feat: add support for many roles for users

Author: VMihalov

generators/auth/templates/mongodb/jwt/src/decorators/serialization.decorator.ts

@@ -10,8 +10,8 @@ export function setSerializeType(target:any, serializeType: any) {
   Reflect.defineMetadata(SERIALIZE_TYPE_KEY, serializeType, target);
 }
 
-const Serialize = (role: any) => (proto: any, propName: any, descriptor: any) => {
-  setSerializeType(proto[propName], role);
+const Serialize = (roles: any) => (proto: any, propName: any, descriptor: any) => {
+  setSerializeType(proto[propName], roles);
   UseInterceptors(ClassSerializerInterceptor)(proto, propName, descriptor);
   UseInterceptors(SerializeInterceptor)(proto, propName, descriptor);
 };

generators/auth/templates/mongodb/jwt/src/guards/roles.guard.ts

@@ -1,23 +1,26 @@
+import { Request } from 'express';
 import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import { Request } from 'express';
+
 import { RolesEnum } from '@decorators/roles.decorator';
 import { UserDocument } from '@v1/users/schemas/users.schema';
 
 @Injectable()
 export default class RolesGuard implements CanActivate {
   constructor(
     private reflector: Reflector,
-  ) { }
+  ) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
-    const roles = this.reflector.get<string[]>('roles', context.getHandler());
+    const roles = this.reflector.get<RolesEnum[]>('roles', context.getHandler());
+
     if (!roles) {
       return true;
     }
+
     const request: Request = context.switchToHttp().getRequest();
     const user = request.user as UserDocument;
 
-    return user.role === RolesEnum.ADMIN || roles.includes(user.role);
+    return roles.some((role: RolesEnum) => user.roles.includes(role as RolesEnum));
   }
 }

generators/auth/templates/mongodb/jwt/src/interfaces/jwt-decode-response.interface.ts

@@ -3,7 +3,7 @@ import { RolesEnum } from '@decorators/roles.decorator';
 export interface JwtDecodeResponse {
   id: string,
   email: string,
-  role: RolesEnum,
+  roles: RolesEnum[],
   iat: number,
   exp: number,
 }

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/auth.controller.ts

@@ -218,7 +218,7 @@ export default class AuthController {
     const payload = {
       _id: decodedUser._id,
       email: decodedUser.email,
-      role: decodedUser.role,
+      roles: decodedUser.roles,
     };
 
     return this.authService.login(payload);

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/auth.service.ts

@@ -39,7 +39,7 @@ export default class AuthService {
       return {
         _id: user._id,
         email: user.email,
-        role: user.role,
+        roles: user.roles,
       };
     }
 
@@ -50,7 +50,7 @@ export default class AuthService {
     const payload: LoginPayload = {
       _id: data._id,
       email: data.email,
-      role: data.role,
+      roles: data.roles,
     };
 
     const accessToken = this.jwtService.sign(payload, {

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/interfaces/decoded-user.interface.ts

@@ -1,13 +1,15 @@
 import { Types } from 'mongoose';
 
+import { RolesEnum } from '@decorators/roles.decorator';
+
 export interface DecodedUser {
   readonly _id: Types.ObjectId;
 
   readonly email: string;
 
   readonly password: string;
 
-  readonly role: string;
+  readonly roles: RolesEnum[];
 
   readonly iat?: number;
 

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/interfaces/jwt-strategy-validate.interface.ts

@@ -4,5 +4,5 @@ import { RolesEnum } from '@decorators/roles.decorator';
 export interface JwtStrategyValidate {
   _id: Types.ObjectId;
   email: string;
-  role: RolesEnum;
+  roles: RolesEnum[];
 }

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/interfaces/login-payload.interface.ts

@@ -1,9 +1,11 @@
 import { Types } from 'mongoose';
 
+import { RolesEnum } from '@decorators/roles.decorator';
+
 export interface LoginPayload {
   readonly _id?: Types.ObjectId;
 
   readonly email: string;
 
-  readonly role: string;
+  readonly roles: RolesEnum[];
 }

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/interfaces/validate-user-output.interface.ts

@@ -4,5 +4,5 @@ import { RolesEnum } from '@decorators/roles.decorator';
 export interface ValidateUserOutput {
   _id: Types.ObjectId;
   email?: string;
-  role?: RolesEnum;
+  roles?: RolesEnum[];
 }

generators/auth/templates/mongodb/jwt/src/modules/v1/auth/strategies/jwt-access.strategy.ts

@@ -23,7 +23,7 @@ export default class JwtAccessStrategy extends PassportStrategy(Strategy, 'acces
     return {
       _id: payload._id,
       email: payload.email,
-      role: payload.role,
+      roles: payload.roles,
     };
   }
 }