问题描述
我已经开始学习 nestjs、express 和 graphql。 我在尝试授权使用 jwt 令牌进行身份验证的用户访问时遇到问题。 我遵循了 Nestjs website 上的身份验证教程。 我能够获取当前用户,但是当我尝试实现 basic role base access control 时,我无法在 canActivate 方法中访问当前用户。 我认为是因为在 Graphql Guard 之前执行了 Roles Guard。
gql-auth.guard.ts
import { ExecutionContext } from "@nestjs/common";
import { GqlExecutionContext } from "@nestjs/graphql";
import { AuthGuard } from "@nestjs/passport";
export class GqlAuthGuard extends AuthGuard("jwt") {
getRequest(context: ExecutionContext) {
const ctx = GqlExecutionContext.create(context);
console.log("gql simple context: ",context);
console.log("gqlContext: ",ctx.getContext());
return ctx.getContext().req;
}
}
roles.guard.ts
import { CanActivate,ExecutionContext,Injectable } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { GqlExecutionContext } from "@nestjs/graphql";
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext) {
const roles = this.reflector.get<string[]>("roles",context.getHandler());
const ctx = GqlExecutionContext.create(context);
console.log("roles: ",roles);
console.log("context: ",context.switchToHttp().getRequest());
console.log("gqlContext: ",ctx.getContext().req);
return true;
}
}
jwt.strategy.ts
import { Injectable } from "@nestjs/common";
import { PassportStrategy } from "@nestjs/passport";
import { ExtractJwt,Strategy } from "passport-jwt";
import { jwtConstants } from "../constants";
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
jwtFromrequest: ExtractJwt.fromAuthHeaderAsBearerToken(),ignoreExpiration: false,secretorKey: jwtConstants.secret,});
}
validate(payload: any) {
console.log("payload: ",payload);
return payload;
}
}
解析器
@UseGuards(GqlAuthGuard)
@Roles("ADMIN")
@UseGuards(RolesGuard)
@Query((returns) => [Specialty],{ nullable: "itemsAndList",name: "specialties" })
async getSpecialties(@Args() params: FindManySpecialtyArgs,@Info() info: GraphQLResolveInfo) {
const select = new prismaSelect(info).value;
params = { ...params,...select };
return this.prismaService.specialty.findMany(params);
}
以前有人成功实施过吗?
解决方法
您应该在同一个 @UseGuards() 装饰器中使用这两个守卫。喜欢@UseGuards(GqlAuthGuard,RolesGuard)。 Nest 将按顺序运行这些程序,不会出现问题。
export const Authorize = (roles?: string | string[]) =>
applyDecorators(
SetMetadata('roles',[roles].flat()),UseGuards(GqlAuthGuard,RolesGuard),);
@Authorize("ADMIN")
@Query((returns) => [Specialty],{ nullable: "itemsAndList",name: "specialties" })
async getSpecialties(@Args() params: FindManySpecialtyArgs,@Info() info: GraphQLResolveInfo) {
const select = new PrismaSelect(info).value;
params = { ...params,...select };
return this.prismaService.specialty.findMany(params);
}