Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

NestJs - Unable to get user context in RolesGuard

Tags:

I'm using NestJS as the framework for a client API. Within the framework we are using a pretty standard Passport/JWT auth infrastructure that is working fine. Our AuthGuard is firing when the bearer token is found and, in secure API endpoints, I can inject the HTTP context via '@Res() request' and get access to the 'request.user' property which contains the payload of my Jwt token.

On top of this we are attempting to implement a 'RolesGuard' in a very similar fashion to the sample code provided in the documentation and some of the sample projects on GitHub (none of which actually use this guard but they include it as a sample guard).

Our issue is that our AuthGuard fires and validates the Jwt token and THEN our RolesGuard fires but the request object it is passed does not have the user meta-data attached to the request.

The key code in our RolesGuard is:

    const request = context.switchToHttp().getRequest();     const user = request.user;      if (!user) {         return false;     }

In the above snipped the user is always false. Has anyone written a role/permission based guard in Nest that successfully gets access to the scope of the current user? All the code is firing and everything appears registered correctly.

-Kevin

like image 982
Kevin Grossnicklaus Avatar asked Jun 11 '18 15:06

Kevin Grossnicklaus

2 Answers

Ultimately this appears to be an ordering issue with the guards and it doesn't look like it can be easily resolved (without the framework allowing some control over the ordering).

My hope was to register the RolesGuard globally but that causes it to be registered first and fire first.

@UseGuards(AuthGuard('jwt'), RolesGuard) @Roles('admin')

If I register it at the endpoint level and put it after the AuthGuard then it fires second and I get the user context I am expecting within the guard itself. It isn't perfect but it works.

-Kevin

like image 50
Kevin Grossnicklaus Avatar answered Sep 23 '22 17:09

Kevin Grossnicklaus

register RoleGuard at the endpoint level and put it after the AuthGuard then it fires second and I get the user context I am expecting within the guard itself. don't register RoleGuard at module causes it'll be registered first and fire first.

*.module.ts

imports: [],   providers: [{provide: APP_GUARD, useClass: RolesGuard} ,],  // remove guard   controllers: [],   exports: [],
like image 40
Mohamed Bayomi Avatar answered Sep 23 '22 17:09

Mohamed Bayomi
Sign in to Comment

Related questions

sqlalchemy filter by json field
Navigation Library inflator throws ClassNotFoundException for data class
Does std::string move constructor actually move?
Error 'mat-dialog-content' is not a known element
RGB image display in Matplotlib: plt.imshow returns a blue image [duplicate]
ModuleNotFoundError: No module named 'google.appengine'
How to install git on a docker ubuntu image?
create-react-app "Failed to compile" on start up
Missing visual studio 2019 blazor webassembly app template
How to tell PHP to use SameSite=None for cross-site cookies?
React Hooks - Input loses focus when 1 character is typed in
Difference between TypeVar('T', A, B) and TypeVar('T', bound=Union[A, B])

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!