fix: check user active while login or refresh session

zzswang · zzswang · commit 0da0592b3f9e · 2025-09-06T10:05:22.000+08:00
diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts
@@ -39,6 +39,15 @@ import { SignTokenDto } from './dto/sign-token.dto';
 import { Authorizer } from './entities/authorizer.entity';
 import { SessionWithToken, Token } from './entities/session-with-token.entity';
 
+function checkUserActive(user: UserDocument) {
+  if (user.active === false) {
+    throw new ForbiddenException({
+      code: ErrorCodes.USER_INACTIVE,
+      message: 'user inactive',
+    });
+  }
+}
+
 @ApiTags('auth')
 @Controller('auth')
 export class AuthController {
@@ -85,6 +94,8 @@ export class AuthController {
       });
     }
 
+    checkUserActive(user);
+
     return this.authService.login(user);
   }
 
@@ -194,6 +205,7 @@ export class AuthController {
         });
       }
 
+      checkUserActive(user);
       return this.authService.login(user);
     }
 
@@ -220,6 +232,7 @@ export class AuthController {
       });
     }
 
+    checkUserActive(user);
     return this.authService.login(user);
   }
 
@@ -242,6 +255,7 @@ export class AuthController {
       });
     }
 
+    checkUserActive(user);
     return this.authService.login(user);
   }
 
@@ -446,6 +460,8 @@ export class AuthController {
         });
       }
 
+      checkUserActive(user);
+
       payload.ns = user.ns;
       payload.groups = user.groups;
       payload.roles = user.roles;
diff --git a/src/constants.ts b/src/constants.ts
@@ -4,6 +4,7 @@ export const ErrorCodes = {
   CAPTCHA_INVALID: 'CAPTCHA_INVALID',
   TOO_MANY_LOGIN_ATTEMPTS: 'TOO_MANY_LOGIN_ATTEMPTS',
   USER_NOT_FOUND: 'USER_NOT_FOUND',
+  USER_INACTIVE: 'USER_INACTIVE',
   CAPTCHA_NOT_FOUND: 'CAPTCHA_NOT_FOUND',
   CASTERROR: 'CASTERROR',
   DUPLICATE: 'DUPLICATE',

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,15 @@ import { SignTokenDto } from './dto/sign-token.dto';`
`39`	`39`	`import { Authorizer } from './entities/authorizer.entity';`
`40`	`40`	`import { SessionWithToken, Token } from './entities/session-with-token.entity';`
`41`	`41`
	`42`	`+function checkUserActive(user: UserDocument) {`
	`43`	`+ if (user.active === false) {`
	`44`	`+ throw new ForbiddenException({`
	`45`	`+ code: ErrorCodes.USER_INACTIVE,`
	`46`	`+ message: 'user inactive',`
	`47`	`+ });`
	`48`	`+ }`
	`49`	`+}`
	`50`	`+`
`42`	`51`	`@ApiTags('auth')`
`43`	`52`	`@Controller('auth')`
`44`	`53`	`export class AuthController {`
`@@ -85,6 +94,8 @@ export class AuthController {`
`85`	`94`	`});`
`86`	`95`	`}`
`87`	`96`
	`97`	`+ checkUserActive(user);`
	`98`	`+`
`88`	`99`	`return this.authService.login(user);`
`89`	`100`	`}`
`90`	`101`
`@@ -194,6 +205,7 @@ export class AuthController {`
`194`	`205`	`});`
`195`	`206`	`}`
`196`	`207`
	`208`	`+ checkUserActive(user);`
`197`	`209`	`return this.authService.login(user);`
`198`	`210`	`}`
`199`	`211`
`@@ -220,6 +232,7 @@ export class AuthController {`
`220`	`232`	`});`
`221`	`233`	`}`
`222`	`234`
	`235`	`+ checkUserActive(user);`
`223`	`236`	`return this.authService.login(user);`
`224`	`237`	`}`
`225`	`238`
`@@ -242,6 +255,7 @@ export class AuthController {`
`242`	`255`	`});`
`243`	`256`	`}`
`244`	`257`
	`258`	`+ checkUserActive(user);`
`245`	`259`	`return this.authService.login(user);`
`246`	`260`	`}`
`247`	`261`
`@@ -446,6 +460,8 @@ export class AuthController {`
`446`	`460`	`});`
`447`	`461`	`}`
`448`	`462`
	`463`	`+ checkUserActive(user);`
	`464`	`+`
`449`	`465`	`payload.ns = user.ns;`
`450`	`466`	`payload.groups = user.groups;`
`451`	`467`	`payload.roles = user.roles;`