From a7d9331a7d6871bcf46b2bf3fb694ac2c22294a5 Mon Sep 17 00:00:00 2001 From: 2swo Date: Mon, 20 Nov 2023 12:40:16 +0900 Subject: [PATCH 1/5] =?UTF-8?q?refactor(#117)=20BoardGuard=EC=83=9D?= =?UTF-8?q?=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/boards/controllers/Boards.controller.ts | 9 ++++--- src/boards/services/Boards.service.ts | 3 ++- .../decorators/board-owner.decorator.ts | 9 +++++++ src/common/decorators/get-userId.decorator.ts | 2 +- src/config/guards/board-owner.guard.ts | 24 +++++++++++++++++++ 5 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 src/common/decorators/board-owner.decorator.ts create mode 100644 src/config/guards/board-owner.guard.ts diff --git a/src/boards/controllers/Boards.controller.ts b/src/boards/controllers/Boards.controller.ts index 56ee070..0e02247 100644 --- a/src/boards/controllers/Boards.controller.ts +++ b/src/boards/controllers/Boards.controller.ts @@ -28,6 +28,8 @@ import { ApiDeleteBoard } from '../swagger-decorators/delete-board-decorators'; import { ApiUpdateBoardImage } from '../swagger-decorators/patch-board-images-decorators'; import { JwtAccessTokenGuard } from 'src/config/guards/jwt-access-token.guard'; import { GetUserId } from 'src/common/decorators/get-userId.decorator'; +import { BoardOwnerGuard } from 'src/config/guards/board-Owner.guard'; +import { BoardOwner } from 'src/common/decorators/board-owner.decorator'; @Controller('boards') @ApiTags('board API') @@ -74,14 +76,15 @@ export class BoardsController { } @Get('/unit') - @UseGuards(JwtAccessTokenGuard) + @UseGuards(BoardOwnerGuard) @ApiGetOneBoard() async findOne( @Query('boardId') boardId: number, + @BoardOwner() unitOnwer: boolean, @GetUserId() userId: number, ): Promise { ``; - return await this.boardsService.findOneBoard(boardId, userId); + return await this.boardsService.findOneBoard(boardId, userId, unitOnwer); } @Patch('') @@ -94,7 +97,7 @@ export class BoardsController { } @Patch('/images') - @UseGuards(JwtAccessTokenGuard) + @UseGuards() @ApiUpdateBoardImage() @UseInterceptors(FilesInterceptor('files', 3)) async editBoardImages( diff --git a/src/boards/services/Boards.service.ts b/src/boards/services/Boards.service.ts index 365752f..c8edcef 100644 --- a/src/boards/services/Boards.service.ts +++ b/src/boards/services/Boards.service.ts @@ -62,9 +62,10 @@ export class BoardsService { async findOneBoard( boardId: number, userId: number, + unitOnwer: boolean, ): Promise { const board = await this.boardRepository.findBoardById(boardId); - const unitowner = board.userId === userId; + const unitowner = unitOnwer; if (!board) { throw new Error('게시물을 찾을 수 없습니다.'); } diff --git a/src/common/decorators/board-owner.decorator.ts b/src/common/decorators/board-owner.decorator.ts new file mode 100644 index 0000000..48e23d2 --- /dev/null +++ b/src/common/decorators/board-owner.decorator.ts @@ -0,0 +1,9 @@ +import { ExecutionContext, createParamDecorator } from '@nestjs/common'; + +export const BoardOwner = createParamDecorator( + (data, ctx: ExecutionContext): number => { + const req = ctx.switchToHttp().getRequest(); + + return req.unitowner; + }, +); diff --git a/src/common/decorators/get-userId.decorator.ts b/src/common/decorators/get-userId.decorator.ts index c8aec4a..59ca9ad 100644 --- a/src/common/decorators/get-userId.decorator.ts +++ b/src/common/decorators/get-userId.decorator.ts @@ -6,4 +6,4 @@ export const GetUserId = createParamDecorator( return req.user.userId; }, -); \ No newline at end of file +); diff --git a/src/config/guards/board-owner.guard.ts b/src/config/guards/board-owner.guard.ts new file mode 100644 index 0000000..aac9808 --- /dev/null +++ b/src/config/guards/board-owner.guard.ts @@ -0,0 +1,24 @@ +import { ExecutionContext, Injectable } from '@nestjs/common'; +import { TokenService } from 'src/auth/services/token.service'; +import { BoardRepository } from 'src/boards/repository/boards.repository'; + +@Injectable() +export class BoardOwnerGuard { + constructor( + private tokenService: TokenService, + private boardRepository: BoardRepository, + ) {} + + async canActivate(context: ExecutionContext) { + const request = context.switchToHttp().getRequest(); + const accessToken = request.headers['access_token']; + const boardId = request.query['boardId']; + const userId = await this.tokenService.decodeToken(accessToken); + const board = await this.boardRepository.findBoardById(boardId); + const unitowner = board.userId === userId; + + request.unitowner = unitowner; + request.user = { userId }; + return true; + } +} From 4114542135771bfac5661052c8ab0ac3a994570e Mon Sep 17 00:00:00 2001 From: 2swo Date: Mon, 20 Nov 2023 12:55:15 +0900 Subject: [PATCH 2/5] =?UTF-8?q?refactor(#117)=20BoardGuard=EC=88=98?= =?UTF-8?q?=EC=A0=95(=ED=86=A0=ED=81=B0=20=EC=97=86=EC=9D=84=EA=B2=BD?= =?UTF-8?q?