116 lines
4.0 KiB
TypeScript
116 lines
4.0 KiB
TypeScript
import { inject } from '@angular/core';
|
|
import { ActivatedRouteSnapshot, CanActivateFn, RedirectCommand, Router, RouterStateSnapshot } from '@angular/router';
|
|
import { AuthService, ContextService, HttpService, SessionStorageService } from '../services';
|
|
import { AuthMode, ParticipantRole } from '@lib/typings/ce';
|
|
|
|
export const checkUserAuthenticatedGuard: CanActivateFn = async (
|
|
route: ActivatedRouteSnapshot,
|
|
_state: RouterStateSnapshot
|
|
) => {
|
|
const authService = inject(AuthService);
|
|
const router = inject(Router);
|
|
|
|
// Check if the route allows skipping authentication
|
|
const { checkSkipAuth } = route.data;
|
|
if (checkSkipAuth) {
|
|
const contextService = inject(ContextService);
|
|
const isAuthRequired = await contextService.isAuthRequiredToCreateRooms();
|
|
|
|
if (!isAuthRequired) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// Check if user is authenticated
|
|
const isAuthenticated = await authService.isUserAuthenticated();
|
|
if (!isAuthenticated) {
|
|
// Redirect to the login page specified in the route data when user is not authenticated
|
|
const { redirectToUnauthorized } = route.data;
|
|
return router.createUrlTree([redirectToUnauthorized]);
|
|
}
|
|
|
|
// Check if the user has the expected roles
|
|
const { expectedRoles } = route.data;
|
|
const userRole = await authService.getUserRole();
|
|
|
|
if (!expectedRoles.includes(userRole)) {
|
|
// Redirect to the page specified in the route data when user has an invalid role
|
|
const { redirectToInvalidRole } = route.data;
|
|
return router.createUrlTree([redirectToInvalidRole]);
|
|
}
|
|
|
|
// Allow access to the requested page
|
|
return true;
|
|
};
|
|
|
|
export const checkParticipantRoleAndAuthGuard: CanActivateFn = async (
|
|
_route: ActivatedRouteSnapshot,
|
|
state: RouterStateSnapshot
|
|
) => {
|
|
const router = inject(Router);
|
|
const authService = inject(AuthService);
|
|
const contextService = inject(ContextService);
|
|
const sessionStorageService = inject(SessionStorageService);
|
|
const httpService = inject(HttpService);
|
|
|
|
// Get the role that the participant will have in the room based on the room ID and secret
|
|
let participantRole: ParticipantRole;
|
|
|
|
try {
|
|
const roomId = contextService.getRoomId();
|
|
const secret = contextService.getSecret();
|
|
const storageSecret = sessionStorageService.getModeratorSecret(roomId);
|
|
|
|
const roomRoleAndPermissions = await httpService.getRoomRoleAndPermissions(roomId, storageSecret || secret);
|
|
participantRole = roomRoleAndPermissions.role;
|
|
} catch (error) {
|
|
console.error('Error getting participant role:', error);
|
|
return router.createUrlTree(['unauthorized'], { queryParams: { reason: 'unauthorized-participant' } });
|
|
}
|
|
|
|
const authMode = await contextService.getAuthModeToEnterRoom();
|
|
|
|
// If the user is a moderator and the room requires authentication for moderators only,
|
|
// or if the room requires authentication for all users,
|
|
// then check if the user is authenticated
|
|
const isAuthRequiredForModerators =
|
|
authMode === AuthMode.MODERATORS_ONLY && participantRole === ParticipantRole.MODERATOR;
|
|
const isAuthRequiredForAllUsers = authMode === AuthMode.ALL_USERS;
|
|
|
|
if (isAuthRequiredForModerators || isAuthRequiredForAllUsers) {
|
|
// Check if user is authenticated
|
|
const isAuthenticated = await authService.isUserAuthenticated();
|
|
if (!isAuthenticated) {
|
|
// Redirect to the login page with query param to redirect back to the room
|
|
const loginRoute = router.createUrlTree(['login'], {
|
|
queryParams: { redirectTo: state.url }
|
|
});
|
|
return new RedirectCommand(loginRoute, {
|
|
skipLocationChange: true
|
|
});
|
|
}
|
|
}
|
|
|
|
// Allow access to the room
|
|
return true;
|
|
};
|
|
|
|
export const checkUserNotAuthenticatedGuard: CanActivateFn = async (
|
|
route: ActivatedRouteSnapshot,
|
|
_state: RouterStateSnapshot
|
|
) => {
|
|
const authService = inject(AuthService);
|
|
const router = inject(Router);
|
|
|
|
// Check if user is not authenticated
|
|
const isAuthenticated = await authService.isUserAuthenticated();
|
|
if (isAuthenticated) {
|
|
// Redirect to the page specified in the route data
|
|
const { redirectTo } = route.data;
|
|
return router.createUrlTree([redirectTo]);
|
|
}
|
|
|
|
// Allow access to the requested page
|
|
return true;
|
|
};
|