我有一个Auth Guard,它依赖于附加到请求的用户对象:
import { Injectable, CanActivate, ExecutionContext, UseGuards } from "@nestjs/common"
import { DefaultAuthGuard } from "./default.guard"
@Injectable()
export class OwnerGuard implements CanActivate {
canActivate(context: ExecutionContext): boolean {
const request = context.switchToHttp().getRequest()
return request.user.id === request.params["userId"]
}
}
DefaultAuthGuard只是JwtAuthGuard:
import { JwtAuthGuard } from "./jwt.guard"
export { JwtAuthGuard as DefaultAuthGuard }
JwtAuthGuard:
import { Injectable } from "@nestjs/common"
import { AuthGuard } from "@nestjs/passport"
@Injectable()
export class JwtAuthGuard extends AuthGuard("jwt") {}
这需要使用如下防护措施:
@Get(":userId/applications")
@UseGuards(JwtAuthGuard)
@UseGuards(OwnerGuard)
async list(@Param("userId") userId: string): Promise<ApplicationDto[]> {
return await this.userApplicationsService.list(userId)
}
因为JwtAuthGuard是登录发生的地方,并且用户对象通过护照附加到了请求上。
我想删除此隐式依赖项,并具有以下内容:
@Get(":userId/applications")
@UseGuards(OwnerGuard)
async list(@Param("userId") userId: string): Promise<ApplicationDto[]> {
return await this.userApplicationsService.list(userId)
}
我最初的方法是将JwtAuthGuard注入到OwnerGuard中,如下所示:
import { Injectable, CanActivate, ExecutionContext, UseGuards } from "@nestjs/common"
import { DefaultAuthGuard } from "./default.guard"
@Injectable()
export class OwnerGuard implements CanActivate {
constructor(private readonly defaultAuthGuard: DefaultAuthGuard) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest()
await this.defaultAuthGuard.logIn(request)
return request.user.id === request.params["userId"]
}
}
但是不幸的是屈服
Error: passport.initialize() middleware not in use
at IncomingMessage.req.login.req.logIn (...passport/lib/http/request.js:46:34)
关于如何实现这一目标的任何想法?