1
export enum Role {
2
  ADMIN = 'admin',
3
  USER = 'user',
4
  Guest = 'guest',
5
}

1
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'
2
import { Reflector } from '@nestjs/core'
3
import { Role } from '../const/role.enum'
4

5
@Injectable()
6
export class RolesGuard implements CanActivate {
7
  constructor(private reflector: Reflector) {}
8

9
  canActivate(context: ExecutionContext): boolean {
10
    const roles = this.reflector.get<Role[]>('roles', context.getHandler())
11
    if (!roles) {
12
      return true
13
    }
14
    const request = context.switchToHttp().getRequest()
15
    const user = request.user
16
    return roles.some(role => user.roles?.includes(role))
17
  }
18
}

1
import { SetMetadata } from '@nestjs/common'
2
import { RolesEnum } from '../const/roles.const'
3

4
export const ROLES_KEY = 'user_roles'
5

6
// @Roles(RolesEnum.ADMIN)
7
export const Roles = (role: RolesEnum) => SetMetadata(ROLES_KEY, role)

1
// **** (6) DELETE /posts/:id : id에 해당하는 post를 삭제
2
@Delete(':id')
3
@UseGuards(AccessTokenGuard)
4
@Roles(RolesEnum.ADMIN)
5
deletePost(@Param('id', ParseIntPipe) id: number) {
6
  return this.postsService.deletePost(id)
7
}

1
import { CanActivate, ExecutionContext, ForbiddenException, Injectable, UnauthorizedException } from '@nestjs/common'
2

3
import { Reflector } from '@nestjs/core'
4
import { ROLES_KEY } from '../decorator/roles.decorator'
5

6
@Injectable()
7
export class RolesGuard implements CanActivate {
8
  constructor(private readonly reflector: Reflector) {}
9

10
  async canActivate(context: ExecutionContext): Promise<boolean> {
11
    /** Roles annotation에 대한 metadata를 가져와야한다.
12
     * Reflector.getAllAndOverride() : 키에 대한 애노테이션 정보를 가져와서 override해줌
13
     */
14
    const requiredRole = this.reflector.getAllAndOverride(
15
      ROLES_KEY, //
16
      [context.getHandler(), context.getClass()],
17
    )
18

19
    // Roles Annotation 등록 안돼있음
20
    if (!requiredRole) return true
21

22
    const { user } = context.switchToHttp().getRequest()
23

24
    if (!user) {
25
      throw new UnauthorizedException(`토큰을 제공 해주세요!`)
26
    }
27

28
    if (user.role !== requiredRole) {
29
      throw new ForbiddenException(`이 작업을 수행할 권한이 없습니다. ${requiredRole} 권한이 필요합니다.`)
30
    }
31

32
    return true
33
  }
34
}

1
@Module({
2
  // 생략
3
  providers: [
4
    AppService,
5
    {
6
      provide: APP_INTERCEPTOR,
7
      useClass: ClassSerializerInterceptor,
8
    },
9
    // 아래 코드 추가
10
    {
11
      provide: APP_GUARD,
12
      useClass: RolesGuard,
13
    },
14
  ],
15
}

1
@Module({
2
  // 생략
3
  providers: [
4
    AppService,
5
    {
6
      provide: APP_INTERCEPTOR,
7
      useClass: ClassSerializerInterceptor,
8
    },
9
    {
10
      provide: APP_GUARD,
11
      useClass: AccessTokenGuard,
12
    },
13
    {
14
      provide: APP_GUARD,
15
      useClass: RolesGuard,
16
    },
17
  ],
18
}

1
import { SetMetadata } from '@nestjs/common'
2

3
export const IS_PUBLIC_KEY = 'is_public'
4

5
export const IsPublic = () => SetMetadata(IS_PUBLIC_KEY, true)

1
@Injectable()
2
export class BearerTokenGuard implements CanActivate {
3
  constructor(
4
    private readonly authService: AuthService,
5
    private readonly usersService: UsersService,
6
    private readonly reflector: Reflector,
7
  ) {}
8

9
  async canActivate(context: ExecutionContext): Promise<boolean> {
10
    const isPublic = this.reflector.getAllAndOverride(
11
      IS_PUBLIC_KEY, //
12
      [context.getHandler(), context.getClass()],
13
    )
14

15
    const req = context.switchToHttp().getRequest()
16

17
    if (isPublic) {
18
      req.isRoutePublic = true
19
      return true
20
    }
21

22
    // 생략
23
  }
24
}
25

26
@Injectable()
27
export class AccessTokenGuard extends BearerTokenGuard {
28
  async canActivate(context: ExecutionContext): Promise<boolean> {
29
    await super.canActivate(context)
30

31
    const req = context.switchToHttp().getRequest()
32

33
    if (req.isRoutePublic) {
34
      return true
35
    }
36

37
    // 생략
38
  }
39
}
40

41
@Injectable()
42
export class RefreshTokenGuard extends BearerTokenGuard {
43
  async canActivate(context: ExecutionContext): Promise<boolean> {
44
    await super.canActivate(context)
45
    const req = context.switchToHttp().getRequest()
46

