I'm about to update my project dependencies to the next major versions but i can't get nestjs/graphql + nestjs/passport to work.
It looks like the request header is not passed through apollo server. Everytime when passport tries to extract the bearer token from the header i get an exception with the following stacktrace:
TypeError: Cannot read property 'headers' of undefined,
at JwtStrategy._jwtFromRequest (/Users/wowa/workspace/foxcms-backend/node_modules/passport-jwt/lib/extract_jwt.js:58:21),
at JwtStrategy.authenticate (/Users/wowa/workspace/foxcms-backend/node_modules/passport-jwt/lib/strategy.js:93:22),
at attempt (/Users/wowa/workspace/foxcms-backend/node_modules/passport/lib/middleware/authenticate.js:361:16)",
at authenticate (/Users/wowa/workspace/foxcms-backend/node_modules/passport/lib/middleware/authenticate.js:362:7)",
at Promise (/Users/wowa/workspace/foxcms-backend/node_modules/#nestjs/passport/dist/auth.guard.js:77:3)",
at new Promise ()",
at /Users/wowa/workspace/foxcms-backend/node_modules/#nestjs/passport/dist/auth.guard.js:69:83",
at MixinAuthGuard. (/Users/wowa/workspace/foxcms-backend/node_modules/#nestjs/passport/dist/auth.guard.js:44:36)",
at Generator.next ()",
at /Users/wowa/workspace/foxcms-backend/node_modules/#nestjs/passport/dist/auth.guard.js:19:71"
This is how my app.module looks like:
#Module({
imports: [
GraphQLModule.forRoot({
typePaths: ['./src/**/*.graphql'],
}),
UserModule,
ContentTypeModule,
PrismaModule,
ProjectModule,
AuthModule,
],
})
export class AppModule implements NestModule {
constructor(
private readonly graphQLFactory: GraphQLFactory,
#Inject('PrismaBinding') private prismaBinding,
) {}
configure(consumer: MiddlewareConsumer) {}
}
I just wanted to ask here before i open an issue on github. Anyone a idea whats wrong?
You can manage the object request with this form:
GraphQLModule.forRoot({
typePaths: ['./**/*.graphql'],
installSubscriptionHandlers: true,
context: (({ req }) => {
return { request: req }
}),
},
And create your own Guard:
export class CatsGuard implements CanActivate {
constructor(readonly jwtService: JwtService/*, readonly userService: UsersService*/) {}
canActivate(context: ExecutionContext): boolean {
const ctx = GqlExecutionContext.create(context);
const request = ctx.getContext().request;
const Authorization = request.get('Authorization');
if (Authorization) {
const token = Authorization.replace('Bearer ', '');
const { userId } = this.jwtService.verify(token) as { userId: string };
return !!userId;
}
}
}
The provided AuthGuard from the passport module is currently not working with the graphql module.
https://github.com/nestjs/graphql/issues/48
Related
I am trying to write tests for a small project in NestJS. Here is the relevant code for context:
dummy.controller.ts
#Controller(UrlConstants.BASE_URL + 'dummy')
export class DummyContoller {
constructor(
private readonly sessionService: SessionService,
) { }
#Get('validateSession')
async checkValidateSession(#Query('sessionId') sessionId: string) {
const session = await this.sessionService.validateSession(sessionId);
console.log(session);
return { message: "OK" };
}
}
session.service.ts
#Injectable()
export class SessionService {
constructor(
private readonly sessionRepo: SessionRepository,
private readonly accountRepo: AccountRepository
) { }
#WithErrorBoundary(AuthCodes.UNKNOWN_LOGIN_ERROR)
async validateSession(sessionId: string) {
const session = await this.sessionRepo.findOneBy({ sessionId });
if (!session || this.isSessionExpired(session)) {
session && await this.sessionRepo.remove(session);
throw new HttpException({
code: AuthCodes.SESSION_TIMEOUT,
message: AuthMessages.SESSION_TIMEOUT
}, HttpStatus.UNAUTHORIZED)
}
return session;
}
...
}
session.repository.ts (Any repository)
#Injectable()
export class SessionRepository extends Repository<Session> {
constructor(private dataSource: DataSource) {
super(Session, dataSource.createEntityManager())
}
...
}
This is how I wrote my test (this is my first time writing a test using Jest and I am not really experienced in writing tests in general):
describe('DummyController', () => {
let dummyContoller: DummyContoller;
let sessionService: SessionService;
let sessionRepo: SessionRepository;
let accountRepo: AccountRepository;
beforeEach(async () => {
const module = await Test.createTestingModule({
controllers: [DummyContoller],
providers: [SessionService, SessionRepository, AccountRepository]
}).compile();
dummyContoller = module.get<DummyContoller>(DummyContoller);
sessionService = module.get<SessionService>(SessionService);
sessionRepo = module.get<SessionRepository>(SessionRepository);
accountRepo = module.get<AccountRepository>(AccountRepository);
})
describe('checkValidateSession', () => {
it('should return valid session', async () => {
const sessionId = "sessionId1";
const session = new Session();
jest.spyOn(sessionService, 'validateSession').mockImplementation(async (sessionId) => session);
expect(await dummyContoller.checkValidateSession(sessionId)).toBe(session);
})
})
})
Upon running the test, I encounter:
Nest can't resolve dependencies of the SessionRepository (?). Please make sure that the argument DataSource at index [0] is available in the RootTestModule context.
