fix(frontend): update of guards

Author: pYassine

packages/backend/src/_migrations/1756117243336-manual-migration.ts

@@ -25,7 +25,6 @@ const userProfile: UserProfile = "structure";
 @Controller("users")
 @ApiTags("users")
 export class UsersPublicController {
-  // TODO: add a limit for this endpoint by ip
   @Post("validate-email")
   public async validateEmail(
     @Body() emailDto: EmailDto,

packages/backend/src/_migrations/1756117243337-manual-migration.ts

@@ -60,10 +60,8 @@ export class UsagersDecisionController {
     @Param("usagerRef", new ParseIntPipe()) _usagerRef: number
   ): Promise<Usager> {
     if (
-      decision.statut !== "ATTENTE_DECISION" &&
-      decision.statut !== "INSTRUCTION" &&
-      user.role !== "responsable" &&
-      user.role !== "admin"
+      !["ATTENTE_DECISION", "INSTRUCTION"].includes(decision.statut) &&
+      !["reposable", "admmin"].includes(user.role)
     ) {
       throw new Error("CANNOT_SET_DECISION");
     }

packages/backend/src/_migrations/1757532174131-auto-migration.ts

@@ -24,9 +24,8 @@ export class AuthGuard {
 
     return this.authService.isAuth().pipe(
       map((isAuth: boolean) => {
-        console.log("XXXX");
         if (!isAuth) {
-          this.authService.logoutAndRedirect(state);
+          this.authService.logout(state);
           return false;
         }
 
@@ -35,7 +34,6 @@ export class AuthGuard {
         }
 
         if (this.authService.currentUserValue !== null) {
-          console.log(this.authService.currentUserValue);
           const userRole = this.authService.currentUserValue.role;
 
           if (allowedRoles.includes(userRole)) {
@@ -51,7 +49,7 @@ export class AuthGuard {
         return false;
       }),
       catchError(() => {
-        this.authService.logoutAndRedirect(state);
+        this.authService.logout(state);
         return of(false);
       })
     );

packages/backend/src/modules/users/controllers/users.public.controller.ts

@@ -11,7 +11,6 @@ import { Injectable, Injector } from "@angular/core";
 import { Observable, throwError, timer } from "rxjs";
 import { catchError, retry } from "rxjs/operators";
 import { AuthService } from "../modules/shared/services/auth.service";
-import { getCurrentScope } from "@sentry/angular";
 import { CustomToastService } from "../modules/shared/services";
 
 const MAX_RETRIES = 2;
@@ -28,77 +27,70 @@ export class ServerErrorInterceptor implements HttpInterceptor {
     request: HttpRequest<any>,
     next: HttpHandler
   ): Observable<HttpEvent<any>> {
-    const authService = this.injector.get(AuthService);
-    const toastr = this.injector.get(CustomToastService);
-
-    if (authService?.currentUserValue) {
-      const user = authService.currentUserValue;
-      getCurrentScope().setTag("structure", user?.structureId?.toString());
-      getCurrentScope().setUser({
-        email: user.email,
-        username: `STRUCTURE ${user?.structureId?.toString()} : ${
-          user?.prenom
-        }`,
-      });
-    }
-
     return next.handle(request).pipe(
       retry({
         count: MAX_RETRIES,
-        delay: (error, retryCount) => {
-          if (this.isRetryable(error)) {
-            console.log(error);
-            console.log(`Tentative de nouvelle requête ${retryCount}`);
+        delay: (error: HttpErrorResponse, retryCount: number) => {
+          if (this.shouldRetry(error)) {
+            console.warn(
+              `Retry attempt ${retryCount} for ${request.url}`,
+              error
+            );
             return timer(RETRY_DELAY);
           }
-          return throwError(() => error);
+          throw error; // Pas de retry, on passe au catchError
         },
       }),
-      catchError((error: HttpErrorResponse) => {
-        if (error.error instanceof ErrorEvent) {
-          if (!navigator.onLine) {
-            toastr.error(
-              "Vous êtes actuellement hors-ligne. Veuillez vérifier votre connexion internet"
-            );
-            return throwError(() => "NAVIGATOR_OFFLINE");
-          }
-          return throwError(() => error.error);
-        } else if (error instanceof HttpErrorResponse) {
-          if (error.status === 0) {
-            console.warn("Erreur de connexion:", error.message);
-            toastr.error(
-              "Problème de connexion au serveur. Veuillez réessayer plus tard."
-            );
-          }
-          if (error.status === 401) {
-            authService.logoutAndRedirect(undefined, true);
-            toastr.error(
-              "Votre session a expiré, merci de vous connecter à nouveau"
-            );
-          }
-        } else {
-          toastr.error(
-            "Une erreur serveur est survenue. Nos équipes ont été notifiées."
-          );
-        }
-        this.logError(request, error);
-        return throwError(() => error);
-      })
+      catchError((error: HttpErrorResponse) => this.handleError(error))
     );
   }
 
