Add 'http.uri', 'user.agent' to enforcer claims, closes #123

example/src/app.controller.ts

@@ -4,6 +4,7 @@ import {
   Public,
   Roles,
   RoleMatchingMode,
+  RoleMatch,
 } from 'nest-keycloak-connect';
 
 @Controller()
@@ -27,7 +28,8 @@ export class AppController {
   }
 
   @Get('admin')
-  @Roles({ roles: ['admin'], mode: RoleMatchingMode.ALL })
+  @Roles('admin')
+  @RoleMatchingMode(RoleMatch.ANY)
   adminRole() {
     return 'Admin only!';
   }

example/src/product/product/product.controller.ts

@@ -44,7 +44,7 @@ export class ProductController {
   }
 
   @Get(':code')
-  @Roles({ roles: ['realm:basic', 'realm:admin'] })
+  @Roles('realm:basic', 'realm:admin')
   findByCode(@Param('code') code: string) {
     return this.service.findByCode(code);
   }

src/guards/resource.guard.ts

@@ -46,6 +46,22 @@ export class ResourceGuard implements CanActivate {
   ) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
+    const defaultEnforcerOpts: KeycloakConnect.EnforcerOptions = {
+      claims: (request: any) => {
+        const httpUri = request.url;
+        const userAgent = request.headers['user-agent'];
+
+        this.logger.verbose(
+          `Enforcing claims, http.uri: ${httpUri}, user.agent: ${userAgent}`,
+        );
+
+        return {
+          'http.uri': [httpUri],
+          'user.agent': userAgent,
+        };
+      },
+    };
+
     const resource = this.reflector.get<string>(
       META_RESOURCE,
       context.getClass(),
@@ -64,7 +80,7 @@ export class ResourceGuard implements CanActivate {
       this.reflector.getAllAndOverride<KeycloakConnect.EnforcerOptions>(
         META_ENFORCER_OPTIONS,
         [context.getClass(), context.getHandler()],
-      );
+      ) ?? defaultEnforcerOpts;
 
     // Default to permissive
     const policyEnforcementMode =