【问题标题】:Use JwtService inside RolesGuard to decode JWT token and get user roles without using passport在 RolesGuard 中使用 JwtService 解码 JWT 令牌并在不使用护照的情况下获取用户角色
【发布时间】:2020-12-18 02:56:00
【问题描述】:

我真的不知道该怎么做才能解决我的问题。我尝试在控制器中为受保护的路由实施 AuthGuard。我想检查 roles.guard.ts 中的用户角色,如果他需要其中之一,控制器将为他打开。我的结构如下:

- src
  - auth
    auth.controller.ts
    auth.service.ts
    auth.module.ts
  - roles
    roles.decorator.ts
    roles.guard.ts
  app.module.ts
  main.ts

auth.service.ts 中,我使用 JwtService 生成令牌并验证令牌,它也可以正常工作:

import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';

@Injectable()
export class AuthService {
  constructor(
    private readonly jwtService: JwtService
  ) {
  }

  findUser(id: number): string {
    if (id === 0) throw new Error("User not available");

    return "martin";
  }

  async generateToken(email: string, role: string[]): Promise<string> {
    const payload = { email: email, role: role };

    return this.jwtService.sign(payload, { expiresIn: '24h', secret: process.env['JWT_SECRET'] });
  }

  async validateToken(token: string): Promise<boolean> {
    const isValidToken = await this.jwtService.verify(token, { secret: process.env['JWT_SECRET'] });

    return !!isValidToken;
  }
}

auth.controller.ts 我使用@Roles 装饰器来定义所需的用户角色:

import { Body, Controller, Get, Param, UseGuards } from '@nestjs/common';
import { AuthService } from './auth.service';
import { Roles } from '../roles/roles.decorator';
import { RolesGuard } from '../roles/roles.guard';

@UseGuards(RolesGuard)
@Controller('auth')
export class AuthController {
  constructor(private authService: AuthService) {
  }

  @Get(':id')
  @Roles('admin')
  async findUser(@Body() id: number) {
    return this.authService.findUser(id);
  }

  @Get('generate')
  async generateToken() {
    return this.authService.generateToken('localhost', ['admin', 'user', 'seller'] );
  }
}

而我的 auth.module.ts 并没有什么特别之处,和文档中的一样:

import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { JwtModule } from '@nestjs/jwt';

@Module({
  imports: [JwtModule.register({
    secret: process.env['JWT_SECRET']
  })],
  controllers: [AuthController],
  providers: [AuthService],
})
export class AuthModule {
}

roles.guard.ts 被激活以检查来自@Roles 的角色我想使用 JwtService 来解码我存储在 cookie 中的 JWT 令牌,所以我编写了以下代码:

import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Observable } from 'rxjs';
import { JwtService } from '@nestjs/jwt';

@Injectable()
export class RolesGuard implements CanActivate {
  constructor(
    private readonly reflector: Reflector,
    private jwtService: JwtService
  ) {
  }

  canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
    const roles = this.reflector.get<string[]>('roles', context.getHandler());
    if (!roles) return true;

    const request = context.switchToHttp().getRequest();
    const user = request.headers;

    if (!user.auth_token) return false;

    const matchRoles = () => this.jwtService.verify(user.auth_token, { secret: process.env['JWT_SECRET'] });

    console.log(matchRoles());
  }
}

但是 Nest 在编译代码时返回错误:

Nest can't resolve dependencies of the RolesGuard (Reflector,?). Please make sure that the argument JwtService at index [1] is available in the RolesGuard context.

Potential solutions:
- If JwtService is a provider, is it part of the current Rol
esGuard?
- If JwtService is exported from a separate @Module, is that
 module imported within RolesGuard?
  @Module({
    imports: [ /* the Module containing JwtService */ ]
  })

最后我的 app.module.ts

import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { ConfigModule } from '@nestjs/config';
import { Connection } from 'typeorm';
import { APP_GUARD } from '@nestjs/core';
import { RolesGuard } from './roles/roles.guard';
import { AuthModule } from './auth/auth.module';

@Module({
  imports: [
    ConfigModule.forRoot({
      envFilePath: ['.env.development', '.env.production'],
    }),
    TypeOrmModule.forRoot({
      entities: [],
      synchronize: true
    }),
    AuthModule,
    RolesGuard
  ],
  controllers: [],
  providers: [
    {
      provide: APP_GUARD,
      useClass: RolesGuard
    }
  ],
})
export class AppModule {
  constructor(private connection: Connection) {
  }
}

我不知道该怎么办?另一个仅适用于roles.guard.ts 的模块还是什么?当我应该(理论上)使用 JwtService 属性时,我真的不想使用护照并实施他的策略。或者我应该将roles.* 文件移动到auth 目录?

【问题讨论】:

    标签: typescript jwt nestjs


    【解决方案1】:

    RolesGuard 不应在 imports 数组中。唯一应该永远进入imports 数组的是Modules。所有 Nest 增强器(FiltersGuardsInterceptorsPipes)也存在于 providers 数组之外除非您将它们与各自的全局绑定 APP_* 常量

    【讨论】:

      猜你喜欢
      • 2016-11-27
      • 1970-01-01
      • 2018-01-09
      • 2021-10-14
      • 2021-04-07
      • 2015-10-02
      • 1970-01-01
      • 2017-02-03
      • 2018-05-21
      相关资源
      最近更新 更多