DEVHIDE
Login Or Sign up

Nestjs Passport-jwt better Unauthorized strategy

1.7k Views Asked by At

just going through docs on authentication in NestJS: docs.nestjs.com

Here is the code:

import { ExtractJwt, Strategy } from 'passport-jwt';  
import { PassportStrategy } from '@nestjs/passport';
import { Injectable } from '@nestjs/common';
import { jwtConstants } from './constants';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      ignoreExpiration: false,
      secretOrKey: jwtConstants.secret,
    });
  }

  async validate(payload: any) {
    return { userId: payload.sub, username: payload.username };
  }
}

According to docs validate method is called when request contains jwt and that jwt is valid. I am wondering is there a callback method for the case when jwt is missing from request header, or jwt is invalid or expired. I would like to return response error with message to client that their token is expired or missing...

Thanks

nestjs passport.js passport-jwt nestjs-passport nestjs-jwt
Original Q&A
1

There are 1 best solutions below

1
On BEST ANSWER

You could implement a custom strategy and check headers or cookies how you like. This is a (shortened) exmaple I'am using on my app.

import { JwtService } from '@nestjs/jwt';
import { Strategy } from 'passport-custom';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy, 'custom-jwt') {
  constructor(private readonly jwtService: JwtService) {
    super();
  }

  async validate(req: Request): Promise<any> {
    const token = req.cookies.auth ?? req.headers.authorization;
    if (!token) {
      throw new UnauthorizedException();
    }

    const user = this.jwtService.decode(token, {
      json: true
    });

    if (!user) {
      throw new UnauthorizedException();
    }
    if (this.isExpired(user)) {
      throw new UnauthorizedException();
    }

    return user;
  }

  private isExpired(user: JwtUserDto): boolean {
    // ...
  }
}

This code checks for a jwt token either in a "auth"-cookie or in "Authorization"-header and by returning user, it attaches the decoded user (if valid) to the request.

To use it: export class JwtAuthGuard extends AuthGuard('custom-jwt')

It's just an example, to see how it works. You might need to adapt it to fit your needs.

Related Questions in NESTJS

Related Questions in PASSPORT.JS

Related Questions in PASSPORT-JWT

Related Questions in NESTJS-PASSPORT

Related Questions in NESTJS-JWT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.