【发布时间】:2020-12-18 02:56:00
【问题描述】:
我真的不知道该怎么做才能解决我的问题。我尝试在控制器中为受保护的路由实施 AuthGuard。我想检查 roles.guard.ts 中的用户角色,如果他需要其中之一,控制器将为他打开。我的结构如下:
- src
- auth
auth.controller.ts
auth.service.ts
auth.module.ts
- roles
roles.decorator.ts
roles.guard.ts
app.module.ts
main.ts
在 auth.service.ts 中,我使用 JwtService 生成令牌并验证令牌,它也可以正常工作:
import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
@Injectable()
export class AuthService {
constructor(
private readonly jwtService: JwtService
) {
}
findUser(id: number): string {
if (id === 0) throw new Error("User not available");
return "martin";
}
async generateToken(email: string, role: string[]): Promise<string> {
const payload = { email: email, role: role };
return this.jwtService.sign(payload, { expiresIn: '24h', secret: process.env['JWT_SECRET'] });
}
async validateToken(token: string): Promise<boolean> {
const isValidToken = await this.jwtService.verify(token, { secret: process.env['JWT_SECRET'] });
return !!isValidToken;
}
}
在 auth.controller.ts 我使用@Roles 装饰器来定义所需的用户角色:
import { Body, Controller, Get, Param, UseGuards } from '@nestjs/common';
import { AuthService } from './auth.service';
import { Roles } from '../roles/roles.decorator';
import { RolesGuard } from '../roles/roles.guard';
@UseGuards(RolesGuard)
@Controller('auth')
export class AuthController {
constructor(private authService: AuthService) {
}
@Get(':id')
@Roles('admin')
async findUser(@Body() id: number) {
return this.authService.findUser(id);
}
@Get('generate')
async generateToken() {
return this.authService.generateToken('localhost', ['admin', 'user', 'seller'] );
}
}
而我的 auth.module.ts 并没有什么特别之处,和文档中的一样:
import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { JwtModule } from '@nestjs/jwt';
@Module({
imports: [JwtModule.register({
secret: process.env['JWT_SECRET']
})],
controllers: [AuthController],
providers: [AuthService],
})
export class AuthModule {
}
在 roles.guard.ts 被激活以检查来自@Roles 的角色我想使用 JwtService 来解码我存储在 cookie 中的 JWT 令牌,所以我编写了以下代码:
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Observable } from 'rxjs';
import { JwtService } from '@nestjs/jwt';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(
private readonly reflector: Reflector,
private jwtService: JwtService
) {
}
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
const roles = this.reflector.get<string[]>('roles', context.getHandler());
if (!roles) return true;
const request = context.switchToHttp().getRequest();
const user = request.headers;
if (!user.auth_token) return false;
const matchRoles = () => this.jwtService.verify(user.auth_token, { secret: process.env['JWT_SECRET'] });
console.log(matchRoles());
}
}
但是 Nest 在编译代码时返回错误:
Nest can't resolve dependencies of the RolesGuard (Reflector,?). Please make sure that the argument JwtService at index [1] is available in the RolesGuard context.
Potential solutions:
- If JwtService is a provider, is it part of the current Rol
esGuard?
- If JwtService is exported from a separate @Module, is that
module imported within RolesGuard?
@Module({
imports: [ /* the Module containing JwtService */ ]
})
最后我的 app.module.ts:
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { ConfigModule } from '@nestjs/config';
import { Connection } from 'typeorm';
import { APP_GUARD } from '@nestjs/core';
import { RolesGuard } from './roles/roles.guard';
import { AuthModule } from './auth/auth.module';
@Module({
imports: [
ConfigModule.forRoot({
envFilePath: ['.env.development', '.env.production'],
}),
TypeOrmModule.forRoot({
entities: [],
synchronize: true
}),
AuthModule,
RolesGuard
],
controllers: [],
providers: [
{
provide: APP_GUARD,
useClass: RolesGuard
}
],
})
export class AppModule {
constructor(private connection: Connection) {
}
}
我不知道该怎么办?另一个仅适用于roles.guard.ts 的模块还是什么?当我应该(理论上)使用 JwtService 属性时,我真的不想使用护照并实施他的策略。或者我应该将roles.* 文件移动到auth 目录?
【问题讨论】:
标签: typescript jwt nestjs