Cannot set property 'userId' of undefined in session variable - nestjs

Cannot read set property of 'userId' of undefined is a classic error that has been experienced in Express frameworks and documentation here covers what to do about it, but how do you resolve this issue in a NestJS application?

When you get an error message that says Cannot set property 'userId' of undefined you want to look at what is going on with your cookie-session.
Do you have a cookie-session installed?
The error is being thrown whenever you try to set the user id property on the users' session object, because that cookie middleware is not installed or it's not running, you get undefined.
So when you try to set a property on undefined, you get this classic error message.
So your cookie-session may not be set up.
Enough answers were given in a plain ExpressJS API, but what if you are working with NestJS? Well, here is the NestJS way to resolve this.
Import the following to your app.module.ts file:
import { Module, ValidationPipe } from '#nestjs/common';
import { APP_PIPE } from '#nestjs/core';
Go down to your list of providers and inside the array and a brand new object:
providers: [
AppService,
{
provide: APP_PIPE,
useValue: new ValidationPipe({
whitelist: true,
}),
},
],
So what does this really do? It says whenever we create an instance of the app module, automatically make use of it. Apply it to every incoming request that flows to the application, run it through the instance of a class. That's how to set up a global pipe, but you have to set up the cookie session middleware into a global middleware.
You need to import the following to the same file:
import { MiddlewareConsumer, Module, ValidationPipe } from '#nestjs/common';
At the bottom, add the following:
export class AppModule {
configure(consumer: MiddlewareConsumer) {}
}
The configure function gets called automatically whenever the application starts listening for incoming traffic. So inside of here I can set up some middleware that will run on every single incoming request.
To do, we call or reference consumer.apply() like so:
export class AppModule {
configure(consumer: MiddlewareConsumer) {
consumer.apply(
cookieSession({
keys: ['dfghjkl'],
}),
);
}
}
I then need to ensure I add in a require statement for cookie session at the top:
const cookieSession = require('cookie-session');
And at the bottom also add:
export class AppModule {
configure(consumer: MiddlewareConsumer) {
consumer
.apply(
cookieSession({
keys: ['dfghjkl'],
}),
)
.forRoutes('*');
}
}
That means that I want to make use of the middleware on every single incoming request that comes into the application. That should be it.

Related

How to exclude and include different middleware for different modules in nestjs?

I have two auth middleware in my nestjs project.
AdminAuth Middleware
UserAuth Middleware
AdminAuthMiddleware will be used in AdminModule while UserAuthMiddleware will be used in rest of the modules.
export class AppModule implements NestModule {
static register(option: DynamicModuleOptionType): DynamicModule {
return {
module: AppModule,
imports: [
BullQueueModule.register(option),
KafkaModule.register(option),
CronModule.register(option),
],
};
}
configure(consumer: MiddlewareConsumer) {
consumer.apply(CorsMiddleware).forRoutes('*');
consumer.apply(AdminAuthMiddleware).forRoutes('/v1/admin/(.*)');
consumer
.apply(UserAuthMiddleware)
.exclude(
'v1/admin/(.*)',
'/_livez',
'/_healthz',
'/_readyz',
'/swagger.json',
)
.forRoutes('*');
}
}
UserAuthMiddleware middleware is working correctly, but AdminAuthMiddleware is not registering for admin routes.
How can i solve this issue?. Any help will be highly appreciated.
I tried registering AdminAuthMiddleware in AdminModule only, it did not work.
Tried changing the sequence of middleware registration.your text

Angular Universal app not honoring 'useAbsoluteUrl' or HTTP Interceptor on server-side

Our Angular 14 app is configured to use Angular Universal for SSR, and is integrated with our .NET 6 back end. The Universal guide incorrectly states (per this bug) that relative URLs will "automatically" be converted to absolute if you're using Express, but we still get relative URL errors from SSR even after updating our app.server.module.ts to include the necessary setting .useAbsoluteUrl = true (and providing the base URL), which fixes the issue for some per the bug thread:
export class AppServerModule {
constructor(
#Inject(INITIAL_CONFIG) private config: PlatformConfig,
private baseUrlService: BaseUrlService
) {
this.config.baseUrl = this.baseUrlService.getBaseUrl();
this.config.useAbsoluteUrl = true;
}
}
We've also tried implementing a custom HTTP Interceptor to handle the conversion, which doesn't seem to work either when declared as a provider in app.server.module.ts. This must be a misconfiguration issue, right? Our main.server.ts file imports the aspnet-prerendering package and has a default createServerRenderer() method, which calls renderModule(AppServerModule, options), but is something else missing with this approach? The main.server.ts is:
....
export default createServerRenderer(params => {
const { AppServerModule } = (module as any).exports;
const options = {
document: params.data.originalHtml,
url: params.url,
extraProviders: [
{ provide: APP_BASE_HREF, useValue: params.baseUrl },
{ provide: 'BASE_URL', useValue: params.origin }
]
};
// Bypass ssr api call cert warnings in development
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
const renderPromise = renderModule(AppServerModule, options);
return renderPromise.then(html => ({ html }));
});
export { renderModule } from '#angular/platform-server';
export { AppServerModule } from './app/app.server.module';
Microsoft's now-deprecated NodeServices implementation(?) apparently requires the use of commonjs for Node (in tsconfig.server.json), if that's relevant.

