Merge pull request #140 from modern-agile-team/feature/board-user

Refactor(2swo/board-user)Board-Gurad생성, 토큰 없을경우 예외처리

src/boards/controllers/Boards.controller.ts

@@ -17,7 +17,6 @@ import { BoardImagesService } from '../services/BoardImage.service';
 import { FilesInterceptor } from '@nestjs/platform-express';
 import { BoardResponseDTO } from '../dto/boards.response.dto';
 import { CreateBoardImageDto } from '../dto/create.board-image.dto';
-import { TokenService } from 'src/auth/services/token.service';
 import { ApiUploadBoardImages } from '../swagger-decorators/upload-baord-images-decorator';
 import { ApiAddBoard } from '../swagger-decorators/add-board-decorators';
 import { ApiGetPageBoards } from '../swagger-decorators/get-page-boards-decorators';
@@ -28,14 +27,15 @@ import { ApiDeleteBoard } from '../swagger-decorators/delete-board-decorators';
 import { ApiUpdateBoardImage } from '../swagger-decorators/patch-board-images-decorators';
 import { JwtAccessTokenGuard } from 'src/config/guards/jwt-access-token.guard';
 import { GetUserId } from 'src/common/decorators/get-userId.decorator';
+import { BoardOwnerGuard } from 'src/config/guards/board-owner.guard';
+import { BoardOwner } from 'src/common/decorators/board-owner.decorator';
 
 @Controller('boards')
 @ApiTags('board API')
 export class BoardsController {
   constructor(
     private readonly boardsService: BoardsService,
     private readonly boardImagesService: BoardImagesService,
-    private tokenService: TokenService,
   ) {}
 
   @Post('')
@@ -74,14 +74,14 @@ export class BoardsController {
   }
 
   @Get('/unit')
-  @UseGuards(JwtAccessTokenGuard)
+  @UseGuards(BoardOwnerGuard)
   @ApiGetOneBoard()
   async findOne(
     @Query('boardId') boardId: number,
+    @BoardOwner() unitOnwer: boolean,
     @GetUserId() userId: number,
   ): Promise<BoardResponseDTO> {
-    ``;
-    return await this.boardsService.findOneBoard(boardId, userId);
+    return await this.boardsService.findOneBoard(boardId, userId, unitOnwer);
   }
 
   @Patch('')

src/boards/services/Boards.service.ts

@@ -62,9 +62,10 @@ export class BoardsService {
   async findOneBoard(
     boardId: number,
     userId: number,
+    unitOnwer: boolean,
   ): Promise<oneBoardResponseDTO> {
     const board = await this.boardRepository.findBoardById(boardId);
-    const unitowner = board.userId === userId;
+    const unitowner = unitOnwer;
     if (!board) {
       throw new Error('게시물을 찾을 수 없습니다.');
     }

src/common/decorators/board-owner.decorator.ts

@@ -0,0 +1,9 @@
+import { ExecutionContext, createParamDecorator } from '@nestjs/common';
+
+export const BoardOwner = createParamDecorator(
+  (data, ctx: ExecutionContext): number => {
+    const req = ctx.switchToHttp().getRequest();
+
+    return req.unitowner;
+  },
+);

src/common/decorators/get-userId.decorator.ts

@@ -6,4 +6,4 @@ export const GetUserId = createParamDecorator(
 
     return req.user.userId;
   },
-);
+);

src/config/guards/board-owner.guard.ts

@@ -0,0 +1,29 @@
+import { ExecutionContext, Injectable } from '@nestjs/common';
+import { TokenService } from 'src/auth/services/token.service';
+import { BoardRepository } from 'src/boards/repository/boards.repository';
+
+@Injectable()
+export class BoardOwnerGuard {
+  constructor(
+    private tokenService: TokenService,
+    private boardRepository: BoardRepository,
+  ) {}
+
+  async canActivate(context: ExecutionContext) {
+    const request = context.switchToHttp().getRequest();
+    const accessToken = request.headers['access_token'];
+    const boardId = request.query['boardId'];
+    if (!accessToken) {
+      request.unitowner = false;
+      request.user = false;
+      return true;
+    }
+    const userId = await this.tokenService.decodeToken(accessToken);
+    const board = await this.boardRepository.findBoardById(boardId);
+    const unitowner = board.userId === userId;
+
+    request.unitowner = unitowner;
+    request.user = { userId };
+    return true;
+  }
+}