-  private isRetryable(error: HttpErrorResponse): boolean {
-    return !error.status || ERROR_STATUS_CODES_TO_RETRY.includes(error.status);
+  private shouldRetry(error: HttpErrorResponse): boolean {
+    if (error.status >= 400 && error.status < 500) {
+      return false;
+    }
+    return ERROR_STATUS_CODES_TO_RETRY.includes(error.status);
+  }
+
+  private handleError(error: HttpErrorResponse): Observable<never> {
+    const authService = this.injector.get(AuthService);
+    const toastr = this.injector.get(CustomToastService);
+
+    if (error.error instanceof ErrorEvent) {
+      if (!navigator.onLine) {
+        toastr.error(
+          "Vous êtes actuellement hors-ligne. Veuillez vérifier votre connexion internet"
+        );
+        return throwError(() => new Error("NAVIGATOR_OFFLINE"));
+      }
+      toastr.error("Erreur de connexion réseau");
+      return throwError(() => error);
+    }
+
+    if (error.status === 0) {
+      toastr.error(
+        "Problème de connexion au serveur. Veuillez réessayer plus tard."
+      );
+    } else if (error.status === 401) {
+      authService.logout(undefined, true);
+    } else if (error.status === 403) {
+      toastr.error("Vous n'avez pas les droits pour effectuer cette action");
+    } else if (error.status >= 500 && error.status <= 504) {
+      toastr.error(
+        "Une erreur serveur est survenue. Nos équipes ont été notifiées."
+      );
+    }
+
+    this.logError(error);
+    return throwError(() => error);
   }
 
-  private logError(request: HttpRequest<any>, error: HttpErrorResponse): void {
-    console.warn(error.message, {
+  private logError(error: HttpErrorResponse): void {
+    console.error("HTTP Error:", {
       status: error.status,
       statusText: error.statusText,
       url: error.url,
       message: error.message,
-      error: error.error,
-      request,
     });
   }
 }

packages/backend/src/usagers/controllers/usagers-decision.controller.ts

@@ -93,7 +93,7 @@ export class IdleManagerComponent implements OnInit, OnDestroy {
 
   public logout(): void {
     this.closeModals();
-    this.authService.logoutAndRedirect();
+    this.authService.logout();
   }
 
   public openIdleModal(): void {

packages/frontend/src/app/guards/auth.guard.ts

@@ -81,14 +81,20 @@ export class AuthService {
     );
   }
 
-  public logoutFromBackend = async () => {
+  public logoutFromBackend = async (
+    state?: RouterStateSnapshot,
+    sessionExpired?: boolean
+  ) => {
     if (this.currentUserValue?.access_token) {
       await firstValueFrom(this.http.get(`${this.endPoint}/logout`));
     }
-    this.logout();
+    await this.logout(state, sessionExpired);
   };
 
-  public async logout(): Promise<void> {
+  public async logout(
+    state?: RouterStateSnapshot,
+    sessionExpired?: boolean
+  ): Promise<void> {
     this.currentUserSubject.next(null);
     this.store.dispatch(usagerActions.clearCache());
     localStorage.removeItem("currentUser");
@@ -97,29 +103,24 @@ export class AuthService {
     getCurrentScope().setTag("structure", "none");
     getCurrentScope().setUser({});
 
-    this.router.navigate(["/connexion"]);
-  }
-
-  public logoutAndRedirect(
-    state?: RouterStateSnapshot,
-    sessionExpired?: boolean
-  ): void {
     if (sessionExpired) {
       this.toastr.warning("Votre session a expiré, merci de vous reconnecter");
     }
 
-    this.logout();
+    // Navigation avec query params si nécessaire
+    if (state?.url) {
+      const cleanPath = state.url.split("?")[0];
+      const matomoParams = this.getMatomoParams();
+      const queryParams: Record<string, string> = { ...matomoParams };
 
-    const cleanPath = state?.url?.split("?")[0] || "/";
-    const matomoParams = this.getMatomoParams();
+      if (cleanPath !== "/") {
+        queryParams.returnUrl = cleanPath;
+      }
 
-    const queryParams: Record<string, string> = { ...matomoParams };
-
-    if (cleanPath !== "/") {
-      queryParams.returnUrl = cleanPath;
+      this.router.navigate(["/connexion"], { queryParams });
+    } else {
+      this.router.navigate(["/connexion"]);
     }
-
-    this.router.navigate(["/connexion"], { queryParams });
   }
 
   private getMatomoParams(): Record<string, string> {
@@ -136,11 +137,11 @@ export class AuthService {
     localStorage.setItem("currentUser", JSON.stringify(user));
     this.currentUserSubject.next(user);
 
+    // Configuration Sentry centralisée ici
     getCurrentScope().setTag("structure", user.structureId?.toString());
     getCurrentScope().setUser({
       email: user.email,
-      username:
-        "STRUCTURE " + user.structureId?.toString() + " : " + user.prenom,
+      username: `STRUCTURE ${user.structureId?.toString()}`,
     });
   }
 }

packages/frontend/src/app/interceptors/server-error.interceptor.ts

@@ -6,7 +6,7 @@ <h2 class="form-title">Commentaires privés</h2>
 </div>
 
 <app-delete-usager-menu
-  *ngIf="usager && me?.role !== 'facteur' && me?.role !== 'agent'"
+  *ngIf="displayDeleteButton"
   class="my-4"
   [usager]="usager"
   context="INSTRUCTION_FORM"