我真的不知道我应该怎么做才能解决我的问题。我尝试在控制器中为受保护的路由实现身份验证。我想检查roles.guard.ts中的用户角色,如果他有必需的控制器之一,控制器将为他打开。我的结构如下所示:
- src
- auth
auth.controller.ts
auth.service.ts
auth.module.ts
- roles
roles.decorator.ts
roles.guard.ts
app.module.ts
main.ts
在auth.service.ts中,我正在使用JwtService来生成令牌并验证令牌,它也可以工作:
import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
@Injectable()
export class AuthService {
constructor(
private readonly jwtService: JwtService
) {
}
findUser(id: number): string {
if (id === 0) throw new Error("User not available");
return "martin";
}
async generateToken(email: string, role: string[]): Promise<string> {
const payload = { email: email, role: role };
return this.jwtService.sign(payload, { expiresIn: '24h', secret: process.env['JWT_SECRET'] });
}
async validateToken(token: string): Promise<boolean> {
const isValidToken = await this.jwtService.verify(token, { secret: process.env['JWT_SECRET'] });
return !!isValidToken;
}
}
在auth.controller.ts中@Roles我使用装饰器来定义所需的用户角色:
import { Body, Controller, Get, Param, UseGuards } from '@nestjs/common';
import { AuthService } from './auth.service';
import { Roles } from '../roles/roles.decorator';
import { RolesGuard } from '../roles/roles.guard';
@UseGuards(RolesGuard)
@Controller('auth')
export class AuthController {
constructor(private authService: AuthService) {
}
@Get(':id')
@Roles('admin')
async findUser(@Body() id: number) {
return this.authService.findUser(id);
}
@Get('generate')
async generateToken() {
return this.authService.generateToken('localhost', ['admin', 'user', 'seller'] );
}
}
我的auth.module.ts没什么特别的,和文档中的一样:
import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { JwtModule } from '@nestjs/jwt';
@Module({
imports: [JwtModule.register({
secret: process.env['JWT_SECRET']
})],
controllers: [AuthController],
providers: [AuthService],
})
export class AuthModule {
}
在激活以检查@Roles角色的roles.guard.ts中,我想使用 JwtService 解码存储在 cookie 中的 JWT 令牌,所以我写了这段代码:
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Observable } from 'rxjs';
import { JwtService } from '@nestjs/jwt';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(
private readonly reflector: Reflector,
private jwtService: JwtService
) {
}
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
const roles = this.reflector.get<string[]>('roles', context.getHandler());
if (!roles) return true;
const request = context.switchToHttp().getRequest();
const user = request.headers;
if (!user.auth_token) return false;
const matchRoles = () => this.jwtService.verify(user.auth_token, { secret: process.env['JWT_SECRET'] });
console.log(matchRoles());
}
}
但是 Nest 在编译代码时返回错误:
Nest can't resolve dependencies of the RolesGuard (Reflector,?). Please make sure that the argument JwtService at index [1] is available in the RolesGuard context.
Potential solutions:
- If JwtService is a provider, is it part of the current Rol
esGuard?
- If JwtService is exported from a separate @Module, is that
module imported within RolesGuard?
@Module({
imports: [ /* the Module containing JwtService */ ]
})
最后,我的app.module.ts:
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { ConfigModule } from '@nestjs/config';
import { Connection } from 'typeorm';
import { APP_GUARD } from '@nestjs/core';
import { RolesGuard } from './roles/roles.guard';
import { AuthModule } from './auth/auth.module';
@Module({
imports: [
ConfigModule.forRoot({
envFilePath: ['.env.development', '.env.production'],
}),
TypeOrmModule.forRoot({
entities: [],
synchronize: true
}),
AuthModule,
RolesGuard
],
controllers: [],
providers: [
{
provide: APP_GUARD,
useClass: RolesGuard
}
],
})
export class AppModule {
constructor(private connection: Connection) {
}
}
我不知道该怎么办?另一个模块仅用于roles.guard.ts还是什么?我真的不想使用护照并实施他的策略,当我应该使用(理论上)JwtService属性时。或者也许我应该将roles.*文件移动到auth目录中?
>RolesGuard不应该在imports数组中。imports数组中唯一应该包含的是模块。所有 Nest 增强器(过滤器、防护、拦截器和管道)也存在于providers数组之外,除非您将它们与各自的APP_*常量全局绑定。