From 6a8cfd5530466f52169df7474b41bc719ce6ce2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B9=AF=E6=9C=AC=20=E9=96=8B?= Date: Mon, 22 May 2023 08:08:02 +0000 Subject: [PATCH] =?UTF-8?q?Merged=20PR=2094:=20[Sp8-2=E3=81=A7=E7=B5=B6?= =?UTF-8?q?=E5=AF=BE=E7=9D=80=E6=89=8B]=20=E8=AA=8D=E8=A8=BC=E3=83=BB?= =?UTF-8?q?=E8=AA=8D=E5=8F=AF=E3=82=92=E5=AE=A3=E8=A8=80=E7=9A=84=E3=81=AB?= =?UTF-8?q?=E6=89=B1=E3=81=88=E3=82=8B=E4=BB=95=E7=B5=84=E3=81=BF=E3=81=AE?= =?UTF-8?q?=E5=AE=9F=E8=A3=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 概要 [Task1725: [Sp8-2で絶対着手] 認証・認可を宣言的に扱える仕組みの実装](https://paruru.nds-tyo.co.jp:8443/tfs/ReciproCollection/fa4924a4-d079-4fab-9fb5-a9a11eb205f0/_workitems/edit/1725) - 認証(アクセストークンが正しいか)の認証を `@UseGuards(AuthGuard)` をControllerに追加することで確認できる仕組みを追加 - 実際の修正は別Task想定 - 権限チェック(アクセストークンに含まれる権限でAPI呼び出し可能か)のチェックを `@UseGuards(RoleGuards.configure({ ... }))` をControllerに追加することで確認できる仕組みを追加 - 実際の修正は別Task想定 - 具体的な使い方はテスト、あるいはUsersControllerのGET /usersのコメントアウトされたコード参照 - 無駄に重複していたコードを共通化 ## レビューポイント - 使いやすそうか? - この認証Guardsを使用して認証する時の懸念点はないか - コードに問題はなさそうか - テスト容易性のため、公開するべきでないメソッドを公開している事に対して納得できるか ## 動作確認状況 - ローカルで確認 --- dictation_server/src/app.module.ts | 2 + .../common/guards/auth/authguards.module.ts | 9 ++ .../src/common/guards/auth/authguards.ts | 41 +++++++ .../src/common/guards/role/roleguards.spec.ts | 65 +++++++++++ .../src/common/guards/role/roleguards.ts | 103 ++++++++++++++++++ dictation_server/src/common/http/helper.ts | 6 +- dictation_server/src/common/jwt/index.ts | 4 +- dictation_server/src/common/jwt/jwt.ts | 36 ++++++ .../src/features/auth/auth.controller.ts | 29 +++-- .../features/files/files.controller.spec.ts | 7 ++ .../src/features/files/files.controller.ts | 2 + .../licenses/licenses.controller.spec.ts | 7 ++ .../features/licenses/licenses.controller.ts | 10 +- .../features/tasks/tasks.controller.spec.ts | 7 ++ .../src/features/tasks/tasks.controller.ts | 4 +- .../features/users/users.controller.spec.ts | 7 ++ .../src/features/users/users.controller.ts | 13 ++- 17 files changed, 326 insertions(+), 26 deletions(-) create mode 100644 dictation_server/src/common/guards/auth/authguards.module.ts create mode 100644 dictation_server/src/common/guards/auth/authguards.ts create mode 100644 dictation_server/src/common/guards/role/roleguards.spec.ts create mode 100644 dictation_server/src/common/guards/role/roleguards.ts diff --git a/dictation_server/src/app.module.ts b/dictation_server/src/app.module.ts index 356738b..1d76792 100644 --- a/dictation_server/src/app.module.ts +++ b/dictation_server/src/app.module.ts @@ -28,6 +28,7 @@ import { FilesService } from './features/files/files.service'; import { TasksService } from './features/tasks/tasks.service'; import { TasksController } from './features/tasks/tasks.controller'; import { TasksModule } from './features/tasks/tasks.module'; +import { AuthGuardsModule } from './common/guards/auth/authguards.module'; import { BlobstorageModule } from './gateways/blobstorage/blobstorage.module'; import { LicensesModule } from './features/licenses/licenses.module'; import { LicensesService } from './features/licenses/licenses.service'; @@ -71,6 +72,7 @@ import { LicensesController } from './features/licenses/licenses.controller'; NotificationhubModule, BlobstorageModule, LicensesModule, + AuthGuardsModule, ], controllers: [ HealthController, diff --git a/dictation_server/src/common/guards/auth/authguards.module.ts b/dictation_server/src/common/guards/auth/authguards.module.ts new file mode 100644 index 0000000..b87a961 --- /dev/null +++ b/dictation_server/src/common/guards/auth/authguards.module.ts @@ -0,0 +1,9 @@ +import { Module } from '@nestjs/common'; +import { AuthGuard } from './authguards'; + +@Module({ + imports: [], + controllers: [], + providers: [AuthGuard], +}) +export