From 1f03a4bdc3bf669baf4492919f56343f7b7ca334 Mon Sep 17 00:00:00 2001 From: akastijn Date: Sat, 2 Aug 2025 22:27:37 +0200 Subject: [PATCH] Implement `AuthGuard` for route protection, integrate authorization checks into `particles` route, and simplify `HeaderComponent` access logic. Remove redundant debug logging in `auth.service.ts`. --- frontend/src/app/app.routes.ts | 7 +++- frontend/src/app/guards/auth.guard.ts | 41 +++++++++++++++++++ .../pages/header/header/header.component.html | 8 ++-- frontend/src/app/services/auth.service.ts | 4 -- 4 files changed, 50 insertions(+), 10 deletions(-) create mode 100644 frontend/src/app/guards/auth.guard.ts diff --git a/frontend/src/app/app.routes.ts b/frontend/src/app/app.routes.ts index 77c504e..bc1f14c 100644 --- a/frontend/src/app/app.routes.ts +++ b/frontend/src/app/app.routes.ts @@ -1,4 +1,5 @@ import {Routes} from '@angular/router'; +import {AuthGuard} from './guards/auth.guard'; export const routes: Routes = [ { @@ -7,7 +8,11 @@ export const routes: Routes = [ }, { path: 'particles', - loadComponent: () => import('./pages/particles/particles.component').then(m => m.ParticlesComponent) + loadComponent: () => import('./pages/particles/particles.component').then(m => m.ParticlesComponent), + canActivate: [AuthGuard], + data: { + requiredAuthorizations: ['SCOPE_head_mod'] + } }, { path: 'map', diff --git a/frontend/src/app/guards/auth.guard.ts b/frontend/src/app/guards/auth.guard.ts new file mode 100644 index 0000000..8259a34 --- /dev/null +++ b/frontend/src/app/guards/auth.guard.ts @@ -0,0 +1,41 @@ +import {Injectable} from '@angular/core'; +import {ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot, UrlTree} from '@angular/router'; +import {Observable} from 'rxjs'; +import {AuthService} from '@services/auth.service'; + +@Injectable({ + providedIn: 'root' +}) +export class AuthGuard implements CanActivate { + + constructor( + private authService: AuthService, + private router: Router + ) { + } + + canActivate( + route: ActivatedRouteSnapshot, + state: RouterStateSnapshot + ): Observable | Promise | boolean | UrlTree { + + if (!this.authService.checkAuthStatus()) { + return this.router.createUrlTree(['/']); + } + + const requiredAuthorizations = route.data['requiredAuthorizations'] as string[]; + + if (!requiredAuthorizations || requiredAuthorizations.length === 0) { + return true; + } + + const userAuthorizations = this.authService.getUserAuthorizations(); + const hasAccess = requiredAuthorizations.some(auth => userAuthorizations.includes(auth)); + + if (!hasAccess) { + return this.router.createUrlTree(['/']); + } + + return true; + } +} diff --git a/frontend/src/app/pages/header/header/header.component.html b/frontend/src/app/pages/header/header/header.component.html index c1a0231..ba34a86 100644 --- a/frontend/src/app/pages/header/header/header.component.html +++ b/frontend/src/app/pages/header/header/header.component.html @@ -141,11 +141,9 @@
  • Special - @if (hasAccess(['SCOPE_head_mod'])) { - - } +
    • } @if (!isAuthenticated) { diff --git a/frontend/src/app/services/auth.service.ts b/frontend/src/app/services/auth.service.ts index d87f5c9..5e36b27 100644 --- a/frontend/src/app/services/auth.service.ts +++ b/frontend/src/app/services/auth.service.ts @@ -105,15 +105,11 @@ export class AuthService { */ public getUserAuthorizations(): string[] { const claims = this.userClaimsSubject.getValue(); - console.log("Retrieved user claims: ", claims); return claims?.authorities || []; } public hasAccess(requiredAuthorizations: string[]): boolean { const userAuthorizations = this.getUserAuthorizations(); - console.log("Required: ", requiredAuthorizations); - console.log("Auth: ", userAuthorizations); - console.log("hasAccess: ", requiredAuthorizations.some(auth => userAuthorizations.includes(auth))); return requiredAuthorizations.some(auth => userAuthorizations.includes(auth)); } }