Skip to content

Commit

Permalink
Merge pull request #7 from Excali-Studio/EXD-24-email-domain-whitelis…
Browse files Browse the repository at this point in the history 
…ting

[EXD-24] Added whitelisting of user email domains
  • Loading branch information
@marcin-piela-ssh
marcin-piela-ssh authored May 10, 2024
2 parents 5c3e224 + 3b75713 commit dd54b13
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 6 deletions.
10 changes: 6 additions & 4 deletions .env.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,18 @@ FRONT_APP_REDIRECT_URL='http://localhost:5173'

CORS_ORIGIN='*'

#DB
# DB
DATABASE_PORT=5432
DATABASE_HOST=localhost
DATABASE_USERNAME=...
DATABASE_PASSWORD=...
DATABASE_NAME=...

# Disable authentiacation giard for all endpoints - useful for local dev
# Disable authentication guard for all endpoints - useful for local dev
AUTH_GUARD_DISABLE=false
#Default user id, should be set when AUTH_GUARD_DISABLE is set to true
# Default user id, should be set when AUTH_GUARD_DISABLE is set to true
AUTH_DEFAULT_USER_ID=''
# Only allow users from this list to create accounts
AUTH_EMAIL_DOMAIN_WHITELIST=silksh.pl,silksoftwarehouse.com

DEFAULT_USER_ROLE='USER'
DEFAULT_USER_ROLE='USER'
16 changes: 14 additions & 2 deletions src/auth/auth.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { UserEntity } from '../user/entity/user.entity';
import { UserRoleEntity } from '../user/entity/user-role.entity';
import * as process from 'node:process';
import { ConfigService } from '@nestjs/config';

@Injectable()
export class AuthService {
Expand All @@ -12,6 +12,7 @@ export class AuthService {
private readonly userRepo: Repository<UserEntity>,
@InjectRepository(UserRoleEntity)
private readonly userRoleRepo: Repository<UserRoleEntity>,
private readonly configService: ConfigService,
) {}

async validateUser(email: string, displayName: string) {
Expand All @@ -24,9 +25,20 @@ export class AuthService {
return user;
}

// Create new user only if from whitelisted domain
const emailDomain = email.split('@').pop();
if (
!this.configService
.get('AUTH_EMAIL_DOMAIN_WHITELIST')
.split(',')
.includes(emailDomain)
) {
return null;
}

//In case of DEFAULT_USER_ROLE is not set, user will be registered without any role
const roles = await this.userRoleRepo.find({
where: { name: process.env.DEFAULT_USER_ROLE },
where: { name: this.configService.get('DEFAULT_USER_ROLE') },
});

//Register anyone on their first sign-in
Expand Down

0 comments on commit dd54b13

Please sign in to comment.