Add record access strategy
This commit is contained in:
Francisco Gaona
@@ -1,6 +1,7 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { JwtService } from '@nestjs/jwt';
|
||||
import { TenantDatabaseService } from '../tenant/tenant-database.service';
|
||||
import { getCentralPrisma } from '../prisma/central-prisma.service';
|
||||
import * as bcrypt from 'bcrypt';
|
||||
|
||||
@Injectable()
|
||||
@@ -10,11 +11,24 @@ export class AuthService {
|
||||
private jwtService: JwtService,
|
||||
) {}
|
||||
|
||||
private isCentralSubdomain(subdomain: string): boolean {
|
||||
const centralSubdomains = (process.env.CENTRAL_SUBDOMAINS || 'central,admin').split(',');
|
||||
return centralSubdomains.includes(subdomain);
|
||||
}
|
||||
|
||||
async validateUser(
|
||||
tenantId: string,
|
||||
email: string,
|
||||
password: string,
|
||||
subdomain?: string,
|
||||
): Promise<any> {
|
||||
|
||||
// Check if this is a central subdomain
|
||||
if (subdomain && this.isCentralSubdomain(subdomain)) {
|
||||
return this.validateCentralUser(email, password);
|
||||
}
|
||||
|
||||
// Otherwise, validate as tenant user
|
||||
const tenantDb = await this.tenantDbService.getTenantKnex(tenantId);
|
||||
|
||||
const user = await tenantDb('users')
|
||||
@@ -43,6 +57,31 @@ export class AuthService {
|
||||
return null;
|
||||
}
|
||||
|
||||
private async validateCentralUser(
|
||||
email: string,
|
||||
password: string,
|
||||
): Promise<any> {
|
||||
const centralPrisma = getCentralPrisma();
|
||||
|
||||
const user = await centralPrisma.user.findUnique({
|
||||
where: { email },
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (await bcrypt.compare(password, user.password)) {
|
||||
const { password: _, ...result } = user;
|
||||
return {
|
||||
...result,
|
||||
isCentralAdmin: true,
|
||||
};
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
async login(user: any) {
|
||||
const payload = {
|
||||
sub: user.id,
|
||||
@@ -66,7 +105,14 @@ export class AuthService {
|
||||
password: string,
|
||||
firstName?: string,
|
||||
lastName?: string,
|
||||
subdomain?: string,
|
||||
) {
|
||||
// Check if this is a central subdomain
|
||||
if (subdomain && this.isCentralSubdomain(subdomain)) {
|
||||
return this.registerCentralUser(email, password, firstName, lastName);
|
||||
}
|
||||
|
||||
// Otherwise, register as tenant user
|
||||
const tenantDb = await this.tenantDbService.getTenantKnex(tenantId);
|
||||
|
||||
const hashedPassword = await bcrypt.hash(password, 10);
|
||||
@@ -88,4 +134,28 @@ export class AuthService {
|
||||
const { password: _, ...result } = user;
|
||||
return result;
|
||||
}
|
||||
|
||||
private async registerCentralUser(
|
||||
email: string,
|
||||
password: string,
|
||||
firstName?: string,
|
||||
lastName?: string,
|
||||
) {
|
||||
const centralPrisma = getCentralPrisma();
|
||||
|
||||
const hashedPassword = await bcrypt.hash(password, 10);
|
||||
|
||||
const user = await centralPrisma.user.create({
|
||||
data: {
|
||||
email,
|
||||
password: hashedPassword,
|
||||
firstName: firstName || null,
|
||||
lastName: lastName || null,
|
||||
isActive: true,
|
||||
},
|
||||
});
|
||||
|
||||
const { password: _, ...result } = user;
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user