Search code examples
jwtnestjspassport.js

Nestjs: req.user is undefined in middleware and Guard, but available in interceptor


Yo! Here is the AuthGuard:

export class AccessTokenStrategy extends PassportStrategy(Strategy, AccessJwtStrategyAlias) {
    constructor() {
        super({
            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
            ignoreExpiration: false,
            secretOrKey: process.env.ACCESS_JWT_SECRET_KEY
        })
    }

    async validate(payload: any) {
        return { ...payload };
    }
}

Here @AuthGuard is merged with another decorator:

export function AccessJwtAuthGuard() {   
   return applyDecorators(
    UseGuards(AuthGuard(AccessJwtStrategyAlias)),
    ApiBearerAuth('access-token')   ); }

And here we apply it to the controller:

@Controller('user')
@AccessJwtAuthGuard()
export class UserController {}

I've created a logger middleware and applied it to the app globally in AppModule:

export class AppModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {
    consumer
      .apply(LoggerMiddleware)
      .forRoutes('*')
  }
}

The question: req.user in undefined in middleware. Same stuff with a custom Guard. Only if I use an interceptor I finally see req.user.

Is there a way I can access req.user in my middleware?


Solution

  • req.user gets populated by the return of the validate in the PassportStrategy, which is called by the AuthGuard('strategy'). Because Nest has a specific execution order the middleware will never populate req.user unless you set the value yourself. It will be populated in guards that run after AuthGuard(), but not ones that run before it