Angular Security course

Author: jhades

server/security.utils.ts

@@ -28,7 +28,7 @@ export async function createSessionToken(user: DbUser) {
         },
         RSA_PRIVATE_KEY, {
         algorithm: 'RS256',
-        expiresIn: 240,
+        expiresIn: 7200,
         subject: user.id.toString()
     });
 }

src/app/app.component.html

@@ -9,7 +9,7 @@
         <li>
             <a routerLink="/lessons">Lessons</a>
         </li>
-        <li>
+        <li *rbacAllow="['ADMIN']">
             <a routerLink="/admin">Admin</a>
         </li>
         <li *ngIf="isLoggedOut$ | async">

src/app/app.module.ts

@@ -23,6 +23,7 @@ import 'rxjs/add/observable/of';
 import { AdminComponent } from './admin/admin.component';
 import {AuthorizationGuard} from "./services/auth.guard";
 import {Router, RouterModule} from "@angular/router";
+import {RbacAllow} from "./common/rbac-allow.directive";
 
 
 
@@ -34,7 +35,8 @@ import {Router, RouterModule} from "@angular/router";
     LessonsComponent,
     LoginComponent,
     SignupComponent,
-    AdminComponent
+    AdminComponent,
+    RbacAllow
   ],
   imports: [
     BrowserModule,

src/app/common/rbac-allow.directive.ts

@@ -0,0 +1,64 @@
+
+import {Directive, Input, OnDestroy, TemplateRef, ViewContainerRef} from "@angular/core";
+import {AuthService} from "../services/auth.service";
+import {User} from "../model/user";
+import * as _ from 'lodash';
+import {Subscription} from "rxjs/Subscription";
+
+
+
+@Directive({
+    selector: "[rbacAllow]"
+})
+export class RbacAllow implements OnDestroy {
+
+    user: User;
+    sub:Subscription;
+    allowedRoles: string[];
+
+    constructor(
+        private templateRef: TemplateRef<any>,
+        private viewContainer: ViewContainerRef,
+        private authService: AuthService) {
+
+        this.sub = authService.user$.subscribe(user => {
+            this.user = user;
+            this.showIfUserAllowed();
+        });
+
+    }
+
+    ngOnDestroy() {
+        this.sub.unsubscribe();
+    }
+
+    @Input()
+    set rbacAllow(allowedRoles:string[]) {
+        this.allowedRoles = allowedRoles;
+        this.showIfUserAllowed();
+
+    }
+
+    showIfUserAllowed() {
+
+        console.log("calling showIfUserAllowed()");
+
+        if (!this.allowedRoles || this.allowedRoles.length == 0 || !this.user) {
+            this.viewContainer.clear();
+            console.log("exiting", this.allowedRoles, this.user);
+            return;
+        }
+
+        const isUserAllowed = _.intersection(this.user.roles, this.allowedRoles).length > 0;
+
+        if (isUserAllowed) {
+            this.viewContainer.createEmbeddedView(this.templateRef);
+        }
+        else {
+            this.viewContainer.clear();
+        }
+
+    }
+
+}
+

src/app/services/auth.guard.ts

@@ -15,7 +15,6 @@ export class AuthorizationGuard implements CanActivate {
                 state:RouterStateSnapshot):Observable<boolean> {
 
         return this.authService.user$
-            .do(user => console.log(user, this.allowedRoles, _.intersection(user.roles, this.allowedRoles)))
             .map(user => _.intersection(user.roles, this.allowedRoles).length > 0)
             .first()
             .do(allowed => {