Authentication
Authentication is one of the most important aspects of developing. As developers, we always want to make sure that users can only access the resources they have permission to access. Authentication can take many forms, from showing your drivers license or passport to providing a username and password for a login portal. In recent years these authentication methods have expanded out to become more complicated, but we still need the same server-side logic to make sure that these authenticated users are always who they say they are and persist this authentication so they do not need to reauthenticate for every single call to a REST API or Websocket because that would provide a pretty terrible user experience. The chosen library for this is ironically named Passport as well, and is very well known and used in the Node.js ecosystem. When integrated into Nest it uses a JWT (JSON Web Token) strategy. Passport is a Middleware that the HTTP call is passed through before hitting the endpoint at the controller. This is the AuthenticationMiddleware
written for the example project that extends NestMiddleware
, authenticating each user based on the email in the request payload.
@
Injectable
()
export
class
AuthenticationMiddleware
implements
NestMiddleware
{
constructor
(
private
userService
:UserService
)
{
}
async
resolve
(
strategy
:string
)
:
Promise
<
ExpressMiddleware
>
{
return
async
(
req
,
res
,
next
)
=>
{
return
passport
.
authenticate
(
strategy
,
async
(
/*...*/
args
:any
[])
=>
{
const
[,
payload
,
err
]
=
args
;
if
(
err
)
{
return
res
.
status
(
HttpStatus
.
BAD_REQUEST
).
send
(
'Unable to authenticate the user.'
);
}
const
user
=
await
this
.
userService
.
findOne
({
where
:
{
payload.email
}
});
req
.
user
=
user
;
return
next
();
})(
req
,
res
,
next
);
};
}
}
Nest also implements Guards, which are decoratorated with the same @Injectable()
as other providers. Guards restrict certain endpoints based on what the authenticated user has access to. Guards will be discussed more in the Authentication chapter.