Tetardtek/Sakuin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'security/sakuin/guards-controllers'
Some checks failed
CI/CD — Build & Deploy / Build & Deploy (push) Failing after 14s
Details

Browse Source 
# Conflicts:
#	backend/src/work/work.controller.ts
This commit is contained in:
Tetardtek
2026-04-05 07:52:59 +02:00
parent 494d05c755 14823ed769
commit 13744eaaaa
4 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/src/auth/auth.guard.ts
View File

@@ -4,7 +4,9 @@ import {
Injectable, Injectable,
UnauthorizedException, UnauthorizedException,
} from '@nestjs/common'; } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { ConfigService } from '@nestjs/config'; import { ConfigService } from '@nestjs/config';
import { IS_PUBLIC_KEY } from './public.decorator';
interface CacheEntry { interface CacheEntry {
user: any; user: any;
@@ -18,9 +20,18 @@ const MAX_CACHE_SIZE = 1000;
export class AuthGuard implements CanActivate { export class AuthGuard implements CanActivate {
private readonly cache = new Map<string, CacheEntry>(); private readonly cache = new Map<string, CacheEntry>();
constructor(private readonly configService: ConfigService) {} constructor(
private readonly configService: ConfigService,
private readonly reflector: Reflector,
) {}
async canActivate(context: ExecutionContext): Promise<boolean> { async canActivate(context: ExecutionContext): Promise<boolean> {
const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
context.getHandler(),
context.getClass(),
]);
if (isPublic) return true;
const request = context.switchToHttp().getRequest(); const request = context.switchToHttp().getRequest();
const token = this.extractToken(request); const token = this.extractToken(request);

4
backend/src/auth/public.decorator.ts Normal file
View File

@@ -0,0 +1,4 @@
import { SetMetadata } from '@nestjs/common';
export const IS_PUBLIC_KEY = 'isPublic';
export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);

2
backend/src/user/user.controller.ts
View File

@@ -2,12 +2,12 @@ import { Controller, Get, Req, UseGuards } from '@nestjs/common';
import { UserService } from './user.service'; import { UserService } from './user.service';
import { AuthGuard } from '../auth/auth.guard'; import { AuthGuard } from '../auth/auth.guard';
@UseGuards(AuthGuard)
@Controller('api/user') @Controller('api/user')
export class UserController { export class UserController {
constructor(private readonly userService: UserService) {} constructor(private readonly userService: UserService) {}
@Get('me') @Get('me')
@UseGuards(AuthGuard)
async me(@Req() req: any) { async me(@Req() req: any) {
const user = await this.userService.findOrCreate({ const user = await this.userService.findOrCreate({
id: req.user.id, id: req.user.id,

6
backend/src/work/work.controller.ts
View File

@@ -1,11 +1,15 @@
import { Controller, Get, Query } from '@nestjs/common'; import { Controller, Get, Query, UseGuards } from '@nestjs/common';
import { Throttle } from '@nestjs/throttler'; import { Throttle } from '@nestjs/throttler';
import { AuthGuard } from '../auth/auth.guard';
import { Public } from '../auth/public.decorator';
import { WorkService } from './work.service'; import { WorkService } from './work.service';
@UseGuards(AuthGuard)
@Controller('api/works') @Controller('api/works')
export class WorkController { export class WorkController {
constructor(private readonly workService: WorkService) {} constructor(private readonly workService: WorkService) {}
@Public()
@Throttle([{ ttl: 60000, limit: 20 }]) @Throttle([{ ttl: 60000, limit: 20 }])
@Get('search') @Get('search')
async search( async search(