frontend: Update routes to use runGuardsSerially when having multiple guards and add checkParticipantRoleAndAuthGuard to enforce authentication based on participant role and auth mode

2025-03-27 19:31:08 +01:00 · 2025-03-27 19:31:08 +01:00 · cf4b2ef340
commit cf4b2ef340
parent 23cdea5ca1
2 changed files with 53 additions and 8 deletions
--- a/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts
+++ b/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts
@ -1,6 +1,7 @@
 import { inject } from '@angular/core';
 import { ActivatedRouteSnapshot, CanActivateFn, Router, RouterStateSnapshot } from '@angular/router';
 import { AuthService, ContextService } from '../services';
+import { AuthMode, ParticipantRole } from '@lib/typings/ce';

 export const checkUserAuthenticatedGuard: CanActivateFn = async (
 	route: ActivatedRouteSnapshot,
@ -42,6 +43,40 @@ export const checkUserAuthenticatedGuard: CanActivateFn = async (
 	return true;
 };

+export const checkParticipantRoleAndAuthGuard: CanActivateFn = async (
+	_route: ActivatedRouteSnapshot,
+	state: RouterStateSnapshot
+) => {
+	const authService = inject(AuthService);
+	const contextService = inject(ContextService);
+	const router = inject(Router);
+
+	const participantRole = contextService.getParticipantRole();
+	const authMode = await contextService.getAuthModeToEnterRoom();
+
+	// If the user is a moderator and the room requires authentication for moderators only,
+	// or if the room requires authentication for all users,
+	// then check if the user is authenticated
+	const isAuthRequiredForModerators =
+		authMode === AuthMode.MODERATORS_ONLY && participantRole === ParticipantRole.MODERATOR;
+	const isAuthRequiredForAllUsers = authMode === AuthMode.ALL_USERS;
+	console.log('Participant role:', participantRole);
+
+	if (isAuthRequiredForModerators || isAuthRequiredForAllUsers) {
+		// Check if user is authenticated
+		const isAuthenticated = await authService.isUserAuthenticated();
+		if (!isAuthenticated) {
+			// Redirect to the login page with query param to redirect back to the room
+			return router.createUrlTree(['login'], {
+				queryParams: { redirectTo: state.url }
+			});
+		}
+	}
+
+	// Allow access to the room
+	return true;
+};
+
 export const checkUserNotAuthenticatedGuard: CanActivateFn = async (
 	route: ActivatedRouteSnapshot,
 	_state: RouterStateSnapshot
--- a/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts
+++ b/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts
@ -1,5 +1,4 @@
 import { Routes } from '@angular/router';
-
 import { UnauthorizedComponent, RoomCreatorDisabledComponent } from '../components';
 import {
 	checkUserAuthenticatedGuard,
@ -9,7 +8,9 @@ import {
 	extractQueryParamsGuard,
 	checkParticipantNameGuard,
 	replaceModeratorSecretGuard,
-	checkRoomCreatorEnabledGuard
+	checkRoomCreatorEnabledGuard,
+	checkParticipantRoleAndAuthGuard,
+	runGuardsSerially
 } from '../guards';
 import {
 	AboutComponent,
@ -34,8 +35,14 @@ export const baseRoutes: Routes = [
 	{
 		path: '',
 		component: RoomCreatorComponent,
-		canActivate: [checkRoomCreatorEnabledGuard, checkUserAuthenticatedGuard],
+		canActivate: [
+			runGuardsSerially(
+				checkRoomCreatorEnabledGuard,
+				checkUserAuthenticatedGuard
+			)
+		],
 		data: {
+			checkSkipAuth: true,
 			expectedRoles: [UserRole.USER],
 			redirectToUnauthorized: 'login',
 			redirectToInvalidRole: 'console'
@ -111,11 +118,14 @@ export const baseRoutes: Routes = [
 		path: 'room/:room-name',
 		component: VideoRoomComponent,
 		canActivate: [
-			applicationModeGuard,
-			extractQueryParamsGuard,
-			checkParticipantNameGuard,
-			validateRoomAccessGuard,
-			replaceModeratorSecretGuard
+			runGuardsSerially(
+				applicationModeGuard,
+				extractQueryParamsGuard,
+				checkParticipantNameGuard,
+				validateRoomAccessGuard,
+				checkParticipantRoleAndAuthGuard,
+				replaceModeratorSecretGuard
+			)
 		]
 	},
 	{