feat: only show contact on shelter public routes on authorized roles

kelvinsb · HelioDantas · commit f1416e5a1681 · 2024-05-15T21:20:59.000-03:00
diff --git a/src/decorators/UserDecorator/index.ts b/src/decorators/UserDecorator/index.ts
@@ -0,0 +1,3 @@
+import { UserDecorator } from './user.decorator';
+
+export { UserDecorator };
diff --git a/src/decorators/UserDecorator/user.decorator.ts b/src/decorators/UserDecorator/user.decorator.ts
@@ -0,0 +1,8 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export const UserDecorator = createParamDecorator(
+  (data: unknown, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request?.user;
+  },
+);
diff --git a/src/guards/apply-user.guard.ts b/src/guards/apply-user.guard.ts
@@ -0,0 +1,10 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class ApplyUser extends AuthGuard('jwt') {
+  handleRequest(err: any, user: any) {
+    if (user) return user;
+    return null;
+  }
+}
diff --git a/src/guards/utils.ts b/src/guards/utils.ts
@@ -11,22 +11,34 @@ async function canActivate(context: ExecutionContext, allowed: AccessLevel[]) {
   if (request.user) {
     const { userId, sessionId } = request.user;
 
-    const session = await service.session.findUnique({
-      where: { id: sessionId, active: true, user: { id: userId } },
-      include: {
-        user: true,
-      },
-    });
-
-    if (
-      session &&
-      allowed.some((permission) => permission === session.user.accessLevel)
-    ) {
-      return true;
-    }
+    return isRightSessionRole(allowed, sessionId, userId);
   }
 
   return false;
 }
 
-export { canActivate };
+async function isRightSessionRole(
+  allowed: AccessLevel[],
+  sessionId?: string,
+  userId?: string,
+) {
+  if (!sessionId) return false;
+  if (!userId) return false;
+
+  const session = await service.session.findUnique({
+    where: { id: sessionId, active: true, user: { id: userId } },
+    include: {
+      user: true,
+    },
+  });
+
+  if (
+    session &&
+    allowed.some((permission) => permission === session.user.accessLevel)
+  ) {
+    return true;
+  }
+  return false;
+}
+
+export { canActivate, isRightSessionRole };
diff --git a/src/shelter/shelter.controller.ts b/src/shelter/shelter.controller.ts
@@ -15,6 +15,8 @@ import { ApiTags } from '@nestjs/swagger';
 import { ShelterService } from './shelter.service';
 import { ServerResponse } from '../utils';
 import { StaffGuard } from '@/guards/staff.guard';
+import { ApplyUser } from '@/guards/apply-user.guard';
+import { UserDecorator } from '@/decorators/UserDecorator';
 
 @ApiTags('Abrigos')
 @Controller('shelters')
@@ -35,9 +37,10 @@ export class ShelterController {
   }
 
   @Get(':id')
-  async show(@Param('id') id: string) {
+  @UseGuards(ApplyUser)
+  async show(@UserDecorator() user: any, @Param('id') id: string) {
     try {
-      const data = await this.shelterService.show(id);
+      const data = await this.shelterService.show(id, user);
       return new ServerResponse(200, 'Successfully get shelter', data);
     } catch (err: any) {
       this.logger.error(`Failed to get shelter: ${err}`);
diff --git a/src/shelter/shelter.service.ts b/src/shelter/shelter.service.ts
@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { Injectable } from '@nestjs/common';
 import * as qs from 'qs';
-import { Prisma } from '@prisma/client';
+import { Prisma, AccessLevel } from '@prisma/client';
 import { DefaultArgs } from '@prisma/client/runtime/library';
 
 import { PrismaService } from '../prisma/prisma.service';
@@ -14,6 +14,7 @@ import { SearchSchema } from '../types';
 import { ShelterSearch, parseTagResponse } from './ShelterSearch';
 import { SupplyPriority } from '../supply/types';
 import { IFilterFormProps } from './types/search.types';
+import { isRightSessionRole } from '@/guards/utils';
 
 @Injectable()
 export class ShelterService {
@@ -60,7 +61,13 @@ export class ShelterService {
     });
   }
 
-  async show(id: string) {
+  async show(id: string, user: any) {
+    const isLogged = await isRightSessionRole(
+      [AccessLevel.User, AccessLevel.Staff],
+      user?.sessionId,
+      user?.userId,
+    );
+
     const data = await this.prismaService.shelter.findFirst({
       where: {
         id,
@@ -72,7 +79,7 @@ export class ShelterService {
         pix: true,
         shelteredPeople: true,
         capacity: true,
-        contact: true,
+        contact: isLogged,
         petFriendly: true,
         prioritySum: true,
         latitude: true,

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+import { UserDecorator } from './user.decorator';`
	`2`	`+`
	`3`	`+export { UserDecorator };`