feat(auth): Add role-based access management from OpenID Connect (#535)

* feat(auth): Add role-based access management from OpenID Connect Signed-off-by: Marvin A. Ruder <signed@mruder.dev> * Apply suggestions from code review Signed-off-by: Marvin A. Ruder <signed@mruder.dev> --------- Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
2024-07-17 23:25:42 +02:00
parent e5a0c649e3
commit 70fd2d94be
33 changed files with 160 additions and 38 deletions
--- a/backend/src/oauth/oauth.service.ts
+++ b/backend/src/oauth/oauth.service.ts
@@ -46,13 +46,16 @@ export class OAuthService {
        provider: user.provider,
        providerUserId: user.providerId,
      },
-      include: {
-        user: true,
-      },
    });
    if (oauthUser) {
+      await this.updateIsAdmin(user);
+      const updatedUser = await this.prisma.user.findFirst({
+        where: {
+          email: user.email,
+        },
+      });
      this.logger.log(`Successful login for user ${user.email} from IP ${ip}`);
-      return this.auth.generateToken(oauthUser.user, true);
+      return this.auth.generateToken(updatedUser, true);
    }

    return this.signUp(user, ip);
@@ -150,6 +153,7 @@ export class OAuthService {
          userId: existingUser.id,
        },
      });
+      await this.updateIsAdmin(user);
      return this.auth.generateToken(existingUser, true);
    }

@@ -160,6 +164,7 @@ export class OAuthService {
        password: null,
      },
      ip,
+      user.isAdmin,
    );

    await this.prisma.oAuthUser.create({
@@ -173,4 +178,16 @@ export class OAuthService {

    return result;
  }
+
+  private async updateIsAdmin(user: OAuthSignInDto) {
+    if ("isAdmin" in user)
+      await this.prisma.user.update({
+        where: {
+          email: user.email,
+        },
+        data: {
+          isAdmin: user.isAdmin,
+        },
+      });
+  }
 }