Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#034] 인가 구현 #35

Merged
merged 11 commits into from
Apr 9, 2024
Merged

[#034] 인가 구현 #35

merged 11 commits into from
Apr 9, 2024

Conversation

koomin1227
Copy link
Member

이슈

체크리스트

  • 인증된 사용자만이 api 접근하도록 가드 구현
  • 자원 소유자만 자원을 수정하는 가드 구현

고민한 내용

권한 가드 (OwnershipGuard)

  • 아무나 자원을 수정하게 할 수는 없다. 따라서 수정 할 권한이 있는지 확인 해야한다.
  • 수정하려고 요청하는 사용자 id와 인증된 토큰의 id 가 같은 경우 권한이 있는 것으로 판단하도록했다.
  • stat 을 관리하는 api 전반적으로 공통적인 내용이기 때문에 guard 로 분리하였다.

@koomin1227 koomin1227 requested a review from namewhat99 April 8, 2024 15:55
@koomin1227 koomin1227 self-assigned this Apr 8, 2024
namewhat99
namewhat99 reviewed Apr 9, 2024
View reviewed changes
src/auth/strategy/jwt.strategy.ts
async validate(payload: any) {
return { userId: payload.userId };
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Request 의 user 필드에 userId를 담는다

src/auth/guard/ownership.guard.ts

return true;
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ownership 에서는 AuthGuard 를 통과한 요청들에 request.user.userId 가 담겨있다. 이 userId 와 파라미터의 Id 를 비교해 해당 리소스를 소유한 사람인지 비교한다

namewhat99
namewhat99 approved these changes Apr 9, 2024
View reviewed changes
src/auth/strategy/jwt.strategy.ts
secretOrKey: configService.get('JWT_SECRET'),
});
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jwt 를 만드는 라이브러리랑 검증하는 라이브러리랑 달라서 그런데 혹시 postman 으로 했을때 통과됐나요? jwt token 은 @nestjs/jwt 에서 generate 되고 검증은 @nestjs/passport 를 사용해서 혹시나해서, 테스트 통과했으면 좋습니다~

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

넵 통과 됩니다. passport 에서 jwt strategy를 사용해서 jwt 확인 가능합니다

@koomin1227 koomin1227 merged commit 2ea91be into develop Apr 9, 2024
1 check passed
@koomin1227 koomin1227 deleted the feature/Authorization-#34 branch April 17, 2024 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@namewhat99 namewhat99 namewhat99 approved these changes

Assignees

@koomin1227 koomin1227

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@koomin1227 @namewhat99