class AuthGuardsModule {} diff --git a/dictation_server/src/common/guards/auth/authguards.ts b/dictation_server/src/common/guards/auth/authguards.ts new file mode 100644 index 0000000..355ac66 --- /dev/null +++ b/dictation_server/src/common/guards/auth/authguards.ts @@ -0,0 +1,41 @@ +import { + Injectable, + CanActivate, + ExecutionContext, + HttpException, + HttpStatus, +} from '@nestjs/common'; +import { ConfigService } from '@nestjs/config'; +import { Request } from 'express'; +import { isVerifyError, verify } from '../../jwt'; +import { AccessToken } from '../../token'; +import { retrieveAuthorizationToken } from '../../http/helper'; +import { makeErrorResponse } from '../../error/makeErrorResponse'; + +@Injectable() +export class AuthGuard implements CanActivate { + constructor(private readonly configService: ConfigService) {} + + canActivate(context: ExecutionContext): boolean | Promise { + const pubkey = this.configService + .getOrThrow('JWT_PUBLIC_KEY') + .replace('\\n', '\n'); + const req = context.switchToHttp().getRequest(); + + const token = retrieveAuthorizationToken(req); + if (!token) { + throw new HttpException( + makeErrorResponse('E000107'), + HttpStatus.UNAUTHORIZED, + ); + } + const payload = verify(token, pubkey); + if (isVerifyError(payload)) { + throw new HttpException( + makeErrorResponse('E000101'), + HttpStatus.UNAUTHORIZED, + ); + } + return true; + } +} diff --git a/dictation_server/src/common/guards/role/roleguards.spec.ts b/dictation_server/src/common/guards/role/roleguards.spec.ts new file mode 100644 index 0000000..b863438 --- /dev/null +++ b/dictation_server/src/common/guards/role/roleguards.spec.ts @@ -0,0 +1,65 @@ +import { RoleGuard } from './roleguards'; + +describe('RoleGuard', () => { + it('1つの許可Roleが設定時、完全に一致するroleを持つ場合、許可される', () => { + const guards = RoleGuard.requireds({ roles: ['author'] }); + expect(guards.checkRole('author')).toBeTruthy(); + }); + it('1つの許可Roleが設定時、その許可roleを含むroleを持つ場合、許可される', () => { + const guards = RoleGuard.requireds({ roles: ['author'] }); + // 'author admin'が許可リスト(author)に含まれるので許可 + expect(guards.checkRole('author admin')).toBeTruthy(); + }); + it('author OR adminの許可Roleが設定時、その許可roleを含むroleを持つ場合、許可される', () => { + const guards = RoleGuard.requireds({ roles: ['author', 'admin'] }); + // authorが許可リスト([authorまたはadmin])に含まれるので許可 + expect(guards.checkRole('author')).toBeTruthy(); + // adminが許可リスト([authorまたはadmin])に含まれるので許可 + expect(guards.checkRole('admin')).toBeTruthy(); + // adminが許可リスト([authorまたはadmin])に含まれるので許可 + expect(guards.checkRole('author admin')).toBeTruthy(); + }); + it('author OR adminの許可Roleが設定時、その許可roleを含むroleを持たない場合、拒否される', () => { + const guards = RoleGuard.requireds({ roles: ['author', 'admin'] }); + // typistが許可リスト([authorまたはadmin])に含まれないので拒否 + expect(guards.checkRole('typist')).toBeFalsy(); + }); + it('author AND adminの許可Roleが設定時、その許可roleを含むroleを持つ場合、許可される', () => { + const guards = RoleGuard.requireds({ roles: [['author', 'admin']] }); + // 'author admin'が許可リスト([authorかつadmin])に含まれるので許可 + expect(guards.checkRole('author admin')).toBeTruthy(); + // 'typist author admin'が許可リスト([authorかつadmin])に含まれるので許可 + expect(guards.checkRole('typist author admin')).toBeTruthy(); + }); + it('author AND adminの許可Roleが設定時、その許可roleに合致しないroleを持つ場合、拒否される', () => { + const guards = RoleGuard.requireds({ roles: [['author', 'admin']] }); + // authorが許可リスト([authorかつadmin])に含まれないので拒否 + expect(guards.checkRole('author')).toBeFalsy(); + // adminが許可リスト([authorかつadmin])に含まれないので拒否 + expect(guards.checkRole('admin')).toBeFalsy(); + // typistが許可リスト([authorかつadmin])に含まれないので拒否 + expect(guards.checkRole('typist')).toBeFalsy(); + }); + it('(author AND admin) OR typistの許可Roleが設定時、その許可roleを含むroleを持つ場合、許可される', () => { + const guards = RoleGuard.requireds({ + roles: [['author', 'admin'], 