Potential solutions:
- If DataSource is a provider, is it part of the current RootTestModule?
- If DataSource is exported from a separate #Module, is that module imported within RootTestModule?
#Module({
imports: [ /* the Module containing DataSource */ ]
})
I looked this problem and I came across a number of solutions but most of them had #InjectRepository() instead of creating a separate Repository class where they would provide getRepositoryToken() and then use a mock factory [Link]. I couldn't find a way to make this work.
Another solution suggested using an in-memory database solution [Link]. But this felt more like a hack rather than a solution.
How can I test the above setup?
Based on this comment, I was able to get this working by using the following in the providers in the test:
providers: [
SessionService,
{ provide: SessionRepository, useClass: SessionMockRepository },
]
SessionMockRepository contains a mocked version of all additional functions in that particular repository:
export class SessionMockRepository extends Repository<Session> {
someFunction = async () => jest.fn();
}
Currently, this works for me so I am accepting this. I am still open to more answers if there is a better way to do this.
[SOLVED] I'm pretty new to NestJS and trying to get my head around durable providers but i can't get them to work.
My scenario is that i have a service with some logic and two providers that implement the same interface to get some data. Depending on a custom header value i want to use Provider1 or Provider2 and the service itself does not have to know about the existing provider implementations.
Since i'm in a request scoped scenario but i know there are only 2 possible dependency-subtrees i want to use durable providers that the dependencies are not newly initialised for each request but reused instead.
I set up the ContextIdStrategy as described in the official docs and it is executed on each request but i miss the part how to connect my provider implementations with the ContextSubtreeIds created in the ContextIdStrategy.
Interface:
export abstract class ITest {
abstract getData(): string;
}
Implementations:
export class Test1Provider implements ITest {
getData() {
return "TEST1";
}
}
export class Test2Provider implements ITest {
getData() {
return "TEST2";
}
}
Service:
#Injectable()
export class AppService {
constructor(private readonly testProvider: ITest) {}
getHello(): string {
return this.testProvider.getData();
}
}
Controller:
#Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
#Get()
getData(): string {
return this.appService.getData();
}
}
ContextIdStrategy:
const providers = new Map<string, ContextId>([
["provider1", ContextIdFactory.create()],
["provider2", ContextIdFactory.create()],
]);
export class AggregateByProviderContextIdStrategy implements ContextIdStrategy {
attach(contextId: ContextId, request: Request) {
const providerId = request.headers["x-provider-id"] as string;
let providerSubTreeId: ContextId;
if (providerId == "provider1") {
providerSubTreeId = providers["provider1"];
} else if (providerId == "provider2") {
providerSubTreeId = providers["provider2"];
} else {
throw Error(`x-provider-id ${providerId} not supported`);
}
// If tree is not durable, return the original "contextId" object
return (info: HostComponentInfo) =>
info.isTreeDurable ? providerSubTreeId : contextId;
}
}
Main:
async function bootstrap() {
const app = await NestFactory.create(AppModule);
ContextIdFactory.apply(new AggregateByProviderContextIdStrategy());
await app.listen(3000);
}
bootstrap();
Module:
#Module({
imports: [],
controllers: [AppController],
providers: [
{
provide: ITest,
useFactory: () => {
// THIS IS THE MISSING PIECE.
// Return either Test1Provider or Test2Provider based on the ContextSubtreeId
// which is created by the ContextIdStrategy
return new Test1Provider();
},
},
AppService,
],
})
export class AppModule {}
The missing part was a modification of the ContextIdStrategy return statement:
return {
resolve: (info: HostComponentInfo) => {
const context = info.isTreeDurable ? providerSubTreeId : contextId;
return context;
},
payload: { providerId },
}
after that change, the request object can be injected in the module and where it will only contain the providerId property and based on that, the useFactory statement can return different implementations
I am working on a multi-tenant app using NestJS and I store the tenantId in the token using Jwt, I need to create a database tenant connection before I do database operations but the provider(code below) is being executed before the JwtAuthGuard but I need the guard to be executed first, Is there a way to change the order of execution?
Controller method (uses JwtAuthGuard):
#Post()
#UsePipes(new ValidationPipe())
#UseGuards(JwtAuthGuard)
create(#Body() createUserDto: CreateFruitDto) {
return this.fruitsService.create(createUserDto);
}
Passport strategy (JwtAuthGuard):
export class JwtStrategy extends PassportStrategy(Strategy) {
private logger = new Logger('JwtStrategy');
constructor(private configService: JwtConfigService) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: configService.ignoreExpiration,
secretOrKey: configService.options.secret,
});
}
async validate(payload: any) {
//injects user into req
return {
userId: payload.sub,
email: payload.email,
tenantId: payload.tenant,
};
}
}
Provider being injected into FruitsModule:
provide: 'TENANT_CONTEXT',
scope: Scope.REQUEST,
inject: [REQUEST],
useFactory: (req: Request): ITenantContext => {
const { user } = req as any;
Logger.log(user); // is undefined
const tenantContext: ITenantContext = {
user.tenantId,
};
return tenantContext;
},
IMHO best to avoid request scoped providers. That should have never been introduced in Nest. That scope bubbles up and makes everything above it request scoped as well.