Nest js getting session data from the memory store

I was wondering if there is a method to access directly the session memory store and get the session data for a particular session id i'm using express-session package with the nest js freamwork.
Hope you found answers to your question since then. I came up with the following technique which is using NestJS DI system.
Background
According to NestJS official session documentation you can register a session middleware inside your main.ts file.
According to ExpressJS official session middleware documentation (the session(options) on top of the page), you can specify the session store that will be used by the middleware. If its omitted then the default MemoryStore is used.
All the session stores shares a common interface, so its a interchangeable part of your application, which makes a good candidate them to be provided as an injection token by a module. See a list of session stores advised by expressjs.
Implementation details
Create a new module (e.g. SessionModule), then add it to the imports array in your AppModule.
Next we create the injection token for the session store.
import { MemoryStore } from 'express-session';
import { SESSION_STORE } from './session.const';
#Module({
providers: [
{
provide: SESSION_STORE,
useFactory: () => {
return new MemoryStore();
},
},
],
exports: [SESSION_STORE],
})
export class SessionModule {}
where session.const.ts contains a simple export statement
export const SESSION_STORE = 'SESSION_STORE';
Now inside main.ts file, you can get a reference to the session store to setup session middleware.
const store = app.get(SESSION_STORE)
app.use(express.session({
store,
// ... other options
}
));
If you want to access sessionStore in other services / controllers you have to import the SessionModule to the module that declares them.
ex.
#Module({
imports: [SessionModule],
controllers: [UserController]
})
export class UserModule {}
// inside user controller you can inject a reference
// to the session store in the constructor
#Controller('user')
export class UserController {
constructor(#Inject(SESSION_STORE) private sessionStore) {}
}
With the sessionStore property you can get any stored session with the following method documented in the linked expressjs documentation. store.get(sid, callback)

How to reference the app instance in a module in Nest.js

I'm working on a project that's using multiple Nest repos, around 4.
Every repo needs to implementing logging to log things like
Server lifecycle events
Uncaught errors
HTTP requests/responses
Ideally, I'd like to package everything up into a module which I can publish to my company's NPM organization and just consume directly in each of my projects.
That way, it would take very minimal code to get logging set up in each project.
One of the things I'd like to log in my server lifecycle event is the server's url.
I know you can get this via app.getUrl() in the bootstrapping phase, but it would be great to have access to the app instance in a module's lifecycle hook like so.
#Module({})
export class LoggingModule implements NestModule {
onApplicationBootstrap() {
console.log(`Server started on ${app.getUrl()}`)
}
beforeApplicationShutdown() {
console.log('shutting down')
}
onApplicationShutdown() {
console.log('successfully shut down')
}
configure(consumer: MiddlewareConsumer) {
consumer.apply(LoggingMiddleware).forRoutes('*')
}
}
Is this possible?
There's no way (besides hacky ones, maybe) to access the app itself inside modules.
As you can see here, app.getUrl() uses the underlying HTTP server. Thus I guess you can retrieve the same data using the provider HttpAdapterHost.
Ï thought I'd chime in and offer one of the hacky solutions. Only use this, if there is absolutely no other way or your deadline is coming in an hour.
Create a class that can hold the application instance
export class AppHost {
app: INesApplication
}
And a module to host it
#Module({
providers: [AppHost]
exports: [AppHost]
})
export class AppHostModule {}
In your bootstrap() function, retrieve the AppHost instance and assign the app itself
// after NestFactory.create() ...
app.select(AppHostModule).get(AppHost).app = app;
Now, the actual application will be available wherever you inject AppHost.
Be aware, though, that the app will not be available inside AppHost before the whole application bootstraps (in onModuleInit, onApplicationBootstrap hooks or in provider factories), but it should be available in shutdown hooks.
Not sure is that hacky... I'm using this to prevent the server from starting in case of pending migrations.
// AppModule.ts
export class AppModule implements NestModule {
app: INestApplication;
async configure(consumer: MiddlewareConsumer) {
if (await this.hasPendingMigrations()) {
setTimeout(()=> {
this.logger.error("There are pending migrations!")
process.exitCode = 1;
this.app.close();
}, 1000);
}
//...
}
public setApp(app: INestApplication) {
this.app = app;
}
//...
}
//main.ts
const app = await NestFactory.create(AppModule, {
logger: config.cfgServer.logger,
});
app.get(AppModule).setApp(app);

When does session property (express session data object) gets added to request object when using express-session middleware?

When I use express-session middleware, when does the session property in request object(request.session) gets available?
Does it always stay available since the beginning when the server starts? when no session is made (no login) then session data is empty but session property itself is always available on request object. Is is this case? OR
does session object gets attached to request only when someone logs in? and when no user is logged in then request.session is always undefined . is it this?
The intention of this question is to know which, in typescript, out of the follow two type definition I have to use:
(one is using session? and in another session is used)
import { SessionData } from "express-session";
declare module "express-session" {
interface SessionData {
userId: string;
}
}
export interface MyContext {
session: SessionData;
}
OR
import { SessionData } from "express-session";
declare module "express-session" {
interface SessionData {
userId: string;
}
}
export interface MyContext {
session?: SessionData;
}
After long waiting I got the answer in Ben Awad discord channel.
Here it is
Session middleware is always defined, if no session exists on the request it'll return an empty object.
So the option-1 type definition is right, i.e.,
import { SessionData } from "express-session";
declare module "express-session" {
interface SessionData {
userId: string;
}
}
export interface MyContext {
session: SessionData;
}

Resources