'typist'], + }); + // typistが許可リスト(typist)に含まれないので許可 + expect(guards.checkRole('typist')).toBeTruthy(); + // 'author admin'が許可リスト([authorかつadmin])に含まれるので許可 + expect(guards.checkRole('author admin')).toBeTruthy(); + // 'typist author admin'が許可リスト([authorかつadmin],typist)に含まれるので許可 + expect(guards.checkRole('typist author admin')).toBeTruthy(); + }); + it('(author AND admin) OR typistの許可Roleが設定時、その許可roleを含むroleを持たない場合、拒否される', () => { + const guards = RoleGuard.requireds({ + roles: [['author', 'admin'], 'typist'], + }); + // authorが許可リスト([authorかつadmin])に含まれないので拒否 + expect(guards.checkRole('author')).toBeFalsy(); + // adminが許可リスト([authorかつadmin])に含まれないので拒否 + expect(guards.checkRole('admin')).toBeFalsy(); + // ""が許可リスト([authorかつadmin])に含まれないので拒否 + expect(guards.checkRole('')).toBeFalsy(); + }); +}); diff --git a/dictation_server/src/common/guards/role/roleguards.ts b/dictation_server/src/common/guards/role/roleguards.ts new file mode 100644 index 0000000..13472c0 --- /dev/null +++ b/dictation_server/src/common/guards/role/roleguards.ts @@ -0,0 +1,103 @@ +import { + CanActivate, + ExecutionContext, + HttpException, + HttpStatus, +} from '@nestjs/common'; +import { isVerifyError, decode } from '../../jwt'; +import { AccessToken } from '../../token'; +import { Request } from 'express'; +import { retrieveAuthorizationToken } from '../../../common/http/helper'; +import { makeErrorResponse } from '../../../common/error/makeErrorResponse'; + +export type RoleType = 'typist' | 'author' | 'none' | 'admin'; + +export interface RoleSetting { + roles: (RoleType | RoleType[])[]; +} + +export class RoleGuard implements CanActivate { + settings?: RoleSetting; + + // eslint-disable-next-line @typescript-eslint/no-empty-function + private constructor() {} + + canActivate(context: ExecutionContext): boolean | Promise { + const req = context.switchToHttp().getRequest(); + + const token = retrieveAuthorizationToken(req); + if (!token) { + throw new HttpException( + makeErrorResponse('E000101'), + HttpStatus.UNAUTHORIZED, + ); + } + + const payload = decode(token); + if (isVerifyError(payload)) { + throw new HttpException( + makeErrorResponse('E000101'), + HttpStatus.UNAUTHORIZED, + ); + } + + // 設定が空なら通過 + if (!this.settings) { + return true; + } + + const isValid = this.checkRole(payload.role); + if (isValid) { + return true; + } + + // すべての権限セットに合致していなければ例外を送出 + throw new HttpException( + makeErrorResponse('E000108'), + HttpStatus.UNAUTHORIZED, + ); + } + + /** + * ※ テストコード以外からの直接呼び出しは禁止。テスト容易性のため、publicメソッドとして切り出したもの。 + * 役割の判別を行う + * @param role アクセストークンに含まれるroleの値 + * @returns true/false + */ + checkRole(role: string): boolean { + const { roles } = this.settings; + + const userRoles = role.split(' '); + + // Role毎にAccessTokenの権限チェックを行う + for (let i = 0; i < roles.length; i++) { + const role = roles[i]; + let isValid = false; + if (Array.isArray(role)) { + isValid = role.every((x) => userRoles.includes(x)); + } else { + isValid = userRoles.includes(role); + } + + // 一つでも合格したら通過 + if (isValid) { + return true; + } + } + return false; + } + + /** + * 権限の許可設定を指定したGuardを作成する + * { roles: ['admin', 'author'] } "admin"または"author"なら許可 + * { roles: [['admin', 'author']] } "adminかつauthor"なら許可 + * { roles: ['typist', ['admin', 'author']] } "typist"または"adminかつauthor"なら許可 + * @param [settings] + * @returns requireds + */ + static requireds(settings?: RoleSetting): RoleGuard { + const guard = new RoleGuard(); + guard.settings = settings; + return guard; + } +} diff --git a/dictation_server/src/common/http/helper.ts b/dictation_server/src/common/http/helper.ts index 660ceee..6c0cdd7 100644 --- a/dictation_server/src/common/http/helper.ts +++ b/dictation_server/src/common/http/helper.ts @@ -1,11 +1,13 @@ import { Request } from 'express'; /** - * アクセストークンを取り出す + * Authorizationヘッダに格納された文字列(jwt)を取得します * @param {Request} * @return {string | undefined} */ -export const retrieveAccessToken = (req: Request): string | undefined => { +export const retrieveAuthorizationToken = ( + req: Request, +): string | undefined => { const header = req.header('Authorization'); if (typeof header === 'string') { diff --git a/dictation_server/src/common/jwt/index.ts b/dictation_server/src/common/jwt/index.ts index aea44b5..79d6486 100644 --- a/dictation_server/src/common/jwt/index.ts +++ b/dictation_server/src/common/jwt/index.ts @@ -1,3 +1,3 @@ -import { isVerifyError, sign, verify } from './jwt'; +import { isVerifyError, sign, verify, decode } from './jwt'; -export { isVerifyError, sign, verify }; +export { isVerifyError, sign, verify, decode }; diff --git a/dictation_server/src/common/jwt/jwt.ts b/dictation_server/src/common/jwt/jwt.ts index 4625f89..00a5714 100644 --- a/dictation_server/src/common/jwt/jwt.ts +++ b/dictation_server/src/common/jwt/jwt.ts @@ -88,3 +88,39 @@ export const verify = ( } } }; + +/** + * tokenから未検証のJWTのpayloadを取得します + * @param {string} token JWT + * @return {T | VerifyError} Payload または デコードエラーの内容を表すオブジェクト + */ +export const decode = (token: string): T | VerifyError => { + try { + const payload = jwt.decode(token, { + json: true, + }) as T; + return payload; + } catch (e) { + if (e instanceof jwt.TokenExpiredError) { + return { + reason: 'ExpiredError', + message: e.message, + }; + } else if (e instanceof jwt.NotBeforeError) { + return { + reason: 'InvalidTimeStamp', + message: e.message, + }; + } else if (e instanceof jwt.JsonWebTokenError) { + return { + reason: 'InvalidToken', + message: e.message, + }; + } else { + return { + reason: 'Unknown', + message: e.message, + }; + } + } +}; diff --git a/dictation_server/src/features/auth/auth.controller.ts b/dictation_server/src/features/auth/auth.controller.ts index c6b2fb1..2882b83 100644 --- a/dictation_server/src/features/auth/auth.controller.ts +++ b/dictation_server/src/features/auth/auth.controller.ts @@ -1,10 +1,10 @@ import { Body, Controller, - Headers, HttpException, HttpStatus, Post, + Req, } from '@nestjs/common'; import { ApiResponse, @@ -20,6 +20,7 @@ import { TokenRequest, TokenResponse, } from './types/types'; +import { retrieveAuthorizationToken } from '../../common/http/helper'; @ApiTags('auth') @Controller('auth') @@ -94,22 +95,18 @@ export class AuthController { operationId: 'accessToken', description: 'リフレッシュトークンを元にアクセストークンを再生成します', }) - async accessToken(@Headers() headers): Promise { - console.log(headers['authorization']); - const header = headers['authorization']; - if (typeof header === 'string') { - if (header.startsWith('Bearer ')) { - const refreshToken = header.substring('Bearer '.length, header.length); - const accessToken = await this.authService.generateAccessToken( - refreshToken, - ); - - return { accessToken }; - } + async accessToken(@Req() req): Promise { + const refreshToken = retrieveAuthorizationToken(req); + if (refreshToken !== undefined) { + throw new HttpException( + makeErrorResponse('E009999'), + HttpStatus.UNAUTHORIZED, + ); } - throw new HttpException( - makeErrorResponse('E009999'), - HttpStatus.UNAUTHORIZED, + + const accessToken = await this.authService.generateAccessToken( + refreshToken, ); + return { accessToken }; } } diff --git a/dictation_server/src/features/files/files.controller.spec.ts b/dictation_server/src/features/files/files.controller.spec.ts index 4e79c99..9b7eb76 100644 --- a/dictation_server/src/features/files/files.controller.spec.ts +++ b/dictation_server/src/features/files/files.controller.spec.ts @@ -1,12 +1,19 @@ import { Test, TestingModule } from '@nestjs/testing'; import { FilesController } from './files.controller'; import { FilesService } from './files.service'; +import { ConfigModule } from '@nestjs/config'; describe('FilesController', () => { let controller: FilesController; const mockFilesService = {}; beforeEach(async () => { const module: TestingModule = await Test.createTestingModule({ + imports: [ + ConfigModule.forRoot({ + envFilePath: ['.env.local', '.env'], + isGlobal: true, + }), + ], controllers: [FilesController], providers: [FilesService], }) diff --git a/dictation_server/src/features/files/files.controller.ts b/dictation_server/src/features/files/files.controller.ts index 967e53a..126d7c8 100644 --- a/dictation_server/src/features/files/files.controller.ts +++ b/dictation_server/src/features/files/files.controller.ts @@ -6,6 +6,7 @@ import { HttpStatus, Post, Query, + UseGuards, } from '@nestjs/common'; import { ApiBearerAuth, @@ -27,6 +28,7 @@ import { TemplateDownloadLocationRequest, TemplateDownloadLocationResponse, } from './types/types'; +import { AuthGuard } from '../../common/guards/auth/authguards'; @ApiTags('files') @Controller('files') diff --git a/dictation_server/src/features/licenses/licenses.controller.spec.ts b/dictation_server/src/features/licenses/licenses.controller.spec.ts index 6577dce..70daf6c 100644 --- a/dictation_server/src/features/licenses/licenses.controller.spec.ts +++ b/dictation_server/src/features/licenses/licenses.controller.spec.ts @@ -1,6 +1,7 @@ import { Test, TestingModule } from '@nestjs/testing'; import { LicensesController } from './licenses.controller'; import { LicensesService } from './licenses.service'; +import { ConfigModule } from '@nestjs/config'; describe('LicensesController', () => { let controller: LicensesController; @@ -8,6 +9,12 @@ describe('LicensesController', () => { beforeEach(async () => { const module: TestingModule = await Test.createTestingModule({ + imports: [ + ConfigModule.forRoot({ + envFilePath: ['.env.local', '.env'], + isGlobal: true, + }), + ], controllers: [LicensesController], providers: [LicensesService], }) diff --git a/dictation_server/src/features/licenses/licenses.controller.ts b/dictation_server/src/features/licenses/licenses.controller.ts index 57f5d87..b64dced 100644 --- a/dictation_server/src/features/licenses/licenses.controller.ts +++ b/dictation_server/src/features/licenses/licenses.controller.ts @@ -1,4 +1,11 @@ -import { Body, Controller, HttpStatus, Post, Req } from '@nestjs/common'; +import { + Body, + Controller, + HttpStatus, + Post, + Req, + UseGuards, +} from '@nestjs/common'; import { ApiResponse, ApiTags, @@ -9,6 +16,7 @@ import { ErrorResponse } from '../../common/error/types/types'; import { LicensesService } from './licenses.service'; import { CreateOrdersResponse, CreateOrdersRequest } from './types/types'; import { Request } from 'express'; +import { AuthGuard } from '../../common/guards/auth/authguards'; @ApiTags('licenses') @Controller('licenses') diff --git a/dictation_server/src/features/tasks/tasks.controller.spec.ts b/dictation_server/src/features/tasks/tasks.controller.spec.ts index 73b5846..01e7e75 100644 --- a/dictation_server/src/features/tasks/tasks.controller.spec.ts +++ b/dictation_server/src/features/tasks/tasks.controller.spec.ts @@ -1,12 +1,19 @@ import { Test, TestingModule } from '@nestjs/testing'; import { TasksController } from './tasks.controller'; import { TasksService } from './tasks.service'; +import { ConfigModule } from '@nestjs/config'; describe('TasksController', () => { let controller: TasksController; const mockTaskService = {}; beforeEach(async () => { const module: TestingModule = await Test.createTestingModule({ + imports: [ + ConfigModule.forRoot({ + envFilePath: ['.env.local', '.env'], + isGlobal: true, + }), + ], controllers: [TasksController], providers: [TasksService], }) diff --git a/dictation_server/src/features/tasks/tasks.controller.ts