You could introduce middleware to work around this. Middlewares are executed before guards. The auth guard validates and extracts data from the JWT token and stores it on req.user. Configure a middleware to prepare a user property on the request. Its setter will be executed when the auth guard sets the user property on the request and it will extract the tenant ID for you.
interface ExecutionMetadata {
tenantId?: number;
}
export class TenantContextMiddleware implements NestMiddleware {
public async use(req: Request, res: Response, next: NextFunction) {
this.metadata: ExecutionMetadata = { tenantId: req.user?.tenantId };
Object.definePropery(req, 'user', {
set(user) {
this._user = user;
this.metadata.tenantId = user?.tenantId;
},
get() {
return this._user;
}
});
next();
}
}
Here I extract the tenant ID from the req.user and store it on the req.metadata property.
Using the createParamdecorator() function from NestJS you could then write a simple parameter decorator to inject this metadata.
import { createParamDecorator, ExecutionContext } from '#nestjs/common';
export const Metadata = createParamDecorator(
(data: unknown, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest();
return request.metadata;
},
);
You can then use this decorator to inject this metadata into your controller.
#Controller('cats')
export class CatsController {
#Get()
findAll(#Metadata() metadata: ExecutionMedata): string {
...
}
}
Remark: This decorator will only work for controller methods! NestJS is able to resolve the value for you at that stage of the request. Similar to the #Body(), #Param(), #Query()...decorators. Then you can pass this metadata down as an argument. Or you could do something fancy and setup asynchronous context tracking.
I created an interceptor to edit data after passing the controller.
It works with HTTP but not with WS.
This is the code of my interceptor :
#Injectable()
export class SignFileInterceptor implements NestInterceptor {
constructor(private fileService: FilesService) {}
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
return next.handle().pipe(
map(async (data) => {
const paths = getFilesDtoPaths(data);
for (const path of paths) {
const file = get(data, path);
// Returns a promise
const signed = await this.fileService.signFile(file);
set(data, path, signed);
}
return data; // The data is edited and we can return it.
}),
);
}
}
To use it for HTTP, I add the interceptor to the app module :
providers: [
AppService,
{
provide: APP_INTERCEPTOR,
useClass: SignFileInterceptor,
}
]
With this, all my HTTP requests are intercepted, and the response is correct.
I want to make the same thing with WS using the same interceptor.
#WebSocketGateway({
cors,
allowEIO3: true,
})
#UseInterceptors(SignFileInterceptor) // Interceptor added HERE
#Injectable()
export class EventsGateway {
constructor() {}
#WebSocketServer()
server!: Server;
#SubscribeMessage('name1')
async handleJoinRoom(
): Promise<string> {
return 'john doe'
}
#SubscribeMessage('name2')
async handleJoinRoom(
): Promise<string> {
return 'john doe 2'
}
}
When a WS is triggered, the code is executed, but the data is returned BEFORE the end of my interceptor execution.
The data is not edited.
I appreciate your help.
Change map to mergeMap or switchMap to handle the async execution of the code. map from RxJS is a synchronous method.
This interceptor works well for HTTP and WS.
Another issue in my project caused the problem.
Sorry for the inconvenience.
I have created a guard in a separate module for checking feature flags as below
#Injectable()
export class FeatureFlagGuard implements CanActivate {
constructor(
private reflector: Reflector,
private featureFlagService: FeatureFlagService
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const featureKey = this.reflector.get<string>(
FEATURE_FLAG_DECORATOR_KEY,
context.getHandler()
);
if (!featureKey) {
return true;
}
return await this.featureFlagService.isFeatureEnabled(featureKey);
}
}
and here is my decorator
import { SetMetadata } from '#nestjs/common';
export const FEATURE_FLAG_DECORATOR_KEY = 'FEATURE_FLAG';
export const FeatureEnabled = (featureName: string) =>
SetMetadata(FEATURE_FLAG_DECORATOR_KEY, featureName);
Then in appModule I provided the FeatureFlagGuard as below
providers: [
{
provide: APP_GUARD,
useClass: FeatureFlagGuard
}
]
Then in my controller
#FeatureEnabled('FEATURE1')
#Get('/check-feature-flag')
checkFeatureFlag() {
return {
date: new Date().toISOString()
};
}
When I run the code I get this error, since the reflector is injected as null into my service
[error] [ExceptionsHandler] Cannot read properties of undefined (reading 'get')
Not sure what I missed
Thanks to #jayMcDoniel to give me a clue
The issue was the FeatureFlagService was not exported from the module. When I exported it the issue is resolved