Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nest.js: Global AuthGuard but with exceptions

Tags:

nestjs

I would like to register my AuthenticationGuard, which checks for Authentication, globally on my application, so that by default all routes require authentication.

const authGuard = app
    .select(AuthModule)
    .get(AuthGuard);
app.useGlobalGuards(authGuard);

What is the best/nest.js way to add route exceptions, so that anonymous routes can also be implemented?

like image 904
AyKarsi Avatar asked Mar 22 '18 12:03

AyKarsi

People also ask

What is AuthGuard in NestJS?

Authorization guard The AuthGuard that we'll build now assumes an authenticated user (and that, therefore, a token is attached to the request headers). It will extract and validate the token, and use the extracted information to determine whether the request can proceed or not.

How do I use NestJS passport?

You can choose npm or Yarn, as per your preference. After the NestJS app is installed successfully, we need to change directories. Now, we can install the passport package and its utility module for nestjs. We'll also install the package for passport-local and it's types.

1 Answers

You can actually set metadata for the global AuthGuard so it can determine if it should allow an unauthorized request.

e.g.

Set Global Auth Guard

import { Module } from '@nestjs/common';
import { APP_GUARD } from '@nestjs/core';
import { AuthGuard } from './auth.guard';

@Module({
  providers: [
    {
      provide: APP_GUARD,
      useClass: AuthGuard,
    },
  ],
})
export class AppModule {}

Use SetMetadata to pass in data to the AuthGuard

import { SetMetadata } from '@nestjs/common';
// Convienience Function
const AllowUnauthorizedRequest = () => SetMetadata('allowUnauthorizedRequest', true);
@Controller()
export class AppController {

  @Get('my-unauthorized-path')
  @AllowUnauthorizedRequest()
  myHandler () {
    return { unauthorized: true };
  }

}

Use data passed in from SetMetadata to determine if unauthorized request is allowed.

import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { validateRequest } from './validateRequest' // your custom implementation

@Injectable()
export class AuthGuard implements CanActivate {

  constructor(private reflector: Reflector) {}
  canActivate(context: ExecutionContext) {
    const request = context.switchToHttp().getRequest();
    const allowUnauthorizedRequest = this.reflector.get<boolean>('allowUnauthorizedRequest', context.getHandler());
    return allowUnauthorizedRequest || validateRequest(request);
  }

}
like image 73
Jonathan002 Avatar answered Nov 05 '22 19:11

Jonathan002
Sign in to Comment

Related questions

Changing dist directory in Nestjs
Import a Nest.js app as a simple Express middleware
Proxied requests other than GET are hanging with NestJS and http-proxy-middleware
NestJS websocket Broadcast event to clients
How to apply both ValidationPipe() and ParseIntPipe() to params?
TypeORM: "No migrations pending" when attempting to run migrations manually
Mongoose Plugins nestjs
Nest.Js Redirect from a controller to another
Disable colored console output
How can i use longitude and latitude with typeorm and postgres
NestJS - exclude folder under watch mode
how to get user data with req.user on decorator in nest js
Is there a way to use configService in App.Module.ts?
NestJS throw from ExceptionFilter
How to return PDF file from controller
NestJS: How to setup ClassSerializerInterceptor as global interceptor
Real method is called instead of SpyOn method in Nest JS unit test
NestJS : Inject Service into Models / Entities
How do you inject a service in NestJS into a typeorm repository?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!