1

just going through docs on authentication in NestJS: docs.nestjs.com

Here is the code:

import { ExtractJwt, Strategy } from 'passport-jwt';  
import { PassportStrategy } from '@nestjs/passport';
import { Injectable } from '@nestjs/common';
import { jwtConstants } from './constants';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      ignoreExpiration: false,
      secretOrKey: jwtConstants.secret,
    });
  }

  async validate(payload: any) {
    return { userId: payload.sub, username: payload.username };
  }
}

According to docs validate method is called when request contains jwt and that jwt is valid. I am wondering is there a callback method for the case when jwt is missing from request header, or jwt is invalid or expired. I would like to return response error with message to client that their token is expired or missing...

Thanks

momi
  • 332
  • 1
  • 5
  • 17

1 Answers1

1

You could implement a custom strategy and check headers or cookies how you like. This is a (shortened) exmaple I'am using on my app.

import { JwtService } from '@nestjs/jwt';
import { Strategy } from 'passport-custom';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy, 'custom-jwt') {
  constructor(private readonly jwtService: JwtService) {
    super();
  }

  async validate(req: Request): Promise<any> {
    const token = req.cookies.auth ?? req.headers.authorization;
    if (!token) {
      throw new UnauthorizedException();
    }

    const user = this.jwtService.decode(token, {
      json: true
    });

    if (!user) {
      throw new UnauthorizedException();
    }
    if (this.isExpired(user)) {
      throw new UnauthorizedException();
    }

    return user;
  }

  private isExpired(user: JwtUserDto): boolean {
    // ...
  }
}

This code checks for a jwt token either in a "auth"-cookie or in "Authorization"-header and by returning user, it attaches the decoded user (if valid) to the request.

To use it: export class JwtAuthGuard extends AuthGuard('custom-jwt')

It's just an example, to see how it works. You might need to adapt it to fit your needs.

marcel
  • 2,967
  • 1
  • 16
  • 25
  • I will mark this as correct answer, even though I have expected simpler solution, something inside already existing passport-jwt strategy...thank you – momi Mar 21 '22 at 11:28