OsmosysSoftware · xixas · Oct 10, 2024 · Oct 3, 2024 · Oct 3, 2024 · Oct 3, 2024
diff --git a/apps/api/OsmoX-API.postman_collection.json b/apps/api/OsmoX-API.postman_collection.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "b97d878b-aa80-4b2f-a9f0-a0640b2bc6e2",
+		"_postman_id": "36ff2947-7450-4393-b3cd-39e82ee073e6",
 		"name": "OsmoX-API",
 		"description": "List of all APIs used in OsmoX",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
@@ -781,7 +781,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        name: \"<newApplicationName>\",\r\n        userId: 2,\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
+								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        name: \"<newApplicationName>\",\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
 								"variables": ""
 							}
 						},
@@ -883,7 +883,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 2,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"<New Provider Name>\",\n        userId: 1,\n    }) {\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
+								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 2,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"<New Provider Name>\",\n        userId: 1,\n    }) {\n        providerId\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
 								"variables": ""
 							}
 						},

diff --git a/apps/api/OsmoX.postman_collection.json b/apps/api/OsmoX.postman_collection.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "e9aeb9a0-761f-4b10-86a7-dd4bcaebca94",
+		"_postman_id": "336711a4-7ddf-4f32-b136-4aa09b0e284b",
 		"name": "OsmoX",
 		"description": "OsmoX API helps creating new notifications, fetching existing notifications as well as perform authorization related tasks.",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
@@ -3276,11 +3276,11 @@
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
 									"});\r",
-									"pm.test(\"message: Access Denied. Not an ADMIN.\", function () {\r",
+									"pm.test(\"message: Forbidden resource\", function () {\r",
 									"    var jsonData = pm.response.json();\r",
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
-									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Access Denied. Not an ADMIN.\");\r",
+									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Forbidden resource\");\r",
 									"});"
 								],
 								"type": "text/javascript",
@@ -3430,7 +3430,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        name: \"sampleTestXApp\",\r\n        userId: 2,\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
+								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        name: \"sampleTestXApp\",\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
 								"variables": ""
 							}
 						},
@@ -3464,11 +3464,11 @@
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
 									"});\r",
-									"pm.test(\"message: Access Denied. Not an ADMIN.\", function () {\r",
+									"pm.test(\"message: Forbidden resource\", function () {\r",
 									"    var jsonData = pm.response.json();\r",
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
-									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Access Denied. Not an ADMIN.\");\r",
+									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Forbidden resource\");\r",
 									"});"
 								],
 								"type": "text/javascript",
@@ -3493,7 +3493,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        name: \"sampleTestXApp\",\r\n        userId: 2,\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
+								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        name: \"sampleTestXApp\",\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
 								"variables": ""
 							}
 						},
@@ -3551,7 +3551,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        unknownValue: \"Some unknown parameter\"\r\n        name: \"sampleFoundationXApp\",\r\n        userId: 2,\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
+								"query": "mutation CreateApplication {\r\n    application(createApplicationInput: {\r\n        unknownValue: \"Some unknown parameter\"\r\n        name: \"sampleFoundationXApp\",\r\n    }) {\r\n        applicationId\r\n        name\r\n        userId\r\n        createdOn\r\n        updatedOn\r\n        status\r\n    }\r\n}",
 								"variables": ""
 							}
 						},
@@ -3656,11 +3656,11 @@
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
 									"});\r",
-									"pm.test(\"message: Access Denied. Not an ADMIN.\", function () {\r",
+									"pm.test(\"message: Forbidden resource\", function () {\r",
 									"    var jsonData = pm.response.json();\r",
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
-									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Access Denied. Not an ADMIN.\");\r",
+									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Forbidden resource\");\r",
 									"});"
 								],
 								"type": "text/javascript",
@@ -3810,7 +3810,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 2,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
+								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 2,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        providerId\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
 								"variables": ""
 							}
 						},
@@ -3873,7 +3873,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        # Assuming applicationId 500 is invalid\n        applicationId: 500,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
+								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        # Assuming applicationId 500 is invalid\n        applicationId: 500,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        providerId\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
 								"variables": ""
 							}
 						},
@@ -3907,11 +3907,11 @@
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
 									"});\r",
-									"pm.test(\"message: Access Denied. Not an ADMIN.\", function () {\r",
+									"pm.test(\"message: Forbidden resource\", function () {\r",
 									"    var jsonData = pm.response.json();\r",
 									"    pm.expect(jsonData).to.have.property(\"data\");\r",
 									"    pm.expect(jsonData).to.have.property(\"errors\").to.be.an(\"array\");\r",
-									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Access Denied. Not an ADMIN.\");\r",
+									"    pm.expect(jsonData.errors[0]).to.have.property(\"message\", \"Forbidden resource\");\r",
 									"});"
 								],
 								"type": "text/javascript",
@@ -3936,7 +3936,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 5,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
+								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 5,\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        providerId\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
 								"variables": ""
 							}
 						},
@@ -3994,7 +3994,7 @@
 						"body": {
 							"mode": "graphql",
 							"graphql": {
-								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 5,\n        unknownValue: \"Some unknown parameter\",\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
+								"query": "mutation CreateProvider {\n    provider(createProviderInput: {\n        applicationId: 5,\n        unknownValue: \"Some unknown parameter\",\n        channelType: 2,\n        configuration: {},\n        isEnabled: 1,\n        name: \"Mailgun PineStem\",\n        userId: 1,\n    }) {\n        providerId\n        applicationId\n        channelType\n        configuration\n        isEnabled\n        name\n        userId\n        createdOn\n        updatedOn\n        status\n    }\n}",
 								"variables": ""
 							}
 						},

