diff --git a/dictation_client/src/common/token.ts b/dictation_client/src/common/token.ts index b5422ad..587a0ea 100644 --- a/dictation_client/src/common/token.ts +++ b/dictation_client/src/common/token.ts @@ -1,8 +1,8 @@ // トークンの型やtypeGuardの関数を配置するファイル -// TODO トークンの型は仮 export interface Token { userId: string; role: string; + tier: number; exp: number; iat: number; } @@ -16,6 +16,9 @@ export const isToken = (arg: any): arg is Token => { if (arg.role === undefined) { return false; } + if (arg.tier === undefined) { + return false; + } if (arg.exp === undefined) { return false; } diff --git a/dictation_server/src/common/error/code.ts b/dictation_server/src/common/error/code.ts index c430e3f..b6d1b2a 100644 --- a/dictation_server/src/common/error/code.ts +++ b/dictation_server/src/common/error/code.ts @@ -28,6 +28,7 @@ export const ErrorCodes = [ 'E010203', // 管理ユーザ権限エラー 'E010204', // ユーザ不在エラー 'E010205', // DBのRoleが想定外の値エラー + 'E010206', // DBのTierが想定外の値エラー 'E010301', // メールアドレス登録済みエラー 'E010302', // authorId重複エラー 'E010401', // PONumber重複エラー diff --git a/dictation_server/src/common/error/message.ts b/dictation_server/src/common/error/message.ts index 060dabe..e75953b 100644 --- a/dictation_server/src/common/error/message.ts +++ b/dictation_server/src/common/error/message.ts @@ -17,6 +17,7 @@ export const errors: Errors = { E010203: 'Administrator Permissions Error.', E010204: 'User not Found Error.', E010205: 'Role from DB is unexpected value Error.', + E010206: 'Tier from DB is unexpected value Error.', E010301: 'This email user already created Error', E010302: 'This AuthorId already used Error', E010401: 'This PoNumber already used Error', diff --git a/dictation_server/src/common/token/types.ts b/dictation_server/src/common/token/types.ts index 59542d3..059afc0 100644 --- a/dictation_server/src/common/token/types.ts +++ b/dictation_server/src/common/token/types.ts @@ -7,6 +7,10 @@ export type RefreshToken = { * 半角スペース区切りのRoleを表現する文字列(ex. "author admin") */ role: string; + /** + * アカウントの階層情報(1~5までの半角数字) + */ + tier: number; }; export type AccessToken = { @@ -18,6 +22,10 @@ export type AccessToken = { * 半角スペース区切りのRoleを表現する文字列(ex. "author admin") */ role: string; + /** + * アカウントの階層情報(1~5までの半角数字) + */ + tier: number; }; export type IDToken = { diff --git a/dictation_server/src/features/auth/auth.service.ts b/dictation_server/src/features/auth/auth.service.ts index 9657ac0..d59c653 100644 --- a/dictation_server/src/features/auth/auth.service.ts +++ b/dictation_server/src/features/auth/auth.service.ts @@ -72,6 +72,19 @@ export class AuthService { HttpStatus.INTERNAL_SERVER_ERROR, ); } + // Tierのチェック + const minTier = 1; + const maxTier = 5; + const userTier = user.account.tier; + if (userTier < minTier || userTier > maxTier) { + this.logger.error( + `Tier from DB is unexpected value. tier=${user.account.tier}`, + ); + throw new HttpException( + makeErrorResponse('E010206'), + HttpStatus.INTERNAL_SERVER_ERROR, + ); + } // 要求された環境用トークンの寿命を決定 const refreshTokenLifetime = type === 'web' ? lifetimeWeb : lifetimeDefault; @@ -105,6 +118,7 @@ export class AuthService { ? ADMIN_ROLES.ADMIN : ADMIN_ROLES.STANDARD }`, + tier: user.account.tier, userId: idToken.sub, }, refreshTokenLifetime, @@ -132,6 +146,7 @@ export class AuthService { const accessToken = sign( { role: token.role, + tier: token.tier, userId: token.userId, }, lifetime,