Merge branch 'security/sakuin/guards-controllers'

# Conflicts: # backend/src/work/work.controller.ts
2026-04-05 07:52:59 +02:00
parent 494d05c755 14823ed769
commit 13744eaaaa
4 changed files with 22 additions and 3 deletions
--- a/backend/src/auth/auth.guard.ts
+++ b/backend/src/auth/auth.guard.ts
@@ -4,7 +4,9 @@ import {
  Injectable,
  UnauthorizedException,
 } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
 import { ConfigService } from '@nestjs/config';
+import { IS_PUBLIC_KEY } from './public.decorator';

 interface CacheEntry {
  user: any;
@@ -18,9 +20,18 @@ const MAX_CACHE_SIZE = 1000;
 export class AuthGuard implements CanActivate {
  private readonly cache = new Map<string, CacheEntry>();

-  constructor(private readonly configService: ConfigService) {}
+  constructor(
+    private readonly configService: ConfigService,
+    private readonly reflector: Reflector,
+  ) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (isPublic) return true;
+
    const request = context.switchToHttp().getRequest();
    const token = this.extractToken(request);

--- a/backend/src/auth/public.decorator.ts
+++ b/backend/src/auth/public.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
--- a/backend/src/user/user.controller.ts
+++ b/backend/src/user/user.controller.ts
@@ -2,12 +2,12 @@ import { Controller, Get, Req, UseGuards } from '@nestjs/common';
 import { UserService } from './user.service';
 import { AuthGuard } from '../auth/auth.guard';

+@UseGuards(AuthGuard)
@Controller('api/user')
 export class UserController {
  constructor(private readonly userService: UserService) {}

  @Get('me')
-  @UseGuards(AuthGuard)
  async me(@Req() req: any) {
    const user = await this.userService.findOrCreate({
      id: req.user.id,
--- a/backend/src/work/work.controller.ts
+++ b/backend/src/work/work.controller.ts
@@ -1,11 +1,15 @@
-import { Controller, Get, Query } from '@nestjs/common';
+import { Controller, Get, Query, UseGuards } from '@nestjs/common';
 import { Throttle } from '@nestjs/throttler';
+import { AuthGuard } from '../auth/auth.guard';
+import { Public } from '../auth/public.decorator';
 import { WorkService } from './work.service';

+@UseGuards(AuthGuard)
@Controller('api/works')
 export class WorkController {
  constructor(private readonly workService: WorkService) {}

+  @Public()
  @Throttle([{ ttl: 60000, limit: 20 }])
  @Get('search')
  async search(