penisularhr / src / guards / whitelist.guard.ts
whitelist.guard.ts
Raw 
/* eslint-disable @typescript-eslint/no-unsafe-assignment */
import {
  type CanActivate,
  type ExecutionContext,
  ForbiddenException,
  Injectable,
} from '@nestjs/common';

import { ApiConfigService } from '../shared/services/api-config.service';

@Injectable()
export class WhitelistGuard implements CanActivate {
  // eslint-disable-next-line @typescript-eslint/no-empty-function
  constructor(private readonly apiConfigService: ApiConfigService) {}

  canActivate(context: ExecutionContext): boolean {
    const whitelist = this.apiConfigService.whitelistedIps;

    if (!whitelist.shouldWhitelist) {
      return true;
    }

    const request: Request = context.switchToHttp().getRequest();
    // Check if the request is coming from a reverse proxy (e.g. nginx)
    // eslint-disable-next-line @typescript-eslint/no-unsafe-call

    const requestIp: string =
      request.headers['x-forwarded-for'] || request.headers['x-real-ip'];

    const clientIp: string | null = requestIp ? requestIp.split(',')[0] : null;

    if (clientIp && whitelist.ips.includes(clientIp)) {
      return true;
    }

    throw new ForbiddenException('Your IP is not whitelisted.');
  }
}
Powered by GitFront