extractApiKeyFromHeader(request);
    25. 

  25. 

  26.         if (apiKey) {
    27. 

  27.             const user = await this.userService.findByApiKey(apiKey);
    28. 

  28.             if (user) {
    29. 

  29.                 request.user = user;
    30. 

  30.                 request.tenantId = user.tenantId;
    31. 

  31.                 return true;
    32. 

  32.             }
    33. 

  33.             throw new UnauthorizedException('Invalid API key');
    34. 

  34.         }
    35. 

  35. 

  36.         throw new UnauthorizedException('Missing API key');
    37. 

  37.     }
    38. 

  38. 

  39.     private extractApiKeyFromHeader(request: Request): string | undefined {
    40. 

  40.         const authHeader = request.headers.authorization;
    41. 

  41.         if (authHeader && authHeader.startsWith('Bearer kb_')) {
    42. 

  42.             return authHeader.substring(7, authHeader.length);
    43. 

  43.         }
    44. 

  44.         const headerKey = request.headers['x-api-key'] as string;
    45. 

  45.         if (headerKey) return headerKey;
    46. 

  46. 

  47.         return undefined;
    48. 

  48.     }
    49. 

  49. }
    50.