b/dictation_server/src/features/tasks/tasks.controller.ts index 598fab4..1abb828 100644 --- a/dictation_server/src/features/tasks/tasks.controller.ts +++ b/dictation_server/src/features/tasks/tasks.controller.ts @@ -6,12 +6,13 @@ import { Param, Post, Query, + UseGuards, } from '@nestjs/common'; import { ApiResponse, ApiOperation, - ApiBearerAuth, ApiTags, + ApiBearerAuth, } from '@nestjs/swagger'; import { ErrorResponse } from '../../common/error/types/types'; import { TasksService } from './tasks.service'; @@ -23,6 +24,7 @@ import { TasksRequest, TasksResponse, } from './types/types'; +import { AuthGuard } from '../../common/guards/auth/authguards'; @ApiTags('tasks') @Controller('tasks') diff --git a/dictation_server/src/features/users/users.controller.spec.ts b/dictation_server/src/features/users/users.controller.spec.ts index 90544fe..851ceb0 100644 --- a/dictation_server/src/features/users/users.controller.spec.ts +++ b/dictation_server/src/features/users/users.controller.spec.ts @@ -2,6 +2,7 @@ import { Test, TestingModule } from '@nestjs/testing'; import { UsersController } from './users.controller'; import { UsersService } from './users.service'; import { CryptoService } from '../../gateways/crypto/crypto.service'; +import { ConfigModule } from '@nestjs/config'; describe('UsersController', () => { let controller: UsersController; @@ -10,6 +11,12 @@ describe('UsersController', () => { beforeEach(async () => { const module: TestingModule = await Test.createTestingModule({ + imports: [ + ConfigModule.forRoot({ + envFilePath: ['.env.local', '.env'], + isGlobal: true, + }), + ], controllers: [UsersController], providers: [UsersService, CryptoService], }) diff --git a/dictation_server/src/features/users/users.controller.ts b/dictation_server/src/features/users/users.controller.ts index 5d0ff75..efe8c68 100644 --- a/dictation_server/src/features/users/users.controller.ts +++ b/dictation_server/src/features/users/users.controller.ts @@ -2,10 +2,11 @@ import { Body, Controller, Get, - HttpException, HttpStatus, Post, Req, + UseGuards, + HttpException, } from '@nestjs/common'; import { ApiBearerAuth, @@ -17,7 +18,7 @@ import { Request } from 'express'; import { confirmPermission } from '../../common/auth/auth'; import { makeErrorResponse } from '../../common/error/makeErrorResponse'; import { ErrorResponse } from '../../common/error/types/types'; -import { retrieveAccessToken } from '../../common/http/helper'; +import { retrieveAuthorizationToken } from '../../common/http/helper'; import { isVerifyError, verify } from '../../common/jwt/jwt'; import { AccessToken } from '../../common/token'; import { CryptoService } from '../../gateways/crypto/crypto.service'; @@ -30,6 +31,8 @@ import { SignupResponse, } from './types/types'; import { UsersService } from './users.service'; +import { AuthGuard } from '../../common/guards/auth/authguards'; +import { RoleGuard } from '../../common/guards/role/roleguards'; @ApiTags('users') @Controller('users') @@ -103,13 +106,15 @@ export class UsersController { }) @ApiOperation({ operationId: 'getUsers' }) @ApiBearerAuth() + // @UseGuards(AuthGuard) + // @UseGuards(RoleGuard.requireds({ roles: ['admin', 'author'] })) @Get() async getUsers(@Req() req: Request): Promise { console.log(req.header('Authorization')); // アクセストークンにより権限を確認する const pubKey = await this.cryptoService.getPublicKey(); - const accessToken = retrieveAccessToken(req); + const accessToken = retrieveAuthorizationToken(req); // アクセストークンが存在しない場合のエラー if (accessToken == undefined) { @@ -180,7 +185,7 @@ export class UsersController { // アクセストークンにより権限を確認する const pubKey = await this.cryptoService.getPublicKey(); - const accessToken = retrieveAccessToken(req); + const accessToken = retrieveAuthorizationToken(req); //アクセストークンが存在しない場合のエラー if (accessToken == undefined) {