Jason Woltje
d3c8b8cadd
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>
44 lines
1.4 KiB
TypeScript
44 lines
1.4 KiB
TypeScript
import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from "@nestjs/common";
|
|
import type { Request } from "express";
|
|
import { AgentConfigService, type ContainerTokenValidation } from "./agent-config.service";
|
|
|
|
export interface AgentConfigRequest extends Request {
|
|
containerAuth?: ContainerTokenValidation;
|
|
}
|
|
|
|
@Injectable()
|
|
export class AgentConfigGuard implements CanActivate {
|
|
constructor(private readonly agentConfigService: AgentConfigService) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest<AgentConfigRequest>();
|
|
const token = this.extractBearerToken(request.headers.authorization);
|
|
|
|
if (!token) {
|
|
throw new UnauthorizedException("Missing Bearer token");
|
|
}
|
|
|
|
const containerAuth = await this.agentConfigService.validateContainerToken(token);
|
|
if (!containerAuth) {
|
|
throw new UnauthorizedException("Invalid container token");
|
|
}
|
|
|
|
request.containerAuth = containerAuth;
|
|
return true;
|
|
}
|
|
|
|
private extractBearerToken(headerValue: string | string[] | undefined): string | null {
|
|
const normalizedHeader = Array.isArray(headerValue) ? headerValue[0] : headerValue;
|
|
if (!normalizedHeader) {
|
|
return null;
|
|
}
|
|
|
|
const [scheme, token] = normalizedHeader.split(" ");
|
|
if (!scheme || !token || scheme.toLowerCase() !== "bearer") {
|
|
return null;
|
|
}
|
|
|
|
return token;
|
|
}
|
|
}
|