import { Injectable } from '@angular/core'; import { CanActivate, Router, CanLoad, Route, CanActivateChild , ActivatedRouteSnapshot, RouterStateSnapshot, UrlSegment, UrlTree } from '@angular/router'; import { Store } from '@ngrx/store'; import { OAuthService } from 'angular-oauth2-oidc'; import { Observable } from 'rxjs'; import * as appCommonReducer from '../reducers/app-common.reducer'; @Injectable({ providedIn: 'root', }) export class AuthGuard implements CanActivate, CanLoad, CanActivateChild { constructor(private oauthService: OAuthService, private router: Router, private store: Store) { } canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean | UrlTree | Observable | Promise { //console.debug("AuthGuard->canActivate", route, state); const url: string = state.url; return this.checkLogin(url, route); } canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean | UrlTree | Observable | Promise { //console.debug("AuthGuard->canActivateChild", childRoute, state); const url: string = state.url; return this.checkLogin(url, childRoute); } canLoad(route: Route, segments: UrlSegment[]): boolean | UrlTree | Observable | Promise { //console.debug("AuthGuard->canLoad", route, segments); return this.checkLogin(route.path, null); } checkLogin(url: string, route: ActivatedRouteSnapshot): boolean { //console.debug("AuthGuard->checkLogin", url, route); if (!this.oauthService.hasValidAccessToken()) { //console.debug("No valid token"); this.oauthService.initCodeFlow(url); return false; } else { const requiredRoleClaim = route.data.role; if (!requiredRoleClaim) { return true; } const ownedClaims = this.oauthService.getIdentityClaims(); if (!ownedClaims) { //console.debug("No owned claims"); return false; } const ownedRoleClaims: string[] = ownedClaims['role']; if (!ownedRoleClaims) { // console.debug("No owned role claims"); return false; } if (Array.isArray(ownedRoleClaims)) { if (ownedRoleClaims.findIndex(r => r === requiredRoleClaim) <= -1) { //console.debug("No required role claim", ownedRoleClaims, requiredRoleClaim); return false; } } else { if (ownedRoleClaims !== requiredRoleClaim) { console.debug("No required role claim", ownedRoleClaims, requiredRoleClaim); return false; } } //console.debug("Has required role claim", requiredRoleClaim); return true; } } }