feat(module options): add usernameFromContext

add `usernameFromContext` to extract username

Author: dreamdevil00

src/authz.guard.ts

@@ -6,65 +6,70 @@ import {
 } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { Observable } from 'rxjs';
-import { AUTHZ_ENFORCER, PERMISSIONS_METADATA } from './authz.constants';
+import {
+  AUTHZ_ENFORCER,
+  PERMISSIONS_METADATA,
+  AUTHZ_MODULE_OPTIONS
+} from './authz.constants';
 import * as casbin from 'casbin';
 import { Permission } from './interfaces/permission.interface';
 import { UnauthorizedException } from '@nestjs/common';
 import { AuthPossession } from './types';
+import { AuthZModuleOptions } from './interfaces/authz-module-options.interface';
 
 @Injectable()
 export class AuthZGuard implements CanActivate {
   constructor(
     private readonly reflector: Reflector,
-    @Inject(AUTHZ_ENFORCER) public enforcer: casbin.Enforcer
+    @Inject(AUTHZ_ENFORCER) private enforcer: casbin.Enforcer,
+    @Inject(AUTHZ_MODULE_OPTIONS) private options: AuthZModuleOptions
   ) {}
 
   canActivate(
     context: ExecutionContext
   ): boolean | Promise<boolean> | Observable<boolean> {
-    const permissions: Permission[] = this.reflector.get<Permission[]>(
-      PERMISSIONS_METADATA,
-      context.getHandler()
-    );
-
-    if (!permissions) {
-      return true;
-    }
-
-    const request = context.switchToHttp().getRequest();
-    const user = request.user;
-    if (!user) {
-      throw new UnauthorizedException();
-    }
+    try {
+      const permissions: Permission[] = this.reflector.get<Permission[]>(
+        PERMISSIONS_METADATA,
+        context.getHandler()
+      );
 
-    const { username: uname } = user;
+      if (!permissions) {
+        return true;
+      }
 
-    const hasPermission = (
-      username: string,
-      permission: Permission
-    ): boolean => {
-      const { possession, resource, action } = permission;
-      const poss = [];
+      const username = this.options.usernameFromContext(context);
 
-      if (possession === AuthPossession.OWN_ANY) {
-        poss.push(AuthPossession.ANY, AuthPossession.OWN);
-      } else {
-        poss.push(possession);
+      if (!username) {
+        throw new UnauthorizedException();
       }
 
-      return poss.some(p => {
-        if (p === AuthPossession.OWN) {
-          return (permission as any).isOwn(request);
+      const hasPermission = (user: string, permission: Permission): boolean => {
+        const { possession, resource, action } = permission;
+        const poss = [];
+
+        if (possession === AuthPossession.OWN_ANY) {
+          poss.push(AuthPossession.ANY, AuthPossession.OWN);
         } else {
-          return this.enforcer.enforce(username, resource, `${action}:${p}`);
+          poss.push(possession);
         }
-      });
-    };
 
-    const result = permissions.every(permission =>
-      hasPermission(uname, permission)
-    );
+        return poss.some(p => {
+          if (p === AuthPossession.OWN) {
+            return (permission as any).isOwn(context);
+          } else {
+            return this.enforcer.enforce(user, resource, `${action}:${p}`);
+          }
+        });
+      };
 
-    return result;
+      const result = permissions.every(permission =>
+        hasPermission(username, permission)
+      );
+
+      return result;
+    } catch (e) {
+      throw e;
+    }
   }
 }

src/interfaces/authz-module-options.interface.ts

@@ -1,4 +1,7 @@
+import { ExecutionContext } from '@nestjs/common';
+
 export interface AuthZModuleOptions<T = any> {
   model: string;
   policy: string | Promise<T>;
+  usernameFromContext: (context: ExecutionContext) => string;
 }

src/types.ts

@@ -1,4 +1,4 @@
-export enum AuthAction {
+export enum AuthActionVerb {
   CREATE = 'create',
   UPDATE = 'update',
   DELETE = 'delete',
@@ -10,3 +10,17 @@ export enum AuthPossession {
   OWN = 'own',
   OWN_ANY = 'own|any'
 }
+
+export enum AuthAction {
+  CREATE_ANY = 'create:any',
+  CREATE_OWN = 'create:own',
+
+  UPDATE_ANY = 'update:any',
+  UPDATE_OWN = 'update:own',
+
+  DELETE_ANY = 'delete:any',
+  DELETE_OWN = 'delete:own',
+
+  READ_ANY = 'read:any',
+  READ_OWN = 'read:own'
+}

test/use-permissions.decorator.spec.ts

@@ -2,18 +2,18 @@ import {
   UsePermissions,
   PERMISSIONS_METADATA,
   Permission,
-  AuthAction,
-  AuthPossession,
+  AuthActionVerb,
+  AuthPossession
 } from '../src';
 
 describe('@UsePermissions()', () => {
   it('should set metadata correctly', () => {
     const permissions: Permission[] = [
       {
         resource: 'test',
-        action: AuthAction.READ,
-        possession: AuthPossession.ANY,
-      },
+        action: AuthActionVerb.READ,
+        possession: AuthPossession.ANY
+      }
     ];
     class TestController {
       @UsePermissions(...permissions)
@@ -23,7 +23,7 @@ describe('@UsePermissions()', () => {
     }
     const res = Reflect.getMetadata(
       PERMISSIONS_METADATA,
-      TestController.prototype.getData,
+      TestController.prototype.getData
     );
     expect(res).toEqual(permissions);
   });