目前我正在尝试学习nestjs,为此我按照官方(cat-)教程构建了一个基本的用户身份验证系统。
当您访问API更改用户名或密码时,请求应检查用户是否是有效用户(从数据库读取用户)。 为了存储用户,我已经有了 mongodb 连接。
我目前正在努力如何获得守卫中的数据库模块/访问权限。
守卫正在工作,但只返回 true,我尝试注入我的数据库模块,但没有成功。
@Injectable()
export class AuthGuard implements CanActivate {
canActivate(
context: ExecutionContext,
): boolean | Promise<boolean> | Observable<boolean> {
const request = context.switchToHttp().getRequest();
return this.validateRequest(request);
}
validateRequest(execContext: ExecutionContext): boolean | Promise<boolean> | Observable<boolean>{
const request = execContext.switchToHttp().getRequest();
const user = request.user;
return true;
}
}
使用 findOne 方法扩展 UserService 类并将其注入到服务中是正确的方法吗?
@Injectable()
export class UserService{
constructor(@Inject('USER_MODEL') private readonly userModel: Model<User>){}
async create(createUserDto: CreateUserDto): Promise<User>{
const createdUser = new this.userModel(createUserDto);
return await createdUser.save();
}
async update(updateUserDto: UpdateUserDto): Promise<User>{
const updateUser = new this.userModel(updateUserDto);
return await this.userModel.updateOne({loginname: updateUser.loginname}, this.getUpdateQueryFromUserModel(updateUser));
}
async delete(deleteUserDto: DeleteUserDto): Promise<User>{
const deleteUser = new this.userModel(deleteUserDto);
return await this.userModel.deleteAll({loginname:deleteUser.loginname}).exec();
}
async findAll(): Promise<User[]> {
return await this.userModel.find().exec();
}
getUpdateQueryFromUserModel(userModel: Model<User>): Object {
let query = {};
if(userModel.dispname !== undefined && userModel.dispname !== null){
query["dispname"] = userModel.dispname;
}
if(userModel.pw !== undefined && userModel.pw !== null){
query["pw"] = hash.sha256().update(userModel.pw).digest('hex');
}
return query;
}
}
您能告诉我正确的方法是什么样的吗? 预先感谢!
我找到了数据库访问的解决方案,可以直接注入(之前尝试过,但由于另一个问题而失败)。
@Injectable()
export class AuthGuard implements CanActivate {
constructor(@Inject('UserService')private readonly userService:UserService){}
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
const request = context.switchToHttp().getRequest();
return this.validateRequest(request);
}
async validateRequest(execContext: ExecutionContext): Promise<boolean>{
const request = execContext.switchToHttp().getRequest();
const user = request.user;
console.log(await this.userService.findAll());
return new Promise<boolean>((resolve, reject) => {
return true;
});
}
}
我的代码现在看起来像这样,在构造函数中注入了服务,但它仍然不能完全工作,因为当我尝试运行
execContext.switchToHttp().getRequest()问候帕斯卡
这是我的实现,效果很好
import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common'
import { Reflector } from '@nestjs/core'
import { IS_PUBLIC_KEY } from 'src/decorators'
import { IResourcePermission, RESOURCE_PERMISSION_KEY } from 'src/decorators/resource-permission.decorator'
import { RolesPermissionsLogicService } from 'src/modules/roles-permissions/services/roles-permissions-logic.service'
@Injectable()
export class AuthorizeGuard implements CanActivate {
constructor(
private readonly rolesPermissionsLogicService: RolesPermissionsLogicService,
private reflector: Reflector,
) {}
canActivate(context: ExecutionContext): Promise<boolean> {
return this.validateRequest(context)
}
async validateRequest(ctx: ExecutionContext): Promise<boolean> {
const isRoutePublic = this.reflector.get<string>(IS_PUBLIC_KEY, ctx.getHandler())
const resourcePermission = this.reflector.get<IResourcePermission>(RESOURCE_PERMISSION_KEY, ctx.getHandler())
if (isRoutePublic || !resourcePermission) {
return true
}
const { user } = ctx.switchToHttp().getRequest()
const rolePermissions = await this.rolesPermissionsLogicService.getOneRole({
name: user.userRole,
permissions: {
$elemMatch: {
name: resourcePermission.resource,
[`actions.${resourcePermission.scope}`]: true,
},
},
})
if (!rolePermissions) {
throw new UnauthorizedException('Not authorized to access this resource')
}
return true
}
}