diff --git a/apps/api/docs/api-documentation.md b/apps/api/docs/api-documentation.md
@@ -307,7 +307,6 @@ Allows the user with `Admin` role to create a new application.
 mutation CreateApplication {
   application(createApplicationInput: {
     name: "newSampleApp",
-    userId: 2,
   }) {
     applicationId
     name
@@ -348,7 +347,7 @@ curl --location 'http://localhost:3000/graphql' \
 
 Allows the user to fetch all applications based on the passed query parameters. Requires passing bearer token for authorization.
 
-Note: The API will return a successful response when the `server-api-key` passed uses `application_id` that is associated with an `Admin`.
+Note: The API will return a successful response when the Bearer `authorization-token` passed is associated with an `Admin`.
 
 The different options that can be used while fetching notifications are as follows:
 

diff --git a/apps/api/src/common/decorators/roles.decorator.ts b/apps/api/src/common/decorators/roles.decorator.ts
@@ -0,0 +1,8 @@
+import { SetMetadata } from '@nestjs/common';
+import { UserRoles } from '../constants/database';
+
+// Type definition for allowed values (only values from UserRoles)
+type UserRoleValues = (typeof UserRoles)[keyof typeof UserRoles];
+
+// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+export const Roles = (...roles: UserRoleValues[]) => SetMetadata('roles', roles);
diff --git a/apps/api/src/common/guards/role.guard.ts b/apps/api/src/common/guards/role.guard.ts
@@ -0,0 +1,49 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import { UserRoles } from 'src/common/constants/database';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(
+    private reflector: Reflector,
+    private jwtService: JwtService,
+    private configService: ConfigService,
+  ) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    // Fetch required roles from the metadata
+    const requiredRoles = this.reflector.getAllAndOverride<(keyof typeof UserRoles)[]>('roles', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (!requiredRoles || requiredRoles.length === 0) {
+      return true; // Allow access if no roles are specified
+    }
+
+    const ctx = GqlExecutionContext.create(context);
+    const req = ctx.getContext().req;
+    const authorizationHeader = req.headers.authorization;
+
+    if (!authorizationHeader || !authorizationHeader.startsWith('Bearer ')) {
+      return false; // No or invalid authorization token
+    }
+
+    const token = authorizationHeader.split(' ')[1];
+    const secret = this.configService.getOrThrow('JWT_SECRET');
+
+    try {
+      // Decode the JWT token to get the user information
+      const decodedToken = this.jwtService.verify(token, { secret });
+      const userRoleId = decodedToken.role;
+
+      // Check if the user's role matches any of the required roles
+      return requiredRoles.includes(userRoleId);
+    } catch (error) {
+      return false; // Invalid token or other error
+    }
+  }
+}
diff --git a/apps/api/src/modules/applications/applications.resolver.ts b/apps/api/src/modules/applications/applications.resolver.ts
@@ -6,9 +6,13 @@ import { Application } from './entities/application.entity';
 import { QueryOptionsDto } from 'src/common/graphql/dtos/query-options.dto';
 import { ApplicationResponse } from './dto/application-response.dto';
 import { GqlAuthGuard } from 'src/common/guards/api-key/gql-auth.guard';
+import { Roles } from 'src/common/decorators/roles.decorator';
+import { RolesGuard } from 'src/common/guards/role.guard';
+import { UserRoles } from 'src/common/constants/database';
 
 @Resolver(() => Application)
-@UseGuards(GqlAuthGuard)
+@Roles(UserRoles.ADMIN)
+@UseGuards(GqlAuthGuard, RolesGuard)
 export class ApplicationsResolver {
   constructor(private readonly applicationsService: ApplicationsService) {}
 
@@ -17,22 +21,15 @@ export class ApplicationsResolver {
     @Context() context,
     @Args('createApplicationInput') createApplicationInput: CreateApplicationInput,
   ): Promise<Application> {
-    const request: Request = context.req;
-    const authorizationHeader = request.headers['authorization'];
-    return await this.applicationsService.createApplication(
-      createApplicationInput,
-      authorizationHeader,
-    );
+    const requestUserId: number = context.req.userId;
+    return await this.applicationsService.createApplication(createApplicationInput, requestUserId);
   }
 
   @Query(() => ApplicationResponse, { name: 'applications' })
   async findAll(
-    @Context() context,
     @Args('options', { type: () => QueryOptionsDto, nullable: true, defaultValue: {} })
     options: QueryOptionsDto,
   ): Promise<ApplicationResponse> {
-    const request: Request = context.req;
-    const authorizationHeader = request.headers['authorization'];
-    return this.applicationsService.getAllApplications(options, authorizationHeader);
+    return this.applicationsService.getAllApplications(options);
   }
 }