juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { type CanActivate, Router } from '@angular/router'
7
import * as jwtDecode from 'jwt-decode'
8
import { roles } from './roles'
9
import { Injectable, NgZone } from '@angular/core'
10

11
@Injectable()
12
export class LoginGuard implements CanActivate {
13
  constructor (private readonly router: Router, private readonly ngZone: NgZone) {}
14

15
  canActivate () {
16
    if (localStorage.getItem('token')) {
17
      return true
18
    } else {
19
      this.forbidRoute('UNAUTHORIZED_ACCESS_ERROR')
20
      return false
21
    }
22
  }
23

24
  forbidRoute (error = 'UNAUTHORIZED_PAGE_ACCESS_ERROR') {
25
    this.ngZone.run(async () => await this.router.navigate(['403'], {
26
      skipLocationChange: true,
27
      queryParams: { error }
28
    }))
29
  }
30

31
  tokenDecode () {
32
    let payload: any = null
33
    const token = localStorage.getItem('token')
34
    if (token) {
35
      try {
36
        payload = jwtDecode(token)
37
      } catch (err) {
38
        console.log(err)
39
      }
40
    }
41
    return payload
42
  }
43
}
44

45
@Injectable()
46
export class AdminGuard implements CanActivate {
47
  constructor (private readonly loginGuard: LoginGuard) {}
48

49
  canActivate () {
50
    const payload = this.loginGuard.tokenDecode()
51
    if (payload?.data && payload.data.role === roles.admin) {
52
      return true
53
    } else {
54
      this.loginGuard.forbidRoute()
55
      return false
56
    }
57
  }
58
}
59

60
@Injectable()
61
export class AccountingGuard implements CanActivate {
62
  constructor (private readonly loginGuard: LoginGuard) {}
63

64
  canActivate () {
65
    const payload = this.loginGuard.tokenDecode()
66
    if (payload?.data && payload.data.role === roles.accounting) {
67
      return true
68
    } else {
69
      this.loginGuard.forbidRoute()
70
      return false
71
    }
72
  }
73
}
74

75
@Injectable()
76
export class DeluxeGuard {
77
  constructor (private readonly loginGuard: LoginGuard) {}
78

79
  isDeluxe () {
80
    const payload = this.loginGuard.tokenDecode()
81
    return payload?.data && payload.data.role === roles.deluxe
82
  }
83
}
84