till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-16 02:39:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/services/mana-api-gateway/src/guards/admin.guard.ts
Till-JS fc0ed636fc feat(api-gateway): add Swagger, admin endpoints, and scheduler 
- Add Swagger/OpenAPI documentation at /docs endpoint
- Add admin module for system-wide API key management
- Add scheduler for monthly credit reset and usage cleanup
- Add Docker Compose entry for Mac Mini deployment
- Document all endpoints with descriptions and examples
2026-01-29 18:03:16 +01:00

37 lines
1 KiB
TypeScript
Raw Blame History

import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
@Injectable()
export class AdminGuard implements CanActivate {
private readonly adminUserIds: string[];
constructor(private readonly configService: ConfigService) {
// Admin user IDs from environment variable (comma-separated)
const adminIds = this.configService.get<string>('admin.userIds') || '';
this.adminUserIds = adminIds
.split(',')
.map((id) => id.trim())
.filter(Boolean);
}
canActivate(context: ExecutionContext): boolean {
const request = context.switchToHttp().getRequest();
const user = request.user;
if (!user || !user.userId) {
throw new ForbiddenException('User not authenticated');
}
// Check if user has admin role
if (user.role === 'admin') {
return true;
}
// Check if user ID is in the admin list
if (this.adminUserIds.includes(user.userId)) {
return true;
}
throw new ForbiddenException('Admin access required');
}
}
Reference in a new issue View git blame Copy permalink