47
    if (req.isRoutePublic) {
48
      return true
49
    }
50

51
    // 생략
52
  }
53
}

1
// **** (1) GET /posts : 모든 post 조회
2
@Get()
3
@IsPublic()
4
getPosts(@Query() query: PaginatePostDto) {
5
  return this.postsService.paginatePosts(query)
6
}
7

8
// **** 2) GET /posts/:id : id에 해당하는 post 조회
9
// @Param('id') 뜻 : 가져오는 파라미터의 이름은 id이다
10
@Get(':id')
11
@IsPublic()
12
getPost(@Param('id', ParseIntPipe) id: number) {
13
  return this.postsService.getPostById(id)
14
}

1
@Post('token/access')
2
@IsPublic()
3
@UseGuards(RefreshTokenGuard)
4
postTokenAccess(@Headers('authorization') rawToken: string) {
5
	// 생략
6
}
7

8
@Post('token/refresh')
9
@IsPublic()
10
@UseGuards(RefreshTokenGuard)
11
postTokenRefresh(@Headers('authorization') rawToken: string) {
12
  // 생략
13
}
14

15
@Post('login/email')
16
@IsPublic()
17
@UseGuards(BasicTokenGuard)
18
postLoginEmail(
19
  @Headers('authorization') rawToken: string, //
20
  // @Request() req, // 가드에 생성한 req를 가져와서 쓰기
21
) {
22
  // 생략
23
}
24

25
@Post('register/email')
26
@IsPublic()
27
postRegisterEmail(@Body() body: RegisterUserDto) {
28
  return this.authService.registerWithEmail(body)
29
}

1
import { Controller, Post, UploadedFile, UseGuards, UseInterceptors } from '@nestjs/common'
2
import { CommonService } from './common.service'
3
import { FileInterceptor } from '@nestjs/platform-express'
4

5
@Controller('common')
6
export class CommonController {
7
  constructor(private readonly commonService: CommonService) {}
8

9
  @Post('image')
10
  @UseInterceptors(FileInterceptor('image'))
11
  postImage(@UploadedFile() file: Express.Multer.File) {
12
    return {
13
      fileName: file.filename,
14
    }
15
  }
16
}

1
@Controller('posts/:postId/comments')
2
export class CommentsController {
3
  // 생략
4
  // **** (1) 댓글 페이지네이션
5
  @Get()
6
  @IsPublic()
7
  getComments() {} // 생략
8

9
  // **** (2) 특정 댓글 1개만 가져오기
10
  @Get(':commentId')
11
  @IsPublic()
12
  getComment(@Param('commentId', ParseIntPipe) commentId: number) {
13
    return this.commentsService.getCommentById(commentId)
14
  }
15

16
  // **** (3) 댓글 생성
17
  @Post()
18
  @UseInterceptors(TransactionInterceptor)
19
  async postComment() {} // 생략
20

21
  // **** (4) 댓글 수정
22
  @Patch(':commentId')
23
  @UseGuards(IsCommentMineOrAdminGuard)
24
  async patchComment() {} // 생략
25

26
  // **** (5) 댓글 삭제
27
  @Delete(':commentId')
28
  async deleteComment() {} // 생략
29
}

1
@Controller('posts')
2
export class PostsController {
3
  // 생략
4

5
  // **** (1) GET /posts : 모든 post 조회
6
  @Get()
7
  @IsPublic()
8
  getPosts(@Query() query: PaginatePostDto) {
9
    return this.postsService.paginatePosts(query)
10
  }
11

12
  // **** 2) GET /posts/:id : id에 해당하는 post 조회
13
  // @Param('id') 뜻 : 가져오는 파라미터의 이름은 id이다
14
  @Get(':id')
15
  @IsPublic()
16
  getPost() {} // 생략
17

18
  @Post()
19
  @UseInterceptors(TransactionInterceptor)
20
  async postPosts() {} // 생략
21

22
  // (4) POST /posts/random : 무작위 포스트를 생성
23
  @Post('random')
24
  async postPostsRandom() {} // 생략
25

26
  // **** (5) PATCH /posts/:id : id에 해당하는 post를 부분 변경
27
  @Patch(':id')
28
  patchPost() {} // 생략
29

30
  // **** (6) DELETE /posts/:id : id에 해당하는 post를 삭제
31
  @Delete(':id')
32
  @Roles(RolesEnum.ADMIN)
33
  deletePost() {} // 생략
34
}

1
@Controller('users')
2
export class UsersController {
3
  constructor(private readonly usersService: UsersService) {}
4

5
  @Get()
6
  @Roles(RolesEnum.ADMIN)
7
  getUsers() {
8
    return this.usersService.getAllUsers()
9
  }
10
}