ghostfolio/apps/api/src/app/auth-device/auth-device.controller.ts

import { AuthDeviceService } from '@ghostfolio/api/app/auth-device/auth-device.service';
import {
  getPermissions,
  hasPermission,
  permissions
} from '@ghostfolio/common/permissions';
import { RequestWithUser } from '@ghostfolio/common/types';
import {
  Controller,
  Delete,
  HttpException,
  Inject,
  Param,
  UseGuards
} from '@nestjs/common';
import { REQUEST } from '@nestjs/core';
import { AuthGuard } from '@nestjs/passport';
import { StatusCodes, getReasonPhrase } from 'http-status-codes';

@Controller('auth-device')
export class AuthDeviceController {
  public constructor(
    private readonly authDeviceService: AuthDeviceService,
    @Inject(REQUEST) private readonly request: RequestWithUser
  ) {}

  @Delete(':id')
  @UseGuards(AuthGuard('jwt'))
  public async deleteAuthDevice(@Param('id') id: string): Promise<void> {
    if (
      !hasPermission(
        getPermissions(this.request.user.role),
        permissions.deleteAuthDevice
      )
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    await this.authDeviceService.deleteAuthDevice({ id });
  }
}
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`import { AuthDeviceService } from '@ghostfolio/api/app/auth-device/auth-device.service';`
			`import {`
			`getPermissions,`
			`hasPermission,`
			`permissions`
			`} from '@ghostfolio/common/permissions';`
			`import { RequestWithUser } from '@ghostfolio/common/types';`
			`import {`
			`Controller,`
			`Delete,`
			`HttpException,`
			`Inject,`
			`Param,`
			`UseGuards`
			`} from '@nestjs/common';`
			`import { REQUEST } from '@nestjs/core';`
			`import { AuthGuard } from '@nestjs/passport';`
			`import { StatusCodes, getReasonPhrase } from 'http-status-codes';`

			`@Controller('auth-device')`
			`export class AuthDeviceController {`
			`public constructor(`
			`private readonly authDeviceService: AuthDeviceService,`
			`@Inject(REQUEST) private readonly request: RequestWithUser`
			`) {}`

			`@Delete(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async deleteAuthDevice(@Param('id') id: string): Promise<void> {`
			`if (`
			`!hasPermission(`
			`getPermissions(this.request.user.role),`
			`permissions.deleteAuthDevice`
			`)`
			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

			`await this.authDeviceService.deleteAuthDevice({ id });`
			`}`
			`}`