juice-shop
83 строки · 2.0 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type CanActivate, Router } from '@angular/router'7import * as jwtDecode from 'jwt-decode'8import { roles } from './roles'9import { Injectable, NgZone } from '@angular/core'10
11@Injectable()12export class LoginGuard implements CanActivate {13constructor (private readonly router: Router, private readonly ngZone: NgZone) {}14
15canActivate () {16if (localStorage.getItem('token')) {17return true18} else {19this.forbidRoute('UNAUTHORIZED_ACCESS_ERROR')20return false21}22}23
24forbidRoute (error = 'UNAUTHORIZED_PAGE_ACCESS_ERROR') {25this.ngZone.run(async () => await this.router.navigate(['403'], {26skipLocationChange: true,27queryParams: { error }28}))29}30
31tokenDecode () {32let payload: any = null33const token = localStorage.getItem('token')34if (token) {35try {36payload = jwtDecode(token)37} catch (err) {38console.log(err)39}40}41return payload42}43}
44
45@Injectable()46export class AdminGuard implements CanActivate {47constructor (private readonly loginGuard: LoginGuard) {}48
49canActivate () {50const payload = this.loginGuard.tokenDecode()51if (payload?.data && payload.data.role === roles.admin) {52return true53} else {54this.loginGuard.forbidRoute()55return false56}57}58}
59
60@Injectable()61export class AccountingGuard implements CanActivate {62constructor (private readonly loginGuard: LoginGuard) {}63
64canActivate () {65const payload = this.loginGuard.tokenDecode()66if (payload?.data && payload.data.role === roles.accounting) {67return true68} else {69this.loginGuard.forbidRoute()70return false71}72}73}
74
75@Injectable()76export class DeluxeGuard {77constructor (private readonly loginGuard: LoginGuard) {}78
79isDeluxe () {80const payload = this.loginGuard.tokenDecode()81return payload?.data && payload.data.role === roles.deluxe82}83}
84