=EC=9A=B0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/boards/controllers/Boards.controller.ts | 2 +- src/config/guards/board-owner.guard.ts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/boards/controllers/Boards.controller.ts b/src/boards/controllers/Boards.controller.ts index 0e02247..cbc962f 100644 --- a/src/boards/controllers/Boards.controller.ts +++ b/src/boards/controllers/Boards.controller.ts @@ -28,7 +28,7 @@ import { ApiDeleteBoard } from '../swagger-decorators/delete-board-decorators'; import { ApiUpdateBoardImage } from '../swagger-decorators/patch-board-images-decorators'; import { JwtAccessTokenGuard } from 'src/config/guards/jwt-access-token.guard'; import { GetUserId } from 'src/common/decorators/get-userId.decorator'; -import { BoardOwnerGuard } from 'src/config/guards/board-Owner.guard'; +import { BoardOwnerGuard } from 'src/config/guards/board-owner.guard'; import { BoardOwner } from 'src/common/decorators/board-owner.decorator'; @Controller('boards') diff --git a/src/config/guards/board-owner.guard.ts b/src/config/guards/board-owner.guard.ts index aac9808..305de4c 100644 --- a/src/config/guards/board-owner.guard.ts +++ b/src/config/guards/board-owner.guard.ts @@ -13,6 +13,11 @@ export class BoardOwnerGuard { const request = context.switchToHttp().getRequest(); const accessToken = request.headers['access_token']; const boardId = request.query['boardId']; + if (!accessToken) { + request.unitowner = false; + request.user = false; + return true; + } const userId = await this.tokenService.decodeToken(accessToken); const board = await this.boardRepository.findBoardById(boardId); const unitowner = board.userId === userId; From 9e682f8e48e0ee6b0e98fdd463767a03c2dbd96f Mon Sep 17 00:00:00 2001 From: 2swo Date: Mon, 20 Nov 2023 13:07:43 +0900 Subject: [PATCH 3/5] =?UTF-8?q?refactor(#117)=20BoardGuard=EC=88=98?= =?UTF-8?q?=EC=A0=95(=ED=86=A0=ED=81=B0=20=EC=97=86=EC=9D=84=EA=B2=BD?= =?UTF-8?q?=EC=9A=B0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/boards/controllers/Boards.controller.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/boards/controllers/Boards.controller.ts b/src/boards/controllers/Boards.controller.ts index cbc962f..09d026e 100644 --- a/src/boards/controllers/Boards.controller.ts +++ b/src/boards/controllers/Boards.controller.ts @@ -83,7 +83,6 @@ export class BoardsController { @BoardOwner() unitOnwer: boolean, @GetUserId() userId: number, ): Promise { - ``; return await this.boardsService.findOneBoard(boardId, userId, unitOnwer); } From 202fda8127b564e9be62d6e5a1730835997c3933 Mon Sep 17 00:00:00 2001 From: 2swo Date: Mon, 20 Nov 2023 13:08:44 +0900 Subject: [PATCH 4/5] =?UTF-8?q?refactor(#117)=20BoardGuard=EC=88=98?= =?UTF-8?q?=EC=A0=95(=ED=86=A0=ED=81=B0=20=EC=97=86=EC=9D=84=EA=B2=BD?= =?UTF-8?q?=EC=9A=B0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/boards/controllers/Boards.controller.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boards/controllers/Boards.controller.ts b/src/boards/controllers/Boards.controller.ts index 09d026e..06b4109 100644 --- a/src/boards/controllers/Boards.controller.ts +++ b/src/boards/controllers/Boards.controller.ts @@ -96,7 +96,7 @@ export class BoardsController { } @Patch('/images') - @UseGuards() + @UseGuards(JwtAccessTokenGuard) @ApiUpdateBoardImage() @UseInterceptors(FilesInterceptor('files', 3)) async editBoardImages( From 78522a9545e606c1f4acd71f0229a6b126edc2c7 Mon Sep 17 00:00:00 2001 From: 2swo Date: Mon, 20 Nov 2023 13:11:39 +0900 Subject: [PATCH 5/5] =?UTF-8?q?refactor(#117)=20BoardGuard=EC=88=98?= =?UTF-8?q?=EC=A0=95(=ED=86=A0=ED=81=B0=20=EC=97=86=EC=9D=84=EA=B2=BD?= =?UTF-8?q?=EC=9A=B0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/boards/controllers/Boards.controller.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/boards/controllers/Boards.controller.ts b/src/boards/controllers/Boards.controller.ts index 06b4109..7ddccf8 100644 --- a/src/boards/controllers/Boards.controller.ts +++ b/src/boards/controllers/Boards.controller.ts @@ -17,7 +17,6 @@ import { BoardImagesService } from '../services/BoardImage.service'; import { FilesInterceptor } from '@nestjs/platform-express'; import { BoardResponseDTO } from '../dto/boards.response.dto'; import { CreateBoardImageDto } from '../dto/create.board-image.dto'; -import { TokenService } from 'src/auth/services/token.service'; import { ApiUploadBoardImages } from '../swagger-decorators/upload-baord-images-decorator'; import { ApiAddBoard } from '../swagger-decorators/add-board-decorators'; import { ApiGetPageBoards } from '../swagger-decorators/get-page-boards-decorators'; @@ -37,7 +36,6 @@ export class BoardsController { constructor( private readonly boardsService: BoardsService, private readonly boardImagesService: BoardImagesService, - private tokenService: TokenService, ) {} @Post('')