As title.
I am learning Nest.js.
there are many provider in nest ,
such as middleware、pipe、guard、interceptor.
For me ,they are middleware.
How to distinguish their usage scenario.
Thanks all.
each one has its specific usage
for example :
we use Gards when we want to give acces conditions to an end point or a global controller for example we want the service "update user" to be only called by admins (user with role Admin)
we use Pipes to transform the input data to a specific form or to validate some inputs
learn more here in nestJs doccumentation
Related
Greeting, guys
I'm currently working on an authorization function on NestJS for my side project and use Casbin to apply my policies and permissions for users.
One step is that I want to provide an array of [handler name(ie. getAllUsers), api route(ie. api/v1/users), method(ie. get)] as an policy list while app bootstrap which will be wrote to database.
Getting api&method list is not a problem but question is I could't find a solution to get all of the handler name while app bootstrap
Do you have any experience or thoughts on it? would be much appreciate for your valuable sharing.
for the api&method way, I took this post as a reference and it worked well.
for handler name, I was thinking about the ExecutionContext from NestJs but it seems to be working in an interceptor while there is a request
** for those who might wonder why I need to put handler name in my polices, here is the way I implement the Casbin rule.
list a basic policies for all my apis.
create an role and add policies to it by handler name.
appoint the role to the user(whatever the user is) and the user can only access the allowed apis to perform.
I am making a project using nestjs.
I want to prevent users with a specific role in all controllers except for one controller.
I know, add #UseGuard(RoleGuard) #Role(UserRole.Guest) to each controller.
But I have a lot of controllers, and more will be added over and over again.
Is there a way to do it all at once like middleware?
thank you!
Could you not have a base controller that you extend and add the decorator to the constructor or something?
Also, check out useGlobalPipes to see if that can help with shared request logic.
I suppose this type of topics always exist, but i like to have an specifics opinion for my case.
Since 1/2 month i'm thinking about make a listing web application for my daily life (shopping, due, etc.)
I started out define my object model like this (very simple design model)
Models image
So, i decid to create a NodeJS API for back-end, and Angular 7 for front-end. It's not a technical problem for me to develop the application and the API, but my problem is in the design of this, and particuly to the routes design.
My first suggestion for routes API is :
User :
/users
/users/:id
List :
/lists
/lists/:id
Element :
/elements
/elements/:id
Technicaly it's ok, but i'm not sure it's the good practices.
As User contains List and List contains Element, Wouldn't it be better to have routes like this :
/users/:id
/users/:id/list
/users/:id/list/:id
/users/:id/list/:id/element
/users/:id/list/:id/element/:id
Thanks for your answers, or suggestions !
PS : If you have any web sites / video / topics ... to suggests, do not hesitate.
I'd say you got it OK in the first place, the second approach is messy as you can get huge routes, and you're sending a lot unnecesary data. Why do you need the user id to get an element? An element is an entity by itself, and it will probably grow, you may need to get related elements, filter them... its better to just have /elements
What you can do is find simple relations, like:
/users/:id/lists
/lists/:id/elements
I'd recommend reading building apis you won't hate :)
Firstly you are in absolute correct path of defining Routes in angular, at the same time you have to use Lazy loading concept of Routing.
I would recommend you to, go for plural sight course , by Deborah Kurata. I'm not trying to promote or advertise anything but for your current situation that course would be the right guidance. It would provide you all the necessary things that you need to build enterprise ready apps.
Alternatively Core UI Angular provides some best designs which are already implemented with Angular Route and things. Lazy loading and other Angular routing are implemented, all you need to do is understand it.
Hope this helps.,
Principle
as short as possible
easy to read
user-friendly input when the user enters the URL
Examples
User list
/users
User detail
/user/:id
Add user
/user/new
User's functional page
/user/:id/tel
I have a resource /cars and the endpoint in angular defined as
$resource('/cars/:carsId');
to GET all cars and a specific car.
At the server level, I have also added a middle-ware to check that carsId is always a valid MongoID.
Now I want to define another endpoint to GET all redcars.
My initial though was to add another resource like
$resource('/cars/redcars');
but this does not work since at the server level, my middle-ware will through an error because redcars is not valid MongoID.
My question is what is the best approach in this case ?
I can add a logic at server to check if the MongoID is invalid, but, if the value is redcars then return all redcars.
or there is a better way of doing this.
Thanks
pkpk
Typical patterns are:
use query parameters, as in, /cars/search?color=red
use /cars/types where the /cars/types/:color can be applied
An excellent resource for design patterns in API design is the Apigee API guide. NOTE: I am not endorsing Apigee by recommending their guide; I simply find that this ebook has many useful patterns collected in one place.
I'm using VLine in a custom app with imported users, and am wondering if there's any way to limit the users a specific user is allowed to initiate a call with?
I am assuming you mean the vLine WebClient when you mean custom app with imported users? In that case, there is no way to limit users yet. It will be great if you can file a feature request with exactly what you are looking for at https://vline.uservoice.com/.
If you are using the low-level APIs to build your app, of course you can do anything you want.