时间戳

首页 > 解决方案 > 用户不可用 NestJS 护照策略(文档示例除外)

passport.js - 用户不可用 NestJS 护照策略(文档示例除外)

问题描述

我正在尝试实施护照策略(passport-headerapikey),我能够让它工作并且我可以保护我的路线。但是请求是空的,无法访问登录的用户?

import { HeaderAPIKeyStrategy } from "passport-headerapikey";
import { PassportStrategy } from "@nestjs/passport";
import { Injectable, NotFoundException } from "@nestjs/common";
import { CompanyService } from "../../companies/companies.service";

@Injectable()
export class ApiKeyStrategy extends PassportStrategy(HeaderAPIKeyStrategy, "api-key") {
  constructor(private readonly companyService: CompanyService) {
    super(
      {
        header: "Authorization",
        prefix: "Api-Key "
      },
      true,
      async (apiKey, done) => {
        return this.validate(apiKey, done);
      }
    );
  }

  public async validate(apiKey: string, done: (error: Error, data) => {}) {
    const company = await this.companyService.findByApiKey(apiKey);
    if (company === null) {
      throw new NotFoundException("Company not found");
    }
    return company;
  }
}


@UseGuards(AuthGuard("api-key"))
export class CompaniesController {
  constructor(private companyService: CompanyService) {}
  @Get()
  @ApiOperation({ title: "Get company information" })
  public getCompany(@Request() req) {
    // here request is empty, so i cannot access the user..
    console.log("request", req);
    return [];
  }
}

谢谢你的帮助 !

标签: passport.jsnestjs

解决方案

要访问登录的用户,您可以在请求中注入对象。为此,在您的ApiKeyStrategy构造函数中,将第三个参数更改为如下所示:

async (apiKey, verified, req) => {
  const user = await this.findUser(apiKey);
  // inject the user in the request
  req.user = user || null;
  return verified(null, user || false);
}

现在,您可以访问已登录的用户:

getCompany(@Request() req) {
  console.log(req.user);
}

我希望这可以帮助你。

推荐阅读