我想知道如何通过常用的NestJS Auth惯例完成HTTP基本认证。
例如,如果我使用这样的AuthGuard,则会出现错误
(node:336) UnhandledPromiseRejectionWarning: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { compareSync } from 'bcrypt';
import { User } from 'src/user/user.entity';
import { Repository } from 'typeorm';
@Injectable()
export class AuthGuard implements CanActivate {
constructor(
@InjectRepository(User) private readonly userRepository: Repository<User>,
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest();
const b64auth = (request.headers.authorization || '').split(' ')[1] || '';
const [username, password] = Buffer.from(b64auth, 'base64')
.toString()
.split(':');
const user = await this.userRepository.findOne({
where: { username },
});
if (user && compareSync(password, user.password) !== false) {
request.user = user;
return true;
}
const response = context.switchToHttp().getResponse();
response.set('WWW-Authenticate', 'Basic realm="Authentication required."'); // change this
response.status(401).send();
return false;
}
}
[我怀疑,返回假(并让Nest处理响应)不与“手动”将响应状态代码设置为401并发送响应一起玩。
如何使用这种古老的http授权机制保护某些路由?
我建议实现一个ExceptionFilter
来侦听由后卫明确抛出的异常(ExceptionFilter
)。然后,在过滤器中,根据需要设置响应,这样警卫就不会尝试发送多个响应,并且您可以根据需要设置响应。