我为 NestJS 9.4.0 应用程序安装了 Throttler 来保护它,但是当我使用 NestFastify 时它给了我一个错误,有人知道它应该是什么样子吗? A需要使用Fastify进行CSRF等后续安全。很长一段时间以来,我一直在努力解决这个问题,我什至决定在 ChatGPT 上询问,它表明一切都很好。我会补充说,只有在输入适当的路线后才会出现错误。
作品主代码:
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import { ConfigService } from '@nestjs/config';
import {
FastifyAdapter,
NestFastifyApplication,
} from '@nestjs/platform-fastify';
async function bootstrap() {
const app = await NestFactory.create(AppModule);
const configService = app.get(ConfigService);
const port = configService.get<string>('PORT', '');
// Throttler - Protection
app.enableCors({
origin: '*',
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
allowedHeaders: 'Content-Type,Authorization',
credentials: true,
});
await app.listen(port);
}
bootstrap();
主代码不起作用:
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import { ConfigService } from '@nestjs/config';
import {
FastifyAdapter,
NestFastifyApplication,
} from '@nestjs/platform-fastify';
async function bootstrap() {
const app = await NestFactory.create<NestFastifyApplication>(
AppModule,
new FastifyAdapter(),
);
const configService = app.get(ConfigService);
const port = configService.get<string>('PORT', '');
// Throttler - Protection
app.enableCors({
origin: '*',
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
allowedHeaders: 'Content-Type,Authorization',
credentials: true,
});
await app.listen(port);
}
bootstrap();
应用程序模块代码:
@Module({
imports: [
ConfigModule.forRoot({
ignoreEnvFile: !!process.env.CI,
envFilePath: join(__dirname, '..', '.env'),
validationSchema: envSchema,
}),
TypeOrmModule.forRootAsync({
useClass: TypeOrmConfigService,
}),
// Throttler - Protection
ThrottlerModule.forRoot({
ttl: Number(process.env.THROTTLER_TTL),
limit: Number(process.env.THROTTLER_LIMIT),
storage: {
store: 'redis',
options: {
url: `redis://${process.env.REDIS_HOST}:${process.env.REDIS_PORT}`,
},
},
}),
PassportModule.registerAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: async (configService: ConfigService) => ({
defaultStrategy: configService.get('jwt.defaultStrategy'),
}),
}),
AuthModule,
UsersModule,
],
controllers: [AppController],
providers: [AppService],
})
export class AppModule {}
错误:
[Nest] 26552 - 01.05.2023, 22:48:28 ERROR [ExceptionsHandler] res.setHeader is not a function
TypeError: res.setHeader is not a function
at FacebookStrategy.strategy.redirect (H:\xampp\htdocs\facebook-app\server\node_modules\passport\lib\middleware\authenticate.js:331:13)
at stored (H:\xampp\htdocs\facebook-app\server\node_modules\passport-oauth2\lib\strategy.js:285:14)
at NullStore.store (H:\xampp\htdocs\facebook-app\server\node_modules\passport-oauth2\lib\state\null.js:5:3)
at FacebookStrategy.OAuth2Strategy.authenticate (H:\xampp\htdocs\facebook-app\server\node_modules\passport-oauth2\lib\strategy.js:297:28)
at FacebookStrategy.Strategy.authenticate (H:\xampp\htdocs\facebook-app\server\node_modules\passport-facebook\lib\strategy.js:84:41)
at attempt (H:\xampp\htdocs\facebook-app\server\node_modules\passport\lib\middleware\authenticate.js:369:16)
at authenticate (H:\xampp\htdocs\facebook-app\server\node_modules\passport\lib\middleware\authenticate.js:370:7)
at H:\xampp\htdocs\facebook-app\server\node_modules\@nestjs\passport\dist\auth.guard.js:97:3
at new Promise (<anonymous>)
at H:\xampp\htdocs\facebook-app\server\node_modules\@nestjs\passport\dist\auth.guard.js:89:83
Passport 并不always 与 Fastify 一起工作,尤其是与 OAuth 特定策略。为了解决这个问题,您可以使用方法和属性装饰
FastifyReply
和 FastifyRequest
对象以使护照工作。以下代码片段可用于相应地修改和装饰对象:
const fastifyInstance: FastifyInstance = app.getHttpAdapter().getInstance()
fastifyInstance
.addHook('onRequest', async (req, res) => {
req.socket['encrypted'] = process.env.NODE_ENV === 'production'
})
.decorateReply('setHeader', function (name: string, value: unknown) {
this.header(name, value)
})
.decorateReply('end', function () {
this.send('')
})
在您致电
main.ts
之前将此添加到您的app.listen()
,它应该可以工作