Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NestJs - Unable to get user context in RolesGuard

Tags:

I'm using NestJS as the framework for a client API. Within the framework we are using a pretty standard Passport/JWT auth infrastructure that is working fine. Our AuthGuard is firing when the bearer token is found and, in secure API endpoints, I can inject the HTTP context via '@Res() request' and get access to the 'request.user' property which contains the payload of my Jwt token.

On top of this we are attempting to implement a 'RolesGuard' in a very similar fashion to the sample code provided in the documentation and some of the sample projects on GitHub (none of which actually use this guard but they include it as a sample guard).

Our issue is that our AuthGuard fires and validates the Jwt token and THEN our RolesGuard fires but the request object it is passed does not have the user meta-data attached to the request.

The key code in our RolesGuard is:

    const request = context.switchToHttp().getRequest();     const user = request.user;      if (!user) {         return false;     } 

In the above snipped the user is always false. Has anyone written a role/permission based guard in Nest that successfully gets access to the scope of the current user? All the code is firing and everything appears registered correctly.

-Kevin

like image 982
Kevin Grossnicklaus Avatar asked Jun 11 '18 15:06

Kevin Grossnicklaus


2 Answers

Ultimately this appears to be an ordering issue with the guards and it doesn't look like it can be easily resolved (without the framework allowing some control over the ordering).

My hope was to register the RolesGuard globally but that causes it to be registered first and fire first.

@UseGuards(AuthGuard('jwt'), RolesGuard) @Roles('admin') 

If I register it at the endpoint level and put it after the AuthGuard then it fires second and I get the user context I am expecting within the guard itself. It isn't perfect but it works.

-Kevin

like image 50
Kevin Grossnicklaus Avatar answered Sep 23 '22 17:09

Kevin Grossnicklaus


register RoleGuard at the endpoint level and put it after the AuthGuard then it fires second and I get the user context I am expecting within the guard itself. don't register RoleGuard at module causes it'll be registered first and fire first.

*.module.ts

imports: [],   providers: [{provide: APP_GUARD, useClass: RolesGuard} ,],  // remove guard   controllers: [],   exports: [], 
like image 40
Mohamed Bayomi Avatar answered Sep 23 '22 17:09

Mohamed Bayomi