frontend: Refactor authentication guards to use user roles and improve redirection logic

2025-03-21 01:42:11 +01:00 · 2025-03-21 01:42:11 +01:00 · 59320f517d
commit 59320f517d
parent 280dbea6dc
2 changed files with 52 additions and 17 deletions
--- a/frontend/projects/shared-meet-components/src/lib/guards/admin-auth.guard.ts
+++ b/frontend/projects/shared-meet-components/src/lib/guards/admin-auth.guard.ts
@ -1,19 +1,32 @@
 import { inject } from '@angular/core';
 import { ActivatedRouteSnapshot, CanActivateFn, Router, RouterStateSnapshot } from '@angular/router';
 import { AuthService } from '../services';
+import { Role } from '@lib/typings/ce';

-export const checkAdminAuthenticatedGuard: CanActivateFn = async (
+export const checkUserAuthenticatedGuard: CanActivateFn = async (
 	route: ActivatedRouteSnapshot,
-	state: RouterStateSnapshot
+	_state: RouterStateSnapshot
 ) => {
 	const authService = inject(AuthService);
 	const router = inject(Router);

 	// Check if admin is authenticated
-	const isAuthenticated = await authService.isAdminAuthenticated();
+	const isAuthenticated = await authService.isUserAuthenticated();
 	if (!isAuthenticated) {
-		// Redirect to login page
-		router.navigate(['console/login']);
+		// Redirect to the login page specified in the route data when user is not authenticated
+		const { redirectToUnauthorized } = route.data;
+		router.navigate([redirectToUnauthorized]);
+		return false;
+	}
+
+	// Check if the user has the expected roles
+	const { expectedRoles } = route.data;
+	const userRole = authService.isAdmin() ? Role.ADMIN : Role.USER;
+
+	if (!expectedRoles.includes(userRole)) {
+		// Redirect to the page specified in the route data when user has an invalid role
+		const { redirectToInvalidRole } = route.data;
+		router.navigate([redirectToInvalidRole]);
 		return false;
 	}

@ -21,18 +34,19 @@ export const checkAdminAuthenticatedGuard: CanActivateFn = async (
 	return true;
 };

-export const checkAdminNotAuthenticatedGuard: CanActivateFn = async (
+export const checkUserNotAuthenticatedGuard: CanActivateFn = async (
 	route: ActivatedRouteSnapshot,
-	state: RouterStateSnapshot
+	_state: RouterStateSnapshot
 ) => {
 	const authService = inject(AuthService);
 	const router = inject(Router);

-	// Check if admin is not authenticated
-	const isAuthenticated = await authService.isAdminAuthenticated();
+	// Check if user is not authenticated
+	const isAuthenticated = await authService.isUserAuthenticated();
 	if (isAuthenticated) {
-		// Redirect to console page
-		router.navigate(['console']);
+		// Redirect to the page specified in the route data
+		const { redirectTo } = route.data;
+		router.navigate([redirectTo]);
 		return false;
 	}

--- a/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts
+++ b/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts
@ -2,8 +2,8 @@ import { Routes } from '@angular/router';

 import { UnauthorizedComponent } from '../components';
 import {
-	checkAdminAuthenticatedGuard,
-	checkAdminNotAuthenticatedGuard,
+	checkUserAuthenticatedGuard,
+	checkUserNotAuthenticatedGuard,
 	validateRoomAccessGuard,
 	applicationModeGuard,
 	extractQueryParamsGuard,
@ -26,21 +26,42 @@ import {
 	VideoRoomComponent
 } from '../pages';
 import { LoginComponent } from '@lib/pages/login/login.component';
+import { Role } from '@lib/typings/ce';

 export const baseRoutes: Routes = [
-	{ path: '', component: RoomCreatorComponent },
-	{ path: 'login', component: LoginComponent },
+	{
+		path: '',
+		component: RoomCreatorComponent,
+		canActivate: [checkUserAuthenticatedGuard],
+		data: {
+			expectedRoles: [Role.USER],
+			redirectToUnauthorized: 'login',
+			redirectToInvalidRole: 'console'
+		}
+	},
+	{
+		path: 'login',
+		component: LoginComponent,
+		canActivate: [checkUserNotAuthenticatedGuard],
+		data: { redirectTo: '' }
+	},
 	{ path: 'disconnected', component: DisconnectedComponent },
 	{ path: 'unauthorized', component: UnauthorizedComponent },
 	{
 		path: 'console/login',
 		component: ConsoleLoginComponent,
-		canActivate: [checkAdminNotAuthenticatedGuard]
+		canActivate: [checkUserNotAuthenticatedGuard],
+		data: { redirectTo: 'console' }
 	},
 	{
 		path: 'console',
 		component: ConsoleComponent,
-		canActivate: [checkAdminAuthenticatedGuard],
+		canActivate: [checkUserAuthenticatedGuard],
+		data: {
+			expectedRoles: [Role.ADMIN],
+			redirectToUnauthorized: 'console/login',
+			redirectToInvalidRole: ''
+		},
 		children: [
 			{
 				path: '',