So I wanted to add guard role to my nestjs controller, but it doesn’t seem working. My guess is that somehow RolesGuard triggers before JwtGuard and that’s why user in request is empty but have no idea why does it happen. Anybody has some ideas?
my controller
@UseGuards(JwtAuthGuard)
export class UserController {
...
@Delete(':userId')
@UseGuards(RolesGuard)
@Roles('ADMIN')
async deleteUser(
@Request() req: CustomRequest,
@Param('userId') userId: string,
) {
console.log('Controller - User:', req.user);
}
Role guard:
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const requiredRoles = this.reflector.get<string[]>(
ROLES_KEY,
context.getHandler(),
);
if (!requiredRoles) {
return true;
}
const request = context.switchToHttp().getRequest();
const user = request.user;
console.log('RolesGuard - User:', user);
return user && requiredRoles.includes(user.role);
}
}
And part of JwtGuard:
const payload = await this.jwtService.verifyAsync(token, {
secret: jwtConstants.secret,
});
const user = await this.userService.findUserById(payload.sub);
if (!user) {
throw new UnauthorizedException();
}
console.log('JwtAuthGuard - User:', user);
request['user'] = user;
When I trigger request without decorator @Roles then it correctly display my console log with JwtAuthGuard, however when decorator is active then I get only console log from RoleGuard with RolesGuard – User: undefined