我按照官方的NestJs文档创建了RoleGuard。但是,即使我的用户有正确的Role,我仍然得到一个403错误。
app.module.ts
@Module({
imports: [
MongooseModule.forRoot(process.env.MONGO_DB_URI),
AuthModule,
UserModule,
ProductModule,
StoreModule,
OrderModule,
],
controllers: [AppController],
providers: [
AppService,
{
provide: APP_GUARD,
useClass: JwtAuthGuard,
},
{
provide: APP_GUARD,
useClass: RolesGuard,
},
],
})
export class AppModule {}
根据文档:
role.enum.ts
export enum Role {
BUYER = 'buyer',
SELLER = 'seller',
ADMIN = 'admin',
}
roles.decorators.ts
import { SetMetadata } from '@nestjs/common';
import { Role } from './role.enum';
export const ROLES_KEY = 'roles';
export const Roles = (...roles: Role[]) => SetMetadata(ROLES_KEY, roles);
roles.guard.ts
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Role } from './role.enum';
import { ROLES_KEY } from './roles.decorators';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const requiredRoles = this.reflector.getAllAndOverride<Role[]>(ROLES_KEY, [
context.getHandler(),
context.getClass(),
]);
if (!requiredRoles) {
return true;
}
const { user } = context.switchToHttp().getRequest();
return requiredRoles.some((role) => user.roles?.includes(role));
}
}
我用@Roles(Role.BUYER)调用了一条路由,并记录了用户和用户。得到{ userId: undefined, email: 'mary@gmail.com' }和undefined。
我的用户实体:
user.entity.ts
import { Document } from 'mongoose';
import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
import { Role } from 'src/auth/roles/role.enum';
export type UserDocument = UserEntity & Document;
@Schema({
collection: 'users',
timestamps: true,
versionKey: false,
})
export class UserEntity {
@Prop({ required: true })
username: String;
@Prop({ required: true })
password: String;
@Prop({ required: true })
email: String;
@Prop({ required: true })
telephone: String;
@Prop({ required: true, type: String, enum: Role, default: Role.BUYER })
roles: Role[];
@Prop()
storeId: String;
}
export const UserSchema = SchemaFactory.createForClass(UserEntity);
编辑:
jwt.strategy.ts
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: false,
secretOrKey: jwtConstants.secret,
});
}
async validate(payload: any) {
return { userId: payload.sub, email: payload.email };
}
}
您的JwtStrategy不返回roles属性,因此req.user.roles将始终是undefined。您需要返回roles属性作为JwtStrategy#validate方法的一部分,以便稍后读取req.user.roles