NestJS is an extensible framework for building server-side applications using TypeScript. One of its key features is the ability to implement guards, which provide a way to intercept and control the flow of incoming requests to routes. Guards are used to implement authorization logic, ensuring that only authorized users can access certain routes. This article will explore how to create and use guards in NestJS to protect routes effectively.
What are Guards?
In NestJS, guards are classes that implement the CanActivate interface. They determine whether a request should be handled by the route handler or not. Guards are typically used for authentication and authorization purposes, but they can also be used for other use cases like request validation.
How do Guards work?
Guards are executed before the route handler and can perform any necessary checks to decide if the request is allowed to proceed. They return a boolean value, a promise that resolves to a boolean, or an observable that emits a boolean. If the value is true, the request proceeds; otherwise, it is blocked.
Steps to Create Guards
Step 1: Install the nestjs cli
npm i -g @nestjs/cli
Step 2: Create a NestJS project
nest new nest-gfg
cd nestgfg
Step 3: Create a guard using the following command.
nest generate guard guards/auth
Folder Structure
Folder StructureDependencies
"dependencies": {
"@nestjs/common": "^10.0.0",
"@nestjs/core": "^10.0.0",
"@nestjs/mongoose": "^10.0.10",
"@nestjs/platform-express": "^10.0.0",
"class-transformer": "^0.5.1",
"class-validator": "^0.14.1",
"reflect-metadata": "^0.2.0",
"rxjs": "^7.8.1"
}Example: Implementing Guards while accessing a specific route.
JavaScript
// src/guards/auth/auth.guard.ts
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Observable } from 'rxjs';
@Injectable()
export class AuthGuard implements CanActivate {
canActivate(
context: ExecutionContext,
): boolean | Promise<boolean> | Observable<boolean> {
const request = context.switchToHttp().getRequest();
return this.validateRequest(request);
}
validateRequest(request: any): boolean {
// Add your authentication logic here
const authHeader = request.headers.authorization;
return authHeader && authHeader === 'Bearer my-secret-token';
}
}
// src/app.controller.ts
import { Controller, Get, UseGuards } from '@nestjs/common';
import { AuthGuard } from './guards/auth/auth.guard';
@Controller()
export class AppController {
@Get('protected')
@UseGuards(AuthGuard)
getProtectedResource(): string {
return 'This is a protected resource';
}
@Get()
getPublicResource(): string {
return 'This is a public resource';
}
}
// src/app.module.ts
import { Module } from '@nestjs/common';
import { AppController } from './app.controller';
@Module({
imports: [],
controllers: [AppController],
providers: [],
})
export class AppModule { }
To start the application run the following command.
npm run start
Output
Similar Reads
Controllers in NestJS NestJS is a Node.js framework for building efficient, reliable, and scalable server-side applications. One of its core concepts is the use of controllers. Controllers in NestJS are responsible for handling incoming requests, processing them, and returning responses to the client. In this article, we
4 min read
Error Handling In NestJS NestJS is a progressive, Node.js framework for building efficient and scalable server-side applications. One of the key advantages of NestJS is its powerful dependency injection system and modular structure, which makes building enterprise-level applications more manageable. In this article, we will
5 min read
Pipes in NestJS Pipes in NestJS help in transforming and validating data within your application. They play an important role in ensuring that data entering the system is clean, consistent, and meets the required criteria. In this article, we will explore how pipes work in NestJS, their benefits, and how to impleme
3 min read
Less.js Mixins Mixin Guards LESS is a Leaner Style Sheets, a simple CSS pre-processor that facilitates the creation of manageable, customizable, and reusable style sheets for websites. It is a dynamic style sheet language that enhances the working power of CSS. LESS supports cross-browser compatibility. CSS pre-processor is a
3 min read
Modules in NestJS NestJS is a progressive Node.js framework that has gained significant popularity for building efficient, reliable, and scalable server-side applications. One of its core concepts is the use of modules, which help in organizing the application. In this article, we’ll learn what modules are, why they
3 min read
Recursive Type Guards In TypeScript In TypeScript type guards help determine the type of a variable at runtime, they are especially useful when dealing with complex types like unions, discriminated unions or even recursive structures and a recursive type guard is a type guard function that can handle complex nested types, including th
6 min read