murat/enerport-web-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
61ee0b6e89de4af4c4b17691ab0f140e6319b3b6
enerport-web-app/src/app/guards/auth.guard.ts
Murat Özkorkmaz 61ee0b6e89 Initial commit
2025-10-09 10:42:03 +02:00

61 lines
2.3 KiB
TypeScript
Raw Blame History

import { AuthGuardData, createAuthGuard, KeycloakService } from 'keycloak-angular';
import { ActivatedRouteSnapshot, CanActivateFn, Router, RouterStateSnapshot, UrlTree } from '@angular/router';
import { inject } from '@angular/core';
import { appConfig } from '../../app.config';
import Keycloak from 'keycloak-js';
/**
* The logic below is a simple example, please make it more robust when implementing in your application.
*
* Reason: isAccessGranted is not validating the resource, since it is merging all roles. Two resources might
* have the same role name, and it makes sense to validate it more granular.
*/
const isAccessAllowed = async (
route: ActivatedRouteSnapshot,
__: RouterStateSnapshot,
authData: AuthGuardData
): Promise<boolean | UrlTree> => {
const marker_start = '======================= auth.guard >>> =======================';
const marker_end = '\n======================= <<< auth.guard =======================';
console.debug(marker_start);
const { authenticated, grantedRoles } = authData;
console.debug('authData', authData);
// console.debug('authenticated', authenticated);
// console.debug('grantedRoles', grantedRoles);
// console.debug('grantedRoles - realmRoles', grantedRoles.realmRoles);
// console.debug('grantedRoles - resourceRoles', grantedRoles.resourceRoles);
const requiredRole = route.data['role'];
// console.debug('requiredRole', requiredRole);
if (!requiredRole) {
// console.debug('No role required for this route.');
return false;
}
const router = inject(Router);
const notAllowed = router.parseUrl('/auth/access');
const keycloak = inject(Keycloak);
if (!authenticated) {
console.debug('you are not authenticated. please authenticate first.' + marker_end);
// await keycloak.login({ redirectUri: window.location.href });
return notAllowed;
}
const hasRequiredRealmRole = requiredRole.some((role: string) => {
return grantedRoles.realmRoles.includes(role);
});
if (hasRequiredRealmRole) {
console.debug('you have the required realm role' + marker_end);
return true;
}
console.debug('you do not have permission to visit this page.' + marker_end);
return notAllowed;
};
// @ts-ignore
export const canActivateAuthRole = createAuthGuard<CanActivateFn>(isAccessAllowed);
Reference in New Issue View Git Blame Copy Permalink