diff --git a/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts b/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts index 867cd5c..f4fe82d 100644 --- a/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts +++ b/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts @@ -1,6 +1,7 @@ import { inject } from '@angular/core'; import { ActivatedRouteSnapshot, CanActivateFn, Router, RouterStateSnapshot } from '@angular/router'; import { AuthService, ContextService } from '../services'; +import { AuthMode, ParticipantRole } from '@lib/typings/ce'; export const checkUserAuthenticatedGuard: CanActivateFn = async ( route: ActivatedRouteSnapshot, @@ -42,6 +43,40 @@ export const checkUserAuthenticatedGuard: CanActivateFn = async ( return true; }; +export const checkParticipantRoleAndAuthGuard: CanActivateFn = async ( + _route: ActivatedRouteSnapshot, + state: RouterStateSnapshot +) => { + const authService = inject(AuthService); + const contextService = inject(ContextService); + const router = inject(Router); + + const participantRole = contextService.getParticipantRole(); + const authMode = await contextService.getAuthModeToEnterRoom(); + + // If the user is a moderator and the room requires authentication for moderators only, + // or if the room requires authentication for all users, + // then check if the user is authenticated + const isAuthRequiredForModerators = + authMode === AuthMode.MODERATORS_ONLY && participantRole === ParticipantRole.MODERATOR; + const isAuthRequiredForAllUsers = authMode === AuthMode.ALL_USERS; + console.log('Participant role:', participantRole); + + if (isAuthRequiredForModerators || isAuthRequiredForAllUsers) { + // Check if user is authenticated + const isAuthenticated = await authService.isUserAuthenticated(); + if (!isAuthenticated) { + // Redirect to the login page with query param to redirect back to the room + return router.createUrlTree(['login'], { + queryParams: { redirectTo: state.url } + }); + } + } + + // Allow access to the room + return true; +}; + export const checkUserNotAuthenticatedGuard: CanActivateFn = async ( route: ActivatedRouteSnapshot, _state: RouterStateSnapshot diff --git a/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts b/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts index 87d6ff5..fc537d2 100644 --- a/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts +++ b/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts @@ -1,5 +1,4 @@ import { Routes } from '@angular/router'; - import { UnauthorizedComponent, RoomCreatorDisabledComponent } from '../components'; import { checkUserAuthenticatedGuard, @@ -9,7 +8,9 @@ import { extractQueryParamsGuard, checkParticipantNameGuard, replaceModeratorSecretGuard, - checkRoomCreatorEnabledGuard + checkRoomCreatorEnabledGuard, + checkParticipantRoleAndAuthGuard, + runGuardsSerially } from '../guards'; import { AboutComponent, @@ -34,8 +35,14 @@ export const baseRoutes: Routes = [ { path: '', component: RoomCreatorComponent, - canActivate: [checkRoomCreatorEnabledGuard, checkUserAuthenticatedGuard], + canActivate: [ + runGuardsSerially( + checkRoomCreatorEnabledGuard, + checkUserAuthenticatedGuard + ) + ], data: { + checkSkipAuth: true, expectedRoles: [UserRole.USER], redirectToUnauthorized: 'login', redirectToInvalidRole: 'console' @@ -111,11 +118,14 @@ export const baseRoutes: Routes = [ path: 'room/:room-name', component: VideoRoomComponent, canActivate: [ - applicationModeGuard, - extractQueryParamsGuard, - checkParticipantNameGuard, - validateRoomAccessGuard, - replaceModeratorSecretGuard + runGuardsSerially( + applicationModeGuard, + extractQueryParamsGuard, + checkParticipantNameGuard, + validateRoomAccessGuard, + checkParticipantRoleAndAuthGuard, + replaceModeratorSecretGuard + ) ] }, {